Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
20-10-2024 06:30
Behavioral task
behavioral1
Sample
60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
-
Size
13KB
-
MD5
60d155a69731675bb493c707ae205c96
-
SHA1
22d7741ea994b80188a8d43955083c760553cb99
-
SHA256
a81cf8585a3ed094202be82499bcd20cca447d879c2e2be6e74dbce50407d2b1
-
SHA512
0ca9ac7829299cd1b4a36229dd05db74e95fab3fc60931974c773493bc7d4b4998c8499e8a6cb5f5bf562d8d67dd1f3c786c4ef79b65b9bac4d03f5b1630a33b
-
SSDEEP
192:Tzdrr1FG1WDCgmjPZcCz9NFoy1Ma27OYYaOCIX5jj2J/e8cwrXpUA:Tprr1gkDCgS3Th1Vg48awrXpB
Malware Config
Signatures
-
Detected Xorist Ransomware 5 IoCs
resource yara_rule behavioral1/memory/2308-8647-0x0000000000400000-0x000000000040E000-memory.dmp family_xorist behavioral1/memory/2308-8648-0x0000000000400000-0x000000000040E000-memory.dmp family_xorist behavioral1/memory/2308-9036-0x0000000000400000-0x000000000040E000-memory.dmp family_xorist behavioral1/memory/2308-9037-0x0000000000400000-0x000000000040E000-memory.dmp family_xorist behavioral1/memory/2308-9038-0x0000000000400000-0x000000000040E000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Renames multiple (2214) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\561i1468Sx1d7Y6.exe" 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\mdmolic.inf_amd64_neutral_a53ac1a125d227fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_operators.help.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmetech.inf_amd64_neutral_230358eeb58f0b3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_While.help.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_WMI_Cmdlets.help.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hcw85b64.inf_amd64_neutral_22b436d5d06ab017\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-shmig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_methods.help.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\System32\LogFiles\Scm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\sl-SI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\System32\catroot2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnle004.inf_amd64_neutral_beb9bf23b7202bff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnts003.inf_amd64_neutral_33a68664c7e7ae4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_neutral_b71dd3dadc5c3e27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_command_precedence.help.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_jobs.help.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netbvbda.inf_amd64_neutral_2bfa4ea57bd5d74a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Ref.help.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_logical_operators.help.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmar1.inf_amd64_neutral_b8ebf59556c3dbf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx004.inf_amd64_neutral_2cf95f307381e481\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions.help.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_split.help.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\System.gif 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_aliases.help.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Arithmetic_Operators.help.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netbc664.inf_amd64_neutral_673d3dfb961e9b17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc2.inf_amd64_neutral_7621f5d62d77f42e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wiaca00i.inf_amd64_neutral_de104aaa48ee4b00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\sppui\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd6.inf_amd64_neutral_ce587aa61510da51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Redirection.help.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Signing.help.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmpace.inf_amd64_neutral_f5caca1789a3c28b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\v_mscdsc.inf_amd64_neutral_8b1e6b55729c3283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_jobs.help.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep005.inf_amd64_neutral_f2fbc5759618d8fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\000e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Continue.help.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_neutral_cb8fa151a7b7cb80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prngt004.inf_amd64_neutral_f5bf8a7ba9dfff55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions_advanced.help.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_scopes.help.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmoto1.inf_amd64_neutral_bf4b404852955eb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_output.help.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Unimodem-Config\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Reserved_Words.help.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_format.ps1xml.help.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\SysWOW64\wbem\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe -
