Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
08-10-2024 09:56
Behavioral task
behavioral1
Sample
20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe
-
Size
165KB
-
MD5
20edc5b6ec17558d46853bd4bfadc69b
-
SHA1
3689bdf4ad7163ad1e876e312cf807ba1c5f1ff7
-
SHA256
b0ff77903804ee3d866b81ff8b94be59dad33721475d56812da9e9850beadfba
-
SHA512
bf8c52c7da40c93ec388846745ed5d1603f3712b9b1d6fe2960aaacb89270995a16514b82d0956f0954747cc15f832162fe03ece56fcd6c18b1d01e41410dedd
-
SSDEEP
3072:Tr0zyJStHyynWJs4JrboEjTdrqwGDSSF3+LTNt9NKJKIX:T4UStSyWjvBqwGXqNt9Niv
Malware Config
Signatures
-
Detected Xorist Ransomware 5 IoCs
Processes:
resource yara_rule behavioral1/memory/2556-8438-0x0000000000400000-0x000000000045A000-memory.dmp family_xorist behavioral1/memory/2556-8446-0x0000000000400000-0x000000000045A000-memory.dmp family_xorist behavioral1/memory/2556-9041-0x0000000000400000-0x000000000045A000-memory.dmp family_xorist behavioral1/memory/2556-9042-0x0000000000400000-0x000000000045A000-memory.dmp family_xorist behavioral1/memory/2556-9043-0x0000000000400000-0x000000000045A000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Renames multiple (2212) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
Processes:
20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exedescription ioc process File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe -
Drops startup file 1 IoCs
Processes:
20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\S5hKYdJLhQgBg3u.exe" 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
Processes:
20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exedescription ioc process File created C:\Windows\System32\DriverStore\FileRepository\mdmarch.inf_amd64_neutral_4261401e3170ebfb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_For.help.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_join.help.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd2.inf_amd64_neutral_9dcd97ab7a913b7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_neutral_1c5bc8e71eb90127\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_While.help.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Arithmetic_Operators.help.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_WMI_Cmdlets.help.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmsupr3.inf_amd64_neutral_8416bd6e64a8e858\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep00c.inf_amd64_neutral_f0d9ddf52f04765c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00v.inf_amd64_neutral_86ff307c66080d00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnle003.inf_amd64_neutral_c61883abf66ddb39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\SysWOW64\Setup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Path_Syntax.help.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_cmdletbindingattribute.help.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\angel264.inf_amd64_neutral_04b54b6322607cce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00i.inf_amd64_neutral_09ff5ee0a0cf0233\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnod002.inf_amd64_neutral_a10c656b6c7c053c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Comment_Based_Help.help.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Windows_PowerShell_2.0.help.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky302.inf_amd64_ja-jp_dd74fe49601b74f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ql40xx.inf_amd64_neutral_77a826e5c0a07842\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\PostMigRes\Web\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_command_precedence.help.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\SysWOW64\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnbr002.inf_amd64_neutral_db1d8c9efda9b3c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky003.inf_amd64_neutral_fe7ea176f20ab839\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Return.help.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\brmfcumd.inf_amd64_neutral_db43b26810939b3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky005.inf_amd64_neutral_8836be987024e6a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx002.inf_amd64_neutral_12563574abbc36eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnbr008.inf_amd64_neutral_0540370b0b1e348e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wiabr00a.inf_amd64_neutral_6033065925bcc882\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Quoting_Rules.help.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_jobs.help.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnsa002.inf_amd64_neutral_d9df1d04d8cbe336\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ts_generic.inf_amd64_neutral_1a5c861fdb3aab0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\unknown.inf_amd64_neutral_5eb6ac70dd1a3ad0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_CommonParameters.help.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_profiles.help.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\lsi_fc.inf_amd64_neutral_a7088f3644ca646a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmboca.inf_amd64_neutral_cc532ed7b3b5b5a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep00b.inf_amd64_neutral_2e6b718b2b177506\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_job_details.help.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_prompts.help.