Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
10-10-2024 19:21
Behavioral task
behavioral1
Sample
3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe
-
Size
13KB
-
MD5
3176d1d3343727b075dd190b830013f8
-
SHA1
c6904036b26d4be8cf7d969a6523774e1ae916f4
-
SHA256
86230a352fc6f42ef28276a133bf9cc64f528db0aa320b45a263fd125ef81293
-
SHA512
69c415ef88445ed331ce71b51ecd27e15e01f2fb04d0a249e81074039e91af1569b18d3574cea57869e3ce540f796d756150015a5b50df6a5294cb5f21d7c3cc
-
SSDEEP
192:Zzdrr1FG1WDCgmjPZSCxOnb8al6RBalhC0+cMa27OYYaOCIX5jj2J/e8xrX6UA:Zprr1gkDCgS/al6RBsEcVg48frX6B
Malware Config
Signatures
-
Detected Xorist Ransomware 6 IoCs
Processes:
resource yara_rule behavioral1/memory/1804-3-0x0000000000400000-0x000000000040E000-memory.dmp family_xorist behavioral1/memory/1804-8845-0x0000000000400000-0x000000000040E000-memory.dmp family_xorist behavioral1/memory/1804-8844-0x0000000000400000-0x000000000040E000-memory.dmp family_xorist behavioral1/memory/1804-9077-0x0000000000400000-0x000000000040E000-memory.dmp family_xorist behavioral1/memory/1804-9078-0x0000000000400000-0x000000000040E000-memory.dmp family_xorist behavioral1/memory/1804-9079-0x0000000000400000-0x000000000040E000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Renames multiple (2209) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
Processes:
3176d1d3343727b075dd190b830013f8_JaffaCakes118.exedescription ioc process File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe -
Drops startup file 1 IoCs
Processes:
3176d1d3343727b075dd190b830013f8_JaffaCakes118.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
3176d1d3343727b075dd190b830013f8_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2pheq6ZBMROry17.exe" 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
Processes:
3176d1d3343727b075dd190b830013f8_JaffaCakes118.exedescription ioc process File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_hash_tables.help.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\wdi\perftrack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Parsing.help.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_split.help.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_operators.help.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Command_Syntax.help.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnin003.inf_amd64_neutral_3a3c6293d0cda862\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Reserved_Words.help.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_data_sections.help.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\AdvancedInstallers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00e.inf_amd64_neutral_0a4797d9b127d3a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\ru-RU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_logical_operators.help.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep00b.inf_amd64_neutral_2e6b718b2b177506\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_neutral_3500779911f7f3ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Variables.help.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_format.ps1xml.help.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_operators.help.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmtkr.inf_amd64_neutral_8e3809aa77440c37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd6.inf_amd64_neutral_ce587aa61510da51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnsv002.inf_amd64_neutral_6ca80563d6148ee5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnts003.inf_amd64_neutral_33a68664c7e7ae4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hcw85c64.inf_amd64_neutral_96b71557b416d04a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_do.help.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_While.help.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wiasa002.inf_amd64_neutral_6429a42f1243419a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Throw.help.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_neutral_7499a4fac85b39fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl008.inf_amd64_neutral_d225e15af1a594cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prngt002.inf_amd64_neutral_df2060d80de9ff13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\vsmraid.inf_amd64_neutral_be11b7aaa746e92d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\slmgr\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Switch.help.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00x.inf_amd64_neutral_808baf4e08594a59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnsv004.inf_amd64_neutral_fc4526bbfbd5feb1\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\Engines\SR\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnhp005.inf_amd64_neutral_914d6c300207814f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnsa002.inf_amd64_neutral_d9df1d04d8cbe336\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\sdbus.inf_amd64_neutral_735aa3b5ee832f62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_providers.help.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmdgitn.inf_amd64_neutral_09132735f1063a47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj4.inf_amd64_neutral_c150a510c4b85ce7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnnr002.inf_amd64_neutral_37896c5e81c8d488\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Command_Syntax.help.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_wildcards.help.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_History.help.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky303.inf_amd64_ja-jp_b054bb0d59e0a3ad\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\rdlsbuscbs.inf_amd64_neutral_351e56205fd4c200\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe -
