Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
27-11-2024 05:23
Behavioral task
behavioral1
Sample
a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe
-
Size
17KB
-
MD5
a62334b80eeebe5073f3dab446f27870
-
SHA1
5788c9db1d4abb9e36ed87e178fcf7da84f00aab
-
SHA256
370a1ff7670051900c30da978d6fa4817503ba83bdec99856934af91370096ef
-
SHA512
789459d2851d8e4c9b646f91e233c2859de30f3f6f30f440ae59bc74800efb482b2bb47d9800eb3f9c9cefc714633cf167198c1a4732886124b7a77948e42335
-
SSDEEP
384:yebFNw4Pk1itKkpAjjI2YpdmvgqSNrPLv:y0FmBkpKjPYpZ
Malware Config
Signatures
-
Renames multiple (2189) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KZVTF7jR4O0SAj0.exe" a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\IME\imekr8\dicts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Arithmetic_Operators.help.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmcpv.inf_amd64_neutral_5667cca434e3a6b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnso002.inf_amd64_neutral_c3b7ce4e6f71641f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Redirection.help.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Line_Editing.help.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wiasa002.inf_amd64_neutral_6429a42f1243419a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_profiles.help.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\dot4.inf_amd64_neutral_b89cfac15ccb2fba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_execution_policies.help.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Foreach.help.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmracal.inf_amd64_neutral_857b8ff74e5a7073\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0404\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\scrawpdo.inf_amd64_neutral_4c228493af8567bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Core_Commands.help.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmbw561.inf_amd64_neutral_fe42c0ff14d5562b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\de-DE\erofflps.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\WCN\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_scopes.help.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_types.ps1xml.help.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Arithmetic_Operators.help.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\megasas.inf_amd64_neutral_395276dd9b7a7448\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00b.inf_amd64_neutral_4412894f52d39895\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00x.inf_amd64_neutral_808baf4e08594a59\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\001d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\LogFiles\SQM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\nl-NL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer-DRM-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\Engines\SR\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Parsing.help.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Reserved_Words.help.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\AdvancedInstallers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\cxfalpal_ibv64.inf_amd64_neutral_4c42ac5f00413365\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmrock5.inf_amd64_neutral_cadd97421d121ebb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\tdibth.inf_amd64_neutral_6ad685957123daf1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Column.bmp a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmolic.inf_amd64_neutral_a53ac1a125d227fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Language_Keywords.help.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\atiriol6.inf_amd64_neutral_bde34ad5722cca75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wiaca00f.inf_amd64_neutral_f7f7e179d99acc58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Switch.help.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Comment_Based_Help.help.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_hash_tables.help.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Foreach.help.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnrc006.inf_amd64_neutral_7e12a60cc98d3f89\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Comparison_Operators.help.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx009.inf_amd64_neutral_d4b76afd08f308fb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnsh002.inf_amd64_neutral_42b7a64f45c7554c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files\Windows Defender\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21314_.GIF a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR48F.GIF a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter_partly-cloudy.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\yo.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR33F.GIF a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02748U.BMP a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01297_.GIF a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21303_.GIF a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_foggy.