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\termmou.inf_amd64_neutral_207a02df8e9e6552\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\SysWOW64\hr-HR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions_advanced_parameters.help.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Users.gif 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmminij.inf_amd64_neutral_7c300346e830b2dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnle004.inf_amd64_neutral_beb9bf23b7202bff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\multiprt.inf_amd64_neutral_988a34fc912eab54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_neutral_0383c5de75359695\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_do.help.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe -
Processes:
resource yara_rule behavioral1/memory/2556-0-0x0000000000400000-0x000000000045A000-memory.dmp upx behavioral1/memory/2556-8438-0x0000000000400000-0x000000000045A000-memory.dmp upx behavioral1/memory/2556-8446-0x0000000000400000-0x000000000045A000-memory.dmp upx behavioral1/memory/2556-9041-0x0000000000400000-0x000000000045A000-memory.dmp upx behavioral1/memory/2556-9042-0x0000000000400000-0x000000000045A000-memory.dmp upx behavioral1/memory/2556-9043-0x0000000000400000-0x000000000045A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exedescription ioc process File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Program Files\Windows Media Player\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\DW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0302827.JPG 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SLATE\PREVIEW.GIF 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR45F.GIF 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR4F.GIF 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files\ConvertFromEnable.bmp 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Hearts\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\flyout.html 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\THMBNAIL.PNG 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01298_.GIF 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\TAB_ON.GIF 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty.png 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\README.TXT 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\ViewHeaderPreview.jpg 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\RSSFeeds.html 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21294_.GIF 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_few-showers.png 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\slideShow.html 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_m.png 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Program Files\Windows Mail\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0313974.JPG 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SplashScreen.zip 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)grayStateIcon.png 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0400005.PNG 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR46F.GIF 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIcon.jpg 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files\SubmitRestart.htm 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14710_.GIF 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\Shared16x16ImagesMask.bmp 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR1B.GIF 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\settings.html 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099145.JPG 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
Processes:
20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exedescription ioc process File created C:\Windows\winsxs\amd64_microsoft-windows-i..xecutable.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_83661b0cd6f2e9fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-u..lsettings.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_cab3e22a2a611f58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vf4833439#\d39ce5e7df72ddb95f2098899b7330ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..pport-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_55b918c49d849381\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ec7b56669f624a73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnlx004.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8f4a162defaf87d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_remote_troubleshooting.help.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..plication.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d7bee0b8cd3291fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-n..installer.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e73f612bab1da2d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework\v3.5\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-e..atibility.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e1de9eeb9e402a99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..cingstack.