resource yara_rule behavioral1/memory/2308-0-0x0000000000400000-0x000000000040E000-memory.dmp upx behavioral1/memory/2308-8647-0x0000000000400000-0x000000000040E000-memory.dmp upx behavioral1/memory/2308-8648-0x0000000000400000-0x000000000040E000-memory.dmp upx behavioral1/memory/2308-9036-0x0000000000400000-0x000000000040E000-memory.dmp upx behavioral1/memory/2308-9037-0x0000000000400000-0x000000000040E000-memory.dmp upx behavioral1/memory/2308-9038-0x0000000000400000-0x000000000040E000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_bottom.png 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR2F.GIF 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\TAB_OFF.GIF 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\PREVIEW.GIF 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21331_.GIF 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Class.zip 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099167.JPG 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-right.png 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\PREVIEW.GIF 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14539_.GIF 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\month.png 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Program Files\Java\jre7\lib\zi\Australia\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsHomePage.html 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Minesweeper\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21548_.GIF 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14832_.GIF 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\settings.html 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15184_.GIF 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\WebToolImagesMask16x16.bmp 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02567J.JPG 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_over.png 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Green Bubbles.htm 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\PREVIEW.GIF 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\HAMMER.WAV 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\kk.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\DataType\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\drag.png 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Roses.htm 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\PUBBA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Program Files (x86)\Windows NT\TableTextService\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\lua\http\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full.png 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD10890_.GIF 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101859.BMP 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Contracts\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-wordpad.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_dbb048727ddfb323\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-b..-ultimate.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0298707121742d0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\500-17.htm 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a390f049acdea28e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..acysnapin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c04bd114d39bd96e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-w..atibility.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e6badd215da143d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-xwizards_31bf3856ad364e35_6.1.7600.16385_none_77fe6053a02b5dc7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_mdmzyxlg.inf_31bf3856ad364e35_6.1.7600.16385_none_60029977cb007ff2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-e..ehprivjob.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_21a924e803f68af4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1257_31bf3856ad364e35_6.1.7600.16385_none_8048648522902070\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-search-adm.resources_31bf3856ad364e35_7.0.7600.16385_es-es_73a8628f433d4c6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\msil_system.security.resources_b03f5f7f11d50a3a_6.1.7600.16385_ja-jp_37971f91bc9d6812\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-waitfor_31bf3856ad364e35_6.1.7600.16385_none_b63c0c04dc872e59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..rectplay8.resources_31bf3856ad364e35_6.1.7600.16385_en-us_94d43d803b6930c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-scripting-vbscript_31bf3856ad364e35_11.2.9600.16428_none_2ab1165d42f534ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17514_none_a99b8db6eba2129b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\msil_microsoft.windows.d..diaginput.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_5b1e01db075e3a85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..almanager.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_26906a340e967570\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\Media\Delta\Windows Logon Sound.wav 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-netbt.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ddc207bd26e3d91a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d19e979ca36916bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-credui.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_62c39dbcabda5813\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-g..