Analysis
-
max time kernel
32s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
13-10-2024 17:00
Behavioral task
behavioral1
Sample
41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
-
Size
7KB
-
MD5
41084ab3be6d49c1483b0b192de7f636
-
SHA1
d67312b7e4e6c0c127b12ca1bda92a8c7ad7c6c6
-
SHA256
d016bf6e8ee34476729a5d7a8d33f068344ccb39141f3091663c269a6341d9f7
-
SHA512
7abe0cc4a5b8c5ddec7f57179b08bdef48b2bc6a2ef1bc1297c5c972c76fffdad8f389c11bb0b12db2c5aedfed643e668cd2e9ed37ee634a799491a6e0e53ef1
-
SSDEEP
192:0zdrr1FG1WDCgmjPZFeLzdtPJftSGMUA:0prr1gkDCgSaTFtnMB
Malware Config
Signatures
-
Detected Xorist Ransomware 6 IoCs
Processes:
resource yara_rule behavioral1/memory/1520-4-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/1520-8955-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/1520-8954-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/1520-9187-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/1520-9188-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/1520-9189-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Renames multiple (2209) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
Processes:
41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exedescription ioc process File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe -
Drops startup file 1 IoCs
Processes:
41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yymq9398r5uRQCv.exe" 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
Processes:
41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exedescription ioc process File created C:\Windows\System32\DriverStore\FileRepository\mdmolic.inf_amd64_neutral_a53ac1a125d227fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnrc006.inf_amd64_neutral_7e12a60cc98d3f89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_eventlogs.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnhp005.inf_amd64_neutral_914d6c300207814f\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky002.inf_amd64_neutral_525d9740c77e325f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wdma_usb.inf_amd64_neutral_7bb325bca8ea1218\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_command_precedence.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_script_internationalization.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_profiles.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\faxcn002.inf_amd64_neutral_3d392ccc357e04db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa3.inf_amd64_neutral_77e515342bd572cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmega.inf_amd64_neutral_f9c441ed24f00358\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\tsusbhubfilter.inf_amd64_neutral_d0615d6fd67bad03\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-LicenseServer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmsii64.inf_amd64_neutral_d7409fccc5ef4078\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Command_Syntax.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_For.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_command_precedence.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\amdsbs.inf_amd64_neutral_5cae6933bef20aa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_scripts.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_methods.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_debuggers.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\000b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_wildcards.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_WMI_Cmdlets.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_hash_tables.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Session_Configurations.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\msdsm.inf_amd64_neutral_be2b348981b2ef17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\spp\tokens\ppdlic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_try_catch_finally.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmdsi.inf_amd64_neutral_e77f438012239042\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-RasServer-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\winusb.inf_amd64_neutral_6cb50ae9f480775b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_operators.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_hash_tables.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc1.inf_amd64_neutral_662220c3016bb4d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_modules.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Core_Commands.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced_parameters.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_History.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_requires.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hidbth.inf_amd64_neutral_8a1323fc68ad84af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netirda.inf_amd64_neutral_93a886f96cea2847\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\fr-FR\about_BITS_Cmdlets.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\61883.inf_amd64_neutral_a64d66bac757464c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\iirsp.inf_amd64_neutral_25c14d33af7f54f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_If.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Comparison_Operators.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe -
Processes:
