Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
05-12-2024 02:11
Behavioral task
behavioral1
Sample
c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe
-
Size
18KB
-
MD5
c5685f5fa36e213ec544afe808a5c387
-
SHA1
4fbe82fb179833630c34f1581ccc40d1973513ae
-
SHA256
efbce4ee31209150bb8947ba3452051b0e0611c3b99d74add93e1dbc6151abbc
-
SHA512
cb4c11070a0d14f6785b07bf081acca5ebf972218c199cb8127ff8a8e3e59026b6485d4c2c40e1072f8dcb85496448b480a1cab4db007affbee38be4b4ff0845
-
SSDEEP
384:aebFNw4Pk1itKkpAjjI2YpdmLx00naNZW:a0FmBkpKjPYpMruZW
Malware Config
Signatures
-
Renames multiple (2204) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Ia1lo4q9htaIVqA.exe" c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\mdmzoom.inf_amd64_neutral_dd07287cee791f3c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_logical_operators.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnle002.inf_amd64_neutral_c7564163ba063094\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_troubleshooting.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\faxca003.inf_amd64_neutral_5b8c7c1dda79bef4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmdf56f.inf_amd64_neutral_26a79521b746fc31\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx008.inf_amd64_neutral_75545721835fd863\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmtdk.inf_amd64_neutral_e567adb271831b5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Programs.gif c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Automatic_Variables.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_scripts.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_pipelines.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmsun2.inf_amd64_neutral_242c76ad2e288fb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmzyxel.inf_amd64_neutral_ed1f16b3d0cae908\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\qd3x64.inf_amd64_neutral_e8903726d63a3f07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Special_Characters.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_type_operators.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx006.inf_amd64_neutral_cc725426972d1293\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\replacementmanifests\WindowsSearchEngine\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_script_blocks.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_parameters.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Windows_PowerShell_ISE.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Switch.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\XPSViewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Path_Syntax.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_objects.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnkm002.inf_amd64_neutral_7c42808e24ebff99\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\040c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\AppInstalled.gif c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\wbem\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_providers.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_WS-Management_Cmdlets.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_arrays.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Ref.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Continue.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00e.inf_amd64_neutral_0a4797d9b127d3a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\he-IL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0009\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0804\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\sv-SE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ql40xx2.inf_amd64_neutral_b95932400326817e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\sppui\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_execution_policies.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_command_precedence.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_requirements.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_If.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_hash_tables.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc10.inf_amd64_neutral_2c5d0c618dbfaf2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\SysWOW64\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_script_internationalization.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\System.gif c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_CommonParameters.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_FAQ.help.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Program Files\Internet Explorer\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files\WatchPop.avi c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Program Files\Windows Journal\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\Stationery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Program Files (x86)\Windows NT\TableTextService\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)notConnectedStateIcon.png c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\ga.