-calendar.resources_31bf3856ad364e35_6.1.7600.16385_en-us_39b468a7491888f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-network.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4ca996cd418692d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..tebox-isv.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7552c9eb9f8b13e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netefe3e.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0075cc48d70d48a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_es_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-ripbsyn.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e1659d4abad790f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netloop.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_98c66c2e979a9fc0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-g..zards-mui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_404dc51612feee28\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\404-8.htm 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..almanager.resources_31bf3856ad364e35_6.1.7600.16385_es-es_dff78fb8d421d044\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ime-korean-help_31bf3856ad364e35_6.1.7600.16385_none_ec1bad9f2e82403f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..c-style-performance_31bf3856ad364e35_6.1.7600.16385_none_1d8aecb671a2bda5\Scene_loop_PAL.wmv 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_sti.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3dc34e91a9b2d499\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-com-dtc-management_31bf3856ad364e35_6.1.7600.16385_none_49a47881c52ef4d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netefe3e.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_36116b6b901641ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnrc00c.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4f40821e9d24917a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_3eceef6140ec9728\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_mf.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_bf4923898eae9dae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-dns-client.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7a5733ca3e17dd07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_mdmfj2.inf_31bf3856ad364e35_6.1.7600.16385_none_b5c7033b92bd022e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-mmdeviceapi_31bf3856ad364e35_6.1.7601.17514_none_570bad8317a3f395\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-r..l-cmdline.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_19f8c4c7d6be520f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-samplemedia_31bf3856ad364e35_6.1.7600.16385_none_b6b9b223710b3802\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_0cf741683187a097\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnsv004.inf_31bf3856ad364e35_6.1.7600.16385_none_622bdff1f27c66b3\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-acledit.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b40b4fc097a11d8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ribbons_31bf3856ad364e35_6.1.7601.17514_none_e6dae9713e9b7588\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-a..c-performance-layer_31bf3856ad364e35_6.1.7600.16385_none_100d67cc0062d5b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-w..mcore-dll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6440fd5d555a912a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..-resolver.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b295c87a0acc57b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrenderingmedia_31bf3856ad364e35_11.2.9600.16428_none_ab2c6886a2bafa09\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\32.png 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\SoftBlue.jpg 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_mdmbr002.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1ce68d7a186ca70f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-b..smcnative.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e83d6ac2e8211e43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-n..tion_service_iassam_31bf3856ad364e35_6.1.7600.16385_none_d7a455396d6b4a2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wiaca00i.inf_31bf3856ad364e35_6.1.7600.16385_none_9dff40bd2f903760\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "CJOQMNSPNKPYYFS" 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\ = "CRYPTED!" 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\DefaultIcon 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\shell\open\command 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\shell\open 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\561i1468Sx1d7Y6.exe,0" 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\shell 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\561i1468Sx1d7Y6.exe" 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\60d155a69731675bb493c707ae205c96_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\60d155a69731675bb493c707ae205c96_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2308
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
475B
MD545b4d228c5cac94492892fbd8809008a
SHA1f2ca9fcbc6ad114ef98cb6ae8784bf7578625c0a
SHA256f3de79ee3696a3abc54053cc01b339c65099251b6b07a03b46b73c9d140ecaef
