Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
27-11-2024 06:40
Behavioral task
behavioral1
Sample
a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe
-
Size
12KB
-
MD5
a67103a77e52ef48f74beafffa7684e3
-
SHA1
81486fd7018486d5bd7106d0677e1ef0c199d834
-
SHA256
4520276c85f64eb9c98d58cfeecb702a468aae19180f0f35d9705a996f5414df
-
SHA512
175803052ce0ea9b3ba16cea2b285c30c1a5450f2e95f855a7f9238e978be11b5965c2caaf628fd2b20d5f67ffa46237aac6de364a90ae5a3772c697b7891e5c
-
SSDEEP
192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMCVEN:eebFNw4Pk1itKkpAjjI2YpdmC
Malware Config
Signatures
-
Renames multiple (2214) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yymq9398r5uRQCv.exe" a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_neutral_3500779911f7f3ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_troubleshooting.help.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\ko-KR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_properties.help.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\WCN\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_trap.help.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Comment_Based_Help.help.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmcxhv6.inf_amd64_neutral_81ba64c5b6150dd3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_neutral_59c2a018fe2cf0b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_neutral_99bb33c9a5bedaea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wiaep002.inf_amd64_neutral_0a982dec66379cb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgen.inf_amd64_neutral_7a967d06d569b1e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\usbcir.inf_amd64_neutral_379fb0c62496be6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\pcmcia.inf_amd64_neutral_1678e66e0cbb04b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Column.bmp a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_neutral_d9eee378245b3b8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnin004.inf_amd64_neutral_c8902ae660ab1360\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\MUI\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Path_Syntax.help.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_pssessions.help.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmts.inf_amd64_neutral_b7f0a8d5f67c19e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnle004.inf_amd64_neutral_beb9bf23b7202bff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wiasa002.inf_amd64_neutral_6429a42f1243419a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_arrays.help.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep00f.inf_amd64_neutral_a5f6001b957bd7e0\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00v.inf_amd64_neutral_86ff307c66080d00\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ricoh.inf_amd64_neutral_66b4504d1fb1c857\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_pssession_details.help.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Foreach.help.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Signing.help.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmhandy.inf_amd64_neutral_386661b46df6da3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\es-ES\erofflps.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_For.help.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\cxraptor_fm1216mk5_ibv64.inf_amd64_neutral_3eaae75b591bd148\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnbr003.inf_amd64_neutral_dff45d1d0df04caf\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_hash_tables.help.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl008.inf_amd64_neutral_d225e15af1a594cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnbr006.inf_amd64_neutral_f156853def526447\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep002.inf_amd64_neutral_efc4a7485b172c07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\winrm\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hdaudss.inf_amd64_neutral_330a593eb888237c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\vhdmp.inf_amd64_neutral_c3910bbf4fbccf97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\icsxml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\th-TH\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\zh-HK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\Windows NT\Accessories\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\currency.html a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\System\msadc\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\LoginTool24x24ImagesMask.bmp a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\CASHREG.WAV a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\slideshow_glass_frame.png a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseover.png a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101860.BMP a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0313974.JPG a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02738U.BMP a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\THMBNAIL.PNG a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewFrame.html a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATERMAR\PREVIEW.GIF a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\1036\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14882_.GIF a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Text.zip a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\WSSFilesToolIconImagesMask.bmp