Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
27-11-2024 03:43
Behavioral task
behavioral1
Sample
a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe
-
Size
12KB
-
MD5
a5bb17cadea141d0c25951bcecdf3f0c
-
SHA1
43d2f488c633a044614eec79fd9dc9ee2161e141
-
SHA256
9ab037a91607b907890c8086e7bb5812532ec8a6d334e802ffb6f8623927a1f8
-
SHA512
432722f190d25876ac9fcdaf88b61870585923263829d0f1e45904a3a29ac07d8a49ce1bb35dee7b2a9a801ee804a7c96196bfedcd8834749b59548079dbfc07
-
SSDEEP
192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMtoMD:eebFNw4Pk1itKkpAjjI2YpdmtZD
Malware Config
Signatures
-
Renames multiple (2164) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_neutral_423894ded0ba8fdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_trap.help.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnrc00a.inf_amd64_neutral_565c5d04cc520c48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_neutral_82f4c743c8996d67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_requirements.help.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\000a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_If.help.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00b.inf_amd64_neutral_89b555703683b583\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnrc00a.inf_amd64_neutral_565c5d04cc520c48\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ricoh.inf_amd64_neutral_66b4504d1fb1c857\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Continue.help.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_environment_variables.help.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnsh002.inf_amd64_neutral_42b7a64f45c7554c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wiaca00d.inf_amd64_neutral_2c3623fa97b0c28e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_WS-Management_Cmdlets.help.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_data_sections.help.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_For.help.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\th-TH\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep002.inf_amd64_neutral_efc4a7485b172c07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_requires.help.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_providers.help.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_logical_operators.help.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mpio.inf_amd64_neutral_0c74c0f95001b61c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Ref.help.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmpp.inf_amd64_neutral_a9cb77fe1985cd2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\stexstor.inf_amd64_neutral_80ee226e29362f51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-RasConnectionManager\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_operators.help.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\faxca003.inf_amd64_neutral_5b8c7c1dda79bef4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgen.inf_amd64_neutral_7a967d06d569b1e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\usbvideo.inf_amd64_neutral_836a6716cd56c692\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_requires.help.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00e.inf_amd64_neutral_651eeed98428be5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Command_Syntax.help.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pipelines.help.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnis3t.inf_amd64_neutral_857ff0fa9c73850a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wiaca00f.inf_amd64_neutral_f7f7e179d99acc58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_split.help.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Throw.help.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnxx002.inf_amd64_neutral_560fdd891b24f384\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATERMAR\THMBNAIL.PNG a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\ActiveTabImage.jpg a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid.gif a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\settings.html a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceAmharic.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Program Files (x86)\Google\Update\1.3.36.151\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\cpu.html a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341534.JPG a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14595_.GIF a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\TAB_ON.GIF a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_OliveGreen.gif a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_decreaseindent.gif a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Mail\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01265U.BMP a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ERROR.GIF a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter_partly-cloudy.png a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\More