Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
11-12-2024 11:54
Behavioral task
behavioral1
Sample
e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
-
Size
150KB
-
MD5
e158c8d6310112291938e5c2c181e241
-
SHA1
01c66023ab6aec3cda5143642f3a15077238a8fb
-
SHA256
13c5256b9b7aa3205d3fe9d20ddf964e1a6fcb4d563b0ed1e106be9ce9d8e3dd
-
SHA512
2a0dc4b42368561a407f6a15b892551a68aff77197541e3fcec4ff5d4ffd4a8ff1744326dd6f0f5af2765d44bca581c3632406bed0e076e80108c7b413499d18
-
SSDEEP
1536:AOhiU4NNHgjrqnNqAPRfWmLgpMk9/hOam:R6kjen5JffgpMkx
Malware Config
Signatures
-
Renames multiple (2198) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\FrKnd25wtZe376f.exe" e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\prnep00e.inf_amd64_neutral_edc631ff41a34218\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx003.inf_amd64_neutral_d1510a8315a2ea0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Core_Commands.help.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_neutral_b4e8ccc6ba210e97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky306.inf_amd64_ja-jp_97f0de39317f6837\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnod002.inf_amd64_neutral_a10c656b6c7c053c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\SysWOW64\wbem\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\SysWOW64\winrm\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_profiles.help.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnts002.inf_amd64_neutral_ad2aa922aa11af2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\61883.inf_amd64_neutral_a64d66bac757464c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmbr007.inf_amd64_neutral_91d259640bad7d26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd2.inf_amd64_neutral_9dcd97ab7a913b7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\net1kx64.inf_amd64_neutral_1f62482fbb9e52a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00a.inf_amd64_neutral_d64d696193e69d7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\SysWOW64\nl-NL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_properties.help.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\it-IT\about_BITS_Cmdlets.help.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netxfx64.inf_amd64_neutral_3336ecb2950fdc45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky304.inf_amd64_ja-jp_1b1a158086a263a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\SysWOW64\XPSViewer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00v.inf_amd64_neutral_86ff307c66080d00\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnnr002.inf_amd64_neutral_37896c5e81c8d488\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmarch.inf_amd64_neutral_4261401e3170ebfb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep005.inf_amd64_neutral_f2fbc5759618d8fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky006.inf_amd64_neutral_522043c34551b0c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00b.inf_amd64_neutral_89b555703683b583\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\es-ES\erofflps.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\SysWOW64\IME\imekr8\dicts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00c.inf_amd64_neutral_79ebe29715d2fa47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Foreach.help.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_prompts.help.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_wildcards.help.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmsmart.inf_amd64_neutral_829e8c7d1c8d5207\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\windowssideshowenhanceddriver.inf_amd64_neutral_184a2ef2a8f57c33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-RasConnectionManager\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnin004.inf_amd64_neutral_c8902ae660ab1360\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_aliases.help.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_WS-Management_Cmdlets.help.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions.help.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\termmou.inf_amd64_neutral_207a02df8e9e6552\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\PostMigRes\data\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\SysWOW64\hr-HR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote.help.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\megasas2.inf_amd64_neutral_599d713507780ed4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_preference_variables.help.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_4c56d83f6e4d75b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IasServer-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_History.help.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00d.inf_amd64_neutral_0600b2ba575729f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\vsmraid.inf_amd64_neutral_be11b7aaa746e92d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wave.inf_amd64_neutral_7a0a0b166f55e1aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_split.help.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00z.inf_amd64_neutral_aea50acf04a2db1d\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\SysWOW64\WCN\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\STOPICON.JPG e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_rest.png e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\mn.