Analysis
-
max time kernel
121s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
04-12-2024 14:45
Behavioral task
behavioral1
Sample
c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe
-
Size
12KB
-
MD5
c3066d3a50ac699c018baacc2eba38c7
-
SHA1
10fc03945741936af5c3392bd5f77b47ebc23c44
-
SHA256
8a7c6ae143a867e7689d23b6f9f71cc06387026eccd75247466da569cd2fe1d4
-
SHA512
f80e44e362649aa0daae3f0c531e9e75f59dd4c458775b08ffa334ee7944a3f8f3d9649aa193a00c9d9e29ed4fcc659b29dcff011b7bef16a6f9c443759bb7b5
-
SSDEEP
192:p/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjaGpsHcxUw4h+lfPtRM8iuamJGr:pebFNw4Pk1itKkpAjjJs6B40W8i
Malware Config
Signatures
-
Renames multiple (2214) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5YnhhmOW8anU2VH.exe" c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Windows_PowerShell_2.0.help.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx008.inf_amd64_neutral_75545721835fd863\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_If.help.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_regular_expressions.help.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\Dism\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_For.help.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_scopes.help.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Return.help.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_environment_variables.help.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_neutral_f8bdd2cbac28a8fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_neutral_a7f5d9f34b621dca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_trap.help.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_providers.help.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Path_Syntax.help.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_pssessions.help.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Line_Editing.help.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\iirsp2.inf_amd64_neutral_9ed65fe0bab06b1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwat.inf_amd64_neutral_213e93b5ced8b0fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmct.inf_amd64_neutral_15bb3ed734fbbeb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmomrn3.inf_amd64_neutral_a87289088ec2cdf1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00f.inf_amd64_neutral_777b6911d18869b7\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_format.ps1xml.help.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Comment_Based_Help.help.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmbtmdm.inf_amd64_neutral_2e4da8629fc5904e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnkm004.inf_amd64_neutral_d2aee42dc9c393ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\ar-SA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\et-EE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\com\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\1394.inf_amd64_neutral_0b11366838152a76\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgatew.inf_amd64_neutral_84eee4cc19fd00dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00c.inf_amd64_neutral_510c36849918ce92\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\WCN\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmusrf.inf_amd64_neutral_439e7d1dcac00aca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmusrgl.inf_amd64_neutral_d42522943de68905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_neutral_d834e48846616289\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_advanced.help.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_WS-Management_Cmdlets.help.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\Dism\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\AppInstalled.gif c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Variables.help.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_FAQ.help.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Language_Keywords.help.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\SysWOW64\MUI\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hcw85c64.inf_amd64_neutral_96b71557b416d04a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky005.inf_amd64_neutral_8836be987024e6a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\7-Zip\Lang\ba.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Program Files\Windows Defender\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg.png c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\CASHREG.WAV c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\settings.html c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Welcome Tool\IconImages.jpg c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21338_.GIF c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\9.png c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\CalendarToolIconImagesMask.bmp c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_OffMask.bmp c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR30F.GIF c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_hover.png c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\settings.html c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\GlobeButtonImage.jpg c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImage.jpg c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\add_reviewer.gif c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VS_ComponentSigningIntermediate.cer