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bb60591bb35cbb2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\d660f850b373b57c4e22a7100feeb1a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomatio4e153cb6#\42295046050399a00e1928eeb8e37adc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-cryptui-dll.resources_31bf3856ad364e35_6.1.7601.17514_es-es_61539089b51fc4e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\047c9c4a6b9dcd9d1985b95e0f4f1daa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-snmp-evntcmd_31bf3856ad364e35_6.1.7600.16385_none_14f9b9481db6293b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_es-es_57e82fa3584ccf8e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_usbcir.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8cd4b50319eaad1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-f..allconfig-installer_31bf3856ad364e35_6.1.7600.16385_none_16ff8462601ba3b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_bthspp.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_96b8910de8c5c670\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-audio-dmusic.resources_31bf3856ad364e35_6.1.7600.16385_it-it_bec341e40d6de22d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-powercpl_31bf3856ad364e35_6.1.7601.17514_none_c006f86a8ad7ce0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..ration-ui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_61938a7c9881fb83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49\Windows Navigation Start.wav 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-text-encoding_31bf3856ad364e35_6.1.7600.16385_none_157658b455c19edc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wpf-presentationbuildtasks_31bf3856ad364e35_6.1.7601.17514_none_ae33444d641b1282\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-b..roxy-main.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6ac242baf9e65abf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-regsvr32.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7505c7587ad1ced7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-xpsifilter.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3ff34e8f69e91f80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_77caa6d1389c07d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-rpc-ns.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5c8e97ba7ce245d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnlx00w.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2006deb2755754f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..ystem-web.resources_31bf3856ad364e35_6.1.7600.16385_de-de_63baff6af370f039\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-stdprov-provider_31bf3856ad364e35_6.1.7600.16385_none_9a8350c7e0405c47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-peertopeercollab_31bf3856ad364e35_6.1.7600.16385_none_fd7eea7c7b3453ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.1.7601.17514_none_b7c78d327d35e10e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..layer-mls.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a96104734a0c6a1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-msls31_31bf3856ad364e35_6.1.7600.16385_none_27f4c55dbc24c492\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-netsh.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b688998da4283456\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-chkdsk.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f8822f6862ea41ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-d..show-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4ecf3b0a9f27618c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_pl-pl_4871a5da2b2cebc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2ae1bce6b81c0916\settings.html 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7e99fd9a16e35287\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..baaupdate.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fe2bb34cf70900bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-fsutil_31bf3856ad364e35_6.1.7600.16385_none_cc3a6a9c514031a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_sl-si_c985d2947338b739\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-i..otmailapi.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d3e4cff267639013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_64\XamlBuildTask\42d791a24a46d268377418a5c39a5390\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..indetails.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5a9bfb846ea663ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.1.7601.17514_none_9d506eac7623b401\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..shape-rll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_333cbcbf2f402a2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.1.7601.17514_none_c9f484476f1589ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-power-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_67818b195b376b53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d63c29482d3e3b6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\msil_taskscheduler.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c46250e3eeebe311\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\ehome\CreateDisc\SonicResources\ClickMe.htm 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File opened for modification C:\Windows\Media\Garden\Windows Information Bar.wav 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-perf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1ba3d0c151887382\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-c..ng-common.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cac45a6f1489d997\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe -
Modifies registry class 10 IoCs
Processes:
20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "SYOLECSRBRGHMIH" 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SYOLECSRBRGHMIH\ = "CRYPTED!" 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SYOLECSRBRGHMIH\shell\open 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SYOLECSRBRGHMIH\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\S5hKYdJLhQgBg3u.exe" 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SYOLECSRBRGHMIH 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SYOLECSRBRGHMIH\DefaultIcon 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SYOLECSRBRGHMIH\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\S5hKYdJLhQgBg3u.exe,0" 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SYOLECSRBRGHMIH\shell\open\command 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SYOLECSRBRGHMIH\shell 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2556
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
291B
MD50e823b2192841b7ab657d598c7f8d102
SHA139334061db7b29c4ee2b9ba2e665602a57591ec2
SHA256e9bb09224381f242827be7da5d3af8deb7caf0fad06179f69e9d41efa46191c8
SHA512b50bd57d06242c68a8549a3885040b3809cb238d7f777392f530ed4569b0cd099831160bd68f9a898f3914b0379f1801f83be97680f70c08d96433e650aabe9d
-
Filesize
341B
MD5f0053a39917b83af3c3ee38d3ce3a2ea
SHA19cd39d54643153d142fc2cdd6442003097b7d5cb
SHA256c468a63b28ce55f386b8662bb2052ab534364c1732a1a5aaa5eeb36b0ca3e968
SHA512ebb5d363b7ed93ce0bc11d50884abe6fb6c3bfffa29411d8cedfeed892d234c13e445f02c5f0890b6f60715193bf39953c5802917da6817dc359875d319b0baa
-
Filesize
222B
MD582e31bb2421ae27f9ae7efb4034d0973
SHA185effa89081ec78ecf6370449df7e31321fbb28f
SHA256aa5878edb61be8720c1d6cc7e6e200b77dec12b3cee06efaa2b3d373dee3ee65
SHA512fc5901a28143bfae1ba396b440cbec16b51b308133a8008682d1ec94424cf6d2a5f4710b2931323d12431efcbc5cbfe5c0ebf847f32824d3e1aed6ddddd2def0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD59ab427016766d20de6deb58029d60214
SHA1380349b66b2dd59600a25410b9a01c6e330cdc87
SHA2568a1fb48ab4a45fd3cfb49644b0ae055865aca97a77417db6ec5599cbff485068
SHA512afea364c710c4e7ab26da5f6e109511c638bef1787417eb0a7b1ce5ca54322496eb6b3290493f46adb7a9147da84183eb61b3130e638cc22aba6e171edcdf9ba
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD5ebef6f0f53cbdf36218a7a0213f36fa5
SHA1b29335db5e7a6379cd0bc8ec2d11ec5ca800f702
SHA2566bd7ae58c829d8ed0d791f2af93a3554f7879d5922d78918c54b9b88ab69b6cd
SHA51203a9f154a001c0ca43969e2e562ffe33a0dc134b73b70741245ea67c8e5520f75d4a4f75e8e3712222df43197c749ceb16318a0eb9cd14d393920efa1e290a61
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD567fa87e85085a92974e612ea2478a506
SHA1bb3cb04b069177e06e9cc21840c6a3617b685fe4
SHA256efb749e230a43c3748030398bd38fbfa272b86ae790776c2d374099d7abdeb0a
SHA51283de8af97c66dca6c523a8480de70c8725b2429ecbff196f9f418cc1c1e105f3d73b7c62b95d34cb9f21254738b965425641187f382b99ce2c88018c91c919da
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD51900db4a9189d616add661077de221e6
SHA10f43a957c1006f639b50917fdc387e749eef2d00
SHA25694301982eb7b271f4249a07f7c1eed87980d0eb3b48f5edab0b8027728806f0e
SHA5123120d8a7e1d5838f4547e818336e0276dbefd68848d78f5392972e0af0cd4abc068ec91a89fde19200a114f05c490e38e06cdb534011a3068b7fa5de884d4ca1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD55230703a81686290d1b29524ebce4fff
SHA1a917612ba438956449150f0445d574a68114dce3
SHA2566153dc54dfd7a59e70d0ec927c9abeb91696bb67e8e5450c60bc9c87c3bcfcae
SHA51292477efb155e6ecb6cdc17b565445fef6feb87b2c5d3b12c9a0875688ab975910c14d58b46a376c6db19c7a4a4fa7e63801ea0ce111c3e0c712f3999e60ee734
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD5818af86514f8578f15254358d059df08
SHA11c747165d03391699dd19899d3bbdee0795b8c7d
SHA256ee2dd7f28ca87915dd264acc69ae8f49d2d843d75d6b4b72dd9f9f2fd6ff99cc
SHA512130f8077d4a4fa682ed6f4251d8f2e457fd51b7ef8c7b062e80772b809be763a2d482f13b7a27b8806ed8e59a5147a6a25f1b07c39d7a59db3e99edbc87c18d9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD5b6b4d598f7a0168c44657fb88995997f
SHA1357236b6e19d80f175f58e971876f77aab9799d9
SHA2568983bb088e43910b76cd1955a437930ff336234bd120bdb7e1d2503b6ebbef77
SHA512db934d1472c44acef7c9f536578e0729a22075a7d6de0b9e612f4ab8d4676125ce7bd8345318b1c68787674524a17369d1d2246cd908d8b24a75b7eba0971722
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD596a4acd89befa09e991c1d6b4a35a326
SHA1098c9dc9aecebd7cf5bfdf7aa17d85f8c87595eb
SHA2564d044fafa75f07060bb94a6ef5585544345a25432f2715b8a418798bc16a3dde
SHA51260611b8b73460bfe70c6771493a7d21c58cbebeb44406f537029331806f4d292785cfc51602fe2925986ad24ec8ad272742c668582f902295ea74a1fc47f239c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD5fa8d62b353e963a6a802dfbeac3e724f
SHA1529356eff7b5db5c4245a41d610fb38eb66da758
SHA256a1e95860da32090bae068f1a92fb35e7e5320aed2dc1bd8a8dd1d707b2e75ec6
SHA5124b6616c11f0713e5fa37ae1cff6b27a9edeba8efa5992c0fcfd254c51ceecb8907f49f48d723df3b334dc581c648b5a07661cc05bcb4a442935dac4827e38b89
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD571d32fd6f4cc1a783e1ec8a41180e487
SHA1c2a7811a8da3b448a2570dcc85e316db1b037656
SHA256f4d2638c40a657b3364ecb613dd6ae6e5e44711549d513983600239f6ffbc5b0