a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dataset.zip a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR6B.GIF a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Places\RADAR.WAV a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_settings.png a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\settings.html a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-disable.png a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR42F.GIF a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Mahjong\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_rest.png a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\flyoutBack.png a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\settings.html a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01751_.GIF a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02116_.GIF a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_AutoMask.bmp a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0148798.JPG a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_left.png a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\plugins\mux\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\settings.html a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\THMBNAIL.PNG a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382961.JPG a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\10.png a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\amd64_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_6.1.7600.16385_none_533d797efdf7728b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d919125201e27d7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnca00g.inf_31bf3856ad364e35_6.1.7600.16385_none_dfec42405b072543\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7600.16385_es-es_59a756fabb56ede3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\schemas\AvailableNetwork\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_pl-pl_a490415de38a5cf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-msmpeg2enc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ce23d1c17a69de4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_logical_operators.help.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..tion-core.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_cacddf7f88d7cf75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-heritage_31bf3856ad364e35_6.1.7600.16385_none_5872c0830d0c4747\Windows Navigation Start.wav a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_execution_policies.help.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_mdmusrsp.inf_31bf3856ad364e35_6.1.7600.16385_none_d5e80cc9e393e749\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-b..-ultimate.resources_31bf3856ad364e35_6.1.7600.16385_en-us_60159d8e2e7b2507\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000201a_31bf3856ad364e35_6.1.7600.16385_none_5866b6ca704d85a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..play-troubleshooter_31bf3856ad364e35_6.1.7600.16385_none_164e092b536913c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7fa92a4e1adcf67f\settings.html a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_brmfcumd.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_fd3235c638fcc522\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-n..n-clients.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ecb248e544605915\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-tools.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a36bf8093e2548af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..-platform.resources_31bf3856ad364e35_8.0.7600.16385_de-de_a3a86c1770db4e8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnsv002.inf_31bf3856ad364e35_6.1.7600.16385_none_6119bb87c03fede1\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\msil_datasvcutil.resources_b77a5c561934e089_6.1.7601.17514_de-de_2d11f7b0be7b688b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_tr-tr_902cc518d005c4b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_Return.help.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-sensors-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2cbb315567742812\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_display.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ba89564013e62a10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_lsi_sas2.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b8b562284a9c84e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-f..utilities.resources_31bf3856ad364e35_6.1.7600.16385_en-us_df5f68caea3423e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..converter.resources_31bf3856ad364e35_8.0.7600.16385_it-it_4e688d16b3f15594\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ie-setup.resources_31bf3856ad364e35_11.2.9600.16428_en-us_3384be52e5715679\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..onservice.resources_31bf3856ad364e35_6.1.7600.16385_de-de_67dbac01c72ea261\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_battery.inf.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_f1e80a5c0dda0243\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wwan-netsh-helper_31bf3856ad364e35_6.1.7600.16385_none_28ac626c2ed8e07a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netl1e64.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f6c0f81aef0bf82e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4bb6a2c1116afa22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\msil_microsoft.windows.d..otingpack.resources_31bf3856ad364e35_6.1.7601.17514_es-es_2eff5ca16eb08c20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_regular_expressions.help.