c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\PREVIEW.GIF c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\HEADER.GIF c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\InactiveTabImageMask.bmp c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01478U.BMP c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14532_.GIF c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21400_.GIF c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\WIND.WAV c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\end_review.gif c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern.png c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21299_.GIF c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR26F.GIF c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\CURRENCY.JPG c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\7.png c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0287641.JPG c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02754U.BMP c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21335_.GIF c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_mid_over.gif c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Photo Viewer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14757_.GIF c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10308_.GIF c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14768_.GIF c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\amd64_microsoft-windows-f..-heap-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2f8f2f031fd3ed16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..shape-rll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c01c2904f944260e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\msil_microsoft.web.management.ftp_31bf3856ad364e35_6.1.7600.16385_none_2d8ee93c3959f1d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-h..p-provsvc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_15d2dbee6e2bcc6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\164d9beb2bf9b6160593f915a2d9aa6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.1.7600.16385_none_da3b5e9090e80564\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-rndis-miniport_31bf3856ad364e35_6.1.7600.16385_none_3d23a154a5966360\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-shdocvw.resources_31bf3856ad364e35_6.1.7600.16385_en-us_23b7b32e73eca54a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..lorer-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4e62c1e879bc4e05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-p..ab-client.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_60803306b12f3e01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-mreuse.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7101885ab508339d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\403.htm c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce\Windows Error.wav c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..tkeyboard.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d0c91c6829ff58dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\x86_netfx35linq-microso..data_entity_targets_31bf3856ad364e35_6.1.7600.16385_none_97c825879dea5a84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\Media\Windows Logon Sound.wav c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_hpoa1sd.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_37e76787847804ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-e..ngconsole.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d84812f1bf0defb5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_6.1.7600.16385_de-de_850100436cc18a89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-autoplay_31bf3856ad364e35_6.1.7601.17514_none_a8a9e59f4bfef126\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1\blank.png c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7601.17514_es-es_b0a402c879512106\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..-escalate.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ad6cea24cba1a390\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_85ecfd46a904b22a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-grpconv.resources_31bf3856ad364e35_6.1.7600.16385_de-de_44419527bfe271a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-g..zards-mui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0ab225f359f5f4de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_6.1.7601.17514_none_09ee9e0dfa2c4fbd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-o..tend-apis.resources_31bf3856ad364e35_6.1.7601.17514_en-us_fe0a300973cf3a35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2f0450e0d355cdbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..tservices.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9c272c9b1f341a7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netfx-mscordbi_dll_b03f5f7f11d50a3a_6.1.7601.17514_none_fcd566500495183b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnca00y.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_931fa6e8d461efe5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-d..nese-eacommonapijpn_31bf3856ad364e35_6.1.7600.16385_none_91ca0158317764ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-e..atibility.resources_31bf3856ad364e35_6.1.7600.16385_en-us_85f4a683e5bbc7be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-i..onal-codepage-10079_31bf3856ad364e35_6.1.7600.16385_none_26c8c17d283a97be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-xwizards_31bf3856ad364e35_6.1.7600.16385_none_77fe6053a02b5dc7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_iastorv.