Processes:
resource yara_rule behavioral1/memory/1804-3-0x0000000000400000-0x000000000040E000-memory.dmp upx behavioral1/memory/1804-8845-0x0000000000400000-0x000000000040E000-memory.dmp upx behavioral1/memory/1804-8844-0x0000000000400000-0x000000000040E000-memory.dmp upx behavioral1/memory/1804-9077-0x0000000000400000-0x000000000040E000-memory.dmp upx behavioral1/memory/1804-9078-0x0000000000400000-0x000000000040E000-memory.dmp upx behavioral1/memory/1804-9079-0x0000000000400000-0x000000000040E000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
3176d1d3343727b075dd190b830013f8_JaffaCakes118.exedescription ioc process File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00780L.GIF 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Lime\TAB_ON.GIF 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\Servers\RELAY.CER 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0387578.JPG 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\lua\sd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SPRING\PREVIEW.GIF 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR5B.GIF 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsFormTemplate.html 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\FreeCell\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01931J.JPG 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21314_.GIF 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\LoginTool24x24ImagesMask.bmp 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Sort\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceAmharic.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\VC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full.png 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierDownArrow.jpg 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_left.png 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21400_.GIF 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\PUSH.WAV 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\4.png 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files\Common Files\System\Ole DB\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0315580.JPG 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\InfoPathOMFormServicesV12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\DADSHIRT.HTM 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\plugins\access_output\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\EmbeddedView.jpg 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\TEXTVIEW.JPG 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\DataType\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsBlankPage.html 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files\Windows NT\TableTextService\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_LightSpirit.gif 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099161.JPG 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0313970.JPG 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files\DVD Maker\Shared\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR51F.GIF 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Program Files\Common Files\System\Ole DB\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
Processes:
3176d1d3343727b075dd190b830013f8_JaffaCakes118.exedescription ioc process File created C:\Windows\winsxs\amd64_prnlx009.inf_31bf3856ad364e35_6.1.7600.16385_none_4b628b5375ea75dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-printp.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_abb63d4dfe478815\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..ortingapi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e55acb71ead1c2f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-native-80211-netnwifi_31bf3856ad364e35_6.1.7600.16385_none_3c62c8c0e6327a5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-rmcast.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9a9d3ee6fc5cc973\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a4c9c9294fb161c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b279b74d7b64cee2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-security-negoexts_31bf3856ad364e35_6.1.7600.16385_none_1434ded81321974b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wialx002.inf_31bf3856ad364e35_6.1.7600.16385_none_04a3e5f268636849\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-g..cy-gptext.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4d53ae3658452e22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-msident.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad0baf5d29cdd8d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-netbios_31bf3856ad364e35_6.1.7600.16385_none_b5d6a9d184d05567\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs.resources_31bf3856ad364e35_8.0.7600.16385_es-es_62d5e8dab0b2dc6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..esframework-msctfui_31bf3856ad364e35_6.1.7600.16385_none_90e0e8d4377a2ff6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..utoenroll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b9af51d366400194\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..rolviewer.resources_31bf3856ad364e35_8.0.7600.16385_it-it_a5ce1aed177be6e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..idmanager.