Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
29-11-2024 07:34
Behavioral task
behavioral1
Sample
afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe
-
Size
1.0MB
-
MD5
afc6d5ee9428aa47d67b57fab8971770
-
SHA1
8070da29d64613421494c2cc08dd7e7afa79e555
-
SHA256
788c03c4abc923b1066279426d10a9d41ea3f819d9725a9102eb83670f10efe5
-
SHA512
acb6d0d8bb57be6fa3e250d1d0ec054d48140fd030a066cd2aa57913348850ebbef0764051747eb4483b1c564d9afe4025b0b23a6a52bce54b51113e84dbc406
-
SSDEEP
192:X/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMdU:XebFNw4Pk1itKkpAjjI2YpdmdU
Malware Config
Signatures
-
Renames multiple (2219) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1i0fuc5l3Qr4m9M.exe" afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\mdmcxhv6.inf_amd64_neutral_81ba64c5b6150dd3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmrock.inf_amd64_neutral_2ec26aaad7a9d419\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_trap.help.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_script_blocks.help.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\WCN\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced_methods.help.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmcommu.inf_amd64_neutral_83cc415156be45c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep00c.inf_amd64_neutral_f0d9ddf52f04765c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnin004.inf_amd64_neutral_c8902ae660ab1360\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep00l.inf_amd64_neutral_f1fa021d2221e2c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00w.inf_amd64_neutral_d4c93bb2fbf75723\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Variables.help.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\winrm\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnis3t.inf_amd64_neutral_857ff0fa9c73850a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_neutral_9d0740f32ce81d24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wiaxx002.inf_amd64_neutral_fbe080a7dd77c4a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\el-GR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_wildcards.help.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Quoting_Rules.help.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_While.help.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnbr004.inf_amd64_neutral_a78e168d6944619a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prncs302.inf_amd64_ja-jp_96eca15be06b1482\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_script_blocks.help.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_neutral_d834e48846616289\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_neutral_ed16756f950857e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Column.bmp afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnbr003.inf_amd64_neutral_dff45d1d0df04caf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky302.inf_amd64_ja-jp_dd74fe49601b74f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Windows_PowerShell_2.0.help.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Command_Syntax.help.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_FAQ.help.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky305.inf_amd64_ja-jp_4d77cc4802b17ec3\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\AppInstalled.gif afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_execution_policies.help.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc4.inf_amd64_neutral_310871d800afa82a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\oobe\background.bmp afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pipelines.help.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmusrg.inf_amd64_neutral_814744dd97ccf09f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Line_Editing.help.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00b.inf_amd64_neutral_4412894f52d39895\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_CommonParameters.help.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_objects.help.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_neutral_4ab014d645098f5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnrc303.inf_amd64_ja-jp_b0dcc6693f67451a\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ql2300.inf_amd64_neutral_ca8487daf77ff7cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmhandy.inf_amd64_neutral_386661b46df6da3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmrock3.inf_amd64_neutral_9fdc5d710dd63e80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pcfhkmpccmpbbehj.bmp" afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile16.png afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new.png afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14752_.GIF afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\J0115856.GIF afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\45.png afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21390_.GIF afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\settings.html afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_docked.png afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099161.JPG afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR15F.GIF afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Mail\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02755U.BMP afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\HEADING.JPG afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Program Files\DVD Maker\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\8.png afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTaskIconMask.bmp afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\is.