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_44b449fe9bd5c013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-a..structure.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e665c683bff7ef12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-dot3ui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0cf656045fb19cc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnkm004.inf_31bf3856ad364e35_6.1.7600.16385_none_50ff82015b97b704\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..p-cleanup.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fa3ac5c49589f64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00060408_31bf3856ad364e35_6.1.7600.16385_none_1907606a2b508f38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnkm002.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b6a810c932466c0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-mssign32-dll_31bf3856ad364e35_6.1.7600.16385_none_ca0a23a23bc12926\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-tpm-tbs-core.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1015113591b29ad5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\Media\Characters\Windows Information Bar.wav c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_ipbusenum.resources_31bf3856ad364e35_6.1.7600.16385_de-de_64bb033d23d52278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7e7f3bd0c60c7e17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_6907efc6abd0db81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\msil_system.data.services.design.resources_b77a5c561934e089_6.1.7601.17514_it-it_20a79342ca74ceae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\x86_ds-ui-ext_31bf3856ad364e35_6.1.7601.17514_none_725495895dd6c054\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-mprmsg.resources_31bf3856ad364e35_6.1.7600.16385_de-de_dbc557144037871f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost\1.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..an-plugin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6b0d0584b7c57262\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Web.Extensions.resources\3.5.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-a..cing-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_01a818ccd3455d72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7601.17514_none_c083f7001a25b301\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-00010408_31bf3856ad364e35_6.1.7600.16385_none_f3c4b68fa2dbbf16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\45ec12795950a7d54691591c615a9e3c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\trad_m.png c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..ice-transliteration_31bf3856ad364e35_6.1.7601.17514_none_b6d304bf3d6d523a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe File created C:\Windows\ehome\CreateDisc\Components\tables\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IGBFVPYJNTPCBSB\ = "CRYPTED!" c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IGBFVPYJNTPCBSB\DefaultIcon c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IGBFVPYJNTPCBSB\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5YnhhmOW8anU2VH.exe,0" c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IGBFVPYJNTPCBSB\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5YnhhmOW8anU2VH.exe" c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "IGBFVPYJNTPCBSB" c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IGBFVPYJNTPCBSB c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IGBFVPYJNTPCBSB\shell\open\command c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IGBFVPYJNTPCBSB\shell c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IGBFVPYJNTPCBSB\shell\open c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\c3066d3a50ac699c018baacc2eba38c7_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:540
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
282B
MD569a98ef655778f1cb3764a923acbae80
SHA122683321e95c9a631039d15fc49ac5d3e639ac54
SHA2562ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2
-
Filesize
341B
MD59ce57d07cad6cf1a4cd937c1e028af8d
SHA1dc6ddaa63e8f124585afb6bf44713fcf1eb467fb
SHA2560804b880a980cf435de7d72dd51082d0b21fef5a33c4a86b8d064c7d117c6cbe
SHA5126fc13d6a2ffeac9b571fabbdd233024acd2d56f5366ee246c3ba3bc71c0b85f4401c1cd59fedab7f9f3134493b9ea3c896f16857386db56543b131328711019d
-
Filesize
222B
MD50b3a9f56c520e24390ef753392718b77
SHA16a6c450006a70f765d96a9ab306a5d7896d55be1
SHA256df3dc95686db374696f585105bb5a2acdcc118442709bb2ad5f3638a5d4f65cc
SHA5124d1f60a15cd53af1d9e78e93ded59c9f2dc406ee96190c42540da0d9af5eb1f76f28becad29f4522cacd98a874ef39ff482210f1576385ce7dab6650c3a157df
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD503a5cbfab4e2b1eed92d8f5a8769b2c2
SHA13b60ca98ac4dff494567810ce2ec4215c2cd916d
SHA256605305fbdccc26d693cbb79f965903fea17b042034228dfaecb5eb5a649aea0a
SHA5123002058ae2e5cc71cb4469ccd340689c6790abb8f33c09dedb46ae6794d2fc15feb314c499c9f9ffa8b3a9888b0005cddc8ff934be1681527609106e4f6fe09b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD5e662383c61be8793aec1b7403924aa04
SHA140bd4c2bd8a517826acde8b7765732f66688a5fd
SHA256a3d1a52688fd76687bc6ce9af7d327e387a75a2314c506325b714c6bf49eb32c
SHA5120229ef64ddac850524aaa191b03bef228b976ee0423f8146b3bde85efe18327249527bbbf3278acc58f22431d9f3ebe7a157d7534eedcd2bf199ed69d0a10d72
