Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
28-10-2024 08:44
Behavioral task
behavioral1
Sample
78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe
-
Size
363KB
-
MD5
78b8376448274a254dab8c2b753cba3b
-
SHA1
c3465f85d2952f16b15659ed091082eeaf755846
-
SHA256
cf4a1a733aa5f9184cff122edb817f5c2dbacff9ff3dbf661f6cb2d1a191c3fb
-
SHA512
bb30fa58907bd7813ab1f9b082e81fb91a0e199b252284d368e3c2813615bfc30e6c2e461e19a9541733bc09743e5d17ad4ef524a72436df807c829e50af7c00
-
SSDEEP
6144:UY/hqaY3W3TATmNeZL249z2kiiwsLCcBtlA1+cGXQ1:UYZLkTmNMT9rPwsL5vy2U
Malware Config
Signatures
-
Detected Xorist Ransomware 8 IoCs
resource yara_rule behavioral1/memory/2076-6597-0x0000000000400000-0x00000000004BE000-memory.dmp family_xorist behavioral1/memory/2076-6613-0x0000000000400000-0x00000000004BE000-memory.dmp family_xorist behavioral1/memory/2076-10196-0x0000000000400000-0x00000000004BE000-memory.dmp family_xorist behavioral1/memory/2076-10438-0x0000000000400000-0x00000000004BE000-memory.dmp family_xorist behavioral1/memory/2076-10439-0x0000000000400000-0x00000000004BE000-memory.dmp family_xorist behavioral1/memory/2076-10440-0x0000000000400000-0x00000000004BE000-memory.dmp family_xorist behavioral1/memory/2076-10441-0x0000000000400000-0x00000000004BE000-memory.dmp family_xorist behavioral1/memory/2076-10442-0x0000000000400000-0x00000000004BE000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Xorist family
-
Renames multiple (2885) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rBBH65PP7s3q6Cc.exe" 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Special_Characters.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_operators.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmeric2.inf_amd64_neutral_a0575ec9ce5c7de9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64\HPP8200T.XML 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\ko-KR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Special_Characters.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpd4100t.xml 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnnr003.inf_amd64_neutral_c07c33bfb5764bdb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnnr004.inf_amd64_neutral_3319ff2548f89fd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64\HPF4BK3L.XML 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_preference_variables.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netvfx64.inf_amd64_neutral_194cb6d2ea3a486e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_neutral_4616c3de1949be6d\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx008.inf_amd64_neutral_75545721835fd863\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\lsi_sas2.inf_amd64_neutral_e12a5c4cfbe49204\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmcodex.inf_amd64_neutral_9bb71004e7b8f7ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj6.inf_amd64_neutral_8087946c82068597\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Redirection.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64\HPW1000T.XML 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_operators.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Core_Commands.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_properties.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_arrays.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_jobs.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\XPSViewer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx004.inf_amd64_neutral_2cf95f307381e481\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\PostMigRes\Web\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\cxraptor_philipstuv1236d_ibv64.inf_amd64_neutral_b6a3e57df5bad299\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64\HPO3200T.XML 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions_cmdletbindingattribute.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\Microsoft.PowerShell.Commands.Management.dll-Help.xml 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_neutral_9d0740f32ce81d24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky303.inf_amd64_ja-jp_b054bb0d59e0a3ad\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Arithmetic_Operators.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_History.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wstorflt.inf_amd64_neutral_3db956c41708f7f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\PostMigRes\data\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_requires.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Line_Editing.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Variables.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions_advanced.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\brmfcsto.inf_amd64_neutral_2d7208355536945e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wialx003.inf_amd64_neutral_db618863f9347f9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Parsing.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Switch.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\LogFiles\Scm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_aliases.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_History.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\af9035bda.inf_amd64_neutral_aa11aa34552d1d4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netmyk00.inf_amd64_neutral_9c0c35afdddc16d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\vhdmp.inf_amd64_neutral_c3910bbf4fbccf97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\System.Management.Automation.dll-Help.xml 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmpenr.inf_amd64_neutral_34624840c3163a38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe -