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ff8a9baca284605a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-intl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_21f4c9c99f29759c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-p..ment-troubleshooter_31bf3856ad364e35_6.1.7600.16385_none_85fb12491b62c9e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-pnpinstaller_31bf3856ad364e35_6.1.7600.16385_none_92912dba3d7acd4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..epc-sensors-service_31bf3856ad364e35_6.1.7600.16385_none_6e18bc60a12bbb18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-n..on-hkmsvc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_df3eea7bc320443e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ntshrui_31bf3856ad364e35_6.1.7601.17514_none_ba35b3e012fe4f4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-setx.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c40d25daeca7f30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Data.Linq.resources\3.5.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-imapiv2-legacyshim-mof_31bf3856ad364e35_6.1.7600.16385_none_3af3f269c22f8b6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-n..kexplorer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e393513a419397ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-u..dem-voice.resources_31bf3856ad364e35_6.1.7600.16385_en-us_49ed934cce6107e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..e-upgrade.resources_31bf3856ad364e35_6.1.7600.16385_it-it_484a5ac5d5c1ab46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wiaca00c.inf_31bf3856ad364e35_6.1.7600.16385_none_9ac8d37e98daccea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-rasctrs.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b322e15cf64cab9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-c..ent-xpsgdiconverter_31bf3856ad364e35_7.1.7601.16492_none_060bf0a8d4bc1f75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-qwave.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7657e81062b18289\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\inf\SMSvcHost 4.0.0.0\0404\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bebeb572af940bcd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-e..e-ehrecvr.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a09dd6ebc4e4c5d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-mp43decd_31bf3856ad364e35_6.1.7600.16385_none_10281d340ae2249d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-runas.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9a72c22be2fa8eaa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_wpf-presentationframework.aero_31bf3856ad364e35_6.1.7600.16385_none_325a15ba69e4e34d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000046f_31bf3856ad364e35_6.1.7600.16385_none_5ab789c86ecd49ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-mpr.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a32548cd17dc0d6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\Heart_ButtonGraphic.png 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..rpautoreg.resources_31bf3856ad364e35_6.1.7600.16385_it-it_672be8a37ae626bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..ini-systemtoolsuser_31bf3856ad364e35_6.1.7600.16385_none_7ca09f65fd387e58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-n..meworkapi.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a815d2a2476277f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-shwebsvc_31bf3856ad364e35_6.1.7601.17514_none_081bdb4d6853100c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..er-engine.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_420181123791bb85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-winsrv.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d2e323f10fc3c0ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992\Windows Balloon.wav 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..installer.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4fca51c9a68789a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\msil_system.management.automation.resources_31bf3856ad364e35_6.1.7601.17514_it-it_1f8f90b34e4e9f06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_mdmbr007.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_473c74c593d7a9c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..entsnapin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d8ab542b5dfbb26d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_it-it_acc694affd2f0026\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_scopes.help.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..ty-syskey.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5f424feee4283fb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\96a8bdafba9f9d3e33cd974bfaa67e58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-tools.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3016c13308503634\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-c..-migregdb.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1ca70dcf3b660d8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-halftone-ui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6eae29ee4c1be3c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-u..anagement.resources_31bf3856ad364e35_6.1.7601.17514_it-it_93f528ab52d8cb6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
