Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
29-11-2024 13:36
Behavioral task
behavioral1
Sample
b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe
-
Size
12KB
-
MD5
b192f0ac4484693585a0c94b24bb029a
-
SHA1
caad50caf84311e50b30fcd5e17d8f470dafa44d
-
SHA256
73760d7b0359bdd510fdb927a6647f7420aba3cf1971dedefc8733ad0887b0f1
-
SHA512
9ae776954230eb5ab93af0d9d2f275baf4a144916eb3736b88c4a253e6781571752333d5514a6c8b60942ec967d69f43ca4422e5ccc3a61ca04d49fcff7112af
-
SSDEEP
192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMCw+2E:eebFNw4Pk1itKkpAjjI2YpdmCt
Malware Config
Signatures
-
Renames multiple (2188) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\a8ZbtwlKDe0ug3V.exe" b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_neutral_ae5de2e1bf2793c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmoptn.inf_amd64_neutral_be2f30f68f2a5567\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky304.inf_amd64_ja-jp_1b1a158086a263a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wiaky002.inf_amd64_neutral_b898f5982403f3cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\WCN\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\brmfcumd.inf_amd64_neutral_db43b26810939b3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_wildcards.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_escape_characters.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_pipelines.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_join.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\002d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00d.inf_amd64_neutral_ce7a0b4e23e432ad\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_objects.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_format.ps1xml.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_environment_variables.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced_methods.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_neutral_86bb50f34c49ae71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_If.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\1394.inf_amd64_neutral_0b11366838152a76\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\Engines\SR\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\com\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_do.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_transactions.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_WMI_Cmdlets.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Switch.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Ref.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmiodat.inf_amd64_neutral_839e9ee1a8736613\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_neutral_4ca64d28e1be8fa9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Arithmetic_Operators.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep00g.inf_amd64_neutral_2926840e245f88f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_execution_policies.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_do.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_job_details.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Core_Commands.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NetworkLoadBalancing-Core\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Assignment_Operators.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_WS-Management_Cmdlets.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_neutral_cb8fa151a7b7cb80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx006.inf_amd64_neutral_cc725426972d1293\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnnr004.inf_amd64_neutral_3319ff2548f89fd8\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_environment_variables.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Ref.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\zh-HK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\IME\imekr8\dicts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\slmgr\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Session_Configurations.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmhayes.inf_amd64_neutral_507db5d34d7acddc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_PSSnapins.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceYi.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous_partly-cloudy.png b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\SectionHeading.jpg b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.GIF b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_down.png b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\FreeCell\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_rainy.png b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\background.gif b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Program Files (x86)\Windows NT\Accessories\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_few-showers.png b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Program Files\Java\jre7\lib\ext\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01734_.GIF b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Media Player\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\TECHTOOL.GIF b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\icon.png