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over_BIDI.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_h.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01221K.JPG a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_dot.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\add_down.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files\Common Files\System\ado\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_sent.gif a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR2B.GIF a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\settings.html a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01293_.GIF a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\drag.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\currency.html a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_cloudy.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341448.JPG a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\GlobeButtonImage.jpg a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\Windows\Media\Heritage\Windows Hardware Insert.wav a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..ackgammon.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4f0c503fb479c314\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..enger-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_794c4f1a057375c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\ehome\en-US\playready_eula.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-mmc-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1ebbcdb2b4f4f3ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-n..ion-agent.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1460e068d1d3299c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_30501f1893540c3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3a5e97cb3ea38802\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-w..mediadeliveryengine_31bf3856ad364e35_6.1.7601.17514_none_85ead099a8942341\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1\reveal_down.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-n..lientcore.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_386c00971060a77c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..iondriver.resources_31bf3856ad364e35_6.1.7601.17514_de-de_898c87f3d6b3e4b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_stexstor.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_77de2215ffcc00fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-b..d-bootfix.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f5f9d5f8c8d6c6f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-com-oleui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5490893f0b7c0bf5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-w..e-upgrade.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8e513e4f107f4beb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-m..ttheme-ca-component_31bf3856ad364e35_6.1.7601.17514_none_fae061a2e0ae5019\CA-wp5.jpg a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-ie-datacontrol_31bf3856ad364e35_11.2.9600.16428_none_00b2e64ae9989845\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-ncdprop_31bf3856ad364e35_6.1.7600.16385_none_538c12567156d10b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-font-vector_31bf3856ad364e35_6.1.7600.16385_none_91899a68016a48be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d26138806a24a1ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_05323992bca82e71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..track-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_184c82eb42fa8cf6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-usbperf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_400430896ebc6956\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..tptracing.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_50fda44b796d5bc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-pcw.resources_31bf3856ad364e35_6.1.7600.16385_de-de_496dbcc8326b2c6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_hidserv.inf_31bf3856ad364e35_6.1.7600.16385_none_a5cbab96e62548af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b\usertile41.bmp a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wbiosrvc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ea0765d13cc3f170\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-rpc-ping.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_dbf3efde2dcc956a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-legapp2.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad16d8361ba89373\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_msmouse.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_cfe7796da2c1c516\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_avmx64c.