Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
03-11-2024 09:01
Behavioral task
behavioral1
Sample
8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe
-
Size
29KB
-
MD5
8aa695771695fcb2debf32be36342fbc
-
SHA1
dc90c5bb99de71190ae5623032ba871ec81e788d
-
SHA256
ec4e0441e96950e7f5b64860b1ec33b2ee544fe0779d34ea4414fb0e780884dc
-
SHA512
df878a074fe23c37c5b8f309a698f54fb2197f3559b042361ab424cda4a6f88bd239fcc8c6775394f0caf71f341c73cd795ab0e50e6fe582f0c46f06e54171b3
-
SSDEEP
384:eebFNw4Pk1itKkpAjjI2YpdmZ+9saOxj8uO9GtWkA5WuHVjR4VW:e0FmBkpKjPYppOl8uBtWkA9iW
Malware Config
Signatures
-
Renames multiple (2219) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kg4SQNj6ADx9boQ.exe" 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\prnep00g.inf_amd64_neutral_2926840e245f88f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_logical_operators.help.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_data_sections.help.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\61883.inf_amd64_neutral_a64d66bac757464c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmcxhv6.inf_amd64_neutral_81ba64c5b6150dd3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky303.inf_amd64_ja-jp_b054bb0d59e0a3ad\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_neutral_82f4c743c8996d67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_requires.help.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_script_blocks.help.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mpio.inf_amd64_neutral_0c74c0f95001b61c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_escape_characters.help.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmaus.inf_amd64_neutral_5fa4270b9924b918\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnokia.inf_amd64_neutral_a8e9a41983d33a0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmrock4.inf_amd64_neutral_e45293c539584293\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00c.inf_amd64_neutral_510c36849918ce92\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\SysWOW64\ras\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_neutral_d9eee378245b3b8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\000e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-shmig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Break.help.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_troubleshooting.help.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_67db50590108ebd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wstorvsc.inf_amd64_neutral_d7bf942e99bb1d41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\040c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_trap.help.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\en-US\about_BITS_Cmdlets.help.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ts_generic.inf_amd64_neutral_1a5c861fdb3aab0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\LogFiles\AIT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Reserved_Words.help.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Core_Commands.help.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx002.inf_amd64_neutral_12563574abbc36eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\SysWOW64\Msdtc\Trace\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pipelines.help.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_objects.help.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Variables.help.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00e.inf_amd64_neutral_651eeed98428be5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\tape.inf_amd64_neutral_c6a6811d3d827dba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\SysWOW64\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_regular_expressions.help.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\agp.inf_amd64_neutral_22cdceb61fbafb43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl001.inf_amd64_neutral_9209e816461a1a73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky302.inf_amd64_ja-jp_dd74fe49601b74f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Windows_PowerShell_ISE.help.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmoptn.inf_amd64_neutral_be2f30f68f2a5567\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky009.inf_amd64_neutral_8e54c9ff272b72f1\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\SysWOW64\IME\IMESC5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx005.inf_amd64_neutral_f65eeb9bff6bd8f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnsa002.inf_amd64_neutral_d9df1d04d8cbe336\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\synth3dvsc.inf_amd64_neutral_bccbc5fb46a05558\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl004.inf_amd64_neutral_1874f16002601f78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmrock5.inf_amd64_neutral_cadd97421d121ebb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Games\Purble Place\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21335_.GIF 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR36B.GIF 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01244_.GIF 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10256_.GIF 