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnts003.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a186b9ec18383363\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-c..rformance-xperfcore_31bf3856ad364e35_6.1.7601.17514_none_353779038537f286\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\403-13.htm a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-shlwapi.resources_31bf3856ad364e35_6.1.7600.16385_es-es_af8fc72c3de10579\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-uiautomationcore_31bf3856ad364e35_6.1.7600.16385_none_0c0d85465bcceb37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-f..-truetype-levenimmt_31bf3856ad364e35_6.1.7600.16385_none_e0843b84595f479b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..ginworker.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_dd02d03516faae88\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..ls-nltest.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c520779c48d0ce72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-wallpaper-nature_31bf3856ad364e35_6.1.7600.16385_none_d5909570704a09c0\img4.jpg a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnep00g.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_16a18f73f5c168db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Security\821d4406efa3556465e6244fae26b536\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_megasr.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6a9f3602db6a812b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-g..lorer-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a95aead79562c80b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..-taskhost.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_faa4614607fe2487\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..es-drprov.resources_31bf3856ad364e35_6.1.7600.16385_es-es_643daa0d88612185\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.1.7601.17514_none_0fcd98a23fa9452a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-ie-jsprofilercore_31bf3856ad364e35_11.2.9600.16428_none_90e013f98e0ffb66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_it-it_afcaf26637d67624\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-f..-truetype-cordianew_31bf3856ad364e35_6.1.7600.16385_none_de85488c0241f96e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..layer-vis.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8ac1d1e3eb9abfdc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-shimgvw.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_409b8e1ddfee35ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-u..assdriver.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e5eb83baa658d423\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wiabr002.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f73e70c0e54287fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-i..ltinstall.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3d5ddb429d18726a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\ehome\CreateDisc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\daisies.png a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..eoptionalcomponents_31bf3856ad364e35_11.2.9600.16428_none_e410f56f6c4ee930\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\DefaultIcon a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\shell\open\command a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\shell a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\shell\open a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\ = "CRYPTED!" a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ORQUAXCYSEZDONB" a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yymq9398r5uRQCv.exe,0" a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yymq9398r5uRQCv.exe" a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a67103a77e52ef48f74beafffa7684e3_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2196
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
282B
MD569a98ef655778f1cb3764a923acbae80
SHA122683321e95c9a631039d15fc49ac5d3e639ac54
SHA2562ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2
-
Filesize
341B
MD5df7fd5ee94235cddaa8bc22d05b0aa0e
SHA18ac5303fb2ca1e8821d591d45e67243c8e7301f3
SHA256dad0a4ab20ed2e95eaaa2699111e586b0148b638a51141079113b7dcc0687beb
SHA5127839ac583b020031b38ca2e0edd6d2d3b6f80aa4a474963c815731a6a7c70583c08c423bd5713d095b7ef28a3c8acfeb027560be6d0435f494f0f4c99ccd2e0b
-
Filesize
222B
MD568dc3c0ecbc6c9b6cdc1e34a7b3fbbc9
SHA122f3d7fa353dba2c859d104a30de9a14f08b61b6
SHA2563101a5c04f78e629c8d32d18d21c9075457b49a0e5488854a7a6619209b4d021
SHA512c9cf879527c7fffa5791b42c9893e3991ff218f2f7b933c368fea8b4d5160772cb4f1a8ad630cdb256384bf7a5d6fe261196fab492abb89393ffe4f657e98466
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD5f7dbcbbe7bed6e3698631bf24f0c500a
SHA12c825feae02a76562d55f3adcc6301740d7ddf63
SHA25681094f1c98059c8349e30dd3050ab74cc5681d923351e282cbf6c30a7606cea2
SHA512ec79a621fba6fc472dfc102085f09c1ade04e955e5fa426e1bd0855341932b5a71fd53c82362c55020110a7f38c29c186652442445e225f2f8d8545161f1ca0a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD5dc88f4f7ba62197fd02c73cd79c5d588
SHA136cfbcc770347121c7884b029743cf22a584b59d
SHA25653707fa72e035931d15911870c760e414307855361424b3ddace13c0f51de94d