SHA512300521bb1a7f5f9ffac45aa6d73f1d2d9ca57bd8d71a291d0950af5d8035e27740f3b54b3b9870058cff4ce2d93413c59577fc11f3b1fbe31a0f321994ccdf1b
-
Filesize
341B
MD5c987c67d9f3b212d74b4a36fe69109b6
SHA156477c95f6c1b6b86b2531c0c5f70daaaf7aae28
SHA25604232c6198670fc9082f9f9a628577dc60db25ea7c1501487a5edc9171db2eed
SHA512169d2204340dbec63e3198a33a3059bead5a18d18ec709408cf0d35c238288659a1baed21fca5ccbbb3daeec1cce7c2df8ab491d8cf5b790137f3a778f104720
-
Filesize
222B
MD54079d751ec033c9cbd0b872ac123e778
SHA1739c5be6e581cc91f54a1438e0e89ed976509083
SHA256a300f981e61e66385eb31ffb6a45e970484716c330e1e57783fcbb17c0e2857e
SHA512cb1d21e1c15867bce395b531f5ef4248697c14379ba2341f562dc46e4ce81dae5306d8f7bbfec85ef767dd43b138304b074b6cfe9a5b7338a2a19b6e9a6eac67
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD5121ddd78cfea7d011dc8fd17e3fb1a6a
SHA1d6b34057182f261da71e03ae58c1ed085bcc5aa2
SHA256e1874766dc7f8d10f9111373e44818668dc039e5247938233a1f2dcac0b89fdc
SHA5125adaa0347c359e44f9e8e85e8d42fabe62b0e81d9abbaaf536db5c484d5edc19fbfb4ffb2c20a929d70418951216e0436fbfce90769460e03d2311ee8f81ac6b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD5f660cd5730dfcaae456ccb3545d89529
SHA100e7159bee3304e51749b99dacdf840a64095356
SHA25663f34989bdefaadd7ab68d0967b3bf1e444f62b0764cf6758a6ecd36da98b1f5
SHA5128ffdd1ecaa0acde86be92b3050dd2906d017f938c3567cc74d0630b2d59e4bc7dc1af2fb309fb6538cac93eba2924055bb3d1933cb3128d5213f3504ba4112b2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD55b69abd869513721ccc4aae6629a44f9
SHA19bf57067e407a492737794acaa19e5b4e953642f
SHA2561f4dc48eec90599b9b39b07501d888bad7ad42da17a240d41e40182a94933e6c
SHA512283a227850b168942cb060834b645e5de7f7588749c96f88f1f0d9dc062aac8c1bfc7fbb1367f3385696e9a80fc55d8d452385709506bce70a2dd57593f36f67
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5ba337af24abaaac8d09b6a94ac4a360f
SHA17f3f957a26fc2994c4ea8174c7ee2e1f6e3a539f
SHA256791899978a31ab2a4f188f55f2777bbd0fd7b58fabb0dc8383f2275f2c8543e5
SHA51261a08b10b3cdb52ed6312eee4fa1e80955f66d7fd33581e5e2683a9f17033576667371d802fdf18c6a711849e4154c7ba9cc32ff17d327a751fe13496c8b58c4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD50bffbd1b80383a195c0e256229b731d0
SHA128533a7d8c8043433a1753b0cce01c09c836c65e
SHA256722448113a7b775fcfff1dd4b98dcfacd0a825a5088cfd52a7d1a1276dbb4e97
SHA512dbed938cdd2a4532ed12c3ae0d1bbd26e0017ac7dfa50080817a12642352f133ef33d708159fbe0330ad5f7ff8bd6798398c462214d15358cd1bc6d4e2ff9ed4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD5bfd49520ca68d9f2df3bd3d848a9a3df
SHA1555147a9b94b0428f815076f91cac586a06b42eb
SHA25656077eaae4a008cc05356add2c5322e85fcbae53e78cd1ee6280776a6a93af81
SHA5126c4ed11a5e1563da02c3b355575d38daab06c1467b2c88b2cbf6562108568c9f50ed9aeec9f2230330e823611b51e4efd5f9b93b13cc1f3cbb38f12404241214
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD58cb7a71304e650e6a8773897eb507c1f
SHA18dbae6ef5a478395397e17e199b5d56258c8a16d
SHA2565db17b8621d294030ff0b958eb4ef7d9f39afea1d6d9088681578c8523b805de
SHA512acd6f47c59fcbb057bd7291c6c22bc809dc455722a48b4064242707eb2e75e8a0d264e3d16906f50ec4e6eb5fa31fa8a499be93bc4d6f9b44b1e9b5a21f27dcb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD591653ce74650d9fb72ba8d47b184bb0c
SHA1372c9401c5ca943e47aa12d569e59044b6b83e82
SHA256d80dc03a46e97080ce63e0f5afe8cca5893b01590fcd760d2ede7e93348fc8b5
SHA512948c57c3ca7ddbf0e56d5e9b28694844f8eb396e71fea0fac8e391bb5cb4d0820ce2d0031e37d7906b5141151862fb631ca99bd03fd521261dfd1d37e112318f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD55e283f6e582b6c486a40f0cedf5375ec
SHA1d7660b54126dfeba40ef14eef96e9ebc63497f4e
SHA256304e42c8220170a4b686de2303f8132e3086f9fc54e05071f0f7ab3c18dd1f2d
SHA512950ead73c3e30cc117c6bc361440b1d6e18999a11386f50c6e59ef08a45a04bfd4143a2904a0185feae7973d13240dc69bf413a919dd85cf7b28795c8c9ee043
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD514a704b205c822c9ad301324501b8eae
SHA103f5b0723fff1241fc8a9976bab6740d8caf5648
SHA25648ebc4bb27e573d4fef837d00616d72e1be3ecbfb33e5ec87c1202bd9e719e0e
SHA512bc9f7171124b8aea908ae19eb11ef767ba9cb791d8235a57915437be3a69c8415f1c50824c1adc0cb78829c734c86cf64c23438371b7eabff1a1c905d0b9212b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD5b7c8968cdd86767feb6658e02a4bdd69
SHA14c1f85d5b0ff038c7c6505c5fb165131b4d67ca8
SHA2560cd35eea01f7d646d22a6fe72f7ff15782b5ff004d07dd6436a7f7f5b7b90488
SHA512d6dec843b7a4d7ee581745c472852814504f5aa9a1cde1765fae70dc5b25b2bb11e6108edabcac30da26bcfe0704fdb5faf0fca30ca0aa91d88bb347b4f2988a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD549d66de2f0cd94a02314c0a556fa80b7
SHA1d0630080585a876eb62e56ae7d531ec5290e41d9
SHA256bc0fce79beb60ca2a9e536ebdff7a8d8cc09fd7bf07bbd432da7e226bc7ba4d6
SHA512fc151be4828e6265afbd736c798f31fd62f41ee123a799cbfdffb69e39a90a5442354cc3dce5fd681dc1fb40a0447adf3715e05a6cf3429dc5e83185145ab253
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD5e5e7a9a3a68050a21628c8a1e9e11fc3
SHA128f4ac8dd66681b2baba90d83d9163d4d8693a78
SHA256a16be4d2f4584314eb1f6329a82c406c51691f9d1b2b8111336470798ee290d6
SHA512f262877747f9c9e98ebbe2900114db802377768f37e91337d83a1b444c9edcd8cad6360a59015b1c8c151d8450613d5d17460a57b19c091bb325635cd75c292b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD536adddedd8616a5cfb08efd3f0bb8a66
SHA1b3211f009ac86efed28fb318d889feeecea0f7c6