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR16F.GIF 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext.png 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Program Files\Java\jre7\lib\zi\Australia\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SUMIPNTG\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02736U.BMP 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10297_.GIF 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\CAN.WAV 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\DataViewIconImagesMask.bmp 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\plugins\gui\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsMacroTemplate.html 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-left.png 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.jpg 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\VC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341475.JPG 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0384888.JPG 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\45.png 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\tg.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.bmp 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR6B.GIF 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01219_.GIF 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR45B.GIF 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_OffMask.bmp 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\InfoPathWelcomeImage.jpg 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Program Files (x86)\Windows NT\Accessories\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\Portal\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341344.JPG 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_left.png 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\search_background.png 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_over.png 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Program Files\Windows Defender\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\DEEPBLUE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR39F.GIF 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\TAB_ON.GIF 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dataset.zip 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\9.png 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0289430.JPG 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\789d8b780d7bbfb6ceccd2ccea85f364\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Roles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-r..rovider-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_b66f27da44d832be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_it-it_276d5cb3ef9deb1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-a..on-authui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_741c523f80e56f1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..erclasses.resources_31bf3856ad364e35_6.1.7600.16385_es-es_084f776c600a93ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netl1e64.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_830e6d6eb958ef87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_server-help-chm.diskm_v.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d734b2885e387731\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-hbaapi.resources_31bf3856ad364e35_6.1.7600.16385_es-es_903ffeafc5a64100\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Windows\Media\Speech On.wav 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-robocopy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_10bfb0af0a1f880f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-u..endedjoin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_97c18dc251926a0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\msil_system.data.services.client.resources_b77a5c561934e089_6.1.7601.17514_fr-fr_0560796555c76ce1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Windows\Media\Heritage\Windows Critical Stop.wav 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-tapi2xclient.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_73d3b62bcc75c85f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_en-us_1039fd7fa6efbe65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-dfs-adm_31bf3856ad364e35_6.1.7600.16385_none_f61ced8db0c66201\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..tbranding.resources_31bf3856ad364e35_8.0.7600.16385_it-it_f998bb70621dfc39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_de-de_72fb97bd170404a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-aero_ss.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f0d463d4d79d7a05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_042b8ea19be901c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-netprofui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_07620fb4b263ecaf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.7601.17514_none_bdb13999062e3561\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-scanprofiles.