Games\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_m.png a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_over.png a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR32F.GIF a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana\TAB_ON.GIF a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR46F.GIF a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Program Files\Windows Photo Viewer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02062U.BMP a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21316_.GIF a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10256_.GIF a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01304G.GIF a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_left_over.gif a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\26.png a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\THMBNAIL.PNG a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\OFFISUPP.HTM a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\THMBNAIL.PNG a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\VC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\Office14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous_partly-cloudy.png a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15023_.GIF a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImage.jpg a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\amd64_msdsm.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d280e72d7e9fd67f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-robocopy.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0bb03f3262e40b14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-dpapi-keys.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8b45e7997a2fa998\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Windows\Media\Delta\Windows Error.wav a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-cttune.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_32d51faedaeb6f92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_zh-tw_839e734a1796c923\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehres.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ab4242d3f20541f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wdma_usb.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a84c61c05e35b4e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_ds-ui-ext.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aab7313725be420e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-wmi-filter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c28b4ff415b2e3fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..ntservice.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0ed9b0b44700e5cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..p-ui-libs.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2ba63e4d83a96381\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-onlineidcpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_35176304f9e3604c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-v..eocontrol.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1e18194bccf50b93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-c..er-office.resources_31bf3856ad364e35_7.0.7600.16385_de-de_ff3bcf7886e3cae6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-ie-setup.resources_31bf3856ad364e35_8.0.7600.16385_es-es_6b89a583a8dfa466\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft.grouppoli..mpleditor.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bb79fc36549cf4cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnbr008.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_695e87bc431d5e5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-clip.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_280f2e52f93915e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_ar-sa_29d12cdb138d0965\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-powershell_31bf3856ad364e35_6.1.7601.17514_none_5b56b853bd5adf50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..opini-accessibility_31bf3856ad364e35_6.1.7600.16385_none_36604ea896f9a97d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..duler-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6904b36cd8dc2d43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-usermodensi.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ef5531d70aa62d5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-hhomeue.resources_31bf3856ad364e35_6.1.7600.16385_it-it_880bf2c313e542bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_msdv.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_54597187aba44419\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-csrss.resources_31bf3856ad364e35_6.1.7600.16385_en-us_da67613a42c43476\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad4e3f3c28dd0830\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\msil_system.serviceprocess.resources_b03f5f7f11d50a3a_6.1.7600.16385_ja-jp_ef8a984ccd16191c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-n..ce_iassdo.