SHA51273746d105a931d00ca549210287c879355cb7a05c9a0ded68c9df22a1d6b8a42dd3690e9f81eb78cfdd2e83b53bf211896aff4013d43b64af040676a939cedd3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD50e10c63e37a41070a24d263f3041d071
SHA19dd0c247c2c0c4972253cc530aedd4ec96a1083a
SHA256a0ffe0f875e217a74944c59125827d2054815136e07a45ebe1915ef17f14f129
SHA512a830d0686070b8772b264c894866176a3cb057daa1fe16425488f5f144e03d9dea14d4c127a3c44f740525211ed952f0e7bbf4cf64ac2b7e40e36542888d407a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD51241a960ae9367761055bd35cd5b5a2d
SHA1b4c7daef5c2810d0a466883276d402204d699a1b
SHA256d4540c41e889c535e97bcc89a14c91c49d9b2d962d48ce12dc3cec67f295b600
SHA512391477bf2c5ebc3229f3775e56e2e76485c23927636749707eaae2922aaa98b1d5b53367de2634cc06a36177bc3939158fd7801f4983c5a2c22d4442bfcba4f0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD535d62042f2a13ad0878bbf4acdc157c1
SHA141d6137aae37ef0b83f2a0744914841f1af0d96a
SHA256919f90557393943850ce905611f97885d46c59a3e7d38b8692e80a0f14d0c157
SHA512ff0cab9b4d2d66d0e2930c00e2bc1ba001613f3c3ce9a3734b28c3151904859d89aa6c160ae3bdcd740b043671e59bc56da8432d8b9b5bdf72a8ad0f9dfd41d1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD533c68714e321bebab658e3cac3f8fc47
SHA194ac42240c3cdb282119b61c67bc4cca7e9670a1
SHA256b9a07ac2f1837ad5265db3e3f845469ee0527b50234568053302713e9578571a
SHA512c6b32369bce7f42d7878b2ef9f5908ee47fa7e1f360d96f5a8ecf4ccedd82c8c8f5234b45949482d071cd78dbbefa827f31e453e153db8c3f6f47023389c3b4f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD5bc4c5dcb27bbb0d20e181046803e0e62
SHA121f1475c7a439b3a32475b1df24690da181d3b45
SHA256487165f7f56e184e8bc807724d323bf8e13d952c044ca105241d287ef19b1cad
SHA5122d53edf0137e11936e86a2cfe676b9d3e9a9544bc918241b9f7945de5dfe610f660e8746d763fe76628a069ed4a0ab72348aa8028cb4343a9c4ce22ec8f18dc8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD50a13132c70082cdbe09986efdc4c9dd5
SHA124dfab899479ab76272266ab9f3a92fe2e7a94c6
SHA256c8af1a0623a28be5908aa6bf6e08fbde5e8e099a95536e982e7745d5b01c5baa
SHA512f6478cefc776ec102f2eeca34e7d2af3256f2e92c3b56abb1a6ef21bb2e53390b06e7cf58ab2a1f2c8805dca8669e9be380e46517daa1706f7a4088b257794b2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD53eb79d1b056eef936c3f77774bcc8500
SHA159c0f5aa87b22b749b103665d4372184011acbb7
SHA256ee1fd4cedf599f45bbbf7319ba52431f54aa5d4f49a1340453f31415a06abb49
SHA51250bf42ee5ddca64a77fd5c81c0e19a6b80f4bd04b992f7e38c08cbe86e096d4a4e9004b5511a84465e3e03e3cc297639ef3bb731d88a86e7b37a84484bfa8f90
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD516fd2ca3c87a9dda16327e55ec5a0644
SHA11e29772bfeef60978a69874c872c31048bd775ae
SHA2568bfe0a26984bdba8bfeed2bec7e4c4f7546c3e9664c8ffa24a562d8f37cb9452
SHA512f3296a86acca470b350c1338cc74081780c3f2e0173d0ef545a69f77d2a9e3e4857b64f319063a3a9f0948db87191df622143f3fff0c7457d6401ba92890f011
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5559e65bfd462c6d8bcd5e994dcac8560
SHA16f0cf9acb13cdfc0d63b93a1380e00cdb469f60c
SHA2569bb8f59efcad40eec30ac5dbc1cbfd508a541d4744fac6ad344b1ee7d19b5d75
SHA51279988e86a5c3e99005d70339624c82d2cdac412b5e1e02aa329b2041719ef22183f62444c4be5fb3d943fa0b0469d46b6a48e4ff9d6746212988d1e3a30c346c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD506e5b3fe5d73f8ce33dd276f867e841a
SHA1a25d4a672c0ad7b834c78b21d1c06c2c85d69ded
SHA25690cd285fca12423623e3dbffbf0d7ed69f2b360a732756aba8e2ea774e5de19f
SHA51237b773c1c4e07ffd22b25df08311bd201d85edcb1ae7f1710c7c74723794280377926eaf55e6ebd22d319bdc2a0403c530eda9acd2b14c64e3771f1ed44af638
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD50bafe5405fec7feb30bfac81bad919f0
SHA184c059dd3025db04252465a1614abbb6d6dc5640
SHA25669c857f6e482c1d7ad865f01098f694df164fda860e0a6f876382217988351bf
SHA512de7e9986d176c125f5d4ef7f6e6c739e744d927b77f039b80daa72d6bd5fae70ec471975e86dac4d454cf8b74ebf3b2bfed086d0dbdee25e5ec5443536f336dd
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD5e4c83cf5b7f735b255e20adfec2f413f
SHA1ea36b43888046e1cb4a2f24068f04e82429d7e28
SHA25649b80927a82be7a7297dd9fd3bd4ba792b3fc007e2d713bb04160c9c78d2a1c9
SHA512f96a655a06bb13d543e2bd375df234fed5fea92dac8e28f0aa9ff829a8f77ba29b906655bb826af359362d5c26f3c46b080dd85f61be36db4fa791656b50ecd2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD54a97f4ae7e70128c34a82cc4eda38140
SHA11e9216a209b8c8c5c0a737f26e1c1db0abfce387
SHA2562eba1be47555b988e4b80d50ea43509300d3c293dce1d12bb17a6689801c0854
SHA512e50c4f64bd73dbe8edbf07cdecbc1364896c719d2dd1aab6534e88d1c612df75aa4b3295617f64e10b493302cbb97425e5610963680a0d5915658980bc50fae9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD54066294b97107b4962e331bf3c902d16
SHA1f874187b98511a26122fc099361f2c2c4b22da49
SHA256b1a2cdc73f217185efb3fe911847a2ca90ab113a478838dbe079ec778e5eb87e
SHA512f1292914c9d1dcf9de8ce2463db24498442d5d96b33431d0035538dc50ce2b7b2e1a9181e5831fda82b7afe2f6e0925727f5a05ecbc87be9cbd0673c3d9ad033
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD57fe9d466d8cf45f9e7f14d4b61c4f7a8
SHA1f599616d70ce34a4ca88da22a7da5629c6f591c2
SHA2560eec06d81b4279a629223263c7e9e0e18a6348580c1b0741decd22c53ee7a958
SHA512690b54b0f01d99a01dfeb6c4a29619ffc0e4847f7b4faae550e329468914db51a4f9068b06a3a9b3b6e6140d999cd333878a72dcb81ab5293f06a9f55ae98336
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD5662e1eda307a0f760d23db2a21e1ad3b
SHA1bbc5879de790e368fdf58b23d63b42dd3ba13434
SHA2560579fa553e7e744440912dfaf29289da54826506bc5cbb1e8a0742923b06f210