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5b3f1ce0b29906dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-iis-ipsecuritybinaries_31bf3856ad364e35_6.1.7600.16385_none_9c7b32377fa4af37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-cryptdlg-dll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a13f21fc1befaabc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..pulations.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b51acce68f03cf68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0ebef5f9b4ac9b9d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_6.1.7601.17514_none_4b57445488ba33fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-f..utilities.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_81e23baddd2d2be7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_es-es_847b31e13926c41b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\btn_close_down.png 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MUI\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\401-3.htm 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnbr007.inf_31bf3856ad364e35_6.1.7600.16385_none_4c7695ac41c77cab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_remote.help.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..mcomputer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5ac8beab93dfadb8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_de-de_9a22c201bfc85eec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..onal-keyboard-kbdus_31bf3856ad364e35_6.1.7601.17514_none_dcd8219f2b322141\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..eservices.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d7cf58e8c6d01cfa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.1.7601.17514_it-it_831c6351c764a060\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-e..e-library.resources_31bf3856ad364e35_6.1.7600.16385_es-es_120b6f55750a1517\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Windows\Media\Landscape\Windows Battery Critical.wav 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..overy-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f8e88136e0edc6f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\photoedge_selectionsubpicture.png 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netg664.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b361b0b25d057b5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..-wow64-setupdll0007_31bf3856ad364e35_6.1.7600.16385_none_49ecf372ca13e003\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_aspnet_regbrowsers_b03f5f7f11d50a3a_6.1.7600.16385_none_ddef5417d55eb944\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..revention.resources_31bf3856ad364e35_6.1.7600.16385_de-de_365138a56975fb01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-uianimation.resources_31bf3856ad364e35_7.1.7601.16492_es-es_2691a3277d21c7e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-b..smcnative.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9b82eb0e0b5fec03\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-0000044e_31bf3856ad364e35_6.1.7601.17514_none_66cbee44a06557b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-l..terprisee.resources_31bf3856ad364e35_6.1.7601.17514_es-es_b3feb73b1a6365e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-e..-mcupdate.resources_31bf3856ad364e35_6.1.7600.16385_en-us_feaf83c617229e22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000470_31bf3856ad364e35_6.1.7600.16385_none_42c4ef4c7e326f11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_infocard.resources_b77a5c561934e089_6.1.7600.16385_es-es_64111c685385404d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_el-gr_48c18b4486c4cfe6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-r..onmanager.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8a11d6161cd73573\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-time-tool.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_095b0ba4a75ef07e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\msil_microsoft.powershel..anagement.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_e948232b65f44701\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-rasctrs.resources_31bf3856ad364e35_6.1.7600.16385_en-us_267818332c21be19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "QMVTCUODNBQPFQJ" 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QMVTCUODNBQPFQJ\shell\open 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QMVTCUODNBQPFQJ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kg4SQNj6ADx9boQ.exe" 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QMVTCUODNBQPFQJ 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QMVTCUODNBQPFQJ\ = "CRYPTED!" 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QMVTCUODNBQPFQJ\DefaultIcon 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QMVTCUODNBQPFQJ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kg4SQNj6ADx9boQ.exe,0" 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QMVTCUODNBQPFQJ\shell\open\command 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QMVTCUODNBQPFQJ\shell 8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\8aa695771695fcb2debf32be36342fbc_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2872
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
39B