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Photo Viewer\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\nl.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\2.png e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02746U.BMP e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\clock.html e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Program Files\Windows Journal\Templates\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\hy.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\settings.html e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_disabled.png e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\background.gif e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\triangle.png e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\NETWORK\PREVIEW.GIF e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01332U.BMP e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Program Files (x86)\Windows NT\TableTextService\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_s.png e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\logo.png e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_right.png e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\flyout.html e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\18.png e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_windy.png e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Program Files\Windows Journal\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Program Files\Mozilla Firefox\browser\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider.png e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR29F.GIF e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21422_.GIF e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\TAB_OFF.GIF e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0227558.JPG e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\es.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\x86_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_73db80f37a680574\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..nter-core.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cf59f3edd63382a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework\v3.5\SQL\EN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-deviceux.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cb3c621ec6fe245a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..ultimatee.resources_31bf3856ad364e35_6.1.7601.17514_es-es_4c2d6a53da48c549\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ntfs.resources_31bf3856ad364e35_6.1.7600.16385_en-us_40a72e2477e646bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_hash_tables.help.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-itvdata_31bf3856ad364e35_6.1.7601.17514_none_9d713d0f6f511c88\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a644c2d1bf9c0b5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\msil_microsoft.visualbas..atibility.resources_b03f5f7f11d50a3a_6.1.7600.16385_it-it_3f448933231a51cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-p..ginworker.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0a0533810e792a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..s-mdac-odbcconf-rsp_31bf3856ad364e35_6.1.7600.16385_none_0a9d756e55383558\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.1.7600.16385_none_458b87598810c725\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-e..ehprivjob.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_955baf9439a9939b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..c-results.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b0ce4b29609a6061\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_7.5.7601.17514_fr-fr_cbad5e1a9ce84393\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_zh-hk_e44a5bf35c1f91f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-ehstor-api.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7e8a29ed31c37e1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-f..acefilter.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a0c780b4f14072da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..gbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8f4e41fd5a0fa4e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-keyiso.resources_31bf3856ad364e35_6.1.7600.16385_es-es_664b4fcc8de8ab6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-simpletcp.resources_31bf3856ad364e35_6.1.7600.16385_de-de_205d87d632734790\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnca00e.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_19c79726da2703f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\b0d0daea6a1d9a111a0f33a9a868bcf7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-bootconfig.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ad841445a75b5b07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..ntconsole.resources_31bf3856ad364e35_6.1.7600.16385_it-it_780d6b9909803275\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-msdt-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ab16795897e3edc4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-i..favorites.resources_31bf3856ad364e35_8.0.7600.16385_en-us_ab8ddd153cf1aebc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..mponents-jetintlerr_31bf3856ad364e35_6.1.7600.16385_none_0f472a3521bdcfd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-at.