SHA256b689caa2e18196b620fc414b9a02be64c7153f6a946045bc27274859d9ed9c2c
SHA512b87c10553e195e0666a7d2bcc1285020719c3d33d73265417ed2004c7307230029eda92beba5ac0b5871bd0a920d41fb80b2d3dd655174f47de0b479565a4cb6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD59bb8ed6ba67d04963a2d0556f655d4fb
SHA1a8cbe155b14bb9ecc335e9ebf7d383ffe08c0cd6
SHA256e2012e8474d4b628f97492f782bc3d5c3b71f440cfc13e097f18c9f8aa6ed15c
SHA51291a492bf6bcae677b419167955109925a3e7fb40397050aa9303c47ff3fd4256943cdd7ff4c8ccbcaefc93e2219711afb3962815d9504dc5d97ac00717bb1da9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD5273385c9bdf3a6d5fcdcd208a3b940aa
SHA13b85b543459ddcddb6817c6d24af06551ec43c3e
SHA2566740db92173cf39b3d6c01f9083fa38438adcf4dcc716e87a5b201b029d2143a
SHA512822f865a11402f9ef7596480324e09476dc70fc8708c521c112ac804ff279b44d9824b63e42e903136bd90ea9a4ca9b7e95cee794636359b1e79bf5fd2c4b30b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD59fa3ef1f5e37590bb25c5314ebc5a2e5
SHA1cd423fca54f6b79db98fd86254da4a780d8ec92b
SHA2567c30bd93e8c51204f1dcae814bc070d769432f2129ac93113a7ebb5da6cf7cff
SHA512a7f78ff59589d49941f40d5374878b752cf80ad02ced65fb5d8410e37d03dc2d1c3b94539878b9aff60017944bed6dd630c59785174aca191988ae75e0c7f2c5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD59872f422b0a3ffb96465b7a78f72e5cf
SHA1b454003ebe007f96750d948bff0fe3fa4e1698b7
SHA256fe3cb888a1ec763abba8f652a9962a7b901a662c1269709550924098074cd8f4
SHA5123fe41cf8b1bc1db15a4e7068b55559d438f3066cce8224afa3ef589e76089a92772314294481809b5e5650e55c955129fae2c78c5c22e9d4228319814d2f1161
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD5401ccfe2c4fea7d505b866cec9050a02
SHA1bebf721aa58b75ef6496e7a0ff070329191bb99e
SHA25690350896d5c7a107ad3ba53d5d36b445fc65f217bf70493fc8b95b6ff5ed6677
SHA512359ce7ae84e18c02f7262fc1a890759ab0d7b44f0d7ace7547063b0d487138f8ea9a5b4f9447f1a4b2e14da3fa28c7205c3ac6feae51721244b07dcb6831cea4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD530bedfd8b7a5ceff2ec2cc5bc64ba16f
SHA1b548d7990b8e9f35fbe78b72770d9e8bed3bb94e
SHA256582f1d8234edc9b36000fb26b17ce6b20657bfe8c405259c833c6c608a209f1a
SHA512fe1be5b45de359b9672aed3696c8428f6c6d3d06f880663203b7a3546962919b1e2b1dcc7f4ce277cd5b2ef599b3359f106275e32862d36e6f316cee3c34e76c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD5a63f101ff3d5c2b9bee8853fdda76f94
SHA17a7a687cc6066600d1e430e86c583471fb4a1508
SHA256d0950b1cf26b5f02ab3d3486d094d0618416e321b6ba05d65b8914fdb372fc13
SHA5120660bf1c9b6262e1ad3a8c4a54599c0ae44d30d692ef7fc70d9ed70c70b13f02a89138534ab0e6476f31a73bc513bca2fbc3cc3b4e20332943200fbac33f2de1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD54ef62af00283a9bd2bf253227a7d83f3
SHA135addacee37274b5ee53a83035363d6a29b94929
SHA2560aa02dd490c005a97cd3eeacc0b684fb97e944344a4b85f65d29306e2b1a45b4
SHA512d93a7171044c7ab2f7dd21cb5de6501251a8fb56a91826ce1df0136e4f0e4f0eaf0202f938ac4a48774b428bb95a8109eed60d3791eef38bb14833fd9dcba9c9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD5647f4ef2c794f76addfbc0b89fafea21
SHA18ed747748c7ff56768b6a0034a93f4b385e297f3
SHA256a0bd4f9ace8126e9f39fdd64212f29cb9fcb4884fb1855b2ec86fdcbca609412
SHA5124c209a7cfc13dbfc2ee0b0fb933ca214e3a4ffe10ebfe12bb6e24280be5c6ac6e59dba784fa813109787bc83774a3d349820de89e81f7729174e893f0247081b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD5d277cf21639d00d9441936c57303095e
SHA185172d0e6c98f36a4449db786f859353e2968054
SHA25687adae85e302b3ad04c39b265d73b900882def1b78290ee118d6af70c362c1a7
SHA512e24941e64453b62fe10c70abee507f6b1a00be19510ba7f3ab5b93c232757972757e89b947fbfe5e527bdd565087f0cd9810eaa561d40c8f03786a725a533f54
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD5da8b173b287cc22e439e1904abc6f4fe
SHA15491afb505ae3fa663bb3e3a9fabedf81e654b7d
SHA2564a43bf2ca92f382fc57025010576c26aeeabd28b5fb4d0387abeafb8cd5999c9
SHA512658724d6d0d4da407754f38713da17cf814ae84c1ddcaf86a035bdcb03cf841009ae37225262c66af7e6a3e34c7b71dcb20a276fdb4edc550994a56be1dfebc7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF
Filesize3KB
MD54c04b4aff510368f44cfe64585ae1896
SHA111bcd6f38f3d1ea51a02283a72a6f12b73dce401
SHA25652e0f75f8b4f67324d9ce19f4b5bbb89235d6255b329fff991eb99635b1019b2
SHA51210829ed4a77003f88388a77a13881f5a87ebae6a8716bb58c28a792baf19901ace64b3ca87b28793b4fd2f12ebc292e9954441010cc603a09043a3dfb545c6e3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF
Filesize462B
MD58a452eb15a66a276f305ce1dd88cfbf0
SHA1fc4827b0a91f53ef378cc6fc4ed96edaebb02ec5
SHA2566eed6d275c468fcd37c8277cb4018cab2a3afa5aa2331615aa9cf24d4f704b58
SHA5123f764720c2c4302fe2791ba45ce91b4a2905c314ecd2b60f42f305e91509f1e7d2498c503350f7bae3cb40d073a7da24ab93d8c4501874442103bddd9af22fc2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF
Filesize264B
MD5e59d2520fa26f0162070bcb2231387f4
SHA10dad4840ae53b51c8669c78f71ec2d36a5c3d10d
SHA256f75aefbd7b9c9e7d18e2472179a801547879224516e238d5975931b128b83bd3
SHA512aa30d3d1b65a5d28dcd98982c103587d749cc732b5ed11d6a447528d4520ab0f6e945f817a7004c19905d50e1a7889210fa8a7f1d3e87a40f3602e1b6e09816b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD5d1fa16b3302259351143d2a5f00d90c4
SHA1debe3aadbd7dded3cb25a60ede7280eaa142c73d
SHA256123fb1b5b3b055f34b30068b582b5be5a9918a07f02ecfaa744561ebdca86aa5
SHA512d9291386210452e05f70cd769018cf1ec48ca357c5259404776304c547d192c9a243a74015f8582615b31475391d481be41d65d26de554ec030eee1097e519dd