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\MDIParent.zip afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0227419.JPG afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_h.png afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full.png afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext.png afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)grayStateIcon.png afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01332U.BMP afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01246_.GIF afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Bears.jpg afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_h.png afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tl.gif afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\RSSFeeds.html afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DissolveAnother.png afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15155_.GIF afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Mahjong\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\picturePuzzle.html afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent_partly-cloudy.png afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21335_.GIF afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\amd64_microsoft-windows-d..input-cpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1ad1c6efae966f2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\msil_microsoft.tpm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_eeb4801fdde41c02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-storprop.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2eec70254a9ba88a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\Media\Delta\Windows Hardware Remove.wav afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_6.1.7601.17514_none_696354579779eadf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-mystify.resources_31bf3856ad364e35_6.1.7600.16385_de-de_00ed22fd11859552\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\3cf3740de20740208d614d330aa4416c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_mdmbr006.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_615fc86e7747fffd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-netbt.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a826689a6ddadfd0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-vssadmin.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e068b2615c885113\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_types.ps1xml.help.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_arrays.help.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wmpdui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_78142c772a77958d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-a..structure.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1694a053d1e77535\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-e..rformancemonitoring_31bf3856ad364e35_6.1.7600.16385_none_0d7e44ffcdcf5676\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-iis-w3svc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_233cc12f51b871ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wab-core.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_aecfd3efa4364f4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-uiribbon.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8ad97aa2496902f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_he-il_48f4af5bf99a2b04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..g-cmdline.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_25a5e1bc99f6892d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-onlineidcpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_de0838fde8c16c11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-00000422_31bf3856ad364e35_6.1.7600.16385_none_4dfd19e2b200b9f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_objects.help.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\napinit\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-snmp-evntwin.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_057fccea3f497960\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-sonic-rtstreamsink_31bf3856ad364e35_6.1.7601.17514_none_647657ee9ac95ff1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..ceruntime.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_dc4b94f4bb5022b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-m..icecommon.resources_31bf3856ad364e35_6.1.7600.16385_es-es_97d520d2da4ae377\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-dataclen.resources_31bf3856ad364e35_6.1.7600.16385_it-it_49c8dd7148879deb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Access\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..vault-cpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4bdcac3537e3a78e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_Comment_Based_Help.help.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_zh-cn_3a5350f1e9bfcf28\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..-shanghai.