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5e89a9560e753fba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_cs-cz_a35fc48705a8fe1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-n..n_service_migplugin_31bf3856ad364e35_6.1.7600.16385_none_ba4380f063fe255f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-rpc-locator_31bf3856ad364e35_6.1.7600.16385_none_2b2984d40648fbe7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_server-help-chm.scanmanagement.resources_31bf3856ad364e35_6.1.7601.17514_de-de_12b865f7f31eeb72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\combo-hover-left.png e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-rasifmon.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3960b5adc43a2c53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..omruntime.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d34c35a4011917e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\msil_microsoft.security...t.cmdlets.resources_31bf3856ad364e35_6.1.7600.16385_de-de_22ed2f326f533b67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7601.17514_en-us_cd970b6106ea9e70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..andgroups.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6f943318b95031c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.1.7601.17514_de-de_63129b2cc0866f12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-spp-main_31bf3856ad364e35_6.1.7601.17514_none_e64e60ad0b1ee918\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3329f3d4ebd5fc04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..ration-ui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_161fe1a0b6aae7b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..onmanager.resources_31bf3856ad364e35_6.1.7601.17514_it-it_8772e505262292b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0e4f12fdadcad992\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..dlinetool.resources_31bf3856ad364e35_6.1.7600.16385_es-es_059f0642d7c8765f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell\1.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..ion-video.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a8abc8dbd31c51ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_it-it_32d323ec6e85d609\picturePuzzle.html e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..-logagent.resources_31bf3856ad364e35_6.1.7600.16385_en-us_83050635ef4b42ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_bda.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_906a43fee8d8369b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_hpoa1nd.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0dc9aa3c31e4a394\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-a..wdm-audio.resources_31bf3856ad364e35_6.1.7600.16385_de-de_23b7f4f32cad8a6c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_it-it_020311c19a38c0a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-azman_31bf3856ad364e35_6.1.7601.17514_none_585e832110fb75a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-imageres.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7a6c8b69bbb7da85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_6fb51b358e21d75f\split.avi e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\msil_microsoft.wsman.management.resources_31bf3856ad364e35_6.1.7600.16385_de-de_819e49b114759ef8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f6d000b8d3c30c6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe File opened for modification C:\Windows\Media\Raga\Windows Error.wav e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\FrKnd25wtZe376f.exe,0" e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\shell\open\command e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\shell e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\shell\open e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.HeLLo e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.HeLLo\ = "OFMRCZMFSQNPPAW" e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\DefaultIcon e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\FrKnd25wtZe376f.exe" e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\ = "CRYPTED!" e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2128
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
877B
MD50c613e5f0ec9297c30b52ba47e404037
SHA10e8c8eb51ccadaeb22a2f0293ce7ecc4cfc7944e
SHA256238b7b0da737ce27bb29b33a6e2d36cdabc2fc9530164ceba5c05a5c5bbccadd
SHA512b2f159ac2dea16b81dde540442f454f053c13b6a02640f780008616806cdb71732fc9fef333d9bc4643ef43334ab8469da576fb78fb18ba18f87e6dfccb7aac8
-
Filesize
341B
MD5833d50a642354ac547d3b56efc95e890
SHA196ebd8161a241ad1219135b695eb08d67e9bd0e1
SHA256faa98b1c116683b5846a55086c94627c9661dfe7f0eb8264da99edfe64806f75
SHA512765eb12e21340108500aca98e07cbf07aa0df6033fad2eb74b7776a83e85e9e671b7ab6a2f57d9e15d3ae3de97d7a0c019fcd5234b916ab376613e8a3eeb7193
-
Filesize
222B
MD5440ee1f42172f3d1a6e453739ee9bf74