resource yara_rule behavioral1/memory/1520-4-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/1520-8955-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/1520-8954-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/1520-9187-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/1520-9188-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/1520-9189-0x0000000000400000-0x000000000040C000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exedescription ioc process File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\THMBNAIL.PNG 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\rtf_italic.gif 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_center.gif 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\THMBNAIL.PNG 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14533_.GIF 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\Office14\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Program Files\Common Files\System\msadc\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_windy.png 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\sw.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\triangle.png 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR32F.GIF 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\MarkupIconImages.jpg 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter_partly-cloudy.png 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15023_.GIF 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR33F.GIF 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\JUNGLE.HTM 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\default_thumb.jpg 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0387591.JPG 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00516L.GIF 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsVersion1Warning.htm 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\drag.png 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Program Files\Windows Photo Viewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Program Files\DVD Maker\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RIPPLE\THMBNAIL.PNG 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\CodeFile.zip 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\ps.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Casual.gif 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Premium.gif 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_sent.gif 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\TURKISH.TXT 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\nn.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Program Files\Java\jre7\lib\zi\Atlantic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\THMBNAIL.PNG 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0384900.JPG 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21305_.GIF 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous_partly-cloudy.png 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
Processes:
41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exedescription ioc process File created C:\Windows\winsxs\amd64_faxca003.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_03df1be1120b3a1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-00000816_31bf3856ad364e35_6.1.7601.17514_none_51f86252adc79b66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-rasmprddm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d786c9d638c838ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-b..d-bootfix.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_24ca1e2f861cc656\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-charmap_31bf3856ad364e35_6.1.7600.16385_none_f230138205aebc59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-l..m-starter.resources_31bf3856ad364e35_6.1.7601.17514_en-us_3335316deeffe44f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\diagnostics\system\Search\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\App_LocalResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\1px.gif 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000449_31bf3856ad364e35_6.1.7601.17514_none_48f4080a788fce87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..lsservice.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8a7ebaf2c89bee6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\Help\Windows\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-i..tional-codepage-858_31bf3856ad364e35_6.1.7600.16385_none_cebddca2fc8602ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-systemcpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_048017f3b2c3e7c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-w..r-webclnt.resources_31bf3856ad364e35_6.1.7600.16385_de-de_965074b94313e034\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_divacx64.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_48f0af8cf8152af8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.1.7600.16385_none_5053116fe7b53060\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-a..on-logger.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f07dc9069aae7249\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_11.2.9600.16428_none_16675be9a7415cd5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..rsist-rll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_fe564562e9ee1803\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_crcdisk.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b101c5afe5ce5e39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_b57215bac8c6d647\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_mdmusrk1.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a1d2e2d9caf6cfa9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-printing-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1fd9a5b2ff38869d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-wow64.resources_31bf3856ad364e35_6.1.7600.16385_it-it_70bb692c4654ddb5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-panmap_31bf3856ad364e35_6.1.7600.16385_none_6932aa5f8078bf12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-a..llservice.