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD59ce64e60e21b216d098ff9580e4d1912
SHA199b31adcb9cb8de83bd5443edc291335b3b71e5f
SHA256bc3fcc7beba2427be3866e804dc166aad31b7c23dda1d684f2f6947d44ca1afd
SHA51299c5211030510fa336b46218b17756de2611a0c729b4445c3ffb7e4b408efe823722ec3aeee5e31dcdc4c97d1fa61fb2e1b95ca4f7099c3a0abfa3d2b2bb01e4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD54ed74d9dd2097cc223b73644d6b4805d
SHA17c7ac6b6c29514b21037f0f3561d8b60131e3c82
SHA2561b0e4b6144705f39da396b2df00ff06cfbe3655b1e045aee7a890d3c8aebfe25
SHA5121c1a9029f73f1db8a64899a9f0b65c9f7fbb222958b41094c71ec22ab0df274c342c3a8e4a13b84cad3ead80d747e381435d8f582efc547f247861aa3a712bb3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD5e9686762f63d2f335cf5fc3512ae93b4
SHA1bc9afc26bafecffd553905a6577dc9a6d8c4183b
SHA2562c5b8be7eeb4b24885f80d24bd18036ef7ee6d788c27457b605a5b95704953e2
SHA5124cbc3e7619d2d5b71d382fe0620a5caa13465422857dd25041397b612296ce9117990d04be3bea6c3ce9b27273f897b53b7d4180d80623b0b231121a848b38c5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD5b3225a5ad2e6405ec215cb8752156453
SHA1afd79d8fc78737039865f3ba7a85a7e48ffe37a6
SHA256f42070bee0394124b266e8e2dc007d222d620aa7ea4bc54afd814adc9b78f3bd
SHA512aefc9a463b58eedc182413366ba449ee1f285f396a51f117b7794843e9d9077e23c0cf77df495a4fb43c4ddac0ae782e35edaebceae369166249a1584fa95f6b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF
Filesize26KB
MD5a56a085b3aa2bc7e46b2c028b2558ed9
SHA1777256e3446976603b2a73b73ca4754204c1f9c1
SHA256c1e40a86b19fb5ef58398d55ff89c4e2a34bfc2f2b35a709fb7cd71c68609ec0
SHA51297b41cde5857d3ea1ee9ef1e9f11e9eb5b43b3a8ddd65cd61b50fc472bb90c49bbeafc273b63b0cba8c63b774b37e065a0d9e490213f25f8d9410c5ad120152d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD50be024d38cbcb54127642b6d5687bcd1
SHA1a360afb8b94ce482a94c3024e0c1f50b4059f0c6
SHA25665c70b57fc027317b39dc7d0e422b3f5c4b35df836f2d4d37922213d5fd9814c
SHA512c5562b9c79e8413ea70a77048a183c2a8063469627c3398f467fb641c93a22e52a17a958d70b6458341301186a0ec956f4425297032490b692f6424861b5f650
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD585794181b783533c3ed376934d7baef2
SHA14d99630666d66250f250bcaf6a355ddcd16dca4e
SHA2569c3f44e1fe4ed66c56b6217f60efd01e3c1feff2923c34aef4aaf5eb69a36bcf
SHA512e2a86f71f77947fcef2291b429067a017dc66549b941a7bce543a7adf864c7120347c89277d2a10b4d8603933b254736743156dbdeb1a955271c2bb809f4bb1d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD5a8b600df7c25402a9a7bf7332c3a7b62
SHA10e87ba703b05abf254df6861ba908717b8c5bd9c
SHA2569da4ffeb97232e5076de5f6d2c5d1da6602e96b9075a962b4b1316e22b6c5fd5
SHA51278b31c7145d32d939434a10d023bc918aed568ef70d79d8785500697be595f793b4d339cfbd25eacc31e476adc82c3f4f9451551d2c892906cdd844fff1cd8d0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD551941ea13a29d4db2889d1d6a127f51f
SHA12b4960d8d3ce65f04ac8d882dba77ef072192a11
SHA25612e135141760b7b74803f071b1f6695de472c38acad38956efa58d26d3bd2924
SHA5124023fad7d26dca4f54c09d8f9d8843b740bf08af3482ef1ef9729ca1cb7730593e1afa682d04b2720225dd3926890c11cac66fb998a58f28b692a0435300bc61
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD558ff2c354f4610ddff38d088df0bb9b4
SHA1d51e283be22b15474c636194b69fda7475d52ad8
SHA2565073d7eb92d6e751969f54b53399733523d9f65ea53113ce13e103241f983a76
SHA512c7f2ba4b1c86892c95bb85dfceda7fa341e22060cbbe1c2ac834fb3d63204d1df200a8bc58fbc8aa8b895129ee60a897acdf62e4a899051f5b0152363f49a4c0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD53017101419ed99e8280483a9e63712dc
SHA103be0a9f7955682deb20e29808a7014f86a89dcd
SHA256751a8fca92ef4de096cbce4d68bc5bdae4d8f51fd2e8828a8dfb8a49ffef0933
SHA512ba4a9c53f3ae3381a56b6c69e372c094f361441a3e382ed73ad0fbdffe78879b8c63013956d493a2f2a5f99e06041be57191ba3d9430bb3d81f18d8f40323e96
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD52bb43f63c223928e9928cf716d717124
SHA12e628f3150f0f3a898faa580d521064d3e7db972
SHA256c840531ea7f5d7632f49a3159a0778a0406c5fed091cf62a3f2ad4f3aa1f54b4
SHA512a4c11109fc1ac16acecdf53f3f36c91188d56ee90f664a670ca9fe93e1ec6bb2183474103e70c94ae171c2741e337d187f67c3b9fb2ed8954e6022bbb84ecaac
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD53cefbb8fc912833d4d446b16dae5eb9e
SHA159fe7c3536aa1e298627258d274bead499cb9724
SHA256d9556c1ee928767eb631895a42a4983eddaa18006912d3b6bf62b702603cf3b1
SHA512cf7dd463711bd68b6bff4bcdfa57c8d1c3a72defd9a9889b8a4765f055947f6a1581008abb565564d824dc100affb667b46235b59e7747640944cd400c4c1ccb
-
Filesize
580B
MD5dc7556a1c373e960cc9798ed21bc02bb
SHA1b60313f5dd2288c3972350f9e0e2b982071e322d
SHA256764728d47ecce657d2edfd87c3f3961355956f8874b73ea6394a4915690caff1
SHA5123c1dd5af6a9a537e632d0f28a787e67eefc8bc40e300025ac8f9897a7e97ccfa7726ba199df4d3cff4a6039e1bdea1d376514af5d84ede9fc209d5642213a93c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD5c8597e4dfbd1c88bdbbf20da9218625a
SHA178671da9abf58f499878fc5e85106e87150b6f1d
SHA25622170680bffdebf8b931584e594763a26e961f6c0188d8154674beb66d86ab46
SHA5123d274c9ef6afd594b14f4227222d43f938de26dc5e76e1bade08b1118d0b2dd3a7d4b9e6d380560f6f22f9ccf9df6b38c0dced4fc59bcbbd0ede84911df06e93
-
Filesize
625B
MD571e642d53469a83435b1b7b026b63d72
SHA1fca4c8eab7233f5802cfb234aadc00605cc28d23
SHA256c15b2269fac2f855e051536de7d9bdf26c7f0d0caa29c527e1655e7c5a12c61d