SHA5126a22c8fba8c26a56abf19c633df358c8cc06b9e4f21cea59e997d41552110ad3b36d913155e315bf58c752c1de01303299f39a13962b34e968802f128b73a660
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD58e6532c54c7862357078b9364fdeb13c
SHA1970f0d69b405e5a243e68a292d64417fff1b8cfd
SHA25645c96f0c0d4adf92a66c86b139ec0e0f1864a83a48d7366f7c8fe1261b1aa426
SHA5121e078237f42483fa25364cc697b10d300def544d0ba12258e0ad4423894a758df2789b77f7557777fd55e0af93b88590ab5c737e2973ed3f1ed785828bb0df54
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD57e942f798bf1ce8162897381f0d2776d
SHA197901ef30c370ae8b804a914db4dc8eda71a5c56
SHA2568a332a7b6b5222f43d71b80996679e7ed557fc37c7bec7d891b9bea720022439
SHA512a7e5df9bdb7eb00d3597b618a061d3ed82e5c0cd14936c6f6b5b66990a71dcf789e5980de3733d3c13649b20e8b8247d0d22995eaabfedef746325464dd7c805
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD538b6d5e7939beed72b5b2a61fe45acb7
SHA10ea7c2426c9a9a5aae544a79a0c976c375e998a7
SHA2567f4b119c0e8cf06a74b2f542405cd5ddb1d11e30a5621db51e3f6f7ed522043b
SHA51208062f5669e8e7d563922c74c1036906bd3dcf7a1b9b17ee777ae90a356e9985a51f9c7f8881c2b2ff1e4f3102e35a7242913f909d2b239227c41ba19c8de14d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD5521046d5586a242f09a89b96106b2990
SHA19bdfc060f5ab6d1bb8da710e742432e9791c5e94
SHA25653754407027c1e949940c5b2bfc889433d97e8c68382b0deae267909f5787b09
SHA5129358026a68694775e9dc8cf7074d0f9d1af4c99b08ac30575f07805ccf0080010f41578463636ed4d029a7af939036b63c31415f0e7297e93ddee46f957ec246
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD56eb38eb39c8cd24928f2e5cc36503c13
SHA18217a6b18276854229b0139a787a08fef90d1c58
SHA25627e61b954989cfd2c3ba01ab369d4fcb970a5a73892aab4b926629c4d5689a4f
SHA512b7e7a44a073e058c821af2ad9a92153462e4ab49fae2f7ea235a256218c2c0a16b45fc1151619ae71866e0379ce53f0af3b2d7849594a57a649f9c54fcc5aa2a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD5683ff192c03fed68f8f43280a2b9422d
SHA12b0f14db778ab49d7e5a8b3de84b0cbc3e85e00e
SHA256c46718d1d7375b7fe2b7d3e4b7a96e244c03f6616c6f066b13106bf261d54a2b
SHA51241304b52b15e0783948389e9a3ae0d5ae567922e10a92192ff19d3a6274b820fd266b21a1589d4d081fbb7bc497d6a1be6c0341d01871a1e243bffaa0a60043c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD5d5476a522ecb23a7df38850160ad6f1c
SHA17c73f3a02012eb0afc011bdcf9507aaef531b5ba
SHA256ae2974e80460a262e46bd175fc06d36e9daa2b320df0a7501577307f4ca79c56
SHA5123c2620b81556f3ac6e95decedfdd194d74566001353d1700eb12b3ba35181bbc15ca69c7248233cc73bc4061486442bd038f6e037910685722d789a6cbb016ef
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD5575b8a6496a02dc4645487f46aba7d02
SHA113687148c270ec2e0ada793e3e711692753ff25b
SHA2564f430c6ab4d1023759a841b377a11f6f26f4c09e334b3a520e50ed5593ea0f99
SHA512504fed004c9fd26ab881de70dc3087a162d706ec7b81a80ef8ea34f377accd5aaaf136bf2329e3fc61edb956eda8e6e950166075efb1e3208c5e864c5e97ca6b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD52cb5d9171cc4080c5336b9a2d301ae69
SHA1d21973db3c164cf1c857a52a9c8d6870781382a1
SHA256f3ae87c23422f2fba25aae8a31c2dc39124e31d14cdfe8e4eb3251823cf8072c
SHA5123476a97a039f584473c2f7561cde6e92ee6a8288d7f8e3a12b4fa03bd2f531ea875337efb9443f459d4f9d4c3421ff441f3b384d4c72293aa3369bba1117dba3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD51c3b9e285079404e3eb7bbfab6118a3d
SHA132137a641ac48162fccafa16abb77573364269b6
SHA256722b2c8610226373bc304fc8ce1769d3a20feeceb2b4945c03ee3702e507363b
SHA512148db4b93d895d721388372da4658ed2bf8d79b2bb64e1af50d2b9838f274bf383679567e5202eaed21b948dfaaa89e4e3926a9057bf4a64cc7417622ea7fe15
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD54f0dfc167f46a8a8b2fc402f12983a48
SHA139b93b53cfda812a84cd19f1e14fd2498ef8d2ff
SHA256cc5aee0b91e59b06f5a58ef77eb803b7b952aaa7f272dd1682912a3234b16dc4
SHA512414358401967a7d1ba916c5c1f42d236ea54d1e5a90902eeaab04be73bf4d1a86927c94ab973ffda35ad71dd0045b00c8fdca8d41a7f24bf2e935ad5d2e442f1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD54e80122ee34a330a1652a2824731fc41
SHA1a71e6a979b79d3f4ff0ee1d473c0a09072e6808e
SHA2560ba80a857fe04c5f22ac3fee3aeecc5e247857b1539519c9df88b12026424562
SHA51248c912d1e99976e9820f5bedf1cc3f4d3d726acf3f3924350dcca91a1ee33624dc97b11c974552276483ce6ce9cd322ad74c9e94aec9e92ad4473d473e77d64c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD5624b1adaeb313a2913213352e85eca6c
SHA146a6b760c4df79b6cef5d84c2296e10a07f0899d
SHA256aca5946da28a73f98e5cbc00676c3ddfa523f3b7df6ccb12b4a7b81bb018366f
SHA512546cecc68b8233ec75a76edaeb75d69b3b7a1bb73abd14523b21881d8adc0d69c60193f2c92322083a979d3eca12ffc120127bb3431dae30935121f6cce5ee92
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD5896bd25b4bc59ee91fdbf44546f28d79
SHA19f566ec25a8ec7fdaa24a8f23912846de90d536c
SHA256d27f2f2d371033ed837a689998643e1af3114486d295ec5b6cafbb93c0ae5e2a
SHA5121fff78ccb50678b7d2f522ba4dd73186f05c4d6f087bcddf7c318e2009680420ac083306ad6c891913453e648f122a8ef49a82ec79ca5983480b0410fa36fc42
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD53cc0a4e78a8d728350a4566ad19af04a
SHA1fb00a7b0cb25044f579d85725fae9c765b35382c
SHA256105864d25d5c259bb6c8c7010c79217d434280f55ba730f5500e4bbba2c64613
SHA5128ea7269737a31bfa620500ad3c228264b8e65587becd131a6671144bde73d3704431a651fc4f5bab1bb8bb71ae5afadc17bfab6d05f4e67654f78c02a4dccb52
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD56c3022fd14d6f2b2559adcfbaecaec2c
SHA18c9d1b038a26cd81fc8c90e0b54739fd2103e768
SHA256c326ffcefe2efe4de962d7b04ed8de44db7967c0fe1324a156ae1f549c3b7f8f