resource yara_rule behavioral1/memory/2076-2-0x0000000000400000-0x00000000004BE000-memory.dmp upx behavioral1/memory/2076-6597-0x0000000000400000-0x00000000004BE000-memory.dmp upx behavioral1/memory/2076-6613-0x0000000000400000-0x00000000004BE000-memory.dmp upx behavioral1/memory/2076-10196-0x0000000000400000-0x00000000004BE000-memory.dmp upx behavioral1/memory/2076-10438-0x0000000000400000-0x00000000004BE000-memory.dmp upx behavioral1/memory/2076-10439-0x0000000000400000-0x00000000004BE000-memory.dmp upx behavioral1/memory/2076-10440-0x0000000000400000-0x00000000004BE000-memory.dmp upx behavioral1/memory/2076-10441-0x0000000000400000-0x00000000004BE000-memory.dmp upx behavioral1/memory/2076-10442-0x0000000000400000-0x00000000004BE000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files\Windows Mail\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_settings.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\stop_collection_data.gif 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02028K.JPG 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\v1.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\cpu.html 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_right.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\alertIcon.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_foggy.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\settings.html 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14791_.GIF 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Library\SOLVER\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\JUNGLE.HTM 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\gadget.xml 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files\Java\jre7\lib\zi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files\Mozilla Firefox\defaults\pref\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\gadget.xml 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_all.gif 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382967.JPG 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_snow.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\lij.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\flyout.html 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana\TAB_OFF.GIF 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR32F.GIF 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceYi.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\gadget.xml 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_hover.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\settings.html 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files (x86)\Internet Explorer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01299_.GIF 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR11F.GIF 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR12F.GIF 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files\Common Files\Services\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\drag.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\BORDERS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\gadget.xml 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\PREVIEW.GIF 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\OFFISUPP.HTM 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_dot.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\settings.html 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL103.XML 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files (x86)\Windows NT\Accessories\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ie-behaviors.resources_31bf3856ad364e35_8.0.7600.16385_fr-fr_40a91f862f646cf4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..ccore-api.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5cd6db78279aa246\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wusa_31bf3856ad364e35_6.1.7601.17514_none_0b2696ec2f3c656d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-systemcpl_31bf3856ad364e35_6.1.7601.17514_none_e2dcde6fbc50dc4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\Web\Wallpaper\Nature\img2.jpg 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-b..g-base-professional_31bf3856ad364e35_6.1.7600.16385_none_5033cc0ab905012a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..ntconsole.resources_31bf3856ad364e35_6.1.7600.16385_it-it_780d6b9909803275\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-snmp-evntcmd.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5f502440d332cbea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\msil_datasvcutil.resources_b77a5c561934e089_6.1.7601.17514_es-es_d5ce2a8dad8065f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\system.servicemodel.install.resources\3.0.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\9b1d7533105a793af14b7b51cd5443af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..datalayer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_579930838fb7b462\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-d..w-capture.resources_31bf3856ad364e35_6.1.7600.16385_en-us_031392aca3d21f4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\glow.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..-comm-dll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_70b406154cde2a7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_do.