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\Services\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\System\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_OliveGreen.gif c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\header.gif c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01304G.GIF c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15019_.GIF c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_up.png c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.png c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR22F.GIF c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\glow.png c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SLATE\THMBNAIL.PNG c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Earthy.gif c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\license.html c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14882_.GIF c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21334_.GIF c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Computers\computericonMask.bmp c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Program Files (x86)\Google\Update\Install\{5059450D-F254-431C-8EC5-1212E61F2D77}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115867.GIF c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\TEXTVIEW.JPG c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VS_ComponentSigningIntermediate.cer c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_left.png c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Person.gif c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfig.zip c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\drag.png c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15276_.GIF c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Program Files\DVD Maker\Shared\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\403-8.htm c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..verytools.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f7631856561156af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_mshdc.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_21767a0f383a035c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_volume.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d6e698c3d9cd5581\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-msxml60.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6aad367e92b2a27c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\security\database\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-appwiz.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8c4d044e287f54d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..gement-ui.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_55fca664dc994c6c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..-multboot.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e593ee7f79d69741\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..interface.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1973e8a0f0bdbae8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-festival_31bf3856ad364e35_6.1.7600.16385_none_121f20b55f0bde68\Windows Notify.wav c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnep00l.inf_31bf3856ad364e35_6.1.7600.16385_none_b2881ef0c3cba5ef\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_es-es_dbc7c5d1d33a67b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7601.17514_de-de_f1c4ddbe1d6460ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..terprisen.resources_31bf3856ad364e35_6.1.7601.17514_de-de_cdf812d16a0d5678\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.1.7600.16385_none_288d1032a5dc39a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-d..ingfolder.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d97df67368afd916\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..w-devenum.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9a152440e334ce4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-gamesp.resources_31bf3856ad364e35_6.1.7600.16385_it-it_96f3d2049dfb9360\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-iis-adminservice_31bf3856ad364e35_6.1.7600.16385_none_b65cdbcf116dd7c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wiabr004.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f25f56016ddec074\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-win32k.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0abd8371bd7222cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..s-ime-japanese-help_31bf3856ad364e35_6.1.7600.16385_none_cdfd15e4a5a167d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-mystify.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3688c21fca8e8e9c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_msdri.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8707b65cbf399cba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-takeown_31bf3856ad364e35_6.1.7601.17514_none_58116b392c3da43c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-syncinfrastructure_31bf3856ad364e35_6.1.7600.16385_none_f838d0115142247e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-downlevelapisets-shell_31bf3856ad364e35_7.1.7601.16492_none_cf025cff09637994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\Media\Calligraphy\Windows Information Bar.wav c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..g-utility.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_99d253ec131170af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-rundll32.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ffcf9e6ec437b6f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ab26c700600ca015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_nv_lh.