SHA512ad069c99a07362646fb1d1ef3737fd6a7af89cfe6f307ba56a7ccf84ad0ba2b692e1a7a48c5c1a8fa62cb233104f3a7f0e0a724808f590fd20d1883f47879ec8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD56eac328a479019a150d1223a2c5959d5
SHA1b02238f01bb742a4ddc29dc216d6524d4d3b3bfd
SHA256d74c78bfa53e715a7ab3c26b4a1fa726bd82d89e0187ee8bcdc55a86e9c33604
SHA51216a1f6a69bab04c9f8049289f6e11686d10b7a935ef427a4cb76dbc6096f93ce9457c765b9e23bfe9e80927878e27a427208e9b7c3cb9b5b3a264f1a958f38c6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5c3c4f23b4b141f91e591a458cdd0c660
SHA1e630c2a43c6c8186a947fb6e60ad934b8789e289
SHA2561680f6f362f2bcaeba44f5d9c8b785c9e2d131455822d4f947385a91f2912f61
SHA512c7be56db2de2a1dd8922994638a14a3c0bc1fd3da50112d7803ea26942f0bbc77cd62a35b90334e84c2719a30348af5bf4732339e74be03b22c86b24f2389533
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD59aa075008cfa8360c2e54c844483400b
SHA156eda9b5afcae4529631c23c83e69f19e0d1ea35
SHA25651de88b33d2c4d6685bb0cb046cec20cdf61f4afd415ed4b23d82de03ffb98c7
SHA512c6f5caf88910c5626cbd306003c9e8fb4f0ab9e1b1e86b7a9812cac37baf4c46581cf3cfa58dc9e9c8e09da565883d06a327c5cb3b50db349a1c9b89c16562b5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD551f76db7267b5e6394acd4b44fb4e083
SHA1e5773eba4cd1127fc5b91f1f3a778bc614fad7e9
SHA2567945afcd1789c1ce8ecec182b85d76d967c7660eb228d7b80e60654baa1b1d0e
SHA512ae31c83ee3a8d4a29c1ca7271336866c67d4c77536ae448e29f6bbd239f39a7f775dc5efe3bf75157af41592915bb09aefe68b4823108edf9b3733a6dc54ba0e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD5d9c25fda1f8551a5c6a1f1e634a1ee4b
SHA1f7df03ae5302623eab1de70946cad0d2d31fe120
SHA2561130598f72a58b27b19a8071acbcc9728d1aa9974a4ecb40795d8d4c11a2f8ac
SHA512abf3686959007ae6cfb3b32d9a1474cd12eca53e3db24648e31723a225cad5ef3485d863b2302e0fd5a480263f47ba6c3b74bfc96338645bc49b0c578fc3d316
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD57b1c45723b7429fcc67c5d74ec249e15
SHA13e81e5b1457b6ba176fc203d97f83bdcadebd58a
SHA256e08ff29e3f429cba6530af24f034dc9b958134b654c073257d327145a211b86d
SHA5125184fec554204b040c850872acafa907fb23ab3429efbbd01fb765a82cf653f888442a951e006e7764c08f9ed96e344274336c53ea8641a09f6d7a0ae2b8c744
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD577dca660893cdf64760af020f9b3c5cc
SHA11a0cb36e5eb1663b3d0a5c726cc1e7caae949855
SHA25654ac309536f3241060244efae73b3417b43029b9262840d52ddbf7d3218f36c1
SHA512ae9e276b442d4b227e879c7ced9e1a9a7923d1c9faeefbd22f00145e89899ebc64754ffb8d9fcfd5fdd1c108ab3dd5a9f8ad203530e29a3bb6793d46bec3dfd4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD552f9d67b57fb5cf1ea30545552b804d2
SHA1935a1e9fccc911af8c7251817bc6f22fd2adfa42
SHA256c020112381a37ca0952ce42f8bcd207646c280f36d54b4c5bab2a3c33e005e0b
SHA51245dc5ae6d07a2d298be872b3ed83995ee1ce4dd0d2fe641b454b4c6e4a3211a131df3383e5fdc3ace82a80653e98d66235efabbf00c0da99157bc040136cd108
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD531a4ca6d8d5f5530dbd550a2c8f8d0e1
SHA188cde6ebd57878ec1c4cd783f9f9c63a1b2bab33
SHA25695686454dfd3b354dfaaa4a07177c40258331f9ff5c345a92a60e17feb415450
SHA512d8171b0d609112cf0d9bbea2e2f09bd3c822a1a61ed09332a0122ec974af29029b3cab80db4aeca221594473301b1c301c0e8aac0dc94e881a5a18afe7a26e6a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD5109adbaff54cfbe3ec7d98963ad193f3
SHA10f9d94b371dfcaf2feaaea428d45b7558463af84
SHA2562c33a4af66ef72734fc882126eb0168eafb0c336ce992bd575b0e8edcb0bbd45
SHA5126cd16a63299db9f0fac79902111360c46a1fc59ad5b97d538c30e403b6f5ef7f455010a4b6c381af737c384cdd480c39cf9fddf194f8146305046a2c11731c3c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD5004cf380a04f2f73ec650b5f9a21ac3f
SHA1eab91d76e8b631e22de88461d8f2e8e85cdcc7ab
SHA256c3a7155ea2d6a53dc9342d7338fc84ff53c5d2ffd9687a7494ef44188b036d8b
SHA5124ff9efa6f3413803151b83a4daa37bac7fc378ceb490bced8e0265d311a445a40573960166e5bff9ef1ac80ac64274caf50ecf380b396b38869caa24c5badadf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD54283732b8800e7bfd70688b4e11c2e94
SHA1b7c54bbe0fb7d895d6a874db564e1e21c724641a
SHA2563ccc6c2486a55ab0f38e2f70d397af7666d2a21eb0c681b9561f101f3d3b7739
SHA51216120657ff72aef8cda5dba42085498449136523ea72667cf69fc13e9b64a66cd575bda5323fc7e58e3080694cf9e89e9da2ed05ceab10a4fd88974d1d38017d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD51dd39d01de0ce8ebc65631dd47cb615e
SHA113b30996d98b07205c5953564380f21ee148ecc0
SHA256de43c8347b75ef953b1db1d350df694f0c19da48b685c48a695da7327b162ab1
SHA512c92ff662f775e1ca6a059ded56b6ce52601049ea42509aafe294fe9164d133bd4768364a82cd947a60e4b2ab0b4bef3f4610f5831e95fc6a1c8368d0005dfe3d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD54723c74935ad693bc90941995806ed47
SHA1febef6b97268ae2f5a88ae10656e8bd46e7575a5
SHA256d1e6dc171f389f8a08892157d77099c8cc76f9d388356c52e9059655a9450133
SHA51256695f50d30f93b374ab2019e6ff098caafb6dae712e944b6cfb830a18d510a88ec5d96a21479673ec253ce5c7aab7a8ced27d279e229803fa60e3cc45e15871
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD5bdccf627f9e4cca175962686069c5a53
SHA1f70736cbdd145d6945068b28db44ce8c964036a4
SHA25674f51ea15780fd19a3066e21bc50a7ac408491e84111817f5e8708ab35414522
SHA5122582dcf81a5d54053cf9bd4b7e767fa18988ec32e96bb1550ea39cc77d7d660d973836b7b30d30cb37d95e461a948e34308259a30222a8ec611e0d6981d49040
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD54b6ae4c427072165dd689a1fde60dba6
SHA138a185f147c22bd7f29893ec30e1056a994500f3
SHA256fa90a9fb0b56c7ab6f1c87e2e6452cfcce10cef5c916ebf2cd578ea484ad1ade
SHA512875d3ac0f016688e657cd7909f02c91a8288bd42c2c2224b843c81205c153477b7a9aec7eca30a07124801169abfb59d5c48776a4e8dee199cb05a65e06dc02d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD5ad267cc8b6ad586057b7396ea5c2a291