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e86c80b89a3f77b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.Resources\6.1.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Windows\ehome\fr-FR\playready_eula.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-csrss.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c330c5e7c54c9331\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-e..ntication.resources_31bf3856ad364e35_6.1.7600.16385_en-us_af5e48e79454c16d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\404.htm a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-p..ui-pmcppc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5084e06426f4dcfe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-w..eprovider.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_91f48c032f4d488b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..-shanghai.resources_31bf3856ad364e35_6.1.7600.16385_es-es_201a8dacec4acece\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_nl-nl_a60989855737fdee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_lt-lt_88d73275f8f7eebc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ie-devtools.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_00ffd9eff7f46f6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..readwrite.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b1de16c094db0cd3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-rpc-http.resources_31bf3856ad364e35_6.1.7601.17514_it-it_e1cfbfbf4861a979\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..atibility.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f765cfc93427a13f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..unddriver.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6ddfa16ff354bb02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-notepad_31bf3856ad364e35_6.1.7600.16385_none_cb0f7f2289b0c21a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_fbf7e0678b64a4b8\Windows Hardware Insert.wav a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220\Windows Ding.wav a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-i..migration.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_196bac53955bfaba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_mdmsii64.inf_31bf3856ad364e35_6.1.7600.16385_none_24ad52dcc88bcf35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.iTV\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..mhardware.resources_31bf3856ad364e35_6.1.7600.16385_de-de_41a13b1c6857ca5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..statement.resources_31bf3856ad364e35_6.1.7601.17514_de-de_e566a189254450cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.1.7600.16385_none_e20dd69e928c491a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..nistrator.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e3f8a8de58a08d4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-netvwifi.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_abaad57b441e39a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-net-command-line-tool_31bf3856ad364e35_6.1.7600.16385_none_5208a7a3d3caa54c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-msmq-triggers-runtime_31bf3856ad364e35_6.1.7600.16385_none_58fbaab9a69d9f5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-a..e-apphelp.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_10e36d4668d202ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-b..trics-cpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_3f4517a97badafa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.123 a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\ = "CRYPTED!" a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aFXN0DIM6rU85R6.exe,0" a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\shell\open a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aFXN0DIM6rU85R6.exe" a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.123\ = "KHHZTHIQEAGIUWJ" a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\DefaultIcon a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\shell\open\command a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\shell a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1504
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
282B
MD569a98ef655778f1cb3764a923acbae80
SHA122683321e95c9a631039d15fc49ac5d3e639ac54
SHA2562ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2
-
Filesize
341B
MD57384fee7a61c90c761a8fdd6b590ea92
SHA118679083553f7cbb78777cc69cbac7fef13a7b7d
SHA256ecf77e0851b9334a7a52e3f575729b09b646576c6614f5ee3ac07bc99535a6ce
SHA512c37b411b95c8399e3c11a7d0befff40adb19df30d8f935cf8fee4970d2838e071f7c28fd93ecc7939ecfef992f6a69e9829f5519f9ec801214dbbef506aba727
-
Filesize
222B
MD548c576d0c422db4704238f4c22a2ecc7
SHA113c7c1567be42dcdac32443ddc7a5d903654c183
SHA256fae3bb60036473c3fe24bd9c032fd2302790833356367129e87d30e6a11c60b4