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84e4d7e8642d499b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-c..omplus-ui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_815af4f63a8d8f01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.7600.16385_en-us_b43babf4e5786588\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-leakdiagnostic-adm_31bf3856ad364e35_6.1.7600.16385_none_8bb4664fd3820c5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_78fa9a5307f2b9c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_6.1.7600.16385_en-us_28376affe6d50544\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_msdri.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_873c5978bf12ab15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_server-help-h1s.secstart.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c919a1d4a105d19f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\x86_netfx35linq-system.web.dynamicdata_31bf3856ad364e35_6.1.7601.17514_none_0ddf9afd5455510c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\diagnostics\system\Power\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_fi-fi_e802953b7bce56ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..mepremium.resources_31bf3856ad364e35_6.1.7601.17514_es-es_7c853394c0bca3ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..rgrouping.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ea5bc8b4d8e6a4d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-printing-reach_31bf3856ad364e35_6.1.7600.16385_none_82616c052be308de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-n..structure.resources_31bf3856ad364e35_6.1.7600.16385_es-es_eddbf779f124944b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d96dfd792e0ce13c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Datab086ae17#\5e254288fc3948c5c80d1cda69d5ffea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\Media\Heritage\Windows Logoff Sound.wav a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_net1kx64.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_822c58fff2102f5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_pcmcia.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2704f2b7c177fbfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-dcom-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5cb089decb7f0d0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-iis-bpa.resources_31bf3856ad364e35_6.1.7601.17514_it-it_82f1c7a381ae2f38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-t..nputpanel.resources_31bf3856ad364e35_6.1.7600.16385_de-de_be2723b43266a7a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-n..ion-netsh.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b3202466bf232c13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-rastls.resources_31bf3856ad364e35_6.1.7600.16385_de-de_623e7d8e534d3a44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992\Windows Pop-up Blocked.wav a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wia-automation_31bf3856ad364e35_6.1.7600.16385_none_61674587dd8f679e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wiaxx002.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8770a4eca4bac0fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-artcon6.resources_31bf3856ad364e35_6.1.7600.16385_it-it_99a1e036b6716c62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KZVTF7jR4O0SAj0.exe" a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\DefaultIcon a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.crypted\ = "GJVLRFLRZEUFSIX" a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\ = "CRYPTED!" a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KZVTF7jR4O0SAj0.exe,0" a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\shell\open\command a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\shell a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\shell\open a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.crypted a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2992
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
354B
MD57cd50824a8231d955318607388a0c3c7
SHA1436bd8eeeae6f3e568152ed9636bef8b5675a0d5
SHA256d5a79d781f6c0289024ac21c314942a6d4a543cacb02a9840074bf0577811361
SHA51268df3e776f5a41ffa81b11d817cf10e932903ea57ac3f74a5202984c6675a78297e18b3162e5dc5ceb22f7b7481ba70d916780dfd903f4a7c4161fc16716a436
-
Filesize
341B
MD514e559abf7a69aea914979f4bea8355c
SHA15af9ed33d654400a088a9d50969ef9a98070e0c6
SHA256f5a4c71efae247f7f5a170c42df419ea264045db280cdec68b15e2c7c09dfeae
SHA51224f21089f7fa654c2dfafdc53cdd4b95932ef81ff7da37479b2264392ce20b4a97a3a232e52ba6aa7b15ce5ba03f8ba26f79b9601d65103b07eacdf5ddc4a847
-
Filesize
222B
MD5aaa78c3734059c184894cc0be65c879e
SHA1dcce28caea4e7d5d40471076c2924c3d7da5e22b
SHA256fd8492a78dee7113fc1f2622c71509bace35ab4a2e3ee6bcdb579b12694f6cd6
SHA5123bd291d498b1f57c40603cd80021feadbbb0f07a5c26c627b8abf7665918dc340d7796b6e14cf3a12a2a939afdfca6a118601ba959db2c20974fafa5d9e5de0e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD5387a33c838264215d0b574009f70c6b1
SHA1096323b82cabe25f653525c61ae495866ae30857
SHA256b2e56d9b02d4f1d634c2cbfa1bd4ed4441ddc05873ea9e35db907667383cb356
SHA5124b1da74d934b8919eea16528f7e89fe95b7dba718789c1884b5e1578e96b1ede615f1aa2dbff806b0da48d4f1e143337e6ca033e45a7fd9427caaf0d65176ad9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD539e9dc33d62ddbc8d4273d18f4f6ef52
SHA118a7c7f834adb0b1e63236b6ba30a22e57e770b3