SHA168aa012f86f40a84e93013bdf16328177212cee7
SHA256550655b6bf3137171604a858ffb56dede36c5d1d46b203f3acd56280c8907c8f
SHA5128f1fef934c0cca7c7b0836647940b2bcf7f00b3ea2757b0cdf8345eadd874798515e55f159733c11d3bf28c430cb1dc57f5d0e3508b3026d603d4ae661d3e0d0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD53c91856b14a6a49484eea84c0d36127a
SHA1174ea95b3e25538428b5d1cdf17a1e2cccc9a563
SHA25629b09d0cfe14aa739a0b1dd2decf7f5a52083d26e0db1bab3fc5b3e564e629e1
SHA512c26af7b70467421ad307ffdae0183342de55adca3552821942b12109d8bb591a7bacf9813962b096546a66d1f9c11d6095e3c94df151877bed6a4a8485626d60
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD5a3a2e10be1cace767167fdc86028f40b
SHA14e63a02ff98ba2154f9bfcc8cfec023d574625a6
SHA256d294c58ce5f105b480074b6001ada3e0d7dde60c4738283d78373fa7d89868ef
SHA512851553a692a53757500bd1272c0398c656c78321ef81018f588164685ca272a5036387557750c5c6833af5f9f374d32b311bdb21dcaa335ace71c103a06ec542
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD585632a56b7a11f3aca563f7d3cacbfdc
SHA170b7e0deb6a4a31cc1a747d52491ce287327491c
SHA256e50e2bdd51ac4183976db38abd4b8b32925fe8c72521db41e206a2b9af34df9f
SHA5123ee1357e43547309419473b886ba86698f7d968b5955695a37a66bbee21a5cf1f63207f9f959d9939d4c5cdad53b9e80d1ca46ecff3355c3a3f492776f09c8b0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD553041f2354d33887f149abd1abe14aa4
SHA198d0a200bf961a782872e33f194f4614a69e02fc
SHA256dc0a2558c2476ec38e4852cd5a564d0111ab53eb6a759e7df7236ff4b55f61ba
SHA512964e572a7ddea4d54c2edce5fcf7dd4b5cc0858ccef8cea203b44c54fefbb73bf07f627c71b677ee2c31894c32323a3c3b1eed541878b052447a08c4c902cd71
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD560bf26e3acfcc73b221988d274353e52
SHA1f09da5f2e21dd6b0b95e3987a16580f6740d5583
SHA256d962c3ee13d13f81e5f32bea8810986368825e5d19c1bd1ea978eadf0786b2f4
SHA512828767d3fdc1252b7831a5edd869147eadcdbcedfb2d21e0f4ea4d2f3a821fd6d4dca9a3c0954c85736728d78aa10265351e62905a1837f356a6ff548ba4c091
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD5407993d97ec35ff3a46fee89690799f3
SHA1fffd46e8d2ba3cfd1ab6989a5bd291ac3b1769f3
SHA256cc965bd9124a3dfb846202a996ab0259418abf2bd41eaa550dd82d7101e7b327
SHA512c326245a223138ef68e615ea9a35f75bba532fac770b5f4a93aa3b8e1add571d5bb0666b3885ef264e2d88a1711974fab019257d915010423e109c3805f7e0f7
-
Filesize
580B
MD5cf01112d28bc65e097615b5f0beb7a97
SHA17d758da2da9f3877a45f504cb2fc8cd8bd5d68ee
SHA256c2c4fbd02957d98fbf56ac11a029033a85394412159621728a5a2937dc1541f2
SHA51257bc597be4fb259afe00e57bb726a641709d62335ffcabaafac36bbc78e7c0510063f9cae3be8269d7fafc3fbe747063133f4462b9ab2a4b4b2ba53bb39da19e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD5d3cb854720257bbb203b7c74f95de211
SHA165a6d6345a7d3d43d6093a95fce23d07ae4c2808
SHA25693160bfe8ecbd34fcc0408f3e15457dea0d4276d00b10605bcb59dd92e47c9c7
SHA512d55dd9c3523a28c09001c836e88280e9ea14833700d9a1eca0cd5eae47dd7ca2e0e2be2da5c45fa0c0414bb209f190724585259c002b3b13cde26b794e59e53b
-
Filesize
625B
MD5d29de6008fea1601482a26cb71f9f4b5
SHA143a304c34fe8e6128059b04b32ea4468f4e75f42
SHA25604905a97d42ff673b7190bdb3810e754b3fec30d812f243d4d42789dfd9b9cc0
SHA5128774f6e1c7cd57e49ea289e76a2f2d4c6ce1d18c204329ee59a430b8a312eaf6aa6e03695cafbf492ae8ae3efd9e7f48f1153bb7d7e7457cd5cbdd5a29ffc61c
-
Filesize
873B
MD53d99d9deb4c60fb20a00faefddd739e9
SHA1cb219266aeb5605ba2ef5620bac72f8b4478aba0
SHA256274af2d7fdba3503733698611ef4dd35f8fdbe910ae2da7f558d30fe5ad0303e
SHA51240d42de434d90be629b9e404695726d2cd7ce9f77373ebca1364415100e209ffa23bef0eaf93f678b34bc181e286020ffe4cfbd688185c6ade276126a07d2a7f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD56a1ee9b3c7684c65efd36fd5a79b471d
SHA1a89f7f3faf39783570e1799d5bea5e0a4dc89784
SHA25660fcf7e07df9cb1b8ccecd96f787972f5569854ceaa031f4069514ee8a7d59ae
SHA512a6d19858ad536e153003ac04a5d071f98e0af31566424fbacaf9d2316dc182652e12827999ee57ed878862c278fda98527544323e7188eca71ab35c536b7698c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD5419c198fd7c05eba5b4e36d11d161409
SHA198682c9019415c16450542aef4e5054f4c253465
SHA2569e01bab6563de30d1a85e9340cad415cb4c636241e755cfdfdbf5e73e3148d82
SHA512585de625256b5048f3ae1b2fd88db2baec10ac01cc853c676aeae34b1a6b225c71019ce2bd35c3955e8e9350eba94f27d266ba104f67ebe6d2f9e5a781d52cf9
-
Filesize
615B
MD58f0e11ed79bd739ffdf02226182b44f2
SHA1e20be582ebaee9188e376f3baac24f0a8bbff0fa
SHA2564d185d1bf5e9bb70dd8cd1304b69564b7b77e107dcd43a5061cd0be08092621f
SHA51239419c6665c6cb00e9932789f6cefe2b5067887894a42af9fd4cf1e5294541379372049b529dce5416bc94018da9c679235094150cc07f7cbde55c95f7e083d7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD5039f67c8bc3ffce9907305591a4c8e16
SHA1dce0f2f1d483566ab928ca9e78b6058eddc93572
SHA256aba64c5ec47b508086f5e011d965a1334287466bf924ce34852e7cf229449dbd
SHA512db934e86e88995b5f7ca76b90008ec07d5fe47e3b5f60eddb54e22abe306a468512acdc98be0ba8a1fe70b23b79394ca154c05caa932387bbc06516e8d93eea1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD582f5dd67a1e54ed405f0fa9a1557ade4
SHA17bbf7a2727b8bf91bfb5778b0304407e7246056a
SHA256d407b3010aa7859577a037d023664b765db4093a098dce1d2fe6b89c23d19476
SHA512c528da4e4cc717d186c6dcca7818abc049d775ea310f63ea0f718f2d4a306de71f9f2a27696299e20c59dabca564e788f32bcaa8a8f92ee124f31530713c69ec
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD547a510792445c4caa83e96de25c5240d
SHA16d08b572ffe81364477c0f4be22b0f010077a36d
SHA256697f830a2be44020ec5cbcd16dde1f9a7fb246a3c816599bd801fbd01db73868