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c2d203abdf1ce530\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-shatter_31bf3856ad364e35_6.1.7600.16385_none_0cd72f8900478c68\NavigationRight_SelectionSubpicture.png afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-c..us-runtime-stclient_31bf3856ad364e35_6.1.7600.16385_none_a9649d04c661942c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-credui.resources_31bf3856ad364e35_6.1.7601.17514_de-de_bb31595d11a5d311\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..-binaries.resources_31bf3856ad364e35_6.1.7601.17514_uk-ua_813b0e7ff4172114\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-sysprep-aecache_31bf3856ad364e35_6.1.7600.16385_none_f4906b14fa5f4e62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\inf\Windows Workflow Foundation 3.0.0.0\0000\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\msil_aspnet_regbrowsers.resources_b03f5f7f11d50a3a_6.1.7600.16385_de-de_aff1d401a29e535b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netimm.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4388258dd5f9cb2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd\flower_trans_MATTE_PAL.wmv afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-r..dle-agent.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5992b6ff2e9403f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\msil_microsoft.iis.power..framework.resources_31bf3856ad364e35_6.1.7601.17514_it-it_88185b6335b4839b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-dssec.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cc339a048a4552f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-usercpl_31bf3856ad364e35_6.1.7601.17514_none_8dd65e6eac60c5fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..track-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4de8220dfc038640\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..ar-wizard.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6ecb9474884d886d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\settings_box_bottom.png afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_it-it_83af6cfe9dc7084e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-credwiz.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f8a46fdfa76644e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wpdmtphw.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b711a0ce8e97618\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_iirsp.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a2242c264b9eb000\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_CommonParameters.help.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_tape.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7ea3370d5b31a93b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_ql40xx2.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f6633d985781b5f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\msil_system.web.abstractions_31bf3856ad364e35_6.1.7601.17514_none_070192411bec34df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File opened for modification C:\Windows\Media\Calligraphy\Windows Balloon.wav afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft.windows.d..ackmodule.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e5649904d1cb822e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-ie-ielowutil.resources_31bf3856ad364e35_8.0.7600.16385_fr-fr_8f1f350c233f36bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DGSSOLFHECPPTKT\shell\open\command afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DGSSOLFHECPPTKT\shell afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "DGSSOLFHECPPTKT" afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DGSSOLFHECPPTKT afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DGSSOLFHECPPTKT\DefaultIcon afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DGSSOLFHECPPTKT\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1i0fuc5l3Qr4m9M.exe,0" afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DGSSOLFHECPPTKT\shell\open afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DGSSOLFHECPPTKT\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1i0fuc5l3Qr4m9M.exe" afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DGSSOLFHECPPTKT\ = "CRYPTED!" afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\afc6d5ee9428aa47d67b57fab8971770_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2548
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
290B
MD507f4907502245876a12a787726b39b58
SHA1f962a9780137a022a30b222b0ea5a1e076cce079
SHA2560d04e135b6277280162040bf054717c2c76b14f41607c5d8ea7d6a47cb9fc095
SHA5123c91c0ef23153ad3e02b0be60a2534c3dbdf911c47ba8a07c961acf97a45e1fa391f558fd7f9baef299e542bf1b3db1b267bc21f9247c9ad6d87c4591adcc142
-
Filesize
341B
MD5b92dc4628808e0343ae2e37cda87cf1b
SHA15dc794d5efb4daeafaf2e718afeafe13d49958c1
SHA25693e78b70b84f94050eafe4ab67c7e0cb400846948343a776c454734b131780a8
SHA51259c3de885977202579cddb17ef2ca2ecb28a067b93118b22c54615dddc4cbb6f433aa25c4a8352d448d6820fa1a4b0cbd1812930c021864fdb9ed4c21732396e
-
Filesize
222B
MD51e926a3cea3007b4c8aefe2bc0dacee2
SHA166bd08e6a771dfba04d9c9dd0c6cb174e7342872
SHA25622a7006502739bb2ab2f8277e291201afadbec9a6f287ee3c3fd733702f55511
SHA5129bbb661380c777e2d6bcf3761291ba69e41bfb419a8d3bda03e722a0a944a8f9af23ef8e36859bfc83946e6802c7859b761369dbba66e8290c19c46bd5f6456a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD5568c12acfaf0f99b881f0bf9bb7a5f10
SHA112eed62b583cdaadcd64ecc9c41a7046c07a8977
SHA25693c1c63e34c2d174b15e48346ccece060c6518f12256efdcf6b86c293609096b
SHA5120ec738852ea237dadb95eab12a51645a51afb0abb2520dbb123c46bc5058336104f415b5ed33e0f66626ee0b317dfd41a9508eee5f84d92a2aafe9512e0e1cab