b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\2.png b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\36.png b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TipsImageMask.bmp b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\clock.html b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tr.gif b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\J0115856.GIF b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Roses.jpg b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01749_.GIF b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_mid.gif b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_disabled.png b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\INDUST\THMBNAIL.PNG b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AppConfigurationInternal.zip b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviewers.gif b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.JPG b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Program Files (x86)\Windows NT\TableTextService\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_left.png b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\43.png b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Media Player\Skins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\weather.html b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\amd64_microsoft-windows-a..ce-router.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c6bb35d9d79285b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-ehome-tvratings_31bf3856ad364e35_6.1.7600.16385_none_89dc299f2815415b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-privacy.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1fbdde5288a38c8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..figwizard.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d82b2b365a0ff826\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..-mdac-oledb-stub-rb_31bf3856ad364e35_6.1.7600.16385_none_f1293e82d1d4041c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-sechost_31bf3856ad364e35_6.1.7600.16385_none_879933012e49cc30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..i-asyncui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_34ef8fde742ef2a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_tr-tr_30c90d194f949041\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_hiddigi.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_356479dbe31ccf23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-setup-events_31bf3856ad364e35_6.1.7600.16385_none_ad5ba99331846e7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-view-provider_31bf3856ad364e35_6.1.7601.17514_none_b4748e117cad32ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-session0viewer_31bf3856ad364e35_6.1.7600.16385_none_483083fb94bfc714\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..cyscripts.resources_31bf3856ad364e35_6.1.7600.16385_it-it_00cd30feee4af5e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-iis-w3svc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cbf8f40c40bd6f57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-r..nt-v1-api.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_bb256c6a76019ed4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-snmp-mgmt-api_31bf3856ad364e35_6.1.7600.16385_none_51d5fb6b0198fa85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_7.5.7601.17514_it-it_b5d55461741a2911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_fdc.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_698e5b1ed44452e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..plication.resources_31bf3856ad364e35_8.0.7600.16385_it-it_58b76ec26a6abd86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..ibinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b414fb9014de0a2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d34b7c772c3fe85c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..ecounters.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0e340fffbb256f19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_459a170e84540228\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-devinst-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_03bba2d449d639e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.1.7601.17514_none_78befff0523ed483\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7fddcd6a1ab604da\settings.html b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\policy.3.5.System.Data.SqlServerCe.Entity\3.5.0.0__89845dcd8080cc91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-getuname.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ec6f8c0df80bc28f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..es-common.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d6a0d554b1ff067f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-wallpaper-nature_31bf3856ad364e35_6.1.7600.16385_none_d5909570704a09c0\img4.jpg b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..iadrm-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2542176634d2b983\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft.backgroun..nt.module.resources_31bf3856ad364e35_6.1.7600.16385_it-it_77e724931dfeb870\about_BITS_Cmdlets.