SHA5124a0c300511200d34fd669ccf440fcd31717bcd7d04b08c04ebb188ba5dab1aea59dfef673721ae25531afc3cdffcd32868d24ab3d4c751517a9a36874ea89fb2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD5d6bd92ceb3b7804e884ab289fdc4d38f
SHA187ca088481f89fe8e658ba0b0c0c1d1420a29687
SHA25684523d08f8e5ab978ff619fb5c5043231ef851a72f5e7fdcc30a976a03a0a5e3
SHA512647e2a20c68bffe0635ab8edff8cccb0dc6e4b10e8fbd426a4674261bc7f4d5476ea5db4c290537a06eec2d1d7fa570337e1fcea133178ac6221bf41b5fdc197
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD534ba4e29b2771a3bd85b0158fce9a016
SHA1b25fbe3ee23a50dfa462c8d687c7558112c52b8f
SHA2565ec1bbc202eb0dd2c04714db044bf7424e3b255809fbff12be9d2a506c30ca35
SHA51280f97a06f9cba2123e46ba45368ce5348c195a86ce45b2a48fd8f7255acab7dbc78881424fe6f14e10c0ad5d9336bd2e462967892aa838da413c3f7d67057eb8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD511783e79415fa7bf8740546a9246d1c9
SHA11150be5680f0cf38d3a56b9d0d444d43e3a44e30
SHA2562766baa7884978bd806aef31b655b97ee27d893fe5f49d64abf870472f197b21
SHA512e125be9c2700881ff1fb85f2d858b6e611661b573a4519e6fefa7c63b75037869785acb1127ae94eb321b3f660f9575240400325d549144b1a754d845bdb22aa
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5ca8e465aec6de218b00ce2c1dc74e0aa
SHA15dbd08c79fc617e2668b29abc8a7729618f4402b
SHA25631a330f0da03b502ed59252355060f1ed76d1c90fd78205d7c4bc539baa71af6
SHA5127087453d92de0e5c33e859ffaf7f0d575c75c5a3d0b4dd726d84ac2ee0be17ac994b6a2510406f2a298c33834458326c117bc67ca461539d7d65c4f7efd78f38
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD50b4af83479de4a6e20df2343f1ade568
SHA1ecabdde59419d5eeb5df0ce567f36dcfc0c3131c
SHA2567d59d87d7ad561470ddcd0c8a0b050deadb2634cccf24ad8bdb5f1fa1940a7fd
SHA51225183417dcecc1e441ddb6e9ae4925c03bee3716c3ef0470ec6331de31b728731c747798510feec71dbdabdea380b13ebd9da0e7c56f8cd88bae380b958fb8b0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD551240117771b6d74cb643ec589fe480e
SHA11155c480f67c5395f088fc7853e66e34957fe84c
SHA25627edba5f36cc5664dafa36bee6300016f4e663f4e4d32a412b0f6b289a44955c
SHA5126aac52566fc3d99c1cd3a0f78d40fc2f11ec70993aadd355041c0be528d93ac993b2e43308b46cf91be0e62c2281c4494cb6875799819698ac4301c2787c1e56
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD52a10857278cf13b8e834467bccbadb61
SHA1b2177273c9402b0878b7c402192f058b3ec7d0fb
SHA256816906d939281e56b133ec58f736f9a8e8cd627581762df5e8f0420f769feab5
SHA512542230d8d2b6e910782b6eb832f50948fdea088cd5a2b89a08d7b54269c0f120838dce78f63489c55aa3cbaac59cac62fce078e76a641dd2cd4428d5aa75c74b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD57e2e3432bfbd4bf839159e74297e8e19
SHA1c7109ffd6713836d853726f6e75054580724f6df
SHA2561c5f4dbec58c6eca34899d9d280f09ed04cdcb515dfa1f94f2d1a2adda5b711f
SHA5125f3bacbefa62c6926f8038b40309b5d6b4e21a9da8ed00eee0882e973033f9b5fd19561c10af981a57ecba737141e5a1b66d86f32c9494af502aee6750df7a15
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD5dd3360b8f227de24b6645c5fd0b19359
SHA175a3b4b9e86ad728c1227a9dd186f03a8c120ed9
SHA256a4289fd7912a6676894e07bd40b6658357809a9d9f6efdafd9e152638ab7deca
SHA512f037813ff9395e84cd32886b37b2d3a322ca72c94b406f475c23a5fc8a38d9dbfa750fa30021b3d50ccd1639fb475520e2c5e11da9bcc8e7656214cfb67d76d0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD544a18d6920d8fb7a0dc4303b7e9f4e1c
SHA1d5e4349b7f10add64c4032897dcf915a7c94cefb
SHA256af455ed31702885b609602f4f9848ba7a0962a4f5cd36853c315f1f573e774f6
SHA512765aa7fdc873515c936da3d292e54ed310917eb43f1846d329acec37dbb7ce4aa0e5e9785b3a6b3653e543ce9feaf9656e73249b2b650193e433bcf1a17894f1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD5eb2c279975791469fa4d28218ba81cb6
SHA1c3bdd5871e741ad4640f4289a45066eb6c218dcd
SHA2567a2546ff94773087be4b25d4b0f4da45afdfff7c55c4f0fa48e47db072b9bdc1
SHA5122f385453dfa2091066016e792b12c15990c7496fe325f71efc28ba1c8dcbd260bbf06061ae176b003a59c44ce429d2a7677ccda88597b10c06684441dcfd3270
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD5a51265a39bc9f91b103a09786a82753f
SHA1b14971e5e38f712c947b1f40db662c69ec528cca
SHA25699daa8423df4d829df53b693419e565145aff3fcb0f008acdbd8e7db75cbcd51
SHA512c17a69c063cd20c88a45105982fc4028113c4e0fba8c1a5d23c39067dc99bb33ff1466b403f3f1441aa3a6d70b65c4ee52f9537ddd01e010c03a5f93b5e7f84e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD529925c064943baffa0bf88732503ab0f
SHA17185b1e537c7c7e45f9fe36aa2fcdf10dde79d3c
SHA2560e091502212488473ff65de9bbad439f47f9baa7cb5dfc8253c83f1c55210075
SHA5120d3eec6f8f18432989ea1718bd747ca12e3876152a31207df7eec1846fe6b9afe6d236aa03dcaf3dbf6374818a724fa91c64c2e102889266a464d794119bfb3d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD50caae463d81d922f355636c628f6ed81
SHA1af14b19889bc654070012f8a67f07ebe2b90352f
SHA25663b163171ee7c257b157820f13b444f82858064b483d55dcc809dcaee4a559d2
SHA512650727918898d927d9ab19d15e98393b2ecbdab97b44d42d898dda58874abe57d59638d7197b7b8937c3e8e7f86d80b8b729220b7abab6651ea34583b8c4cf25
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD55ca45c84de99feb12e53fd1bb5e1272b