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD565d8495d66bc060aafd1b2402b64776d
SHA1e88ab1b8fbc409f7102df57f8ae4a5f9c7a9a438
SHA2560ff7766775495ef7eeb770ac0a5f0ca92e4711b4020de7e70d385373934c6933
SHA51206f4c7a3490efc42a3797c1f25f8892cd36e6520674b222636b97e601f0a58057b27dc9e0eabe81233dbcace6da83088d50a4e269ed3c826038adae0e18da3b3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD505803db8ef37353679dc23187d90c122
SHA196466bfbabce3ef412f306bcaac417177ed022f3
SHA256d22f8ec51593ae9d6f419ebb0de4d6e09c4143942fe9305e7b13400a9c5ff1ce
SHA512f22cec470e205072fdd4607bbd0884a4fdb886603bb9ab80700d0e5b83f44ddc4752ec315622c8d9ea22bb1018d7ac412af5f6d5e17c57b0d25a44a4d8c612b9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5add609376d8ca985da1df56c96a2978b
SHA1ac6754bd8619585b0af1454bba6324034f062aa7
SHA2566f149d48c9b41edad05ca24ffa99639cb34239eb9a23f1893a35af6e013f7e13
SHA512e6edd5cb0d1e5972e33fa6e67f0b16c6ff168888dc3b1de00973f721e7982cc52afa348f6ab7041768a30d17ca1d2cd5287665c270fad79b9224c7b82fed9212
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD5fd9f6122ffeb28c4c5319cced3411781
SHA1f1046390b8330097da632480869b799f00cb4d02
SHA256d81ae20dbd6bd7cb87f23ea1bf43fcf7bd21b8b6bf241ce46d1ca1604cc341c3
SHA5125665268f959bd9964d47a9920a1cc2c92f7a109b1614ded74075d0180e63f6a852e5d3b7f557aa1660852267c2704a2d55b7bfad58f6327647510f1e952a508c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD5f64bb9409a910f8be0fd6c28d4382dbe
SHA1cac002566a8dadd7c871a23d663c9ce103654c7e
SHA2566e96669c1cacce37e996c47e00cf48867e56cef95643c82ab9e83044cf2c5a65
SHA5125f945c8834e34b2d4a9fa4d446f69c70b022498d2c8cdd4a1aa6f6e273b231eb0c467cab491906fb1b6e122a024ef9674bc0f5f20bd2bc0a259f52f97c7b2b81
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD52d10e4b5effae2a873ac8a59154816d8
SHA1ae769d6cd51e2a5955d3fda06c7a9365cb19188f
SHA256a4e4e0508c1fa8a806ebacb3ba9093036f77d7c948729966725ccea5b361204d
SHA51232b723e215d98c426c2da878d8dd7415514fcffe3e82f3e14bac91c2d20adfd725fd55c33abe4a3d8538d1217b7903ba6ba72856018907bba202e25edae1d4cb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD548edd6b58914c2fe42386e0dde886a2b
SHA144199b121e9982c16d036ddc01284dc7d9a9daab
SHA2565e2b94ddeffd3beef82955f4500216aaa7a7d711a9d5be9e4431c7f671131b24
SHA512ab2ba40fe2847b8ff4236221c8dcc6da7c56e7bde8ecdb137820e794605dc1bc3d382fe14272d2ede72d2e2fc77cb1620363ef6ca723b8ace952fabbbc45f9e5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD56debaa6235d2558a17ff8dd656b6195a
SHA1c949804df1db44d0ce007e64c913b161bcd4c49c
SHA256c7776b9632bce9ffcf90946524d447131029fd9424e37f18485e76926161b26e
SHA512bf73d0df47c9d562f115a5366302aaf4f587924c6ce52de990572f02da4990704916b148b53c976d0cb57d3bb363bf5a813ce1604dc50060fa66ab3d07cc73d4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD55d43881a51ba07af2769f7c7fbe52fb8
SHA1010b10233e456133ab2ff8ec675fd6d4936a8fae
SHA2564ceec9c60c268d1b92698de11409bee7bbb0e2ca3c614b5d8041ee39a14a69ca
SHA512351515d6c5431f5a37b43291e66400dee0bfd1cbdc5da272d49ec3160b8bfab21463993e1b84e8b9fa7fec69b41824771fb808dc6a607713b2ccf6258ad4fa17
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD56cb2c3a7de12c85b9df6c4b53c78cc9a
SHA1cd15feaebfe1b4a3d2cae624b7c6a78a9b28ab24
SHA2566e9703b3452c21d9557b28ce7e307e8cf5b25c2cc8fe85703b777b5ac1859bf0
SHA512a0b550b4beec4aeb62bd8dd6c1064e8a002e90703e1b7eb223fef2074bb6d731b6a8ca2bdae6caa213f1e797c67434e34a53a954828d100949a4b58e838999c8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD5b1171e2ad5f10704bd57eb8c03a6f83f
SHA1837fa26f098adbd9695c3f85b325275d35830362
SHA2569fe4492fa8647afe54f418414d7db513317481949bf3c4b4939b5a2fc1ba2e8b
SHA512f6f5d578cda008f65558bf437cf4c5490a41a6d3a35b50e4ce0bb03efdafc6f5f8881f91fc87249bda55132143b98bf67f2275638fa882c2a39899ce61dab44c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD5c58a71945d6c9129080608d2435bbb4b
SHA15edd7df803e79f2445c898986ea7076e32e9225c
SHA2560a7cfdbe532cac2e6e9de5cf4177da07d0ba60c658becea9958d123f78b8edbf
SHA512eca8f5746bd31cc0fcd75ca6824bbaf764858302e4a316fa29ae46198b8f55607a091f94e1dcc25173567bc47230d7898d261dd5c9224229eacae394bc841984
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD5af142e7b4632ecf6f3c36832433e8be6
SHA11a2a68d9abe8b65fb35a26b3ddedbd092c47f384
SHA256b566014d94def9c3acab609930e32ba8991b57b6ba47eb5fdfa6160e20dfc822
SHA51248fcacc879f7b49155f55bbeaeac3787df50a9e5e20ded1c87781c6dc0c0f59c165b14c1de6b53eb3e5dcd0dcbc709a65830529ef28cfe78cc5a45dc2a4ccabf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD5bd5ab428a2f5fd3b5726dd6a2b0d06e9
SHA125b5b82f6005976238aceece52dbd944f81a1723
SHA25690b25412a9a563f2dcdeb80fd8a1dfb9d5b4488ca6f77c0d3a73514f8cfd9b68
SHA512fec5877d489c668a3ab847de9be3f7a656a38beb883e849b92df8886fdfab5389c8625b34f1e2385dada42ccca5b879dd530a6e31e77008efd242d369a983bc4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD547a195b45f14049c15ae67c15c17ea7e
SHA180644a09f0db29d234a9b9e3749f2107f0de555c
SHA256bbbc1c199e7d71ddb942e9c932ec497a41914841be5e3b50a3c582636a052180
SHA512003bf5eda56dd6b78b51c313d00b2a3fce7de0f2e08b226a42d5d1639ce2db02595181db8731e7b5db5ee95b27063244be62e1b3bd2b910d1f773ff7e83a30e9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD56d5cd4c1bba93e03826d7c43e8f711ae
SHA1b6f364564e09bfa277376764c3c5ab82f8e18cc8
SHA2564b0a7f853714787e8996f0f21ba1f95ad618e19519f94697d338876e262fabb0
SHA512e746e08abceb76bc59b34fa479deebb7fd0e7b9a78350585d7a604e83d7e44049efdfc8f75a00559bfeaa7195cab3eebbca10360ee943742b0ba18259c2b25c8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD5dff5fc89c8f910b548595b3e6e932be1