SHA138e423eb05e129a179640727a93adbc9d0beccae
SHA256697817452feabd1ae8f2ab1614ddb95815df9f559f9e3ac21c6e3c18d7718794
SHA512208ece4fb7582ec10b7d4c8ab4d3763b2017300d69eee4d13a46ab0a8c945b0256c1e30d8f95e7c0434890430cc88c668556115267bd350b491500d1580b5b18
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD568b73dafafa2c37502058d58e74f20ba
SHA17a2dc9aad138980575418a060cc993988d549249
SHA256ff8efc96fd40a1a105ad6d25b8b6c2a8ff9b8afbb8bfd7693e78ea668bc872cf
SHA512a59931f83f8dcf5cb53489b6b603ade1da64a8c1af53c2c704f0553862231f494d035cf14ad0bf8e6f6436b1cf97b7bd2b3172d323bf4bce7ca77881fee10e18
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD57b774f8d73660a9d3296cbfaf3182da0
SHA10f663b62c4bcc420726d373c6750cd9b0ead2c18
SHA2561f0c3eca13556d3bc7c258458e3e2c6f61ec4de4517189ba4a88994b4c08debb
SHA512f142c0c560b90e5dca82f2a874627f1bf55ea97887dfa2cf998e3c354701a86701750b14ff28fd23459d96b113bd9352276ebeb52e34a803c60351210728341e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD583303eede475c2fe9c01f56efa608e1c
SHA10393faf246f1507114934679441122f3536aa95c
SHA256e8ec8e390bf89ed930d23d33c0b634b16408806f90a9b45b22cc9abe6946f792
SHA51271f973b655145b248ec6b001c1cd0b6d71590bf5a0bc2f67575e1c02a79088a226fe978fd4f8a6f19a038b25e9ac26edcba32fd32764473cd5adcbb82c97d8a4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5adbfea2e1e25c10a96b87fcf8fd4a605
SHA1439b5e97bc061c26af7e7166c58cc05820e19054
SHA256ae00a7ecf95b25bb3397520b8c0acdba000261225fa340bee194ac39028abb0c
SHA512b74b96a8dfc759475475c12447c3697268a77a1c9cedf8ff0c963eefcc77b5ba33bfb1a02b082c21d2543d85933f19e55b13381c72a05cf69ce208a308aa65ae
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD59bac9fc8119ba3e72b2e2fd5600f6ccc
SHA1518658565601233a984d97c202c2748e0842c0c9
SHA256acc2fc74108d01110353c7e884bf5635b0e22c47d51b36ff2ec040fad58d7a20
SHA512987482e17e391e49305effdb8a169ccfc1a48ad4f74f743ec90e0a557d93ac32cdb3392d2c6a52489cbd1b7662ec95333b6234bebb59bf1ff9c8dff2961620a4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD5f08751d240fc12fd66093bb3f2d6221b
SHA1a1b1157e7db18baa12313c25c3e6d7159d632e6d
SHA256d702bfcc0b717c672c16612436ea21d62370a995030eaa0a59787937da0d889a
SHA512c93c8f40edba5e6a94e514641a0315daeda7deb3acb3fdca48a455a6a78308d03fd57a9e7c12891bc70a09dfbc7ab58081fa5042b8a88d0f91a8bd508dae5434
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD5b6308f4efed52b669922d48cb2d69e45
SHA1c328bf4d5c63c3f5d2df227c8c8c3175c7fbb0a8
SHA256834246a50e4061f335c8acd2a32dee0267649f6200826c2fd8f8e89ceeb236d0
SHA51248715a3c52e12a7558f95dca79ce80733f6fd0761353e124ae73652594f1d2a4d45a8391ef7b4e09408c3a3dd12a9a0efee86b8efbce19eee8557eca838c02b5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD563ac7dcab032e4a3a9891601b9ab6445
SHA1f42e3e7b9378696de57d87d68c184c84551c855a
SHA256b9741faebca2cfa0b5d63823d15e624698a34cb98689bd4ec4fb279402529ae1
SHA51276d47b49c2663a6cb16033d1dd9c7a4d3bbfa017df9b4dba1c1d0f2f2a802bc01cc3091c71bbb8cde9e6aec81a22c3e0ec9fd95a99ff70aab2aa78f23bd4df87
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD5b68500db9ea87b7b4e77a6a1d239c124
SHA19ed71d83b957847da2cec8716759cf273f4c05f7
SHA256f6f32b8588ef3e19090c57e837a667c091c18400197c3c229d4973ccd61e4942
SHA5128f758274cfeee17ee20c602d59b0aca99d1f549a036389662cf186012ee18e0424d6b025a96177d44100c8f070031bfda7c1558e6d5aed92e9c7c17b3e69fe7e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD534785aa13044d31e3d24f27f7502571f
SHA1e81b5a9dd0a828844d1fcadd94e7d18811498e21
SHA25624089b946e7a9d2ee3e7b9cc4a526e317b8429fba9a3b57da77d3adaf0875c0a
SHA512f496f12b1a400797491a810938fc4a87c9db9ce8ef0029a9db903f010f88f4269217940a52fda28ce1c784642da634a755371a6deb70104cfdce4f1c4165e6a1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD55a006edfe068f8de2525e9143827f4c4
SHA1c975e4769b2170c2e970f3cc72eb9fe281d72c24
SHA2564e160baf1a3c114fad3f713a2ffabb566ecf6ab70dd4a320e95b4a1b715cd6f6
SHA5124c93cd6293e56b670b9ccde58e13055fbc9887dbffc3e67fe5c510cb556f2e277f1c75d2151ce4ff2aed78c6a20378825ba73e1c6a5ac6d86fd34dcc34960549
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD5165d3d9390a1b77321e3065b926c193c
SHA1428763560708e5c025d9c8fccdab8a1d9ff11e21
SHA2569f488cf72678c5740d5948317cde82c417c6b10a2cfc560a4cc7371349391913
SHA5129314636beb0be2c35a4b1ffcbf35bdc7c1bf84c73f3e02d9f8187d982d3756281e96a002829f39ae3e522542e317ec487d4baa952c68f91464c71d850baa0ca7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD571491c1f0e3e895172bfaa5bf4003ebf
SHA1360401d80d0cecc08ac3df29d6ef80bff91dd45e
SHA25633368741f4f60aa4c44c718ef74726f2c328daf1b3abd0845016cc284e964b2d
SHA5127841f4bbb641d5b73a0944317a02dba5c876702ee927479877b775e2f0e9470a0114eb22017328a077c4ecb440d7b2d2fec301cf258b978947176dd9fb7474b8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD52abdcc494bdc90885f80d910261c8d30
SHA13ae543045cbef97ade57e433784f7d8520d45cfe
SHA2560c7a824255fb44376dcda2f73df57f36c4d632ba7cb5038d35085e32360cc931
SHA512cebe65fdd4530070455181bc7956b1e85e51f06e69619ae2ba282a5533d4bf69fa1cb2d77e506b9e5314591e42a36424dcb19a56d64a69841556f3ad5c8b6612
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD543c06d2637312c4f6a402f142f006cec
SHA1618085150b872106ad51a12a026258c08e180538
SHA256b062075e116a1cdabbf0115f03cabf28912dd2f67cb2732e854ffc2281fa1851