SHA19628c2969cd6358e869c9f2b755c7fe4237ed3b0
SHA2569ba793111bb04181a8ab36707146510c1404dd82984b52ff8f8cec4b8c245d70
SHA512d74f042c5ce3eec2a2b4c27f3bf6a543b8ffee7958f20fecdfa73283aa819ddf61ca3fd2ea82cb4fa985a8152cf0b831d1813f12d6655dafa653110f1a8c5389
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD58b665b37774aeb048d2e251c966b2374
SHA15a4ef12be638b07b42aba309a244905cd14dd614
SHA256ed2e40e44c4f7aab95df7b944dfecb535488f10ad91953fc0ec014b4aab4fd65
SHA5127bbb8db4e02a853be641017dcee78a71c011edb0cbe388fa5de7244c57f3db58a20e873a6d899b3e92c9af9722e65edfbaa725caf48dfcc9d72dfed16a8e6330
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD5c73f65fa2a4dc9ae94280cddaab06709
SHA1812e5d5093892fcd16a86b6c64f28f55f7bac01c
SHA256087da84d8cb53ca6a151071dd7c8625fe6c28f8af64327f25343a0d2cc2d78fd
SHA51243a75364a905250ff4d123fff02d5bfdc5bfaef2ba7e1bdf79b2bf18a625bf565dfd931c03437fe4084e634ab66f172196a3817f10120467292bdda36199f5d4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD55abb198da099eb9cf1cd80f876f18dde
SHA11896a2ce18766d3b175b410bc1547152faf6dca6
SHA2562df5aa0ba15802037ae89332c3fa9a4faa3fc6e0c310d02f252ea99400844d06
SHA51252a0123145172ca518a68bf31cc890a9069afc75c8baf7dde2011c4ea2e9803d2b936717c2698b3547a46316a7a795f0d1f5928f9565fb34cf1dec1ec1770f0f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD524e2c71b4c39b12cbb75e47506b2449b
SHA1bcd53c1570e4dfefeb90a9ffb6130ccc1b9e557d
SHA256c76dc50d11a1e0fbef202b3904e3d5c71b559bb0a88fdc4583d1d6c9b16ff5ff
SHA512a60b9c41c349be0ffb655f061877eb37a5a36be36eb4e0e57b4bcab20bc1fb5ad7d510e024f8b5306f991840fcdf8b04162502b4b33f190595314c898dc85c64
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD5c54fa9a689ac62b1f6d22c1f88466ad4
SHA18590a645618db3fc87ade0e903cba575a666ea6a
SHA2563d26183f58319993a3cd62fb04969040d6e19247409eefbc7c039f5edd398eed
SHA51275e87abccc03edf5a44fd1d6a621ee1786204ea150ff70d0db3158a6041b0282c3721859f4558e97d2f04ff498f84d47e49e4a839be3254869a900ae29c24a65
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD593d701e9551310160f6c3fcfd8ad45b4
SHA141f390f1c147c3515e6800ff9fa691cf6b558ec0
SHA256bb82273d2cd9cf11296fd80b999cdb00fba180a1f91db4e12b38f5687ca8949b
SHA51271911656874086918f4b4ec85917f36a04cf28ed288bce4832d49c1f9121a239b64e6adc04930cf419da6f15dbc9ae67c8a8c9893ba964488d8a73073590656d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD5fbfc2f2c6ca91adc91d72305200fe916
SHA14e225cd94037f38433b760a34020363936c9891c
SHA2569c0accd651399c404cbb0755dad7d1c334ef460438976af429ae3357f236f462
SHA51203b290f03a2b0c1c98045138ef6ccb1a9da870a805fdc4d7da1e7c4e3a456dcccdd6bff6bb95dc82295e4f94c7c7632327a7ead8c777376d86ce753f6a98eb6c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD5d6456ccdf702a3989782904c33680eb4
SHA1190d0b4aa52646617b39ad0d94f0e987115a865d
SHA256a4f05955d1c1d5cbf2c2fd573ec075450846a1c4cfa2302549beca7329bb6fe2
SHA51273b81e3dd32079dacbfdcd96f76f384542f4da29696950a7da090be649a9785db3084a992f794151e9fbfb1007a0552c38af21074c547f970f774fc304044f15
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD52f831d469fb8ac05eb2ef5ed3e85b34d
SHA1aab471d6e3434cdf9acb5bd30e5738cab455293f
SHA25699a217791aa359c8780730072611a7cfd007f53eba9a53ef19272ac84545a6e6
SHA512b939bddebd96c0bfd9f68bbbb24d0bc85706ac5442292206299a90360183ed6b09858102804b109610ba6b0ab0924e6c1c8cb94730b0db7c08693f588f0fd20b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD575f6a4d9a54b629d77cf73d3b7f46085
SHA14e1050c2bfca9e44c92a8302a65574f3acbd6511
SHA2565ec1663497f2ce76a5190ef54b074339cefc9cc6256ccd42a920d61a923ed2d4
SHA5121e465bfff9d63c71817d3b57f5eb2d0eabefbd7040de1fa496de84887b9c327d3e70b23748be17ecf50c5b3b1620810fa21589316c5a661fcc1c277b222fc8fb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD53d332652140856405fa5d8edc1f6ffa7
SHA15a11dd225ed34f5e2ff43b0221a95bd50f6f2940
SHA2563892fd892ef5a85abe811bb87957b140103cf2774e72c8a76e878fd45cce5bef
SHA5124dda4bf1d9165abecf6adb86cae5afdf6ae6bc877c0f1ad114caf8840118a93e413d26a37b972a2b924b274b3df2fa86196dc82abe33a6d8d03fac6b3bda8730
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD561c8bfa73c7580f78b6b05b89ab0ba41
SHA18526a4555cb57fcb7e452369533e3ef3285ce739
SHA256a47a0b8da52ff091d09e7e0eb720681068ce66d7e85625e5b703e4f13b077276
SHA51264eb12fa8adc415858d227682a372f04cd88e19e1f185af4046d21a102a7135ed65ea5726cd367b4a7c18641b427dfad8b87d1c5b9e069c9cfaae0bd22af1e72
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD5553d416e2a73cb24e9c09f90b6df4029
SHA1a228d52ff97d82b241b416c0cbc414e921792404
SHA2565430fa738df978de7ae526fa358e3866fc227a62c0888940f5d106d0d1bee019
SHA5123dc4ae9e6b0b99a9757b14e4fd8deac2a0996f198941503f41951787426e6f6dd8fa8c0184a2892df613d806792326dcce98c5347c84021ea00d2ea5c019d040
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD5d63c21f3fd2e652667248bd162082a42
SHA15c0c2c557251368c09883528767fd17167f01c36
SHA256f41c95161f75d38f1aea174f6f7ce53b7bdceb5f63ff9ba92336b83073819cc0
SHA512c21874dacfe42faa3e1792526ed6f28025acc805ac377f6068a1bb372e0402bea50d3c4af0fb1a512b552af9745e91c949df559dc338df4bc938da173d8d49bd