SHA5120a3e78400d0b6872b8be1ef1807b882f18e1c309910c774f363c93ce9a906e322dc5406f8bcdd2d5b6df5914d393d2f341cf84dd98ea6f28e2c3a843568b11c6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD5ab55733065261487b0085e40568a4030
SHA115af8080189a0c0b9a562063c9a5f4c0b10afb03
SHA2567184b2b929a51b06086fa77603ea7cf3b836180c3799c08f589345556ecb87de
SHA512dee479fb38c0044ba1780c5ae08e3bfd6daa133ce4a49dcb2a47355085b4518dabf8972b468092c2080397e8b24c4c11e19b1c1796f9ad3a3c33313c9b59d041
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD50a29970d1d01e7f2968e1e8db1898a68
SHA129f92deea290ff5a455277493046ac67277663d2
SHA256cd4e6d5dcbac42dc062a3157a7c2e95be0c879abbe9bc3362d8241a1d9e0afa9
SHA512da1763462ac95d96472431df07550fdc59f7cc862288b73e604358a239e74ae21d937fe56428a00a0499b387883091d6527c6be733919ac4145632bba3a7efb9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD55614679af941cf958caa9e52279d735a
SHA125b2a5b1a1674ac9c693b3475cf04cdd93c15dd2
SHA256006c8b691d554cf37d799b28dad39648499b739010e8ac622062e5f2d4d503b6
SHA512985bf75102558c4e80d3377e3806502efd4a2bfb7e10a1d2c2ee86e4c122dc8363b815ecb1a31c735d23deca500b11ace2e727d375cdfd98e89e1adc865458ad
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD5e73f4980647b8f7583150d118b0f0326
SHA140e3f6f3cbdec9ef2ec09bd0ddcd158e8508f222
SHA2561765d4f0f00b49dd87835dff29c5fde9cd1857dba14a64edb5645d61452da7f2
SHA512c890c78accc0edb032424d890d31270d08d00114e8d4c3364291ac674601d1d43f1af49798737f0be95c257701b90064c2f7839a1bc879bcae7c7bbc5043f6c7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD548a37210378fce2d3d925ba3951fc891
SHA12a60b87bb7275d97a7c4d7f55d7da5e999951a91
SHA256696b903b6c30ac2032fc24b079c7ee906b6ea209f605a6630be503419536b02c
SHA51277b3ee55c8e82673cb1aef53d4de35daf2a1136596ca22e4e80d7de067a2905a8d21413f1e121dfb3bd412298acf140e99a67439568bae7fa4184ebc0dd96f2f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD55efe2e11f8a51eef4ec67589a0211e17
SHA186e3e844689d90ffe41ebbaf43c9e71553218eca
SHA256ec894d70d0403853ed2bad35371c57579bad7fd7962fa35a8db9b415563ddd94
SHA5125c6e87d8fe6f9f71fc5bc18b71cd3f358e5c5b7d3cd3bc747ec60ea18dac40e6d074e9999f76e04c776c6ec9abab3dfda52a715a678b939cb76c6508f63f256f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD5bc884a6f2854a8270c6053a99663b4cb
SHA11ef783fb0b0f90cac84c6295166309ad58def57e
SHA256f5862ffa12e4a6b1fbc2029f73664629e2c60996acf07b136c24ff20a4f6e0a4
SHA512f344dc622079b31bf2101f7d53ab883d0a2c7796bba6127c00b4549d9dda997a0264f0b4037255e3d422487f5a0daa3c05a1bcf723f61fbfefb0e77f8949cf22
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD5e869ea0f35be248558315a65cbafd28a
SHA10f655804be643e39c5e463edaddd411bc07dfae0
SHA2565e6377e1571f0ebf2579d81c57f7abcf7a1b0d2881c913fb6e55055f1adabb04
SHA5123667c231957617687b019da8bb25ee1d975a9fa0ee2b4061eb3a3481c6eacf5640d8bbf8b4f8981805366f4cc34972b044aa4420d3031064c893d6ea3b75b080
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD5471de9004fe81fc67e14fa7f22b36fc7
SHA1229ea0a89fd40e83367b4d8e12bf75a51fb1a7fe
SHA256b5150b01e694301a4b4537dee3f04d198fc0a2b0d2ecf686082a7d7d447def06
SHA5124f5d0e73493ea9ef530918342aa8ab92fdd1b0ebc76d07d28b97ffa741b897034825c6d946839939cd7693190d4e5105ea061985330a43df1ed6d029cc2faa97
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD502230d346f9435ed9a8f761642d8f1a0
SHA17b53b3e849225cb6f1a185d8afd3e483f09b403f
SHA256256fe3215a25df8bcac7d22fc3540afe58a9615a1eecd9cd905eec00290efb99
SHA512ffa7297b3048cbb15d0176528e0bc2de277f882dca7eb77062fa492f5207330ee233038aa23ef5a63035681cbdd240266960646cad9bfe9cb807402170c62935
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD581fb2e00fe55772300dea1660c5ab70a
SHA1c8b8331cea99c26e4e8e4cfdcdc7e9f7387871ae
SHA25684ab793cc1e6b01de4282090d73e571a7afcad09fcde49b09f642bf8ede3691a
SHA5121c5068d94838532032efc24f86b6d8daf829c1f9e724f408a73081f8643f886b04356397afeddb4d0032e0f6e3cadf26b88ea3bf6b6a1d5a5b1eef650cca17cc
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD59e44612a1948c4932dbfe7cd9bdb3078
SHA1cd29f05e4d4a9f212c3ee0194c83905b6516029b
SHA256176f11ee52f684010e487bf51d2b3f46356c8f1c63ce0df2d04fdb0739d361b6
SHA512f287f15f6ebb1ccba147bcca67858da0516fec6689da35141715be19b6b2f43731c4492f6872132a1c11d9125d6ce95cf4a293acca274d5d32054c5e1a7d0720
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD5a0d00aeb36e9fa3226e28442cddb8646
SHA14b2ef9b50e4a0ab8fbb27619f79bd51790b244a9
SHA256a80fed0b2072fd13023979bb8115bff30fb45ed13d70eeb4d36f61c69c8a39e0
SHA5123853f5e057ee776fe7fe12a0ec9fc26b15e6c9975a960088ea764e14268fca77c48f839715147b1c88a9d7535e85a7249c04535a02f889e8339747eab2111e1a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD5b57a9b22dd5c2df01f4e960a83322fa9
SHA1ec5a87490f76739ca8e6b07b81bba8e7f88235bd
SHA25651256f13322e4030c77d01f7fcc8deb6c097b11dff3ae96f0d4d851b5285c493
SHA5123f20e5f4e9e6757fa800ef7365d71f7fa3d0feb121cac22f2e4e03862fef6b87dbd5089ac3613e3c72e33ded3e85bfcb297f677ef40ba828c4d9d7348b848c4b
-
Filesize
580B
MD5de93a7454d1a7a0f40f81c4bbf8a9180
SHA168f22bec1d376a30dfe7653f6846947cea28697e
SHA256f3e3b677f9e3fc38b3b3a7962ade1423502969525d20a25bed84e5763b0586fe
SHA5125f715b3431ae3ad7fcdfae551b16720c53dc93f3d98f77987697bab4d4ecd35df4f4a3fea1bf6056d98939a6ddcab6ce4ff040ed791d573b319efb4bd92a84b2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD54d0427f347d38935e62a67e6d15916a1
SHA1f0204d02cef47d56d63856fbaf104b7d31ba20d0
SHA256b50a8327a91220f890e337189821e44603d73fb0aec1da5538af666d0d6f399a