SHA512d9656f23e20166edd9edbee5a442006348982ee6d1f0fb608ab9d0a33e504fbbdfddd2069c2143c0ae6b188fecc3215d521fab9f4829567d6ce2fd0443eb5f39
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD5198dc941e083751b0248e39a310c7159
SHA1bb76ae37a5781f40a9932e88119ad16ad44d4337
SHA2563854639b0434ced5245b15ee8e082ef442ea8cce61c7cd9ac34affbc241f0215
SHA5125233325d9467eb782db0c54a94162d107c77c384172a39847ac092e0c875bd81745985c03bdd4e369abb0a7b2436d6b58aa68d3fba7a4459b5ed52a6d486d596
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD58245b5fd52f404e671b8d0171ff24236
SHA1d243817e20a1ab273861e03c73dc1a4bca1a0e95
SHA256c98224a53114c87483052b6b03e4090094730285e4d391dc8cc551f24b57e887
SHA5122e27c42fb532f6be53d23d51949249b2f0eff23f732f515fc905e424e6746ef3a15e106b355b92f34d6c4d4424a8c9d2898a22402055e44b98764cf74bac06d3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD57ee6c72ea72d2dc06063becc3c3f55b6
SHA1539e534c48c8359784288d5bebbce429fe8810f5
SHA256033ae8abd22403031eff1a138aa2db28f2db81f42685dd790439b1828ffe9613
SHA512b7f522f3a03da988bd657cd74abe1c5d0d2c6935d52e401c439cbce395b2c36c78288abd91a1d45570341f02eeccbdf4815cd3bfda623a185221917cd5f75b36
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD5ef8643a4e69fd00c1e20c9a9d40c4518
SHA1c2f57079b02ae8d82a51ce3b4000443b5b3b4bf1
SHA256d0acf62f68aa69d473476a564bdcedcd74a9c9d0313f2ee86bea60be5e99ff3f
SHA512d39ea024c374395e0b3b8df70da089803c69ecf375fb8bd7365711523dc7c1c4958cdce2ebee736a9e7d05171d00c2d7a00db29ea877204c2ae559b7d767e979
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD54e4430bc303e86be5e5fa6a4754cd57a
SHA1fab084df6a93d9de5bc195cae1a675f43c87aaf0
SHA2563cbf8dded2c4f4592a6273ee061811bf56a6490d285fa9282a62fceeb5670e03
SHA512112322280c24878b979bf13fd0dabffe4713c9225810e4d73bd92a1585775c310849946fa1243883ad3dbc0ba3b203e4c2045028a64d0b6cee72fc20b19c6b8f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD530a549859e342a710fa9f3acbd9589cb
SHA166f2abfc805fe1235b575b5142e8fc9d39f558b0
SHA256a387d8240a0d7529582c35b38103baa02a948dba3cbbbf466f3d8316ef1eea48
SHA5121ff795f8bb8db2911b5f410827ae6d18156ddf02ac9bcef9671eb733bb7873dd9ad943e0e0edcce7546e34d98bacc835ba925061216c302c1786ea06af992982
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD598404dedb48e1df95fe7213e60a25f7d
SHA115d4b3a83fb551130534abf9b5437d2c116b5f9b
SHA256182a492c5d9f00639da3115f4d6b39bdd3869f374985f15e5084d9471c34f5cf
SHA5126e9df2b526e3a87602dfba1786bdf8d2793cb515dab46cc05c5f0cda202f1dd0d40d7f471a7344ec636f628417bb9e528f5517470432cdd97c20e6016a77e604
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD50e8a5409246d40268d19d296d3403477
SHA18cc3b4ac3a63bfcea1e7530a42af9610a0523606
SHA256413a5e54771dbbf6e2d0b0facc64ae9839d2101e2e82e722459af9537993c2fc
SHA5121c67f3f7d5fd89d3d8bd441834e70dcc4543e863c68677b0c87180b01c00288784ba43280ef54efc3ed04bebc232c7495422e3a0ca345b836c53b3493cfa2ea2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD50c8ca40ffa487a3c1a6d21f44c7e0bd5
SHA130bd8a1fbf5364f37abb72fa3f2176b6f6258605
SHA256d1fa9bbd0c928ae35b0aed10c79c5d832c151ddaa2c2719a6a80d54f0d1993e4
SHA5129c1e7e41063be5a74b6c8c7258a3171149684309cd8d40f4cabc23621ceb1f9cff977b7349eed81e1c590af594795b064b6a3b422111e50a9fd82288596ce537
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD55b50b2834fca30b30ab11cf56e282eea
SHA1d4241e77e009f60642e7aa9a9f9c1e1f7b649e7e
SHA25664ac16817672c966fbe66f42986d80a56fa7961c85e7f24a50e853d82ce528b0
SHA51251028a6ca3e11f65baeb60112dbc0e67af4a764c485b7ca5564506391decdea3b75cd26288b8ddf7c57518f8cf8f9287d209da592fbe9a93bcb1d695fa5361ba
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD53d37413601d4eb027991a8f14bb34a56
SHA18262867f08640e26cb2399eeed7ce42faeef97dd
SHA25667b1ea259d5f7e0fd02904ebeb1928ce4c30de03b7e1d2f1f5a5074270befdfb
SHA512b0e937a4ceca5c88555a1ff969dfe58cd8694d6eaea7e339ba2997f003919515253c7912c7844dbb5a7a39a408fd5b7176d1513336324a14399c2be4bcecf9c8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD563570cf06e2a967bdca4ab8a9f8d3ef1
SHA106bcc5c57723536c2a1c6c5e48cbd05e27e4c535
SHA2561a0ff6b5db27614896c9b3d6329334e6f6e7e71937da1a23c8cb49b24a0182d0
SHA512c7e2f9fea2a8975e3f9151c5800d842aa747f961ae2ab69e910a6cae4a97f61bba2047532a8ae3df1b54a541c352bd3177d6b149bdfca68e15d3746aae969d30
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD5fbe831ff9574121456885b334d93ab4d
SHA17eaab371264e81953d7bcd5d2a1617dfe23794da
SHA2566f97aa168afbe750893655d80b161c39e01d548e34cd74cb8606a0de41274f18
SHA512bc0c71d79ad94cf4cd58a2c7fc94dcf377d99d50e6ea242992ab3952a4345ca5ffba7f6b6ea2c1a65b6954573ea06ea0e56882c0f52b581842757bbf638cbf2e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD50827a9667f4182657d0ca5f00dd1972f
SHA1b8109860286cadd6dc8b6a2aec1a1067a26192d1
SHA256bb0f324f87800395f0e437b9e85ef8862d7d5ad480914f1228804ebba7bb3712
SHA51206060d7c04f58532d14c7eb45d133f1ccc2c64619868fc6e753b53f34ed3ec0fc0f0e48e4837a89c2939fce903e61f331dfa7f1a8b395e23dad3428f4971845a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD524c6eb0b80679580fa6ff59bb2b25f9a
SHA1d19c2d6d7951774f6f758de0a770b9a995f8c084
SHA256edb9f46c7866be3b5113289389d25536de4c5bed4bf159aec4706656fc22fb05
SHA512b83a54a4f25430e99d0bce12dd553534f364663caec72fc34d62fce40fcfa0f35e3224cbbfc4ce51b45ef33ca29692f7daea3fd837f033698b2dbd79cd44017a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD5cac922511666504762f1313d92c298f5