SHA185b832457a7ee6d4f22bd504153abbe823367f68
SHA2562d5bea0881249e5c58bde2fd094ac0863cac7417d25f8fb7eb255155c11b5aba
SHA5122518421c42f73d1700d7cd769135526389b5c59459f80a2c0a8806ffcbbb98154500d169124f0d9031ca589104e7fb3a3ce151bc1c81e7ed5715a76160aedebb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD59157f8341d1cfd4b353720f3dca135bb
SHA1afc91410165f93ab4870c886786a586cabf772a8
SHA2567ae297a8c60bd6c0b66ca213693427241b67a3294c418e7428b12f38d366816c
SHA5124509c719d8cf472aecc238965aaa150900da7abf00a5a14c533fd86edc90d3bc540ff56c7c2970250a9caec42e34244ea5a5a247573b77c934bc3ca126572dc9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD59820b9f01b306e394a8178161ce81f47
SHA1b86630ec7fe8ed4878a364a54bcfa65401a06084
SHA256eb61ec77c2f2971c0656ea0e06daa99565a92a7ea720c10d294b4483967cbcf4
SHA51216a89ccc13e849aba769b32b9c5bbf107ac6f444cf2db6661314bc575e6fecac3c52b55a45a906ae7b7ae59d6652d9cd7dc4556a12fad809d152c5a98afbfd43
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD582a9e6f96b807aa94cce2bc7646a6e64
SHA1e6ba141c81203caf100c8ba87d31af202371e45e
SHA2560ee8b3ad2afa94c0646387f5dbe12d5ba2b818ff0ce783109fb4439e052ea362
SHA512d39b7665b75c92ea75e285ac60e259c1f14997105ba74141f1c076220a595ee54a5f84e89f52cf009bfc5f2c583f7e432c496746e07593502b25bd46dae48afe
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD50021880eec5069d9b84b7991628d2fb0
SHA1b7939286e8dfa36c9709828c5729346628b96bc2
SHA2568c8ed289ed872a60bae815313ccd7bb6928248a31dadd64fcdb12ed7dbf184de
SHA51269a16a1f4c48f57e9fe692ee6a13726f173659cb9dcd4ef4a0fc6cc910ac318cb4b4689da7b8adcd9a659114386c79ef499ef4d955b154a3eaee7fad3dd354b0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD5b9ce778bb7d4c7e14a80a114c7870a7a
SHA1c0973c65b34227b86cc678476704372bcae75cf9
SHA2568fce67a8633fca4ec11f3a6787ce11c045564a6324bccd7a9b655b2699b4bbb4
SHA512c1bbd95579ff9a8ae4a8a7679fa1d80e583428d48e7844c80fc5c7f6e14ac786729131307e35495512c38ab2d49a28baac19cde41bc9dde86646b7679a5374ca
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD57ee17480a88f216ed12ccbbd82ed9524
SHA1df09366b5c95b196b64bd7d0f96e94df13d6a7af
SHA256c0a7b7a4822a0cf31d945509461ab83222ca8270e9a9b77f94653a7db9f3eaec
SHA51225fcf62d91d9eb333914252b77c4eac4043f97f3dd406a001330aab55a913d23daa38e03a135d29a13e83b2549eec3d246d598b213682f79e82b1ab8a267531b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD540d7861ea01e4fe1707a822c3a60410f
SHA142b36f134943c4ed970a3277edd790ae5ea9de08
SHA256357f55a43e6280c7d4df0041e19c1180e455663449c7eefb7f706b780b9a08a9
SHA512171fada748e15d003aec117d6aef5c6ff0019dd3028a79adc0cbb1e748448b8d0410178babf8a555581d6a4c2bbcc7feae11e1f4f44bd5df389b5a6388ff59c1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD52b57114c2404ce8291065887460206de
SHA1e0046f8f51f1fdfd527ac0d52ec112e4b690cc22
SHA256c3798b99014d2b22180f2098255f52b8c8a1737f7950f93dde5e7fd6b77f6f9c
SHA512008efda25aa51cb24dd5a3a640017ae35c8fffc63988d40fec5f403aaa22b725649f51c1e6dba6c62176b358a3a0b91e5fa4fa3b49af0fb97a5db74374a275e2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD563131865972668911334e8306357f2ca
SHA1d9d6a7aa5e655493bda842d4def2e3836869feb3
SHA2561fe089e94405750d8b7d7263e71aabcf22357ee3ce160a98eb81e9bf2ca13e76
SHA5127a96ab0117e113284cacc1612036ef0ece736d8fdff2bac02a2ec700ef226ba2758b462bea05efa3fb5b1938c60a1c67eb82a3beb8249db7b6abe38116b41330
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD59b032a57e9af7ec27321599b093a1f3d
SHA1b1288af4143ea518fc1f58fe608ae4d14e13cdf2
SHA256466416065d8ff5d3727d8c6da9c1caf4a8e3a2be55a56707335ba1d1617cf0a3
SHA51276837d9eae004ff3636648b8be53f111459d172484393325e753a6af3e9439e13c294ade008516efb23b7900173ff7d05d98d6cf7984f436465ab1ba3ddaf951
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD53a4a87b7f133c24d6f329a956d82fde3
SHA19033fa36c10365b3a30f5f374d4ad63d425a0bc4
SHA2566ade774aac552f5783239c6530d73e02c1c2bab77377fa9bdfaf2e562529182f
SHA512e0d346354828c98fe8da3a8501a46bbcc8677919c17816da5cdc2ea5102cb010bf4d812473685f164fade17288418b449d7eeb809a35ce15c6366674fc11cb51
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD518bcbc4926d7f54600dc509331e49498
SHA1ebc22631947fcc68c33f30b5d2f72462c1713d92
SHA256a57736a41507cfc7445c3acf5d44dbba82b8ead3c4e7d7f5dc1acd21a524be62
SHA5120e89118f2115024911987229e305ec7096eaa68a55b030adfbbeef11e7071a551ba1b5e7c472012c52adf50607fcac9355352cc76d46748fa2052d8ea4c6316c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD53c1817b2b3fbb1062d7128daf8186515
SHA19a6023f90ee8f6c3ca47665b4e11600647ae0044
SHA256337a6a78f9df84e38cb7d42bfae147eddc724a15f30866806842b802ac8e5745
SHA512980da720d21262c5e82585d85c19819a06c91edf3412d5584ffd150acd67030043758356d86036eaf09147b283108b9e4cc46a8a0ce2c80ceda1a130001b5f3e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD53398153b7aefaae82ae97cca7cd0b439
SHA1bae2aacf5861f56ebfce9857d62c8a758db1d777
SHA256cd3c8e5e9fc353802d070eeb1bb3c1b5124257e4800bac017a7af8e8375c753d
SHA5128712aedefc4c4944697c275d7cc5d08b8f676889dfa3247a89eda04be6e889ab19d78ddf6634546971c7e3786836e8fe645806921e2145c51809bfddb2f47032
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD571293a3f435ad790129db63a8ed3e0f0
SHA1a08edf325dbaea67e4d77bed0da86abd03936d77
SHA2564562243d3231086183eb94dc9ec18747072baf38b3dddf2da8d81bb5a3d46dc7
SHA512f12218a77ab211b5f3ad894a505e5c80609432fb64beab0d89770c209e4557df66352c1895d247fa514531beaa1387b877da910ba633ce89d8707d2c140e9ac5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD599bb9cc2eec4fc864c2a067b6dd34c41