3176d1d3343727b075dd190b830013f8_JaffaCakes118.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe -
Modifies registry class 10 IoCs
Processes:
3176d1d3343727b075dd190b830013f8_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XQZGQTSALYMJBKM\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2pheq6ZBMROry17.exe,0" 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XQZGQTSALYMJBKM\shell\open\command 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XQZGQTSALYMJBKM\shell 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "XQZGQTSALYMJBKM" 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XQZGQTSALYMJBKM 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XQZGQTSALYMJBKM\ = "CRYPTED!" 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XQZGQTSALYMJBKM\DefaultIcon 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XQZGQTSALYMJBKM\shell\open 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XQZGQTSALYMJBKM\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2pheq6ZBMROry17.exe" 3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1804
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
547B
MD5c1733f02e7c0c1b7667259cb416cca3f
SHA1b2df7bfccdf956ec1de3cd442b92b63d450d73b3
SHA256b50ec7fc28573b36a16e85895fa563a8272bf7c50203274291ccd75faa52f5ac
SHA512d175a6958d01dbe9a66c2e0f0881e6ec15c33cf899eeeab842c6d46e39b91a4d8395509625291dfbc99e28febce5e6145296e9015f15b265ad637e64e7641992
-
Filesize
341B
MD5e079ea79befdf5dde2f7b25cc0269168
SHA1aad0fb9deb2aba6781de52d854a2bdd352be6b0d
SHA256472ad1ec13136764a2010685815324d72f8cbec391dc98e9d5c922803346ff7d
SHA51225842db47470f8d5e66a51ce17dff3894fa128b44b60fb6a1b6abfbb8ceb95c3d2e4163069fd3a7f38850c151f981a6f915b084799be399903a99e60fa51c1b2
-
Filesize
222B
MD5b9193c9f86938ea14e5f90cca8fbdcea
SHA14fce3f98fa09036d729038a7e8c63d7e22329f98
SHA256ab2ece61e457a16de5c7845da74b2564244ff282d6dc6117cf01bdfa9b9f07a5
SHA51230b90d5d8fb9c0cd1eb70e2657820029e250764c8918e068343c56e728324ba4f1846159117697c14831b45d98d1fed9e08d4f04db9a94a28d8bd57576edd476
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD543449a0c85eadade4d14c84e78ef49a4
SHA1fba45a19fbccfa2b9755b5a86a1fefe89acc6400
SHA256b89e11b054700975c2d6a43c72c66c4d354a8416f21b55b525edfe93307950f3
SHA512b20209c68e48fd47ac25aee92facb790fa3adada4ed9081da626bcc66d61baa790764bc63bfb22afc999550b9b749c202181d56d27a7bf2d8b639e06877455fe
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD5a04c96f2045f98ff02ef2e518025d0e0
SHA1f184427be28f843cd2546698c1de007c9298210f
SHA256cce352f7b40ee73a0244992071ab5780fde951c709aaaaf4d64e8f3f926349f8
SHA512a69ff8dc058ae6f9316ba184d8c388918793c54e97821860ff0aa94c4f8d479f2cdbd26cbb52afb52fdfac45cf398582b6eee8777cfc2bd11eda99258fb64185
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD5af0d5bfad65e5c01c01d73e5cacc63d2
SHA132ad82f48303602b5b7560e619a3f543a08b8cb4
SHA256b23a5661c7e5a14fb1efa38d8416f45b07b4f6ae33a202475fea05092917da19
SHA512ccedae56559b06300319eec06558221a943dde12b83ad937323164ba35cf94c4f9f53ddf1b090247fa82e61fc3cef7d2db9897ea4d1b9e29203933960f65b47f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5d0a9e2a1ffdf4dc117f0efc049cb1d6b
SHA138414c357929462405e2701f739fe75261f10d26
SHA256991d6a3e8f31c614aa6f334a571ec562b10fdfebe7cb92269e24cab4985ba0f0
SHA512d3d5238e9969ebb78f27da5d8e56af8edb892b35ac9b5833d1153b08445fc96c627c04469ff48b77ec343350c2e0105ec4e4eb42b84e20dc18ed9556785535f4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD5fecb2ed589f73a874a69f5b0122d80c3
SHA1557f8d24e3cd82dfd77776a77cec3ecb9211ff19
SHA2562798a017c9ffd89cf77501569de783783ccab418a13fdf2f312efb050c15ba49
SHA51272d01c374ee57079180217d5c47d2ce2a7bc453d00eb7db2eb232eca57ab6456bed26978d08c6e2f7968d5595bd8d275022c3cf5bb9557bd65f7d82e87888bac
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD58c58f65390953bcffe25dd87f9a9d786
SHA12a0c5b97bd1b4328334fb48430475e650d5c8a81
SHA25654bb7347dc22c928c0b79f0129e060a78a56b3e49a393962664b428cc29acfa0
SHA5121ba2daa6566c8c63b4b2d18cd4b90418a24a99c8a95cf9b92645b2e317b7f07df6505fe905c7b929e8189c0e9b018f0fedbd4f9fed8076fab37287da246f4ae4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD5426084095e99b265caf29953201e071b
SHA14e9defcff2e02849122111bc05fcaf955b88392f
SHA256a68d3f1827a5ad347341bf228e523beb13a83ac2813c05941e1519470a75a9cb
SHA512c90e7a91623b1a74e96d41a8a7527ed44162a968d1778412aefb2fb9b855a9d2c575b2da67c5561e2fcd73783ebd1ddf753a18da6adb6cf368ed78ced7fb79e6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD56ebf5e97b5af01e00c162f2501f1a621
SHA12db0a088ca5233639139f98350106dfa24c3e59b
SHA256bb7a3715f0534fc0ff72d1d2b12f94fe0deeec1e38c2ec5867e9bbd0ab72f4a0
SHA51258990c60c3c2b0549daff82e8ec5f170f20d14bf6974c9252dfd67a429081a3fd6062e02860a1ab1be1ab18783dda83e638af73ead2ecc92f0404b0e40f2b51d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD5c1ed98ff53f89d2790a92ad05508dcbb
SHA1fed676dd0ffa0c7b39f2f1247d7093a5dc80543c
SHA256788d139ea0633914c1354ac9f17f638ee39074e0b94dd21f05deab3bda142e0c
SHA51225ce354e50a8ebc6ddcdd64ad5473776b993bba186965b03aa2fc46bbb5d592db5f087359049c966c71408dcd8318b05001f7d0eeee1a57e078049084d90c450
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD5ad25b3fd59f4db86b0a6cc8c70e1500c
SHA17f2007c753af4e6fc2fe9836011eed3818620ff1
SHA256ddf5dea3bd6d7ce45d4fdd1fab9acaa96370e789c82bb3ca6c26dda6638c0995
SHA5121042e93ae3241c859573598297e213606792ac5e9a01a2eb1a525b9fd738530a4eed772ed8fbe536c79f4a85ba34685878bcb1299ed02e9e3be26c81f9237a61
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD517b2a8d7947616b4c84e03a618948227