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD574ccb4dcaed8b46edf432dd8461a56d9
SHA1aed7da78ea3bea3e9b041ac46d826360c24ff7d5
SHA25605f9bdad68c80fd0314fc39d829ef91e190e105841489f2daea93835fb6e6648
SHA51249a73d1290a7195777ad0679a3f8bd0542592e97fa60126174104d83c903b8f6d36b274cb17eb4e19926bd8a846dbd49f1b324c03323b8a8c5dc785ef4ea1181
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5ac0593446dc28452f982fedda9ba4abd
SHA125ff450c218da065004ec8a5ebf686417344286f
SHA256809615f1d6ee199cd0a77d66e21b7f6774c0a9c45b6c3be158a7162169865bb3
SHA5120ca3e8712dd24e5564c2fd3d90f8375350dfa3bb771932c8d9c430ba03e4611caa6bdb704feb797a765378cf505c1174aa35bf3d09a96cc6b2ed02160beb9167
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD5b1a642ab06de57aa3ccdf99d899a1002
SHA1b2421024672e5c442852d6fb507b10b3f7f5cac3
SHA256da03613ef044a9c0b0479f58a88cd378e288ffffb3df6b419d108822aba3c5b7
SHA512c8d398083b591745719acdabe7cdb3eb866bcb030e8781af1d295a61386253f854369686ef1ab69b901f54c4d79683bb753b699aff5586bf3cf39d88687a39f8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD5590d8800ff280e749c05802c0dcfc10c
SHA15cb6971304dc2930eedae0baf88580567a6b9ee5
SHA2564830dd3c44b4a40ecafb651f7aefe366ed97424c5184d2ea32aff20342d58f30
SHA512263ab4df67147bec46da98194917aa87f8b15432de175267ee69f9d8803c5e2f76903df2b64e716fa681d7012be8aed22b14cf7305f023f6f47f201b681fcf62
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD5550bc2dd1f5e38d520e60fd55c08184d
SHA1aefbea49fe0c5a5863e916bc019a703268fb0d25
SHA25631695ecd1abdc43cbe916f9e61c4f051b219d9bc18a01c17a0d6ced429a9bb21
SHA51258782c93685e7e8501e31d2636c474c320d636a21ad2f612c65339457ff1b4a511676d2baa116be49bf6b62bd9f3999182546207a028765ae7b64a9cb8569b86
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD501c7bb0c9a360c4a5674d13c6a2d6450
SHA1642f47c9c57099a730048c1c8d05deb95fe9df35
SHA2560d4851de33042d885e02c93a1ef42b9e3e021cc933e5388c05a8ec784fadc3af
SHA512b0df50f376bd9287705df5b103f9545e30a11e0a7eb8d4d3ed6cb25ff1297eb2ae527ce712107bfb09636ec87521706bfe9050637c9c14c06757cedc639c9324
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD573ac5ce9a2a83ccda747fc52b28babb4
SHA12083369871768036b5fdc93ac020b4b6cf47042b
SHA25604b71d8605b65a070c255fa0a34a5b62064624a74dff69cc06dc80d1ba690a92
SHA51230e01f96e753f1968382d50c04b9ff3b768724240765dfb42e31a0d24fd38160c3a0f34e7c2fef1f59e59eb80fbd95fbccbbfeb0775357603bfa54069ee33e4c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD5fef4f87809c156f244dc0399ebb654bf
SHA1b51cbcf6720ed658f352d340d2e6030c26cdd7df
SHA25657136292f96859763e13f17c9e59451b5b31b8dd3471f27cf495e115cdacdf97
SHA512a2ec43d1a0509b3ee9e50ebe9adf27245bde8dbe7d13e4934c7d274c9b0dd86e5bc9b71763fbf1ebe0ca5de4d544c29825607da718dfe75efe4ce0655a84959b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD5bf4ecc2d876c2105db9457b248db96ae
SHA15a420e2b6c90b0946b1eb123280a144b0f44b25e
SHA256b96103e44b3a425b44eb85c044fd54b332edd0a1869a7a2cfffaf04b10cc32fd
SHA5128bbd1497c46c3fb39a13a152c079808db2391ffa119734dd6f0440c4dfbb9c26e1e826456e78d8e7caa76084f1db89aa2a096ef4ee6361ff6fe83ee0eb23c07a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD59892cda55a4fee1c2110aa47f1518349
SHA1d1d054382cc9f049e982881b1dc3b96b55b1371b
SHA25678918d96184bb4ff9f2fe19106cebd3102ba9b3b1f1b75fa36126e11ce2c7aeb
SHA512c4986477287edfe910128589ba700df0c56632d2057780413ef84b7cc27eecb9d1bd4f53674c62e8d3c867d227b44749f1668813cb19670a93c6e1895f7ed56a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD51175aee8cd60088603ba4daf9416b359
SHA1f8898f10d182c4e51bc8ba2e95194cb1c0d095ef
SHA2565847b345240c8b3ec354e673a4a73f3f3794ae0fef44a4319fdec6b98a68dd37
SHA512e52f40976d806a8bba534b97951a735a77fa3caa398519942b109c922325faa095c09b097ebc33f229f5779504dcebd95f2b380c48233fcbaae0c38c6124520e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD53d57b3a2e5d4a1f1d4d9c3a21ac78fdf
SHA1a9b16fb76091ef8ce7c991dab1c39a3316c35407
SHA25611c5354fd8922977b4e87b08c1faff73d7c9cb5331930da7dcaeaf83d1b65b14
SHA5124749967ac13754bbee8497e0d3e65702c1af5a2738e8ab3c8e336b51b42a81a7ea9d898f9d96bd3286876e3998ff223a51b674e81d76cf620185e4dbe8d27f1e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD5357a9205ce5aac6defb541f4a1de88b7
SHA13c2974b0d785f54c43b411ed4012e8a46909a855
SHA25696b1a724d5bba6647631f87b43c73cc28a17b1485e9f247f0d5350088c3855c5
SHA512a3c23a79959270ccf5aa744e016a0f4bdc0237f00ab792b08c39291ef229706fdd2ce30d7ab3daac0225ade7d0b52c2208038c3dec148bb1e1988dc20b8bbf2c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif.EnCiPhErEd
Filesize6KB
MD5916359c374a08e440b9e3489d661bb92
SHA1a11af3317a07c439577f7ce6e4d624d57df8a40b
SHA2560323702ed3fbe0deec6a56c36474f9c88db338404fc747f9bc1d58374b2844ed
SHA512d239dea40e99364dc48d9579a40f1f4f5c9d56eadd0049b2541cc826d904094230e4fd19f2aaa96d71193035bfe5e98e800b44484000baed7303bc9a11aab4e0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD55dda063b04c2112939ca7bffd163c637
SHA133d620d6ecc335749c54f91712d1d871da521667
SHA256b1a2c13f32345d0ca7aa66586e711852cc3056710e749a25b82a597889a5a5eb
SHA512f9b3c773385b41caa705808c73bf39ee58c923b547edd4aa7efc1837f250607e1f93634f1f3c0d6c9ae17feacffc61470b7ecf93842cbda0e5f1480d4a2e2704
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD5867b47d59d5960749516c14a63e36614
SHA1303289d12a79c665a9d32e2586177d46c8585c94
SHA2560e7c4524a7fefd8977cfde4d5df691613ce82402eced7da000c9047dc753ace9
SHA5126418c7919098be9bf0fbfdf6db40da2f2951bb0151dee0f02adcb5e0b2f98a066273cbaaa3580de8aa9fc7504c5241bc68eb5847bba820e398fcceebe3c503a0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD5efb705c328ea193381d4287955939b58