SHA2564a6aef9c935af898be44cec773042c96d0140d9f0a42ca0c66ac09840e1b8cd9
SHA5125853ff0adaaef660ffbcb07edef74e950849911c87b89f0bb55f8b98d7057f3758752404f82e1b46d398f068f96d30b282bff8ea1e6053b0102c214a9ee8ce2a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD58628e754531cfad72c5950d96df51ddb
SHA1a907115981f8061b4d60296deccb4e2479440ecf
SHA256666d8586f1d07524a31ef84af3a2929d1be6ea7fd9a779016dbb21946b79cd73
SHA5123ebe23975fdb951af73d79844bf20f725e1e2bffdcd4ba8714859fb720267d76c7aea9d5defb992bd2f6fd4cc41bc72d1343ebe354c1140f4656a5379d9a34ce
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD50d42a15fed1150e60d6578dd4e7bf58d
SHA1c246f63fa0b8612201422b90fa1dce278dea6023
SHA2569b2fdfafb16c43f3e6117fe5c0728f495654ce8c119b1151bde2840624326168
SHA51263043b801692b02a88a2721592d7a48619002c1d9520659cc9bd00d2cfd0acbf8293de00ea45570148876b684fa4c0f7e117ecbbd2cb919cc0c759fecfe4acbf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD5dd4fed6fbb0a27603c9949cfbf31350f
SHA1e607a561b36e5e948ea5340980b9dcb4b3e4223a
SHA256aa27c59f4c88ae3a18c1b19290be798d6e335074ef8c85cbd53231a436057a3e
SHA512c56c8d791727aed04baeff474138184c837680c57e95250ddf8c8e7f067b88343e8a387b518d7fba3b98e5d404f2c9ce4a6dc76b4ca0f8a3a334870306d23ded
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD5bca0bcbfd968522f752f8cad463e26e2
SHA1ad94fc84ca80eea3c1fe52018a33421d59b89311
SHA2565142504cc65420bb0e2c662c85cf00e569b0344ddaf94e2eb9e921cc5f734b13
SHA5121701d4dd51197b17f7d340b98d8cedb606351a4c1a2b47ce3a0a090a92e58d1b62e7bbc5ac1ce9c9dffc5846ce5d3a917127c38534e8c5a75bf3c837a4ff78c4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD5f51aa1d2ec4d78904e45b8c5ad3749e1
SHA17c27afb0b0ed2770a0aaeff966681be276e87e3b
SHA256f19fae0742811b0db748fd3a69849b2fedda3482218095921708be302ba29a7e
SHA512336fd8f2b2128d4489892818b70098252885d063b0c12b1c633d57ac5fe977828fcea4400ea7c47155f5cf880b355665a52f75a9a917db1be8638150cca1532c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD5caede80a4fd78b2394bf4f1672861a05
SHA1042898e4a436e6c8fd74e0cef74c564e95f9a765
SHA2560758535b27edfc9086bd37be6126c30c004da6aeac29e25739d64c2867524fc4
SHA5124d83509f47531b3c0c9dc5cec085efb164f7791baca941b3a34ff64172ae6b28800468a68741eded585fee8aff2f275914e1cb289c768803eee9009a280d7428
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD5c58235daa706fb5d83c4c0f9998a4523
SHA1ba974d8ae9a68435ae50dbac2bd86967b1dd5877
SHA256910556aeaf53c0ee53e438fd8e1dad97a517b49c78dd9e51e3e778d4accbb42b
SHA5124691b35fac4ba5100d7d8826ae56b8e19337efa632d18e7b411ac036d695642ffa8fb830b29e9966d2b386e01424b2b6eb7c4165d3830809415bb20baf69006d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD55cc4334db288f264dc9fa4155f6e5bfb
SHA169dc148c7cf5fbe7e44c7cb631140413a3ed224c
SHA2567a340e486b2f9acb2cd53a101528a881dfaa39ca629b324f8ea77d4b676676ce
SHA51212892932b5753da5a51b8ecc5584353074c84bb7be6cb00c4ef143c17400f93d756c2d76a53b7709a5346bce119ef3eb2b493fce20edd983775241168bb394a6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD5d05d31b37fb140f77e4d944514d5748c
SHA19280c750b9cab8ffbf6be9f958562046740da4ef
SHA256d477aaf7bb6832f4d6c0c6222357c8f36d876f746addc66be3b5bcd4048ce3a1
SHA5124fc54898362aab271a84faea1dbbe5a80ae932925524ab672cc8801e4e8371587cc588c576450ded69709223c50788fd4b0b530824d9cce3826d4377d5eb7b25
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD582b905bab915ae3c7931d23f5ee6a237
SHA181238bf3ee0b8e4810f5caa3acdd2bac73144a17
SHA2568e46724e787039f6de3ba7cf60bb42c26647c34f706f5bc24ab4412a555c93e2
SHA512adbed310afab2705f04ccb7edb565ce4e85d364b7c8aedb86353d5bc5419f4412f369488d7f42c2af1ba9244ee236f1883742ca8470dfca6eb4fb36e82aac43c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD57f9cdae4e3233c3f6032fd78b4935d27
SHA1f17b1bf0cd529fa3ecadb800dcf8922f8734c2e8
SHA256688e53970bc14fbaac9013fa2fa6031eb192e5389aa7b7d703d707e6ef669ee0
SHA5128fd75b1b3c92a628d274a458746b420b3eacfcd31a4efc369e3ab59faffc3a50d2606f67234f12ede94a8361a6511ae59806c93309076cb940cdb055dcc081b2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD59c8ae440c69eefe3977a6fd3bd6001da
SHA1a57edc67dc7101ab0bdcbde449d912bcc7a04d57
SHA25609ded82dd138160dec30e19c7e3af59600029e98751280a4fef53cdb157762d4
SHA5122aacbade45e6602088d7b7e9366ae253e98390d58cd8e8d687fb97ee5d9aa19fc0c114a1a728bb26415e6266f9c0fd7459f4a760c9133c0acd9a1a96d737f8a6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD551b315dcb1ce4e5b6b422b4301ac4686
SHA1ee807b80dd269c9f72a5948a2054170462f04ce1
SHA256efbe8c804f1fb5fc98e7672b5ecb268e263074811b2bcb49baa8acb3e3251587
SHA5120c2c2ab35b3a1b50274ae634937160c5716ad3ac0127e34fee8bfc94d4c338386cb570936af33ea410aa33ef24007bfdbd66fdc118017359e27baa13546fc723
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD59f27f9713b31852a860b9750d1dc84e1
SHA1f66c65e95ff8e24d4249f2dd5096b1c089b62b10
SHA2562688551bb5bd270f058a0838abaa7de37b397babf4f3a936adcd201c7799f81a
SHA512b5c52b54af519502f8fcae515992b99af30f3f9ccf19b910f549ce15ed9a44fdc67294aa304c6b82e1690bd02a8020583b181a7c7851fec075cec2ce78d0b0ea
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD5e8816d64917d49ded472ffbed12298fb
SHA16156e47add9b1c6f5f193d403a8d375e18d5f545