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_030adc4be09337c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-rmcast_31bf3856ad364e35_6.1.7600.16385_none_bac7682ad5fcc812\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_6.1.7600.16385_none_3b3f55233d47d4f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-a..xtensions.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_614b5a4436387edd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-fstexp.resources_31bf3856ad364e35_6.1.7600.16385_de-de_eed64218b8a9375d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-n..datastore.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_11f7e2e40b8be7e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_it-it_32d323ec6e85d609\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\inf\.NET CLR Networking 4.0.0.0\000A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\inf\ServiceModelOperation 3.0.0.0\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a3da82d7e4539cf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netb57va.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3303bab87fcf7cdd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-mfplat.resources_31bf3856ad364e35_6.1.7600.16385_en-us_04b29712979b660c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_fdrespub.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b4b9b2ce2161b0e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_7f7284b09b6ed3a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-d..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_03e71d59e3b9d62f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_0dfaaaec65b0831b\calendar_single_bkg_orange.png c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\91ea8f85079a8ae11c420ffe5c8e5988\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-alg.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b0696bc62620a633\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-c..rformance-perftrack_31bf3856ad364e35_6.1.7600.16385_none_b7c8281d64919b46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnlx006.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_16b870c24298b7ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-pnpui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b19bbf374c3bbacd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..ion-reflectordriver_31bf3856ad364e35_6.1.7601.17514_none_764c15a2f476f130\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..river-wmi.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_74bff82ddc8da91b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..lorer-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1f5dd695bc9d404a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_server-help-chm.snmp.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d1f0cb7ff95d6c72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7601.17514_it-it_2e02672bfdf9a738\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wave.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5fd2d5ff3c8c8f33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-autoplay.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_38f2b07180c74350\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-l..essionale.resources_31bf3856ad364e35_6.1.7601.17514_en-us_6cfcb6c3e1697b1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QZQVAWHZBPQSJAP\ = "CRYPTED!" c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QZQVAWHZBPQSJAP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Ia1lo4q9htaIVqA.exe,0" c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QZQVAWHZBPQSJAP\shell\open c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QZQVAWHZBPQSJAP c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QZQVAWHZBPQSJAP\DefaultIcon c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QZQVAWHZBPQSJAP\shell\open\command c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QZQVAWHZBPQSJAP\shell c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QZQVAWHZBPQSJAP\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Ia1lo4q9htaIVqA.exe" c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "QZQVAWHZBPQSJAP" c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\c5685f5fa36e213ec544afe808a5c387_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2736
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
298B
MD56c176bc43468e6a76016bf3048cf380d
SHA14bdb98e2e0c4dbdbf272fd042214c9b9344cf271
SHA25672a527578ad30c229e28007a2fd017fd9e0a486b96817f823073dec895d038f1
SHA5121ed9603b56913c85168f536af5c0941363b479af24856c8c84bc036c92348cee1b213aca76531f26b29cccff4124f312fc30d9772d208678e568d5a803c4dd28
-
Filesize
341B
MD575c31f646c08342093b6a69b30eb438f
SHA1eee3c41f3819c6f5e7bc3648fec3c6150d8861a3
SHA2565f3fb6c323fe3d2710465dce48ed6c555f4d865d76d8ffd466a88f49144b717e
SHA512fc4def364d1c541fc18838432d70133ee9f31ecb78c165c7aea34f8af4a0b82baf031eac82b93ebb6e8456266ea075ef6bcf1516a118612d2efbbf54c13735d6
-
Filesize
222B
MD53a69e59d002f1a708109e4f09c38775f
SHA1313bff2140dfc2b443d04eac4a4d83449abe7fb4
SHA2564a71f1143521cb4bf0a471a2cdd40d46937e09cb198c642334339eb407e73b85
SHA5129d2640dab60eafbcbb1f119c1c3c6e27603c96fc27a91b30e7dc139f7a3311399589ab7ab52ebde5ccf78026577bfd03a46d9d04bdcb44ce56c572b28e1a714c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD51d4d1e4aae642fad33804b105c23fddd