SHA1888090195ad60c52fb5179c193b4e41e9137112c
SHA2564667cd8363e8fd9444ad067aa6b10b9f35189c6b9b0c859753a4c3e10e47942b
SHA512fdf63d7741c4233e1e8d7bf58c28d8b1c3244ff4f7bea7d9fe5b1682b911c3a06d824024d9b3100bcc7ac64e244a774dc9e8c761b0b7cf901a11dafc8e9a7020
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD584e3e38577a1b62ee8291e8d2fd0339d
SHA11c2d12eff71b260fd144c447f4c0bf8bcf90e746
SHA256c3c9e48b17026008bb5cb4cfa95027ca543facc059268080e2553452c9f4e414
SHA5128d7cd5eed594843e89a1130f6fff54a908c36bdfa3b3798f29ccea3601cc31567fb3c6db9754b5cb3440c1ca1b09b7d0fd189778909c00ebfa4a26c1ba3db4cb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD5f1bf9eafb833a17d69dbe0219e0445c7
SHA1868f063e5db21c9f8b0c629c0a6a94707794b236
SHA2567e9666055e954dae0aa24fe7a074c1d859207626f8f2c17b4a0e69f37d48a62b
SHA512d599fb2154e0f8cbce477d7944bc4b039ffa056496023183b5d636354b847fc5adc5064553636063938d1496bf3ce3468fe960c4211db14ce41a2d136f2a6120
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD5116104271a2f78a9b1191fddfe3ee67f
SHA147d06dcc23585f02537faaf3e1e22e02fe99dd95
SHA25604744628207e029010dfdd64c3930d8615e3a54701a20b81bea22cd4d7e580e9
SHA5125dcb22090718a903b1953bde8812d0ca83a2a4f78956c9ffa56fb9c92c6a7e1517ddfbd05015740159d96de8d2c4b716e6fef9967824e96843d789c84a47ab1b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD5a6195c5a3b13d8930154ac74a4cf3833
SHA13f1fab3ccb9d38a19cb230727c14cce9130082f8
SHA256e63d2f7e13ac64f7cac9e190265bcec8b7e3dbb9500a9ea65d5ce789f09ab7d2
SHA512e0212ea5465e77dc0cba3f7f3d973dce08a747b45c3db9c5e3c9cbe31f4b9f02133e9b61754e7f7ff0f4167ae83165ff754ffad28be9f0438618a62d46f44129
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD5fc901261ded3345acdeccb8fdb304794
SHA1751f24a2506719eec9382a5e47084ce429e7dab9
SHA256c38369ba5c46669ba50011b63590b08948e08e6569d55580ac9e22c4f49c67bf
SHA512743ada2963ea1ef444bb46f99741c0c0b0945b972972a54f822816d6d423f53fc9ee5baacde7ebb07b30736b9bad45314c0a6192ca546b9dfeb7b18575d1c383
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD5dc9d3fe7338c9552b6d4f2ce976d08cf
SHA10d6ba3fa36b2df24c1ab9fba2c42bbd6fe589b39
SHA2561ed19d34d6e0126d6ad714d5a3e0370652ce304f44de3985b45f466e5ef2f946
SHA51257236bd588c57d41ef40d3669d0e84bd4dc559a6655dcb526ec6d7fad36c28eef2843e63d7034ecac6a7952a0c3477568615ad912ba82c16553090e25b43c1c2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD5d19052c0c10770b1cf81b3a3e2bb2a48
SHA1dd94d876ed1e654b539020d8f035cba5cc05f41f
SHA256caa55842865b7d02aa5112d6396927c5fd26c53e783c04ba614addfcf8652d75
SHA5122b1eed75f8e6f256f941f00dab7a6517277af138743278dbe6a450d259a3588bf7ad814a063e9d3314ff851d6a7a0b4a7e08a3d46efefcb8bfe9dc271dc6c4c2
-
Filesize
580B
MD5fc512a89bfb635f3583647a43c22b307
SHA134d2e80bb825d60e25e96c4330ac02d472fa836b
SHA25608ea29dbf4c40435da72276377aae33a712c65ba6570af823930cdeda4a053e8
SHA5125e5d21c33332efa9bb92b4a98638ffd37821a884cb407b976c0cb6e512c973b71c0342d0f09e837b3ebb2061017d701fcdf54ec2da3e65e80e12a7ebd2ba0327
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD52b619392cb3fc4e95d626621bebffd6d
SHA152531f8556e262cda75947cacdd9b2f0a2b4b402
SHA256e99b65edd6bbe49c80952bb8f4b57f83c35cf5d58221132cc09f07757ad5bf98
SHA5127790ba0781d0f319866f1fb627a13726d14352d87f319ceee54ce98333cd6596967a6f12df98a427eb1fd4557c36c6110724ce76530411d08556fa07d4ddef1e
-
Filesize
625B
MD50089403d629c3157f560ba695750f07f
SHA18e96595629aae43236cfe52b63693fa02ce401fe
SHA2567f86f43cc87a2870e5ffc01cfeb8f965b0c056ba3806d42a9c1f847fc334a60e
SHA512d477b5b7e58f436c258b5747101c33be53f34cd58113b1e2038d215a5f8f4619b6b7f92715a718e17ff89f4e00c5d7762cdd7803b5297f0bdd6898028fdc7331
-
Filesize
873B
MD5730a6e071c6f99203255bcf0bdfb38ae
SHA186c8f98e5769507910608333e2abef050b7bea53
SHA256797d66c2db362f99a6fe2c2018bf1179e60fdf325135408d1229fc75bee9ce09
SHA5127b332f7e0fbbe5e2f8b741b2c6bad82f8b2c3852bb7aa7a2ee93f863fab31328af42e8f868bddd17887dd40b89e7b64a71fba9980f9e4ebbd9c4319da6774760
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD5e8b9a642b90cc1aae3677cd767c9091b
SHA1d16e0499f1c237af8a0838dfb6c471449414434b
SHA256f1980fd2033dbb44c6b13a07b2506995cc14bd9312280e82a4677e661f11c0c2
SHA51240a8d3731a592f2bceaa56594bf6be52ff2fbabdd2e18b6532129e3f965e3158395332510d561686c083ff7fbce41408f211af7eab3b2a9b85293a3ca0881578
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD5caefb2e28f527a3876d3a9043badaa28
SHA1cadc1cd599dc546418e97dc051f5fbe2335b32b5
SHA25622c51d2212eb7ff37e7cd8fe08b0274f36d4bea96f8436f66eeeef7c0d088b45
SHA512650af14b51c5a4dc486451db618ed36692c2f33e9f66f91893c337175c4f8e5382fc20e9adb3b6489d44765069e78f8f23a792476a30b0c300814b66e45f2fb5
-
Filesize
615B
MD54677b42e50b16568b8f38558e4e421d2
SHA1c9337b9e6085e2f0b6147954db55cfc330a5e187
SHA256f4572cdf0b02ef3309b27458fb61c2894414a037bf36897cbc77abf95198fb9c
SHA512434992290d7e99b10796bff01ebd20b8dc61a3368782644aad43e999f7e94acfd82935f40b1c468648cd5b8275b10bf60f87591c8f564af2fa328cda5173cd20
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD50f8df282d1b568b5b4357208a1b50a5a
SHA1da8bd4d3353dc618e31df4cbcfd469a9d3b00b98
SHA256af72a69b83d997f90f7f5df351e5331426d1527d49a21aa797c8e92704465f51
SHA512ed3bb501a8a1e374e5669edd930906bbad48da08e5e638b9a076096721a2325342730f2cf7eacaa7dd311164b5cbbb46b211213cb2b5a552ce67990001e4086e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD527c8171ce8c5403c52dfe690f7c38f11
SHA12634165778b364f7cc34402894301e29a1cd4987
SHA256285e86d8b2b40e6760ecdf0d7c55d9b3c93a41d87c15c124cdf7be7995717f57