SHA1797f81c7b61ed04937ca64ec90ffc4d8dbf3cbe3
SHA256cc2e0a0777b573096a18efdb5f91b3590e2b612a167106221d975488bc00fb8f
SHA5121f87768f0b651e760d6b3df3c0fb14a9f397b245ba1dc7a2e395976a06729711c9bdbcc151746b1e8394210031b841f99fa4a733164d58f76301a233ebf4cbd9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5d6b91394e3940a5b6ca40b1611a07fac
SHA1995fd14a70b7ccdf5045e09694e888ac841f5d3d
SHA256096a153c65204924c8762e45303327b3b0fae3fd763b3c382c447e3695f805a1
SHA51246711c10385341451b35201ea1353275c0ea7be9c0e3d7bc3ed3b8ba5cdee3830b23fdd7559d3b5d2f416e5074601d707ed4444e494121d298281d19653beb63
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD5ef07122a53e040f1eaf194c86f9af357
SHA1114fa562559544b1fe21dd838195be279563dc7d
SHA256ef96b9147ab3624759efe310ea1a889ce0a6a2bad1e110920ac60580e9ddf8d3
SHA5122c72430e04e1767c2a3cb4efaee0f2b9a72cd19d9bafe16628235271a058bb65ba97febfdc084738fc53fb2acfdb3e8a66638206200cb0a3d091128c7bc5974c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD53b24b04f98b8c35e30d0eb1462524bf2
SHA1bc56062bb49b4fb5a4290b84c763ff5f3c51877d
SHA2564683416c64cdb6e7c04264dc3fa6b3808f7ce6306fcf4f161a803ce4e034fe73
SHA512637808caf01a2d1a9fcc070f728a3775f172ae8c9113488ce7ee0f59580f6b3be56e62d84848635b521868b1052b14a56a8381bfe8f22aef5644608d45c477fa
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD5918baa675876776788aea180642a5ade
SHA1c82eba1a84f9c0e9f9460d57f3b09aad5e73091d
SHA256cc4a7ddfe13fde96ace0c242610af2ea5b35f14f600f034418845eec8a5fd99a
SHA512866d5cc0ac4c87831587535f08a33bc20a7be5f65d4a594b65767deeb61e6f549281fa489be038883ff9f259b97f82723944f0f942e4e700f0fe9ebc2672f752
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD56f02cbe5fa5162633d64b79993f00bc2
SHA1c0992e45fe53c4c21c2dc6a84fe42f627e2655a5
SHA256a4aa661a983791e3992d2d5acb0c65e728bcc972a7f34a63361ee3b2abf18840
SHA512a7ada5d80016f6a2d567ba32ae2de224c35bb88a796b389d8ce91bc1b0dcf8fbc7dff3af5366c49eef6f2cddac11eca18e4b8c77e0b12694332d82846cc6a570
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD585a3cf01122664c3259b5759340fcce6
SHA182f89526e3f0b711cacabc73958438a460d52c2f
SHA2564a86d8301788ee80eba64cdfba84ae296df846a3f3f046844d0cb92bfd34c539
SHA512ddcecb9f3ae176552a6c2d7a7e1e2a2050f0eaa07ca65bd5a141ff4f1c0089776fd6a2910be732f8c2dc2e4ccf7b16c886a61eae842bdd5b2c4100ac5b3d5ee4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD5a522a1c11aa84a7c3bbe1832a9d1eccd
SHA11eba6521752de5a1d3478ff33a3a5c5d06f751cf
SHA256f849c68345e657d4395ecde57ea510b309e38e41944e793012ae3aaf263359af
SHA51255875ceda6c5885413fdc13ba9cddf62f6b67e4c60f136f4cd5f484b86d9f20135e01f9e5854cffe396e9f59294557e44b53e8a04c6f13695b468400731a9704
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD5cb2c5b9d5241a50068b7318f1c59a903
SHA18cc09eefb6e6a78d3309bcb2ad5766dc3cec0493
SHA256165b654d72391db66ad9fa53812d25860c8832b84f05c13bc08c370dae574181
SHA5121129384a9543345c6d6c742daf31c98ef90498ba50be3afce6c07fb544289ed2b2617dd49b53596cdab9b343174187084a3c54e307838006bb0b071f236bb893
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD51a98aa940327f4fdce020e16abfd90f8
SHA1703fa63c1ddef278fedcca9e1d9901f44d65e74f
SHA256a3134e7f5cd7e3c3aa174f3bb33328f0067a379b00b5b3c15d67cde31a627811
SHA5120c7554264ff31591775a9d492276a2b22154e5556bd5b2059840afb1d1fdeacfce1663cd32289c3c48a93c5037488737e3dfc5ce9b3e75a80deeb625309b5a9a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD5ce469438ccbd3da57e340ef35f038813
SHA1f05956643873ca022f50a0b2cf287078d800f1e0
SHA2560f747ec0886d3da02ebb008268e262b439a57e502a2b9cbc4c4c5e1ec1baa60e
SHA51240b17ae1c0dd8cae4cffdc7117489bdc1a4e3acea4ddd7b09ad34af27b3050acc2e088552b7016e04a7171b6a899813f072a0e50d60f89e6b76e92b5a67d5b5c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD52aa21d21dd7c2e79ba98592a01bf64e3
SHA18559acd86072fa21d188d45e1f38b61baabc6997
SHA25653a179bc81621fd2dc396f8eb33b7c158e15e0e52b674ce39c1e661709e9b240
SHA5122eb8d034164b63e61af74b1e7666c087830f833122674313650397cd9df4643a1f6dbf5dfdc886817c8a07ee06cd1b0f50f6f52d3e371c8092568bb4ad5142b9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD54e4992c018d619168054ae6a1a38ed1d
SHA1e68bc1f96313acc52494453e820592a2bb74858a
SHA25654e6129f827aca1da69e9315adb4561c9b33c13209dabbc826942bb6258e541b
SHA5125f5214915367982f19502814158a60f184239af2d2d3bef342f1299e4bf4862ffc2e328118b1dafc92238dcc0c813744bc66fadf1a8a0ec0dce1a9c21c250f7b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD5dcb37fd0652fc2202e3b07bdb5394ed2
SHA1e3e9e6e2330ebed7ac8ddef6e2168f62119aba8e
SHA25648168411bd244c03b4ba920ea97343349529e57d3374b7c4a1d3dc3489bcb763
SHA5120da260effe921955af04e5dd3c888d32c67484af7b11af01b6b6c9c48c29a837272af1363ea89d97f14dc2137e3ce634c62fa65a500e52802790629c893ce7e6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD5f840aa6c946bfc1daa4932c4c7088ed6
SHA1a303e126da0a76ecdffc947612a834cc7c57760d
SHA25630bd73f603c9da83c00c29101a673414fa1bb33c29240d3aa3896bc44845e6e6
SHA512b98c3711d5d5b99d63a37e7a03658ca86027f64b32d4efbfa33f4867492c888ab3e350adc08c513c4a7ae56f3010e4d4f0a06428d2c4f522b27bc3983ab0ea96
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD5aacaa9687b2d0eb4c935ab831a754700
SHA15a09425a3c6ffc58f9d188430b32563c34b79e01
SHA256f962c64b76395939959fa8644bc6d69896547a0e904ba91c1cdcbebd2f704138
SHA512492085eedc08146facfaea0a5a6c796dd9918504817cd8fa498c3e142a02feefe911104d6855bc6c77efd29fb08d7a1d0dc7a13744a8dbba48a6ed809a7bc2f2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD5801cc32636696e1645196dfa3a8f050d