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-pnpsysprep.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2cde09294fddea9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d621267d77d470ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-bits-client.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9af80c8bab8e87ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-rastapi_31bf3856ad364e35_6.1.7601.17514_none_10eb9444d81f1a4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\inf\Windows Workflow Foundation 3.0.0.0\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_nl-nl_99cc4fa5f90d8a30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_trap.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-garden_31bf3856ad364e35_6.1.7600.16385_none_f7a4bf1e15863e21\Windows Hardware Remove.wav 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-sstext3d.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e5626780fc684f08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.5.7601.17514_none_af500e3c7fc49bc4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..ion-agent.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ddaff635d3bf76af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\1037\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_setup-uxwizard-clientimages_31bf3856ad364e35_6.1.7600.16385_none_a4cc3ba14850df9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_04846decebf43c4c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-mobsync_31bf3856ad364e35_6.1.7601.17514_none_f77710eca7a33df6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\msil_reachframework.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e2a96bdd02e11f35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-a..istant-ui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_343ffdd9e09f996c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-com-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3af094522b18c953\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0accb12490597570\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_If.help.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.1.7601.17514_none_1202940e4711971e\Report.System.Memory.xml 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_ql40xx.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0272c26ce89b1b67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-c..mplus-msc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3acadb990d9b3188\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-p..utilities.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bae2afd67cac20ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-rasgetconnectedwizard_31bf3856ad364e35_6.1.7600.16385_none_9608d037e5e91cbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..overy-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6c0914f116e9cb10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-netbt.resources_31bf3856ad364e35_6.1.7600.16385_it-it_39e0a340df414a50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..ls-nltest.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c520779c48d0ce72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnsv004.inf_31bf3856ad364e35_6.1.7600.16385_none_622bdff1f27c66b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\06d363f8e85281d0f70f2c88d1a0e667\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_1394.inf_31bf3856ad364e35_6.1.7601.17514_none_59555c0e1c877c53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-atl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_51feb3152ddef946\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-lpksetup.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d46bb5dbfc4a9ad3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-n..admincore.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1e8fd26c537882f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_19abef884ee5dccb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992\Windows Logoff Sound.wav 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netfx-sys_windows_forms_tlb_b03f5f7f11d50a3a_6.1.7600.16385_none_24b8f009e5bf3817\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_6.1.7600.16385_none_5aad0353642dd29f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-msmq.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f16ca38af615929c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-autoconv.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a922f329ef4f7d40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-i..ngsupport.resources_31bf3856ad364e35_8.0.7600.16385_es-es_511f5c9254329f1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_msmouse.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2d64a68aafc8bd0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Speech.resources\3.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\9.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-fus.resources_31bf3856ad364e35_6.1.7600.16385_de-de_165a21375bceafe9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.WoRm\ = "INJIUPKJOIOXSUY" 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\shell 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\shell\open 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rBBH65PP7s3q6Cc.exe" 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.WoRm 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\ = "CRYPTED!" 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\DefaultIcon 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rBBH65PP7s3q6Cc.exe,0" 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\shell\open\command 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2076