SHA12933334be0635fa7095d1a0619ae6c56cfabb73e
SHA256aa9706fbf1478d85f081a84bbc73aa84ea30f83babc069046fee5d66a8100d9c
SHA5123c806633401364743136f53b531bf23ea41b4e7c49f2ad9f85015daa475e7a545ed44e93366ec0b62a661374901ab438aaeda86536a0483439732586dd81a0b3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD5189b88dd87175fc4f8d916284f32419b
SHA18551f1e5fedbaa96dded25780c6d5bf0a63f9a17
SHA2568fbef7295a8cf5f1c8d838da5a2d8c8cd98982ee7520e623ada6fa012c65bdb4
SHA512dd0b48e179782aab44f8ac69ec5afe00b8820b102f447762e2b25551d15189a04c7497e2f6be10d75dbf3d4a8fc652fb154e3a1c3466dde5f7d0c936f568630f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD5377e63e80673ae7fb7aff0ce97a901ec
SHA1d22a1df98c8db9561bf9e17fe59972a412469bcd
SHA256819500c3e4dca9885c82663be9c846e07d97474967cec0b41d78cafd6e8ae579
SHA5124675d2e80172b10603fe20d013489961904d4288d47dee3ca2606b1ba7240e6a0e0c0c503b349d63a8ae8b564a3c96e99975fb2be16e0e0994244189c5905c41
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD5e5aa8ef8b15fd8457e4820f0d076ea79
SHA1f25d806d333649e9fbccb89000de9d2a1eb13dea
SHA25682ce08482af864462d604af9a81b0983a31fd64c918eb6f92e00703172b8820d
SHA512633e55080d5137da417150888b95c0f3f99bf662594ba54793a412806de812f55a86eb76114fc0fa62e126aef36e355aece037590778b27ea07dccc6b1fef476
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD504eb0e4fe1a68f9852041cfbd2aa2466
SHA19c6cbb8ccebf526c6dc93790ee027faf3c019678
SHA2561a1aa3539fe29b4c938994821c73044d587a4e9bc1946513c5b599358db7fd5d
SHA512484b062e5988547a793543d7aea2eeb73ee0564e8a4c86fe82a0f0fe8677d91b0a0e87ed10f5b9b5c8d5d4745b0add7c6039b535c59a5ae852f3703c8c61fe6d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD5706b11a2c0012a1423fd6a2c9653dd94
SHA159afa31427b2328c4150c427c561f85ddc80e688
SHA256f74f64f20aae3e4734f8db0fd203b1f9ef2547a02ebcdbc73376e9bfbd38cad8
SHA51292bc03fff3b65d8170dcd8b83fe06f3ec52263cf17bb20dc9079d6f5957e367502eff15a2e1ae6b88246c1e727c022a91ccb0a8436ca1ba73ca22ca5a5d36677
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD534a0d52f4a8b9382a6808a66509b2da6
SHA16fb25b9bdaea1ca41bba7869d72b07fa984bc992
SHA256a16a5bdf76e87da8af2bfe96fe114fa481bc85750e78351733cdeeae78e2ea05
SHA5128f31bb6cad4acb6cf1fd056deb81e3a2c0a59f4566e9470849892d578136dd432e0f4de8bc5b5f2736d13606f536f285d013731756c9fe35ee7ed570b8138888
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD55b770675a78a681e7786e9a5e2efc5b3
SHA18722661c97ea0d4f5c3b587075d6e1c4374a30cf
SHA2569ba816e9b0c47d5145671f99c06111ac5b4351dbae36b24198a8af1ff26be43c
SHA51253d841242a1031bb328ba5c497c7d4bf72a2d0aa29e72fa820663cf40abf0f14a4e351723f6a690932b75c7b24bef272280784f98ca38caddf823f03c402e8bd
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD50c734b94b7c5e578d123fae5f4041fd3
SHA1b749aff2d33e009ccb26225e73b3e44a2d5b9148
SHA256b9a068ad338c1f6a80a08efb4842c3565c03e1fbc78adc986fe8c4b846ce1a58
SHA51263f5caec36f64feebd651f072aef60e3e1e22aa1c82debcd494e81ff9406e141a9d2d6bc55ee3a582b7b6af9fa3e740778b1ec62c3795226f12c48e055819e12
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5f1764630c9b34cea453bcc2d82084857
SHA19c35fd0e9186fc0577328e14e994867c6c0f6b67
SHA256c4e7c46d6e5d140afe33dcfc40f6dfb1b6e967627d500f0b89a0245c5290b909
SHA51280a49db03e9228d14a03d1695ddaf5f700bec84adbdb9225b3921f585158215815dad17399e3df84d084f6bcbf3dbc1dc0ebad547ac7e7087afdd464983119ef
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD5176792168c7c07df7bca28bf89277245
SHA174618828edd5435b3257989e381822ef7a973406
SHA256a4dee41d001501e9fa116da0dccd95f69e1fd7656a22d0147567ea6e670146c1
SHA512a521915154c569288ec04f11a2b8c11e481a7f956568e86ff0f33c3a46e1106d9fb94a75d4613aa261e8bb4bd264db215ff97521fbdc593c9adfaf106afdab98
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD5d68a5149b235d984db07a21a0299b4cc
SHA122c07a49c5dacd24df1659ea22aa90a7c4f20e94
SHA256cb2e51ffc361343aed3866dc38c1bd06e382aa4139ae7d44a3e407861e500e18
SHA512600c178c6a95b69cf6704a80cf97e221fdd4239d90cfd83340543634fc0293382d1203c0a56e2ac31143c2e6064e083f4b2b0b913a2700102679ad2f590269fc
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD590e7e77cddf7f343b7ecf97ee8da8c03
SHA10481c57f52ae010348e56f907aae08c34b0e70b2
SHA2565d46b2a6d1a988ade73e0f370576ace0bb1a37f3157ee997c51f075935d4aa14
SHA512eddcf95074c1409b7eefb331f17af9d51317bdc944aad59ce84327194fc7ed266beca7b1631aaea5ead02ecd47ccb1f1f2d96554c79b32b061b88949ebed9cdd
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD556a7b49a1a8efac15763d3d6bc94e663
SHA14d63b746304ebeee6bf6ebccdee4a9093d41504e
SHA25600e899b06be0bad6b3bfbc61245f4b0f658b71d58308171ab9a61133d216148d
SHA512100106b1bee5a0a92c6e1b2fae319f9070a3db25b12e655705a95b3ea984147cd9081f1168c9f1284300e0d558a8eebd8ae40b9e2677ff784a6201d976d21790
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD51ef485102c374a50bee9369cdbba9089
SHA11b70cfcaffaf142da91dedd765d4c46c3c37fde0
SHA2565f3e018b077ff107f185c8f8715f79c98a0a12f7aa11f96f0c0c9d0d3fdb5934
SHA5124ba1dd4308d6ef7a82d31f5dd15bd25890dd36ddb219328f854ff547f50841961e1f4a1e25aae5cf2bfbb70411f19697514211be048852005544fd3672c0d1e3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD580432f7776bade726e63d1e81d2e29ff
SHA18a139f35db23c5a833ed556d5800e9a07496770f
SHA256941f955a08139a11158942258d09a4cf923df540a2ad9fbfab22c87a33bb3208
SHA512a1f3a4961e886d5ba32ff9aaca0f5a5a59ce844de0fbb2f40a0e2a42c25e861b65491f61de17faec6b24bdd6b4873625027d090ccf5405651ca7844009a9c103
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD5de3dd5ce352ee7a4b15f4beacd4978ff