MD51f2caf2ab718c2742e44d826b3fb57d4
SHA1ed7a1dbcff393da891b99d628803856e288af595
SHA25612c0b9521d25b699e8387295577c2afea766c3af6aa4bb091223cb9a466f7512
SHA512879e46147070c5ce4e7b8a0a8cb2f19a205573c71c4920787d4f1a9968945e8cd27f327383341effbc87974c2abec319105451670c40a60aacc30a31140e8a11
-
Filesize
341B
MD53c696157bb72223b641adc8ee0ed9edf
SHA17efbe535074b7a95e025ab2119f9e9213279b0ef
SHA25690b83cea972a7f5dcbd481ab7027d1bfcbc82ea2208c4da81ad9df66e132bd9e
SHA5121314e0c30397d366fe016516144359192d0051d8faadf45fb99c545e4017d086ed5847a5803743311240774bf47ab51f6cc5bb99e1be4a2c747fec6e80906499
-
Filesize
222B
MD5ffb35cfce2a51555762a4ddb4b969998
SHA1538a86518341e6bafe936a23389f9a3c79af9225
SHA25676a1d567428a2994a15b424ce14b98fd2735ec8b560eeef23641b2d49dfc3e9d
SHA512ff6ac0c6c5827686c708d14258e1d302cb2f1926633dccf318d21e4a64f0add1b66044a9b904ddbedec5f37cb5fd8d81f017cd114f52e0d42de0a97d69604d39
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD5e26202865db1cd8774286b1d4ce6d894
SHA166b825ae739aa1d9f9c2f2b7a2b081a5046a9914
SHA25694baf7ae0fd0591dba0c17d4bcea70678f8beeec826aaa71065bdf3a11f9ff2f
SHA512dfb3f9f92c7525f1fc54f55ce5b5210d0eb09c2788d5906397eb341872d4adc53f9cd16e9f97db6465e0c0378893501a80616ab06851aa57881385f62fe21294
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD543f53c2b6645d287a809fbee39172d41
SHA175358cfa67e78a71696cfe587570454ff7f13fc8
SHA256962698bcc2083d4e86eff658185f73964bf558a326aca51e88eba53dd465d3df
SHA51264ac6cc6b4db395f4066108483440dccb9c5cd2ee21d18940b87512d0fb2697628d109fcb6481341d23a850fc423740dc590b4b390d43b9d51d78b56b7681d33
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD5971b984f3b478e3303387a869959ad72
SHA1868a81d5292c7d927f5c2944c4112d16c2cd9d09
SHA2568559ea9b214ecb18a9b1ed4e341e22dc66c7638803a11a259a3ba476ef8e9ea6
SHA51231acee715460baec2b6ee92906f3ba6331efb25f6eaaec50b461263578611ba0dc61c9702fa9a7f4ce7d30ae54cb43ece044ab572c78eaad45b86bc388af9e5a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5155953ecfb20399b3b1a7824542c384b
SHA1aa37c4207c71c1b33e221cdcc1dbd6e8957abe1f
SHA256b4e3825ffc8980d18f84252a959ab6a08b6f1da2d5bf8ded28176eb65aa78ed8
SHA5120273ecffd3f969db0b2cad92acb2c33df1d5ca893e18b2cb6b2ff1e58c8cae7df7ae35750c471eb8454d381039578bf8cac3d255073f3f6821d658b185207a5d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD5bb003368492cec8d0ac619cf8b985001
SHA15a0c79c99604ff2c29cd3bdc3390096ec121f2c7
SHA2563c0243e33b31dc1da0b4a22d68e1ea11cb041bd509a2ad5a171cc71991ad1d06
SHA512bdf429cc514cc88c8a9f438a66d1d4fa8cdd8395845b2ef250496bd4c5941ed5b43e0535234a6fd958e31af493e58aa2c32a52ffe29551f10c132bc5c09cf949
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD527d74ba0a2bd88b0b91c9026be1a3b8c
SHA1809caaa367f9d1dc6f50f3d08f529a46139f0622
SHA256838b928fcde3694d84be1f7d7ee13f221c027262285ee6c74abe4aeaa1bb14c8
SHA512cd3ff6250f30215d1569902d24d49bf195bfcfaf5a5d636418ac478eecc1c913bf02fcb9f381b76aae0fe93df5084cc21ec7b3937a99dbbfa29fdd42cfd3e91e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD578c4e51ec4ea4219156f01098280a9e0
SHA15a9e182d704dce9b57730bad2efc891bcc39dcc6
SHA25672dc3b38deab1c67334f30866f9b9f5c926b465451d8bd42ba9dab18fd99cc53
SHA512c7420d014121cf151d1c5d30731256d7f2dbff51932f1e8c4516b926f0f07891f649ed359e166b4fe570055ed1e24e861b5460b6853934a6d5a1d9d2561d8242
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD5a728885207f6232fb08be48c919e947a
SHA1cce70e9b4f41245b60754a41394607eeb604fa8f
SHA2568a15c886f5f02d60e3785d2c29ee7777e8a7d6e86266e926f6bef65894d22bc5
SHA51248eb601596bc1ecf96711b0b5618570e5a2af3e1638e5f79d67c4f911a4d2ce7b9ff1288fb51a626b034c0937f1755dc3dbdb0d0f0e7f6b956339699beaa10da
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD58ed509d4ab62422737d179f22bcfab71
SHA1461b14f39246e22448590821caa5121601d4354a
SHA256d8cef274a888b29835516483bfb7be57eff64125a31ddd8d4cad90ed556ba897
SHA512ac7703b69095c3872322a7dc73219c84dd4a196205d69e1c75131c476f7562292ab4ed20597685f1d401488c1b3f3b28b04c874782819ac8146817b4ad6442ca
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD5136867af03665bc5b0333675fc3e0abc
SHA1eb62f66696e8d3123e1d514884a5284d103c8917
SHA256ddad9d980b4cf6b836f7058f02bfa55db95f787ccdb6e40296cc93b7ea81d7b8
SHA5126906498c72fd8920b858ded189e7715f0f05c1b76e40a5f177ba1fecc4676651a029c9872fef1d33ccb6c706fc7e3b72f66152091d1555da50e9d0dced047e6e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD51599b5a9e9cf7ff86e4d177bdc387227
SHA10a7a54d9e6040b8203249e89154ab563835c338e
SHA2567aa62b035e2c13f3d9ad059e8c1f16b95edc3d5e89593c4980d9e34ce450d008
SHA51267b84c72f1bb22299f2cd3160386e1e6c9ed078b91679f48e222f70ff9e20ac75dbf68a015b2b858934b06c615088228445833bdc8b62173d65b7bca5f2dfb0f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD56c41ae4c420bd2aa371536fe436ac504
SHA11ddabdcb78c9e68f03951f97688d5ccfe304b50e
SHA2563624781666d7fe0a51c0d7c35da78623fa0a3417a98860731ce97e5802ea077a
SHA512791aec9ef43595dbfa1ecc7be87e538e785eefce30a77c6caeac4c842dc9ca888d1045658ec939ee3945a3d5b7320151344bdbecce4307cb3cb8383138c95c76
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD58e8155aa3a055bd2bec420cee8b4929a
SHA1a4e851eadab26f4673677ee2b9f11af4dc45bd2c
SHA256688a09f32d1e3d4f42420677352f7b29ed9160cb7c2e68d15106821474be2d93