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD5d6bab7bd129dafe67bb1c01741a7cfc2
SHA190fba8e7c795f66bd0048a49d8bfe78cb95120a3
SHA256a6390d52acc28058fd223f26b5a452749ba4246af402c46130c0f1b484fcf16a
SHA512e2c618a4d90e518f8b90a8491ab64cea397d09660804eff4c9940ff96a87a8283b301cdf1dfa69a90c21cc16627c676dc0cd11722f66a2acf7db7b969d71ac47
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD5f7b8306e480bf44f68eb1eb5414bd435
SHA168647ab7cf9938a2c3cfb33b38dc7f51da0ba10a
SHA2569e226dc217f8959d6029e37227022669017c6013758d9ffadb6e4b99242e54de
SHA5128a6f80df7e31aa686ece7cb0d38b1d74bfea7740689d57fea4efb593a092ece330d3dfb9e0d7364476c945ca5084652a1bb0bf153b729141e475562af4104c0a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD57ec1188f055bad25494c334c94dae172
SHA15d993888774dcf0a545424a49ff45487a1bdc028
SHA256387b63322508792cafe439af9146288660a826969842baf1d7e3f92b544efe54
SHA51263244c4d86208892831fa98d052e5588a1ccf9e3a42560e99e1fa6babccf0e666bbdb577dc9e0a5e01cdb5385a4918ad2db602f7c856264f0fb653a8a62208d4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD5f6e817ad343cd85afd5a9bc94f7a819b
SHA17740feea9e708a4e478237905e7fef0b0de2a1c0
SHA256ac59f75c909f2edf4a62d0ed835f4bbc63f299daac5e109a8223e459f0dedccc
SHA512c0e113f7b6c80ee707d1d31bd1abf6db25a70ad5eec4ab8f2898064af69b5e4543b803b9c813c31bae4bdeb5bd9477923d6c64f58379c39c98cb25fbda2a6e8b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD583bf96afb1cf62b5e570bb54dff2e63d
SHA130affc610b220d7a606662625607ce2511e19a8e
SHA256be879c0fb368fedeffe35d03adb9951a7d0cf88c2b39181a19425a8671395c84
SHA512beec06bc7053bc674a18ba566c878404255032b751c85eb3d1a1613c035be7206af7c61a5ee70c661e142eae5035ac9c77df99ddccfd7497d965381c7c7993c8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD5b10a763615162848ebbd6ff8b87498af
SHA18b66bf62db3c3367d4bd094594b0dc1dced76acb
SHA256ef2baa7186e9ba08c37786a42e00cb6ea7638b0ac967d582503d0f7943cb74c8
SHA512448ea3484f59eb0204d470540d2e03488a8eec6e6fdc55882558e519d905c6586abaacaacdbc7eb8723bd673e2c8bf250b99930521fe442a78e26259f2beedc5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD53328dfe242794279137b6c4c43143d18
SHA1d2bcf822a2532b175377a16fe53414acb1381de2
SHA256da367185e2f6d3141dc963f651415707343748212aeae3761c52e2b534426cf5
SHA512ef8ac48d0fdcb4f5eb095ececba695cf30a56e0e4b425af5cac04e96219b65cadfbf95d761097667613ce6656a388c18a87d56d2dc3f933bfb7f463b5a7aec6b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD5a5269f29d3122538ee10d32c66727e36
SHA1ad4d2986619f2e0e8139775e2d510bf9284ae0a3
SHA256cdd6334bcd2d41d1c9640256dcd88eef619d5f5d4fe7d30a7ab748aa162bf068
SHA5129fdc837d559afad37820bf2aedba311f52c5fed3da8b9c26b0784deba0e2d09425c2367ee7eb858d2be294f4ac5cc49e1982c7f647a40e505eab5fb202cc1c5f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD53daee2a81398d2949987214551eab0e6
SHA1b4df81a8e2a04fa6c256c7118a99af16580e140a
SHA256d239613c39094b54be93cbe80c5cebb06fbe1f9796744f86e45045283414b930
SHA51215a58b56520c4a80f45587a90379c0f4f1d557ad872ff3385339be6afad3c0206f68c3b8df5f66779fa652c18784cbd22f2fc88235e33a65ebdd22590a64c8a5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD55dbb6f208ae80156642657e7c67f6005
SHA1c902631ec73231524c8b69c79449e1e001dc586f
SHA256b2ba6e4e535fe6c28d0d0e2913c4f9633ea37c493291913146577f9299db3d67
SHA51227b96b4ec5e0c2a74e3fc8191c97479c9564a5ac5db4d4c7537f46ebb24499e183d621acd5a8d34345ee590aa0f6fff9c9a75de82333487a450a9d626a083630
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD573f84ab20e0ad325c8fdc577a5c3e423
SHA150740538fc24900fce300be72bcdf29bd3380594
SHA256861c910fc022bd981afd499cab331722f808eb9df75fcef03e9eecc28fda95f2
SHA5124c672c71388e2fb7459005f5a26083bf42f0b12898f7c62de30a7ff53efea28dcaa3c67db32a429868e2fd7e3c9f9d4b36170920b1eb679634a1879ea34e98cf
-
Filesize
580B
MD5d26f9120e869e68fdf554bdb31fc94d4
SHA13ae4cf9934a06909d1cdc2f325303c3f9d0d4e97
SHA256a04971b244ed8141bfa1420db478c6f632ea34409dd46d5bed7127a73f969934
SHA5125e8bd94530e99d6e7c3c819df553e54ba6c3d209747a93b40e3418b7e3ab2fcd056aded4ceb010ed62a1345af1868d648fe7933e73bfabcbd023b11dde297254
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD5b34e4be6a6c796594d00d7852da85ea9
SHA17184aa5228fd6618e41440c0e597f26e7b9d294e
SHA25692c094a6aca72d074c3aa880d1f6ae67f7e2c49ec83f1b8b74fbdcdf3fb3e753
SHA5123f4edc92e2aa800791641e2a760e5bffb615b8320b673c5e4ab146821013b218b18b103f2fd33215b5017fecb7cd8a5259f87f06963c7c31d124c493144a2936
-
Filesize
625B
MD541f1f4641dee60d15a3cbc0fb64e38bb
SHA157588ff2b5be1744a17c739d93b07b01b6fb447d
SHA2568b50924e5e2afe6fbf5aa68b3fbd6673efad049f972541ea075ae8b64e366502
SHA512161438da477bc5e32aa689c3a7f96fc4b611efc68a9262539cb92a0175de2f1cd58a922e6c578d921934dd222515d505f4e3845fe1acfa6eb35ce64858e9a199
-
Filesize
873B
MD59b2d1104fb4e1c26744f98b1877f0f81
SHA108dc9ba247a0650e89a5b57a7bbb40fa2613d170
SHA2560fa499ca03dc99233589518b4776423c55a70fff4c3756c35e417fdff8d43415