SHA11e2059fb29f55246adb91ce05516537cec5142be
SHA256ca57c445f5c39aab5d392777bb20bf500bb2bdb361ff5d7c320ae4ad5e300e53
SHA5126d6153d3d6463a14250df95e89c399ec16e31b1ec253bc64b66f4498b7cb1f5172d8ee9d9c7f6df17dd94ef761e07bdb483f8707318b505b59baeaeb1fef7dd4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD52de9bd51a6712b9798589709269a83fd
SHA1258ec8051caec7ab1272d40575eabcc43a9da0dc
SHA256a36ce8fdfdd30e795fc7b2cad2410719df633b0c2ff629e1f1f7e68f279c5834
SHA512ee235f45245119ec268e9d1c68cd01693ed48e0d1e9461dcc5214258a9fcf4089c83435b0d725c70f622b53b34aa07168de070d1e91497d1d7a34b5011c272a4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD5b921c532671a2e4a8dd21cc2e837b591
SHA1483df4c81ed5db7616adcce52ccc4b5000a189dd
SHA256ce2929a403ada791893092841b0f1a06b37fc9c4f3bcf6bcc6b0024e61ff779c
SHA512a97ef1aad0560d34363e9e9dea6c9736f2cfa8e18b88d9198972fdcc9afd26df5ab0d4eaebc44961c9c02e7dbcd79176cd893d05fce71ca3b387e9ea3cab6d01
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD5abdcc73378ad2355d94422d84a4a96e2
SHA1224546f0ade6a83f6b2028e8ce75ddc16ed363ed
SHA25615553608db0226f723626bb4cf094c5240e39c2282927211188d3b6047d89fdc
SHA512cd59973694df8cb0499bd2a70262ca9eb6af47e0f8ca45f1c30725c00c9ae685afa868bd7c4928d6ffb7042612e3774aa90010c7ab678b3d8bb896a007a612ab
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD59faf2c8ac3e09d60b068076e8735b1e5
SHA1d26ed375e62164b0d6026502a84af5c464724768
SHA256c4ff50fb213b0eab50459ff726e5d2544e010681e644666f532883136aa9d348
SHA5122d6c95467a7a269824047645c99f32fabed16e268f1021f3b3bec1561a37d448bdabf2f592416b49ecd0b24bd5866d0bddfbd2b311fc681c86f294ca82f736cb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD5033d8466e87af87fd4f956930895199b
SHA1887681fcf786628e84b3edf447d6b092ef50602b
SHA256fff0671bae1fcd58045df6820506ce4bff218e09eb7748ce0a652842ec7c209c
SHA51259a587500e1ee570be2b493000613f8f97464fdd373a3f3f9e0f6ab2ebd982aecbba7479221cea576d7c826fb8b537da396955c099e13b6d848038da12794054
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD5e340ad0b6598cd7b472cf73ef87dafc9
SHA1db0093c3fc67c6022d1f62c9425c5b8a498dc4c6
SHA2562a28bdc093f80730d4cafd8c3d856d5cf403b821256fe664ee7ad15a06f66aff
SHA512092b1c463fb6834fa1ea852e1c7091d2d5265e332cd855c971a0a64b04915eae0e4e0fa5bd2f7e1406cca0c815a9ce1c6e86634247d9b9082b3e98259f6fdf92
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD5df5ba98b6a39bcfed0b95e916a741dea
SHA17970489192b9e4145a7eb299d89ffb0b9211be41
SHA25607a2216c67175794947bf370e3cd65cd19c5b16b29184d35897409ba13a676ad
SHA51217be1da43df47fa8dac8980b6154f5a2287ea0b8a3998ceb0f1261f3f703e579acb510b1f5a9f87eb591087f9332d7cfdf54814fa68b2e1df04458cec6d8f7c8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD51043acdfec3f6ad4a07a27c26b359e0f
SHA12125cc76df58e08e4abe049db806ffc552ebfe1a
SHA256527f1c90320cdc47d81e212645e3205509bf4db74232e79b2a0cf2df1c333339
SHA5123a46f60ac134be480afbc0c8c55a41aca6d63716537bc711c87fdc2ce5975916a04a6484cd6dc2fa829be74780e041980ae45358aaee8e77fe177556f0275f6c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD52aa0f4e13fc1d8fd5ed0fd3e4f5eeaa9
SHA1d3252732fe379f5e11a4dc78942e933ff53f9d69
SHA256df97d0865af3b67acf8b830ecc769cc8df0d806de28825aa407304f729c650be
SHA512968952f2cbcbd95ebb31ccd569cecbf903af3a51f31d8b13dfee86f0c7f0f321043183854d8e090ec5d5b901ce96a98a1b6c03936d40b1cb0da7c4784995bee1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD56da0029baa71de7494a8c15d2b6b44b2
SHA13223c77a0f478ce28c46cd1e27e392ddda8b4e61
SHA256fa8ec84274702849dcea1ab234bc7bca3b2a4883bb169aa58909e686b70ff7ac
SHA51234a7a458be7412a1140e5ae89580649f57910b6f75f045f5a71d8fb42e97192cec7320c18a00a1205b4bfad576233690b907a70fdf9e1e43a7df7afc6ae38c87
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD512408f0bdca7efa704e55ce723981fcc
SHA10c9a0b6bc321dcdcab2a787c838e628e684bb105
SHA2562d291b19f819f6dc35b5664014002e1d96f5894fbf2ec9b265a2ce249508c6d2
SHA5129ca58637fa0ab7d8b3174beb40f3f7070739724b95f37b21e5d75e785c26e40624ab80f00268c4385930b9dd623197cf5e52f032805df9f6fced36e3726b9764
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD5af31e7c471462e4758350876dc242327
SHA14c9d3af9167d72c7b7a0c7d6e52735cd858e4559
SHA256470b76f86e880debc1e13bffcfc83f3f6f33886e5b7313f40ff8dcbda27ddb57
SHA512ba9dc710c3386731c00abb241ea4b0d621c84c3923db423dba0fba98dd35cc8b04b824fccc23b0f6de3989fdfb6d9160e12d42b342cb9fc2208151cd3d9ff3dd
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD5fc016a62245e426158bc9a71798b32b7
SHA1e689be4b6bf90459e4e3eb93816efe65ff05b973
SHA256cb174d5b932301a19d4628f1b406aec79587475e4f155cad9cf3702b3e44ec4a
SHA5122bade9fb5e5b506472a5ac0acf4e771f6b097e9b1baefdb7f0d20bc0938d4017d618a317f592936a4a48c49a2003379ba012d82974e5123a677361bbc8d97d6b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD500e413f83010c3814dc01873ed3770cb
SHA1f4695a3c3600234729d83c67ef2195c45055e28b
SHA2569686b1b4bad0cc20bbe14cb9778be48a48dfb177950ed4359160a3ce842ce778
SHA5127b8d4a2e769252a72000f9ed9bf08d986e3a075d195b8e8e34624bfd1e0306ff00be16e8b4a6dd80c088d6ddc621e5568fdf142d20397122c364566a349b0e02
-
Filesize
580B
MD55bad4c5d9825a5a27bc3c54edd369db2
SHA180cbb53aeee06287f76e294747201fa5ecd91205
SHA256cfe2d6902902682e03bc0a5d1f1cbdd1beb24ba0077487bb01996cf52c1e1b4c
SHA512c5a13432e9821f0632d34e382becaa45429539e8d0bcce7f91be1f9d25ac45a047838d1ed7c34bd896688a5be6a08e84860304ac6451497526ad8ab3725e9176
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD5f7e012e61e5bd9286b815bca14369b22
SHA1594d21e6394adfe5349a02fbf862c69fce867f2f
SHA256db94499c13d4ba6206d1314ec48ac0ceed901b728f76fea09ec0dd4f19b06ae4