SHA10dbaf247e431a9ee03cbd04b69c4de408c0cb642
SHA25692ac55da1439ecb479ab5a525e80a7b7494f98337f5f676de23189db69c9430d
SHA512fa4c90a00e1bb142c32d0d46e8237cd549c60f0c1a887fc90c8e06088cd902b321d97d376035d366873a48a0dc94c5a0995931427da891839671c34e4e2deefa
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD553b95156f843e0c8ca9e15130cf4df18
SHA164d0e231e404a1b7ab7c07f774737002b956571d
SHA2569c59a80c160738f2d6a9c1b2bc51eec32c7e2576b48f5333965c227a0f286bff
SHA5126aa53a0507503904f8716be8f89e3c066d54d654e1bdd5e3431d78ea06d7c9c75a53fb2dd5591696fc046dfa5ca331d6bfbd31e2cf38defa91331b930f2d3a4a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD548b89d25c1edf9a4d0ae325da2daf747
SHA171acbf9cbe1e4583c53f36e574af449ee21c4713
SHA25685965a2c98ce779d697d276e4e266ff33c764692dd7b1b49f77c9e6554f7fa1b
SHA512f726893b872cba0cb88b69103ead757f21e0caa5c653124bd4cfb39f66c49ebee5127005f24a404342a266cda6345e691d89174d90761efc41f92a1f9cc0fd7a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD56ec217ea807113ca05b740cc927f4b4c
SHA192a39fd5385295e3d031fa8108ba62f917bcd2ca
SHA256b23f0c600282e784116140737fee3221769272c1d26ec716b509f2246ded8bfe
SHA51238e867d2faad46bd2cb6b4933cf8bc5f685be2a51780493869370e49632faed684edae6f3159b78ab56fd265f8dfde2f895d294a77965113496041e302ddb60a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD5a5f425ba0b127a1aa09290e22d0b483a
SHA1909eecf1e5c673c4a1da29c479cae415cdf7554e
SHA25681d76df3d6de91a5c461f7ac71f8484661b01d6417ccb7d89eeda18438f757b4
SHA512940d69d21f1c375e624b1c681c13f3134e556af259d8e3555ddca111a65b976f410e91352fce444fe6a0637e980d34dddbf2146f808feebdc6d57199484f37f6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD5c320ecd442f18a2f5356554e8ab2f47d
SHA1a103552a46f945807377a08301cae5bf061035be
SHA2560f0c62e382ac7e28a9ab80a13539b1a23ebe4267c88ef8b57facd9fabccb0e1b
SHA512dba1387b2279189e2a343ab14c2fcd7e93c054e9edeea92dccc4528e22c77ef809b0e893220471528ea1a21d6e71bd903211d3bf58222c4a5ef9982ce373586d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD59308fac1ca216409d8f960f707bbc414
SHA12532eb6d52d6b1af567a92c8afd563fe845d8782
SHA256c56c945308b87d139d9e14eddeaf0433c8c5dbd3decdda81cb735b34b7dcc8a4
SHA51247bf21b4c6ca9b137e5c0afb8a9dc5b00a49bc20bc21fe6b6aa4c243f34061c0c0e030f3f88c5528bcfbd951f1439fb78495259e68305e074fc7b5e7c3740724
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD5eb3796d7ecd1b9be66ce2910b752036b
SHA1e15dcde5a0618072cbae2483003cb9d1c86dd485
SHA2561ac4060f9915dd3de7d6c3bf45112992414c1dbf82961695edad491459184c4f
SHA51240e187f82d29a0eb654dcf71b3211e5561829af34b53f971a323d5003700fd8b8e08484e47f1e3d3e419bb1875540cf4515a73e559ae1a0acb839b3b4df28a00
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD5beb91976191081cfa7ba4ef89a6826f7
SHA1be5c955694e35180cb32be7c495bc7d12c99e4ac
SHA2564ab7ea39b1e33f77b194ae825be1c6cd9f33de208014f964b24fa6d2cffbe147
SHA512ca6b7af01227b2913b8599053d0444022009fa0516cb68ccc1c486716844f5ac4638dcc2aed218a41b6acd4ef1f166d42308c43b55e0c56f6db5ba014e0e9581
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD5c017b9a020b2aa3d7b2d5b68dcea855e
SHA12708d8ab56778c241ac276f55ff6d0fefc8fb4c8
SHA256b9600899c37ad599c4ddfded92ca85676ce6a180683687a88d57fed8b474af41
SHA51257e97d709cf962d9ef32acf43ee1c1547eddf67a36ebd8fda39391cb5c23ac7addc75d629a34b52df113e2954cbabfabd2a6aef590b0cb586707f5026b1215c2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD5b65764dda4bbfc859c39af8293898ac4
SHA181400807cb9c138222edf6eac89a26b195cc0ec9
SHA256c5dfee7475534d92d8049e354542d134861cbd9c13914be45dd0b4995d4cb601
SHA512fd041874b7e29281be353a58252f9de04397d694e62616792300e069d9686ad03c31bd76fe2ae8c33a859cf2280fd7b69417a05ab954b6393daf23e1381c2236
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD563a54222e3ba67becdbf51ba3e8239b3
SHA11a934294beac0e2cbed5015acfd8de0bddefc83f
SHA2567cb9ef6781463675585eeeb4602a0173d86698b988f2d4efb1b357c4972c5a1f
SHA512e2d48100762abf2a2db4ab2523c4015903c66a3c8f7d12c142a1c6817c2d3cc728d36685fc6d27b5f6b3e0af92bd4b4cdacc93dd0ca9d364ec2fd4e44db78b2c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD592f07ee3c8f6fcf74f1b230cd575d4aa
SHA125ad87ecc337d5c0f019dd283894510cd5e18036
SHA256e6803ae1a7e903d5dad05b059c9bfb6354eaee628ceceb0897838782f4b88f50
SHA512a033e352338e7bf1db5cc0447f81cd1df736484052f40393906ee366f635a5b37de32a249e37619ab025f92b97ae4fdc0f3d8b988d3b9c2da018900c05086c02
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD5eac8ddc5da7fe5bff53828415e8e8405
SHA18c6ffaa9551933e7a966b5046678f155e6e72e86
SHA256dac83bd0d929d795e9d1b1091c14ccdb6a5fd79c5d7250c61de9a7b84ab62fdf
SHA512b200d81efb40c098fd0cf730cbffef8e07782cf30600f27928f60e62b03237331bd87070c830f07e0253fca1e865b40c2cc9be8baeaaedea87bcf5aeb4f78830
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD5affb5c0d6a388022798325cf7fe0e365
SHA10b2c1040e92eb01d43311d672013bbf048d12bf9
SHA2563dc15705c08d956f295dd838bad89e04130a015ba2580fc6d7797b19c5bcac48
SHA512ef97d82e6ff68268cfa25f5fca67a843fc4045004d8f381a2ca4fde72f97ec28a0b010586fa7ff5d6c79dc293acf9f8fd0c0a64de0425fadfab680e5bffa88aa
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD5d8336b15cd9c79561140a2620beec463
SHA1fb154da8d952be93ba02a1db45c031ecaffa7b66
SHA256bf78f66f2267e507973ea085c50a53c6bc1d521ebc740b467cf5e73fbe952d51
SHA51251da1b301ae0580b10753b7c6e3a1ff6cd59f62bbba561683326cd063b2a1ce1ba357d2998c45f95984327c6628e513493526f4443ea9f2a178501f77dc2fbec