SHA51254a6173051c623d44130b96d356efe33c947d739beb2f0df1be7ecd4584bf07c0422ab67cfc32e41dd67e77710aa7534fa92c77b7b1aaf4df21e5f50ddbd2a97
-
Filesize
873B
MD56ce1f26e99df157d0bfc54f451af8a8a
SHA1d3c7b0cccf4279eeacbf323c50a814e701c02a5c
SHA256af511eb5ce63e1a5d4d59cc04906cf21e5ad9a3af88d0619f6378fffb8816722
SHA5120a5555d2e285f6fb5c45e6112d62942c7419df9ed102ec98a37d59b6267446d38730d16a2f99ac0c3e56b715b28313c55e0c68dafa1e903588f4122bb4e93a61
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD5241278d63629f7235103d486eabd0ef3
SHA1a33ffe229d67340de847961271ee2fafe66741a0
SHA256edcb62d8ab35ddd754ac76205bdc1f2cb7f2ebf7cbcf221e8bc54eaacc66c9fb
SHA5120f6d577961c487a4319cd37ded24d1d74187339e5fc9a42329c4cfae51fa67b08ff5425a001fb8487750dffda4108cdc02752e91b89ad3fb374360e7c6a4658f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD5d9255836d0bb209a2201f5ece219a777
SHA1d9f65a44487c6cbe1e6463b4e1a43254cbbbae0b
SHA2569eb21d9780d312559944877715c4c5b05aed41fc649a4641958de8751b095150
SHA512d246fbf8135d5d401e49b58059c83c5743c9613a0a7f83f81a4f4e644ad24fd5595302e76831aa81a5beace87a8e22d27723e50550fd1fa304c2590088d1bd05
-
Filesize
615B
MD57325c9b11ae8db16f56f88735f3ec4b9
SHA1a8cce53fb22ddd84233d1889994853a6033eb229
SHA25648cec4749980b8dc6f04ca5608d847278984b3875e6b7def118fe4307a7378d9
SHA512988033483874b87a6db618c88fb7fc7f8349b7816a03f9d2333a6c97b4c04540b015fa9a10f0d83b1ee730770578820f1c9bfde254ef15b8b14831edacf33408
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD55df951ba695babc624a69a731f5e3bcd
SHA1bb259b6b12b1068b29f49b3013c00b9cda649811
SHA2568c8381c67fe200b9678bc27a37a5731716f2ecf931dc02953432bdc62afb7615
SHA512ca2cd54521642f559d9f19458033f316792f0f3524294c05bd6e6a10363191dfd26cdd903833e09de911fe2207a8ebc289bca542c8a952bf4a315959c35dec1e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD50cc354d6ce66b79f935e8c76aefddd0e
SHA1274cc59cd517b0397739c17f44a21c5d6a48e9c7
SHA2564c90e7a951300e5805e3b5c8648a8a899ecb1f07734080df16e865ea842ff306
SHA512fea3778a7da39be4fd638a3425cdad37696dad3b6492cc5e4ee4dde8d4529ec21429308ec62020ecb6039401794699810dd1196576713d61f32dbc6827be2c5d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD58d6720d0f5628342764c9e8e8fc0332c
SHA1f64fc30b9a7f46a4c816bc4a6d891a570c33fff4
SHA2569e2905ed451ceecab3350bfd9b9b1bd44eeafd0189e0cc3d1d4779e85c06fdd1
SHA512fe4a42a9a4f5917668dea1a56f86b9683244d28abb79a680ee5d044391c42b39822145ab0de858064f5b7ba48d36eed6708816b213b344b69eaa0b34ae9e131d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD55380db9446293abb7bbbf625bd20b0ac
SHA11148895bf9903879c20628049b5986afbeb209aa
SHA256068248075aab2d1b7f3e0e4947b2fce83816f167cd556694ef41b355bbe60514
SHA5122a9691d92604282c2d5ef36cbd85d8a3b794a7e4ef23354d2f209eb9e70eb8827a528272a01a0bd6dfdfcbfad76857089af2953558551416f1516b095813e3f3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD5391965686440b687b5c3e770688e6990
SHA1397fa330566dbe4030ec2382458ad63bcb2de417
SHA256587a65dadb4ef23998bf64bcc9f62e1f2d0065aac627d44e53b31a3ff174eabe
SHA512088622c6337b92460909dfa7cd2480edd0838aa16a70a2a12f24f21d1b0190c230fea7c0dbb7bc8ecc5b7113091ba2fa9252c08136f0a6d3e46d5b352c3559e2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD5bea8106f2fb7bc76b9acd6cb8b496fb6
SHA1d7a1411486f6f3935ce3ca485828a9267753d370
SHA2560ca246b4f8b64bef1f76eecdec95f9f0a5b8c731f77d12f69806e296cf10aaad
SHA512e4029f095b1173616a7fe653db6f01274469cda8d19f871c092c715cf8e2a753e8aff0bd01d8a4d9b4443f4b7a2e884781cb9d449b66a5e8f3be95cf4c794bce
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD5c672e786aace90268aabc7c787b95f69
SHA11b675b4ac2a21c6d4b0b41a6bba44c70672de557
SHA2567f115dd23835f709b1e56cba12010fda073c5d61d584d7e699fb4ea336caea20
SHA512a5621d37004f8d843289e8973bd1c77bed24f21798417a9a096ea754c86cb282be742bbd51125653e7e950b20e7f01b54f42b0ad100eddd4b79a8658294b22a5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD514594b8b7aca2278af8d550dde1b9de6
SHA12a27f88d5ef330936619dda4a0aa3eb9784aa61e
SHA2567b5e9c4237987d1e08deb9608604d0c0faad800375850930c1f8c3ad28c6635d
SHA5129a3e0a127d15d681119b96dc8c44137deb2fa8a986749133b89a265691d829a53f025f3172f487f59d5fd7026396568609b3f9d4b6f3d02d27f05254f4a014b5
-
Filesize
153B
MD57715a9518c91e4954a836822e5bf36a0
SHA14e530b0e6d41ee0ef5cdbc622ceb6e69ff92f95d
SHA256bac45e2912a843d55664e09475f7003f0cfa14d6511fc6723300c1af40eac6e9
SHA512c0daac1ec1c4f496b681ed946c3b4cbce93b3f9468a3f7ff898c6f7eea58cfdc1831098f815abb06f009ad6dc4ca7de12014c44e9d64409ff1e8775a6096bffe
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD5873861b7a579fc9774117f8c3e8c8915
SHA1144ef47b5c8159945da540445d78713a24453344
SHA2566383c78176b35e42a7ad7a0f873ca7cf76ed856af2575028b1f2c7dd8ba3e979
SHA51231ae945fe7a8a7ef6e4b5c3c75df98de7cf47e392c3f7c2f842e009ac31e7aac8cd3c42e558c8a375bd72e702c7463b610ca4c0478fea224f7ca8b59a5fbe451
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD5f2009f74251bbee265d87e076d00f129
SHA1d344f5a61253903835bf3189a5aeecdd068ca1a6
SHA2568996f85ad7716410c83516294d780fe651f5b4f4072ec2a7b923d869150bf7f3
SHA512eea11c8ee6693e5adf7d379deaed46119f03e7381095ab34ced9e0ba33f3d4413ed65bb4f29bfe2fd47a760bf1985a3a5660870d8dd8c0e20a7e2565941be8a4
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD55bf4f18c4b6ebed4dc7457b70796d996
SHA13bd0119b74ae54335125cc52d69cd72480e693f8
SHA25637825170c33cc777837fc0748f99e0fe6b00e5cff3bb3be5a9bc5fb2dbcaaf97