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
905B
MD5413ba6421e1f7587471b8de3c817feb3
SHA143e8d409b58c0f51d1e23b26c13530f4596672af
SHA25661d82995ce8a7771b180d4721e3c902fa6df441b437196471e6d28763c2d3bb5
SHA512ca373215d864651d3c551f690d31a335fe2457b01cff9b943b2cc6244d25be7b9383584f7e8ef003fe84db526a28e8221d18f37147d6e292f7d58f1e0b7e886a
-
Filesize
341B
MD55e5de0f65da5884d8c302fef1032de6a
SHA1ffa3d9d1dc950a3908487da7bc26fd6c703b3bb1
SHA2563b76b272f637cdfbd8b6255105fd8ceec1e26f2ae0ad9a056173bc13027b0589
SHA5128e9c43ddd692de8605b8760ca8f2fa9cad3520228cfcc94bf7a7c78ee60825caa199fe18cb538f31e94bce24d734bc032db446ea708486798183b9afe4492967
-
Filesize
222B
MD5746093a48541cebc37e84b04140609ca
SHA1b431c1a5ff2cbf4382f9083e748c7eb4bc2672f9
SHA256a8199b22610652a13720ef7d635a3454b09cfb92539fc7d0b8eb37777fc4e139
SHA512bbc67f1dc428646063f3924462bf6ebbf5b407a647c610a1ca7ddb82b98d7eb89fe9cb31809b4f44572d6c5edc7ec0f01990472028f1ce1e05833d008f8c722e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD5871a22c994236b808e17b1923be2ca7a
SHA15f6dfd08d1b59d5816efc87bfbb222c290d18464
SHA256c2ff947d54969a506b8c158f668df6b908545392a46fecf59ddc32395dc3cc41
SHA5128b0f215197eee3e66d4266b3ae6edfe56d48f7f68e173f176fe7408222a90360ee8089788b7ec45305f3f52a45a9d840815ae0bf2bd0c7d6ba27ffb56f835c82
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD58f1a7221f652b6cc9f7b9e2485d2e80c
SHA176de41e0127029e52219d70c8df6a45ecaeaaaba
SHA256e0ad71602d77edd9b8c5aab5dd4dbac6873759bc9dbdf4d48760326bf25737f5
SHA51208de67c623316cbf7466776dde3ac9356576e92ed394443e4eb2df73b9164c4acf0f3622b31cc1707268dbd34bbaa2fd4b416d8e7862c162171b96e1e0701296
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD5e2a68956b27631d8b07fd318360cf9c6
SHA172ca43eb50231c444fb4bdaef1b7aad22dcd9b68
SHA256d1d41b8343caf8c62578289f20e3e9231dc8cbb2adc8f77ffd4439a61bf02acc
SHA5123e4a55833ef164e4f612ea7beb7bf073cef26c0e8a5770d6df4e9827baa3622f6bcd07599b516f9365638f6d9a776e4341af06a6459e09bde6610fbb4afc4d50
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD54fd269a6b4d3ecd0ec4eaf7eec4d38e3
SHA14032718d8c19f253d2ebdfaaff2ed031c8ded075
SHA25643b6fb723c064eace4e7e8412646e2d36a94fab615ad2c797dc450bcd066e1c5
SHA5120ce22f6816eb050c740e72f461e3f97045519f3b3d67fa52c9056ccdc3a765d36884dd5770035f05e1aa2f36c45198085129c2b52dff840f723d9736c17b2b51
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD51ab1459f735816f18fe85d1b4147ad60
SHA1e81abec73ac3e5354be6e31342f0fa879cd57c1a
SHA2569cd9b00a1bcf07d9ed94545a51276bece3eb2665569ee7830423508bb24af6b7
SHA512855e780b4e699b5dc9580b6ffa522c1c4d01643598a186a7d3444ecab4ec20862a084f7d21d2930f860061c6730c888ca3a4b2fe89c3e4eb9eb31845515fe6be
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD5c7b774e16b9b9b50d44fb0b0bb213e61
SHA1d1d8b93b75566f8dd737e00e198eee43baff4d9b
SHA256668ec8ee2c5d9692df8b849ac39ce1ee076c47292966c167f2c00ea99e7e76b5
SHA51241b16a2cd3e38444c920280db244f96147299a0b9eda260c71d004aa46d488554ff61cad738eddab7938384ee89cb154900d02b6321a1ca95dd62a90a5910d19
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD58dc13c1db337f79419460f7f8e2ce4d8
SHA1fe98b99e3ad8346c21f2cc5320dcef611a3fdab8
SHA256fe0cc2a82c63696bf4e61d284cf4860b6b39da745e088644130a97d6facb1661
SHA51206b70925edc011b5b2b0e3fc51f23762c30403386540ffa2453322172126bbcce9052d668a54d33505f28775b4bf522b9282019dedd6b967182c9eada58243a3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD5300d9f09f18a59876d9196dd6c5b218c
SHA10111e2a15ffed1f261896202ccce6026b234637e
SHA256e2b5f9b9a8af6e7dfff270fb711f7ebce0fcf074aa8506b3a33268a6fcd5353c
SHA512edcb470f99ac0c2000908b9543c5d994aff74f590238bfbaea19b8f0916b53d4fc295a4610b9bdb253d92decf7001c8fb89d5369077752421b88f70f41758240
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD5517bbf76b045ddc61ea60981be3c4cf7
SHA1c058a5a4b8539bc62a042cd7dd7c88368c0164dc
SHA256a0a95b7440623aecacf1e8a5816e3b2238278be07dd526619b8cf91ded85ad6b
SHA51282ddf354f374a2178fe57eac81b56f763bc778bc0140b961133e86b636dc45abceb1565db6c8559e3f0752f31fe5da026d8370f29404206ad587c34577d42a03
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD514f99c71e3d84f64e621cb50f5b88f32
SHA1d320c754492623b546bb050d4c718a6b57a056be
SHA256e89ee01854e0fc4b233403a53109223768c12339e4004270649f60e894372259
SHA512f54ec53d845b8103508ec2a7c78436bea94460d2a7920ae27994a82a0d37657db9bf405f628ffb89b177fadf4d3c5afd5885ecfad61b3bf7a59642158b96b280
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD55932ef9341d579e11c151025ff01666f
SHA1b77be00bb8db3b8dd1df7cdc6d439fb4cfb31b02
SHA25604536b657b55cbfe8a1244dc7f1299d924e17fc469d398b9f159edff06d57fbb
SHA512eac7052a868824798672d7ea48736b65f9958f9931834e5cc8af19a6e80986af1c4b98171f84eb9a1fb06fd241c584df8e9ad373ee3bb1d50264117b73d5ef69
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD5975e181ef86c093dc308fd1dc2736bcc
SHA1cb72f8aae3511d2bdfe89c63c8effa9d80d7649c
SHA2569347b155077b6171b13e4b98512d413148f6a1122c253f1d80f3339fe904c283
SHA512bfb71712e8e84e9473c78045ebdde7455085bbdfed0c718dca5e5626b9fbe772235ff2179a160a0ef915dc363c4ab14bcecca04980ad824bbb2aae788793cab4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD58797914f91c436e1fa0d4181c7540f98
SHA16c54848f0c2cfbd223087d4ab469b25f1315bca8
SHA256ba3fa2d59a45101232dcef3b7860dfcd0ea1b1abbc10c85c5868969627894447