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD5b242d31ce9617d02c164a1e2ac3c3f09
SHA15d09afbf58d008557d80b8c185625fe950d4d574
SHA256e7662f6e4266cfea3b3545c84828a14d6263ff4817657b2e43a0bde1e9168761
SHA51205ea0f71c8c585a383327fbc6c27e7f63531b749c9efee29b03f3c700baa4715d2d1d7225f35574b4bc9488239796b404d0d6b72645ef4fc209a064e96a5b692
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD5beec40f074c92cacaaa45b8bc9bcdd57
SHA1e23c2b75a7b3c47ea62ed8d2d5d378c53826b0df
SHA256a114400c5224e1209e343e49cc3d4b5214c14ad2d634d628f5abb19405f19e5d
SHA512c7c764b2e37f5ed694d2b8cadfee29395120541b2a1f689a044266c50d3aebd729ffc39d8fe15a6166443f5bcd8440d6f5c1a9deb9b2f607cfebcec820490145
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD54ad40d60fe890339100094b31ccfd24c
SHA1d041be5ea047fffbaa7ffbefe2fe0518b80c9131
SHA256410b4722f569589807653716a207336e58059e7f17ce2fb2ec1162afaff56e1f
SHA5120ad5222a67d1bacac78f392674929b6f5a88704d56036471c31b2c5ecf94316b3b5670f4f4787bbb13528ad926760c27a9f67c52cc741cb13aa297f84a705c9e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5a4edd2e8414a2bad7fa57fd593cf5516
SHA146a256494dc6757b96337dadb633fc38992e320c
SHA256d740ce96bca97af747b9a7fe621931613c4ccdac1cc83ce8405c2a03d29460d5
SHA51214bc83b65abe0b75d66b9698520fb46dba2e41ff01adae652738a50b1cefd266f9d37687ad9c8d956d2b4c7ab1f7bb6ed5b00e00c6765a8e23473653ae8b0298
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD5370758c9677b717c0a53e49436138a48
SHA1099eec0689d71fd7d3a18646f401acb8f6e6f5d5
SHA256e9363ca406bece6fc8ee20cb16e6a03ca62b7023f96caa7d8c5863cb7d35876a
SHA512b837b1c1c53edd58bfe38a21647442ad44b5e6dc24352dd45e83babf094ff7ae6ac1ad9c42f671ccf9a591b863fa4b1ab92a44c6e8684cf356aed3d6382994d1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD537083b448980b2fa529d7ef4edbf6e7d
SHA185f8e84dff125aa4a3fba86ff21fa301ac2e7197
SHA256c25bac09c264199c11f1e6f211566dd44133e9023507569cb757b9a3b03b4643
SHA512138d2885fbe5ea8afcc31ff367d21cf12913a64d2e1958924911267fbf5b024f95ace9a59b6f7990dca90cf375248095ef9d560e17eb0ec49269da5de2a954c7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD5dda90186f53803ad048d2be15be3845f
SHA139dc8efa5ff4b106d8b4d0c8ca23bcf8cca3825c
SHA2568e77099dba3d7f59bd853559c9bc5b52191388c79b0a4fbbc5a7fa197d2f1281
SHA512cd87989cc9f829c174858ce532a9cfa5dfc81d00a2cc1c8308a728ede8abe0bca3f79ff846a3a34243c00eb704e9891228e3fcf2fcb5af28a8248b7ff7a3e8d0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD55c68be97ab9af23864bbfa3249209627
SHA171ebf0059ec33220559c6f5ee732546622c4479c
SHA25634c09cafdd79b921b111a222368e0f84ce4eb6450d4cd50a135110dcd1040c46
SHA5121fe0d69fb79dfba475b103ef9f98c47d7576c13579913032edbb7dbd78c923914ecdabf4e2506d74c32fa49cc29f6f9ea9bdad020293168e8ee2f21208a95e91
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD5fd365ec0250fe5d75c465f3897de7595
SHA19bf721488aec895a0fd8a512763500fb57f3f8e0
SHA2568f771c05d5c396b48c220166395bdbbc9b34ba56c34e1fe0479154a096cec801
SHA5123846e644dec78c715d451ff09ab491e2b6f17c29c7bb076770486adc3c3c282b9fa81dae465c2a05d4e4753ead8952ed008f216b58747f96e521e1dd921cd77d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD50290692847ef04acd8611acad307ab1a
SHA179d02824c9f1ddfdb3d501d3e2f3f34af86852ec
SHA256d0e5df4b4626f9e1f0377d32f408813ca897c4e0152802b9846ebfb3b4db44b0
SHA5120779cb60648b7b1100bb35563d6ce60c92802c35a1dcd38cec63e6c1712ef12b5c94e905af57b1a922fdd4e3b4b8c6938a0015329af9bc3bb00592614697f7c3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD56fd07c4901f13e18e90037296ba5330e
SHA190c855297e6a083aa7291d05108ebefcedd21c82
SHA2562a0d474c232b0b3a9f256a3b05b5cb7e0082948c62b9bd771fed49f5712d4257
SHA512b193a7b589448b479fd6e108e15f17cd0124fbed17720a07807bfc92f8138edc7f25b3f08b7f1cb84bd66741925eddb60e0f625376ab41a8ace4be8d32e9f76a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD587fc7e69449c33f0697e008525b6a6bb
SHA1442a54a66ad2f8193f93296e003fb68069c9f84f
SHA256d7fef3d093a17cbdba09fa5ccf086b08b033765415f124a1546987ae977a38f6
SHA5126b74c7d382fbe261611eb1d2a432c0eef45827c978f0932f9b32a247f733d0dcf3ca94e9c00b08e848e503eec51a5ffaf1a47e6782b2f79beb2e7f78d6a02171
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD5a3cc0ff9f222c8777d275ad0c6a3f8e4
SHA1ebe03335ac28a6a35e99a11edc8302e6ab0fd1dc
SHA2569932be1f07a7c8bf0c082e421769d142982571e033ea0e0314336df85aa85bd0
SHA512828f61094693fbc7873865a495868140ff0dda1f39265020d6cb2b71905fa5006029a86ae765c403b24006b51b11a528403decb940234db04b6c8ff824fd7787
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD540158cde36f23fbee906fe5def872899
SHA1d14684582feabfd87663a30b94fc13dfce6fc42a
SHA2564a87a9c2f0df05bea576e922aeae50866bd68c0270f1f21d9661faad0e63010d
SHA512286ab50694a7a089627ba86c82c63c443bd5c8f776250408a355fc52c4d5d4c0520d4f73d2219b7bff41d42ca43f85ff324bf238652a5be1e8bbae0d35b8d804
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD5c24ff32ba12dc9da6ab5682527218177
SHA1adc994c12710abf6cfe1b41b1976e2436351e003
SHA256c35382a37fb1aac83854b67a9a660e509fb0e8a0dfab9884e8cd26f45ef1d52f
SHA51280e4076bb191cbfea1d7443b10a4661b277b43f1a2a626fb87448b7a8b4306da5db0099a3a71e92ebae1aff792a8ba9c5b708ab07e41472e965e1e878c9e53eb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD50866032633285d73cece2da9a6b57346
SHA1315d7d4d05a49812925bd179a93b455a39d0485a
SHA2565cf6f2a12ee581173201389527e2d4006c2c2f9bbca9e7d915990c46825474ac
