Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
22-10-2024 16:52
Behavioral task
behavioral1
Sample
6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe
-
Size
12KB
-
MD5
6b5a5944c666a076de95a94edbcbcbb8
-
SHA1
63f125fb21f24de06b82aff877ffe42dbc1eb35e
-
SHA256
9ac02f9ebcad83072316bf0dc26df0692fea1c1b159f4b47942d55f67b1b72f4
-
SHA512
213f7cef850b1585f09eb2c3fecc65b129aa9c628bdccc9d1b4770d45040e2a54539bd8cd79dd7c586b0aa7581dba2591a67fff5267f81184ba6df726d640c3a
-
SSDEEP
192:92H9hL+0NuU6UPT58Wff2LiTV3HGc7EkpAiEpPu2q9C/YpXnAITZfPtRMp6C6dq:92vrFjn2LitKkpArpo2Ypdmp6/q
Malware Config
Signatures
-
Renames multiple (2147) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\9e6T6YF2PiNP46m.exe" 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_jobs.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_logical_operators.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_environment_variables.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_pipelines.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_try_catch_finally.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions_advanced.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_locations.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_split.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_script_blocks.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_split.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Break.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Foreach.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_arrays.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_types.ps1xml.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_join.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Line_Editing.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Session_Configurations.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Return.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Ref.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Variables.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_trap.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Assignment_Operators.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Assignment_Operators.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Arithmetic_Operators.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\en-US\erofflps.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_operators.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_FAQ.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_pssession_details.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_requires.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\System32\catroot2\dberr.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Windows_PowerShell_ISE.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Foreach.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions_advanced_parameters.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_scopes.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced_methods.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Language_Keywords.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_cmdletbindingattribute.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_format.ps1xml.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scopes.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_requirements.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Redirection.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_trap.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_wildcards.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_PSSnapins.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\it-IT\about_BITS_Cmdlets.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions_advanced_parameters.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pssession_details.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_advanced.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_environment_variables.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_output.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_split.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_PSSnapins.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Windows_PowerShell_2.0.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_internationalization.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_wildcards.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_WMI_Cmdlets.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Comment_Based_Help.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Ref.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Redirection.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions_advanced_methods.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_properties.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Documents.gif 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15185_.GIF 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR33F.GIF 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Premium.gif 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)grayStateIcon.