SHA25661bbad68f50453974f07647cf5e6ed1914ebc72d078fd320a80dd637e4b2508a
SHA512c6c60b7704045975a9962f4c7d146637cbc30c73ab9d8ba2a989997c0f49ef235c5f532eff7ae6b3a36369a5e34b7a2c4d11dbad987d6b8b3a320dcdc6be91f7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD54cd27fe753e61658aca48d60af20aed8
SHA1921d20829cd30f416f9dcdf4e197640672eacdb3
SHA256a18a2be61016160ef28da8e0e25aa95b592bc69774c970d7a4e8cfd7ef714551
SHA5126fdddd9391be19979bbdc0a3db8ac6da14ae0082c32dcd2e5903224325493c31d089cb4a3e1ac60cb83adaae1da28feba3a36ef37d54a70fb1414ddd5864feae
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD5a40847a6483f2f5110d113dd0cc00068
SHA1a6b34720e15598aab271615447e49d3c6c3ec5e3
SHA25641a73d42d7253cdc75c05f3a2ea542c5be4e92fc30633ac305bd092e5f09f6c2
SHA5120dc6ac36867c4ec99d684e4377adab0567ef511ff971b3745839bdc82eb83635ab4bb2c5b5bb953a7c42def512a3c84736019a89a9316d199db30484c1f68875
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5426f363bedabecbb1c36e619fc1aa859
SHA14408e0814ea8bb7ce8a4e3469efab22849944f95
SHA2565630c33b1467c6427f213ff7e3804b278388c1c27ff218ae927b54722e2caafa
SHA51268958a9156bdc6115872cbed76b57890eefeb9d39eb701fd73a2aad4f92ce9c3dd0e76a0dcddac88dcdef3b66ca96110bc8b3c3419fa2b1ed923cae1f4f89e8a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD5ea996477aa480b1d1351ae13cf547760
SHA1354346f9ee5e314914ba978e4ac3caf0cd0520d9
SHA256ff1cea9cf47e19c2d2916afef44cf6c15053aabe23db6b4ed207036008a0bba9
SHA512c994973609e8fff7fe2210537a0e67cdd7f5db66a995441f09e9d90166c4f6bf1dbf55d5e45438b89070a6fef9d8f0090af3e1c13826abd23a145e098637f689
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD526b050e333f85c6c785e8d44f82fbe94
SHA13dd0e0110d2cd625dd617b880cdf1e2a6f9a0181
SHA2561a0398305fc5718e63aabefb83d38c844eabc887a704222eab86abe82da3c997
SHA5121e4c155787539cb575edd318fd6fab9813b8026894212571a3372927e1c30017e7ababf3a1b58a86c84f2df16a3547f05e83f621123afc485fa150b4a4ad91ea
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD5837922bbb3acbde9ab8f67cdd8c21de7
SHA101e9b1781fec8acc055f4eada612b73f5514a005
SHA256c1184e1f6f87d23998287e02456f2f2a8fe50d65001a35b41aa63344e626a4d4
SHA5123113bd37a1b917ba03d691711243f3a459abfe6af3fb9866a1fd54f520d38e2f00d698a7b4e57a4e0103e166117004500cd10d8fbb7ff41ef446eb7fab52c215
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD5d3e05adc41533ee19e5c644ceecfd2e1
SHA18fb16ed80980f196c920a2a669681abc875cdfa0
SHA256b35e39c14b305dc2632d0daeeecbdae9fa9e01811986f2dbf3a81be39e89d010
SHA512e55d6dcebb0cea00dea33c60a92c0e4eeff85bc193e1a7c70cbca23f3d5e6ab1e83495457a21dfbb562e8cdd5fc6ea44c158437bbe6ad43b4cd0eaad71bb7012
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD59b436dfd35bbc87ab7cf54619f501e3f
SHA1b39ae3be98c17d187f105671ab391aa4a7a56e42
SHA25619a51cf57e19fdf8392019e12e5bcf1dbe23e01ae2e9ea45a9dcd7c34e0ef935
SHA51282fb62d18214d0f07ff18c9885bf5383a702bb689bd0eb1db89821ea5f785cd0889fc5d9507c51f0ddcc675dbe2b6694678f55434a6a3c1ed819ca3e1f0006ed
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD53fe64e3abf7d583e5439fbd0e935cca2
SHA1ee354d4da956d90e3a817bd1e971cd291f498215
SHA256b9d5941dbfd00362ac6de8d7707703ac2e795bae2d5865041d3b0ff3b8df99f7
SHA5124e36f8ca14b358e121a811d0b1d864a14e4159a32a5933d0eb11f31acbcb852e19ff01c08b351e2fad8d40b8abd12ed4c506048155798c1fd14e03fd31221cf3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD50b1a4aa8a6d65bd47405fac3f8cd34c4
SHA1e4c57c1b42665880b84070291d36030509d226af
SHA25669183b39f065809c8afe9149cb0f3ab3dc1a3defccd7966ca9e41821beb4a121
SHA5125a626ec5181a4b7e9977f68cc3e9697156dc37a15138d0bf031bb09e04d5b31697373f2f73fab1283c0e8d6df8d27567ab532bb8f82d8abefe15ceb3fff51fc9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD5b9c8024519c7010d5067f0d200a169de
SHA1137070df311cb2eb739dda8dc52836a406793088
SHA256446f77c25aed3801f831e08896660ff17fa411fd797a609d04c04f1ef17341f2
SHA5123700c41416c248de4d2f03026e1d96a7f4169d2609aad24a423ea039da9c6b59a82f174a71f88401381c766d486cc2bf256ce7367205d70179b3ca1fb3faa4a1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD5555c3e59ad4c36e9a75482e42263a479
SHA1bc8e2bf8e406ea0fe6ff440458fba36e6a9b8d0d
SHA25606d85cdcb5bd9e7ee1eee0c660718e384f8096db2084e5e4d6a6b662ae4cd99c
SHA512088ad9e0f7cbe0751d4a0cb5e583ee3dd6cbcda39aa5a69b50a63c979380516cb14552c78521aecde1270e8e88a69eb787c8f3756b94b63e90e10ca61b3ba494
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD542238f2785e496b6d835a09dbd2684a6
SHA13004937cfa8902193b393d001dd1da9c741b4918
SHA2568f43e18f92642e90b741d8421704a96497c7882fc0349b22551499a439c83776
SHA512775bcab8b4dad50e71f17975c804826c17f53d6c6e87818b24b095889b8f0c6c3c71ca742fe5dad9e8acbd35dac0a64b6e148575cfb504efbe651f3822c17936
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD58b0ec28495546785f23ccfdcc39f06e7
SHA1aec7d6795761f958e53b32cf33332a6f5e1e520b
SHA256a591ce3c660b949b054e23b53524d7cd1231fef858084c9816e8dc7e26b2f889
SHA512553fce0d3a9ca15a183e553c6322a3794be44467dce755f25a7e1607e134fc803ee1b241176fee2986cddb0b9054f403c6b921420078e422e1b30d9f863c5c8f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD5bd143e4a3a11ec8229b6e9728eecc465
SHA19d31ac860ed1e84f6c677ac50b2a45ed7cd688d0