SHA5121ef75beb7d7c64dcb5af139aa56345bd0e7835c650ae25fcc222cd6bcf0f74c47c5138f12ea10084a2305e4e344acc7bc510f8cd1bc17f8b5e5292397176559e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD5c187b35c1b3baac7f3deb9f0cf70ac04
SHA126e916c1ccb00dc5a4440fd2125faee3acabb3c0
SHA256f33c0c7700123e51b6ce9e64ef024b68e0697ed30232f5c9faedb72c3ce99176
SHA5122c64c859469d7a8331e3c10de1c9b7cfe07a365ad43161a1de84194fe77f3f34a2e839c82d03ee2df6b84363c97d32b419337975e254fdca7b13ef442c2c5091
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD57fe8a2dfbecdf32d3ff73945b8306f29
SHA1ee93d9740bba6aa04ab36e76bba2360ad7ab73a7
SHA2560743573909cbe5fbc29d74f59b1841656148da2774e2cd97668fa5b9888823ca
SHA512c9379b87e5c737e8ce96a1b975d5428d678d6488443efc4368fca3f162e89b36311eed86e156f7d95c0588647add0ffbf423412b48b273adb680cef7afc3cb7f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD506bb0bc2bb794c8cd152cc81fca3af2e
SHA1281fe80478c4f477325c8755ab5b76a6a20d2b53
SHA256997b77470e1d65c1c2801ae4a04eb4d54fba3102a96c82dcedd43d59ba5a240f
SHA512452c1d9304530946907f43f497cc3135773d8097e576e4b10c010220aa7c4160a26b8e06f9095fbd0a9b5caa853bec233a1bff36dabe01446da4e1522207c569
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD5acb015272d504dc170c7b1f02b000ed4
SHA117befbe8698ec83d11c35e13fd95700f33c852dd
SHA256c741db067c30517c8962cf9968ad75efd1d8ea5276f8aa81746d9d78e4dcbdda
SHA512042478a8a8f6571b633afe98460bab29ac25cea029d05dd27fb9df39d3a2a291d12b9c0101d7b222d4332eafd2969dfad19640041519be95a06bcb8f5b11be51
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD57cb22a3981e8fddd1b37cbac9afa80bd
SHA11290d050e2336320b29658de5695c9eb3009b3f2
SHA256e83b618dba56fb52f55edf23dae7b275050feb24fbb5fa9b1c77049abeffa410
SHA512a153012567ed9df07886769144df29819146187e5824f1a6d94cb2c1fd30a7f9cc32ebf244262ab021295c17af4606f612bcf645d9d026bc45f813db6fe88152
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD507c348675490569b46940b65d86387dc
SHA16bcb091cbb2719f99176611c1f718a79d1962cdb
SHA2566548d4a8db46d0b930132aabfa98e9303fc803400a71f24048daec7e1b933f4c
SHA512a5fb059a71d7401fa9ab37350dd99ccbbfaa6c6cbbb83cf40d0d9e7123d56d4312b230008167a01f3b52adae79feb6d281f858c21a5eef3c2319d48fc4a5d119
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD547f97f5e89137d13656abdea6f4e1789
SHA105a78863a895645cccc65445e46e470168e4eb95
SHA2566e712171fef83d2b21ed31f0128273b8a94ebeb925cf5331f1b8fee2a32f5d93
SHA51247528675b790292020c575d8bcb6017e05a9248ae51c6dea4c2d5e37fa379912320b30842d3458efa63dc1351e0e1b266a9f57745026d62b98892deab8d19322
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD55976abf2cabd5741fe91546b855e0a37
SHA1e846ce5c0206787cd3fed5cb8aac4d9355354b7f
SHA25643fe0f04f2e5a50411eb05bcc4ba610c55790455f98dddf2d3578b0c19cfd40e
SHA5127c56fa903db7cda82a28d3c0fb41163ca2c68f70ff66ef285640672b00970098adf7e93771ef5a97b2b9792d51ac8fcf5195068ea0846b0d4e18ed325068bb8d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD58dce598298d35cc84c3e1fce8657d4ba
SHA131c76291054ad087da7665d4a813d31efe4d0e5f
SHA256ff80a89d3e92004f3740f70809e85fe51fb2c2c3821e1376683603658c025467
SHA51211a19de780a993ce4fa92d5c72f4a33d534cd0d5c6f6efbcfbe940a7db655f9bf09b33aeecdc24c33dea89d1cb633916b7a0bbf265cb7f0b6ce6ca49780a90a7
-
Filesize
580B
MD52dc6f654cba1a3fe27b7502edf531f26
SHA146d872f473134967ddb5071f66e39ca68c1414f4
SHA25633e3a21a89cb45f06f5dabc17c9f7f8f486353645b470f5923c33e9818c611cb
SHA51259636b22cc37a428237222f19a951217a6c20c8d1f75eecb410c66964cb43814e0c80304fe18bd1875095d139f0d6050e4d8f853011c21aa68cfd54b0c33959a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD5d8506d9086d9470650b78c4a81f06d21
SHA1dd7604171a39731b01acdbd4e6d0f901eb3456e4
SHA2569d164eaca9f03bd5dbb4feec1dedbcc94907dc398d0407b777e3b1c152d3fb04
SHA5129fcd23d56b82c4f7059e9a6b78c5a36a7e80b679bad0981c6ea84684cef83a619f835a9bdfecbf813853b2a660444cfbd5c844b67fb275259dfccb54ae33d24f
-
Filesize
625B
MD59e15d5432979b0630f5a0befd837d2d9
SHA162a25d28bcca7b72cb03c9d103ead9a4e03bd503
SHA2563ca135c5a4e1dcd555423e8f43f0057ad61b2f075a79e574d72b3ab07bc066a5
SHA512752a7668dfbe296983084ecd59f045f25c6530b883fac3bd8a612503f4b24b0c9310d68a066bba4f2b001773721b4d003658bec71d1184d7cfb10e29e96483f1
-
Filesize
873B
MD5b9ec87b84368747ed97e3d513556cce8
SHA1db453e1896bfc9c06c23aee5658c8b9419940a04
SHA256e55b4beea1b8a6c3be470c2742a64463194a48a84205d0822e7499c559053f47
SHA5120d4bdae23839f88339e2c49b36e112ed92c4f58508b937ebfd81920bc7856b1d3bff53a9e4e8d9b116626becf2150a81d4a250f887c870b01b22b4d302779522
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD548447315daaf6150fa5b16394f081db1
SHA129d8163f5d73c5dfcbac005fa3d77fe1317f5529
SHA256533de197c0933ac16432e06e9bc9d372de1bc545239fdb509fe6d12619516202
SHA51280ef824b524b3e9e0b76ac83e8623c585f6a1d511f67df896d64adc10015ce6ae07734cb3ce4e119fe6ddf47d96e54c0e64f1680690b0661e3da05543f888647
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD572bfe84603bf8604c54fede6474d3e74
SHA188ee5fb5b244a6a451c7baf59d8e0b4edbaa8866
SHA256c3a09663b291cbeb82963cb56c9e123f289b1b4ebb2be4887dfb41f95eba363c
SHA5123d4ca7b83bea9c4355e7198e243b41778d3f138c36faf04319eeafe6688c006d62d43865a7050353b978f7aca853f66825de2a8e31de9a213fb80d621e8794d1
-
Filesize
615B
MD5454e5b0dd9dcfd6f8b1baca8c81a812a
SHA1881c1890116ce01c9a53e96387d20cebbf730908
SHA256088cbb8a6ae64b2b4ef12d1e004cbfe613fea1c306c69a2f36867e7740a6d8c0
SHA512f57c6cf1e70c8d48c7daa597c40931a38d942858269cb19cd4a56f91fe9e7f4301961f83ae3827d31df393eb04869ce9b593c6821eb4689744fae62f6f24e584