SHA51241fa2a72bcdd95c3b8ad900f5f46274c49022cefbd7e5fe498b83f48fb6356b15ab568ae2cec9c524b7769f1264d8f52928ecc45f70f9c4ec3e8f45c6b448167
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD5ef8a4734c36c92a85252fbeaf087781d
SHA1446729351beb1c912ce2f75119c778683ffee7ab
SHA2566c59142bf4b581561a87f038d4d6d8263e15e53f8b0aeb0cc7c53ed4a763029c
SHA512bf32e05d5119d2b02e80796c467962b981e640907857878c7405ef1df9877ab70e8b7b7d74d6cf7ebb821711ef00c5b4ef80098bb55180f3cf3ef991d62ee45d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD5eae1365c616d7234343f547f62b146bf
SHA139d16005bc5a1d49d612057f706459bd60d82e41
SHA256b2a793bd87bdfcaed5894010e240c6f53729a4222f33ae782acea20608631a55
SHA51272990ede91b7c5616a8fc83a5d2ca182da94e7868e12f6cca815a29a3177695718513361ba6b08b3ec8ce8ff1fbf9ef3e84ca4b40906361a9661f33ae79ae53d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD5cf238c4ff8f1dfea226f3964eb0a36cd
SHA1d0fe0b5570e80c100ba54dc7774d29c740f82d0f
SHA25634013bed61811a7377b0ebdf090f1eea33f4716f3dd6a259237da54b29b8a2da
SHA512c543811d26bb1ed4d37b761f2316fa49b492d9e22b99ff49e805c12347c07b1a673b948b8234233342138bcf9baf2e7d78bbc4fd7d7db369bec209c5ad4459aa
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD5a228ff442dba2a398cb4071105c2198c
SHA120fd91cf6e8ea8eb1f57806c245ed18e4b0d11e2
SHA256081c7b10a1ab3079089ebc846d3ff1b18ff47f90b22fdf5b59678cefaded61e1
SHA512844c464069131c164e0daecefc70aa12a1f405e734bbe221915cd9682c79b8121ebfe01d21f04090b4848eb4ad4d575076d06c6d6c82e2dd53a7b3cfb796be4b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD53b121b2d5620e11f1abaf2c3feac32ba
SHA11caaa7d51cc6b76c5c382b77f5fa15767d0ba12b
SHA256f456a6b1ff7e9a4e4b3964a15e98adb1a9722a5c6fce5e952d1886aea92bb4a5
SHA5123fb4fd2d802b9369b53ae4c3ef9b995b4290d36dc97d4a88837062903b1afa398a1b90f7f2b64d6373dc14361a858d089f3b57578324ee3e69924b126c9a55e4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD5c8b42d28c2e2fd3c7f7ad03ba41af003
SHA178db8049e82f7627b74b6e2a712cd4af58da2176
SHA2563ac8ab61e35a0f15cb90b5193a61a9c9767a8e909e6e897fd35508ff5bde6a6c
SHA5126eaffd0e5deedc92502dd4a0b9f383ed41ff684ab6b53206a5c02b8a3c0ea0d43dc9d9632b9bc5df3353d00f74ecf5694f2c635b2515502ed857fad1ae68a37d
-
Filesize
153B
MD507797ab242184d32942911f516782812
SHA1f3418bf90cc256924b5a97c74cd2266016ebec6c
SHA2561ce25e9a5391e5aba36ac47e72b961177f679fbfef29a341820e5c91ee356dd6
SHA51226c23dad3d357797aab6769e75880b06854bf808da1549cf6bf7b21f1d85354d356b72e9c20f76299d9f31a40b2c418bc1df1defe40c80ef4583871b804487ba
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD5b4f9cdaae85169116b3a7a6a22f629a7
SHA11eec17041c6743d38c069554d45c71acc111940d
SHA256226a9d1c4257b2e10702272ca6d7ba55ab06318db87728899f720e99acda98ff
SHA51277f649b00b770ffd9321ab895b9d7c48db03da921dd46b05aa7ff2125ab2526390551e9915f583809084475da98be0ab85c47f1c3ab6a4015e2132ef529bba68
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD537636915a1de8b5e93013ff3274a0462
SHA1a2ef782a773070f98f7c8a527f2c13149edec8c6
SHA256faa6293d321f17cfcd439cb71158d9c51a12ddcca61c0325ada8c6e008c546a8
SHA512e3cffcd1607ab7e141334728049febaf5f35e41d2b3a89f4c788fa9d98bbf69b21f16a5c7d4344858335aac20866a3177d0b425c98c713783a5edf7a4928bce9
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD50aeea9e5e8385b5be7466d4e98b7157b
SHA18a82dd423f0c09b736788761c1399bebcd3caeff
SHA25695abf44ca1bbfdd5cf377063b721345e2dfd33d9fb40263d4f2344fb33d1bb08
SHA512b6551d3abd408c345a5acdbb57753e8597a5896b08c323f85095ba8d94b1350ac4114be246fd600916699249c29a68a4aa85575550cf12d3fc71255d934ba92c
-
Filesize
109KB
MD581ac17bad12c670038a041e9e7f4828f
SHA16119decbaddf83546923c7e085d569f4e711fd61
SHA25625efd3048bebbeb4cc7a77488f985af080b637c908324ca7492959776c50ee03
SHA512bb58ef635b5166175f528a7b3bc97426ecfc029d4b66b7878ceae7e53f6e93899b0185d7fd73f4ba8950e6e70e429914610b370e8512c19ea26f803b3e75ba99
-
Filesize
172KB
MD52e5c4ae73b752a6efdcfd780d957e9bd
SHA1c2463e0ac6235c9114ec7c969be46bafabfada24
SHA256bed9dcaa0962c4364b6e7db977651a2d6bab8c33eaa8fb361b42b1b188c5cd63
SHA512406d8b41330f1b72328a43c333c107ca3d32a5636c3ba5693d43e416b5c704c2a42b67f15bb974e3b18b1bb5376b0f25b31b4d58459aaf58c4f0a7d562ede77b
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD57583627c75f7f76d6cd03e73ec82a0db
SHA1696a873d519faa01b308515d60624360c51ad565
SHA256682b51fa74c2df216069c6fb05457c43e0064e53bbf736b1a1ac6c5409b73609
SHA512a9ad14d1e285086bf0370ffebb5336d0a781cd276b9442733296634e4567145897fa31821c3203e5f3e48dc91dbaae7d9d3ee38c41895506ee76baf6347f5e49
-
Filesize
21KB
MD5ef8c4659c47467ac184e2feb850d661e
SHA1ed83f64e5acfe241dc3c987a6f714473fe3f9b4f
SHA2569fff7e0e49b531069c3373df3d9c19161f0486afff520242aaea47de703ef198
SHA51259dcfe0e39623436a503c25245c71bb5a4be084d106ebb6596e9fb9bc445bd747197f894879e1af61fa6c33c50a5be47fac42180c35b9fa8454cee175db8eb9d
-
Filesize
1KB
MD59720d66dca4a5ab0541e5ed60590aa8a
SHA160341b1cbbba6c84305766eed22852d889682737
SHA2563cbdee50c5bac9b5cd819622d596ee5d4fcbe90e5e960d9e88017a25db498188
SHA5120bdbbd0cdc1735fbad073d23e4da838ad06a4237a3d040353da5bda62be8039336f2f5bf1283d3e99b8d7fba16c67a4a85d3946cb59f68a64ab9afff8d453cd2
-
Filesize
952B
MD515f925a1051497b44115d44f2d8ec63c
SHA165b03d9d384193802d85becaa07a6545e828ea12
SHA2567973e36158c2e4ecefabc2545924fd997d304a618e7fa2e16d131b990fbe8a4c
SHA512eeb9ad52a1e90e31544fa53dda0bf5f49f0ae10370ebbc119f1c8343862bb0d72b389aba2d5f8ad7963c383ac1b089a98e7902146c9e92d1136f2bbc6914e08e
-
Filesize
121B
MD5ad3da2485e4a15843bba9cb677e973dc
SHA14151b9ffd2aeb40c4d55c5175797343a4a0679a5
SHA256a05037fc701177ad7ccb3285a752021d8b115e5e4fced14ed67fad19153539e0