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\Media\Delta\Windows Logon Sound.wav b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-dims-keyroam.resources_31bf3856ad364e35_6.1.7600.16385_en-us_159bdb5559707a80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-meiryo_31bf3856ad364e35_6.1.7600.16385_none_d054871761215689\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_script_internationalization.help.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-profsvc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_19c02f902f46df9c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked_black_moon-waning-gibbous_partly-cloudy.png b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-x..lugin-mui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f828566d189f067e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.Resources\1.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-mspaint.resources_31bf3856ad364e35_6.1.7601.17514_it-it_a7377e3b74bc957b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-rasserver.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_ac18c667d7c3743b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prngt003.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f76d2e58e59d36fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\msil_microsoft.powershel..agnostics.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_52aec008c7bda950\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-a..mecontrol.resources_31bf3856ad364e35_6.1.7601.17514_it-it_6bea2b15c90be7d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..tingtools.resources_31bf3856ad364e35_6.1.7600.16385_de-de_beb7a2a8ffedb99e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_msclmd.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6f2b379dc13dd175\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\msil_system.data.linq.resources_b77a5c561934e089_6.1.7600.16385_de-de_4b5d7fbf7a2edfb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000451_31bf3856ad364e35_6.1.7600.16385_none_4336a40a7de94056\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-cityscape_31bf3856ad364e35_6.1.7600.16385_none_5b48f43248490503\Windows Ding.wav b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..iamanager.resources_31bf3856ad364e35_6.1.7600.16385_es-es_241e16390a5bc616\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-rasapi.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8b788bdfdc00b9d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_28f060a37f09ef5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..er-client.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4ac16a21a5d19878\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..-msscript.resources_31bf3856ad364e35_6.1.7600.16385_de-de_25b9e97c2ba93664\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-w..ommand-line-utility_31bf3856ad364e35_6.1.7600.16385_none_a1802b822e2a878c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\inf\MSDTC Bridge 4.0.0.0\0013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-mreuse.resources_31bf3856ad364e35_6.1.7600.16385_es-es_70cce53eb52f2542\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_usbcir.inf_31bf3856ad364e35_6.1.7601.17514_none_fc6d9caf132197da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_hal.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c84fe059848f0a3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000480_31bf3856ad364e35_6.1.7600.16385_none_42c4d8847e3288b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netathrx.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_776fdbd5fb947471\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CMWFZFFXUTMEQIC b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CMWFZFFXUTMEQIC\ = "CRYPTED!" b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CMWFZFFXUTMEQIC\DefaultIcon b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CMWFZFFXUTMEQIC\shell b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "CMWFZFFXUTMEQIC" b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CMWFZFFXUTMEQIC\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\a8ZbtwlKDe0ug3V.exe,0" b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CMWFZFFXUTMEQIC\shell\open\command b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CMWFZFFXUTMEQIC\shell\open b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CMWFZFFXUTMEQIC\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\a8ZbtwlKDe0ug3V.exe" b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\b192f0ac4484693585a0c94b24bb029a_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1672
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
282B
MD569a98ef655778f1cb3764a923acbae80
SHA122683321e95c9a631039d15fc49ac5d3e639ac54
SHA2562ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2
-
Filesize
341B
MD5ec6c411a2b59e2dabd12c74f7384f234
SHA1d709dd139676e064316a945388f6642f74424c96
SHA2560d4c96a30f322a49d663c1ee90476ef8a2ea215112653c470b791652cf5ff2c7
SHA512d815371afce51f100d331032ed0ce86ca7b47f77623bd8db3fad3cf118a6a3509ae0e325f55440f31d57197bd995e782d80fdd7e894e57bfa47039a9742a3924
-
Filesize
222B
MD52201731666581842044b3a19d17869ef
SHA15d62d85324694d6f02db856314ac26af83cccf2c