SHA5128fadd3ec1333f704e60c9f77b296aaaf191d21a6c74a23d7537ac42e595a8a27a89a77c4248873cb3f27921f0b2913cf22dbfcb5aedcca81dfeaef3a409bc9f3
-
Filesize
625B
MD58e5d3ce64a2ed519fab7566f33158a93
SHA111fcf37134391c855382babb809ad02bfe6c9e14
SHA256dcda0d0a121f6bde038eb7699b3d01c6f542f0c4a1a58f809166ec5a7640891d
SHA5121d2ef6c8750a5b73b72061b626c74565827961d7a025fe806c931667d553bd0776f8e182ae819836bc2f6f1f1304690a8633416f15dfef8f2cde36f7fb4f2f3b
-
Filesize
873B
MD56249cbb5269b0075973e321409906575
SHA1eac9f3c5bfbcfc8c253c0637fc3127c5e0601157
SHA256d893275c57041112b18cae7eb273db0c6cda4ec087d23643d66ffefa6273e5cb
SHA512e966ebee102505cab13b54ae3a1cc64fd2086d17e5e2f7daca7e8b00a1002883ebb220297b36d20807ba92d1de3e6244199e04337b79d399b467ca021a1232ae
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD5cce1d6563c9d333c77766d3bb22fbb9f
SHA130364c8839cf4cd95e6fd4073a2e0d4ca84e8974
SHA2564ec42ff3d837360dae81e1cefdda483619d2c93ffede95417c06edf844d7870e
SHA51257294e98ab97cd2a25bd8f451a1e60aff7d0a0d46437b1b759e574281ed3955eb50d6a6b7e4ed70c82acfd3320c95c4fb9ee929135d7b6dfdabb4900af8947e4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD58b7139c3cae57337ba946240f1d43fe5
SHA1128c2d6d1d1bf76bdecd61db13b542402f89425f
SHA256c258e7d0df08e20e30d78eb8bcb1b1d1b31f537e3c912838c3f467f723d0c5a9
SHA512ee52118332a999f63e9558b5088297290d73770af92052514e6aa18dc31182f678600585b312d15e6d554c8995b05d376e85913796bc9a0e38d9cdcb21120644
-
Filesize
615B
MD53545a2baa730347e702517a935419d3d
SHA17fda94d3c373bdabff8a2a6a029c1a47ef415cf5
SHA2567efe68a890ef5a9152ddf99dc54e7817c0eb2f34cb844c8a873048b106544840
SHA512914662e87d92943bbc5890bd43c0cfb47a9db648b9c91d89b196ea01e51062e381188a1309525e81583bd85d20ba1b15790dee119b02e20072fed64c958990e1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD52e313c950e27aa805dbd9e2c05565da1
SHA175a363f28a1f1f01eaaf412e91293c0e307efabd
SHA2568f7467036bf2c38a42743e5ee59ea57b55b4bdde76f28ea293a9a735e9e29251
SHA5122ca46e7102f91b20c4e6269e32f6acf87af78a5cb2b9ae8832dcd5caf07f96d96da188a9b3e6deab58a9bf4d9d18d1bf67989451f720ae2283490a2e2ea4f4a7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD57b3e1a28eaff8edaf5fd781e4789a4d0
SHA175f614badf8393c02335aae63697fad61255423f
SHA256930143362c2d16f73657c71f440a4fcaf33bf8bda8abe47f4a2faa942e4cf428
SHA5126d2372aa90b131c7f6c102808bfcd7a092b907b622d46aa6f07b124f1399d0760c0026730e2d27f3f04f9875a81126fc4ab0e9bfceb6bb15bc04dcc162a41358
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD53a4377fa813075c646a16d42a6e1c15b
SHA17fdf571d8c98993d331d6c9aefcc122489771295
SHA25633864e7059410c3303de6255f4d63abc48e06343e06bd79784bf4f44b0904801
SHA512f46a72e51e6479a03cf3c27c1c738ac4989a7a03455a959dfcb856602ef52a4b5e4bcfe416d4356e1e237a3f4738a65fa9597447a40114321dc6143a111ebe43
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD5b2556f87aa1074338a3d4aec0d69141f
SHA18d1a02c4678f68238e7194ae0b02aa38b4b896d7
SHA2561b730e0c001e5907f9809274d7dbe2b80e3bd2c81d5011cd81dd3d94d89c4e4b
SHA512af7a22995fb996b4a10585b64fbb2de27b179c4c3122b00ca7c53e11f1123f3a3bda2adab1301155c1ad25bdcc12cdf4efc150d03d4d77e32df0bd4b951d42a7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD5fe17cb0929c0dfb67d24fa502405eb23
SHA165c98a21d0948f66d57f9818b68f8f5d98294fff
SHA25605985cb206d01e92e890934f4de190a5b0a762d278f6595ed88b02893a2d1d5f
SHA51275d46b96f2d69e4a93ad0fc7c06d0543341f5e6cd20f598b12a1533c400456c974ecd22f5c371bc711a13da2e2dbf4a64b71202c9caf54111aeedd48d05a2eaa
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD5de03e9e8426cba61e79c8ebcd9258240
SHA1a4bc28c1d7718da831256261a22075f1241c8c61
SHA25606cf39a5aff337e6ba20c369c6e75a26cb678449081cb56c25387fb0c2d03209
SHA51276c498161ed8ecabffdc6a7f6e205057b8c646e055cf8989e428f4f0cc35baee8e58860918eb271a08aa939ec4cb18f43d049f0d0c01f77abb04538c9dcf45ff
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD5493d53e73e45664c3aeeac9d1ab41656
SHA13fc826e61882db88ffec9aed84e09a69c0ce1b2f
SHA25602c272d8cd9db88366478a4b60022add64996aee545ba02b3ff6354cbb4c28e4
SHA5121f3838206beaf0ddafaee4e5d435d8ca56132cf3105a67526806c88e5ca7d66c746bbd34c515e21377bfc54e8242cf6767031e575a104c8e9990e50c2290a03e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD568c9605d69656e9def9a8a951636d351
SHA1b618a1af95977c578ba00e76bf7c2aaba412d67c
SHA256cd9a6ceaf45d665b3d33f5e284e7b86814d4f1becfd1df030d08a3c733f3b6dc
SHA5129ae6e41b754f163a0e01bcb3f64f8f2876af72d273fd3a66bfdcf6973553a5df5642ee69c775fb3844b412ec3167465f477ccd6ce5392dd898a6a36958797431
-
Filesize
153B
MD52b6407f2705b35a5284f0707b1711175
SHA1a72130ec9f28e910d61c09bd7206273d2aefa555
SHA25687f2d20133ca3f2b00cc9b57b2215706cfc49b66580ba86fe600d41e76c584a3
SHA51275bb0cb73459eff13aa47104763c76a673e8cfaaad5fca5e3df23213841089e897cb6c5a9252566fe2fd4d97ebee6cba10a91245067a1ed2ef143c16ae7b53b7
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD548a7a48d2c2ed111d3114c6560dd6518
SHA11294d5ee581a2148d5e35385362846303a1e17ab
SHA25618fab4c6d9ca7cedbc0c6a232425256d7e4f9777e19e6e2c85976f4de34a85c1
SHA5124127aabb2db4034de22f5bf641e74793baeb2b3444920137e0b42b05fc23509abaf897da030c454138090f9880e534258931d6ec0fd8071a13452b884a97d95e
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD5c26da077715993d6c91deeced88aefbf
SHA1d614ae577014c37ca566010b42ae24cc87418d50
SHA2566e28f8432a6d17ef6a2538cd8b0fc2c5f1d8b0757a1ef586308af2221defa7f0
SHA51265a68018a893796672eca63a2cf40b69cc68a04b71942be384a7733b14a5cdf930955b73cc54bd21a698727601f3da1b050cd8443c2a98a61b293e9ba9c97dbe
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD52a4444f10c814fe3911b8f12e739bbf5