SHA5120c76103064b602e836052708b5346419db5ddd7f52aa2db8c3c23c74d84b81c1464b77d956d5b084411cf0273a82d853211c0bb7bca2cbfa72f8283175b79d19
-
Filesize
1KB
MD5e8c606ec48165ef4d26c8b89950c5956
SHA1a68e8b367073b71f53ddda7d256f5662927eeb1a
SHA256229fae19f8c45904844f2583fcc886e979b42d55dded0e348379b390dddd6b9a
SHA512f472b6754a760bb41dee6f25e95ac6f15d14c9feb9c3ab2db7427032600bd81f4e021c5d21b472ea1d249c53b6a0289370276954c7dbbd3f759349ef168e53f6
-
Filesize
8KB
MD5e9bf2fb41bde55458b83adbb98da1c16
SHA191ab4d7c5a369a6874640ba6f725bfe8f9648cc7
SHA256fdd76377d6ab5aaf06f9034f7d707773c9a9113a775dc4ed7d2e5486d5e8c216
SHA5123e92d06b416c7d1807097bcf5a32fdfc20afb51160d098d8472725ba6ee66f722e34144de5649a6ee67108b653be7c00af97f6f54ec7f1e9f8268f36f80fc46b
-
Filesize
61B
MD5ada540f194c21c506926f81a1c861443
SHA1b3346583d5a553a40bf25c7837aaf673720a6d02
SHA256564962b63a09b331f80d8dd5c5fcf0b642d4a3854f4030ea6aec4417f8f82d99
SHA512164605bc650432d833f3bf36003cbb562adf5c2dbf470b06d99e0df0689484d35e61991a05eb239a9fabdea237bd7920166902bec3b200120ae9f54393612ab0
-
Filesize
914B
MD58a8ad83d2c5bb02aa1fc2a72644d4796
SHA132d34b30cf6bb18e45e66e934306733d0f83e8e3
SHA25630fadc62587e07545661256cf7168d65a6dc4da4a98fca59ddd4072e9df19fb0
SHA512fda8b60034ede605502d1c2ee56cd05ee1b4c8e1d617a7dc15ed8eb26c44280d0b49b26494edc879c088d8765be3bdbd066866c5ac3970b4e7bb9d694650738b
-
Filesize
90B
MD566f58f41664bba9a8c69c701e8f0455e
SHA16e899128c0f76eaf6ec7b53e0540a5cddbfc9b8c
SHA256b457a090f5ad7cfede7fcab21582a7417a753ed9e0adedba634ace6ac3b79f98
SHA512552362e659c895272eabb7997c88d87e95190674d8fcbeb19bf57f8efaec18e9f50a8bc17c7181dc87ead5f05d02d1406d68346178bf8e8946589ab811da8624
-
Filesize
90B
MD50b0d68ad8601a20761b81e4eeced038f
SHA1761ac91e1a6d4e1b177bd0c38462c9e38013ef33
SHA256ae568ebad7e76297027be0bf292482129d0821b3d38a462bff3f225f69c15a1e
SHA5123e13e23966e207a643ef255d2341e2960f04f05f47dab7b12bb4079f5572e789f6fe1a0f0519ccd684b4b203cff1908193e660d13a0f4bbb7a16a3b5426ffb96
-
Filesize
328B
MD5370285afe59736fa5e7f9bcf4e898a34
SHA17dc706b94fa55d539b1f90c402a24ce8fbdf2e37
SHA25642c7b2698d9bd065e1d94b359c131c4fa6474115bf965b7e4cb0ec0f7230f9f4
SHA5123e8dadb2de4d79dadbab0d0e017f8ff17824424d57cd51485aeb5327076c6775b1d0fe6b0322ed661eb0de3ea7607f6d3a0a446f6abdf9f4413017cc49830f9d
-
Filesize
1KB
MD568ddee75809d72e414461587227dea47
SHA107105bbc8146555a847a99110bad1b8b0dbbd8ae
SHA256ee89527ac0c1476e515c9308ff0d8789b286a0d6001359a5a0b4cab34d244502
SHA512aff073c3c9b4732e824e094349ea1028a43c54f56e855153a4b3c1c7dea88a1d6ef384551cf95c9e72e2bc5fead6f4676310d00334f2377f02a02ab251c9fa1b
-
Filesize
162B
MD5f318eb11789398f8fb0e73057d237af3
SHA1fdcd2a7277c1e56cc321334698c2b033f7ace214
SHA25620e587bc2744c21c74c081883c75838889dc9d5d532dd37996f43a799653d545
SHA512cae8b0b9483fdfd462bb64fbba8af75c44c583cf2f80a1cd50d79b374dcaf977fa7b5540679ed613834cdf7c1a4edc9a810b251c033fd6fe2ccbb78ce372ebaf
-
Filesize
586B
MD5e318788f85cb9164b2499e22c4b0c1be
SHA14ca6ece87a7eecb2c65cd83dc3b2e8e95b2014c9
SHA25669f7e31bbe6ffb1b5e3ed2950658adf65f78920ad92db2e4bf5cdaca29e99ae1
SHA512bd7519b03fc31de82854578e88116368da0de20a36420cbb50cc1a1cc87251de7b66d6a43223c8eb6c6af67e634fc9c1e7e58678d829f92c33dd31f7eca35c68
-
Filesize
124B
MD5c85fff50f841c31085a7d403678c425d
SHA112583b9ac3554bd4d7d394a8e3e8f803b2d4ee6d
SHA2564682f6d971e971ebed329e361b5fe2b74822cbd17cae648523dc39e226378a4a
SHA512fce06d8bf96ca12088ad865061878df204818fb17b40e82205bb3ec50e5527781bba29a9300c372287dfb0b8160bd2964cb2c958397315372c7a42973e2a9a91
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD57cac430bdd468b107b42232954b2f1f5
SHA1878a819814a66745f27f73cb5842002b5d5c5399
SHA256a6b83d17d595f8e63bb90a5623759d237272554bfba970659d58a5b6416e11d4
SHA5120298f40525528a27cd2ba7abf1526d81a6000cc66f1cc9c3007226921a0ebf9f6eb146f454371ac5659098602a418e2526780b5e364b25a8c87b489dca997a1c
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD5d16374cd2f631338d2098aff4a025907
SHA1c0e62f804cd1d5337a48593ef8685e315cdfdb48
SHA2568f8fc03aa1a9d3394cfa08b0c52d772ff524726ec32b117cd946cda9f099e601
SHA512411338157019d9f55ce0ab1d29db0bc66ede023b42b5aaefff159d42ec1a79cff179de19af98a281dd0651342b0b076976d7c4134dc068b984612fa2b182be3d
-
Filesize
8KB
MD5f051106165779ce291097b5b0ed30cb2
SHA1d2a3714d7e25d498ef151ed506f95a37bf90fc66
SHA256380f94ebe5c38d6973ab89912e4304f7d89ba756f76aea1ea9efae67d53ddc2f
SHA512ed2c7ba83104af5756392b0570cd244e3b2b7f2ce263a152977bb9c2339ac20d3bce6f092317a75d914aebcde2f224dcce7b934e47c481e7315d98095730bbf6
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD5e4572e2ab034d69e4da72fd7dc5fee99
SHA1d251d83caaea882b3600f742d06f55c9e86aeb0e
SHA25676224f342de32cb680ccf302d5622684e5ee720b17029512eb55c8a75dc1a350
SHA512c5a5bad5699ee95e73b38263b9c97930edef5eee9ef78c225636902ea591bf1b070dac6d7c559bee4f845c1031fee1147e29c24e816a7bbcb6c102b491335bad
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD5f318e9d816b2af90ebf0511e667e9f11
SHA1cb6c088503891765123a7ce2dcdef3e5760f51be
SHA256e8f364653ba7fb0378e125acafd98e315fb54906a1f3a5d3cceb87819e14bce4
SHA512712096eaa57cb2254c3a0e04458c9c7ef6e631d0ed25da6d3e5e8de05c5db12b2b79d0486d3d6ca034aa039c0fb52e658182adddfdf1015a7671bde1a6c09e40
-
Filesize
880B
MD52d6ccb3835e498ccf2423f9a9ed3027b
SHA17c16988d2d467ac91c44103e2f7f96f38bf54d33
SHA256db9f1542f8f9e97daaf2831ca7391fac15562ecd94fd2c576547df51b6e35b4b
SHA512d895d524d0cc45eac1ea71dc1fa7e730b15b2fa85fce787df592fc635ec023fca8317fda413da6e3e42efcc62bb5add6a086949c07122120a9eaa106316fe129