SHA5120eabc67e759ba0058f3b66d9eaf9bcc2504a3b805b3eb9d04b468b8071a1273c7c7544b44572efd0f21afc579499f936b188731fa0766b2131f1c1bd32d0b614
-
Filesize
109KB
MD5fa6d60f121af3023b52cdcaa73d8f868
SHA1dd674b7c805d1d8f9b3ceef1bd09bf4a26e2769b
SHA256093ea292fd3882d6073fcebede9d9494218f7a5a7061c8b6a6a882b6967f486d
SHA51249adc65989e368e775613972fac74584fede5ea9845bebb9ca30821d34eb8db20b0312d4a45c60d9ed3d79ebeb443cab952b8f864a06b52db84678649bd20292
-
Filesize
172KB
MD556468fc5b5fa6fb63421f04fed526e02
SHA1fc4bb8b783b737f5c96af16a7eceb7ab69636091
SHA256ec786cfa1ed791e3a7b934bc4c9990485be0a288ac90bbbb4b4653fe9b41d2bf
SHA51234009c4fccfffc0b37b3f12e46578c56c4c509dd1f22a8b7e1f964bfd3134ff0d2f20eecbb8dad56f9d5aad786720603d9940a22802a9cb128288486555e62c7
-
Filesize
10KB
MD5b3fb6648a449bc9c9944dea58a737bbd
SHA1bdc7efe3d70bb689abb2bf005363c857ed1f4d39
SHA256ba03202a7a9cd1723845f0f239ddba2afeccc1ece84a8857e0d8adaf86d20a5a
SHA5127630fd9a367dd6fbc4dbcb90c9c7444bf2db4fafe22f417f636444aa86551babf60c8aa793f80b2de1078e4f71135bab0f2f3c4affdafded1c46c7ebcf31fdb6
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD5dba3aa77ef732970345671ae8a22b2a3
SHA15c471697675cab8156392f3a859591574fb27228
SHA256a78f5dc5378a0e7e015515a80b5de47d2e5d5c794950961dd89aeb404ffa5301
SHA512957b61ea4313544a773397166c1fe8645a71c7713a42ec9af86adc13e4c4c6ffbc4d1717486601f926bd2139e633729d74e19a819757c5336f0dfdcc02ad4a2d
-
Filesize
21KB
MD52deb361d7a8927e480eec78366485f1a
SHA1df07ee615401f62c0cd72a3254a307cef100d243
SHA256dbe2aa9db2afa45d26292f6378e683c92e02d7ee4df3a41a8650f89b54e10a85
SHA5121b66c912f06802c84be3a1ee5d3af2ed6e062c5300cea012b6f651a68311684bbc21d02d9be54fcecb1526377a9d774aae528d9cca61fe90c291b0b9793f8af5
-
Filesize
1KB
MD57613cc1526079e7df1b0f7547a6ee343
SHA10ccd0bd9f5fbd2ac21e37739371268178ebefbf1
SHA2563c30b62095f8da34def1531b39574906d30e13f0a92d225989fd328fb878dc12
SHA512a9f9d00581e4484398a63d437824fe3d0ae83aaa79a09be9ff1f6f08a2851d5b3aa372bfdc0749d164554069ddbcadcb0ff07a4bddd6c1e9797565f77a2f015b
-
Filesize
952B
MD5101b4bda073431342906a584bf1a5a17
SHA18d867f24c8aa4a2d4226303e8b0c884cb4ed7e09
SHA2566702691837c9c6ab6a4604db20cbf93627c7dd8d60182873ce96bd0a33b9f92b
SHA51286c3d813dc2865f6185cb89b7948653cbc611a5feeae923e20e22577d9684ae62f8dc2c0ff7d86a8ab2829852c6c5b8384806fc30625b7c0b1248dd74280a740
-
Filesize
1KB
MD50bfd3244b94d32fe4ed4cc4a9dfdab9a
SHA1740ac7978f4c321d575616685ef02d646e70e71e
SHA256b6d5b100d00ca28a7915b063a24fdbae95354b0eec35493aa9cdbf8da146b460
SHA5126d90d1f8ba07f9ae36434f95a16af86f2771dea53a6afef48238615433e125b4d117d18a1ec9247a5a34dc0e1dd51b4cab629d19a38631e7157fb59b65a31a7d
-
Filesize
8KB
MD5d1baf938cab0a4440010238d26b882b9
SHA1b9737fd387e922676c11e140b5f5dbccaaa84cef
SHA256663026c87359c5d760e8f6dc8b1217c13f0530f4863bdc32bfe5a688d80e431d
SHA5121851c135c3a8669c5222f0a80e4b0f930ee805a3376d0681bcbb94c48ab564c858ca18f69c3cb4e1c1d6bd4cd1fea918dc55b4a8cdf90c41f6dac22c2b4016cd
-
Filesize
914B
MD56e8861c48e34d68953475fad559194b5
SHA1e41a7479070e6a537dcd6dce325b91900ae9a3a8
SHA256a42b133e8bf0123faf3cd9c189e16b8214a245a47d6258ee553dc88bcb914fd8
SHA512c97830dc3b41c034dbb80f7ab38eab6a180b0a913d46b973944a47a458d9733d01d5040cd9bdd9b10664c3ab5263f1ba629bf0905fcaf66985fa2f7473cae913
-
Filesize
328B
MD563f02655d4d9e26ecdb3fb9daf4e25b3
SHA13a80441dc499929034c1e6e86c775178c8074970
SHA256433047ce3bea55a64abf81ae137eaa2e4c2d95ffe97e32d1ee750bcae29d0d50
SHA512fb9908aa85a8b4ba6e9460d1499127dfbbaf6344a413e7cea36f2adcc4260f9458b07e0740dca4ee3ab8c5f51e841a14db06a85000fd8750d1041c97309d34c7
-
Filesize
1KB
MD5fbb2813d54c76c83b4f6603e0dacb9c6
SHA156b1c6f50d4db96a0fefac46624b7ba2c358e114
SHA2562302be2d57c4d3893669857589185bff56296f31c35b298985db9d6b1b1ac716
SHA512114230b7b8b365f242f3b53dea92ce97d4d709f60d0ca8aaf8bc6eabd397b1be0d71526975e68daf1a2b03467ee04ebeda123de463a04662c3ad35eaf4510785
-
Filesize
162B
MD5fe6570afd5abb034e07d78c1211b80fa
SHA12effd6cb805497cdf69877806cd8e0b587fd762b
SHA256c06dd0b6362fffe7d52e3668592ca84c1d75e062662b4e8feffd90bd5dcc43cf
SHA512f8cd8b547e83e7a92fd8a3ae1aaab33da6320bf6c51b025610ba3bee92b204eee169a101099ba3488082881ed29a095b8fa7449635eb94d39d999c17a93f5d9d
-
Filesize
586B
MD5e601089a6caf7f5b96a62fc4205e9dc1
SHA1dac3c5957fc3637769230704c2cff0d4484dc8e4
SHA256c10c8ba65cceec9d4b06f3b6dd584fb65da09f54926ab8da312f3caaa875c561
SHA512d1f49cd1f8c68d4782813fb3897c11d20583b1df6cd56f538d210b5c7d62aa8fe0c4054c21ef4542d2ec9dc6cc7b7a7c369135de63e7f97d3998fafb44f62f1d
-
Filesize
8KB
MD5526c10fe63980101999713cffd691881
SHA1381b8b3422ea736abd1c57f7103e9af21ffc446b
SHA2560366b81d06ae570eb6a68e36bf81a199bfce8b609a13f243d6f7ea3da869dc51
SHA51216b4c613ebb03f737672494222f2472f9cfd0174aacf20fe2fadfcd4f28603112832523d7b81ec9ace54057b2128181243b4c6a2bd38de7cc8ec72c99678883f
-
Filesize
880B
MD5a99d4a8b652adb3bfff43855cdf6426a
SHA148a4a2f43bad06a41c852f3bbf4dd734671bf065
SHA256c8798c0adbae4b7fca18d78243dd838ce8a0e4119b676a673cb0449147d362d0
SHA51259cfc8f2709830a15009ce8d19cf10d2edcb5525a5cac427fffa3607fae52adc546fc3bb91e5a744f3daf296708e0cf015b3ff4b6e2d2fecc551d11921a07f8d
-
Filesize
81KB
MD5aefe0be3e075b20ce7b7c9bf71d72527
SHA1e628811385bf0c727e307e87b95bfcf374c4d961
SHA25664518516050af9a17a55ba77fa6fe34bb9e1069c7b1debcb6067a37abd768716
SHA512151b2646e68c4583ec7fe756777945ac761a8f9c45922ba1f16d1969f5c83dc596937cd1ad2aa777234bb75be75d96f0cbb09cd4213e558417e3c2e0619b6a9f