SHA256275fe1e2aeb201c96d2343123badb7f95e1d506d540f787310aeb373ea6f17fe
SHA512652a5135ea343f0db1d8d0545608d4705ff71f8129eab4ca28e98d99e5ec6192abd1befad26afd5e31cef0483f877d31fedaff99b010bd077e58faa21f44c2da
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD5b16c0f672f493d8f9eb185d90851b390
SHA1e1bc0c8d5f89389d296a5fe18e9f5c8109951931
SHA256ba35ee2fbef9849251b290a51eff03cc40b1a3b336f8dd6749d53cb62d435bcd
SHA512948746de83ef009074561a97988b01e5cbafa6fda9a88d9c1f7039285c187a4c455dc0bf74bc753f62f81cdb22ff0c767232358a97d7e4ec84a6b8677b78972b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD5c7e9113157bed6cd3e6fe9307fb5f8ad
SHA1cb2fffde9a139236eba5f45174819e216a315f54
SHA256f23942c2c27c4205114cca9efa4700600ebde028a4573467a447a8143920e45e
SHA512c879f6eb74c33f302a83c26a62eafa04ce55f7f30ba6488a2032c3c91b32887799a1308bd9d827a7ed9bce9c1cb0f75820b0ef433372c71375fe2036777abaed
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD5ba1c28bc19e576ff0290b77b4f6908f0
SHA1294549b6b8f037b751b0571bfc0b9b9c0917807f
SHA2560da3cef01851acf0f9c86cd600f933e1df048de5f2153534751deb8574e9bd5b
SHA5128b14899b6118fc1637f2577890930db7438c364d64c01dbe81779bd072d6f5bd3cc22bb3d91d7a4fc8a359a0035c886a7deaa6ebc0bb2530569e88c4370dbf31
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD57587980d8962dea2aa8d9ebb57dda10f
SHA1c179d5bcf699c0a7664f6516375a2dc9619fca33
SHA256e701842e7c9beff4b29d5387fafe559f1404818bb4e4860b6a89a04312d910aa
SHA512462ca481641c5a19cc5f63a77fb8a4438f55d162b44584e17c3726171eefb3f86fc5378a0123b9053d75b3c994b419e818f430b235c2831a9f2868a68f2f51c6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD51302e1cde02f99e577f73439089be93d
SHA19d261a521b67413d950187a96c6fc66a12a29f32
SHA256d6932edce00eb75bc5798f68fe2ec9b0cd7113356e69dd8b4f9380c87e7fd6d5
SHA512f4b35c20d08c133a835d0d87e25ebf6605a18da7233dafcff0811dc9f953ffba378dee9d27fbf1b2ef5c513d3c7e4c93f4cd5fb86799a152a0f7f2e6149b1dab
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD576a98de2d13bc1724a03c8d8c8ab32b2
SHA1a2c0554d81c685df2a2c9800d92140f44e9bbe62
SHA25679afe928356c56019574abc41059ae9e23840a785f40c3ea4b63d499a5c9f525
SHA512791815a2a8c278622bcaa2620aad6025e7014ca5c57f89f708a25f4c264ba757fa1563aaffb5c8f0579428ec13c244236694f789848cc27daee90b030f1f082c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD574f3fe8e4afa1687c414031a5a28320d
SHA1cc4a6cdd064d17b5acc02ebd639bc2726855e8be
SHA2566039aaba53719613c3b856c2f20c64594af180e580d8394a732ef0c03820043f
SHA51291dd21ddb05a878816282c129513612e836453b248b58e37646c3a7e245b3009a55a1c7e4c1bc4ffcf943ed61948ff52c40c99e249ca7c723680c9969baf7abf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD562be6978a34bcbee2592b3150fb83026
SHA106960d069d44c8d311b059d4022cefa3d239d883
SHA256ddad43c7ea5211bb2faf9c3dac02d59ab07dec52f915b5dae136f6b8f59163a5
SHA512513ba08edf8747781dd2c5a8be1245ea8a8c68c7da40b1da0028c9694d90f2175b3409bfc8990816df59fa68e5380fe6074779f5e0771c2e95b12793c2f52917
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD5c1976d12070fa82b639e21dac1b9dd63
SHA1873348a4004befa211b07281488e8458e7eb2242
SHA256085f704619978552415160c51ecd6c2ca5879cd2a8525e58fbdbb6d0f7612960
SHA512e7b9bbae41d6c72ca07e9285cbc5d35c24195ceb55479315bf9f2f37fd087c382793b5919c9e7a1f3a922059fb6f8b6a5b36a9a8129ec6d145689b5682a30b73
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD56a1a0aee6082a83c45f5282848d80c55
SHA17e14655ff7c5e380da9fa1fca2f9347c93f48ca6
SHA256458570cc8c50c149742288753c65483766ba236c1934ee3a95b76920cfee56c3
SHA5128cc31851e5ee8227905c432e2e04e33e52d9e8dc8046ac590d5e2877940d4b702909d034563df79f810d02931247cca2f04d1037638f0785ea41baa5c3a6d870
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD5e2da73fa59c25b3bae9bf8af2594ed92
SHA13204d44790d687f161e6f66688c237032639a7c4
SHA256e4c0047cd098f0d636078c5fb9e96b659447d3bd8ef549e046c2f69abb7107b2
SHA51272417a9661f33b7a41c17b3c3328c528debb9424edde0527a548b130c0a157763de865de819a57d67fe3fed43c698237f04d6bbb308e4072fb49337ca9e0fa8e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD5c1a389f1908e8b3a50f0e9a7acfc17f7
SHA16bad3dee348588085135cc643bb862cbc6f6f327
SHA25611a0cd1079cb0cc8788bdf49362878f9c2c3923e51c7059549f42fd9065dd23d
SHA512bd4216302398e9e757218f5089c1f252b716e708656085a59b546f384129004dec271ea7a0a712dc8d85f5b979e8be6b8f88c10cda00f782302d0ff80ce0b5d7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD509832ab9ed148045707841cd0de1b9bd
SHA1ad2da0e45de2f6ba7c9961f76472e3515f51498c
SHA2563f19dd9d5fef92e93398196630eee75f6915ef5efe521762a4563b351dbef484
SHA512565f77a848f6744f70658877406667a9808d421d4df11970d4cedc5a253f82b3b2299d4d5e1e2fdeb428504880a4bdbcd0f52cbd17fb7ea33020c95579b084d3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD54fe87e7c1a2afccaf939e6518f6905bd
SHA1b7a541e50534552015a498d549a8b36ac3a22d06
SHA256dfd3808aa71e4b326a215ade4c316c4267e71ff0a939c993c8f5c105e3b20592
SHA512dc1545fa2c5926186a6ee8cdd9b879d54cad445ebae9c270b5d374a23eeaea54e68f48d7426c3ff89a76ff15c9dc86d52a1e9ce9970852ac1ff9cc5cd1fafe95
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD5be68eaf39e212a16523bd097f989d67a
SHA1a42ed5c8e10df8e9c7e7f39e79c0e1b04fe5ac6f
SHA25678d273b68746c4e88b5f391300703b0396e8e80e2e0ab3d13fc5ca96dcce2715