SHA512a2e8d343d2b33e0181dfad7d937b95fd4c41d04c93c8a55b11e68bb63b4090cd7db34eebb6d734ea1d56267a7f52c13f031b192a9c1c3ee464ff38709be9715d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD533459ec81862239e184e8a8089311d5a
SHA11df27e2b13ab8f31ff82156ab70f98c71414fbe3
SHA2561478cca98df5b155d794e4e2514150eb04ffcb6e717902a43bc0c130c8215825
SHA512f719237a8b95070b266e9397dc4045de034b91411a160270144e6faf89085f1ba69185dacda030f5e6a85349877cd46e15bd30ecb194664a8f4724f0b18f37d0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD5f3e6f7fdb334ed1e41a5463ffd4dd67a
SHA17c9d9639cde2aad5927a5ec6b7178d8974b9045d
SHA25612ffda645991300ccebeff1352dbf166f5135988090c2dd8b37ee9e745fd5c03
SHA51298867a0d80adfa4a33bf4392a3e3c2139e43c550ec842a1e1b14762d54e6fb9a29e921b918b9203b62cea8392cb612fb9a622d9fac970c45d1bac4dc0ac4eb2d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD52715b10297e1fba7bcc5d71ff19093c2
SHA13eceabe3d0a8f3667578e46623b654d1440a1c89
SHA256938210b8c46f2caa606578ebdae80491db41b4fc3384b8d035fb12b756c1b036
SHA5124cd9d7c64dab58264f0e7c63b21bb1efd8e7653e4da6bb40218ed9ae38374e16d50b4203e6648c61002c4903869f4875565bde96d4683aaf523f61282049efcc
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD57588b52e8fb87c8ffb28fa95565dd5d0
SHA1bff6c9233f79c94360e0e739272679bab160eb38
SHA256e4ec916eaf67fbb07c3fd0c9c07a3f1e59b34a6b7c5dc254050eac0359529100
SHA512ae90d07b71d46c1692207135f5b4d277ec39f7f67f21f4f1646bd9f4239bfe1a156fddb57f639dadfc3755da7358f91a541483a1898b245e34935e4f909f7095
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD524a5c0b9bb5e53b0fab212544f61faea
SHA18f91bc1c7ee6c6b92958b8b9b7090f0fc7ebd17f
SHA2562655452025681c19224474943526961f6724a8504160ad71cc604fe809ac1400
SHA512502359b004700a274d6c57ad065fc7308834e097869ed9b382775948310c194c594fe97bf9a82bc3079c2c3a018ba2ee600e32ca69cab7551ff95e37b4530862
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD5cd8b924b6950b0f6c469a859084a61df
SHA10a3d75984435cb5613763ccbc3f87a865462f93d
SHA25681aeecf181af6dccf47361585e1be6404b1babea37b4e9e393dbcdcd88abcdaa
SHA51209141805a35fb606c40ee3207ab52f579ca28314c040c671ca1d02affd1b358dbaf5eec1cd8dbbd90fedacd1243140ebe420c28c7dbadc937b52e5612879c50a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD506ae409bf3b11416873ff2a6d4c31fb4
SHA1c61e7a0acb3bb9206bfa850e1fb04c60a625bb28
SHA256e33a738d1f5ae460e607d959bd0a9e6f0ef7ec0dd6613818a6891cff9fdf4b61
SHA51220b686ed6de79ca1cbd1c052a3fcbf392a1f6c4396188d20698a6ea641c74a5850614233e15a47dc3ffc13e7a5460a880d0c9cbc55dc8e0eb4091c7bcf7c0a47
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD540602689c20737eca055fb3f60f3a13d
SHA1de0632b9119c2f0a0b33a9ee1c59331853b15639
SHA25647e96c65b5c546828d9b28cb3c7d83aba41fbaaf81c63b77365505f67f516d0d
SHA5125243a92bd8b191323e613c2c3c8bd1afed5f829de63cee761aa2d4a273b49f223eb5b46741fb81ce4a2ef3709b512fa807b8b28402983bf06b73f90348b8cef2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD5b656ab46c2f3ba9dbacc2e9c1e6e7910
SHA1249e17f1f17f845d8d8bdb3b6104cb71cf446635
SHA256544b51d654b476640b5cf9dc1af6f24a9b745603bf15438c41bf4112df3e3151
SHA5127018378f06c16a506f8d868bc286c5f77cc5eac50025ff8de7708c6423b22cae8a2ddbb2d13e9518ee8a273ac5809738290eaee5a7cd615f2ba366369178e01d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD5b836acc6f23e8302beac75d5347eb970
SHA12e92d1133802b8a7f9db1ee469925dffd2d039a4
SHA256f107679ac768c1268d15c044b5ce61ed6207c0a6549829d89d72d25886b1bc50
SHA51278bc42296f037413c382c33da9c1e790f4f587c68b217c4f4aa7d1b71b8b29d5cda906a23447ad961268a1fbd60288710ed5587418277dbd5056c4c17d722296
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD5af33c42891ea64016ea7d23f317a0105
SHA1a56c9dbb889fdc2d8666269dc53163369e9f337c
SHA25609abc7cbe16f4da9e4f81dcc14fb58f3b9c53cfe5e3a16607166a4073aaaa286
SHA5123dec0550d1226c630a3458955bc3f2c5dc4a2dc90f7a904c34ee721248d377ebf1e7fb2f5a675ce4721b287b74fa2e3b351a4d3be65e1e1de05a16bf4543d7be
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD537dbeb5317d8837845ef9ce40ebc2dc9
SHA11ec63c8c7084b71cef2ba21388cceaefc5b06625
SHA256d7868aa9d8ca15ebbb40b1269f86f29e2a096875b36fce8cd9bbf2c9c7f24c6e
SHA51249786522502b9b8fd7a98315c9d8d61d68b8ae12f5bf6e1ebcc8e7eb991948d7dd0dc0c087ee116fac3c9333ccc8d1767c91f2feb4623661fb2e17590044c6b0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD5c87aa38e06ea2015e2e4e37004864af5
SHA109df8a9093d2cb0888b3b955ab47da054f362485
SHA2567982ba89df02826ad4265b3d811e8c58558f37284503e6ec70e869aca8355935
SHA512a1801d9772bbe7703ba033b9280a9099c7c74f6b2a5164312116fe03bd0e5f7375fddef8ac04d0e7f5f44e4d13735bb86e9a212a8965ba1679cba11c3eadd5f8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD504ea54c14a6cf50f1d0d06d7c4d151f3
SHA1c75cd129ce0c8cdc03224a13ed55bfad6926057a
SHA256628e62b849c0b4ea7077c18b3bfb047304268ed0c472fac74b9a05e5bd01b767
SHA5126b3f0a86285c9503bad4591e388bcdcf03581b0fee01d17b10d31738e695d1f19beee2473cc9b030a8a718d71d53433bab74099cac0f3f76bb93e6774619bce3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD50b68ebf6511998409b56a4c934972816
SHA1b19172f0382db354c885297ee2fe06e431671363
SHA256cbebc043695efbe455416e59972f7d29f2f587e05135f2cff33a75866e6dc529
SHA512eec552438be8c62622b16865bb6ad0e0518119c6f5ac020607f1d9deae8302ffddfd5a78f1c4d1afbcdbca0eb9e0ab357e0bfb6c59e8545966e744addf46e9c7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD55149769ebbb230083992bc802b802a45
SHA1f9a032f10afced6d0ba9e7cd5df3393257f154fe
SHA2569db95c54e816ce634dea1e56c7077536ef7a5df3492454e2f25448ed44f67248
SHA5125e9643948b67a279c089a6b870ac82b7e7652704136b144c85946561171e6d27ff0a8d70cd4bfb91122c29330814b31e130817338b3459c97b7c2508c82b7fea