SHA512509b8484e98a9872e16edfddf68959fe74d9cb987668e1ffb9fca7b078a5ec48f95f5926fe75dda6125775e42a257fbecb3bfacde60f8cc1d5443e6e1f7bbac5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD58aa64eb70dcafcb7f29c136a8b8b6ceb
SHA149f19bf270e984f52798e0e4ce0d0efcf32a74ba
SHA2565564c4b419d692d2b41646f568288c74162ca10be53f42288f2fa04ed89c6f33
SHA512e0a4e06ad3039ca338d6bb78cfab3812491cadd834838246c1f66ed15dbf9a788eb79e89db87b221993d0336d8f66a33afeabff81d38b930df18120ed704990a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD56bdeceb4c2b9e1f69e52141e167b9acc
SHA18e702533b089dda7116806c719e3fe0e362ec568
SHA256e7196606b28cac9aab546aacc3b68454e7994af29d501d1613d92149c99f0a50
SHA512deb75425ceea4deaefe37ba7d5c68addcdfe486f8e657297e24853f4b56664d532abebad071e984cf29103931d52a7db190331eafd58d3a2ecbfb72ef02cf71d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD5dc9c34b5cd593be230c2aaf73fae7223
SHA10429a0255a4944e1249ad7208c8d63a99fa504b3
SHA25673d4589d7fedc38031500d513422cc8e8b4417efa24100225bb0cccf10a96e7e
SHA512b83cd90b3c42096765b1d9b24654748bb94186c87fbbfb49a59c2d319f9f2066f9114764047ce7c5f9ab278d75c77f5058cf710159d9372821628e79020b9e44
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD59c7d8bbcb2e1b223dfdde0cb1bd7b5bd
SHA17f3f948275e39da9e03c7039b354f1e9fa82055d
SHA2560f843d627b0edeafb9acb502584aceb3ed2cf74bf5bc2c1fe68a7cc5e69ecdcb
SHA5122a7ee7c303bfe7ce70300fd68a0acb1fcec063681c3bf984e35f8e6ea7306e428c25732d2064b83e93c2cc51fa1aef5b0da9d2ebb6ce7a91d4fe6733bf8bb1dc
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD536d709f306fc891d5cdc34736f7e1d07
SHA16a63821a46cb70c4034f99d90d8e6a040d1c7c94
SHA256e56b078178dd27d48ac7146481253a60604d685fa8a2cc55af556969fded40de
SHA5126a33d953f067800ff3c45600eca5142e07c7c1a4f46a3ceb7abebfa1ae659b3e6651459de0297afee23a800d07e5d11346ba63701fb4e7d41f58df6db2621daf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5b067490b550c3c23dd5e4c1c41fd9fed
SHA10379e97b5224d6684c4f2f71026c5ddbc891dcb1
SHA256417b91a3605d58c16bd706499796092f5aa43913cc162f817cd7a7133af755bc
SHA51275080c4be549b7dec03525e834e53b3182d4c9721ab95c2d4f54fc3f090a33da9b7df0a2006075fb08f1cdd86335c7c67bcd235fdf25bece93ad5fc3ff33b6dc
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD55501398a6467dc90ff19d5410ffbeec4
SHA11fe0717ba2ba4ef3286fdb53c231cb88edf9a4e6
SHA256731664b51421fd0bee408a3163c34e7ba659b952a370728bf5c11afc765776ae
SHA5127cf5ab724fb71cf10107235f74e4725cc959d8307decac814a5056c475bb1422bfb86ab11af5e005560fab38e1d49f866ff062ace4d1ed8f277bcaeef38e9504
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD595c027f5eea97d461b959c75de314db2
SHA1724c9024ef9ecbf5b76fc8a1169a75ad8384ed16
SHA256056f5f6e5a51009d3d71faeac40c1d62d603c8a5c8bb97bcdae37e378ffb584a
SHA512e7ef8154a3b6a64901a7a4e61d28ac0080f34f10a029c466a29afb8d91954ac8e349832112d17a4fad4f7ae34949b5682d26b0451d33c0f453a80ec8230f8adf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD57ef6255f9360b063410b269340e37b6e
SHA15c7c5c439d15243dc7a2e0b34f03ffabd45854f3
SHA2566774d7b1e42041bc2440805c6a15087cc50fc3aaa6075ae02a8c464949abfdc9
SHA51294a8abac24d4521d367c623f16d24aa89666ca35a435dcec6866246f2a42b6512f17b0a6651402c7bbab6e02cfe93717bae16abb29832864568bae5825856b45
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD5f25dd725f181706be9e99ebbe4a2b847
SHA12eff088762a27d3e3ef3fb49538edc3a9542c13d
SHA25626210e512ce467aeab7b8ae5c35852266739bde627df03e721e73aa5efd453d1
SHA51210f0ff8bd5d06cf227c081ec52f6d2271822817a09cf8c77758d5e4a0409f48c4131a2d7195f84a832c0a7182d105af1b19206787be7b0dc33601b6534c2db58
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD5d4ac465369f28b7745e842ae8acfd2c4
SHA1779eb0ab82d8f203ed54897b8bf7f3acca3269fc
SHA256bbb0a228d727375b63a8128ae20ae78256312c982260a891c42110aa520f5a66
SHA5121df0701ccc118b4933636149048a0d83dd756e2202b44341db91d24ff7f061b2ad70c23e4a772df7bcc1c4a2b14228623c55c54318d7095ea3955f46be60b7a3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD5c639e6a7d88d89c9cce2be2ea9fa2807
SHA1079e42a25b5744c685b2f2123efd3a4a6db58082
SHA2561e36e89d0a51df57a890869c4cb8410b00c290a9009b326606013a63473a5931
SHA512479cb18169e905ac4185b3e69690c1f4a18246c3d06cf8e9d98ecc1fc9c6987346a10208aa96d9f35b723c9b65bcc720ebee5eb8d86e1c50278ffd9bd68a6ee1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD5a333142abfd457e639b95f53a4a1814d
SHA14d3afee18790a69c9b26c0320128a42421adf852
SHA2568406bd62b39ac77f9cebf89741e66625fbcfc46a7fcfab6ac2ce51b8b7208bdb
SHA5127e872763b30c22cc79d6dfc659d75293ddad315d9638906fb4c6d81f754bbd513946aa7b7614e7c463038610392b231232a79c48dae95131975be37680a27040
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD5d7027df8c0cabea82ef28d0fb0525cba
SHA1048945b6509003600d58b6844efe9dcf835da9c2
SHA256651a961ea8ab1519d7aef04568975317482a71d04df860790487498551014c2b
SHA51295ea57d646d1c6f4d2a9b18cb948f4c9074a32b7b30ea717056197f24ec2dde50ca277088d8cf420b984a5a0abff0784f2c9536d9222f2cc6e666f276ca66477
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD5f4cfcf8a673dbf15700f40ba29561638
SHA11d53fa5c8b727d4accedd3d4548978c230706237
SHA2560ec2d2b34b1d862a9903ec8072ea0f50750b4d47a00febde15a8fac6a3cea102
SHA5120c177feabc6bef9d6334e7ea903dcb1beff0bd03b84675627a3d03dd63e77b14cefebe16150214c49c76def6b4d7aa2b838f486f786842b549de837d623e29c5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD5b452ed2242002c10d99bf4e1146d5884