SHA5125ad484d3a935e5381c557f7ade6b28bdd321855f7268dbb2092fdd4e525ee44c77488e40106ed1661efe372bb941e8327389f655388bdf1b666baca67129347e
-
Filesize
625B
MD5c16c2e90f55b237d12f95ed482c34d0d
SHA1eb9402615ee4d992287cb7f1d8d959592ca2aff8
SHA256ca29d7937e8ff33721d2dc2af0ed11b1f105421993661a07466b000ae9755324
SHA5123bebea95c78bdd0cb46933a12704b786a0a55c21eb542c64f652050fb964196f2aecc1861d05ef3fdf2b3b11824bda6a2772dd1d713e25e14735f5c3c03dc59d
-
Filesize
873B
MD5cd346f50a807b7dd41ba8c48b383a48b
SHA12c37042adb776d8b6cace82378f2e7d12ef32c4b
SHA2568d5ee4893e456d241defb62290ebe46d047373732cfd6c8334013471f3d96d62
SHA512ad2adabd42a9dc06ebd28143755f3b3462f8159005b7cad4dc33209639d3c728e5b6bf0068a08ea085384c875107d7cd14fe0e1fa1cbbed9309bc60680fc79a1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD563e18df0c059a9e6e683048f8d5bda6e
SHA1d9dced73a749c8572fb45747ab30ff52c0600c28
SHA256930e11367ebea7f67a6b5d5403258fbd7c50e9b73fb5745bea7aa98a290384f7
SHA51255bc80be776105f44b802efb56c2ea1b8012b9f6696e309e1ff329e2271f902486344742c714a6372b160ff3c6f08e0d1761f0b50b9f0f97f8dfb9126194060c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD5a9a2e2ae21dde752f5ac97cfd21a1666
SHA181a83494e78ee3403f552e422eba2572097efb02
SHA2562f22b343249692a8ab873734172b9402845ac5cca60a38b95bee033b6bc5b66c
SHA51239c3ac3b342d077aa20079b69bb24db22d8698c27e42b5501615da3315935d5c1104aad53aad0d4e9ce6b0c86423f0dfdd6a8b2327a60316da8e5fe56904b61d
-
Filesize
615B
MD5df673311c3572dc00b2851bc4c8c306d
SHA15736f4079b7be6d1cf100340acc86e245592d604
SHA2562f737c7e107ad27aad1d93f41f686c657a04bfaef5f9886a580d3667ee04b36d
SHA5124ad6433f1ed4e49c2f01dd0461402084991603693a71f4ee7238d28faa4755a7ff31c13766e0f804eaf2d2b805bd76f20b5d13e7ccc6cee5a7d8c86828ea7f12
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD5eca6b9872d83e6b92c086b6cfba24a09
SHA1883378404f48c75e0b997cbaf120b7e3f650a2da
SHA256bda2163fe0beaaea9714b71aad42ff57e3674eaf8f0a8ef11925de69ec76b5f2
SHA51245f57b4030d9c4383998b8318d7c958cc0d1fdc80f0fef537a2fcf3c0356ac45430ee22f7c7df58612e347561bf18b7d9d6571dc9cd61e2862aa5e1e10b847df
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD5159575b4b9f8a81dd0ffd3a881a1b029
SHA1fead8fa808cff28d7cde3e166cbdfbf0ac752b75
SHA2560182eb50f5705f0117127af1b39d1c61c5bd823b92daa7676a47c2a8e57eac23
SHA512865b6a2bf5e2c21b74768396036330f2598cbfa835eccdf3ca6a4d5d64bd4e6feb871dd010a44930ef9d6655f4a85019c5ffbeccea48d41d453b1e248a1e3201
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD57abfc5b2712a8dcb168344230c8392d0
SHA11bd21345ce1d3f28a6df593c95465cefe080ade4
SHA256ac4ac233e4bc1d8f60b2aa17f6fcb2e10046d5a77132099219ec4b7d6ac4c31e
SHA5122a746ac35ced9e613619a8e2078c047c0079a042547dc8566541dff7d8e0207ad1fa2a58ce2f569d75d2df45b1d1bb30fcb8e60ff2c297b8c80d25166519f5db
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD59058e688f741463272a9cde014d9f188
SHA145ce60497248189b906a38760a8226aa31975373
SHA25696ad576c53ed876349b5b2ea6af470bbe66c1c88b771b3f27c3f32ecdcf3cfd7
SHA5124cf4a6e41a7e9493122a5fc4d7cf3f5f6d27e176932d6d2f35fead5f218d4c6cd61c56ac7df648575a40a530d5b35a82e195c75793a4758549e7035bf4a1571e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD591238c90847e5389dcd7cd66bf7201fc
SHA100590b80068cb4456035c708e93fe3b02039a44f
SHA2563c43a5283ba5d124c6bf1123f95215ef4bdbacafd25be93a3277f5e2e6cf1894
SHA5125e4cef7ee7032ca5ca8f082f47bdb6d645b5d9f68799201615f040143093083bf48d10f79cfa292e9f44192d778ba53a64889387aa1e04f51a91f50221298d86
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD59457deaf87a1db61a3a7444825e99e5f
SHA169a64b96e04cad28ae4eaa5929579b7c8c4eb040
SHA256d1cfdb5e67dc8732cc879410c01c1ca911fcb7e34804823141c02152bc3d2972
SHA512c7921ca7d181527dd4ce5a1a7d76900ca782c090fee9bdcbcf5f4797bf057aab160603fbd7cbf1ae2701c6a83bd65c5b4259c8e830d55e290759ccac1046cb88
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD57728d088e8d8c157ae0191e4448b78c7
SHA1d65a2d5bfee0896c8ff4e7ce7e5ce5db4988fe49
SHA256eeb3c8b04d20e00f07e1463adbd2343b97c2dd07275911950d5dbc198cceb4aa
SHA512ff07950c51d58b3f10cf3af5d304fd6f218934cce941d2eb52147831ef5f73262ebe67f5bf29063df20ad207c53128c83e1218d815743aade4a916e0491337d9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD59bd8b151903c8258eb4dde9b8fb641f7
SHA10340443f8a2da756339d18aaa96ff88e33d859e1
SHA256f296efe82d5e3b791ed40d323df50b31238e87d35b6dd616e69b88539f7baeaf
SHA51293746c9bebee97e2db28ef9d81dae7693848467fc506833fbb50a9050fde7c41481addc54ef99a6473010a946a85ee711697d686867dc8130cc5dd6ed5f2cc8f
-
Filesize
153B
MD50881c11a1154327c5d0405545f4fc35f
SHA1be0b73ff518fc2742bbbbc7b4a63b909837c74cf
SHA2569ea1598e7dec64d9d1a1121415d88730b17b3425c2f401796af72f9acc2197fd
SHA512a5db6d3e7768edb21668aa681bdbd9ce7e9a1787d561f3b678b4cf311633047a2a1c2113cee79c79d1591d1407d516bf96aaa6c4bacfda79bb15b0f855f14358
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD5ea009490145d226c66d515864a8e0150
SHA1752f2a323a518fe87eaee7fd4ccfedd5a315e466
SHA25672179fdad4e71fe486679508f00f84fe5b57c6e1f4855a7f0b39f512c48a4e1d
SHA512edce44267a36918f87b58026e0425a16b254394635a84269c733897f8031115834a932ca37169f70cc163b0b0e0bc2c31352653fb9d4237aee185716fd546144
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD5f624313a5f78d908b38d16e35c4e317a
SHA192f255fa3615215e8cd11499225a0fa7c7ce5b06
SHA2568b95c4e7db57e93b4cc692794de37cdf90e3f2f5b3ef081518437111267b8cce