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD52c89ec51fe4e785b8ec939d030984cb3
SHA17a9e8da00506d5e269fde5a1eeab1814782a2342
SHA25689acf13909fb17fb904a8aba4eff5bb4c6cc563cc1889210f657e6616e6a2479
SHA51261e4eeb1ecfc29c571d8b27a36fb15fd7a9dc5f364da91a3464f52c7d9fdfd8d78cee8b9b095cce54a63ab9180a178b92c404fb2b3b2565e1409bde6f5595271
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD521df7245382bf1b838d5081b0e626279
SHA1a81588d35e8cde6b6bf9f0c74d61a44631f89898
SHA256b142990518f1af5b9bee528c68b2cea1962095726420268509a88f38636b568c
SHA51286db0c9483b07ffa444e32e07cf2c361e51b93fa25bd42d5dfd10533bf24c046a1f578f23beb7d0a4b0936a6ad2837ed4bbb7d2c9ce7d9393f36665b8c3ff67e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD5572e61a90b6082a77cc434d51ce7a057
SHA11589ab0986055187fb458e4ba3b9ed1ce8eb99b8
SHA256122460e6e92513ec27c5e56711261060debebd1b3dd8d68addbe24e323db9d45
SHA51277b359ddb6ac3768f6d6f70cbcb2dfcb9ee0f2e6d2d28a0a25d28080d0620be162daaa858f9cb755b13e6090185b73266bcd04f6b6374b7cb4a00fa459783f0d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD5240f84e917d7205294310df603e01529
SHA1c9233000b1e28906b351d22e8052aa40c2588c81
SHA256e1f370d889a59b48bf207601ae2e9994aa0eee20101b03bc8720bf09bdfd5db2
SHA5123297fe412105f37f21060fc03a3f38567c1f3e2cd9e1476168301dd5d7f23a26f412091373d54efe69f7fb817d94a7ea12439c03f93e7eb1741a3477aa0d5072
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD5a6677f920142a92152a3fdd4a568b463
SHA15cd456910d95aae04abc889ce7ad8ab4cf901616
SHA256ef08bb3fff8dde4983c1908e4a61a6c941e34cbc1e012866dcc8b20997b46460
SHA512688ef4fccfaf07f22da88fe3bd06edf442703635e3c36df471a02c6acebed2d5f9b666462df449ba3d551b820c6feceb8aa78b43a6ae45c485ec7e586342fb39
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD5ca67d34fa5bc577a61a9f716550aae81
SHA1d7f101dd64ddb39bb43b237ef0c8e10bf9a2e81f
SHA25608ac8fa1c6bc95ead95ff00e94622359b08d4aa87dd5194867861a7993fc0b89
SHA512fd49080e820382e8b1bbf70d1bc08af21e49b6fb67304ed4c4af4c43e33025b5dc2c1a6529a5ef24b836e2c653d4f751eed74e06f238d472d99cc5a2afe89366
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD576b3d5ba1e97295f43fb62baa81fb88a
SHA19005d3afa8fc8cbee4bb52b79cdebdf63802fa80
SHA25646c8ca444124d9f6f7c5d07158dab7f3786dd5782478b3b988375568cd21180a
SHA512b97c159ee23e64e1416d9f21462170b26b96aa4b9797e67448fc607f80603658b35bd49d84b325a0f3f4009ed91fa755e30eeeac5308e4cc776e50f6b4ce72cf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD53bf7a211f5b0c6bfc575bb813d43230e
SHA1b4bc15b7db5646bce0ff525e4b322471c4f90a74
SHA256dc18240dcbb3ba876717a9d6c36bfecdb76f42d86edb4b2f53eca4822075c69a
SHA5122cd82a8682f23d5e01f6d2f414238bb6e9941b474ff56f8c686690ba9df6f54f56018bb79d943013f075240877deaf119db320848f1914ee790189453313b602
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD514aa7ebcf0d0435425a675b1145b06a4
SHA18238189ad92fc3f05481338fe1814be8c0bee9e0
SHA256ae16cc7740287a7a869e067df32335b0a4b876822ed6cc6ede28c0a0f8056c0e
SHA51281c0e0f7423d246712d7fce2c022f2a80b376636dd33392cb8a5be485076f198056221ed0f4ddf39bed7443acb3cae786f61d17c8a38a43e81d4703a36e80cf7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD5edf21d489eeba23df704656f462a852c
SHA12ccc7bdbcefcd68919aeac34dea9abb2ddf035e3
SHA2563d3e8a1a3633d6168ce5da4b4b37683f8baad68f7eb8c7b72478b6903abeccb3
SHA512a6aed28ceafe83924310b95b3b10a44ee37118bd4791cb585beceae4d76e672b55fb60351d3f39e55d8eab7c96813cf137754eb0513a029e6e06cf569ae7dbf7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD5fa622bf291aa55ee8b4ef32c5e125f49
SHA1ddb38711517d77cf85efb37774fe771aa337c54e
SHA25675de02805208677b7da04aa6c37cc399bb2d4edbcf38f597758807ff3e9b00c9
SHA5123c357cd9ca2e3b3713f7dbef014e075d3cf02a5cf1f0f2631ebaca500b57d54f8f41685be9ec35d9d22f6893e0f7ca075ffe39f0ba4c5f4acb694dffe7d60c77
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD5bb8443637c4c8cc674ee5b4e13447b3a
SHA15051c269f33f124bc8a848db8bb16d84ae4b8a24
SHA2562c93076e6faab9349a990006f0feedd8cdd5c11f087c17f7599fa6b1fb43d0fe
SHA5123ab2adfefdcfe16dff548123c9c7d2bcda9b1f1bf75882d8737216aa68d456fdbb3c8d57297ce583f96ebb37e74c00f218a17cae2ea75a6b88faca5762d41bf6
-
Filesize
580B
MD5243180077c4ca95fd5899a605c23c2e9
SHA18285fbd6daeaebb36fa3a3eb13f255b770d5d2e2
SHA2561d71309ff667c4ce5e0908433f667e9ff96e340a97f0c52760bd4e6443bce2d1
SHA5125528bdde88b0b205075c95b700d768cb5d0aafbfc7ff19c4e18eec3c7819b0adbc36881372f4392a5d23a310270b54607f34a8bcd31d62828e90c5218c13ee8f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD5ea5b90054063dd946136915d6ed1c619
SHA18aea74830bce798ab773edb89905682a1de7d030
SHA256fd09d866d8be134a6fd44528e0587db14d5531915f4f86362c80e1d212db3ab2
SHA5123cfed07d17d6c9cc4015a1e37ec67ea4adbcf8e009b3a3669604e4274de52ec68d770d75a3b1ecc4c477d3ab0fa622b8640095e57a8878e4512bd9c268a8380c
-
Filesize
625B
MD5cffb71bc21508669592c22ca0c9b3334
SHA18c6a733dab5c5192078c183367720563629f6c87
SHA256acace6395f4ee59ad63e82296d00b430b365aae4ffb5ad09375b1f62c980d918
SHA512212f873b2527aff7fb329e537cc57c14e360b9329c598feea43383380045c38ef8dc1fa3aedb00abafe907cff9e3ae599a1d04ea142b4794f1c07d643db67a84
-
Filesize
873B
MD572d8ab7fb12a0db8da86f79255a2b8d2
SHA165a06c3124d37c6df42ff9ba28ddb1e6ffcc1fc5
SHA2564f2bd15cb6dbc071c6f8feeb59dad17dba848a4fa69f7a6af6607469cc6034aa
SHA51253b5cd2d7f8930d9b4f188e8c3139afcb02df54a0e434346dbeb937708ea8f1f7c7db17d20043be8e3829c3b568ed463087a1beebf81a37b8c2cba6227b6efd8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD51bf8b1b2f37f4f7f280e2cf7bd399227
SHA188e6278d37e61fe7f461a7dd5193a89911bad6a7
SHA2563e44d5dc6b7dc84867be1e6176765c3819113df406129dbab9e74604e319fde0