SHA5122ae1201f1d441c0a28530b5c09de77a3acc4ac8cf56698e45c02d2d5a2ba24991739371ee5c9e20fef86fdfcd2551b152cf4e044989518514af7970e5c02c17d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD5e272c976257ac23d21903ab689884ee6
SHA1306f70c717667df01ba2265eafe8fe3fc198af24
SHA256b9168eac3eceecedf885e159b7306360e4a6a076b8dd7147ac4f031aefa573e3
SHA5126d93380a237e6a596add86db65853f637055320e044470b946f17bc19708ab57f082d69fe44520752576bb365b34cc99d8faba211a2c42bc9fa45ddea00af36d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD5ed0e651de396f9f12b7f506874215cc0
SHA1ebac3bc1cbf51aeb205f1e894241260a6312b04d
SHA2563509a44f6824ec917997c98886e3b35d60d61aae20e10dc5436c375e3034ba1f
SHA51221ef30f4fc3ce0ea6a0796a4d048f073c138cb948b3a0f852245148d753ce58e1023e88d13059eb30395feb49be996054e0bcd1791f7ccc2e266e49acedf11e4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD5e9db6da53f5dffd556f364f5766118da
SHA124dce29943dffd3ed320f780c8bde25551297e97
SHA25687a2aff134af8e335a8ccb835c87f99ed0ca80ad6bf4388af4916a6df9946c25
SHA5128497c7631f9b1f3857b01e1101e57240b0f93737f42603211d1a886d2162e6ebb90f9b2d38297bc3721c2cac3a683fe3e25f540fb3b7395b62126a3147b3c27c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD5170269469421a0893554553bb7f0dc9f
SHA1e3843fe5ae3b78736b97f4ea248fa2b571fd2fc3
SHA256bf31e3fbc44a559b07039ab21e642f7ce2bf8f01fcedda23e78a3c2039b002fd
SHA5124b5d15fd1247e04d40d22717c0c47697f62088d2f1397eb905b7c13ab5d808e5eb51db90e698ad95a0536d36f50944ecd8ba493fd3d3fd610375a4660bb97a77
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5ea9e49956e2c1f1b5b5559ad2b0508a0
SHA1db434fdf90f1a3c58c0bf171d9791a5d5e8dd1b1
SHA256fcef092532d811e8ed0da1dfcded99e5524728db08759ae36f832ffdc105420f
SHA512d793f23fda1eadebc9f82199b22851524c38394d7b9e8f825f8aed4f77235ae43ee06b1840ea5d81fee086f4d319b29dcd51f0674e20cc7f0bae1a98210bb7d3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD5b078ceea32bfc88b674efa8ff010254b
SHA1ac4a6d638c7005d0554628f1412a57c6b8212f41
SHA2561bd400c72d93f1c114ffd3195495d0e8701d3d6102876fec4b5efac58d38e0b9
SHA512eef6a97048ef22ef7cd6a9f7681cf3f036dad034ee18407a28bf80ea887fb71a45a6f9a85cc722136ea24af4fc9c58d280d5ddaf7fa65971900ff2bac98370e4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD56116aa8bf6b1cccaaa9355ea62a71cda
SHA158be7e6c1e3401897e1e4f83dc803fd9b683b80f
SHA256edab4a544c965a76637199dd3c2d353acbf34c618dadd12acc246dfa6a9c282a
SHA51280c9ed990d0a0b509b37bccc9612eee2c562590f8377e199e70716c2064eb1c61f72f6ff89c65936b70a33e4fb863c6df316066bd74093658cd11e129d95a137
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD55ee999038dfc7cbf2efdcc560c819ff3
SHA1c9fef753b323b913ce41903c6c245ce248432f59
SHA256b9f8d1683d91c3efaac15c35b6402548a01dd052a21cf929985eca546b256e44
SHA512f1185f1ae69214d7509e2bba623c1e9faf8cddec0e31a04dd825eab1b785a1d42b39da18dccd84bbdca8115493f2ea1ea4f1f0b1297e40a20644b54393e1498b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD529a2a76284e8a7a6995af9f8211973ef
SHA1f73761462a0ef8a6cf125dfaa6bde53cba37f5e0
SHA2560af37a4eee5aa359f98a0d4084eaf39068890ea289c802d4373ec54a141fb6d6
SHA51271106ab823e1a323687948e03925e24c19130e56c2ac4fc83280128d72547935e05840e50626d038a68c01fe0fffa077656333b3a15b21b92950e005ede9afa6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD5081feafb8a1823a8ff3cae31f87daf87
SHA195e7c836a71b7ae90e38a2fc7f12e8873fec7ea2
SHA256e819c1ecd078ff37203fe870247cc849a8d3d5bfb97d1b3712256fa2c4c5382e
SHA51201a22e938eeb485ee092c974299a97f8e888915a6533b04449975136ea15dc75160ed4264cb52bd60a32c6fd30318cd5b370aa72c538c6bddbf18e526188155b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD52293cf7fc66e129ec5984bc09dc09a89
SHA1ac76f04444aad41181fcc693068974e5e97c7448
SHA256a33a19ce98db669199396b87a2479b15ec4aa34a082613d20990450e99d3505e
SHA512cb926f2e902a496a790ed820fbf47be7286327b4d346837172e3b9505300adfabc06831e5d27a2fd2667f148a313009a8e78966460cf7951898a7397499b47a3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD57a4a40400c7f398af5b568046c84e0e8
SHA19b95600d3828eceb8bdd36a0c72b35e9135d29ff
SHA256e0f9992f2f5f947e057104d1bbe76516f1c04111b364f111441f0a5c99483bda
SHA51281c717cf04acfc875abb09f5bd0a0f717393aeb743a16acfe471d3ab781d63707db9eb47f74a792bd4d5f6ad827435ad93a7918c0e1a874f6da8952ed3b5d9b8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD5b2ffdbf111e04d53e04a4262664b38bf
SHA1ea905b1a0a747fde2e5b6ee8452d3eeeceb2f182
SHA2562fb5944dc5c89dd3ac4ca32f50eabaf7164f5a49347a1ddc640849a42b97f181
SHA51208ba136dbbba57feefae8b0ca5f773d6327b78cec3d8534205947de516a3c5262c6978b5f4e1ff44fb3959f31479236e71d76ff6c2a0309a221eb87428e5a1d9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD53491e595296c4f2569a2157e401d6dcb
SHA183206d69e6c56ef7f4c264366751a17c2392437a
SHA25626934aff4044635393b9bcbcfb68bf166e1395e0279a88e8384142dbf0691ea9
SHA512c397d6a595b7283854cc3778628b58601b0ee73514d6ade65e0da510784ee913d4e488f6a799e8e36e8c90eb93fb84ba5c21cdffb28494f99524349330923c83
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD5cb7f71364d28a1c8778cb69360efa254
SHA1dcee8f0f5c375a6c48f7108513fa9e6d219a4e33
SHA2568193812ae9c97b3b128c3079cfa8a425f43f86d4aa1828eb42b6ba24752cfa06
SHA512b8a03a4e5b739d5a2536ad4b000bfeef1cda3b81309c0d7e42e14ecb6096f54191a331379cb6cef064e9ee8fb2da43a1b410722bf404329ed95420714d365579
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD5248e6a7ee1c2ddd0a3eb5ee714d931f6
SHA137cbe79d0367147fcc6a7d43b3f94aed1dfad6f8