SHA19bcfc5ea8adf091b0dfd96306528fad75e67ae07
SHA2569babe6820d105e22cca4addc9d6488743e4ecf3d580052b3c52045b4c70a4620
SHA5125e1df760d2d9bff0dc06ea0c35ec79d3a82ded246a42384e47756fb1788bb4381347196b962dfa9d25f1cd77d959b67f8401edd8e8aaa836ca8d5123cc45634f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD57f27da30d9d8c4eaaa6d756c1c6b08a6
SHA1414270d8b80c77f22adbb66e63b7131375add621
SHA256b61079c8ac73dcbd97a9b61f85bf74b531502a3f514aa44d848dfe6a532e3d2a
SHA512441de0e8962626dbdf14f37aec7296253132823d7f7c465d2a13d5d37cb30d33547b3af125d6970d78477c48a5b149728e4c894995a90a26bdb4de8a797cb52b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD5d6612864fe973a4c6c35446e2205c685
SHA1293d6b6e2fc8ba0f05cfef1042be7cde92d30dca
SHA256d4c02dfb61f2aadf30c5f59d341ab874ba4a24d53a19b4fe3dc138181427d2a8
SHA512fb774462b97031db6d4a16488c25925bcd56c147abc4e0bcb84f0818bee9f83444702c09f7c0343604764918e57dd3272e3849f9945bf0b381a3f74324542603
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD5014000de6564570110781f5472aa61dc
SHA114c5db2b3a0a5697f53ca0b3fa591e4e21ff04d3
SHA2560a1fa0cf98193ce126645400f5be6f508ae664e5ba85d33b7642fe01f6a11636
SHA5122dd6db4a9a841f25506c81437e21e463244c5bad56982d62f35ef50f8875b6da3d509adee024f5514ece5fd60c21718595f14ad33ad6f886760b1a9179cce503
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD542c619dbfaf7a841daa153d54c15328a
SHA194510778092a380467b0958d7412e67c7305bb21
SHA2564a1c4390f15b2f67c5f84b3b30afb17a800ac1666c83f9ba18e34f7878654a8d
SHA512d37da277fdc9821d930145b87e72af3f55326ccad963a663135bd51055200039dab4b74153b75328e7f5c9eaded1a6a37286e79bc579a539b740748a0e60a69f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD503e8d345cbbe4be0a3200bdcc9d789f2
SHA115b66f21a1474162c52961b56afa53e9b40f0ede
SHA25654edb0b1104e2f74243b7982eca0167f28475e95db4525f1ed40af239d2c933a
SHA5125e7fa22ae8f7d2ca5cd989d6a73d5b6ba6a4408cdefa81ff97d887c968b614dd430098f5ff75b4d9b172d798bbdc5c654b770b17598abbd865def12549421677
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD586c1e40d38050c80d6f51da583d5de08
SHA10a60c9ebd8f550202b2273183ed29d211bd6599e
SHA256061189a7569843d2668f12021292f567b69c453a1e07dfbb54ec6b8831ed3e89
SHA5122ee092311a0461edfa749ad229134fd267b768fdc4210d8c051f79161e544566b423106cf4a142da953672968909ed37699535333e1257ae0d17b1b0c89583e8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD553a8ec7c718c4e0031c86b2ca41ad990
SHA14617877323a0001ca7eed81a561412b0cb632b6f
SHA256422671f15b3d4e6e22d6722f6d86aca1dabe66bc77954f53dbc70c8388f491c4
SHA512a318917d84d419539f01c41d8834fb0d848589fac9e724e118f41c83db5829e3646359206485d6270af8d501c62434ae9706616bce0ee41a62613a2812c26334
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD5829d71a4f3fac0e35e13542557b1c0e9
SHA1ec2e4527edb6c25c141f82890484cbba11c8b61a
SHA256b043bee1925982ff4eeb2786c04f9d2bd997066609e163072b19becc0ba431b8
SHA51217570b994bd7fe9934c73dfc3b9957ea81acb110ff88ffed46fd23f9bcfd099f12f5ff6bd6deec50676fe54c14438ce6465afb9496fd2c436ed6f1fb06e7cc54
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD5dc317073c50772bcbde9e57335181e6f
SHA1eb7c79df8f6e211b7d971e9a88a858591d03feb9
SHA2566fee17d8a76011a3723724df2d3f4651d87a3cb98da6515f03dc337d36561caf
SHA5124958d8f5073f3d4b12f7d7a06e471da676849887b4d0877fd2fc0efc8f55f175f3295475d998a7d26e2395070fb400972eccf0c3d66aba374da4c4858d922c5d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD5e8c3e07b4739fddc30aceb87d52f1dca
SHA11af1ea7e0d4e0f65fd47a7a3a9b83283aaff4eea
SHA25643a2b6cf36a44196a27620f1750c263959bf64b183f4bc720b28f937ec342a1e
SHA512c0486c45333021bce8a2939b005dff7796f48791ad477b089982c0be3dfd8bbe3798efa504618d1da522adedb649ac504fc376ba3f69d42c52df8bf30a30d68c
-
Filesize
580B
MD54ae6d37e8a773c0cf1c4df9d054a3faa
SHA183562216868321eb7a6d0b6bac6905f0b364da76
SHA256b638e9ec6e65a09c687c631a39227c3e853cfed86be02ae8e64396f8df22ed59
SHA512a3d2eeec4f37e334cbcfbcd71bc6c5c6c6eff2d16d97816f325c152e67a2fb1e86b66a16b9962bd1f3b4b47b67b37d25584ed2c9f42143e7271350e62c82cf2f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD52ebcd3cede725d451d5bb32ea94426b0
SHA1d014fbc534537d33c6f15ea7041338eb9d30779d
SHA2567dbe8cdd5a6743762828ce9a6d2ea8c8bd04ce96f27a69b469a313d306e9eabc
SHA5124727a048d288fb4bc80f567dc48c7da109ab2baa058da1614ef968d9141ea82bd605cf795d3c2a0141ebee957bf44008700425377ee59bac52e8d8ffc24a915e
-
Filesize
625B
MD5ab59f3113146bbd6f6c6a024ceec96a3
SHA174a891513222bae339a32f98a58c869257b316d1
SHA25639c683a05a23825bd5054e1c852733cfe727737c1f1bcab120b80183f0caf5f6
SHA512683d635227faaa4947be6c065f8f37b61f0a8013ae4ec479fae228f5bce580654e83ab96bba066cd8be7f09bab87d4089498b3e2c97aafe27aad454731f17dfb
-
Filesize
873B
MD5a062c3fbf5eb2f116db3419a62d1523d
SHA182c95341d11765cff3e26a506c3eb1be60832051
SHA2562ad908461345675a4837011b252cab612a98d8e49575ccd3bb431e7f4100a78c
SHA512d72b29bb21c5c6b7b63bebed1f5269a736985adf4a74feac7c5418c8c01242d19099bcc67f4d94b981424ae1667f1dd0674dbb2ccbe4504c16313371085d0437
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD59fab3a003e68341b4996d029d7ce2476
SHA19fe636a62cb941321d68ba87af772e6273e74195
SHA2563c4cff14ac4cfc6d98f3a6161d8fc6b45273152096f5b37ef1dba58cec3b8395
SHA51251abeaf221d8630932d3585fe7290eab6413b5a3e2efcdfd85d6967ebc5a9ad2559fa3b74e71078ede33a38e69468b15f737777835ae6d4052c83b04affa5204