SHA2567257b8f8870618e3fdf16c57d0ef0c033cf56660bd617eae9afce927b0e933fd
SHA512158a84cdd45a4bf60338422237308be8ce88b2b3b2a735011b174020608e7b93131d15440d4c0348e6c7afe57c28bf650e803c7b1139a88f95bbecaf66dd706b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD5376da338632377deafdd39f19ca46192
SHA14256e2764f631c121f2e95a6b7d1223955c764c7
SHA256bf90bfdedd4143074f32b4e5014fae99577721c24e5e91396958786020abd79b
SHA5122bdfb88e8a5985eef2515b0bfb06ea423b752e7e8416a9aa32a59e5f4607514f0635b94cbd8cfbfe69ef9c36b69fd31a9104a1342d2e114d12c12032f40b8c2a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD5b587a2f4377edfd88cea1bea83922fba
SHA198475f76b51e569aba1455b7e9e4c7f0c2de80ce
SHA25625596ba571126f0e790f6be90e20a5f120769d018496143c4c10fda3e36f94c2
SHA512445816375ca6ca6567722dee6488cc416d17b2e104622b23f14888a490441da4799a6223f89b2aa3e48e96cce8c7046cd4f4dc70914120f62c82fb776b61644c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD5e82a137bc97f47146d94947ac04bc567
SHA1f15b6a92c391f04fa8f26485401559ffe0e991d8
SHA256f9c17a71c7de05312818fc3559e34f2adac15c5993bc60e20bc92b6077fb64f8
SHA5121b579c923a09bd512cc1b8b134e1e34522a7e84bfbf5496d3386b731730bb2b7310bee35fbcc75b4b6903d0f7be9145807a05d49847ac68c62b05f0fc1fa4d1a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD58a94491afefdf441921b31ca7ebf00df
SHA1ee34cc326c814f276033b9f411b20fb196705832
SHA256c0c86f31fe6394dfc0269e33e3dc5b9c274c1ea9aaccc3d5aa9e74fa497693ed
SHA512d9d4e92c0f93fa1e497018d30ee1615fd501bcdde1b93dd1225bdaedac3c84302ae03d1834f6d116be3c763344a3e9c23e34325ff3962179f2f4e5b417f79213
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD56409e5f4603660794552838a4b9233f8
SHA1bfd5a37aaea59ed11cee15ad24ef09cff637241e
SHA25666b1f2dac957cb2f637983e739d3fa20b441cbe03f8ec8f931afc2ac356ae403
SHA5128b01349beb2e1293c67f6488ed2ba6dd7e1e8fdb54d263ce1301f8f40c6e01e1fe2cd103c226075af798569d5ea71e4afa9615faaf1a1854b5d1733ce8a7835f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD5818c1e80664883b6317ea7fac8e124c1
SHA113e21eb7b4f787df7755dae2f1e5e51a5dbc86bb
SHA256bdf3ca281329f4ff31cc69d198a714e4da85ae599ace0cad3a0e8fd2ed3ac48e
SHA5126b79cd141bd6ff6f9008c6364a33c6c9b1a838df52d1185f6d8b43aa1c5ac66e4c603bc75444578e7e957a0e9d3ad923e5566cd2467d3f53f56f57c0301d9711
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD536edd524b701feae6b582a6eb2f42f9e
SHA17b0ca37e35c1b4327faaf782e613248fe970eac6
SHA256a6fd947e7919af39edd61e45ff50afa21f53e6326f5a819b3d894f030ff53590
SHA512cad64ae826bb15897ea4fa28e4c2ac71a19d15959939042c0130d4565b54bb71137b35ec0e18401452ebae8169b2b7bf545a3f2b1ff346809e287b33962615f8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD555b45eba72bf027e526286e1cec0573f
SHA15cf744345e0491d190ccd24fcaa255162495d11a
SHA25618de8ba19ed18ded83c78a0b30b665a3ceb79614039724a00e9e942c667a34c2
SHA5124aa4c67dce432dda6eab6fb9bf93d6e75d55517072847eb853518ea2cc018371b2d00a092bf6817f2d1586784a67c446496d0d528d9099fe7f1102de240a1530
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD5e3c556dae82a7181fa895fb492c95774
SHA15739819488c7594a2f6c998645240c138a9bd713
SHA2568f833ae83ba02b7961316805193930889d18c65c2c87aa8fe03b9204eecd5eef
SHA5125d83d0c2fd8883822765baf25f3d886284cdfdb236ed9990e8534e3083082497c4fb8b3b638dc562c9d710a33ddc0d0a9bfb7072fec009ca8adfa4b6fad2c2df
-
Filesize
580B
MD5c0ace679a292acc213a0f5b7fc1def8b
SHA1fa7d9834568874a2250275e8bb7fb27ba6b19b25
SHA256573fc3e9ada75b81e8413d825d4f51a88f769307252f0c0b6cd1eef32ca13f72
SHA512743ccae0425ae3a6fa76ff59aabd42c8efbcbde31b3a5d452d01994185b5ef66e69c03697d38cf8a3b8f442cbf1b93c89f65848a9f3c6c5b6551b84368140dce
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD53897ad8a325da5f16da49de30859c8ec
SHA105c689ec01f67966bda76a515f4f36746a001876
SHA25637bc176ce545aa00b7b5890e350faeaf0c525ac82dc0f67faecb6f5d37ed55e4
SHA5126ba9b980cb255c8dadf29e18d2e98907819ada9eeefbcdaca15526e196e19bc3ff16bdd022a5d220e0a82a82e9f7481c365161427ef0f769b1ef032b1e447133
-
Filesize
625B
MD50cc757a6b471df81e320b45ed1f71326
SHA16b60089c2cc9520e958cb3af965b61fcb1e222b3
SHA2562f4a7bd5e0caac37d79bf89692ed1d497e39e636d52b37686b1d0267cb2ef193
SHA5124a7c7b9217db8455839c98341044e489580d5b17a4d32dd674f03d89d3ea89abba6f6bda785a9b0a32d57ab8c1284da593823bcc14e596c66543019dea651918
-
Filesize
873B
MD5c5af2efd9eafc84c63e29550840e0fc3
SHA16f58e97482207657a29fb9da077425561b7c294d
SHA256968e869f1a61f0f611220450c42674449ae651a28407b32d5842b18cdb5a9f43
SHA5124f783396edcc8cf89a57f8e679dde1b6b51fee00cc7676583a4d8f2868423877e1ee642c5db7def4588d2f3073e9704de35265522b01b8a1017465f0fb183232
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD532e17b94572787a1f39d2a7063e445d9
SHA1446d85a3e4fa82013ed94b162d98ef7645c6be46
SHA25684e7bbebd37fc17fab3f3e4d861b8f1dd9b57eeeb9b4e598c7a5e4c0c4edd2f3
SHA512765163c3f89f7c2b92dadf77769aa3754b03c789ccafb56b92b1d72e0eac8196efec633b89c3818baba52f196668510d3cca38bdceaf40f132aa548d74ece882
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD5adcda35ecab3f15e15875a9a28c23c69
SHA135179df0349fd8ae0addbc86bbd27656d0c384ae
SHA2564c4611e260fc26471df5799be8dbc5e0e23d637fcd221f82244c52db44c8ea94
SHA512ad5cc6a95a81f907df0929d2225cccfaae2efabbbf8bdf8e86e25cae34350734b1e48606b0b8567dd601299d6a634c17739230749937c4841fc829506fad6127