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e8934bff7a284e2f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-directx-dxgi_31bf3856ad364e35_7.1.7601.16492_none_89bc8ef5c05582ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-dxg_31bf3856ad364e35_6.1.7600.16385_none_04e0334574ce0f74\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-e..ehprivjob.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_21a924e803f68af4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-u..files-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad65cceca64de633\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wcf-m_svc_mon_sup_dll_31bf3856ad364e35_6.1.7600.16385_none_01d2f6f4654f7184\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-a..tigations.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_4a9432aaab5ec70c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.1.7601.17514_de-de_2637f1a2904d46a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netr28x.inf_31bf3856ad364e35_6.1.7600.16385_none_f6bd180f0177aea7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_pl-pl_89dfc03fa2705302\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web.resources\3.5.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\a53a2767e448aef90b345af1339d4c9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-ripbsyn.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e1659d4abad790f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..ctionflow.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6f232ab0cfb511fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_43b532cef55e977b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_usbport.inf.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_eeb59bfbb06f9086\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-0000046c_31bf3856ad364e35_6.1.7600.16385_none_63b79e90a408fe50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-mmdeviceapi_31bf3856ad364e35_6.1.7600.16385_none_b0f9353ed312e131\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-dskquota.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d85d3818b1a2c5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-n..on-common.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9b239ff27d91974c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_4f7e32f76654bd3c\Peacock.htm 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-n..on-common.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_cf0359a5e21313a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_Quoting_Rules.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-e..tvratings.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_3030275c76e27695\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_do.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_Redirection.help.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-x..lugin-mui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d83eba5bf4518adf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..g-utility.resources_31bf3856ad364e35_6.1.7600.16385_it-it_83fa4a32ea43562d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..ceruntime.resources_31bf3856ad364e35_6.1.7600.16385_en-us_39c8c211c8571ab2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_es-es_28e9f3de1adcee20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-c..utermanagerlauncher_31bf3856ad364e35_6.1.7600.16385_none_ea0a643b0e032c19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehres.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c11a4c8d1ad35c79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-mspaint.resources_31bf3856ad364e35_6.1.7600.16385_en-us_185ba149ada3245c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-o..lfeatures.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8e96c1352b130cbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.1.7601.17514_none_7a2ff57a626c29fd\Speech Sleep.wav 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe -
Modifies registry class 10 IoCs
Processes:
41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\shell\open 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yymq9398r5uRQCv.exe" 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\ = "CRYPTED!" 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\shell\open\command 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\shell 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ORQUAXCYSEZDONB" 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\DefaultIcon 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yymq9398r5uRQCv.exe,0" 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1520
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
282B
MD569a98ef655778f1cb3764a923acbae80
SHA122683321e95c9a631039d15fc49ac5d3e639ac54
SHA2562ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2
-
Filesize
341B
MD5df7fd5ee94235cddaa8bc22d05b0aa0e
SHA18ac5303fb2ca1e8821d591d45e67243c8e7301f3
SHA256dad0a4ab20ed2e95eaaa2699111e586b0148b638a51141079113b7dcc0687beb
SHA5127839ac583b020031b38ca2e0edd6d2d3b6f80aa4a474963c815731a6a7c70583c08c423bd5713d095b7ef28a3c8acfeb027560be6d0435f494f0f4c99ccd2e0b
-
Filesize
222B
MD568dc3c0ecbc6c9b6cdc1e34a7b3fbbc9
SHA122f3d7fa353dba2c859d104a30de9a14f08b61b6
SHA2563101a5c04f78e629c8d32d18d21c9075457b49a0e5488854a7a6619209b4d021
SHA512c9cf879527c7fffa5791b42c9893e3991ff218f2f7b933c368fea8b4d5160772cb4f1a8ad630cdb256384bf7a5d6fe261196fab492abb89393ffe4f657e98466
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD5f7dbcbbe7bed6e3698631bf24f0c500a
SHA12c825feae02a76562d55f3adcc6301740d7ddf63
SHA25681094f1c98059c8349e30dd3050ab74cc5681d923351e282cbf6c30a7606cea2
SHA512ec79a621fba6fc472dfc102085f09c1ade04e955e5fa426e1bd0855341932b5a71fd53c82362c55020110a7f38c29c186652442445e225f2f8d8545161f1ca0a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD5dc88f4f7ba62197fd02c73cd79c5d588