SHA15a2595920ca263aa60d035379b8303ad719fb2d0
SHA2563bc71392d7d55f17e5a92e7ab63a9f6e522e9317773e8e8b474478550cd3b22e
SHA512118f61a4666f6d0654e0092dc92fcfd8ccde2b09c847c463daa60ddc00511698d194e843f4fef261aa2b03f16bccd42b56b5ce16f4a68c65c7bb21ca456fa996
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD50168522b0cf2ffa0ae79540f6d56834f
SHA186399a98cd9341064d95d5a70e4d2c301842aa39
SHA25679d1c9c031510a237eecb1b4ff358eda5c397f019bc2040df8575ecfa9ac720e
SHA51230040f6c1a3407459a47951cf7b91c5b5b934fc9249147ad6ebc96e2221212ceaf3f590d2c2248c8a4070c4a50a28e9a29d71a5cdfd35460c0a4524d34af78a4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD5ad08accbf92bee1ad6b027d3e2453d3c
SHA1564696be1e896f22d655cc908e9bea952a7d3d2a
SHA256d65288142fa34cd3f9a72fd690af9c585b8edd21b806af0e26ac105554299069
SHA512011a8b968058a7a28162f4c6ef98854bc862585ae3890456bced94492106f3f3346a6a075b3109554732bf85605ee075251f403c213a620c15b5d5215c9e246a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD5619b88b4f7f6dedc916665c82b209953
SHA17b2a66e157a349fac87585d4aefde3ade99c604a
SHA256d16be5285197f24ff7e91f40bc0e2426440d99e22b1a8a99870247ce99616b96
SHA5124a4c7eb02dbfc3f49909ccc4c3bb551d6bf79203f9044a304b1c21d824e79d5aa0425d791e7c951d02825e295af0c30c71200590911eba8cd303651817789202
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD53d01a3b5e7a3952a3d7058a60252074c
SHA125ee2261d55b4013ccc3ce04e5ed87b2e5a333c3
SHA2565d452d0eb9456a7ba562bded0bb7c1530e942c387319f2f951ab61556c630ac3
SHA5127dc39aa6e31363b73c775e0b6d47a31e1c9ffd7ac66d657343c398a5cf1c6e6e2a38121d6656d7fbb08df1c1770c92b5b360371ba00e5f662d69828cfa848474
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD558f91ed2d9132b113fbf935d83ba8b1b
SHA100e62d5ea0879f551f2ce3b6bf1e4d3b0c8073bb
SHA2567866d26f6a3855cab544ca350f874c88782df3f6d2d4a3404210c3a98d786ffc
SHA51215273e7243c3c9baf43087c66527bf79a616c512f431f73c6e671ed59e9ac5a93929745604b398e08d5e4fd1cc4bbd6a20a1ed5193dc49f16f3cffd6d61ca436
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD5ac56d1d75513297832c93506ea3724a5
SHA1da373a12a5f9edc8140661d15d5515dfc15d5676
SHA2568c0321d1d96df7b12cb51c9d2ad47a95add7518827cf0c26d0a760c0995c45be
SHA51233951424549653ce2d1e8910e3bc3e92b0a78a951c07d0fa4a6bfc7210d9e95a48d4082955245165e9a516807876b4228b0ff7cef68dd1361b97ee1a3535b744
-
Filesize
580B
MD5da84d27ad449d16305bbaf8d1128cbf3
SHA1f8e35c224d549fe1f6a74f7d56af03f36a83cb89
SHA256c6f5904650d9f619181c1ac26cb943e78461bb85e174a642039f7f602f43c6d1
SHA51236fc8f4b5c21b662e854cce344eb30965b360f0fc0e9ae910ad1e09195cb87976a447d471979dde67b53b1aaa4367fd702006706aa31ef02149f1ece1614ff62
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD56291e965fb016cd55f9e43fbbb00a60a
SHA1f59b5892c0d4353d3e9bdfd897d6afa2e611a432
SHA256e74d4fcb4874a1b972b3dc03e6e89853c7f23414f8832c0bcd2495e5c8fb20e6
SHA512479d270c6e2b8b0127bd1fd762c75a3b0462fb03ad9ee3612683a0042e7088cedb90212ca13dbc7c685b747b87291bed49b8fc1e7e076fb36311c93c0658778f
-
Filesize
625B
MD548de9a2986e7b320f22926a8f9c9c2de
SHA1c7cf06e7413d561ecfd944768401b897666b8569
SHA256e4f5202926054f19f5d2cea33ecbb7b59cf196ff1e61f8e7cfc8f46278f3824c
SHA512b00b50679173760de99e0f8f057312eea394e0aab47354c107773cda0207dd9913a4776c22497fe6f825f4b3817577ad4421011b990fc1789c7dc433e15dbda0
-
Filesize
873B
MD5c44622d51a91299847a8a32eb2c32004
SHA1e91faf0cfecaaa441b5f32e555f7b0f632967928
SHA25662c7c137d6683ae70fb2a1487ae39d5601a32bd2ef4fc912d6ce6e816e991401
SHA512a8a0273d70838f3a964a6163f7f52316ff0e1f4ec66090816643a88cbbb443d21edbe6d1e4735ffdacfc2597e4be99acc9104a54e76b81ea5b3de2a38ac074f1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD56d16e0197266c6779277727ecde4ff3e
SHA113e203505557e8d3f5463453819b015c4da405d5
SHA2563ee7f8fd971e572244308eecbc3ee0cb97dc2f0bdba136f04dff4f973d9adb5d
SHA512f5ddbab8908e4e6045b67a8142ce1fbba76903b7e20797f9e544b298252531bb5afb2feb1c22d921437ca701d852a058b88517988f1fd730115b6c13e823e850
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD5c84aae972456bb19fc244b5889660ee2
SHA1b827e8f9bda6764d3a446f5b6b9f46a26d7240f9
SHA256db81723ef8cd8bba9dd282e8298d88771e42070aee53b53396c40bde1f8b3fd2
SHA51270ce4643c04577f198dcf800232a756a3581dda6be9f477d0fad0b71efc82a800ade6c43e1df822303cff2e8a0c79493681a91e840b9ce310375363648765cf8
-
Filesize
615B
MD53cc9d18c3626b8958ac0bcb418fd77f2
SHA1cc58aa80186b0b1a3349ea1838f035c565229cbf
SHA256fd8a553b4219cf9971c313708018236d61f7338bf28813adaaac607deb2d0830
SHA51203de90e734bfcafb850fc8d5f9890c59a34e0b63bc1dc9581e670b18c112094530104d7f8635331075b4a9947008e7fa8ee79bec8e34d0b8f0bf4a2ac4dffb7c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD59db3798b699dcdf0f0574491e565536b
SHA1921e1758cffce7ed9ac56b14baa673f91f3c1d21
SHA256d9b89a0d7c2c670cbe76f7bd3de2346bc621614934e2711774564efeac10b987
SHA5120a061291e7b947e813a550266350d4ff4eec9b11bfa336068c4ac73ca1b3c7e547616e4288c29dda11387fef5c79ff6d716e8c86ad63eeb793c95ce5627c5fb5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD53579de4b2a34ace8fc8f71f152f91a58
SHA141f866d438c3d4833c49b120443f2e9fc1ba3928
SHA2563e5d161c0c41222e1d5a0b66262f4b762614377af970c327b07ee179ff254142
SHA51243f17f71201f0d51f848e44a6d4a049808707235d9bdecda61664e7260cea0a01a582df3bdb6a3f99d98701ed7376cada07e5692a3024ab2fcd3acc345ad5772
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD55713ced0a11759b3d4865bcfa22a3963
SHA11336dec547d81d5687d21691b3a6e05c0471cf72
SHA256dd7ef50d6c2940884d4d52f5bf4979678b340a35f18ed3c9aa6600f34203f9cf