-
Filesize
615B
MD576df04610df88f86c692979c030b7e18
SHA15ade945556408e2356ab2b6d0493d9751630fd1f
SHA256834fafdd96281e45cfa44f748027e99b32a6fbdb17566cc1a81cac244eb8b17a
SHA512145aba109b8c4cdbef90f97da594d9b0a0ae08db14c6ae78f8e1c7fd6b9ee8ad6b7a7928911e68a409d02bbb3aa28f820bad27c147f2543ef870e0f4f4a18525
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD5e61c3f6877bc77974eead90f75e41e22
SHA1c88a32bbb2645d5b79be2160b5354832f1e38b06
SHA2565f7d98a69014e7cce261622b3bbf97c0f6f66647a8f0af51eb565729e0d79655
SHA512fa2512f59c94d7dc9677d18107a1b00a6cd7403a947ac84ecf40bd8d977c89085ef62f1bb3bf0197e8e09e51a526e6a7edd2ad700a7d4746db8b6164db867063
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD5b02d814f09413436371402c78986dee7
SHA1281936c51d32b98c45802fd3117e4d5d25857ba7
SHA2563f8e097f24c21eeb126b5834ba048bf6474bfb1df06c13b6078ebdfa4c82514b
SHA5124845338e47fdbe718a5df3b489354f49e2e3676b8e51c27d1762f978f59ab467c4a65243f7687153ad5b58067f636f38771a9a58b164abb9c624935092cb3f0c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD5ca69845aae0b597f713e0ddb79807a13
SHA1c600c68e214dd9a65f31c877c1780e9d9b053afe
SHA25657986a58b09a90f7b19ccba53e9776e5b5b2104ad9d050d9b6d68ece17b0daec
SHA512df8e412118146ca7e7c935ee3019b79b5f014bbb864ed582d1707e475f25eb9406dcb1211d34a2c92148811a02e89c86b80bcdf6dd417e222dc4e5fe31bf3b21
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD53898282c56391bc2de7cc7ecea5b0a09
SHA1d34fcecbf8050e4199352cd214e34b8ce0ede347
SHA2566e60f3c41c0567b7e71b28100deb944c3556c788e495fef923b491039d61fc84
SHA5125d847bb23701ba7860dbf6423a7d04a2b3c664141bcc191bc60a36ce593d082e26c670be5bcd01295b4af27c64a9dd2e14d1c91fcf01f6ad434eb4deb80d4cdf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD5af789eb05d758786177c43a0e325e8ff
SHA1849b95c60566b46598af3fa558049feed657f5a4
SHA25604839e3338cd8545ed52d557df398e267252b08313ea2e481e6427dead8d597b
SHA5120a7506c64012ecc0bbf297faffd442b2fb56cf365bade5f55ec1f8b70e83f32f6204e17d6f751fe6cd8183411f8388138342567faef6062dc9518bdc5343877e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD5eadf6588348e958ed9de99df2537c5b6
SHA13b06a48a22c649756498513da04d846898282142
SHA256f99e211f1f3b07e64b6bd683fa0e40faa98b6b7ef364b5f73bdefa8f9ae57e7b
SHA512ecff5a823e0c5f60bc21bc9366882626ed87c085208e742b62b4fc92cd61ce6d495d79f11e586c729b7a4e267ecbb29ecb03dd325534e8dbb4d1c997ac38fd31
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD533e994efdbf0c78e1d04c72f0e431167
SHA1e7faf485a53d0e8713f7bd1bab660656cb0a5750
SHA256ab284b2cf26198072e639c0de3245cbfcd81adb20f0af31e6a93eee9f044f897
SHA51222339bcef4788c894d5d95bc93704df7eaf7176d74af566f1775e4b67dbf7a5b6b1006cd8ff3b9007e327d026ea80b5d67ef0562b3a529f7b90d9245ef756a83
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD5cfae3cde273b16947d647e2902221a99
SHA15758dbb233664a0a8d26278acff687559841d8ae
SHA2569417d608cff41af438f7a0e7ef5cbed1df215d899a992c6f25574307e347a078
SHA512d53d8cd994c9ed81cfb5bd36b7b6941d63ac0475cd1e6f789630324def955c68c6075a71eba4ebf88dd76ced6af619bd757274ae0b39ae827e53a0d935c220db
-
Filesize
153B
MD56e3cad08bac022872618a3c4fe5872e7
SHA159777f8943343f886bcaf879b089484c9cb87e9f
SHA2566fd5cc7769e635b1f192d5a233be40b75fdae6b9c831a78d5c42c8326f99b9fd
SHA5123acc544941cc1ec732b034e8e4e10ed402731bb1b41189152daacf41b590701cc0b87a7e260b3c59ef145c8e385dec612487954a204b8c68a21066071f60e925
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD5a16402b0aa99dcddbd44fb27997f68aa
SHA1ecef37f183116b1a4531cdb76dacc15af8c8f9d6
SHA256d945419550532153d1e91b29fbb5979eff74179b5608686573b9fa420246dcd7
SHA512bd0337de92921a83974e1c2aa2030ecfe9393e911e477dadb4edc4ed252239fda74df731f80e82fbc4bbc92609db1075e20290da3b5a7802b39b235e4f04ecf4
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD5c94e573e97dc972131655aab2e90ad6c
SHA1c135b36eb8511acec406d1ea1d24819c2fa1e704
SHA25629fc063316ebbb657b9f625e56b62dda429d52ec6ebf71f292ea7c0dc9266c54
SHA512f50a53a777f668d7da3bef4f84c4289905b41c96733a22d3556f3592aa6394c77aad057ab4b6b2e9d319829b634913886f02812823fa7094fd5e27f44ce84183
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD5e4c3658770caeb38827543f0d3c04605
SHA18ace55b248648914c3c49c4a52cac6b17e4c8b2a
SHA2567600d7cf13f1520dce3d36a3938f35e53afb4091b72f66df6dbd6d943ae6868c
SHA512ed65bb28d025208691fbc65054afff462fa30e8becf327866fcaebeda8b55b0dcdb36b0ed4c8243b1d88b3fff44bb4abc5cc8ccde210f7bb71e731c529aea8e8
-
Filesize
109KB
MD5e0522b8968eb140dd1742a3a7da61025
SHA116728363337bbda84e1ee9d906bed2c0bd14e5e5
SHA2563503e37f55ad16dcbc05cdecda904f64f5ff521ae8694668935819ac4cc354d9
SHA51282d90310bb5cd2974dae2fd24ee099cb81df8db5dc96ab21eebcbeaafabcf7ae08bab21ddcf9f73e0365cb5e2bec0edea2b83f65a070e8c3761f12fd1ae529b6
-
Filesize
172KB
MD5b091f51e6a58a982d4af0f3af85ecac4
SHA18bcae2203af66e4443be71ba55b8ec25e09d3249
SHA25632ce43899d91dd502fb307b57ba235fb7fc2c83270c8cf68e8df0e6f2933394c
SHA51271826b62a34fbd894d47d27ed79b9d0ad1b5fcf9e9500a2564682e5fbf40ab43e0a0ffff904a3fbf8759704bb6bd81c8c3bd13c302aeeb4c6f8409f3d9b0b664
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD5ddf5112760d6b319bd3c682e1c362264