SHA256be6bfbde341bd668e87ffed2ced70fc5f65165126f8fa487a5b72f52e79d2dd6
SHA512493b5f38474286c4a241f9f421699231235807353b42a7c5902cb76ec6ff040c68fce9bee284aed0f155881e9beffe9ac7f23cb4382ed86e9af3675760c5d5ef
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD5d710cea38ac556702bbb3de53a8b6f25
SHA18562424e835ad544b9771cd81213a6b9da800045
SHA256ed3923d54c8cfc20617b45e2f0f175b0358fcdd4935e24976f0742b3ed079b5c
SHA512fcb54b29fc1c16c5a535189a46707de49f21e41ba2f8bd566d55855d5b040c91da5e95773705433d3c752c53529cf8bc8df81576f024574f4d3e1897d01289d3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD541ac75503b16f1ac47adfe87fe953f15
SHA13fcdbab5d737a716fc2595eb6133a6b93d971b76
SHA256bc5cea6fcf8f98c3fb8c8369f1a42d1f82feb645932cc34f87f23d521ee60149
SHA5120a31adaf76337947f5c191c04570c9a8dcbe7a8708ad4895c8a0157171e4afaffd4345e64af294ca8d4ffc83d075cf3b5f5d75ac467459430e8a2411dca6e1e5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD5e0471557520b54139c9dfefbe9f20149
SHA1f90b6dab0b5e6e8c01eb8975d454db87a86680cc
SHA256cce89d083f21e02a87b5c7ad5c7ccf24366faa238ee316967ae53d990d8f40a6
SHA5124909042147556fc460b11aadfd8f05420c5b8c70630f1a4b86303ce0a97227f01c3c08ef942a087c5ebe454bc4e4f71b14fc0aca4e4581904d00872964c898e7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD5a4a2cf23072188b61948566073c07dbb
SHA1f7e6fc8439b2714423529bbf16a6595d968f4340
SHA2562b6a111311c8fb8396bfce9cb7d95a9a3881893bc076abeba3e9b4acfe7cc57b
SHA51264ddb8a12bb1aaf3ad8bc10febd4a760a5bc77600ef332ed0eb8840b13a2d8d410e0bd945edce7a5992228493831b61ec31f5d01b5868f3f6fe47ca3a06e298c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD5a737ad74b5e58049bc53a7460b633bfc
SHA195490e967f7c097dfb96eed926394e55744ef4f1
SHA2563dc382bd0fb6991f42ac20191f8ec24d15d450a3d58796a8850cf8aee05a34d3
SHA512816634ca71288f925c6f0e32bc6a7fe215aa80ff57c7620990a117de048e9252725c75f026994c1f64bba7b621fa961c5ad27bad252b10693d693e8d548c1cc9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD5b638f82641473b3d685ab60c4e607270
SHA1fd0b6a04388ff97fd2d76b1b373b951757780382
SHA25641be1072883dd8714cad71107482ad656dfb22897681c85875690e9c17362317
SHA51275265c93c9cc3be0ef88da54c30d5c1a1930f8b24d5cfcc639a4205c5ff7d36bb8563ae4d3d7e3a579933f0dc62958f451c53aa558f1e0ff771e6852d82430cc
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD5bb7bd12f2b5114191bf92fbc7a44acc6
SHA124b0a0858324bd7601faa7146051481220708b6c
SHA25630c7b407884dd906d30bc9d025024c536fdc70d8469b172bff38b8985089e492
SHA512d26bd748cc7d6024dee399a2bd1d176e1198b8ae018dc677fbc99a363bcccc93bdd59b82c1d6284f2d97d1734dba6076669cda3c66974667b1a9482c4bd4a0a0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD50cf8d0a79d504575a699ad6e08056f7e
SHA134a2b2fc705d314dd19a6531d9ef2fea4a5494ed
SHA2560ae0833fef750345911cd341e084db43b46a674aab7b154dd0716e0337fac23d
SHA5122a8dc14dd8e93412985d08f205ce0f67e6e8584326bb12ab94a11e8e33d3c598415495bdd6c3798d1d3b19d5ddf5ee87c92433d6319a547454aec1379a67ca86
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD5ee4697961a0faca5db1a1d469d621941
SHA14415e4a997f26302c3d6967df06130ba5bc8eb59
SHA25631854eb46ecce8cb376df203b4edd418ce395aaf9d4c56fa3b6c26837a92eacc
SHA512eb44a71057adc854c37bae4a8e0d2bf27dc08d78c1e0a498de62081e00d91dcbc56bdeb81c4c1a3615141529ea5fec038e8b6f4f575836b2e10b3e09c3b280e2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD5831c5ff37fdc12fe3cb8c31472d46d50
SHA1b145836d8a92c4b4735a3f0b1571c819efcddbf7
SHA256ee08a4a30a1282b0e420d7796179afeb87ab25583c7dd5d2f3fe46345949e46c
SHA51297cb23629988293439fedf8e0de454bf0f1141507d60d0d105257ba47dbc193870f49bb09fede69580205e41076af5b4a2d15804a96c8c085dc37bf13f99c6a6
-
Filesize
580B
MD53fa07fd6a07f2bcaadc63720701e4496
SHA125bcfe979c5cde930b1ee32bb93653c52fbad986
SHA256523a5d33f206f002e59158f0b854b8770f4957bd36cbef1a950ab04522fe6ebf
SHA512d904b4b153b905b444ace7749ce078323e92ef53dcaa4367bfe8968afaf8165c08ad6a6778cc69406aa4382a57cfbbc3a098c4beebe73504b12a1b17e6047448
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD53e536f18ace07f32052332b458949b04
SHA19c678059452a87e8ffbeb6c29059194997591a66
SHA2568220903eff2f79a12eb973537e0e78b7373f1e8ff931c4ee3a42bfc2d2381698
SHA51284bc23176e8b2c28052c7d3e153938a172a3ceb36e26ecce614d133689ee00751a3062ddd339ca4a01a9f887f343ffdb4e29f4fe8da83bef6e9b7e31b973423e
-
Filesize
625B
MD50f36cb5582e8423226dd3b4e89e0c952
SHA111347201b442612df64f15ad42cb6ac2ae43d47c
SHA25692a39a4c6800fa5c1f7f7d119ab7d2dcbd0608f9603d5b93bd0c9bbd57db6d59
SHA51201373a20aa67221567a3919ff5fde5dc34e68978f6130b3f26f77a71d2dddbb4745be630c718b8efc2e75d17a343d1c7778f1d9ca74b29413d560c16900ad6f6
-
Filesize
873B
MD59a98be22540efef0d57aa41497288ed6
SHA107b6c6b15a6be9150b49331c8269f5b065ddf10c
SHA256725d675f7576fbe5dbf4c9a84d0076264ea413b69e62e683692769264ed77683
SHA512889cb9621006b63d1c9e74360aeada71a3fef91e5775e45b029569ca21e244c371b183eac598ca76d6fd41c573201eef58c9eaa7abdfe7f5235330f8e029b687
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD5f6abff059e1ec8d875cb5dcd26924121
SHA12c0414d43358c52ec884a30d2143e30a82b1ed1d
SHA25654cf4eac7fcd8a2b52edf80979e6a2fdd66bb2e3f079f108825e0949f4158ae1
SHA512365ddc8ce247f51342483caefd89c48d19ecf73db2dc33bb0bdbe8313b6b066b10930b46f86f62ee8957e896d6b1b132bf9b1c488bab2dcfb48a65ea776f7511