SHA16012059d9e4773d8429e48e99fa2310bc573d73d
SHA256e19a9e20a265dc67c134d0f1df3c116e903c902ebfb5f4ad828f3e0dc9461c79
SHA5126ee40b8686a2014e8f87f97106dd99fff1141ded8597f01b6129d6dd012e05b7eb370482c0e9abfe5cb7705fa2d1c4ef1a258d4c44b665f20abab59a312cacbb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD5cec3340a4fbceccbc29d27a2df973a1f
SHA1e97d8e2302eae43180813823faaac3e7cbfd411b
SHA2566236d768424fa4798a172b7370fd60f7cbf0cff6ce615450f9d16a9c70a8688b
SHA51211fccdce1f96df4fa9b9d6651553835317f7aa9ae05493357eec3687f7ef6a0429d2df5b3c315ddc64620b5099a99f5bcc6885b539dae4e54d471cf05d905c5c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD5f264d49ffbf980b164d553d43d3f3711
SHA1819f1493b661e59884bd8dde1c09a0e97a4faac5
SHA2567f7d552ac9fd7857de69f3e4acee75b684963ca790e1497334d2b88f2dc50d17
SHA5120351140d3069cc226ed54ebae58de523331e39863dbb7145eb30c5c78310c53d3d8df321b44b5b787b958500dcb5901b876edaeffb8e8739d39b6de1a32e0a07
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD5b723a8a61c6e1c4297f5fd130193a298
SHA16ed24a71cae4b33e3cd965df8066ebdd7f4c114e
SHA256915cd0ea66a6b62000b50a3a9d02dc14d219bda8fbdf706341fbc75360e4a3d8
SHA5126715cec2d6b3a1b171c7abf1f50ca89a46beb34519da372f51c3678f3b17d770fdb2a793d552fe7ad38155471c322ed9b98d995fed5a7b1263f0cd68404d6e4f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD50815e100a321510d565863dad661d794
SHA1b14fec6f6b8ff48dab8a747b4d640735f8b86984
SHA25698a19317d98a234171691b3b2a758fc3822ae38254e5ae34c25296bd42842a7c
SHA512e18557dd48389a2522abaa368bd346606fe39c8855227e108e50b46319fc44c2963c9eb870eeb951d04c5b59d98780b9607df4b2402393c20a63b0e3f614deb5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD59764cf2da8923615f4a6c456d9ec97ee
SHA127e7cb5b0161568a847dfec747696659f1bda521
SHA2568c56455e96e3c74009f3b6c26ad43548dadf107632c926567eeeeaabd3365951
SHA51249b5aa33d4ced1d6c522ba59c012e6e49255fc1e14e3c4c4a759f718f13807b9618d84eb2520b08484e519d074c29a4dd03be5a04a7ac346e9dfaae99f90f2f5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD5c6b06065796d7a33bd514d8971f1b5f7
SHA1133b64416c871118873f77b483b01f9cd6ebe0bf
SHA25660239b855c9833bf20f7147c5cd25355a327a03fedf1da0127efd56564791032
SHA51207e59b1feaa5c1a5b1b3b4a9d9ebb11b8127dcfe1e7ea0f8d5807c1365aa247a4e584fba02f45f47a9f1a88f2cbcadddf0a01dff4d95bd5397b353d2a3f6d779
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD5af38cd55611d692d4efabbf6cd8a9414
SHA10e0aa8fb23f0b2acdb9734298a199127966d65de
SHA256d27eeab6e55ce182040d5b9179bd2828c2113b817c8abfb16b643bd0d325b439
SHA512c995eef960c8e1b641c91c7d9872eb5cb5c27e06025af254c8369b45795e3ffd68898ab76070abbd528dd2a764d7f17a186911c48f19b6a32bf0acc805ce975a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD593d301ee51e889f4d16b230a89b13565
SHA12b7cab9b4213c3dbfa953da67d68b5faa0fccfa0
SHA25608c8456bd5bedd0743df41524530e749a24020ffcb2d0778a217856bf25a6998
SHA5122228f78a3a4315782d24e4ff65dad04eb0fd31438b006906248379373a4b0698de31ba700dd528c11b666e7a6d32ddb1604f5863d1a0a8d5edab3497b50e1a82
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD5d17dbd25e4f23994f069658128c12f25
SHA1cd32d01d433f4cfc12162e570d13d7dc8646307f
SHA256624d9e149089c16614ffa115302dc35623b0f8df36efc8ac1f33d9a42e0e6d0f
SHA512137125f3ba89b72e5af1301247785a7097d19e023d362ea02a4ddf70202bd6f10933b12bb0db69c45faf19ef6a3cf7bc06228a75d289f158286e77609434986d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD554754d1769b245480c4b7215c6064347
SHA1511d18dc768cd1d5f544ad7f953851e63031b984
SHA25601c74115cdfd6706fb972f0cc37ddcb954b09cddc55001c9bf1f492818f2fee7
SHA512168be94c76bb6b16d3c7364e1337962aa9a5d1262e3f88203a790b64297bc4b8974f597a275c4b5710db03b23e450282ba24822d4251bc47412e8032c03937f8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD5af779002a3b799dc4e2946468ceb4b2c
SHA1fccdc5bbf853aec2c376a644a1097b767cd6d298
SHA25601621d9e3112ad07971c5638738324586df6ca3f1423b1e5cbb80bc68e53bbdf
SHA512b4f31c5c9a4eb1212abc4ee5391cb6c8ee8e62a5190856a8d587a6096b23df570e2393a1c7ab6ba532aaa69a4c3f7449d1efc22223481a01934d8bec7a8eb2c6
-
Filesize
580B
MD5ded8b1354db49edc43cd31024b6108fe
SHA10a3138c02035d423a7b22c7f995b8e9af0c40f1c
SHA256d2692cf5ac13b7a9df280e8deb9c344d80ecb6045d71c8f73141b27a38d8b7fb
SHA512d0b74b84123e07f239a86335639a815d1466c82e77500f9eacfd9e6142b5ad0b82bce2d3bd674598c2fab3690d05e0296a3d35e71749099267dbc6f1228b2cb3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD5881b0356f2f5726bbc8d885d7d592f64
SHA1e78b997fc38e6f4f805b912aefed25cb81da7e69
SHA256a11bcf39358eb9ea3937c44461945b2908da0dcb895afd2f4d8aeb7d3618830b
SHA512c89a98a08246f1a4e24166f683980fce7dd1a82846054fe8f5a6b305c32a2ad5cd3e9d002f3d8fa803e7fd1b8f8cde2afa921952a4ae1fcef97360dfa72bb0f8
-
Filesize
625B
MD5a3c1863043bf396a604005d2325a0abd
SHA1b3daadde0fcee9bc0acbcbb182c16c0943190b06
SHA25694c181b48e2a9960901d2c868382048617549cf834f76d711a48f1cb56ceb5b8
SHA512703f6ae5b1795e7988f2b1fa1b2ce0cea351bfb610c329071774c7fd1141b1991841946ff0d01b532247ac2738ce1c1ac0a1329d519db418bc2bba7f25d40ce2
-
Filesize
873B
MD50055cce283b2a79faa260d7b15eb287f
SHA1c2d0b396462ec463f27133cb684b1b1fa9a99f3f
SHA2569ccb745078392c224653a63c33ddd7d5ce30eb1d643f7475830531d9cd7438fc