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD5ec02cbfa2f08b458daccc27bcd26168d
SHA1da23c0b6df66e82c5a1af95121f2d9662c3d8233
SHA256bf3bc794ab7c65a75103d1c818105a97bc8d50ddb99ce41c42fc8867d3d8589d
SHA51254663129f84fddf636948b41e8798d9ec90865141fd629f8bf2edea630728912bda0a298e838925e4e7734347d44a2d5be135f63e7957bf849374f4331ff65d9
-
Filesize
615B
MD59d4ed35f4b59e00ba1f37fa140c5a0e7
SHA139b1722aa7c60e4fb7aa2778262db6db21073bd8
SHA25646eed78cf0a2d38267a1e49864ce30fb47937eec766b94bff1513e66a33ea5e1
SHA5127b73d2dc88a28cab9b091183658b5be4a6d8170031c85af74759233a5111057674feb43f7de1e50e5473b759b890bdffa5223357064659253f111db50a654ed0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD5441eaa991d439bc47feabfa15cd37d3e
SHA1195ab911c9d2c003e89263a87c486d257bf5b7e1
SHA2561649555773324fafe502b44e37e21e3b4fded2aba35372d7fbf71f006b108bef
SHA5125f30697f8fa57c2f6dc730e191d1fa13bfee867ad09ee5fdb982ffcfc9ea215c055c3e129de5d07c1a29dfa27ddf2294e595c76ed51fc19868f89b366eb3734a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD597b92d6f3bda9d7fb192761f0414f775
SHA1f6b315c6715a2edff49adb3ecd3d1574373867da
SHA256afa34fab7fa836770ab2ea235de3b3a23a50a97fcec700637809be736666c3da
SHA512c453ca045c6008b6cc6d9adcff43bbe3297c238bc9d940d866e99eae16ecfd73caa67c0ea4d2aa0c9cf5e0c49f366841fce4c961cb2abce56c4cec34ad406598
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD5e7c23bb115e8a7d6380b366fa3ed481b
SHA12de85b26cb0063bd1ca5f8b71933c33f3351b445
SHA25613a62769c2866b46876118f44da834cedb70aadb67cb961118a9aac899d12652
SHA51260df6fe939ad50ec4163f1dba0f14aa98dd0edd90e264e548ae957b0816b8d79b43ee82033df6456c0038424741c84f45b70e8b171413cb1d88cc05a09dd6b32
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD5494a7c246a85dbe56d5b09a7634c6dfb
SHA19f8836fce3344fbc85417f4f6042b390eaedb100
SHA256eb4cada7e35d6b430c9767572c6335031fee35f9e9baaa9b8d72bc7178ec230d
SHA512d65d05a5bdf3a31985249275772464bf99754b02efa4f904a74781e3f39864bf74d9d9ab7a5d45fe2ced57d6d9dd223bd8c7762954102905a1e99c1da30ea21e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD56bfcd258f2567474d02f3af24f313fd1
SHA1a1ea2ee1271fb36610010cfc1f5cefe8dd7a4066
SHA256eef5ad424548ea7cc981685201d7b2f96912ea0c749909e4db80f323a42b602e
SHA512228b61e9c9594455191859c001b07219a857755788cff5289dd5a9424df1cd32774d070ad7652a89570083ae73d2a615b5e20688713384772c061101546aa920
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD577e6742de20f6eb8e073452046757686
SHA19efc39dacd518fddb90eca593bde4038fd981a3c
SHA2567163882e29d81113940db340d0b5b227ed1e759ace08c514d7ff3aabb56c668b
SHA512820a9e2b185b27e20b56d7527334e59af64d802665bd405dc7acef623b77cef3176bd4181131355043a1c429dcbf659301960fcb3d4944c6812e44c1cadafaf8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD5f5aa66163ce95a11ed13dde3d11ad9ab
SHA1a3d0fb7fb1a6074880070263774483fed837acc4
SHA25657ea588eefd7de6931703a4d4f8f443f6c273ace3901430daafa443152ef387d
SHA512dd1ee0400ce257113bb36d5f3b62bc67d211f86aa1e0acdacf625053db9b8161c4bb3f9627c291121067a0c431b8385c9d30264c278001df689cfcae5625d09f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD5bbb753d9704ef5768e4d474706f7e4e2
SHA10b9a24afb7d97e45389ef0b5c01b3ffb8d18597f
SHA25631fc63482ed97f738905c0d7db30f1fe7fb2986d85d8ca157ecc50b63baaec34
SHA512f32d7053540cdcb8db2d63bde025650833113982b88575936573320dc8728d594ed9a2a05be67bea425671f7b77b4fc4d6076c8c98c77520ab2f1de7ac5fb51e
-
Filesize
153B
MD5d1adc0613648be971e9e3de20bc6ae31
SHA12e85f8642a49f43f47b529a802c254bfcf6d9c65
SHA2563253cb5ffe2446c028a71adbc9ef727ed0637ce4406c1f4b79cd9b6944f4ad05
SHA51249c71f05c24353fef1093f1005cd4dfc3a930ab0f6f983f43c5d46f7b6ce1e27dc4bbcbaec80ec00e25d059a2a5d4ecaa773e3b46cfdfc593ca69aafed5026f3
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD56e3a947fcb397d71d2b7c1f62e1b0606
SHA1b86b5f63f6e981594db51204d1ed66c6054a1899
SHA2564f16c3fecc0bd58621ca160b7d9714ae1cd0e13f7fe23b831f2cbc55c2f63693
SHA5120d89b64ddb9ebe10afec97b28feb08cda25c12a5e559e9a417ae0398311aa16e445e620f30b519f386d113131c0784af383c173ddf7a7e8589a2b28d344aa02c
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD50ffe785ef47219ea488acc96cf0a01f4
SHA136ede14254a0f1670de82d1dbf74f1e574b774eb
SHA2562a9405747de02799bc028fca1f1fbb932cda09b69bc47dda2332f35f0dc0e3a6
SHA5124a2bcca06e18cc770ad3609413c3c8bc3a1e238728576012903ae842c567d77dabe713592f7d4b232b7057942469385e1ab361cf024616ffa659ab79da2e2942
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD56d60ada1ad14784ce054370e948f3c21
SHA141c2fd90344705192f0d8b333e1c42627c7c68d2
SHA25684c049bd6bcb4b21fb7ca10a6b916dc842d8d29d3fe0315938e56878acec8cc5
SHA5123bd8f8525e0f9ac0be1086b46a7f812c4f7f341111928dbc803e0aefede31bb1d8d8759a66a8a601cf3dc80ba86451604a025806481c54f8da57b1d4451bf3f0
-
Filesize
109KB
MD5af60687e91c37e978b42031d354350ca
SHA18daa118081d1c01af1c0f2a23058336466098768
SHA2566a42976df568ccedd9f75808f610aa2eda00f87785374ff9062477e3dcf56818
SHA5123869a2835954a046cba8f0a67c3dba9a3ae08f95467e0b3fa04084e36e3b4e39025c82e4432b58abaee2dc4b183eac9e45807b39293e9890707f7a7445832075
-
Filesize
172KB
MD5d7d6f1bad6d8f6a60e2cdb90c745b81f
SHA1d8ed20bb7e8577922b92e86d909cd2354c2cd1db
SHA256325d974b07a4b947589247bc01f3702b199f410b9f5da4158b96718e547e09cf
SHA5128d63337ff4319f61847b6607e64312c0ef0d34ca35f55db81a4ffcf7d8773722d9d30dc67c815c966ad5a8a3691489e5d6f8a4612e683e056741068a8ed52075