SHA512fa91f1f2dec98142733801e3ddc3ade6ee64f7b5f6dd4c80457fc9c144dafd256f475382e10b29e3b08a96be6d7358626d289e9eba77760f1962e3b1f6f379b7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD5d948b428f1625c49014b686bafdc5e4a
SHA160d95d597b0d32aa5fcae4d59c6db48213d22961
SHA256d8da575625d5b2ca4810293434541e764829296f97049a7ef769658d246ac9c4
SHA51280f2e99e85621d76de1409c64ebdaaad62455547c3b3e39912601b3c5b5aac8e576dcbd38776528804808becfcb5a0fec07deca423b123c3a9f66b1d29d86da7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD5ddfb516d648ea9b4f3a84750de5ac7d6
SHA1d6e14b4890d8f47706b2bd62f11559eccb4e7e74
SHA2564b242f2ef5c2492354aa86ba4ec8ab46b0d1577a071d70214cb7171b91b97ccb
SHA512f195198f8f2b4282d6f9e10905f12842f278497ba86b4cdae76e71c4657779f2caa97e852fbd05bc3f85a08364786f862ef9f6cf9242943ac878ba140e3bd752
-
Filesize
615B
MD5143e09f11ddb88b1ad7c8f3dfca1350f
SHA141251e289b9f41295e19c6e049ad6b6a3d31f5fd
SHA2566997fced3e6d3841104c40cd11e64bb9eee0e1791582a9b504fc0be931e34e6f
SHA51273df5f29530b7626f391a2c9385b50022bac30ceacc6ce179a5c06c98c3a0498de414698fbecaecaf3b146db8e5ba4fcb2bafb5d07e553c159063cab25ee2b78
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD58b92854c4e3f3b504adbdebbfe3799e9
SHA1baa6b86aa9c0665105c4fbea3f0a0f181035d019
SHA256a469bfc1f623f31760f479dc468532a8d24814945ab6454844af19fee987c995
SHA5124abc8b937882652ed3357943ad059b7e8ec31f30be065b98eaaa79692314e6e06652c1ebaa1ff36d206f82b80c10be536f6faa1f683cfe0b917cea1f970f12fc
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD53e594400a50e8ed3960559c031d32214
SHA14cabc9dee61f769659284ee32edad431ae45a96c
SHA256e0efcc4a7a992138a61300ca2140b45ba689ae10d6f76ed6b369c9a57bd02500
SHA5121d799c44c071eeaf95d082c404bceb513c3b37078db7478dec4ac46a4f76db6b634a3558302b392cd40858a793b793d9dd4320c50e5199ed3c7e7fc7e24d3d8e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD5419ab50acc05ff18dc10b2ebc738e314
SHA10588cbf8d2d2d619911d9604dd8f7ed674af49bd
SHA2566944b9343abe6204925593a87a9768e043a820bf0e70a14c566f0ed0404d8137
SHA5121a6c637ccf099b11a684961c9e8b474a684026dd903938222c53a9833c8a7edc93e370444b9400c891114312c3c28765e335d6b5d96036a917e7a0e26d2fd075
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD5c2bdf8fbcc4d209b9f11036415515714
SHA178985aedca1a6c847c55b450b96e25050380924d
SHA256b55cba9c5ecb9f94c81aa0f81ec68b35fc1ec7be40ead933a62e6be45eafecd8
SHA512945a86f991198379d8a0003379789df6d271577b0abb81d62791531ce3cae8c9588e33beac7f94d9ab09aed836a2ebab3810431fb91c5fe0c8762724952f8609
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD5614fe3fa325082bd80648c933c8d4f85
SHA19a78dc9d2c73c1c69e8dcc01124152d8fdab8367
SHA25660f6ad29674e5a1d2c3b8b5cc5e91e67c77dca61d6f61d52da7d79611e81ac42
SHA512dfda48bc4aa9d0e7ccaf1ec2759a88bf8049acc1086428f454f0ab868c04549ef4ffe01544b4bbc2e2b14195978daeadff807fa260a7a4bba89bcbf3697735e1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD5b0d0175aa3b5624d921ea1a8ccca4df0
SHA11939be30989935e34101002445e0b17db7c7cdeb
SHA256235d38f9b62ed0468f1a02fefb33a4406e82fa8fdd0087b3d290dd11db04f22f
SHA51292a2a4a1bcd4092c1a56ef668041e592df3ee0901f49e136bf50c5e805ffd56b11489c4a9a8c63931623f161ebeedc99f3de0a2adca98233f886d3b6c40fa37e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD51afad1e734979fb8a8fb5a2f821789fc
SHA12f0dd46d2f84d978fe7b91422a57fd06aeafb67e
SHA256123366d1426c6a70a89ba2bfdad4b95dad9b5511077683a0143f853e743ea14f
SHA512ff4b6a84ffde239d4b955d569956427b75680b30491582f11363a6df3573d5d4a1025db7f6eddc3552cc8b64a3440221f42f00fdf97fa43251b2b84b87007511
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD517e4a29ed8cf2ad341f33738c472030a
SHA1c6e1e4dac678411244c085083be40c96d4c82b4b
SHA256d50c41917a4eb4966f9f9071247e86b5d7124f819813cf951705094fb90c347a
SHA512e22217b60fbd6f5c49729fbfa12fd7ecabb2245bfd7c7a044c9b7b83b995cb79b0b3171d93dc902e0b1570db8dcbb3bea3ec11f252ea6ba3f3950405c914ff4c
-
Filesize
153B
MD52bbef98ad89d5860409a24d460f9db87
SHA13f77719b39dbf5b91ab339955c502567593a71ea
SHA2562a6d4a398a57020f924e7f5b269dffb5d57cc6512441544f409c710794ee68ea
SHA512936749ab42dc445618341e9d7fc1a1e02efed0b11dffd5e6a0a22d2f081a322d835688c6880830dbb583ad63fa5c91ee5f93f120b642c351e03ba08ce482e8bc
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD5b6e59df8c3f454151ff904c534079a36
SHA150eb21758252f9b213764900d28ce2d24202b761
SHA2564677c8243878405c0581f1134781e06b1eb1cc7f59e341d4e73b35375e8101df
SHA512205502941bf70a083fc0592db912729457478afb62bdae74620f3003c2dc5aa5f9c836881f5290ab7c8a36fc25a37b2245bfe85839e90e5ff69ef0df910cbb4c
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD51f6fbe30059baee054493f8a4af83add
SHA12904fa26bd910773bd2ebf55ca87a4cf9b86b4e5
SHA256eb247466b0193976ebf8d2ca42a67a88caa48f096c40c76282191a282ce44e89
SHA512844a60090f0b7c839c7301b4b261ad6a7999c7167d4e3e2a468bb3bad7a007799055c8c45154798c3470f00ef07e66e820e887d6cc60c0a04790edc916f325de
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD557468a465b26bcfcd50569990bcb8ded
SHA1ba7fade1c85ee66ed8c127fdf56eeb176705b08e
SHA2560f7b97fe2a56313a3c664ce2d6b2363be38e3f72396b3dee288e77aea840eb2e