SHA51281628de1906fa9253e12be0cbdf4a87b34eaac81cf7b6fcd180b5ab2bdd103c419e4788bb9ed6e510171dd5fc3d1300788e47c95edda0f253f792362dc481bc4
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD587948e0043efee770f727cfd6d8b1216
SHA1e20937dba7b668fb6a65704b613cbc1b54106586
SHA2564de84db5adabe0ca37b3ef8084a872fc328e3f040d013ac13aad1d53b9d6ef30
SHA512978bc5be6475bf3c056a0512f9e1da6156ea31fa3404d93f8c3fc47a6e12d2f028bf7a63e65d1920925deba354dd9ad0e6329f8c334d9d7cf63154490a7d86fb
-
Filesize
109KB
MD5ac7a031cee1717202e883321b76d6016
SHA1a9b2ba772533ed4d903c9db3d67e538609d68abf
SHA256263f37866723945d18a8cf7e0fb8b57a6da19d28f004d86cc48e2e0f2e1056b3
SHA512158fe09bb271f7ff6943c14de756b3cf899ec396d86586a32d6ce8b35d0d4c5e7d1561e7cacdf2fa3ab1e387bfa7ffbdcf718142e7401134bb0dc5c57230b994
-
Filesize
172KB
MD533077a61d580c2ce87aab314b0a95a14
SHA1e081e2f642c727c19914588f3c2d6b89ed69112a
SHA2561a741b90e204b813cc12793e7dace9d44ad88b430bf1e9ffa164081b5d951260
SHA5128d19c9799761b11bb003ccd3e7dc439e42efa65508f57eb437959eae2cd901865f852a027ab48b216b41e0a16f9be89aecb35023d951eecbe5d64a45933ff3d6
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD57fb5a9780402387b847cec43894e61be
SHA14f71b732fb15d831cec55c6be7846611a7b08292
SHA256dbb78c8e830884f701ec160dd68d8d9726e1cf16ddb7c44b47846dc31989113e
SHA5121b8df9d5734de74714d9384a4ec8a52eecaa5a1aa0a00bde2e8a642cd805c3c91faed9466bdfb55c6e3f3313c84a41a91542d3d744682396a7a661ffeb8bbfc6
-
Filesize
21KB
MD5092611f93f33071c12f4f73faede8bca
SHA1c46a500d2a25b4ae289d892d8d55e91bce9b6554
SHA256e6c3231bd51faade0c434c44fefe2cfe93f197df7507dad9a066447b6d0f8a48
SHA51251d790b214fdff6214f7008f71fbcc64a894486ee60b61352f271a4fc1403e486560ae4d119a3578293c097ba91a9a1458d0865344cf5ed8fa8036bb734177c4
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif.EnCiPhErEd
Filesize1KB
MD5bc0c7bf74dc85b0ea2f633286a2e1711
SHA11089690fd87fb04cbcd5b838ac95dd37244ccfc9
SHA256e752219dd9ef5fb47f8ec2a92486af418fd95877b2586d7a9329b8a3b18710a5
SHA512bfae19e38a47bf361a6a8d5eb7f278dd6e54c0acb652d99bdcf2def4a257b58ef909ea6b364d03e59c0e5663dfad9df84e78054e88fa53c522d71eaa5dba5288
-
Filesize
952B
MD5c526504658de7e24a19271c235f46ff6
SHA1c04fbf18e5f65275a401a9a5db93387e5f39333c
SHA256a56014b1ad47d7addd7e41da62eda392a6bf5b23fcf3f4930283317e4a2949f4
SHA5126798ce504492d45c4fa3849aa03a6f924938627bfc27386636049a9b0041539a003ccaf43c014504047a2e3736911ff588547fb3a95ebb7182cedddf46f9eb76
-
Filesize
1KB
MD56d859cea65128b9070a9e0be11007f1c
SHA18e37e7e98a748f9be7a8ee48a6c5b71fad8a3faf
SHA25609c651857ab777c96b76fe33bc27ffd862e0f02a6b57a7e81412e87101cf7728
SHA512a7ee2038e4cfe4f0e948acc4bae6c847580c7b165121b3c2c3eb66ac774472974fcb52297d70a26f19d7b43991b459dd7c772d16e7293107ac11bfa0fd9ea9ea
-
Filesize
8KB
MD57d6ed6e911e0eee74c6c7350634acced
SHA19fe563ddcd0fbd916e84ac410a79d92041041fa1
SHA256f9150896d019cfc401ea13facba47f30e8f7786bc1fc1e66d0bbb47fd0983806
SHA512a9212dcf31928337dc25ee5c9171cc199835edad558727437ab03432a01c491c58225bfe0ce8c7f0f78834eedfa7c52806891b5bd82d7c7ee1a36635c4f44dba
-
Filesize
914B
MD5f4fa8bba95d2f44c238669718eb8cd55
SHA10fc1666aef04cfd1180e5fd8a969c7aa5aafadcc
SHA2567d9ee83efe0791099f1dc46ebf9242790e14ab0b45a03e2180a4fe2b9d173d26
SHA5126b92e179a829986774bf164e76a30e05248fa4b390fa50b48f3bb64620dfbea6072241c8886e9c464b9de2ebb7c6de09e87b57ff2d57ec16b75f4107bf5219bd
-
Filesize
328B
MD5e409fb580d91ab0585a2a61ff55d2313
SHA1206b3fcaca4e8f8362a5be21731caa7797736ace
SHA25679a6b617c5d440a414e94def10d4acc926d09fcab43990f2141b0c68414f3d74
SHA512de37a5ce29b334f6b9f0513a619ad26992d8615f9d1ea48a5aedec278bc5ac703403255d098a82cfd3b0c7bac52bf98e160a999f98cff8f8d76e1461c32abf30
-
Filesize
1KB
MD5adbfd48b176b4d391bfb264a1275bda2
SHA1e3eefcff5c020d07452a660fc1493171e592ef58
SHA256c88fe07bcb7af0bf08df26b4e00458edf72e03f9a1c8d0f67b09228ff375bbb9
SHA51235e3a7504fe1f920ec72590754699350ac7229f30cc555b7da65bcfcf517f92c59dbb49f7eda672377bb26a10ac384e806ef0233b4573717350a35b7a579e9c0
-
Filesize
162B
MD5b423af9d7700b913375436b6eed00254
SHA119d8b3c86ea33ff6a65b8bf121f09ecfa869e435
SHA2568e797c19b2073e60f4f5b7d62ee2dd314c00212a82f337309a10b9200d52d4b0
SHA51281a5c9d7ecc7ae767c4750a9c320332cea3369b915dcb58680118fb32383c3ef40f889dbfd77a3ef06532175170907ce70cb41d40249d97d2683d07be1992d82
-
Filesize
586B
MD5393d1062b4d22a5681fc45a68a9b5746
SHA13617b99ff477dd755d33334682d4d7a5d010d921
SHA256b6c93f92383a428426a7527c326d1c04eb1c5ead9e4b1a0358a2384435894010
SHA51270b5a2e38f2becb58fd54a29420de47faa4c2e06cd70f8f42d0b3aceef1c77d6dd509f6884a5f6abdbfffd6293d21006481bf550ebc425b5f8aef7b7750e364e
-
Filesize
124B
MD5d02b7220ce90d7c8e3ae38ae149598a4
SHA1df318bf256425ce3bda38b10def747d53191efca
SHA2566cb21335331e38eec2b27103ac334247dfec496ef6558453ba3e0369aafa8781
SHA5127f6240b48497867909c118770621739c30ebc4f0d55b644c42e4d92816516ca0821abaa727adb5b183fda05bbc3ed71201f049970016ffb1763083f072a85e4c
-
Filesize
8KB
MD5fe6708820fe59ab0aac4dca9b7cb2c4b
SHA160e6febc146a7de0519576b1e872583b56b292af
SHA2564601a1b1779885ae424302d3c6ddd32bdfdd12c3074b032efd9c145158b3e10a
SHA5122c16110ae6ea6ffb85d0b9fda1823b23e9925a6691027a8e65b2cf7fe63960a4bc7ac0c0a3e98ee8ae5329989032e32802882ef084ca15f4be65b4554890e1a8
-
Filesize
880B
MD577ef511c7a7cb8b83067d690b41f097f
SHA1f3139229164a39640d98920c061c1c204f678d32
SHA256f130d46ea70b70c9311f5b9021ce8b5c1c17094ba1669cb4793d5f24ca917d13
SHA5123ca0d69101537ff3e98149c1ad18fbce589aadb7a22b0892a6e584d7be906256be698ef942da30495d0856c7ce6a679bf2aaac9683ed6299c2d72ce460056512