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD57569d657196c4e1e871ca6f8886b5698
SHA18df1799c42c632393c269e57bd697d55c08f1168
SHA256f01a930ef29a9b0f72baa3a6080881d5b54c84c5585b1dc18af106c0aedf2488
SHA512fbc688fc3c9e415bccf4ea57a754da843a6d93635eebffcb3b243a67e5d5b7478294970f06fe15ca4a04088fd1b99811d848ac45a22148f2ef11cad7816bc2b0
-
Filesize
21KB
MD552e9192fcdbb10961cc22368bba35ddf
SHA13fd4d69fb32ebf2aab0491a264fb0e89eec89717
SHA256c5de11cf382ba7c51b54bd201e682ff81027bf84ae7548eba1d0abf8778d011b
SHA512ef43b100b24177f4e2f5b3a672facf213f12c3adfbf16a2cafb6a86608a93b95bc16f62ef4f02a99be6fb7a92562d5a93f7cac0ae916bf1afdad4ebd2ed8e124
-
Filesize
1KB
MD501a1add815fe1e3233113f24318e1069
SHA1ed91c515a8475ceb2d94200ef788d1f54fb29268
SHA25653125ef2c632cf117ee6cc516bd54ffbbcea4d7c494da80383df54288ba778f9
SHA5124133182897bf360b56e4c32dc3449d8071b0c04711a7bc317188db3cda6682b9ddf887a0a309344cae1eb8195dd271b0d54727a098c24316f06654e3104b28c3
-
Filesize
952B
MD53e65da9dd7740527ee1980380703871d
SHA10c5bd06f4a410b216a99e1c44aeb61434df50d6a
SHA25623ed93d8284a5e765d8c0ba73a790b6a8c68eae2231e2accc74c87cf765e60c5
SHA5129f6259e44f20bc8d66a3e250c5dce2526cf3d6918a359984e5a36f09f87d5f9eac9d59c5420095706dde2ce60ecf530f8d4967feb5ae140b2bc3300dd988e1c6
-
Filesize
121B
MD5aaca4be2440d248bff88c1dee8212e4e
SHA19f883333923252364f5bb1286ce8602f33b95807
SHA256478fd058fd96a2bd44c68e73a5b697e854396c766ab5ba556112d9cc73d0134c
SHA5121055237c2206ab9efb910d10d6e5f2c2f5aeb8079268d0d0687173de63c3320ab6390e681b39228ac6a9fa225686c411bf5fe641042b589a196f650077915d03
-
Filesize
1KB
MD577e33ada8c7a76f0c627e1d4cd2e1340
SHA1fe5d9a428630ce93f95e36658d0df00724046f23
SHA256c8d41d188080f3e6299f5329a2b9ec2befd1e9c796deb7dad1cadb189d284c1f
SHA5127d7b2a1007ad9ad2b627f0fbbfe70c879b164ab765118532857cebf30c42a89f48175feba5d1b5c2ef9d04c622aa94c2496d7916c569b3d577d336bbc1e2f54a
-
Filesize
8KB
MD5c3666442dcd9435b85c55bbee424e685
SHA1b5d6460a6b8f5ee62467b7da38a702ec64a49ed9
SHA256957619ce72832b45bba7fd7f9d7801099b61494c9760c7dd1bfc6c3c06c40cef
SHA5129a01f534ed4616045f6acd5f1746dc2f0d9bd2204a0a94f969948c1b5029d962b660244e641ea0d0aa3d11f1a1d387e285ba4c7d1520ccce0c5759df1654a2c4
-
Filesize
914B
MD59ad2610cbcda12f8a4be899c460bd480
SHA1765713e032c809b771264fe0fc69d2dce312ece0
SHA256f1e7f18cabd118e86c91e1602f0ed9e44bd7aa79895b201b861c189d9ee8de22
SHA51228b5bf10215f9785012f44a27b6967594598bd0b339aff6e7b77c045de8929147318fb020cba70a424195736dca0f3dfaef23db7b2dc337e03ab18616772d6e9
-
Filesize
90B
MD5bd5479ca56236816abae5b2f2103fd69
SHA1ab2b0cdb45068d48aea9cb825a10e27f2b52f236
SHA256f6d97cbbde510c9ced3857a7e5758d047f537caab8fb87223f3d4ae15aafec14
SHA51208a4ebfd4c7e0ff27798379683542bf7a478d004beda2038f6eda8f508dd025d92d27e7507e803ad5f4ac3844516c1e027870423afea239d5b657656fcaafcbe
-
Filesize
90B
MD52b471350e0c8e1ebca3919fd8709de76
SHA1686bab43bbc770b7b5c672e24f145f4840a71800
SHA256fe625d5a377774ec508d73f922baa170b790d896967e22571fc71a499f0f1f93
SHA512995ea712840f970461adb86667abe0eec2d41c0fb5a8e4940d9e1acf5d34c79ba43785574fd4de6e97611828fd22d8819e0a787cffcd8524bb8ba096b06464b7
-
Filesize
328B
MD567f21661f3c003c8042030a5796c6a72
SHA13ca1d9d2932b5bff0141b392f40916a84e9af5fe
SHA256d814c407ff5eabe3e86f5114c15f33af792f3a7d02efc1b0d98ff5371428f2b6
SHA5120d6f3d920ae8850fe0b35f143223ef015384662b3b02fdf1776d4034877c7b022d18fd787df8bc41dff81e74a6c1018bf46373db7419302ca546f0e997dd0764
-
Filesize
1KB
MD5f28044342d2a7a7e7b2ce0d268d3c1c4
SHA187c2cb681fe78b499921a4f8125785d2b74160e3
SHA25637d36034b7de5ad69fe4f138ebfbe6a6ae7fb0c88c1d5a5e080e3a9516f79933
SHA5129278ace4e727270d32d733346f5f8ad6559ac15bcce4aca5133de79707ba4c597c7f9b0be0b586afa2361933fdff2410f9350c8e9be1b62d5045c31d0f0107b7
-
Filesize
162B
MD5ca8c3905ce4da7acb7d29ae7ce299203
SHA11acc896d80af853f05d90df651df2bd0c02b324e
SHA25627654fe8cdc9e99af8b9d7e5d596edb00f94d3c03175616a71dad9fc1d5228a7
SHA512653c5317030eb4ea603c87ac316d87f4aa351f86ad63bb976277a1b13aafd9ccc05b98869132f7a82442475f09443b9c2204bbb0c219e1cee18a9cbbddab97dc
-
Filesize
586B
MD5d506ed924369b1e94a9338e1691d7fbb
SHA1a9b31479d9af13ff541dea951c7e5095e9cf6446
SHA256c9e0899ed67cfa3aee05a5b6b4a9e14ad7b250236a67bbd32a5d416c15107401
SHA5121f3e664b77d11a2002283b6768c448afcb4fc4fd090e3c1460a9dda95ce774e02d8cff20584bdcd7b72985f772b9f40b8a8b995ef170c512dbaf810620693847
-
Filesize
124B
MD5e0f81d9d68bc91ef9e53eb5286ee8d9f
SHA1d528335b19d51a63e841055f1bf07aa837b5f4ae
SHA256a90660c54cdd2b61863d07cc9889e53715e5da9550b5792d34fb85b7828d4831
SHA512a6c0dd6241ba122074821b51444cacc902ed13d86d4060424783ef74da187a7807bdb8d22ceab02ef29768b38b83b0fdd2b8a7009ff6c6b08d6d13b2390566c2
-
Filesize
8KB
MD55c304ab65f76b26a2047acd1fb66ad3f
SHA1a211c1c759304a0245f3b428131d2c8689f5eb13
SHA2563f83ed8f94f4953e22eca8314e8c14870b051d14b049ee67206c91e707d31f25
SHA512347fec9b30d43d3e27dd2d5dbf2ae84f601b9cf00bec6c7f8e9cf9019d5712a2c1b5dd6daca6903f045720e3b0b4b856c4d0a3d51a665980d3bd686f5b0fd644
-
Filesize
880B
MD5e680e4d57e8da900a75b726bfef0accf
SHA19a4322d171c8b5d28b7c09aadc82b1449b20ea83
SHA25699e84d16c1cd3592903531d5fd6a9b4827b104b616b7230c98868b1ea500b691
SHA512f808746b33bfbab57231ca1c8ff28b63e67267d3a365c9f9f4b6fd91c96bc6be2e14d815ca1610ab05b00e9a3be5983b7ec4a09ff876d72adbf0d17b2045dd37