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD51ecf422def774f9f89e4d2beca791edd
SHA13e939e661c447d8c7a2533080bbbd70339e83edc
SHA2560a291287c3f5eb25e1f95a1498125dc4b31a5ec5bd96a6a0c08fa6b973971159
SHA5129c9e3f99e1a3f06bdc5d070514989d929feea2bb8911a2c4f8886968d77c1c514028209f14218924e469651abf31a75273052fe5f886cd06f04c3f84f9e1336a
-
Filesize
615B
MD5a0f5ee467d96b2cd6749e5ca48514528
SHA1f45c3ca420449d7b3f8dad3cd2a9bb5e8fd9c262
SHA2569c5a1bc29417fbfa4b6d3427b30105d848ba6b9984a36a532d2d590360b00389
SHA512d2b5fcb6fef8226e33308d565b23893d682f51dc4cd03a61d8c55d157299519bda4538b262af33e9ddedfab0bf665da49748d505a3a5b6d97a19a93ae5c09ba4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD520504ca3345f230a8552886cc84ee1de
SHA1a9c146f5f9c03254d2ce1c0590297d774f7b2c2e
SHA25641a2c3c1b9fab2e5892b3e43c59fb25bab36905b6a7aab1ad097bf13a8d9d159
SHA512993986ed1301a26bed7b445f76d22fe75156656c7776d3dd5b8f54041a5355a873cd93246919bafd6863093204278e4314ac03de7836dbb4ad3b80791718af57
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD5e2afd806bf982b78c3dc09948012b758
SHA10068b83fc2b42d9627ca8864dac5df2ed932ea47
SHA256ee5a7a1a53a7616a3bdffd5a8928aeda7b824615f94815d3e691c5da17d5b579
SHA512b76c777cabfe5d6c7539fb9826102ed62773c18ac77f2490e90c54c8e2eccc43250ecab2f101d276896f1b2da189b5f4e4f08de0c7193b94e02f43115f012019
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD5b70807ef5bf23b02766912a08b1f4202
SHA18392a857b5a54b27bbb84cfc300db9251e370e90
SHA256b5eb4523511f8fc715f3acf73cd47cfc557ab81e28fb29f1da5135e257e36e0a
SHA5123d8b188b5975a42dcae2757e155d9ed17b9a8000582b31c888b3b8dd1192ead014d1f50cb6d262785dbc377d6ea653f84cdb6fb71867834fbb65da9e5e073831
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD5bcb785f4f9338242a9303ddf485f2275
SHA1b8ce17d46cf314cbe519c70f19ea058748dfa6b3
SHA256433ea8d9dfa4acf78603f6342d56e087a0bf59d47f5e73911e1028cdb6510881
SHA51227a3bad9bc92e6c8c296d2d870468cb5e9d948945186bb23658ad25b2730fb19407815def17f12d833f3b98b555e75040717681b03c74b2bb78ff8d7d086ae84
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD577c0af58e30a1730c5422a1b6e364253
SHA19be10ee6cd21241a9dd08c207ee92732e7ceae49
SHA2562141f22d09ea2f8c24a697ca26dd3b48781793bb51b05e282765527e54f70662
SHA5126e9633d5433d4c0d4e4f4705d15d6a4597bab50631be3a0d82e107240de19f089e9951a0b0a3704483db208b27b386935fa826f1ce3fa6be7beeef590b3caffd
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD50cf4a42f085b5dea3d6b28cb89661a5d
SHA1f9a8e5a873fbd665e7f1ca4b0d5812c1291a60a0
SHA256894a73abf0fe8f9ab46f6f338a9413e67bb080917672c52609ca189112ea6aaf
SHA5120a15e208a15d9dce0afff2483c0b285d849f952137dacc945d6696cd4cd3b78f32341e165328b5b3e27f27f197bb16ffa252f328b93d2eed3df962d0b66a3fba
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD5fb377556c1c931ff09d7c70af1c77908
SHA1195184c3977171223ccbfe9a6dab65445252b786
SHA2569da34d8269882971ab457adc68554052f2fbef11c1c8bc99f5cf9b933705406d
SHA51222af8a2e838f992afd1e3d52091af0d183de0ccb3dfb3b52637244f944b9b0d489148b6b5fa30acb48514755206f51b8eb50b9c41bc59e01b632667803dc7397
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD5e8317fa07c64bef5cac891a3dc6a9d59
SHA11fd5c57d3723b8f74dc135bdab0cc82cc871b4eb
SHA25660c2d8b0345f9a5b891a76a68ace7ea167370a46f7cf388e94ba642575e6e10b
SHA512a9fa8edba5bc2a0f2085c83ee9316edb70ed52d149a6b990ba0c57514a0188e45721e0e6493405848d375a42fe52d9316b6af1b1d270a087f6ff82ad2c9dfb60
-
Filesize
153B
MD5a96b439629d12b58386b44d0429c5080
SHA13d075fdb21374a0590b81bfae9ea2b4a0ec5babf
SHA2569ddf8e826cbe0c09bb28b7ac78f434148025efea993e2e755fb26170684644e2
SHA5125b02e8661a73a18e5f385a47c31f892aa3c986165dab82f443852c2fe036b4e8f90762728b722d8fdaa61d3564c39c4576c9d01ebdda1fff423df6864b7dbc78
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD5a9382c62386e98de2244fdc80eb7a849
SHA16ca8fa8850f9866cb17a6e17756d699841b2264f
SHA256bfa60f3fafd814730584d59fd143a5314d9185b8c3ef8c0659fc472c4fa74a9b
SHA512f3cf841e2ff518790872b8b2baa046375fde90d12eb3d1b5802bf3c4539d83e72e3b401588e26c1a264b2b4918d80196a3e47585912be1957e04d25028c8c398
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD5ec3e4f50f13c9ea74224738de68a65b5
SHA14155c916749912ab7a5ec9f48a1a31bca36c3bc9
SHA2565983c5e1d0ea6dc77a9dcf1b4f635105638be92faeae47daad20ec16f273e772
SHA512a57bd531f5eeb19156d135c0dba04538f9a310ff828c3d4a2beafa86d7127f66fd5507b34cebc45d7788a6424a4fe3eacf38837219c03caf84e12f73f7b2e015
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD582294d1696aa09da1cd72fef2192dc5b
SHA1b44e8a13691a0df5087831ab22e28b12e7d75c24
SHA2569431979b4da02f7892008e650b24decc1cad42e936e0cf9169d1d7a9720a0b1b
SHA5128ab927d06e435f0ebf7cd7576ab68a270d27aeeaa9af4534c5e1f431d74f522e40100d1a93040fa8bea2eb77bf472dd225ececedfbe469b16eb283672c3a30d6
-
Filesize
109KB
MD589d33e2aa7cb208f19280b550d463ffd
SHA162a7af115d466d3312a0c859bffa1e5268a7db0c
SHA2565f0be6d9b51ac6d488eeec1e47dafb781f8c0e0da490d9207294010c1b07fb07
SHA5127f0a1741b2e4b43dc8def1e33f23cfb51042d2286928fc01d3317f9a0a2c25fa31c007021729d6501b649de7dd31b172df12a9946b59759628130a19e7f5a153
-
Filesize
172KB
MD5ab1a77e1466ef5272949fdbd1668ca81
SHA10b5af018f56a232d04c34f7950be2e92e7a4b344
SHA256b6338cc720e10837ef1acbf11f549a374f2306ae94c2025b0e324c6a3ed17daa
SHA5122e835d0db9c416d2a19c9cb76c1525688d528cfb6ae6facaafd1f3c2dee29e623ec19ab77f5b1b485bcbffaccd0f3294c2eadcea8d6d30fe71033e7f39045f54