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02736U.BMP 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABOFF.JPG 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145361.JPG 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14871_.GIF 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR37F.GIF 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR49F.GIF 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid_disable.gif 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\ReadMe.htm 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\ResourceInternal.zip 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_up.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\icon.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0390072.JPG 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01244_.GIF 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14532_.GIF 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\menu_arrow.gif 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsHomePage.html 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\10.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02062U.BMP 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\ManagedObjects\SignedManagedObjects.cer 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files\WatchWrite.mpeg 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_dot.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0400001.PNG 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR9B.GIF 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_m.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EXPEDITN\THMBNAIL.PNG 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR4F.GIF 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15135_.GIF 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\weather.html 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\weather.html 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\create_form.gif 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101866.BMP 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01839_.GIF 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\TAB_ON.GIF 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)grayStateIcon.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0144773.JPG 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR44B.GIF 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_Auto.jpg 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImage.jpg 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_right.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0387882.JPG 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_fbf7e0678b64a4b8\Windows Error.wav 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17514_none_75d78dc0bb37c026\White_Chocolate.jpg 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_Line_Editing.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_aliases.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8f94aa63624b0ac8\erofflps.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_preference_variables.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\401.htm 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_Redirection.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-shatter_31bf3856ad364e35_6.1.7600.16385_none_0cd72f8900478c68\NavigationUp_ButtonGraphic.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_try_catch_finally.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_types.ps1xml.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_split.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_de-de_de44258d81747ce2\RSSFeeds.html 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-memories_31bf3856ad364e35_6.1.7600.16385_none_51190840a935f980\Title_content-background.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_Throw.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\9.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_type_operators.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..-calendar.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6a40964d5ae60541\calendar.html 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\Media\Savanna\Windows Battery Low.wav 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\btn_search_over.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\401-4.htm 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_properties.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\Media\Characters\Windows Hardware Fail.wav 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\404-5.htm 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-memories_31bf3856ad364e35_6.1.7600.16385_none_51190840a935f980\16_9-frame-highlight.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_modules.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-sonic-symphonypal_31bf3856ad364e35_6.1.7600.16385_none_cd66bc3541f90a26\Symphony.psd 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_pssessions.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_Quoting_Rules.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b\usertile12.bmp 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_remote.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_execution_policies.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17514_none_75d78dc0bb37c026\Cave_Drawings.gif 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\Media\Windows Minimize.wav 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\1.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_black_moon-last-quarter_partly-cloudy.