SHA5120a78d97635c1de2dc5c555f7395c3e0dcd77bbddd2b784b0656b42d129fee784444b07828f251acd27a45d03db6f15c59f24d33b6b8789af55a78ee7790ca213
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD599fbb67f93534e4c7cda847ac36655e5
SHA14eb30b559b7f07aa002092d1f35a0c08945fa4c2
SHA256ad0690be3c622986cb4b33977fed830957fe1469ef1c4c3697ff243a4d813a8d
SHA5129720412d1c8d473b73912c9bb562f74b2a34048cea402852886b012b1b0d707e8e78621dfd78838c95e024025b7749f8a97071e08c6835ebace3bf290bab28b4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD5bd0fa60b6a6e7cafe1b366555464be7f
SHA1479ddb96325a1625a56b67743c91bb029374649e
SHA2560c05a79caa736ff49e387271a6041b696a64bbaffbfa32cd4585d5bc9b7b832a
SHA512b5bcd093282821f88d574f52f860a5fdc47836a887dd12f45930de29d618f2eebd9136cd67935104527a7222f99f2b62c11eb81d6ab9a03fb4187c9e0cbd3eed
-
Filesize
615B
MD52eb2fd35039d4300e19472cd78a25c14
SHA16179d7f2c790c42b7a44cf5f71c73bda873b4877
SHA256eb3beff6c6b865fe3f6fa6b73354792f3a5e1116422305cbbaeabb53c64e421b
SHA5121296b127f3a23f1122261537b9b89e5694bfca7e1a8bec2152a51d2dfae4ed84cc404d0fd7c3a8210ad01b4aa900d6294dfbcece1e9e1244a2923999179e6773
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD52d3f7e9346cfaf29ebaa66bea10b40e0
SHA1201d9f6ef67932dab34be3e02be080946ab7bf8d
SHA2566765ad343823f856737ccd5174d8bc776eac4e144ca0664cb88235697cd3d357
SHA512acd2946fd6fa12c38d5c6ba688a0145897b8d39ad5e1cddb5827b18cdfa5c8208b75181106e7365da9cd701a7587f97ee363003c0061dc9a825653161bf05d5c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD563f8b4ec34b16d4b9bfef08e674fc326
SHA16bcbbcbb386dc8d66a9353b952718f0781956c24
SHA256ec759108ea131dd96163ee12e1b08687f4e4024aa8bbe29e46c556c427baa22b
SHA51271e86332a769d1f4886c1a44b05fc025d1cdf86c9d432b1314589a2a2bd6c09cfa1a9deb05f8101290d8bd8ba506163d795198a373100450a78dac1c81a481ff
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD5846636ec5a32da3929928457b080f660
SHA19d90fd7bab1abee4f20d504214c50b6759cbc615
SHA25630a26faf66966679c6ecd5a857a3cb6447103010b96fa080b1e10747c187c202
SHA512dfdea79f47be69e279b0dd3eec5cf90e607f40b17c55030c5247261cd641255604bfcc38534360bd016054348ddd25c64862db3813552c32ba126d3146d7d932
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD50466ba9dd3ea2b733ea3ac31f5af5083
SHA12103de4fe290424f63195bd36a8fe004c2acb484
SHA2564d53fe627c4c800f7aba8dbb58892e346d937cccd6b70ade861e53bbb696118f
SHA512eb4e7eeea9249d494468123170b73ee12285a4658ab008dd73dad0a8528d5a0699b811ab3a27819c9796a4f48057c46c70d1b585f24eeea63663088749bf36f0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD5538e1ba36a7843abe3e263c4dd7f552f
SHA16b5d2c5652fb4b476ffcc8c64c3b15e842765a08
SHA25612c59403e7fb727d35fc9121f8cdafdf0469ae031fb8226419e4ce78fde5062c
SHA51276f6f1ff1543389019dc0dea7e38f1eeb951ee3df5c3a2f9a75f01ae2564534ad8e227284b30f4efbce627d741f261e757e48460bb3f19434221077305d3d690
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD5c0a69ecf96db5a9c4e7a23a74246e4cb
SHA1bb06e51e459b967c83d4e6256e96681f630c7e26
SHA2567777d3d5ab068ef89cac4f4b2c29c18db9519f8f8ef095c5800127f356e27023
SHA512daf67359b3ba5078388ae39bc9262fdb4cdcd2deb14a8c00b233a5ed5a9a385eb1c2afdcb70b2b10f486a409069292bd84279a90ad3873ec5c62f948fcec24f5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD51da082479f48495d233ab869622c5619
SHA145f81e7d44dbf3220545b3618f4f5a808b82c532
SHA256db8cb3ca69df34839ac392bfe9dc22fda94870431db1105cfaf08c81ffccbf66
SHA51219ad46aa8370e1876eb9ebe681362c2c97add8b00f9120100acdb227000d527b9da65d604db13b41638ef923f9314e432dac5e554354535b4d75ce8a09b61361
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD531f50dc75685f20e3c0660184cf3a198
SHA1ba10e9d1a3579f03049356ef182ab7ae0b3b2630
SHA256a7675b12be5573620e4865d1d2eb5eddf5664a0a4763cd76bf990f82425b3b7b
SHA512c5aeef6135fd0d6bc0d9234e74448aa5ba27080ab771b74e64ee29cdb5ac83c6d72d986d0971d00f49f18ad67b042345dd2d56b6434304b764595dfcc8c77e45
-
Filesize
153B
MD546afad398683be92e87b27d53ce2d221
SHA14d35c623735cdc88c30aac1fc515c9124ef35fa1
SHA25610436778690a5d7ea34f4e2d6e85024fcb0fd6a3ec8104095d9ce5c06855d706
SHA5129abfe32eba2fce9b1da4bc5548b805efcb6059e377af73aafc1e9905333f030409858eb0eab3c925192eebbbb314edb9da530f9bdc7517ae89aa4643577ef3de
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD500583652d12dd608d7aaa130373fbaf4
SHA1b5815e0317cd5e62fb32730bd09f7f8d5ef0958c
SHA25618313455c13fb9de90c89e7b88febc4f9095331e8add445bfb7ce0aebbe55145
SHA512db3ad0de51110c2883de05760231e44824e860d94d196fd3b064710ca85aa59f7466bee4457fa1579b437ebf9c6b5a2b33e5e4b0eada20b40a4aba7632a59029
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD53d373435a9474330bc460da1f4288676
SHA111cfe74776609c3ac95ddfd81c679f91ce9604dd
SHA256c902f572638657ca5535fff9a8c0b1e075334dc58462e4c4dda20a10e38f81e1
SHA5122c8fa35b21fa4cb8e9afdbd11c6e1fde2a4886abbd172710730e5d716748301c0718e55df12e9bccbb83dfbf326edf1190ef0b57a6257b8ea79759fda5877002
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD5602af6ceace008aa53bfcf18cd1ad348
SHA11fa5f2bb6fc379ddd11edf7074c00b153dd9359d
SHA25602ce6b7c7246aab470e3bb2f2bcd59ff7ced247a9e1c6600366fb26e5eb8a5be
SHA512e5212e34c494f0aa967cd12b967cb3bd7145d2f2d563c830eab30c45771c22dba781aeb84b6e4312189be779f9e3c5060a0a37c468d1fc2796fd7bb4f47fb918
-
Filesize