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD53ad418d3ea5bbecceaa50dd5b139216f
SHA17c57dfb117773c9dd49ed2f92e58bba1074e0fb9
SHA2561cadc99f3b0da8a669734aa12e1ff1c46971797d30aae98c5ea45cd09abf5246
SHA5127242d34055d391b2972905069806ebb2e9477b18c3f40a386c9599b677445097596da85346db009b50756f8f61cde609ac708a6d23f41ad600e0368fbfc57f0f
-
Filesize
21KB
MD5101a982a66bc64e22c58e38e02362823
SHA1241650320f3294e4237378dc8578dac7583459ff
SHA256c73e6ad6e3b1c149dc544c5aa3dc9f24ea89f7b9f420ba25967b78339ec599d8
SHA5123393ea1dbcc92f11ae5c94a44c243acbfac57ffe31ea7cacd6f28838c6746051d5d0418b0f7b68212056d1cd957e76d5b8e2f0684d4a871712ed7a369dc5b4eb
-
Filesize
1KB
MD5119e63cf53bac796db4e26f5a0bac395
SHA11353f75e948db9348ba6a63a132509e900ed5a00
SHA256fc08b263507b368ca9990351028dfab2ac7b282a6ae8b65944e10bf44c1600c8
SHA5124a8e3ae25997c600b6afe327afa03e0a8794ae78f9c29961a1eb0e9c47694a7143e602a7b071bd61a86f77263cf2536031fb656fff8848c7723877b4174322ad
-
Filesize
952B
MD5e8f06119ab4fd3e5b7f7f4ae7b4d79f6
SHA161be9e0d0ab3d44245db6fa66485f25ea8dec486
SHA25680219482aa6c313de95bf50d281f753dcaa06ca982fb549b54d54daf163f3bc7
SHA5128dc9f1332f3dafe901999a5d6477faf06e5c05c635d30fea3f118b00d3a240712abec994daed8cd43bfb2ea966440d30582c00251c29e251c2e974c7f60c1d06
-
Filesize
121B
MD51ac42b78c191e1fb9fd05cc1774e0e78
SHA192d1dd4294078df956bedf3a9f57515059b0ea7e
SHA2562c1a7ea570bdcd1cd2f47a0f1855e5c789c146ded0005823936172bccb902c81
SHA5126fe87c3765e6a08b62e2a1c0a3f353c00bf9edbf2ff4fcd4e86888f4b72f286a92e52c8819cfc56431a68176fc0d47335dbe68796d91767c4536b98de544ed55
-
Filesize
1KB
MD5fe21277ff226eaceaa7dfbb51bb43d3b
SHA1af5aa14d88001bd33ac068881cda879d873e5446
SHA2560daaf3fed089a91701a94e49a0b3db8576eb98e871b93511709ed3a70c7c5058
SHA51205aef4a575fb80d84347a5f92ab24eaa708e3a3c050a4407c59c9ee75fc8c57da6517c13ec58c6810405f81c73215b7cad679e2760c2a3da36680e53e1804a88
-
Filesize
8KB
MD502ffc7f525645748fa3f2351dba05eac
SHA1e7b73deff8f710645d0520cd97aa51647fa8b758
SHA256c087420effe25fcd741be70505cfdf4fa444d89a9660a204b3a117a294f139b2
SHA5129e7b8c2aeb451f0ffd405f41738cedc89bd1aa25a5b43b3ff25b91f130366e4657abeb9de9bf3de5e6768f5f0603e6746da7c4c0b2a67f64e680ba023ee30563
-
Filesize
914B
MD584bcaddec122eb11b9deb168c6deff82
SHA1a123ead13e279ddc0502ddf26284567422dc6745
SHA256ea76ac8875000821d32f8f54d79d2c62150f6c12fcd7c427f43d89cec9a3f9cb
SHA512aea91481ee2b41afea98bf59b040a2391daae690ad2a949eb883f7c09db92eb1a3e2baadc3cbde13517e791c3f888295c23f280cf7111d08398db860abce0e3e
-
Filesize
90B
MD5428c2d5f1ecb7b111044993ff878009f
SHA1c70ff483b3bdc8dc6e30bfd21dfbec7d201302f1
SHA2569fb17461ab77a35cff47aa2318c3ad99935ce1a2ce168f9c86c12cd14952fcce
SHA512b138cf44d9b1bd6bcd98fb532009092e8543f102c70de4059034836ae19e88488d5525e2cd3c5b370f516e356bec8c3700ed2902c2972d61df3495f80512e416
-
Filesize
90B
MD5cdfef1edf31d1bab1af2518e3b98f8c9
SHA1567876cf67258140096096b72287efb865a546af
SHA25669891714a41e6f0df29188f1ce8bd80dce8983becd43b3583636ff754c15bf69
SHA5129ae36a8bfd9743536c0652abfa058c74213ffed64cc84b08452173fa105afda2bacd15d6becacf141b20ce862a9725b1cd152d6b8a6bd0a1add4686f5a6465d7
-
Filesize
328B
MD5050fe4e44489d03b3a36f3994c00c8c1
SHA1053e35852fef4e63973785c84038c2d4f0a508f3
SHA25601c2afae264c7e89f7b8da007f1482621b1c67fd84eac9a1c278ed75d060794c
SHA512771efe9b800711de33f47d8fe82651692555268b78d0a8295a4ff2d2f857947c18dad303139a7f6515b54d18a17a1af97ac4286f2210236dff22ef956990448b
-
Filesize
1KB
MD5a498fd610309efb783d03a6e23d74e81
SHA1c7e373bde40ad36aa3d711361c4555f1fef6162a
SHA2565a7b108c1bbbbc02a12a4a00277fbd1423cab809fe6aa4b7824eae50b7739cef
SHA5128638ca7e30d44dd441d5b53909672a8a5c657961dcf32377f0bb9f7a8be35d3f5ea80477d0783459ecdafe619c9b7aa0d38bc598e0a3ce158e6b78ebf743d66c
-
Filesize
162B
MD530c1a10c91f365c5f1bae601008ac134
SHA17f52cd534d0307727193a291b2d6f622258ad02e
SHA2563684415cc8dc15cc5f218d0416111f8961eb0ed5ba1ac27d0a2e6a046f74001c
SHA512cd6334bd12029a4062bee0dc6dc25e8ce6c427bbdd01b61a9df8c4dec6aaf51400c7228798e584171e6d982d8c826f246d68a5bf4a3bf760e8670fc657325762
-
Filesize
586B
MD564950ea1a2cb81637ee1cb5ce39ef63a
SHA19d27458a4b07e20767c0e652b68f8e87c41a2598
SHA2564ab193451cca62a08f419c30f115136b014225564a44cd72173db4fde1438a91
SHA51280c6ff6a45890f660b33a044a52d21d0ee6768757191ce48e5672a5d4c37dccd134cb6c59d9c6cf043ddaf4b201c0784a6b07e47096f397bfc04324633258125
-
Filesize
124B
MD54920cd233a882074a9187a89e2ba0aab
SHA1af4291d161d33d7a0921f7542feeb73af9461ad1
SHA256a8131f403b26e47c730c21bc1d5524c99936f9dc8bdbcb69a3c233019c1b962a
SHA512cdab2d066cc834a476d0158dcce15bc19071759a12e87622e4c52acb75d6b14dfbb3403b42b008b11c7d604a3a27ad244ae72e1f54d82389e19d0a7725f3ce88
-
Filesize
8KB
MD5686385a8280630edb4241ef667fb26a7
SHA1d75b5a50b8a1377af27d6270e673d5383b8c5017
SHA256332ce32a37ea9ff1ea604fcbfd13da81c1b3e3c304f90f0ceb89a627da443590
SHA51295202616de0ae5b646c4a29dd0bc44bb3b1fabd7f755925984315b7d8393024cbe04ffa245abe53b32d618610995bfca1225202d3de10d6ab30ec53d0d70a7a5
-
Filesize
880B
MD5905185602fc85696291f7a4c2c08dc77
SHA15ae3f0cba65b21f25c9bc932c863e21b2aaa7547
SHA256e77d23610d7205bc448c3fe82315641ab00f08e5384d04e2758e98ee29290341
SHA512bcfa6db4c17296bb26e508e2d16a0b4335add9ea0a94c4c0833ce7bb5260e79b0e66c6dfe005563a1a92eaa6b4231daec1ec33d46453fedc8d6157d6815d0827