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-vignette_31bf3856ad364e35_6.1.7600.16385_none_cc1304de922cc585\NavigationLeft_ButtonGraphic.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-cityscape_31bf3856ad364e35_6.1.7600.16385_none_5b48f43248490503\Windows Hardware Remove.wav 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..lpaper-architecture_31bf3856ad364e35_6.1.7600.16385_none_d99106b927aa7782\img13.jpg 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220\Windows User Account Control.wav 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_Assignment_Operators.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\settings_corner_top_right.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\Postage_SelectionSubpicture.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_providers.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_0dfaaaec65b0831b\drag.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_0dfaaaec65b0831b\bNext.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-e..eady_eula.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ece294d84b2f3159\playready_eula.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\403-2.htm 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_45286e597214a485\401-3.htm 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-ringtonesamples_31bf3856ad364e35_6.1.7600.16385_none_135e536ebbe59c28\Ringtone 03.wma 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce\Windows Critical Stop.wav 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_0dfaaaec65b0831b\calendar_double_bkg.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\main_background.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_Break.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.1.7601.17514_none_7a2ff57a626c29fd\Speech Off.wav 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b\usertile41.bmp 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_If.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_locations.help.txt 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce\Windows Notify.wav 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\Media\Garden\Windows Pop-up Blocked.wav 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_divider_right.png 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-10.htm 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\404.htm 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YPKPICSDDQDFBPQ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\9e6T6YF2PiNP46m.exe" 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.crypted 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YPKPICSDDQDFBPQ 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YPKPICSDDQDFBPQ\shell\open 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YPKPICSDDQDFBPQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\9e6T6YF2PiNP46m.exe,0" 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YPKPICSDDQDFBPQ\shell\open\command 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YPKPICSDDQDFBPQ\shell 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.crypted\ = "YPKPICSDDQDFBPQ" 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YPKPICSDDQDFBPQ\ = "CRYPTED!" 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YPKPICSDDQDFBPQ\DefaultIcon 6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1728
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
341B
MD549298a9f718b94602a7cc0e512d3294f
SHA1aca221267381a9534f7306853d286b87bf18fde5
SHA25610944b7b1ec68b3d4a409373a7ed5933c06264fc270ec2bd99ef45b6cb49969c
SHA512d467e995348866e9bbadacb513cacd51a06fa140c19cd7ccdd73f34036837077cb6f70749a48b7163b3d2b9a982e2ed5c98328d4e2896106deb68b964b8aacfc
-
Filesize
222B
MD5fafe0ee8534f1f8e4ee6c6612499d039
SHA16d6d54547f8e6ca1867b6235a64bf07d3d1488af
SHA256c034b5137085d03e987e8997a04c925d8dc251f9caf0859433e83c5845e2af85
SHA51229f76bcbf9df7a857662ddba0d63be8d98df781f59cd928c0c7c27ff30c21e2d8e8759818436418ba2a89b57547e1ea634d1b16c0bc9122647401f17bc3cd208
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD54402350c0a282b2cc3959894020097fc
SHA1f171657a2ffa65a4981251b2ec638cfef0c2338f
SHA2560b1c64cb411cb644504dee5f0e538e8ae10a6d96147e5221df43167f73456f29
SHA512c0365cfb725020017bdf13c32b29270e60799ae2e2884f067b787b889fed478d4f142b0ac9b7a18967f7162eb097e93a161d471e31ce072e5a9d4f2537fa6c6a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD5dfb366aca02b2bf54261177a191bff2b
SHA1fb23e288a952b218ca3865c23baf7977c9e10597
SHA256e7070c6fe262c794495c182740111ecc47938a11665a3cfe8cfd9c92e2edf7ec
SHA5123376921c922667460d4c629f51c0d4b3f6ec533c96c0e0c1f3c5a0142e667123678284b4fcc6d07420ac21fdfc8e33e3d84886497dabdbaf65a825d87b95e780
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD599186d033f89a89bab289aca30252747
SHA13aad5b2d320971fb2f9767d9b4540bd52a16b912
SHA256c7053c244aa2cdd486f758f5cbaf8e738550e7b6e399c5f5c38d5eeb8ef12cf9
SHA512e073dc05eed6cb6ce97139cc55dc7e2bda6cae8ff47c2d98110deb4539febfed51b78cf82fb52983f210decc51799aeb150677c5ca9d701b45c0b319a21168f3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD56840a526521da8493879c7b2c208a5bc
SHA1f88473a3b126f3986e20b1a7d3c00eb0d2dba07e
SHA2560c901cb5610343e9c2706eddb8ac60afcff805c7f4631e388153c4a1d513b015