SHA1d5b2549502a4a4ff522652bed96b695f44639ae3
SHA256cfd445106527f38f3828d30c84f58e639773978081d8e10949129c77f4ca75c9
SHA512ceed707b3dcac71a66b6fc8fdbe62f5e42197bed8c87b0e1a76ffed8464b5a77a317ff61aacf91098eb763ddb46fb2a1e904936728b6c6338a90fd3ddf7c5945
-
Filesize
109KB
MD53474714a98ae7dcc50ac3bc7aa9e66a3
SHA1d726e3e5bbda6920910c3d8cb747a5160a83545c
SHA25670dab0bb403c0fa25eccd6b73001d76888353a548c6bb44541d8d7165bd66589
SHA51272830ccb3468966d8ba180b57496ad0dc884b590ba217f55bdf99d2edc0e50a89dddfe4db43abcf8d8067731dd7b1b7e053083300a2b58e35f9386d0e4fddab9
-
Filesize
172KB
MD596798d8dcdb915982a44198fab26ddc2
SHA1404b539e2d334a9b4f498571567cc3c286e8ad57
SHA256cebd48cacc7a0b619d2677e852e082af32abc2c5d7637f64af1e484f6cb6cd10
SHA512db0327cdb54fd9179089beebb35314afadf351890c1b2dcf660fe181360bb59e50aa982e28403628a162053f767e029f4013d646bca0b8c0f1f6e300e51aecde
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD5246a4650c0d90b47462a9a154b6f93f4
SHA1069ea97847141937bc7ef73e66c09bd475bb5ac1
SHA256e7aee5099c59d58fef9f886f7f9e38b62568e8653ae3ff994eee264f5f3082d8
SHA5126c4fd4a92b66d17268f4560d8f5a62e19d3c1700698a6b1bddb96b76361946953a5637acade393dfdd57d5118e4be7862ca055abd865d699930adce3e8448e62
-
Filesize
21KB
MD5566c4fafef79fa27979648881dd99377
SHA133ed0b7952b3e72f933c027f993630a32263f42c
SHA256dd8b7ab91b0c0c4b69b5999c576362747a14d0b6a844901b678b38512b0b8a40
SHA512243429bb3a6e9ce7d8534910bba450af97ca3c4a5b43af64a3b7c07762b07fcc46f2b58a47ca230ec05fe330b4ad2d81330447b426139e42d4f43ebad81304ac
-
Filesize
1KB
MD516d1c5bb9ab4fb7cf38bc499c042ecf2
SHA164dfe770eae57621c78fb575c26c2e1611a00689
SHA25677653b8d493c44665ae5e072b89f4a43e947feeca4dd4ae84fc6bc1d61796329
SHA512efcbcb28cc4a20c8e6f95d4f7bcfeccda5233a8acdd240b2c7afa20e2661f67873948f52333e739e2dbf95241294df34a79de518af3568107b45b5e08fddabea
-
Filesize
952B
MD5359194315616a9cb9d017d62cdad054c
SHA161974aa802497320b74099c60ef86efbec764389
SHA2563e25300dd289c6e63f75e171f5b00bc8ed52ebdc817750df920d1b745d61cbd1
SHA5127c0ead9c3ae02c81b0bb3aa5bcbcb3768b766a083375859728d35b97d9174666b8740f794e31758d764d7347a91c982dadbb88f017339bd6d54db62601be63f1
-
Filesize
121B
MD59f7b94e392684435e13f3c4276e66b98
SHA18785735fa2b6d56ad0a6cf83fafbfa3a17ec4d2d
SHA256bd9a944c7939d1b3fa728926501f4c4244966bc61013cbb2ad7fc4c57d464392
SHA5122d9fea76e2f1605e2268d9a944c054f1c82fa80aa2b1426baf0cbd810cf6c8796c2360dc62fccae98d10f1ec68eb1c054ef23e3ed4433de54cea928421b9dd1f
-
Filesize
1KB
MD5b789af83f47258e6b36f61e1a8a10cbe
SHA1ca0e445491bc5820111956a8de4e3b989a58a5bd
SHA25624ff5df068a5f746b3081c0cedee174ec639cc79227f0e6a5816d442d54d95bc
SHA51232271b07659e7ace9b1661c93b8bb5348e1e254e1479ad3e1eb0499bc7a84cfddad71ca9be753eef342dc984f166d4a0d32f66f033f9c3710f0c581e4d96381f
-
Filesize
8KB
MD529521675f26413ad7f8ef50e5ac78029
SHA173160015314e0051dcea6fee8ce9b3db72a589f6
SHA25652cc86818067ad545dff47100368b32838afc3bacb72d82e691e984ea1b98a0c
SHA512d7a1b089505f65c7fe74b327e206c3ff47f59c8133a1a423c3a21d5e984909f44bbe08b26ec951fe9c8a2951e75862c82c655ef4ae798b1901eee3e295d14846
-
Filesize
914B
MD5447bd316ef6b85a132f57e6282ac57bc
SHA1762a390a8805038dbd86a343abec4ad6d734cd57
SHA25643f9c311c93f9efd80adf1a34bd3eeb2a6198c72e87ea01681e4e76ecdcd32cb
SHA5121295e21dac06009c6c9e7f89edd1f835d16f81fce342894a25b9651be0bdf6017a13931c42aac1e2de5c2ee6d1a1552b349729445066aa095e24a05df41c4a22
-
Filesize
328B
MD5ee06255b41dac6d9b5125399c87944be
SHA1cafd3513ed678861d37e267193291ad923511909
SHA256056c2b7a4fc76ca1181f7dd054d10af9f92939366f25e983a493f51ec638377c
SHA512999c4644844af7c0411c35cd7e2adcc00904a6eff5ad8e5b61a60776480471ca238821126a71a75b0a519ac01ada40a0dd556833ae482d9c964e562294caa95d
-
Filesize
1KB
MD5a1b6b7febb3000220a88376ec85e9c08
SHA1dc05ae24c55282fc2432b3901f22a8a822e767ff
SHA256f25878fdefeb7e12b261412172f8ca618d03e5dcc27e927799638ad744d3b969
SHA512c58df5880d01d5ec196e8c129ff99a65185ceb789d0d60b94bfc173b6a47fffa23795e347d522b36329d9389fe156fc9581eba6c0be540bfdba929f66d40a8cd
-
Filesize
162B
MD5931c77d2516cfdf53a7e37fdbb793a64
SHA119a8153048ea31a0008af70e3b3725ac62388454
SHA25672668d4f58833db8e8bb157ad4bec284ec683533e602355d0fe48ec21c64b2b4
SHA5127fd0215dca26ebce197ffcbf5e72ec12045cb7c948cb744ae4d44e0d2ebb796cc87da8c521fb829f33c1e6664cc9b9cff7922a894f7c2e2c83da1ff2f2b24dd2
-
Filesize
586B
MD5ac91ce12f5288ecd6a75cd4656aa6a16
SHA1f619602f45435fefec2f6156ab08eec626d00b1f
SHA256ea8c770163fe5d3c46c1f3506cbd73b7672348e498aefec3b3003cedf7e02d6c
SHA51265d9b27b8a3072b7b0d93470730d9a8530a47d4f1b97f9360477988cad140b7107b6a8cf6422751cade4a0142c50506bc74c9d27616894a7cbefecf3c8d03bc1
-
Filesize
124B
MD53fc5101acc3a06447984a2f3b61488d7
SHA1809286952fa1601bf0a6c38cf6f56338a27c2f08
SHA256220b0271201af03e592e8e1da8d8f5c306950f9b6e226aaffc8e38b0346bac9f
SHA51205c8badc64444afeaeee1c65d64de2a4ac2c8ca9f23714fd62c09381a0cc4e501f45542e5ae37e20b614fac7c96be343fce6697877df93d7668df8b1117c2eb4
-
Filesize
8KB
MD59cd738b8113af0b6d36934c898008370
SHA13eb015255c18a91ffeb89b7e1266bf821deeb5c0
SHA25623507aeb7da9b750b100e374dd58bdecaa3dcfa70c134af948aa0a51384447fe
SHA512556c9d2d0f7b619dc9b0e5c65d6d463d9ff2b76edb1f0bfabd9e57c01ada8c408041aafa299dfeed065de4b8a1ff86b2170acf9a838095f997187fbeae46f61d
-
Filesize
880B
MD57f569fe54404feb3b0fd6f8de44b3c36
SHA145005e452a5f6e9084a67f861e7112b494c45d5d
SHA256c6f860d8cc60acc755008f02754d886d936d37679c236597b9eccba1ea52278d
SHA512563221c9fbfdff97ce1d0194ba632d68121ff156e1e43f730ee776091508747e21d834460bf3b23f6117214bbb2ed3b7df69dbe9c0436f34eebb160e17af04f2