SHA512400e3dad9ac1b7ecc547e69bb9746da7cc7e9f02c5e7188c8ec1f530c2a68e93dbbd0298566e58bf7917d7e0cc3fbffb164ae531a16b4f89fc82ef8eadb58ec8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD53a7956bc1812ad29f408c8199835b564
SHA1589b8fb9eab5476e02e434255d35fd732cd111f2
SHA256eec4672e08469cc5e8c037be660acadd794de51dc7aaac997dfa8c41e3389517
SHA512f404cd26b3c8c3424759cb607c9a3e36e515862d87086a2b830fec23f4dd1b9166c22f8d73544da36c516cbfc23aaf914639b9d84b849a70cbd99e83a723000f
-
Filesize
615B
MD5c2bde30e28b20653d3be322e95299f0b
SHA1231d6c6c294fc180ce62e39bf53379e207712634
SHA2562bc948b3ff41ef0f003175afc0a5b0e5230b700caaf24de36071d3b36f761f21
SHA512e5f2e1f8749a4589adc5737088c5c1f422ce24029af7e1f5384550a22f3e937e8f1bb42345fe12a8ef2abcee4fe2fc0c944ed84665eaa17a698acad66c458973
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD5644d27ccbd159cf83d6b4644d04b2c32
SHA129d050fd3a67d4a8e72bf5cbc33ae0302df4710d
SHA256d846b8949d7152dfa1d6f9727653f70444b27c0b4435ac8411830629f6335b94
SHA5123462848fefc8f37eea11430dd2f7c39e4058e86355de89a1dd61779591b6981a5e854e453374901e2a54ae830159e245a021c56309b0be470bf6a0e2dcccd1e4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD520f3bea80ca97966e7cb3db39b9bfff4
SHA12d74ad455f81c128ee8db649bb25c3a546985b36
SHA256a4b3474c73734a5ab19099ab7952460c620d79b1504cf37f815d169a5bee2db3
SHA512494067f5cb0da6ee313b5b7223bf00b1401eb1483454e2bde0c959a74c1b4bcf36024c317bae75b3266c6581a6aa0577402110c1f3857f2211ab87d1101d1d81
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD53324fada877a7f6cf3c5651f8120de0d
SHA18a91efeac88905ed37d1ce20ea450d3a7421a1bc
SHA2564a8b24d2ba3a0f50de012b792b032e84444db88af2963032a8a08e7860571e54
SHA51240a910688046dabaffe0a52f4d2534ad924b29904fe90bd6d3b42a6489834b9c0b71e4bca601a310c07111aa790d3a4c73cab65987d85032172fdfc7ad8b59cf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD547c5d81d8a87ce0a76fcaeff5183700a
SHA186635a64ef93a7a514d38fdb60afcc04b246184d
SHA2566cc6f96f8bc2e35cb7916e91c9e09063274550680c76d8080b44c11aa87c518f
SHA5125793a3aa911f7e96e53c81c1aac885160da4148dc5f1beaebd948c2a7140ab9c4146431005d8db8e9443becec047c29328415aa5d0250d38958e356ffcf3eeba
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD5c6eef88151fd07efa08a983a3fbd5ee0
SHA14cd8f01ed40684d02927e3240a552ef5937ed601
SHA25669aa9421712111253a64f6f5976aa1aa06a78eca2ed8c93240cb3745ebe4fe2b
SHA512eda67ed6b965acb05b7ed16e5216bde5680aca3f0464f36b608d811110e44547558b8a14b9176b3503b16f8358e29c1043ce0ccc3c129621d4f964eade1e6cef
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD59559cacab1df47845f8b05f7cf54443d
SHA1b85b92058cdcaeb8c4563dd6259f1429b4c55940
SHA2561d9e3ffc12efa9a075a0d4279837038b8d05fd172060cb513d3d03e266370d97
SHA512bf73f3623eb9a7edad92b1e5c793a979e8855053f42d0c820ac1e890fe9066369d2a5d18feaf876026ad29bbd4ede351f543dfa94e270a07dbdf8e23cdc1e683
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD5d0285ecc9a0212a355ab96174409ca9a
SHA19c2f4970de0257fd4f5ba23208809a9171c52650
SHA256b9c5218fcb3f280203a842c2098d7ff7d07b19723c19df20e92c9efaf34a059c
SHA512ae4bbf2599401a4cf967ae9f2e19775238ce9d2db82842c224907fb58eae347d1ea77252403f31cdec73142e423bef566308345d8781f32e5a9a909b2c2c5296
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD57489def9a6f80417dac50e5c0c429f54
SHA1afdac87e233560818cc19e9227cdb9df49945c9a
SHA2568009a5d5af3ef6c417f0429058d7dca8a0ad7c90a206fd45fcb6354b5a2e5b9b
SHA51211eead0fcefb3efaec3fe0af97bc5655f0106609b02468ef1c274392ef9bc1a87b475b14d01f97b38d7ce995520c1d24a18b26f90dcb5ec3c811d1f5c41d751a
-
C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml
Filesize247KB
MD53a739db97a3d7e91cdc70e280cb46c2e
SHA171e19b569a9b5186bd9db2db01317f1e1eb56992
SHA256b66d1e317412ea20599dc09fd581c01b5f054ce80d845bd579bed1c18774f03a
SHA512aefeb630c9a35a8352788001a53ae49022e970df101354820d91b311d5b64aace122bbc43ed61a0fc4aa4346d922643ae5f69cc87b2f7625c684ef580e5e6e4a
-
Filesize
806B
MD5a9a65ab37756513e5b59d41c3216eb8c
SHA1121562d94d2a3728d4b4a51f6f102d426cf4d181
SHA2562df80d00339199dfa9ee9374262314255f5056825e96d37574f39c4a5a363388
SHA5120196609e3629447cc3b812b9bfc7dc9c9ea67557fc5650f9459c3be7a5f83537b079731509771e087ef21851d326ead2d6a3df00d639616d423cc10ecb6d9ef3
-
Filesize
153B
MD57145b5d799b9931efeb132d90454928a
SHA1f5104672c1b25eb12ae5a4158922181877f6902d
SHA2566b6ab6579db2a0b585b46f12d0faa1b43487cad973b0d070f400605feb95e851
SHA512bc5d22d59bdb80fbfb8711d1535402e1d6c7a62cc84e5dfbe389e6249b5db82566af4f11736425d3b0bac101dea3b37039a5a344dda7ed55a44b79f6a236c184
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD59a1501263c58b769984b0a6bd5dc8c33
SHA1eae8e38abf9dd17b6eea9a9f5c1964eceb0f3684
SHA2565b2c11018310a1794e7482b3fab546a1ce0964d548c481860ad0e04545d882e8
SHA51224ef8bcf7787c11214e3cea53a4c3f943a0058584cea7e1908d0d262739eba96fbbbe8fb86177bb9f96e622d3afd04681f760aa1d41965ada21b6d9b04c89aa0
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD5450393b04dc910f763bd367bf5fb27c7
SHA1dacc91ae197a683262b3c0ae24a865036670013b
SHA256b3a475c39e68f80b3ea4f2a3e5b958fa876b849ecb3a5a3e5735d00034c07b57
SHA512addd3be27027f4d4ad1ed3e7be248a273b300c61682aeed269579c5d2655fa8ffe5740c3a808298fc95c1888eedeaaa825f4643497059f576c5c80e490ad7f90
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD58093c5efdab27a02370705c8530a0e0a
SHA1298cdf9e245856a50e72037683a09066f52a1e7c
SHA25684928d6fc2fbb311bc3e3e21c3f81bb341785bf0e9d9649a2e5a1ab8c4b90537
SHA5127e0841f30a893b9929eb4361883a83646ad1e13ca6ac9f5531cbb319645997911e2abb563a6e4117e4112a3489f62bac908d0ff19d8f5a04d71e8c38d0c7fe0a