SHA51203c83c6fa0c004d88e1c842c7708adb94f8485e72e2f9ac3a1d028bcf7cba6d554fe48aace7c8d6946bf06f18d065db760f8bc89804ba0173225afb6ff6a032e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD5b5552027059149d2dcd1838f0aaed761
SHA1be794e042f1f36a976b3b511734762311958be9e
SHA256b1e8f714e15b5f9bd2672214ee4af03a0e7da8e5542a5e2597926dee61254541
SHA5129869e9de1666b9a37f0f97417c9771eae52f6d80ff1ee46ca41b5d6713c9a8d4939b8b1196afd60c2b4629da0cfa07f2601e1abae314022fe6199d88c99513cf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD5642543f27b93482070aa3a61ff081734
SHA14c6f6358788c06eaa9a17c9eea364a6552ad20f5
SHA256ab99e43f77001b36c552ee0119df560927376374817ea8bc53137a9429c2d6ed
SHA5127badfe266de050ae301e7e38de2f57843cc7705adb54df7a00ad8f1459cdfc2c585acb5e88d02547707bb6bc2d4725af506b6f2021c2ed3041a4b51d0149ca16
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD567e2171d3e0158e6a9dd5bbb9aee279c
SHA151c5aef96cf3f54c2ccbd992db2aebcf74e63059
SHA25656b612deb2eff1be434cddbe9d920d0677ee1093131d3d5bdfadda62daf50093
SHA512ec7053c30624ba0cb31305b68bac58365661c0427332d2ce9be9a591dba57ea1af2656cfaa4d68bf80036c086bff00b81ce53dd288f9e3124396281204f7b02c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD55f73c7280b43eb2f8286a83d29852948
SHA1ae898525228a22823a4ec5dde03adb67659bdcac
SHA256555ea5acc35d2c92381b9eca9a3783a0f38f3df890bd745a3b673719a93cb94b
SHA512bee46f397cd38402a758bde0d5188608bed175a6e1bb4e476d3c1d094cfafc107eac2f7d7a5471285df2072d27f6c1eb299f6c25452e7ed998290f30df0f9a41
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD55e3438d0da1df6f5671bf65f023cab12
SHA14b35ac30a0c2f853fa6746523b0ee1bd5d29e009
SHA2564b5ece2354cf34414e1959d47776cd8fb7bb33ff0632e98ea4b2dd7ed7788dbf
SHA512d3ad6e46a7b4d68bffb76b7d7fef29d79a2299b6816ceccf459541898a9e3160efd4829e831ccf13c5692bceb139316dadaa04d86d202150c9825471549398ce
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD59d370a9ee8434bbf1c7d078b6930a427
SHA1e5dcd3d5929b056642cd468fae3c29406cea47d0
SHA2566e3d3e403275fbea190a0a26a8d38d523f2aa20cd709402e55c2ef7435d16c33
SHA512c5ae8d976ce466990032e925c3998da86a3623c260760c4e5b6981ece33b1d9380d1078f9cc4a9ba7330a2868f31ad8b99a43e8f0cfe498f3a83ef301e134654
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD59a20a38ffe7e92d73c9e5d9920b11c12
SHA1185915590c2f78df32705ce27c741443d75f308c
SHA25630ca1f6594dcfdc0ecb00d5d30e8b2219abce1c0ef38b5babd4937111a5a6cc9
SHA512cd0acbe11b5bc162356966767af8c9c2b9c62b0d072743fe1aa2f2b9d0d0416a95244835af6e510d96391065bf8fc86fa159807a8dc19141577b17e7c3a4c275
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD51c957ce6e7bdc7dc1d1d0df46bed0601
SHA1028b33921a4d4c83078b53d52310f971deb666d1
SHA25616b34dff97708c72a54e6258fc8ee34393d5ca192b1390faaea88031a64d588e
SHA512bf550e8f7dfd3ecdeb6829506c08a2bffd5217066b393baadb374d33fb375d4dd396e6a10c54a71f8a474d26cf23331c6427af3777162841d7b938cd90fda310
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD5026c8645cbcdd46f7063e631de2067b6
SHA1ef1d47703ecd0ca24900a1006c2fefc328b07a2a
SHA25628ad38952655f7ff031bb08de106211a3f5bc732ea914fc85661a7b889d4c066
SHA5128390f2648435b3409b7015815c1c164ca035987550af68506db74433aeb74c84f75310077202371b651133aeb9e6bea16578785b98c074cd479c38c7acb9ccc7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD5c937317875d773fdd88182f00c509605
SHA11033a0570bbc3d63ea0051d56ab7b2a0700e91f4
SHA25688a46c24d7b2e77ff141b5ef226ddf074637fdb7253ab56f130e59afbef3bb5a
SHA51278cf0dee75931a4bb830725e7809b6ab7a638df6a38fb068e1884723060b3d32aa272bd408484dfedc0194550a128a5851307336a0c4246f50023d07c06236c4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD5c44cfc422565254ab912fec93138f538
SHA156f7a31c2a4b1d004ed8cdb69ccd3b59c98e079a
SHA2560e56446fb9726e4d486089fe39daff1de65dc688d8b620cd05b42b16cf66eff3
SHA51219ca26cfe3ba96a551c14f61b66d8c92d1b820b8fba978cd694935e32f781cc3d5fffb7d56602859e6dae25c92ef6ba12aa8e491172f120e46cb779eac8a2abf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD53fb0b93e9462bc653b8d981bed3f77a1
SHA132c522299ede2aed91252b6c9c5bde2216b70876
SHA2560fdc66f0a9f0e2fa087fb044d8cb2d27355fec058239e4930b233ac327c90a01
SHA5127cc61b6d51aca27517bf0f733c06bc05c1f30d376f963e85ff6e9b9d06c036d0bcb0d3f0fc866b054f9bf21940e84d8f7d0bb1377826024a6ff0e2d53f2c01eb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD554f2094d097760578a70d253130c3594
SHA19aa8df74f8e2a4f7ec51ca60cada3e9f5587ce09
SHA25693b5abfcfd4b3e42975584c03db5ae0ca7a265374553a89a1d0a0db29edd725b
SHA512a470d9a602fcf972467e756e987d7e0d14bce4a8fce54f7482b37da03747ca9a3468252ed10ea81fcd496be2219d7e390aac3651d135c23297498ed8d28c8b48
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD5e5488adc612adb41b309e440157d0cd0
SHA123614c01205a7232178b89e3de69e1e3dc3812c4
SHA256e58d09ebc94d9eabd672e50811c7a1d4b4bfa53daa27a94ca80a7ea575eb9cb1
SHA5122468603a63418fdb5329c781e0368dfca0928d87784bdf27ff19f228aa8544e1ddbcb351d7f17182121f6095119a606428df7a1c05a14aef0d1eadbd672a1337
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD5a1c748225da91c054adfb99227d5e868
SHA19d53d2b22608a3b4adb3d685f63d06a9a923f89d
SHA25662a80eb8efc6b53ec2219654d181af673b010b377f8cf30c72d7130ce144a97a
SHA5125718ed62aa7f343db3dbc936934cb2151666f10e8f7aec45e64b5c535df601d2eefe00302a8184d90b1b62dd76cb667dd2d655c5b55b86018479e9aa88d4622f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5b0e90b07943e01e2daf5e7c791427cb3
SHA168cb2eb458e1434b84731b34f5b4b54a8ede861d