SHA5126fe6310b4f205691ca916cbc5cddde866582bef3978fd7942907deb49d5dfe15785ee902ac58e27fecc448f644772e59c98fc2fc19ec9f63e8d197e94b87f1c5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD525df2c4b7085f50d0bb3025add39bc80
SHA1e485baa251cf92fab36ae1b86f03bada704a81b7
SHA2567ec0106285f049798dce6116f08b990a9015fd6ccd258a848170e21b17a0ca6d
SHA512340928437756fe5be825677949201de405045cae4075bcad6778727adc21b52513454a9dd6bdb7f55af1ab0b719ae9e01c87a4668bed6dda9379f587933d967a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD55893d6cc104c8efd3a44c1d4320f3a42
SHA13c9aaa8be2c58d03f0ea66b936c7d63f85a3b83e
SHA256bc8db85330dbc2d174cdb026163c1d9b9b3c5cc42d07368e0cfb874410574196
SHA5125e60f1fd3eec02822a6519eb7629d35da83713d8c25d2c86fd5783e83c1e6b21f1b6200db0915fad7f7eaf593af8e25e28eb2803253b4534755a6173f486eed3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD59f95ff6dd7a6938e07f9432df00c232b
SHA17ae2c012453e4a0aacc59b2b4e1f159c1248fe67
SHA256a0f627264db112171b510cc77e8562bbc5a015bfa5be32b0a55c92e4e4a3031d
SHA512d95a623f14f3706140c2ea285b274e6d640400546869e0caf82ae35d52fe4a9bef412bff46b0e36f337666e52c601fb04da9e72c9646c910b19ccccafeb38a54
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD58db1951323e5a5397cfe179b32c17868
SHA13884c546f5f2044e8329b02d58b89a3467958969
SHA256b4e946c464b8b4ef0ae171dcaf2bb2fff5a6396342c851db28a6e277abc875a2
SHA5129f69cf0b4653479f70e3ed21d8291d7a68f443d649285725bc91ee89dd64570cb7e82a4868270b96170ae75bed6677b11725faf96af123609d13331afa7e084f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD5311e8897088191c9cd6bf86f51ea3ab6
SHA177240f2405709224b5b616b535a4aa03a412e39c
SHA256880c8c342c19eba95dd0819dfdfabd34c03a37a2ec04a33792a8a97604a9e572
SHA512cb5f5941bfcaac3af597c3bb7e4c511c005315f99639a1229cf865d76294bebd77d9780cc52931c130e4cfffc66e56eeb5c1f29a04b283c38f900893ae27cae6
-
Filesize
153B
MD5d27c0c5fe3e64ef41c0c03e28cbfabec
SHA12bf7c130c5d4b0990f465f54f19ea9464e2ebbde
SHA256522804a9bc40d71d21dac4feefe348d63cdd7c16378823cbe30853138036a59a
SHA512b95a755e9d6af1318757ac00ab98d6797ac30da652ba71eb87e5ba8f7694b570d9a7452536bb74bbbf3a2fe197aa7c97be9255c665a8eadee3c78c258fac2164
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD5d746ee33dd76a5b2d4f7e78634a52f9c
SHA1f54d42814d192d35f6fe15867a1b9d7bb707857f
SHA256636ece6840173d9de081b2e54d4f421df907ccd93211f5459b9439cda641fb9f
SHA5121ae3cbf3fad5efc1311e1f1c8293539fb0f6eec627a6673305d1688f59c95dca7dc1c4afbe169cdeb70e4c93acd32e026a3f71dd12168b2153dbd9265bc4921a
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.EnCiPhErEd
Filesize8KB
MD52137f8f27b43f9a0d0cc84e9a97f089b
SHA188a5c795468b345a6c55f5b4485c2db097f40c00
SHA2564d215adad6b8fabba54898957d75670d0a9823e756ab22448d32e276481398e7
SHA5122bdd72a2b7cc00cda98b6335953f7302c99330835310eb2f3679d23f314ca588e01583372defee9f7818be42571814f66ebebfe1e3c04de0948c812481be1ce2
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD5a1b1ab47d4139d30f2169a89ba2ba704
SHA15d40b669fa236045363e763e6fecbbfa9bd6ef98
SHA25606618c7f5dba84c5b889c9581aef76d2e97eda0f215dcb7bc045f7fe04c15578
SHA512ad27e1a6e9e75177d69dcbd6b4b0bed04f95211b81c41e1c5b3c5c17ecfbe3e4aad8b5e0d4739fe207cecbf6fba068f695325c0a355e7e132c37b33c53d4ae1d
-
Filesize
109KB
MD5425f23be01c59b14b877fde097d23c54
SHA156125e16da2788df5d1495136daf58e772c72f6e
SHA2568ec0f7eb0ca0dc54aafb8a48c42663acfe2d4ed2a10dc330f0ae2dd57adaae8f
SHA512e429e02ed53a5d889ab0e0acd0db02b9c64231b4b476ee8079f4499fff60242bfdf5c80a52900f5902ee9d9912cd62fb858fae317ac1c3580f079d81caef3567
-
Filesize
172KB
MD5e0723ae2d9cc249d85bf1857bfcbbbfc
SHA1b96e65b4c98c2286fd415bb8dcee8e3630bb14d4
SHA256a80ff826344bb36e2f784dbd99877af29786b3127904a691772bda4f6de35582
SHA51237e169013697ed575dcc1405caf174259cd8a8d31bb63706c8860b18cec0230f16ddea27d8ed90b221eda348902ff1372410256f875510051e50f02dcf7bd672
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD54c7bf4220c71a959ddd158ef021fa57e
SHA18d038046daece74b51c99ea38631e07fb8e0abd6
SHA256f7ab8cd04f957b9dd1185656a903c4f8e917f527471722c690691362791cb5c5
SHA512fe1f2f85804e825c9180ba01a34a180c7831d979e2555a3a5c899b494efeb8e99928cfdc8967a5e0ef1e135ede1cf8fa5186ac473fcd8df9e241b1b58748fca0
-
Filesize
49B
MD5dad3de0edb747b996c1d07c02143d8bd
SHA18eb3899cce1df55dcf51b61177c5699e2a11521d
SHA256c82fc7d1c270b1975f39cf7d3d9725c0c74cb1b2e8a31718a0c3c3b97a9f148f
SHA5127849c7cb8e973838de870387eca3213af0c3e23de8aa7c8457e36e80d8848a4c78473d3818674e313224a5e7bcc4ecb664412366d7986ae370c8cdb7b8fbce95
-
Filesize
21KB
MD581fbb7ab23f23787af40ead269c0eb51
SHA18ccee06de90cf3011688bb7d4d311035463fbf71
SHA256a400c4588a7113b503cf1ae8eb38af5f389d2843e8353acbab03dd79886128e3
SHA5123d3fbd67aee7f4c0509535a74fe059ea15b636586a600d9476727ae37a0001515ccc9ed926e7c457b1f784c3c46b8b628fd3697e819b1e944e679f43fa44c010
-
Filesize
1KB
MD54eb60fd541155290a5bc17dc9224f3d8
SHA10f3825bc33467b3d933356d329a3310edf408e43
SHA2562046b7881b9f2e18d5660277ae6428a197ee03b3e06de8a0dae2ad06585b1127
SHA512102b01b17fd15e695ad1004a71b08cf03143068f2e97f8821cc2497ee0ad4e804b42cca2274eaf6bb248c60a19a928d2c7b1e971623f168396a2a83f4b2b30f1
-
Filesize
952B
MD568459f615df8e7d7248a9a073b76cab8
SHA12ed8f590362685f0d7320f40c7470b2f20585227
SHA2566808ba0eb7cfdc1780bc7f48ef0846ff26f057afde67af59aa8ab96d7abb6b9f
SHA5125d93f7e0f771a618fd8f8fe8b74d48594e30f082c927cb5a7b69400f69e6d051d8b376fee41e18a5b527892c0d4bb6f0823761e7a6c9ffdb20963d77e0a2bce3
-
Filesize
121B
MD5248211beb5f455bc1b066ee277ebd404
SHA1f8ded7d351fad489665d76a921641571a73f86dc