-
Filesize
109KB
MD59b495b9dcfee5cf63cbd214c6443e619
SHA1effb83398efc281922211086883d114102410f15
SHA256faa0aca966d4379d9c8b7d21ad3c5e0782fe70b08e02575a13caacdc80c89bc1
SHA512458de11f6121fc1d5421af6cfab7d592c1f3a60bd7a2fe68690e37b044e6106dd720a65b549748c87995b36cb933a20e3725c401be33021e8e6c4b70cfc4d244
-
Filesize
172KB
MD5cf66499c0c2e908c13ba990a763c7b31
SHA13fb9f899cdec64d8d08c874c7456f120fca4c3ff
SHA256ff5539f4cbbc10da9f11d3bca482a23d3bc6703a82f81dabe238da67c1269ff1
SHA5120aec796f7177cfe44de0f3af55649cbccdb94e1b653fd3828f9d145fa37a5d16502c41f9ffca5f739632e03561d9c618f2cf6f880b354b46d1b2c8b18878c15e
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD5c90a648cf8898312cffac11a9b0820ba
SHA1945457ca12f9b0aaa3ff404c4f89ca1c303389ae
SHA2565a90cf1ee3fa59abf9c9d92d932a3fea5d87d2a803434c7b0ecced8ddd2eae1f
SHA512ae5f3b8a6e67c19326849d1fdda9454f6bdbdbb9b8d2d7a911402b87837a910aeb703b5adec992ad33e4a469638fe3b665e6d65985bc7aeeb93d6ce2d1acfe53
-
Filesize
317B
MD54f4364077ee37d91cf0c8f77229327b5
SHA165631d1d03860e32067c35b4dc8462044c56e9ba
SHA25661accca7447df485ecca9dd5957d0e8b49ab204c8639a2d6c0bcf75e74b1ba61
SHA512828659e1108c09db49a15b036ab562b482f652a09051c13ebf73011209f51c1ca553436ba8d567d6462cf16a61856818f0da2184317b71e7f153a281a4d19416
-
Filesize
21KB
MD5b3cfa311f10bba5769c1637cdfd6a058
SHA1f12777d8e2cbcb8572afdc62be52415380738cac
SHA2568c9f6598f2ca76713924a3a3f9850457faac138b5d8f1be96b15081e89dedfa5
SHA512cee60f7b0a4f052b982fc686e6e4784da21eb56cc91f75a6342ae5bb00d2643b9a771268b33b3bf7031aa183c3574e5edbdb2282c074cfed3c310d70e296e6bf
-
Filesize
1KB
MD54f20923fe9b04f2cb1aa8cb3b348ec31
SHA1c93cb5e3829c618b45bf1386d9945aa5ecd503ae
SHA256b679e3b39093fc9f755d7acd5fc312e6e1a3059d9e66ab903ecc5d5e7b1dadc7
SHA5121094d5e17c62763d6ed5cdf448d0272d9681f5814b82cc8809ef10c7ff954e42bbc511131feb0b3a4e99ef42d20e664b5620a6ae279ce9b331e1dc687e05a784
-
Filesize
952B
MD58c0802e3e077b82bc6938c5f150bc445
SHA12ea910f95c70f81530945c4788a933edd1acb119
SHA256a5bcc746caa5e07f2582121eef48a67278cbde3074880aa4ac094e13f6b02a03
SHA5120ca130bfe5abb1e41f8f8c659a5e5a4c8eb1ee070ea96351f8892cc2836f58473ef2be8d3940b150b019b53219983a80486f55fb79c02a8a965e2ad7a42f9350
-
Filesize
121B
MD5ab6e164b141f0067ede111150147fe48
SHA193e997710902083ab9e80a634e9ff45c32a59109
SHA25694103fa56f49515908bd436aa1ef0fa545d4a0a6642336f23b588b675fd784a6
SHA51200914bfceaf9ef5e1c89161e1ce8953168329aba95b2d3e7b55c1fe822468dc935cc296b09408ae88696ffa241e0931948653d0b5f8ace088effc6e3793d0727
-
Filesize
1KB
MD5af2881ce84476e13ffe98bb410ac8a62
SHA1c07ad8f74b89b5cdddb3455694f3c61d533a05bc
SHA256c24be7a6f41cf4bfd840a001005251e6f58e93233cdd9759dbebcbeebd7dcbc9
SHA512d1a7fcc1edd65550173b631c3cb930017dcc693305c5abed3288fa7aaa323d6837258a1667db507f0f67fc12809c38912cb3d102160cc78af2cc0ae9da733b61
-
Filesize
8KB
MD58b41d711a76941fa28177eeb5d3c2f4a
SHA19ae55f52eecaf4c4e4c8a46103dd8aa957f5389c
SHA25665dc85676f731bd8133d2bed66fd196b5944b9623e46e46375b666cd53e3e161
SHA5129f599cbf20f6b5df804d0bc28381cd08b30f8128e184b6681ff3691baa7ba7a422907fab641e993abc14a80914d811db58572f0fd80ace7e141ab5397bab1f8b
-
Filesize
914B
MD50409e995b527ba74673d393e2996e6b2
SHA1c2bde88beba536a4ef2e2b892f5c952969065f76
SHA256e6d5418e3ad983ce580c7a21d28b391671e1a6e59defe79fa38fa2a896c70b87
SHA5120729aebf45ca42721b17967aa8249ff228bd837121f8c0d9d74b26507a18fd2f4861b78ac5d065e0635d6a073951feb0b99c1c04b2a36601adac51dc50fb8a82
-
Filesize
328B
MD5237fe1b770f2d8ca11f2dc71a9765d21
SHA19143380cb1c2be274869d5a65b34f57456398e82
SHA25649cfabd73923067b2270893d282299757ee366ed1118699ea9fe5d4bd0e22595
SHA512c7a6ae832248bf722c198de196a55ab94f72a03aa5958fdc915dbe29928d371521559fd3bb359ca2f30555c9a7508bc87ca5bb51b870e4bf2b96241b38becd96
-
Filesize
1KB
MD564c69bce1f01f617aa86f3a71912dd8b
SHA1d8d2f6deae934367daf034b6c5936bc1d025fffe
SHA256cde373ec91341cf167ed0c7663605fcbde03722e949d1e74c9df94b4df9df2a4
SHA512bc5f241aeccfd9127f3fc40dbfe36d73416de87bb40cf7c62e41430a6dea0c95f727f5c144ca9e17e26476368e3b576a557296667f8ce073743b230e801c4530
-
Filesize
162B
MD53a1aab894e40c82f6e9bab34ee74b2db
SHA19ee1de63a81374078c9c6909913f65eb7c632207
SHA2560e74c9db8608e069f09a32b42ed785938cdd260e396f91cf6a8e7ec71b315c23
SHA512a81d85e202f0b1aa431c883f159ca31a9e53071d3ac8bb48c6b58f140001e205611e803373da68d9332ca8b0ae72e8af79a6e407b75d4a0706cb25cba0f6e44c
-
Filesize
586B
MD543efde16d237ae0984ca17d70a4502d6
SHA112c40a27ede36ba0c8def2a9addf14d163cfb372
SHA2563f4d1750de790345bcff0307b7a9e03f8da9cc67b64fc6a66a972aa8a074d56c
SHA512d88ae318b5f972d34773bc0c76dc5f403612723b4ea06e4498225ccfb3fa6cfe30d50211226d0a219d202fb892ea4e2bb9456420432602a4e6f8999d14682e03
-
Filesize
124B
MD534da1c6b9491df0e52ab0d6d1748c927
SHA110f314f989ade8ab791cb41f516306bebcf3e4c9
SHA25672a01931bd70a45e9e8d9e03bb46f0cf1a65f33ab9bc024eddd7cf736e71e01c
SHA512abc019fd958b10cae9630de1b395fee4239ccb800ac0a108ad6339610f9e53ebfa07572d05a2d9a24a3b8c4a0400444bf40a675653843a0d836e30ba135f4416
-
Filesize
8KB
MD503d7778de012f6307aab2cea89b448f1
SHA17678789984c16eae5886da44c1fc2752f2a8ee85
SHA25626388886b8ce98c3ee53a71c7e907e6224e5e074263606dfa410f9f9eb8fc1fe
SHA512012512a1ac1ecf5b32abef78b23c23994e736de27ac8fd47ca76d9e0ac1173cb1663425edfe8cc120b6d43a315de846c1c94511e2a3fce482cb1a25f71743419
-
Filesize
880B
MD541fcea8975fd581689995e9b3105960b
SHA1f44e028efd65a725e6190ecd46b13a3211c71aa4
SHA2562e8fa6dab561b00c553912102207e1ffa305fd64cddb64f4ab869c226d085f45
SHA512cceac1b78dab5f733299cb1d75a7c562755d781d619db078ad77df5d3f43a2414b4140708bed47cc9895b97571506dbd7ca9aebe0c9f13b688660edfe8d5f4d9