SHA2562bf0e350a02868e52f22f8283821978125a9a452d5ac51fa864cdf9f9868257a
SHA512ce870d844ae021b9db7b71a51ccc3bbcc9c40d7117f989475c617d969562bf0ae45191e4f776043f6f9221917b7ae30fa820f497ce123c390c039e4a83934d65
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD5f6c9b89810f971b9a415b88f9d2b3ae2
SHA1087bf2299333933e076361e0f49e3da3343b1e4e
SHA256de2e31fc35d654637b78611a02a235d2d4d7f6e5df6553eba8ac0aef4fcdb75c
SHA5122338f48b1ee9f72f151d0a5bb9bbc274c9b8bfdf26b0a1bab2be7d3cae249d09b08887673405738cc47ed59aaafabf5f5d69a84902e8e481debc59e0eb315e29
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD59ce351553905a4117fe1576b88c36677
SHA1355ce6cc76c3d3881cdc29bd71e76af73d12c71e
SHA256bb1429424a63b63938a7e58eb28b61fe393318d7a8c2acbbd350f2196f5741fb
SHA512a348ca0981decb700fb56670d668dda2b8d360a49a07472c4204e0d21642e888f101469cecc652a23785fcaa5e5ff9e699f37cfdbfe765183d3aecb183c00dc1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD545ab68f520ac442992707da9f1248f2a
SHA1422334c160c43dc7184ddbb87bac23987f706370
SHA256dd91d5b21ecef61b963ab751940a7e008916366fdb965de15eac1b4fc32c00f6
SHA5121764634e50b1156ad1ce0219b2107f0324d951a6876c289dc6ee58ca8750b31ddb6ab31381b502e1d3af862347217b6e99a40cdb985226142ae55cdb8c5d8790
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD52ed15270fa15c875a71eb1e63ed1757f
SHA13d2023a1fd1cddc963759995b06e1c788edfb2aa
SHA256c8eb9c4d9b9a1b17cca108b2007ec9d7d1db6710ac39e2572e07a5d94da71816
SHA512814ea6772563f77a575ea31f2829bbbe561c5a861eab958e335cf5649d1dac43f7c4ecd785b1c81c7b241fed21153a5517f8ff7968590c11a39987d2013f19a7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD53afcc5762c51404a1b21fbd56c836123
SHA127115ca3a1fbcd6f2da8f36f9d7126b403275b30
SHA256271f43ce6397c1b7b83e09e79eba7aa03bd3ad1869f8de5f2c282c4085e74ec4
SHA512018d503bc0dc4a15bc0caf0f432339280b7bac1d8d76051126b3be9e4d5e20207e0de342bebb2a423e024ff1b5d836d6149d9df03a86bb59be93fee11e807db2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD5ac164b1b1698390c7e10b74accac872f
SHA110148209863434c40588626ba4587cfaa3656995
SHA25676ebee661c5e3b0393e0daf4a459183aeae26a72dff9116fda89372c766aff89
SHA512a8a450868c261603ac2ecc2d8537f964a480ed5bba3893f2bdc5ccc05e4832ac933effa96f595ffa42aae89e8f6d059e4bea16fe38fe56c89eda96db1015e12a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD53f8e8d23dd19c0d802c9108033e720ca
SHA1fc67e38418a5c68769728ca0ce0a9fe8312a12c9
SHA256b71291aa7eb333283c471510f2aedf5396048ecc5b1f080eb2d9516303483f73
SHA51249cd03c1cde93723a2db9f90a1f27d740b73ce37cdb091e024faaaab1e8ae120b60d8a580050aacca8cd3b365f82a8a61dc52e7bd754a41c6b2cfe5ed2b0e999
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD5b1d2d7cfdc738e2ab5234b00f3d574b6
SHA1abe16138e079cffa0422a1abb114c1b6bb3099f0
SHA256d70c2cbf64bb5b00a65455b39c9831448b8e85c2de11e267dd9951726f63a27f
SHA512803f4280e89d57e10459d25c22b0b754a46d7b8a64695e9bfc9cf7f77c97a552a852babf104396a946146e327b78eb5069116709ae73bd38f5e9d45bc834043a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD5a193f4445787925253fcbb9288f8b77c
SHA1946bf7d91db3b0ce1010c3a67eb96b9f53b6446a
SHA256b8b3609fcd7a56aa5fd6bcfa4fc6b70aa8c364634407be690a89a957791010f3
SHA512bf837a2c60b780ca3af3261ef1f5e95ec6e517ec69dea14096872f97e8887dc87d3f7f4a6f1f92bf65a1ef1cdb5095b3cc151c136349e57eb8053d1ee1c3e4ad
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD5060b4349d72df9700be56a4abdb2f413
SHA18aeeb3bf78963848046257b5cc3b96e0868d5147
SHA25627e38642212b7a7606e8904aa48cb92d6a9d17a491e01724ba74876595fd7dae
SHA5125f486f7e26834a82bd521e4a0420d93c3616d73b6c13612ee0fb071b27f3dc38c293e56a2401e05c8da1ca529526afd43c85c3d697c8aa9d9369fd314bcda843
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD5c6017b3e6a2902995db744d86f8b86f2
SHA14a3defad9c9ccba168135bc2d03be09dc64815c5
SHA256e4801252a2ee915233682d1e6680db5fb122a12d77e5e7768e9200205bbd23af
SHA5129194a30778ca3d40991d46b4b089c499376da7a0dbddd0cf9b56a162bc70d8817f4c8f2a69cb734f8edcf085d10cace3f6cbf6ccbd0769d5f47210978c20fec9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD5888dbcb9e406c85d5c326bc8cf8d3aef
SHA1669dccb282394829a1e65e21cdeeb340a561e293
SHA256a3dd1fc716ce7bc9d0faeec5b14103e50808b0bde439b9f442237299cc8a13be
SHA512b93e8f296e67f0c45e40f5cc5820396f1cb263f7c016852ffb31b7a696168297cc4648631ed5a3772ca6796220cf1c59c2a372051196a79b3393e79bd58fbde0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD5dee2f293a2a8ee925efb4064b0614a5f
SHA1daf1327980bfaf4a8d549083cea221a4929b4525
SHA2564b1fffd655fc4ef8b8213e84aa8ffd5555602750b0e9a14b635616e622607ffa
SHA512769d383462a9b53e574316622e8f2ebf7621bd50a39e7e0959ea18b0b3cac08c87a4fcdcdac0ddac00155d8131e13d7851ce4b9633c99c0b51f76a6dc282be9f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD593b61f2204e180a2033207581beb5ea8
SHA1167056bcb51236664168f989b5f2f4891c344138
SHA2566cf9a5ba83b79568fa264d3565351d1d3fdefd33cada651b5d5042deb2905fa1
SHA51247964514f04725578919ad6ae27d87458a7a29fed312f96d9ed809f74ca5efad51093a79818b774681dafaf994ca9f61998c477b109be0e15ff4cf2e37ed4ae6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD522e264b194fbd6a85b254babb0ecec64
SHA1764716fd5415cbab8530c0d312643123028cce4d
SHA25658fcee3324208d1556e646bd73111f504805afb1920ecb62fbf0f49ebac84fac
SHA512e9c4ac789f0624c4d876b689dd9e875b95c11580edcede4fe57b322c64c3295aac408eefadeeeb25153a0e680a7610a0fa73fc319f2f31d2d2fead139d8a864b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD517f0cb45caa2dc565584fd75bdc1900f