109KB
MD50a36017d111b7acd0d5fdea7d5b9b141
SHA1ec3aab67574bbbaf90e45043a24336decb971634
SHA2568ca347a20a3d42c989cabaee277c430b4d813eaff84e1ad7191c8fbc9d46634d
SHA51217dd0ec5e606175efc89727a947cd806852b984f1f9564a67a900ea0d7aec09764859127c2feb1a5ece4c236801313c665ba26699e6de3cf613ad90152c28c20
-
Filesize
172KB
MD5c882d2ec232309cee509ec99ea6c3e75
SHA1f68e61d1331fe62eb5b6acde8f0b535eb2b1d6b7
SHA25652c540f91f938bd9e95f4861a0000455bc2e379523c09447c6319bb94b12846b
SHA512bb009caf52258c96051104cb5b489420791090cb945bd113ac53545b104e4cbd149fa3c8e24bf11382ac30e8d428f7636be9b8992055960fde91cc17cf80c23f
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD528cc604fa72b4c0a13da359f1aea6209
SHA1ae6a8b3292dfc90757f4bdacc7a3b852be771985
SHA256375a091b9cd9ff51631431fd1e450caf5ec40c57c1d775c48adfc300c13a3451
SHA512de33d42f8f3045c09c70e55c661748538d90709ca1919c9ffab533bed04d66b324e151c731e127c87088f2e5bafcf642638aede98a26df0c2d8dee55edeb8c22
-
Filesize
21KB
MD5377c90c351e6ea949a9981bef4965117
SHA1eb2c3c7cebf6adf9a81b8b39d444506ca9cd6d17
SHA2560f73c91b0a4f0285b94ad4a5ef0cba0a7780d93110a24ca9d01e1826a6ba55ea
SHA512db36eb4522c7509ac6ef4d2162b02052261c0b098c477d9a674801f80f27b6c6b3b4d43b47cde5f08cf83fcb4bd204446eab71ed9845ce38faf0da23fa099e37
-
Filesize
1KB
MD589bf51228fc64ed6fc6000b289719702
SHA178e86fab6c0f927a9b67f0d46a8967098ee632de
SHA256701f638f6cba6999f971940f110f04c584970e6c315ffd6704fdb3a8cd7a21ee
SHA5122eaa05cefe54b7118b7f74f65dd1e664c75c42eda4ff931047eeb2153b4ca907b1f881c27c455817e9812ac6aab98606e934b02e0f1053db2161bb0e156c1642
-
Filesize
952B
MD57d6a9fef61f06c0cf1f96a5009f84a8d
SHA180498d6b18071bf6546242a074e676df1860a064
SHA2569d93e4432470269198ab7987f0a1fcbeceedbcbea435837d1eabde12aba691c4
SHA512ba5fce9ef98b5573c0e6600faff8d5eea88d545158eb6289ee5df1dfd4400b3ba964b8a7b2ab999d50a77f8c63125158f41f89c28e27f4efb0368ba4fae72ec3
-
Filesize
121B
MD5f666960b7da305adfaf6de0ace2c4eba
SHA192c8085f36a8db2a9b8ac9522772e89bf013f2b1
SHA256ff4169fd3f604d60eeeed3df3699ac9997b34faa5fed7e3e2c963307686d052a
SHA512edda18e4c2dbf2683c518c0558a46bbd937309daacc4af426f7303df0ae6cf52c7e384187d74ea6d4f768cb125258b455743d0c5e12f0934abec16f0622fb722
-
Filesize
1KB
MD5b30d4c8c65a8ee3b11abc62f6c99fcb7
SHA15f455cb96350d075890fb5f4b9ec2afee5900f3e
SHA25604043aa01ae454fb4d20ae750b264265ece239bd9b6c0e46d23e0c86edb850cf
SHA512bb4951334c1a311d7b7c27a1ad2eb4d244ebd753ee0f61d0250fa5cd1b96b681b7cd5f086d87badade5364375ab4267ddfe7b8c4617f790108123bcdc3fde406
-
Filesize
8KB
MD5de7fa27933bfa601bd542d2f101e81c5
SHA16c194249bb9815665c1a8b32073e103457faaf03
SHA2563733ee81f43ec757b5c5ba385d14fb22091f9c9fc3c30152cb5017c35464d135
SHA512f1e0992f93e7ded8220d4b569c3bb56ad3d39c6c1098f1229cbe0c7eebfed9b1e0b0ef9e9125887ce8ee24334571dac89056365e49385b9de1d6f4a19f298f9b
-
Filesize
914B
MD5aeeeb7baf8594dac21acdc5872db2027
SHA143d1b8accefbee26197297bb2dd88c2b88f0ac49
SHA256098ab36a93d71f2249bb6a51486d0c3e367e73fc1ce9265fd22819422167a898
SHA51252dcfb509885c70261dd31e40ef3ca5b52e333dbeb0c995e626fb02c242c483bafaf600832b9e9a67242f075a6a5dbe8a08dd2c3b554c2c8999f38dc63099396
-
Filesize
328B
MD59744532d9694d5cdc77094a2cf42176c
SHA1c7ff4db996f660f21702927f5aa4074d985b72b5
SHA256077a33a01fcb9fa2d6884258fbbe9a5e5664d0de11d276585e8ea48ce53e837e
SHA512dd63b1f6c61007b0f598d3c66e296eebd6092161ed75b69a6a9996ffa743db1ac50e75a327970225d0913f7d7408e64ec5c20d2795195b1f274532284d6123af
-
Filesize
1KB
MD5555af5cef5d1d1011c7e4752a68acf08
SHA1ea56e08af12163005c434ed2c2a9786f3416ac5c
SHA2567e82b1ab43e578a8085876af971de066157f44bef7cab75d67c133739fbb222e
SHA5126f4a9fea2e26746357b643875c7b6061bd62523ec2aa721468a5ff89b7a244b0b7c516e3f575e0965a51f6e31f19783ff9bf0d0265f546ae77e1ae5e8b771bf3
-
Filesize
162B
MD5600169bec81ce830cfff940083032e22
SHA10f35c61322ab78d0ce520f58f02e6434ca730d9e
SHA2561c7ac6281548f57a28f3aa55aaff75027f7a50f92c4d63cd3a6ade6c4e55fd88
SHA5121b76b59fb6abd6ede628d0956ea3413266e8c086185b698a365f75a155577adcf48b08a13f7fab5c3f2291a89da64fcd2ccf0b5b58a0599b10e8e46937f0a3a7
-
Filesize
586B
MD50d66c68e4e7131a0f34a8f4a93cdcf6a
SHA147a3fee349f0db5ef1ed685e291308e68d8fcda8
SHA256e0424b47f0c1cb516f6d64e24b6e1be6b0efa80e732068ed88f54b37575f758b
SHA512dcd760b7518a2810431a1a8b29b415d19918deaa73a14a63716befbec550f32d08dcf6812501b4ffcd3be65775732cacd5c0bd4224842c554ebf33a5ecee3bb3
-
Filesize
124B
MD598f96bcf98cf38198b4255be7003df21
SHA15d702439236ad37520f31e2ffa99c5720a828067
SHA25641202b996ef4bc28e1850fb4d83bd7203cb32820c9e7df352acdb6fd7536c6c6
SHA51246fa74c12dcb7387fddf6e6318d6582ca031e8edb790588fdd4da91ac71bffe5fe827c116a25e445f8fec89451b5214f769a64820aba9d63482a8682ffada68b
-
Filesize
8KB
MD5f065f64fd4be5e145297a7e9f38acfa9
SHA140b183bd63d9e566192e9d16a6d587599d59295b
SHA2564068a45c950a6d44cf7f337d8dd2ca05ec786d7e4103ced1a4771eda2b56f997
SHA51288452f43b400da8204d824f3c47106abb96ca3fafde08ec6ab8d5709a3bc1e1bd96afce21fbcd7ac475107a73bf7d8f4b0c0c33dc7155983c0b82069c9aa5f0b
-
Filesize
880B
MD50751d2ad31bd973f4a2a212f6b3bf7a9
SHA1eddbeb8b315924d121bdc2f467bdbfaa43effdd9
SHA256f71562650c21c8e8a2548efb2dd7fc6de4edae41f4538f9f226af9273a41946f
SHA512bff0663cbf015ec42604c0924e569cc9f05ceaec117dc0c6af977e8bd4a6d49ffaab0d3840e6e3f18ea8cd663d8c8b38d8c8d4973ea51edd9967d1c5330d569d