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD5f8be72f685ee952e623413d0b70a9a0d
SHA1e13e36f637968f6d15b7922c9dba54985ecbc446
SHA2563f864bdb947fcc0ef863611e3ed9246b8bd6c4fe1371dce54cf3d2f5b69a2090
SHA512698e931b34015002ef98c5d22835e70c85355124358d5d5dc9cfc265c4f98a59bdaee1f395c4d7a78e69c4468a1fb517a05b4ab5a5888ed7afa65030b18b5d11
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD593b1fcb26572e5f46008519fdb6b473d
SHA15183f38254afe98815911c977df68498f4451504
SHA256fdcb04d1dc59d54fbcab348520140e3c6d27f46c53483f127a4b9c702813723e
SHA512ccc299f8b2f4b91be84411b191c9bb56feb0ffaae7bb6ba562ab79d0c9cd2957be95f046e1d38dfe1e902bacf46a8e2e521c528950a4cb95ef05eb8fbaeb90e0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD53a5c339e249a04af782c35d685dbea35
SHA18e56b35733a465a1284e4eea495067b54d4385ed
SHA256cd73d7f17d96400849b90244c3ad104b686b9ac540c4869a7198dfe26eeed5a5
SHA512b69a67552c7a7f2f0f72fd2adb1071ea0f7be0b5ff8e6ea38600d907a95a4f500fbfa373c53d4dff11d9ecf6839d9e61d0537e1f0904d57eedbb05cef2f70665
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD5ff82bf06d9ba9089af0f26935077fe63
SHA1a939c40160fe7c7747673b027ffa67e58f8bb09a
SHA256509a47f574e2277f80fe442fad0fca4c8e3cb5cb8ba847b4a266144dcf088678
SHA51239bc15492d747b24815c347b862800409b21b3200400deca9377aac7d4fbc74d2067b7ea2f53cb7be9fe1eab46b2c1bdac667664cebf345c02394a7ff06d7755
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD5d4df72789103ecbfbdf40b7e60ac7190
SHA158a05fd53a1de21445ba47f0a7c31fe5cf1319f1
SHA2564fc43fd61dc5a0d4ec9ee563c9289e28c1f5a04b1c835da901be6c46d75e60ec
SHA5129196a303f30d4b94b17729861874b10aed2b25a9cfb52c0b6f41e085ab7d32f1fb46129ac5714b0c8d7085bb16f9f6bf5fde9ae3bc3dae0b3b08785c54c5e21b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD591b852d3f6275c2856a45d9c24adf259
SHA17f1bdfce9fc58e32c80ff5f763bf407bd153cd75
SHA256febd1f62125153f1f58fc0f5ff26982b76f274ce8e0c7168d82afba209af15e9
SHA5123d62ac8c70f4abb00511301077d655820b06883af79df33f2f9ad9de6ae2d8eb60fe55ab8dd566cf6694fb5c67bd408fe1e3b86c5b43e0d0713bd08ea248498b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD565b3f2df06ab337685ed3fad56560cf1
SHA1a680f868a08712b32f80b94bfcdba9e84b828b36
SHA25633095c248fd88e1f140f3361936b51caf5f3059d8ae28c723a01574e815534da
SHA512e8413dc92ac310b2753bb8ab8e81123345f75de6686615e90885fa0852209c52f98f7ac3f0e69eabe4e5146e57cab19b2ec07d1431e1f04de35a6f442f060af7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD5179e3f6d62d8e99c65c1c82b3c9420cd
SHA17e471974ebe38d9db925b66b618dcea5bd0a9b2f
SHA2560d0cd8475bb1704d03197d164c1892f217c27b535fcf63dfe0489bcad80ec5f9
SHA51248bb65ca7e500e0111e7d194430cc7b911e0c38b6aa2a5553fa7effabeb6955fe0c65b45e1be22e22cfe1860878006431c4c006e6a175c75e2b473b89dca53c8
-
Filesize
153B
MD5b12f2d1baf1286b5948f9a2b007449fd
SHA12dbd647806eee50053103f50534ee55b42ba7cb1
SHA2562897922edfbe123ed3055f2929e1be8d16989b79860768444bbe044d13b5afb3
SHA5126a8d6fa9390ce7df4b2a5b8fc0578eb4ddb04c98f4cec4a0cd88a9c4c53f53825ecead47c2a7f4b4f4f008b0d709e035c771eeafdbbbd578d1fd36873636cef3
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD555aef7db620c4ea1d44213512267d3c4
SHA10b3ee702f8561b13eea2ba9b26d6da414f723896
SHA256947a156aebd0e5427fa043935e5faf0efc790ee52d069cd55af56a8051248713
SHA512e3de7450e6e70ddcbed69147d5df1a9477d04436f75d05c86cb503582ff2a23d614860b1605641796dddac0ffcd965f3cf7399a22a9ffb907db2494f06a47a8f
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD550693ab40c81e753a1dc97a85ed6e4f2
SHA1e6c5522fdd686ba89a758f424759c89ee596a7a2
SHA2561657461f6f69b597ca149a728765f59a44927f1274749f893bc3ee8a0bdadd6d
SHA51292cfa1f26d266167f4f0457c74881cd466c8c2db6a1a84e959189015469825d9ae36a9877eec9a450a1997332614e6192f1cd9851c8a35f5e8147b08fbfbd4b3
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD5538e8ff1a23701ade890229077c84452
SHA1437c2b7b9301f0cde63bef08b6c286fc4ac5f4f5
SHA256492c36613f56abbb374f39445ba9fd9195da1d4aca188fcfc5ebc44cf7f2c104
SHA512ffec15529bd6cf497a7c202d984b5bf7b73efd07bfe3885ba63a20a070529e14caf8e74b6311f9c278a4c59e03e5605f437ae75e4c38d163011aa37fcd52a199
-
Filesize
109KB
MD581a0551f1f6b2f9860417584afd56125
SHA14f804e94f10484ad5ff671da68b5c2e4defc676f
SHA2569d35ea593af3dd6d9d43bd34e75dcf3102e12a9609c34ae393b4fab7751235a4
SHA512a6118487bc928d190ecb128453977f7fec2310047faf39d86b98e6b4c69d0f86ba24fcf25a6a8116a0970748fab2a604d35cca5053f1b0bf5fb087b52dd4506c
-
Filesize
172KB
MD5a4fe41c029b54b5c16c64b07e1d2df68
SHA1835a7bd5878a70105495ca36fe5f4fc890cd591e
SHA256db50ba2e208485cabceac6e2577ea05abf6ebc67dd1a0532cf59a90c01659909
SHA512f921904a12eaa9be923208b961b34a432421ddea760774f85a333d9c970b02107e326784c6c5b9081b7b24cc03d57615051c01e9f21042b6cbe97f0cd5fc0f4f
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD54a3a9dc8f6f41e86e82ec5033f35fb15
SHA1c9a39a2b6bdf8a9c744860222e9959e0c2daad31
SHA25699bbd8e6737cdf1f3c5a201518aab9a6c66fe09ce71c393efe1ff29930daeb1b
SHA512f4f71f11526c9885c98e4fbe59d8f4515d5a386ba008fbcd5578a8e2a4f01aa886c5e9d8066df5700602f7ec5ff7f7ba0efbac7e7b089612592f5816b89bafd0
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD5cd43f10f293437ed98b69feed71d30ef
SHA116c84001f49586daab1eb7042bf2c74755c77183
SHA2569c41c70255e2eb65dd4f0f1d7452da3b621b856bd49aa56f6fe0b0a4ea80fe91
SHA512fef0c266717c493c5132e97976d276b3b101000cc0e1a241045e833c5db1ae99fe4b03c3336873d28e18d378efe3c047c27b0d8ddbb9b536bf9725be4343d1e7
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD50bb6bc70fefb5d6ef27e28664b39b1dd