SHA1364aeef6c1492689a555b7101361ec2c68309ad9
SHA256cc0eb236827a6feb0c73bc2b09be4828c6f206927c1f68e52896c52424ce4b0c
SHA5125d46766afdd03742f9edc85f7b98264c3961b3aa4a8e1d819b28ae90c24a71ccc00d636c1052bd62fbdd655815451e96a319abd13efe8c4a91aece9589aed385
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD5c0dee32dbc1919ddbdab8091d513af0c
SHA1f28c8fe5a1f0ab08f716da4fda187c8e62d094f6
SHA256358b079cd393251e0c08a2a6725d369e4ea5e18607ca2bca7fd2f2bf00b2e379
SHA5129a287c11201e58da91361b14147f02a85a0819e17c56d03d5607bd5dbd33110518665c139c1acfc74e6b1927f712bc48481956d9f404ff906018a57e7c675e4a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD58f1b0cb7d337d88e3143e852237ec5de
SHA1a56e9c5ccbbb5a72153673302e1a32c69f51aeaf
SHA256a12f37e8fa7c9a23c1c18a60eab9a9b1ea49f717547c5743b303ee1a4e381a06
SHA512b4820cda170c8f6a96ad83a2be3621e0a31f4c3c09dee2aa1d5f2c417dce9cd529e2b750dc33bdc4e80bdafddedbbfca47e48a0a4e7ce02cf3970e1610f0a33d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD513066a03f732481ebc1e7f30d7c43bd9
SHA14b915ca247ac9a486ffed0ca091941495ddf1e13
SHA256085226b8cbcce44ceaadb148c3ab76eca7a658fa459c22640f0ee8827b8d2754
SHA5122bd17e616b6581379c407044b4f6a6773cc6d8e34d2cea19a8e50e8828bbba0d03ee5e240686818f9c1a778f55c860018def343a3f097dd7f9dcfc75a7858f03
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD549cd291e0f0550f534fdf16e0badd012
SHA15cf29d620254cb5b4914901f3e1cafab9ab63c22
SHA25668c2ef8537edcf4971b020f686ac8c25bace1220e0387f073b87333d2e052fc5
SHA5124b0d1f3d2010ee3e3025ddfd13a3d95af8cb84587a62a1394aa46e4010f83bb98aea09b132252740ae1ed1ba590d847304cefadb29d7b5c299e6bdb5bc3560f3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD583068cb449ce54446782bb838ca44596
SHA180078bb9b9f02dc82473e788d7be295529083170
SHA256c20d78356d88ba34b22a2dd94490a8a2eaa119f6cec820f944f20c703885aa56
SHA512fd547c2fe646609513ebbd368d62c7645aa7d8aacb162a3fd0a281aa879528119a2c16626a81028f1e92912e576140c2762d921f50368ecd78d37ba332a1d58d
-
Filesize
580B
MD5f17cec127408df325d32a3447527d36a
SHA11c3247d08d6f1fae87c166a523b8f270e04c5532
SHA256613f402600758d2f2bb33aaabf116db11d35c61d9adc1d7f3db0ca91786c3c1c
SHA512ee758554108b2347358b5da4d41e2640a7bdef8578aa57a2374fa4485226b0ed015da7f7fa68593c82d9421e30558e8cc2f7d30ca8d0fe9b758f69ad7179d275
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD5617ccf52ba4caf850bd6f3ca08f54c17
SHA1c664ee4ed2072c2726852fccb0d06a051c427c53
SHA256b0778f86135c9bea54a42d7f1b9d0bc1a396291bfd730b9fb5e1982e2d660739
SHA5122ab205ff5d35d2226dab6cce31e01f7fbe00e9575f51880570a8d96bc7dcb1ddf736b15d4251af22f4e3d1e8b377306eb4a8c0c7253928035df2c79fc7ba0eaa
-
Filesize
625B
MD5b1f3adb60e53013baf81ff497a9a86c9
SHA14c06d5fc42f662224fe8bf47cea8fedc90dc41f5
SHA2566918b6c07e3f66419f60ffe9d570dd8a8c281f0c5e0b95b4f42760cd24c66856
SHA512d80576fc765a8497e86ca9c8b9c5afb58b65d03a3254167b3be5fb5a358e6e3b5bfd1915221c5da887a6f9d41a892f0059381b5bae8d7a6b4d812294bfa14ada
-
Filesize
873B
MD52af9a398b072f46a2f53b6896530ccf2
SHA17b9b297007f88fd7ddd4475dce9e71c103adb89d
SHA256c6e2b6af7f3dfce93a890945e10255a8c497c4d63a881628a75667587b7fa6af
SHA5127eeaa0c377e87193d8e59a17f2b45d59b5f991102bc8a5392516be202319733fd269663576d933076fb8782d356d837714b343ce8c6653956d9ea01f52ccdba7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD577b5a3dddc2d575466574e67b8972e2a
SHA1a4abbaaa52fecb34c2cea226df78825255841001
SHA256031a06b8bc8342adbe32330badb1694896c59f5624df52842e83e1a8c4d0934a
SHA512b61ca9da27741e74bf8a3b64d016d5f1c131e73dac7395d076aca6becb1b425d278953e43990b19a7bb7cbc50024720af195791316deb13b40e936449df0f71c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD5050d2156e20ac358d65a62f5fd24430e
SHA11753511a338ad1fd7503007e0a73313fa86aeb02
SHA256ca9ae3fb7feec2c66f521d6c3ee3806c8c4db84412c11aefd1729dc08390085f
SHA5121e76129974bc156455235fc17dcfc3a65d741d8466728a6dcd493b99c3ddca24daf6d795651f115c1ec3543a6ce8062bb1435413d7ed513126323673488bc7b5
-
Filesize
615B
MD561cf408b87dbd21646ee9fcb25c38a88
SHA11e2f6691d227dcd292b9c89258d8536476fd83f4
SHA2566405e8a92fa9a4b40cf4f7fefadd048f1418a8ffbcec8096d4ae8c0516fa04f5
SHA512f0970f2f0b69c64021560cbae55b26e248093f3871dd49abd238d5837ddb3755148730c9917058f30f86ea7f16fb55a91dbf02578d17f6272f54233d9fd7f53d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD5799e1ff712c625a503863dc3f5b70941
SHA1c84e1aef1f148a4ebd770043270ccf0865d878b9
SHA2564567c9d134baada7b68daa42812f751d2cfaf1c20e27044281c56de519304907
SHA5120ff9562fe0da3e3bae8be7a5d134adb4d2eb3d86e69916897e8cfa93ba4e7efa0754d36d7326b19fcf8d725451fcddfe9b5f8489f2109bfdbd8e8e7ba6fade2b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD5004b20073b8446c6a6702d24c375508c
SHA1265dada0e3bd4b35a72799ea1bb68898d950e78d
SHA256514d1a618e3607b65a314e3cd15a45eb9c9d5e2a27e9c2419ee0431f8ff8bc5e
SHA51284d8b4a79dd0493f8fdc2ab6b0ba67bf23574ad843e468030d282a0edb978f27f2ed68ba89fb622c031be45113f40d73263ad7f2918e499e5bf902eda8db6438
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD5594368a5738082d714001ebfa5bb588d
SHA1d1fe6ab8ef4b34bd7b164825572bf2234dd2b18f
SHA25656c26fd7865770288a20775353d0fdc90ba85aded7f6cde4ce911767ab236878
SHA5127415d83bb5d4e1a76ba2de504d665eb6546a2dcad8af89f66246b95fa7bc21fd3fdb6462d5f06f3c9d3321ad755b957862d2a57dc1a26012d89cb9f0a5b1289b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD5435d44134bf053af99a5074c555a8d98
SHA1ce5bc40b976977df53b52120ea87fa3d232e7b93