SHA512557eb6f4b357177ff524eef2b9cf65822a2f62d03b940c5e22dae08e6015cf9088dddc360e7362c71b7550317f8263deb88af592569368b9f765cd440207f008
-
Filesize
109KB
MD55961d55f427a13ba42981fadf6480257
SHA1ed2db1e5092316845f6faba68aaa238129bd0e2a
SHA256ad8ded9877eb41d4c7411d34d117f6e6bcddb887ebbb671ce214207591830176
SHA5121faaed15389582b16a82c00516813c4bdad14745c3e834c21f04054f1222ccaa05e10879315953774ed771f5b4b1bacfa00aa3cd9412c720eddbd1dba5423a0b
-
Filesize
172KB
MD5a1c52260a809238f89ce5472c542f937
SHA1a4e26039f151767d0ca1de105ecd0ed6c6f78fff
SHA2569a4e609109025b001472bdc5be7a8af9e3c49d8c4082d1438764cb1f13630cc2
SHA512a1e34dc4c5ddb0b9dd0bb94fecfd9ef4da00c48e72f11f6f4fb047c6b216a549514bd1f4f81aa9b7cfa6ba76c723c339818ba23eb5554e320e6db55729e31f94
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD54ac27bbf5e491471a227f7cdf615ef25
SHA189f659ea44ebcf0b167ca7cf14b2dd4875de8e6d
SHA256bde843edf55917280286b7449f6cbe11f433a85c2113a023b1320daaa23e1769
SHA5126ed0d7d042ba2733f708ae8e492c7947a4cdbf7784513dfcbf0019961572a5e38aab98b2f7525968bb56d4570c1d436c1fe2b3457c22a77124536f9b3f55b831
-
Filesize
21KB
MD5479e268e856d49608cd64b96b1d75083
SHA117e1dc2811a60b27da139cc95fe37b3aae5e571e
SHA25624cd62ed09519ebb2fc7b98024c75759a8fca10957823ff24fe7dee1dbd44afd
SHA5123f7f757b9fc1d305705a56e41dc8f2b278cbff2a00b85d83846f101ef56e82095418acf897c72548de8784ad6cfd5c201e929e8b2ff7d866a4c656506f9e1e15
-
Filesize
1KB
MD5a8e9f3f24de59f96db21b07b72a2590b
SHA189084a9997ffd06dcc2a3527ced2730e528d3f1b
SHA25681e91f4373c634cccb5ab993ecb660c8bb228fbf315f427fba86aa0ca9317960
SHA512cb447c4c26de25188ce1062e74dc28ee030e55ca978ed21b3dde8da572a4076608153ee5664bd087758c8cbf49fc649f3f0796c377460062266053a80ddad73c
-
Filesize
952B
MD5c88fea2da8b926923c7bf2437ba90445
SHA1b2ba67f325eb40acc48e0972b641b005d8d9657a
SHA2566d1bd75fcebedcac314c72aa628429ced554b7b15674a709e4c5ad7ddbca023e
SHA5123cb432c99639458955d33e4dca7191d98ef990b492ed3fa3d1ec3f7a128bc5db2f9835d7fb4328471ceb7287b25b00959f2f0d78bf91cf49f161f0a69c2163f2
-
Filesize
1KB
MD5b52226c6552de65b4c796df5b4ac4217
SHA1c539d1eabd814b2299e65c65882cc496431597bf
SHA2568228afb4409854f2c25df3df610da7d5f1c4dc66b01ef9d62110d8ddc11033eb
SHA5126681a4fd3308713b788bf9329ef0b60a01fa1eb888c4b46bb1e789fa7f1b25ce1221802c724f836652ab9910ae71a36e63bb5e3c0b4c2e2effe9b70ef6b1b1ef
-
Filesize
8KB
MD588fbc082b9384f748a6024576d4c0370
SHA199251778a98ba67e099372810bad7d0c184e9558
SHA2564272cef6b75a0879558fb93873df8a2d3d5aa7beb9f254f3d62bff2bc3f2ee6b
SHA512a6f96b9b4ec3ed00deb79b5009804fa6e474699b7ef949e0f065c214916d0a71849337d49733f88dfdeef76ad98e8cd065020174245bcd277b691299ca439462
-
Filesize
914B
MD551c3261c8c8e4b7efe5f208795f1c746
SHA1db94157f501a72a37ff7fc111437ddb5521aef38
SHA2564f73d683a8f4f9eaa39b1c686a8a7944812534ed3b25244ce685060e408b8887
SHA512582bd1d395422ad6a0392584aa24f5600d42d08764e6b8af1ffdbe7344a279bcae33ffc1e724dee5b49c96bdc10fe49fe5201698519ee25286906c211f1a9da8
-
Filesize
328B
MD5b2177fea092e56d6033a4201994f508f
SHA1f50ef476cefba307ffc55b88c2fac4aa47f836c5
SHA2560c354388ae80b010772e708ab612517dca2bd6d03d073cf36499397a9643af92
SHA512fc743341b5b4125d97841000763ef755344ee26e1c7071cc24d05dd700763dc540cc52b609102761c0dd7edc3ca2360ff70b769a5b79785bf1c1b26cd3b461e0
-
Filesize
1KB
MD579a63b611afe4d9f70d305e530585421
SHA1379c1604973be50884ee040749df87c3978c47f7
SHA256610f5e7a59d3a3044a06f20049d499790c3b1bd2d358abac5542002884c188fd
SHA5126b4e94c1eaeb0f510e9c0bd2dbca993e4658097b7c0684a63ac791d49e32c7bb18dbcf62ee311e9e3ea85bb403621df2a99a1ecffeb33eb00a6a5a58e51fa1d3
-
Filesize
162B
MD552bbe62ea7e2c3d412ef98bd844d4c4d
SHA19264595f15db7d73e6669c4b380dab2caf975278
SHA256a5d806a1d318d15f137d8ffbbb19a108eaaacf7b274d5f473052fafb981073e2
SHA512715d651f71e817d0c3bd0228708f824bac3f1af8cfc1ff8ee2bb1aa83f8cd17a44bf279be7a08dd6b71c0ce0b9894c157220f2473e88abf2ffb0085eeccba30a
-
Filesize
586B
MD551c96f5acf81d3c5b336e08d1f713cb1
SHA15d8a482ae9c8fb13536085d62138ee1428fe0696
SHA256aa6bc8fe8ea6a6df3ee879059bfb8787cc96cd8a2ca32de0a7e60043c5f98848
SHA5122ed890e8fac67acf4fbebc61736eda6fbc2a82c85e7025cb8689de9863bf1b6d72b2a9880d1cbbae96ea73356025afead0085f8497a17a3695b94ed04dd3a5b4
-
Filesize
124B
MD5d02b7220ce90d7c8e3ae38ae149598a4
SHA1df318bf256425ce3bda38b10def747d53191efca
SHA2566cb21335331e38eec2b27103ac334247dfec496ef6558453ba3e0369aafa8781
SHA5127f6240b48497867909c118770621739c30ebc4f0d55b644c42e4d92816516ca0821abaa727adb5b183fda05bbc3ed71201f049970016ffb1763083f072a85e4c
-
Filesize
8KB
MD5bf2786131cb3f3cd4cf1c68ff912b0c3
SHA10096656a94c6eb20f4a9123c6f4b4060719f7056
SHA256bdd074a88d9966926e52a8904dc22a33e876640caee193202a1c80b611537548
SHA51209947ce7f2d7d198de965d44e5022d6d608622c775acd84edc5a6cc4ba011b24260a33ffbe7b061aeef5f3c340cff9ade8e1d90c758e7dfe768a01e60966dd7a
-
Filesize
880B
MD502fbb0eedb9cbf2306b3c479956d9207
SHA1a86c25a3e2b7b6743c9fadfb5a9c64d7dbbdc127
SHA256231b6a7a15c1162e252dddaa04d673fb6ba7e9647bdba01d0399ed3673da1e88
SHA5122cfd25bb78cd18d3a9fb29e9bdd2f62f775eae676f1d278964084e37c8a75a617deeae98feea824def9cde40147b8d9aaceb007cf0c282535d9ae59b9969719f