SHA256d3ba0df6ebd25e00d445e8041b95841de790361e4b42c46514e3bbf878c873ea
SHA5125550948cc70bd57ef0258b3d9bf6602a6a53c813ebe5380e615e77a87f31facde5f502a1349e35ff773094acc416bbfa6eac7a004d6c72524c65a36de4006b1e
-
Filesize
1KB
MD55ff770b8c59c83ed2cd519009edb3179
SHA1d91039836463da40761ab33461295ee6c4547c2e
SHA256a638c49b97cf53089efa5a4d369ad83dec00becb8240b8aa0bfbf156ecb61960
SHA5121025b8e110fab999ddb8a43188aa7c367d4178280db91a8209971b48df388f3bf9c557a385858950cac6bac688878a9615fd5d53b32639fc07839f48f1e5a734
-
Filesize
8KB
MD50fd2a8adae74e716aea7e8d219be7ef3
SHA12bdc02e5bff0177a8ff74870cdb60fd37ef8d29a
SHA256ace53d3c502902ff6cb2846c1e2fe3d5bd24c98a63d451d17651f2f4556c7259
SHA512e399cdd6fd92b7448ad912cdd6c16a675ca883b06b72492887638e4f7a759ddd6eace3741f533e0b3a5773ca5eefa752773235415ad8637c5de61e18262eea88
-
Filesize
61B
MD5b0e4b86bf068ef42a00d15f61301d2a3
SHA18f321a35872b44aee7fb4cbdb958f8bd1d9f433d
SHA256b080aa328f6360ba3c80507d1b5677d6cf0aa0c18352a4e48a7fba54f5819a5f
SHA512d81c65f9c99b1815c035a38c8ba06b21f138c92d9e591fe6303dacc4478f8b03a9ed71a53dc10d2b75ee7bd91e2f6a117d446ae587f7986b74004f47c15e030a
-
Filesize
914B
MD5838faba3686168db638b1e744574a4c7
SHA146936b483487bd7e77c2d67a79c371ef736bcf11
SHA256e836215e54eb22e0da4fa3c563e930f6f54eac3a8fce93acdd10a4974d6054db
SHA5122f735fb2a9a41a9301fbe911aa14ee07cfc68f57e3951649198ed292fd93dd14955727284144b1fef533f8effc27b5ec2395f61f5abcec3c146ee0b6c2b39704
-
Filesize
90B
MD5f6670bc357f96471468f6ef962415971
SHA1f6ebbbe0954b336ab0355b3c386640ab81f0e786
SHA256a9ec85172e3edf677e000880a485814f52ebee81042db5b727c5596fe8fe4386
SHA512add49018a4019ece500ced0ea770edc28874e429d172157d7f58bd7cf9deaf780bff720993208d17e38091bc22cfcfb8c823b0658a0e81082131b2b20480b28e
-
Filesize
90B
MD5d37b559e4a3661c0cd2907a05e7ce89c
SHA15d41ebe3b67a2e9137c1f35ad5ac7448c0b301b9
SHA256fbefd7f40f9248bff08b490ad467ee986949714dbe13ec1eb366a39639bbc8db
SHA5129f2e8d2d081638651b9000472e944f878259faf64a9cc27472ad802f9a3ba8ac6035ddca40befb46aa59ac2a552ea566e8fa34dc8008d291aeffbfefec2a5e20
-
Filesize
328B
MD587dab104115f5f444537b4b7974ea0c6
SHA148707878c873aa5c9dad94a98e65642456056bc0
SHA2560238ec18e261836dfa8c03e5aa9221c547b661730e8e9648a9e21840238dec9f
SHA512fb6699a719cd681c132759254fceb41923ff6e227df92b55eaff6c82ebe3232b86047a655151fe2c1d228830072dc3b7168179c81fb1081b43d6a53eebb5067b
-
Filesize
1KB
MD523d8f7aa77e0edff4ea6d2b854527c4c
SHA106319903dd4331d7ec5a783f9ff442172abbd79c
SHA256390b0af89b8704508b671dc191a9b0aed67ca5c4fb4af720b7c60e74606fdb0d
SHA5128728abe4f1e392e9ba33132fb8806a4df38e64bf137fac9213a238915602c7127f1cc5bfb5458efdd5e3f13e6b9df8d27ec1e5d8c2bae4881e9c090e9d7aa715
-
Filesize
162B
MD5d14ba34d3b9c06d486d9d68eb0f8a29a
SHA1dbf6752a44cd30d4edd3f71a87fc91c18cf6868e
SHA2564fe3258600bb20ede72a13ec635bf4b5ad1ad2d2c664390dbfd66bac2da43bc1
SHA5120883f02a822a5554a7ebe94444f99b26d3cbe8f1972b7cda61aa57f93759b76647072a9e5b7d932635ac967d5847c3a95711bb49414c176d947a946d82a3bfda
-
Filesize
586B
MD503ceed9f9648969a54a5e792cad9590f
SHA1050d69154078e5857588e1042018c63ce2072d32
SHA256f6beb5d78bfbe3a5abe136e1da7574411c266d35e86b437354ac4a2e79bfee55
SHA51291140bb32f00fb15b1a2b438dd700075f49cdfd4065cd600f1e00c5135d1dd9b485fd2aeb71a0cf6fd972f4cce671e1a86cc2c7be4f3254cb3dae4d0f12b9162
-
Filesize
124B
MD5bf0c7437e245106e3434b40f02cd718a
SHA186593cb9fa4a8791a4dd9038319f05736ed4fe7e
SHA256e781d39d15d7e529a72737614b0939a9d2846d19353084f4bc37f017a9168fbc
SHA5123f0cdc539a1d10acae476b69f3f320af0522f0c0aa60931aa0597aafc04bcd57e74671985317dddaeb04d3742658b277089448c5312e410feae97ffb2a49b560
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD500e1a724bf3835992e0d802d4292fc63
SHA1a71b96984e5cc115bc503aba9b0ee4e946ea19de
SHA2567cdd058c3c7cb5e441ac5aed15814d8c938d6d7527cef40c6dcc10799347539f
SHA512de00456f7f55daa3bb8863abb38d053f580699a59778ee35de1061254a25ea78fcd3f331e5b88eb933c54561338a57e1105d6cb4fb8bab9a153971837612eb45
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD50733951ee3c9b0420096ac0fde5184e6
SHA1a9aac94b99520ef6b48dd485fcf7add70ceb56d7
SHA2561d7ba1f1fd6c0cd1f5d8fe77446167ffba1b477133d83b9176f122394e6ea7e9
SHA5122c8c1f5ac318da5395a05ffc8a6bee86cb8566969901eb1f32b59afea55270483d17cd7f965a80141607f28fd18b1de32ab23546e0d07ecaf15ba68e10ef7c70
-
Filesize
8KB
MD586b12c51c40b4fd7d5032b150b029bd0
SHA13cdbeb1ad4e27eaffcaaeeca41ab89b02822f492
SHA256df762539f37ea111be7013546a37ce8fb577b4fe470e72500f7c2f358f0d201a
SHA512c11e12ea7d8222d10ace491dde1b402bf3e09bfab77a619701076f6d96a839d68924c8780469daf100f63038edbaaa3c0ade1fc9346f011acefce1fb1d6bb685
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD5b1b9c0811c2c1f90b491d086373c87ac
SHA1ec64b5d3b43d0a5839307828fa01627be08e51e5
SHA2562438e14178df83b0ac1b811cc921f20500733a25adbfb06460739eb2c2fbb4bd
SHA5127a7935c8124e16fe81ab04834c8ddf6567dc90e050e798e3b0cc0a5f49e5126f91e7fab44c1db57be491072476ebfeff09a8b666501f363a828d3253ab013ded
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD552e8c0eca33f8d7554a4a8457f6e6f42
SHA1cc7feb528fd378bb6f347bf469be37f2d1aa2aee
SHA25618c1a6c742f022b99efe631de63c70f84b6a2c57554cb3afe5672b57a11ff345
SHA51245ee4a5364e4efc96772bdea3726abe78905c6ffe5ebad0029a50114489b4e81b246c4429704a357671ce18066afe42fa77bc3b62c4375f960c304449cc496f6
-
Filesize
880B
MD5c2fd1092163a154d29c0779de5a4b1f3
SHA1fed02bbddefd365e84b657f4537c2d825e93b640
SHA25614a1b849c3b1690013aca4bf24f881710df7691e9629a3e2228b52797fd0a123
SHA512a4c3c79f13fcc78920c53955ec96bc4adc3a30bda69b711033df2a92524256609498678f3475e742152626124afe96e275d832ee7c12fd42da97eaff68019119