SHA25680d5c7269a690db814bf53906566a2b0bb4092ed7e884828dcbe4447fdf6e895
SHA512d212d43bbc1d8c75efead3e7497419d8eeeadb1676c470bf527be76ab9fee8af7f4fc51167bd9b4099c86fa0df7a49a639eb7107d4a6fca37a46c043246f3a9d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD5fab7daee2a3c1dd65ce5891c3dc8517a
SHA153a856017eed45a7ddf9c26a77b473177310ef1a
SHA256118670ce99302ea71bbe0d60956c818b5f4e1b765f3901a08997648a5e52586f
SHA512cac3eed5538dd2154e6583e9b23798c342d8e3af4a90b00abbf3d993eb2c0cfb7a0663ad679d5c494222c7d4cb62fbc689a43c4bcbee0378fd5e1569e9299248
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD53026344d534156d775a0eb37c108f827
SHA1ef1ba764002815049928dfa732b625b1673e2798
SHA2569b3efca918bfc9decad74612f3bac43da3b426538c574f7587e7cc301f8e4360
SHA5124e1025408e4b26035df3b4d3141e53b8642e3b8b6c710b28e8704660cba0020f125850dcd92393e2e89f1e19959b7a315a89e7e2c008299937cada8e7b1c13fc
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD5aff7b620d7f110784f98665d20275d2e
SHA1665d5f82ca05460e0488ae6f02ad212c9a485337
SHA256588d819e71a11947bb8eccc2b86c9730e1e9e3cf199069a63431d3ea07105701
SHA512cb44adaf7d8ac9acdd93c483041c0852c35f134c281d217da3fba0d3f3d0e04cca0f575dbae49eadd8606e35de30567a468e038b37419ac499a10274786b96b4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD53e150f3ba2477fc3aab7f2ce44bb60d1
SHA12c51a002eb01ca36062aeef209dd56dd28d74f1b
SHA256a3e0304e0133beda085cc3b686ff9a0ccd4b518f834f75c0e1db55b39b8ccc0e
SHA5121099e7ff86d7ef407e5905be01e592a00424dd53dfa9cb8906e7a7e15762cd06e48f4e6b27ac790babd92d8fd90614de36e985f8d14eccab436fcfa38f0bdcd7
-
Filesize
153B
MD5548d07f91519739ff3cf3c67dd57c2c0
SHA1c0846fb632806f93f3f1c1c0ea4bd259ccd31c69
SHA25653e267f53ec8d5a24310077d23d9002724c2316c92c70bf012bf96803b3c15d7
SHA51280486d32ad36447c4447d48544ca1e00a777fad9d949576fc571b47dd7b1488406e303df2c5b11302b51ea2d3417dfadd46f9b6fba29d4e9de148fbad727c7d2
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD57c4c734a4b05f32fc0d48e7e697c65eb
SHA1e73d9ca39fcdbe93ae478167dcd975864230f6c4
SHA256a2fd5a52e4ca35534756fde66806a94e4425bd8c5b4ace8f2daf8c42cdf525f8
SHA5129967fcd3c55249de49c831e07c8c5f4978f9786e5d43e6ba4ddeaa2b48aea0289c7e9ef807476ecb38dc7415cf618f9aadab9fade06c120eeed2d06ec8996333
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD53233d4cc8a9590111700f0769e5ca96b
SHA15612ba86a0fb867617f3610654d9630220655b62
SHA256d79bb3e18cd5c2257bb9f4c2cb1bda9629e08f086d7e19bd3bd81e15c9835603
SHA512550d5991caf252b4291421817bd661dce499a878f19dcb3c050cf152e24e3cdca64ed6d04134f325b6082895fd593db0909a15e040fadba60401fcc0931e0661
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD531232351614e4e53877535a859a0b82e
SHA19810ad90ce649ed327da76a36facf18cb73db54c
SHA256f14bfb4e35edc9a966f0e850c4360f7b6aa6de1e7f70c03367aa3ea67419c61a
SHA5123437af8f4832af87174c977f16f9989ae6f12cbbb95ca34d93d06c3d392fc40f4358e6148706eb05b3c6e42bfb6d0f17965e04530152433a3c3931ad430b1d64
-
Filesize
109KB
MD52cbcc33ee63ac2fb417a1570b5f7f4fb
SHA17d5df62a9885a985d8d90a9b4d80d92485f5e6d3
SHA25661122fb5ce800cc1bd77d470316fbfa7f886ac669271fa0fb76c944f4bd94ba3
SHA5127ad7e1d5a63da67f1b0f568b99373ccb5cecfe63feb9d496cca9a249a224a4223f376d718fdbb0f62908f8468360584b51297204e112678e00ab231c85a79244
-
Filesize
172KB
MD5943a50e2fb8f79d702c5e409d769174a
SHA156bf0596f92ec866b60efe7387cdcc6a026b983f
SHA2560b3abbf0751e5aa82be05ed752b8072a72156615aef02be50e3f7ce7c10186a8
SHA512535bd75c0c6c4d42a98d00f616ac6b05ed5b880e6889f0664e38826a41089acc49b3b097c1a572f776583f24441aab562dd96f45ee76213290e64e7c7ea3a9bd
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD5c259d550149c6c1824c1ec91d60f2be1
SHA1d3b5894722ce58b519f50b7408c10618fa5bf861
SHA2566037a668dfeb20f00d8b29ffd650957bc4ecbddfb4db99e301db86f6a0c19792
SHA512f7ff571036c9e5836617edce10e5cf7da008ba6db628a8d87b173026895a9c255f13db26e815ce9eb2d34362773808ac1353b41933d42e278defbf1c1e20de0d
-
Filesize
49B
MD5c23d361aeacefcf5ccf21ea1b94de7a2
SHA1c5d12ab768fad9e348f152eb11f3ee4bdab7c6f4
SHA2565e45ab3ce95d94638f81ac84bf834f71a21a753847008a1672c574d9d449829f
SHA51213e67cb0690aa599927490ca3fabb6cc16e16bafcc593f3606de35abef83242421c9d29ffdec573462a2d3028f96d5e10de2016ad9e4cd918d15ae8d5fc2d761
-
Filesize
21KB
MD5a28306ba4e3f74f736fd79e7a8db08c0
SHA11644dd4bb464e440393494ac4eecbe1f4b1e0564
SHA256629fe7af73a76d68b2734a3c14b9861a0568907dbf9c521f3d02830c60b011be
SHA51233740d7bee9940e6ab2dbe5a58facb281dbb18f0515cd588c382cb1b23bcc98ed526aaa48ea79fb105a390813742b592e8255cbeed555dbd1d3e95d4dd2c6cc7
-
Filesize
1KB
MD5cf12675f50d724353846363ac965d8f6
SHA1bc1f37ea81ddc995ece2e47eb28dff6707a4d4e9
SHA256ab09a97815949e4c52944deec82f52cf06fe1410444d8178ac6bffb5b9bcee8d
SHA5121442e6331be0083483f1306191a601e17b8cd9ae48ec097b158defcc05dc98d24f3400e1e96ecc042c374f11c2c80672c9e88df79083191aaacc3fb76572a09d
-
Filesize
952B
MD56d6aacf0c45d5606dbece38a9464aa48
SHA14d6e4c23eb82e681998242f57219526e211330ad
SHA256ffe15a9a01d7469a394e174c9848924c732c2fda57382f565ee1df9eb110f8ab
SHA512427dad1c8df6aa44ecac360e01ce2c72b4f34af583d09a7cdf5b005551fa0beeb94a7ac882fe077c2d4b90e8cf1bb39ef5f76e4a69336008a04ccc62995fc04f
-
Filesize
121B
MD552d504e47abdf0b0d0ba72640227b5f2
SHA131cb3f623ca44e4561e3caf480b67e87066d0faa
SHA2568b59358ab208f9f0268d24fd94d29d83e360036033795e65aea5ed348b3abe16
SHA512bce5d6b636075dbfdbb26677795295a4a2fcb81a93bf5421b726ff187eed28bbb03651d1340d0e2024985d73651ec5e231f574b3ad930b31fdf3e1ed472c7475