SHA1511f31e41e564f6220b8a332654010bc96c4d5eb
SHA256d244035662ba0c12d001fbf619bdf30ec4569c264b99e9804e02339942a13ebf
SHA51225362f4a6a0fd36aaaa4e779c8fee68b2c114c96e593f2cf2657531de39362d63730c43678582be05cf3d41b0e6901fe6bb23fce52735f66655f0b1c84ce02df
-
Filesize
21KB
MD567d6e37b1a33b03d5e0b4893170d7d48
SHA1554970b2f6210c132a4035324c1bbac40c1ed85a
SHA256c942243cabb15f135dec5c8468baf537ed02ec022234524e03713565542a82c1
SHA512e98bd5c88092677f55bf740608df236c059c230990ce73ed9f617c13015288d233b703e90a85b63bd965726b0fd23bacd7ac98b6e3bba7498bb54d727b8a68ab
-
Filesize
1KB
MD5ca8959a130e36628f5a9bd1d71c67b65
SHA1ca597387226cfa10dce5265fab22c7e62d02c3b0
SHA2568ba6a0a6a16b22e4cf3fa0363befc223e723699e7b945bf999efeb7d6ecb878f
SHA51291c641ca6a14382cff6449e429e8fde37f9b2ee1c4d208dc32953f65d95bb4629b9789330a8dc06c45c119def23f95e0bdbeb49ce944625619b71e3ef419a3c8
-
Filesize
952B
MD5e4f44cf132f57bd3e6e3b57cc736b653
SHA1e5f6315f593e27da3cae9b0b9f1ecaa67f239a66
SHA25661e30abc4922f85343adba1b6ad2190e2e2c369ddb593c1d80e4ce43ab7879c9
SHA5125a46f1b2e00a61cd9f17255ae04becc7d1e26c11868f747de38e45a367d7b19d96f1b11d90f371bc0b0a6e004f17a86196d5d340aee88fca00ffa76bfb616d14
-
Filesize
121B
MD5ebe871e58c820c1d23088370225564c5
SHA1cf3e179085132fd9c1bd5509bc5c96589a712dcc
SHA256f0778afab13e5c5285d979cc04e47a8c2f7d2eb26e5eb3ceccbcf7a7a87b0ef9
SHA51239c4dd4b386a4d66d0430ffc8a4dd906e853926a21c25e64eb832ab4176eab460f6c9fd71081b98999eb30b8fc47e5f4737d79fcb64e1c4531a74d0618033c11
-
Filesize
1KB
MD589e873281a504e9e5e5ec9c15a1ceb5f
SHA1ddde9e68f814912415f60fb93b4c886f2e9fce39
SHA25622f0c2c8ea21c938555f90f68f58d9b70e26adb5efadc6993920f4c05fc171a4
SHA5122e5fc350aa16f9d7f6a1a013d79cbe30b3b6dc863f5dc2ef9b2dada3584d8df27293d60fafb8daf96766cc2f71dc58fa694d29a7d033bf7f64fe44d09420ab00
-
Filesize
8KB
MD5ac9a7e0507f8b5b6de838da3f1829cd3
SHA1d7e2a592ed862aec8c5c43aacd1ddd10f094079b
SHA256ed9bd05cb2f543d4624b6e23a46137046dbe3af1711d27b595f8bd1c41e12e69
SHA5129afb513cb8b1f1b284b2dc4cda42af3f9c7f602ab525fed2b1c64d961aabe758549696137b9255e0e43d512db7afd1dced9a7fc069b5dc48ab0b164a809e4956
-
Filesize
61B
MD572046d9ce2b319185af8e439624582f6
SHA146fbb2926f66469ae85f39082fb46dc868dbedfb
SHA256fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd
SHA51217724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d
-
Filesize
914B
MD513eaa67f6fbc17a414ad257b1f99b248
SHA19cc5ef9337dda4a5ac22b7ffc6be53eb457d7bd7
SHA2560952ebcac27ed018c65455971732a05631ffb7af4d220baa5f580899ec5c964a
SHA51253233d201035ba24b2226b01af2e6e68d5f2567a3a6c08edfafa5ffb2f5d7b5fd6b992adcf810f6152b7a699cb074b1ce758bf3d75bedc501115c1b4c54a804a
-
Filesize
90B
MD59902de682556bf1f9969a6bb10712254
SHA111bce971681887d596f290b5e1b1547bc16588bc
SHA256d5929cb8fc4dac64f710003ae8cedfe96cab665f38d15abe6994b1b9445fdba3
SHA5125222c176941bd9c23cd49fe6e6b09f33c67d686e0d1fab8c06d50a6e598e108b41bad85c944bf06d71bdaead6c6df058834d1f50585f020fb5eee545b1038dd1
-
Filesize
90B
MD5562427f3ce441108239e60812fbc6949
SHA16faf1ad32d97c283380c2b6b9cd1d268d5f8028d
SHA256c77a62d9ea892ae86f8fbaa4e8bdcfb4c852baacba5abf5dc935b3eb218f79fe
SHA512fe0b477401c7579d8c5b85ce9277a3d777e31672dc69747bb5a2dbc3c6aac4de65e9b230387534f6b703e8af9326100911c9cc3ff269d8c9d15b62117c7d82f7
-
Filesize
328B
MD5b688e4bf9fdc9a675b553128998902fd
SHA14fbc1fc3827fda07a29bb4e3a47399f6665f7ca6
SHA256ec292978854a76fc5254d34aa484b43eac08a68b836a8243fff43c91a43bcf8c
SHA512d2f824b1068d097cd2ff2f5a54070f894de0d96506806006ca290ae5d7b4a6178abf93afa09faebf5cd26312246dc96ee9632820e344de3c9dae9f61e265574b
-
Filesize
1KB
MD5f6a3a9cc5d5104a85177cdc609f6cab3
SHA169d3c95bb41e178b753f9a95c7cb9c499ecfaf8b
SHA256face3139bb8b5dbf4c13e9128a462e2199b16da2c70d13137fd8c4e50b5f8c3f
SHA5124656766e01e07fac455b4ac69d65f52f359c52787443fb8e44573b9bcf064ecd10d9298e7de5039f490ef5caa7d1dcd6940d07d7b097ca4e7df73f09db57cb9c
-
Filesize
162B
MD5179edf0fd944014a91984eb56c66093c
SHA1ca286205381ca13c85c318dfde1916c2242468c6
SHA2561520fc2f604d54e0666cbe4c41b3cf4b427e7651a63e0c1359fb0639b3deaa4f
SHA51298ab0d2b0f347ee8c9a1b58092f3adde7f3486f999c031d2ac225dd2e67f1570273ae554e5311360d6925125b550e78adc4697e621c1d73356e74e2b4862830e
-
Filesize
586B
MD512c78636409db92f39578b0743d69eb8
SHA1ab1a0bbfdf97a61727643847d35a88aaefb8a048
SHA2568842e3e2019c9b95018dc9cc350e9a09b0abeba4805bb63cd869df8b1b7faf8b
SHA5127f70e03f5f37e9c5fca42686f08765b4314ff052219d8be51a6be199cdd0f3a560ef801da5efff3ce20ae02cdcefca16a9263f509755796143471d259e222cbb
-
Filesize
124B
MD51f87ca4c0f92752bd8c75c0ce1033a0a
SHA1a9c7f36dffd34fe4738ec4209124232ad08acf16
SHA2564ec53e7e4f1b50cdd142e7fd1124e5a0d5648750e5674becf072351b7c8f287e
SHA512d472971be12d284210694e585b301027b1bab3cd5bdb5a6213852c7ef5a6a802a320782a73794b27c23fc4ae801a6be4af0f723c2724a6ce7a3756ef9fa9eecc
-
Filesize
8KB
MD58b8d3684466101c4202746d12072ea5a
SHA1f506a750eec30ecc6d9a76d72d2044f35932db97
SHA2560994c4b7314c4978048ec1bff878d311a19a0403322d9cc6640bf038617111e8
SHA51245f1af1ec6c196c92dac90f027d4d27a983385b188fa0039dda482d7292a2cf3a145f4cdd279901e5e220d6a4756331500771db5b567a3f286a9805aa258bd7e
-
Filesize
880B
MD5c14b8498c99bb98f61422f033988c889
SHA11749937a397253e7bceb902a211a1fce841031d2
SHA2562ec3d3675e954c1ede67c6d1a7cb1ab04c73efce9991e52d3c784841ad16cc06
SHA5121a0ffaa94e4a56c8eb89c5ec4dadfb1bad3e0141737b4486f0398b23e476f7ad5ebc61e922096665dff490beaf4be40c552aa92d20a77e33b5110aa0e592d9f6