SHA5123ef18fd8620ba7cfa4ec37f35027d62060216fe9a6d830eb6edba941ac6cd1e4566fef6759c82f61f65e3ce5a903f696e975af6e6b626b2ccfa132a818ab2cb3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD5cc7566e1be441e64b22f8ed2bb4465f1
SHA1667c3a063d58d5b1282af4017339afaf78fa3cea
SHA256aac284c497737bc85fc8f2c01e7dd4abfa5268e4e794bd479c2da9b2cf956504
SHA5121a852b7c22d6e122552ec6b36a602c8b2b4a357c29aa2b5ffe1c53b1a13637ebee646d46f57349b74f9c175d46988b7ce9e4ad015db243f95f072db0bf20fb10
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD54be3536ef250111b76df3fcb684c116d
SHA17dd4b8528e0bd9d97c8a576ba4c3f7fe7273a402
SHA25628e7771b3a38f7dc29a10d42764f23f0c8a93c11c225192709d59d5b58d9cf94
SHA512366a4a161a91a9a9c7231454783a8d84089ff80be742f521c87d4ddd2c78f129ce4db39dc213b9c29630698aaff5c69ab7ba6e369b4b0a2cd62a54aaa1aaf42c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD5ca9e7b93c4ec457d622952ff157cb6ce
SHA1a69de2449d668e97817351e1a6338b00cd496207
SHA2561451fb9a95e8bc42309e185984e69b1711bea931afa6b0b869c46f767bb649f6
SHA512511f76e69f3a0b1c62a52dfc4a088ac57a978a0955948453c957bde1ff616a2279256f76a082e8001095b0fb7d4fb400c871cf60cb235b9b9c6c4dbf5a46c53d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD5f80de726717a1b86f665a6964272db32
SHA1756563484100628a1de4233811f5d64242f1a699
SHA25684064f371d18ee2bb7accd16cb721dd54a0ed440d8d6dbec892200b6d66ee268
SHA51201b0b49ce8c64e7e5049f8d11d308581d03da0f36ee5608d90203d97014010846da13b627bf4cb74696a7a63980a2f53df28308dc96a7868f96e62add6883062
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD544e2db69f4534f88c8062162bf5c00b4
SHA1cb855e68d3fcecadb545014edf924cbeda78288f
SHA2562d81fa6ec9de56543d77fae995fc67a19fb6c3ea60c1f9c6491a63b22ca3f206
SHA512d8e14987d42e94cf733ade6c8e0e636cbf4872e112d3b809c6e19de24d4bfe70165755fb93809db6bb8e7f5367a67511f286d6fff65923a7c3a28d9d6fda9de3
-
Filesize
153B
MD5a29d6d43965403aa88e48f69395adfa1
SHA146a0d2fd5bdeea0351ec38be300b447e94b0e0a6
SHA25664a018ab90aff0da6b228e6671512a3fa98aaf9718d887891f3b6dd54e65ed37
SHA512f77971f33a4fbfd5ebf84f67173e4de761bf27f6686bc84350b79eb7e849eac3c6b30573c60788a345ea564208b487abe35ecfc0976f314e8334ea0aee918a8e
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD546239e096561407516aa4fc4e591ca1b
SHA14ef752091f4d678cafb242e92fa749cefd9cfc54
SHA25644a14f0a1d432605d14641f48013d0735e82be1abfded62e0a8e08c608bde0cc
SHA51269dc31484897bdd5731eb9ee1cf9baf8df0b7470ea817eecfcbbce6508fa8233462c6ebf750fd1be2d515f982110d9aede553e2b6c76690f2748c7a30cf48b56
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD52a4c85baa910eaef0d6dd60e48f142e5
SHA168658ae18ba63143fd305bb02953e53c3f6100a6
SHA256aff20eab860cad98e703b5d1e232e08a914eb94347432f71321c377320bdc8ce
SHA5123427a672b66c6e402663fbe80c5546358da02590c5560bd6087bdf693a084b9f5bc8fc2c4e7f576650973f1570efb1f62b7836fd2d4c047887e7e4d597843e6b
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD5e69e60acd8c13a8b52bbafc2ff7bcdd8
SHA16850c9dd964fdc1e915c89751aa24de7b65a229b
SHA256c866fcbbc8897f3ace39c2390805e1dbf3c8e9fbba22351dd9fb3eacef837904
SHA512724fefa659ba78972b09cdee40a805e37c6884699201c0416555a8bf71ec60a3b3b3e9b3e7120d81db6b832868fe9a87b682b86931320195b933f0dc2a939c9c
-
Filesize
109KB
MD5b97cd0966aeb3ecea5e5471304f96e16
SHA186f097c9627a66a09ce27fdce4ed0c239ba3cf0b
SHA256b57081d6b93b8726e60b893067fb4cda001cc6444bf5445cb008491465ff88b4
SHA512a91d28b1efefb0bf7fb570c87b958776d69fec81fbf1350aba7868f7e8877251987b54768cca573423741f44d4c36d3a8717ce729c654344ca3beb1fa7b33817
-
Filesize
172KB
MD597c0b0dd69b979f2c729138fe400ec7b
SHA133ccbe33a5a943d3ff6b2689c3231b627cc929d3
SHA256a3b47a6593ba9b4d07d8e9c7fc1643819c622319e3e6dc22673055634a3c5ef9
SHA512c930b1dcdc7c59d492adf243d3340b42840323c85a70366565ae7fde6c0484e63cb17d72bed710f4ab502f7db8d369208b69da9f2b7d7ed605e1435280c30eaf
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD5aab2bb16dd5f3b10ad70427ac33a3f87
SHA1389196012f2f962b0644f9d9238e36df7e37c66f
SHA256952652ae4fd87a533d542a88c631e95d8b19960a781b466e676fb1081bf39f48
SHA5128fb3c89dfc71a3d0ddd0c60c71f6b5df91cfcded7300d4d7956e60aabcef32f199e3c50f42733e43ae21b7938db2b68570fddb9f0879986d340b379a5c57d767
-
Filesize
49B
MD54163b5d5f482ee88f1a70e86d98dda03
SHA190b02ffac15e38a24d4d47f5c4c8f27b52fa5ce2
SHA256a6fc40e01be1e14137f11f3e84087b3feeff8f518222b89001b679dd45d65f0a
SHA5125aa5d64ae73536f50ec7f602e9c2bc78006e324280ee856167af5780b0fd29edec5d1c30c55c192d581c10508a82a5651b2c7be2b4cc7bc8b7989ede34d5d705
-
Filesize
21KB
MD505155138c197170785f2355e4aee6a92
SHA1a73fe5d7f0ecb2f54ceddffb3c63ed9bf81a6ebe
SHA256f777613b11de1fc1aaa9a9735e7d9dc266ed3a5d9267a8957536b02d2fb09985
SHA512f0fc9538733765c1104d60d17992f324ceb0d3a74bb2fa3a813b5f3d97995a770c667a01eb9f215f928280aa85d4cb8d38af93c5908c07a85927e381b7c5f638
-
Filesize
1KB
MD54ab00a94d43e702cf439d9a7eb597b32
SHA1e2e060af05cc9e82ee9ac039443bf5dfcdc36d16
SHA256e4b6744921f46df7bd5eff00b265852b9357179060047c3ee3e3b7d86c54a99b
SHA512735e4bbbfd81b2a4bf0d53a105381464ad76769488b92903741db3bde0474d2586e48cdd5ea36980b576ea8789cbc6cf32f263d45136ac8e981763b7044f753a
-
Filesize
952B
MD502f3dc0bdcccbb314f1e3007d8fd5089
SHA1dfe4d1783edc99dc1fe115bee248e45f424b0f86
SHA256a95e8ac3a1f74ffa08ae5d88798d6652e91fc18732fa90dfbbf48de25cad97fa
SHA5120981f3da601c28be8e245912f60a0e6c75b3040a94042d381435d2cef11f2e8601007e96f5832a51f1e9979ea97116c2c199e9bf4de3f0423fcf98dd583798ed
-
Filesize
121B
MD5524da8d6221944b17e2b656bc1860693
SHA107d0cc216124b8838220907cd0e93629f35ff04a
SHA2567d21de81f1d038d9e960390d7466127974b4e388345e2374d7f4de096b06015d