-
Filesize
1KB
MD59de492c294892052e542c3e01361585a
SHA11edd2f761acd55976c816ffa085d114dd0257fb2
SHA2566ab9c67fa623aeb9bb4aa4f0f410816945087ca09dee016fdc81e8051fdbefb3
SHA512acec55ec9883426edec90921bd0384551892d99d8d444c2b95ae0e1cae6f77d8f626b6a235ab5f81263d421f319e1a06e1b521629b1a06bc9e4d567e0c501658
-
Filesize
8KB
MD51b6f96986d788823530d4e061f82b194
SHA10b86f0391c0a8ca3c375b3d53a0b3a6ae0fcb36c
SHA256de26a2d7f9e08fd57d394cbb91397445c5bbd2e6b2c4a55e7cff15d841b527a7
SHA5123fd4d6faedac2126c9a4c749bc511ecb2361fc842b2fd3963dbe5a720734a370cbc705ca2988e9c289b1c3aeb22e06400a503e05920b9d7b5b5641737a27ffa8
-
Filesize
61B
MD58551280aee5ba468ba8a2a25fca9b0bd
SHA1a380a1cccaf7dbfbc6476c7cff75bb333ba62553
SHA25623deb6535b16d9a94f0258085a3de54f53015316b033dffe731e47e75f0b2235
SHA512146b1def16baa963a3750ba31e4d114d2a00b81ba1c8d43274f21e84035affb9a72e5bcd94cbfbcccbef216acd68b11fa3c08f78490f8d0743daeeaf7d83afca
-
Filesize
914B
MD569f3a274d68acae95123d74849e7ffe1
SHA1f207ab35dd5baaeb50e237103a36036a73c746dd
SHA256f43661039a169f42d190b795c204119dc745a783f54f030b1bd6c9afe85f7d50
SHA51294556d63ae6281f100e4915fc2018d884b9e7d308e8bbe3afa9af139337a643fcaf30ae42e7f8473d890c12bc9a1057a4db624546aa4269fd16f1ae3dffd7bb7
-
Filesize
90B
MD5c7523e44e18902a9bba92e7177e87a8d
SHA12e6915c9eeeb2a1f73d5056b19d76b161ec31ad6
SHA256ea34819f0f99d42a6852bc575a45128f6b07e173389483b01a8b486fb8a1058d
SHA512748bf55273abdd6d77d1e0cdf334f3f2fdccbc511f43951eafd2a4fc29652b06044e54113e7a41197b937d8c06b5b19a322dad155c7483378cb32f333ba545ff
-
Filesize
90B
MD5b9209f415a8a2e168a58092d48d34ef4
SHA11389c610dd59ee317655d2d8db74fb42131149ba
SHA256de1d15d7f39fe09c8e8af567cb0ed1237b9a99efa44c892685a93550d215d20e
SHA512404dc07904103a5e8bebca0c4f1a8aa1add2430d6c0c33b585fde59e79a07b89124b3351958875e0921fc6f2ca000ebbef0cd8f34fc2d770c9001bc1e7037f0c
-
Filesize
328B
MD5fe1513bbae26c783deb5f18d29ca909f
SHA162627645352ed75eea6be75a182a31a1269fdd11
SHA2561e28cc52cee10ae543c5ac06e7ff886b3a2bc2dea5f5e1d795397527a3cfe84b
SHA51288388ef94f2c559a0e448425a4581666d186849f34067ec84bce115cc2c8c468965602bcad534af64ef759e8e4f6b708d0f942826dde77062649ca5030fcb9b5
-
Filesize
1KB
MD58b64057f8c022f6a5cbfec80fb9502d9
SHA18968c4546c82841454f529c2e8d320417b012e73
SHA256fd1d8ad83a3b14e2dc376a39501a6261e56d3358b64f57aa313f7ac212982ba7
SHA5122a270beab4941a64b16ac10bc6531cbe428f573c7a9be66330fb239b7e37bad242eab18a524ffe57beac0d711ded584ed7a676d459f44ad6948d5d0f030f33a1
-
Filesize
162B
MD5ada5c508c353b01bcf7ddd666b3bfe7c
SHA1119a980d36b197c35304b7e294722cd374f76ee5
SHA2565ac2d6be000ea72476a0a73e0a2434fc7ea3f74538c48e47bb21dce34ee4b873
SHA512feb7c30c41aed8a7844c6ca3628131717fd53f8eb01a24ac8adcd33cd3355b55a44d2a7c3b53e3cfe68fdff728f9033fa5e2bc254a3e61d09ddba55feb16585b
-
Filesize
586B
MD5a4fedaf691989338913d9325516d69c6
SHA1cdad3e997ef788a7bb4ab4f34c88ff25fc83bf84
SHA256198680b6b0c72dc40f6688e6c89c20563c19bb533bc442eb674391ce939f566e
SHA5125016ea58d25710f538294da3377459d6661ff869b0cc8c9dd15772a55e9ad3f68a864a300e5a2f053cf67a9768c7bd44e04af8a761443d02c1e48125e6185c65
-
Filesize
124B
MD539c287c5040641fc77ddb7f592847a22
SHA14136c22f039dcd82eb4605e7b75d95ebd5d080ee
SHA256098a5c7c213a3c86c916a6533dd5c00fd4ba8bbf235dd7a9e06bd41ae0ffa585
SHA5129f4c14bcc5d1c4fbc03e44c106fe10fb93b4b2d3715e2f7f240db81677a754ad1ee0773d758fae7da3647dd20d98ab8beac215b0bf93aa83ac292932f4300e0f
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD533fec273eeae968c3bde4fe0769e5451
SHA1e1c5724fb353f549ee4df20f4170e7c4df1efb91
SHA2561494ee5ff99831425810012d5a09311f7fbc36b4eecd2c0f5389ba2a9a247dab
SHA5127b6837a9880212320e1f30fd439ea1e5b45ef6f924ceb2abc57b99019dcf1530524625f8e18485f55e583384140a7a620ede8a2b846afe394bf3410bf8ba6321
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD58179b5d7e6ee7d6ef15224a823cc1640
SHA10fa6fb8f3e5eb7ae048133b1708811b3ac059042
SHA256baf7ae20fe504248b41e7ee63467bcf6abb7e7470ce009bf1adcc611b94ca173
SHA512a85e2c904072597aebd58803ffa83e0a948724e26ff80f03d7ec1b38b9ab31a20de46d3ae1cbb1f0b431db5505c7a329ecde28012d15f4bbb1680b96cdd62dca
-
Filesize
8KB
MD55b388239dde0b1edae34c5e55ace1f2a
SHA1fb45095fc3823b241b6cf5409fc31023a07c2647
SHA2563237d2a7732a266fc440623f92f15ba33855792996a4060be79bb6baeb71bf24
SHA51262b3ef25fdbc1215d3443c3787c0a3043b579246fe3427429f0ca921808460a01b944e70e800c73170846962c484332f2d2f090e484e456363f16a3544ed7b12
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD5f4e9f6ed12fbd52c3abb947d89a2685c
SHA15eaea2ca9903df660616752f4ba14833a21bec35
SHA256954a25dc7471e0a94f51579ecfbc65c6a1a90c1aafe9cd35b1af197dc64787e6
SHA512704c487558855f500bcfe787850684771522efae6e7650e087abcc85391ce0a4c2d8db1acfc49c5d2fd42454a78e76f115b6dc712e472e2e91e69239c7a9b3e8
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD50a09d169495b9d1380e9ebc92e528ec7
SHA1807fa5b9f4c409fe0c528f968b5a4fdfc191ba97
SHA2562076ef257b14c91c02e149871b09f3aee1f11340009d7c3ef3404693c1f6e224
SHA512904b2e3b7261dd9258547202d2b760ed721f6391e3deea074dc4db2848cee1d8c74c82621e6452860e92b295438707255fccbf376d835019d0c10ecb276d8334
-
Filesize
880B
MD51712e563955ce5e81cfbead54611033d
SHA1f86d457942870e0462003ac85667c6d97a11a7ad
SHA256e919f1c63ac7d89ec9c4a085b8f321e953babdd786d3ccaf85f131e78db9ee0d
SHA5120592930afbc0d4f4b801f8fe86c60d84f038eaf171785a4380c7355c45e9698badac768cbe1d4fa1d83fd1979b92d17362ab3b50c0c5abdb856e782a59b96d22