SHA112df88c3593901aa116cbe18adbee184e18acc16
SHA256e7f061d9fe4a895dba76f998d9b25651be1d5f00e9fcf1a24910d13a4308a416
SHA512de0ecb9d0b1f78f7501b06682a441196005e4e81fa70d9ff6442561619d73f71e1f7cb6b4eb320471f3b4a1dc83f0bdbfd19874578b72a36f3bc1c3ecff76240
-
Filesize
21KB
MD5a4e8722e6833cb2998cf4096cd748f81
SHA153c8a3e879ebe3be80657de19a06c9fbf1812f2a
SHA25639fad2dd411a6f293c85ea1504623c42c381935cf884793136da6bdbc4767b32
SHA5122da6a2995939510ff64cceb5dff5c5ec2ddd71e1745ed3f635bddfc04b56e7dc255de8c2c5684b8a4d7b1bb575c2e55225a8ef9d44e2d5a13fd5227975b20846
-
Filesize
1KB
MD57dcd227a5633751baf6db52048983497
SHA14416b614f4b48d19a35185378ae0db2b3a126acd
SHA2563032d5395e4bb6572fb497923f50d7c9e1b83b4116926f7fc930245ae0fa7db4
SHA512bf946373ae0d42b1a180eb147f1c6ee4144a36c3b33c2ea9b6eef76a1a2485f4c1716b8af60807aba03f6e7980a66f4286731e62442bc0338c760b50b778cc22
-
Filesize
952B
MD55605dfdab0c1f0e760544da59a294338
SHA16ef9ac208f76c43921289f0c4699c7d85cc652db
SHA256244f602b98689073d967c1fa65ef35477aa5ba83b61ad2ae682ed1ac060516fc
SHA512793802bfea1f94f3ee83047680fd25a8eae5139ab9feee6ad6e9fef194086cf8b307d32d6df5c6d491bcbb7df7aca414ea79fc30e465179fc9024ccf44a5f889
-
Filesize
121B
MD550352b8876ff03d7a5515bc49090ee08
SHA1a2063986f48c7e75d21c595879b14228876f318c
SHA256f7e3bf9e249b30027b8ddd7cdcbec3f9fd45fcc8800493bf3e221b6a1f9ac15f
SHA512472df02a424fdfbc530830f8f7682cd32d09287a77a8ec22ff16c26a26d4c7846176a407f009cf7561c7fe726924c8915c669cb27b81077472d74135f5b575c8
-
Filesize
1KB
MD54328030c5e2f5ba3c97a5d378548e7cf
SHA103febec79c4ca77702dbb8e4269add62f5257b57
SHA256d54f2f927039d394f05db2de4da9cf676dd00c7351df14316a9545f95c02528d
SHA5129286e15b719223aff75cc3c49e0f774c846f127f031ef41144036b2caacecf1db95bec6b114bf29ac7ca8816c60f30692bb3101465f7347f45c0cca0170a777d
-
Filesize
8KB
MD594f3e8abbad4924ca9bd23736cda8c68
SHA1cf400ab186beac039d2e26ed753287c4b4dada9b
SHA256495cf591492f2fe099cfeaa4c0906ca89e7921055fd924f053c0d9f44d9b46aa
SHA5125ad7c97dcd310aa79185c1b44de17f1a63f75802c47f31f339a0be3c8cfacf3167f4bc762198456d668e118b284087de4bcf26053523492520a7ba2733a9e409
-
Filesize
914B
MD5641acc3f1fd32fe91672ff8df6eb25b7
SHA1dbb4682dca7f294a5618e89a35486e713e51685a
SHA25652a1b88b738e336815e663b6d8538f56d260b8e913ee5faf5d2d9b9eaf5f4d1e
SHA512e638495122aa801067cb2a312c0e34c06f31632af8ce48e998694dd4a202a470a16c58d6a397cf98e47354db7dc0f2460e694b589039fcc4751b574f0adbb5f3
-
Filesize
90B
MD5a3458ba856d9c89dafd57abd048dd8c0
SHA17c5022ae99a3d5b35dbfb32b805c64e743858ffc
SHA25647f804378ae1c0eb1a84fa2a1616971004183110e934167ef0e8ffaba7f73938
SHA51299908b4b47664c62e72eb56aea6852e678ba07fcccdf8382d9164d8660a1933e79765fa1bbcc041e619eee000133f798b6a7b0eb800e36704f72cfa87b50012e
-
Filesize
90B
MD5c92fbb2aef7cbf08add47ad4762289c9
SHA110f657e1d3efd17181fc05e247ff51a88dac115f
SHA25624968f539f03e49c2f53ba2805a0dbd7986c32020b26e55ae15e47a709769e30
SHA512b50dbf44aa88064492c271379384d58fed74ec5e527be6554dad614f4ccfa533d06f9139c95506782757a0f63ded2bca761cb3bfadce6d785566deaac7a831fd
-
Filesize
328B
MD555faafbfce36f6272b50814e946cc6fe
SHA1b625ee0b2793e41024d6be17e7169bbc84fd19c6
SHA256b48cf797867ca91c42f238c0ef279c89eeeada705b30cd3427a69c238b424de4
SHA5121b98242a2d32a10f5212867253193999d3b456055bb278ad289a4118b19ede8e3564fe95c230717cff5e19f02bba21b8c64f8cb3922ea3ae2a9ee2e6eea40324
-
Filesize
1KB
MD5a714695aeb95547f973735b1a23e8a4a
SHA14cc57d36a370bd2218de9157036a208aa0fcfc8a
SHA25629c509be437bb79e13f9f48403f95c6a9cd51680b63ea9d60a5a19aa496a9a7d
SHA5129e89d9bb94ea86a084640a1648e24ad0af3172823de2b4b0150a15f6eb18f56201ac899ff3b9c2c07471e3d092f7d5c508cd3c0f0fc5884e0c9a5206efed83c9
-
Filesize
162B
MD515af0028c28b8ecb88b263d578033beb
SHA13af80907e8854fceb1a8607decac199349ded052
SHA256e472308e08ab5e2f881ea21201f8568e65521df9121a9422fc03bbe251efa20d
SHA512443210307fdf19716fbe2f077457dfd3c8b87b310b8f7ba4beed4ce933dd3381c59eab4119b8df19e76e0feb7497401a3d069f4e0b1922e6176119c874ecf1f6
-
Filesize
586B
MD50aaf86a3a02df17767c6bf0e82503a34
SHA13cacedfeeba46495f901f07f39692612ee8e4b6a
SHA2566b4bae3f8953288f0c8c29d4b026b25a5901674200349738aa906c4e177e151b
SHA51259cbf761678d187d9f5fdfeda95954f177d5fe62b96e74fade634140bb2a96e489cb57feb6c052cdb1559d1db704c6ee300d672dd77e40e1dd8c7fc1d36ccc5f
-
Filesize
124B
MD5436901edb1e32c3cb0c6bc42514a2f8a
SHA107b8d55844aef54632d5464451fac6036e09802f
SHA2564822ccb59d36277cefed0cdd14e9c258e8cf07c2b3858dd399be7deb0871ed49
SHA512b33e5cde319a6b5ff46ea0e98e6ad751e82adb4746e30d99b0412e4b280d7a711c22e1debdf268c4132928b751544aa987724ed513785f22ff540c881c8d4ba6
-
Filesize
8KB
MD53dc120c7f2ea67c0c3c299d75d39dca2
SHA1a0226eae6815a3c1668f05cfabc0767a427032ed
SHA2560328e4e5c7e1e320164fc44fddf1a6b169b9a6f0c0a99e8e6ef533577a420496
SHA512eab66bc51415859c4f7c3f0df77e6ab79be156403c9c2b0200cd2d5ccafefacd7de833cb63a72d639ac835c44b132c3294874ca016904184530d6046bdd5dda9
-
Filesize
880B
MD5c9e8f85692a6b0e3d33e76d3f00dddd2
SHA169994f7d63eadcb759441fc744f47f0a377ac7ac
SHA25688ea587d43fea5b6e461cca659f187054d50c2a7fbadc280a7b1525eb4707a75
SHA5123350cf375c8b5a6fd8c52b30f36563a2609991a80e5d4dc12b279d527f9485f5834fe8c709c44e62164ca1e4580c6973bfa0efaf8444ff33fabf3affb5bb07b6