SHA5129245db6fc90c31fd9869c2a084b0f25431ff7e08ed76ef63df5f5ab1f87d500c41e4d94c7c95104347d0d748a7515311053e65d06dc0142bedf9b624775e5acf
-
Filesize
1KB
MD5a99089adefae8026f41c25a8089eb4cf
SHA18b9a1125ee08118ed2b27fd7b63051474c198d3a
SHA2563923047c9d1af5f41329a3d85fa4b7f6ec01ab7115f71adc04529837b6cb0f67
SHA512ca15fa19ab39f38f83a591b8a5eaa38ed1b15feefbf983e0f7e58649b3cd1c801affc9a96ec33ca7bed5e52662148a6866fe8c6650effa7e62501606ba20aa6d
-
Filesize
8KB
MD513bce9d03b105879eade2e8f66f3ac3d
SHA19d810a4c1f5167b633f08be1a979deabd9af5207
SHA256ae9f8c94ae4f987f2e752dedc8740c5b26a189b11f6eaacdb97eb757902c9b78
SHA512208c16634179b49745e992358c6c8e8c1ad79fb76451e5962d7baa2d3f7fab75c91145c82952fcfdc8a2ce65647a0591c447f7dedb44d8bd3b74ec43698c8f0b
-
Filesize
61B
MD55043bcaee82deb3d62603d66e787e0d9
SHA11a23bff04182344c29197c1ebc74a47a8efcb24b
SHA2565a723d22f9b3906c2a67149a4900b0f60cf8360d9595c0acd0f5bcc0e8d037a9
SHA5121297e3855383f51e9392f54f5ccf4ec996faf02d5a4516abe80eb584ec686df8b4ab949cd26e03f99e3c7f09a186e0e0a304fa438fbd7b2c9408c0e82c37f05d
-
Filesize
914B
MD540c40407a6ecc5e6f5d5ec0d22c4c63b
SHA14cdb291dc312c36de69ca6fd260cd988e569e8fc
SHA25636ef50ee4f1550840e5a02ff7a2fde1de1369e81953b7fec8626dcce97239710
SHA5120425d48c033dcd728191dd333eba7c5b061adbfba8539acba6de160cc705369e30355843338da158fc9fb6d74162fcd3aec180adca1a6a49342e70f01783fd11
-
Filesize
90B
MD5390527b63509a407537b8ef42c99eaaa
SHA1ca7ec129ee236c8274b8330daf60ae927db3f0c2
SHA25627495b064ffaf54e67b27424f40a24a04ad26c0cfa12d3af5b94885aaea19207
SHA51252e5c9511dcc0895f2a8165dd4c0734765bd991e193dd7de78b2a39cbb01e2b1ef855789561360eeecf78a836bd44e1cc3c9ae621e6068fa9ecd54faa2f7d393
-
Filesize
90B
MD5fbe4a0a59c49c1fd4dd45970098f5078
SHA1cec9755906932ba4919244c7066073a4d8e82e90
SHA256aae047a2717ee99f0abf2fcc09f84309d52461d8e05c5ea2def69b5938618d05
SHA5121ada5b714f4a8c803d303de1665e84d4d46616c7aaddf1f208bd92a900608a6c23469b0ab4f5af730063c855dda39e0b5aa751565bdffd3493cff789ac0e8c45
-
Filesize
328B
MD588740c716ba9b1424c4ffe7161c0105e
SHA1aea3d61c9054cbb08c611be89a63e53a3a103d97
SHA256862eaddee0eab0a7a252a7ad84b30ef8022f05707a6c15b2c670c1f3ec8a2af8
SHA5125ce99e8fb8f8175482b160b0d45d4f7b0ca31c58cdd170f7a4338f029290a491335a1950170d4f2030b12da358880db9fb404952a70a0afecd2e302b97646132
-
Filesize
1KB
MD5653bd137f3670447539571642c22f333
SHA143fa002f26b716a43fa69ebdee6e9b91fc9e5b71
SHA256b643eb7bd8dff1f6b8f5fabca57864329c36b4dbf8794febbad5c71f5f48520a
SHA5120e64e5a539659a50c48c47382c6e1f81f4d0005be68ee245e539c6d0f87b34d2588255eca9a275ebda2510a5f82d2a4704da99caffd2f8418ce68285899b1209
-
Filesize
162B
MD52321d747cc8db5ec8b4d3148244785dc
SHA1212f8e64eed564c84468ad0f6a73bf6661dcb131
SHA256d7fa3492d0f4a6ee8e18a907b7fc5fc505b2f526a1c5ccb6c94bf7eaae84f640
SHA51245c8ed722e52d5e2f218dcf95f3c662f14a42acb336392686d501f89996e026d34483619fa36694d55252ee4107104fb36dce38037a06d2210ab537e7b0d43b1
-
Filesize
586B
MD52741a018c6a3ed530181d009bceee2b1
SHA1d4c1ab0c6f853729d01522b0ce4891db16e0351c
SHA2566546c18285f1d479dd3e51ee72b280326da25a84ab60cbb4b74afb0a42436156
SHA512d9dd4779339644765b7b5491b93d52e7fb627f389b63f9009aebdb3bdd94a59b1e635b23a854ea0766359626eb668e1b35239f7892c81f30a3235c6a59f34ff5
-
Filesize
124B
MD55b5421c0b0b54572a96574ab4bd53540
SHA19534b40ecce86a53618b2344c1d53dedf39805b0
SHA256f55e2e1983cb440c4e9f9a7110d6308fff79550aa3c76e09d03af7b088ad1fa6
SHA512a78d57af1ff2d44bc03ebadc77b748a0df5194ad0692a1dac2282aaf94e05caa5d2f1ae57d030bcd7512250bf38545e9970ea86ad57e8eea1e3f84a594e346ec
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD5d783e04d6adc8b00fde20f2b4d51f4d7
SHA1969dd026f8bf0d6e569b062fbb5e50481df6856c
SHA25682ae45470762e5250b804a7ab25a219d88e5cf319f442dd3f94803b3755c8094
SHA51280d907ca0dac2b1265de2dd2c10e80765297db3280f358a3532986ccf0b60d5fe71254c9ca8627627c4da550402273428d26428c59c70cb33903eda7a22b5f3f
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD51f1bf29e03529bd649743db17cb20460
SHA1a14b315c6ce89186f242e560c17045fa754c5a82
SHA2562f4766a954d04a747ee8d4e4c22652dc537d044d8fc4895b1233963372e10341
SHA5120b172091ac6d877c36d5a470b1b87565de44975665a423f05b1aa7ed1b2c92b5433e63e865702e92d6fd6cbcb93107ac4959507643bdf0e1927b04172d1a274f
-
Filesize
8KB
MD510ef302424ff49275d10ecd69389aaeb
SHA13fe473bd17113893a3423d4c44c8ebdb706ab6dc
SHA256aef565fce959507aa5bb9afd9f57fbbe73411c84cebec88f548a9c4785f9f1ea
SHA512e5831d84f6d748eaaccfec945cff10d64b2c9805c28ee74f40b32e9e1b73ccf70883c104893fbb3943512b35a7cce2967e1342d6fdbf36199069a693fd4d845b
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD5d00077e97c4ebd02c75ac156802cca8f
SHA195a82890fe15602f6532395ee91a91232e5b1247
SHA25633cf7fef0045a4721fc4c9e9c345f9e972f923a6325c0db70ce3c0c191925a2f
SHA5128d70e432b024f44ddc6c2b7116497569ec13aafd91a6bbe46c49e8634bd589156f0b7a4908ac618838a54cbffa0a9b1c4199a1897b2edf0d1618b51b138ba90e
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD50d983540feece38506a94af317272578
SHA113a2ffdee659a54d5a693974c6c23d8f7539d146
SHA2560d495f1a64d817b7d318372c276b740a7defbbfd2a272a0c5405b6d9b2d0c8e1
SHA512d570d7d491bc1613d2a3739fc4f5e58ca53379659c3871af567d180aea091a215150b246af82933ab0b32ed3b38b700977106ef88ff9d1ea28683b7ed33c279e
-
Filesize
880B
MD5c09db34c1b9e4e1947ce357f64f1c715
SHA13bbd60c1b7f757bcab33b5281227fe51502b28f1
SHA256cf1b3ded7677a71adf975110e63f423bac63262af56053912bc3a47ea185c6ca
SHA512a7276a2ea4b90d5284b17a76479871a1a9ec6f0bc0899b7ec710bf118ad3c3d11451f3c82b7f6048437cf624228f1bc2fa9545452ffabf0658de9c787ea0df47