SHA136cfbcc770347121c7884b029743cf22a584b59d
SHA25653707fa72e035931d15911870c760e414307855361424b3ddace13c0f51de94d
SHA5126a22c8fba8c26a56abf19c633df358c8cc06b9e4f21cea59e997d41552110ad3b36d913155e315bf58c752c1de01303299f39a13962b34e968802f128b73a660
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD58e6532c54c7862357078b9364fdeb13c
SHA1970f0d69b405e5a243e68a292d64417fff1b8cfd
SHA25645c96f0c0d4adf92a66c86b139ec0e0f1864a83a48d7366f7c8fe1261b1aa426
SHA5121e078237f42483fa25364cc697b10d300def544d0ba12258e0ad4423894a758df2789b77f7557777fd55e0af93b88590ab5c737e2973ed3f1ed785828bb0df54
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD57e942f798bf1ce8162897381f0d2776d
SHA197901ef30c370ae8b804a914db4dc8eda71a5c56
SHA2568a332a7b6b5222f43d71b80996679e7ed557fc37c7bec7d891b9bea720022439
SHA512a7e5df9bdb7eb00d3597b618a061d3ed82e5c0cd14936c6f6b5b66990a71dcf789e5980de3733d3c13649b20e8b8247d0d22995eaabfedef746325464dd7c805
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD538b6d5e7939beed72b5b2a61fe45acb7
SHA10ea7c2426c9a9a5aae544a79a0c976c375e998a7
SHA2567f4b119c0e8cf06a74b2f542405cd5ddb1d11e30a5621db51e3f6f7ed522043b
SHA51208062f5669e8e7d563922c74c1036906bd3dcf7a1b9b17ee777ae90a356e9985a51f9c7f8881c2b2ff1e4f3102e35a7242913f909d2b239227c41ba19c8de14d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD5521046d5586a242f09a89b96106b2990
SHA19bdfc060f5ab6d1bb8da710e742432e9791c5e94
SHA25653754407027c1e949940c5b2bfc889433d97e8c68382b0deae267909f5787b09
SHA5129358026a68694775e9dc8cf7074d0f9d1af4c99b08ac30575f07805ccf0080010f41578463636ed4d029a7af939036b63c31415f0e7297e93ddee46f957ec246
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD56eb38eb39c8cd24928f2e5cc36503c13
SHA18217a6b18276854229b0139a787a08fef90d1c58
SHA25627e61b954989cfd2c3ba01ab369d4fcb970a5a73892aab4b926629c4d5689a4f
SHA512b7e7a44a073e058c821af2ad9a92153462e4ab49fae2f7ea235a256218c2c0a16b45fc1151619ae71866e0379ce53f0af3b2d7849594a57a649f9c54fcc5aa2a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD5683ff192c03fed68f8f43280a2b9422d
SHA12b0f14db778ab49d7e5a8b3de84b0cbc3e85e00e
SHA256c46718d1d7375b7fe2b7d3e4b7a96e244c03f6616c6f066b13106bf261d54a2b
SHA51241304b52b15e0783948389e9a3ae0d5ae567922e10a92192ff19d3a6274b820fd266b21a1589d4d081fbb7bc497d6a1be6c0341d01871a1e243bffaa0a60043c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD5d5476a522ecb23a7df38850160ad6f1c
SHA17c73f3a02012eb0afc011bdcf9507aaef531b5ba
SHA256ae2974e80460a262e46bd175fc06d36e9daa2b320df0a7501577307f4ca79c56
SHA5123c2620b81556f3ac6e95decedfdd194d74566001353d1700eb12b3ba35181bbc15ca69c7248233cc73bc4061486442bd038f6e037910685722d789a6cbb016ef
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD5575b8a6496a02dc4645487f46aba7d02
SHA113687148c270ec2e0ada793e3e711692753ff25b
SHA2564f430c6ab4d1023759a841b377a11f6f26f4c09e334b3a520e50ed5593ea0f99
SHA512504fed004c9fd26ab881de70dc3087a162d706ec7b81a80ef8ea34f377accd5aaaf136bf2329e3fc61edb956eda8e6e950166075efb1e3208c5e864c5e97ca6b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD52cb5d9171cc4080c5336b9a2d301ae69
SHA1d21973db3c164cf1c857a52a9c8d6870781382a1
SHA256f3ae87c23422f2fba25aae8a31c2dc39124e31d14cdfe8e4eb3251823cf8072c
SHA5123476a97a039f584473c2f7561cde6e92ee6a8288d7f8e3a12b4fa03bd2f531ea875337efb9443f459d4f9d4c3421ff441f3b384d4c72293aa3369bba1117dba3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD51c3b9e285079404e3eb7bbfab6118a3d
SHA132137a641ac48162fccafa16abb77573364269b6
SHA256722b2c8610226373bc304fc8ce1769d3a20feeceb2b4945c03ee3702e507363b
SHA512148db4b93d895d721388372da4658ed2bf8d79b2bb64e1af50d2b9838f274bf383679567e5202eaed21b948dfaaa89e4e3926a9057bf4a64cc7417622ea7fe15
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD54f0dfc167f46a8a8b2fc402f12983a48
SHA139b93b53cfda812a84cd19f1e14fd2498ef8d2ff
SHA256cc5aee0b91e59b06f5a58ef77eb803b7b952aaa7f272dd1682912a3234b16dc4
SHA512414358401967a7d1ba916c5c1f42d236ea54d1e5a90902eeaab04be73bf4d1a86927c94ab973ffda35ad71dd0045b00c8fdca8d41a7f24bf2e935ad5d2e442f1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD54e80122ee34a330a1652a2824731fc41
SHA1a71e6a979b79d3f4ff0ee1d473c0a09072e6808e
SHA2560ba80a857fe04c5f22ac3fee3aeecc5e247857b1539519c9df88b12026424562
SHA51248c912d1e99976e9820f5bedf1cc3f4d3d726acf3f3924350dcca91a1ee33624dc97b11c974552276483ce6ce9cd322ad74c9e94aec9e92ad4473d473e77d64c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD5624b1adaeb313a2913213352e85eca6c
SHA146a6b760c4df79b6cef5d84c2296e10a07f0899d
SHA256aca5946da28a73f98e5cbc00676c3ddfa523f3b7df6ccb12b4a7b81bb018366f
SHA512546cecc68b8233ec75a76edaeb75d69b3b7a1bb73abd14523b21881d8adc0d69c60193f2c92322083a979d3eca12ffc120127bb3431dae30935121f6cce5ee92
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD5896bd25b4bc59ee91fdbf44546f28d79
SHA19f566ec25a8ec7fdaa24a8f23912846de90d536c
SHA256d27f2f2d371033ed837a689998643e1af3114486d295ec5b6cafbb93c0ae5e2a
SHA5121fff78ccb50678b7d2f522ba4dd73186f05c4d6f087bcddf7c318e2009680420ac083306ad6c891913453e648f122a8ef49a82ec79ca5983480b0410fa36fc42
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD53cc0a4e78a8d728350a4566ad19af04a
SHA1fb00a7b0cb25044f579d85725fae9c765b35382c
SHA256105864d25d5c259bb6c8c7010c79217d434280f55ba730f5500e4bbba2c64613
SHA5128ea7269737a31bfa620500ad3c228264b8e65587becd131a6671144bde73d3704431a651fc4f5bab1bb8bb71ae5afadc17bfab6d05f4e67654f78c02a4dccb52
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD56c3022fd14d6f2b2559adcfbaecaec2c
SHA18c9d1b038a26cd81fc8c90e0b54739fd2103e768
SHA256c326ffcefe2efe4de962d7b04ed8de44db7967c0fe1324a156ae1f549c3b7f8f
SHA512ad069c99a07362646fb1d1ef3737fd6a7af89cfe6f307ba56a7ccf84ad0ba2b692e1a7a48c5c1a8fa62cb233104f3a7f0e0a724808f590fd20d1883f47879ec8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD56eac328a479019a150d1223a2c5959d5
SHA1b02238f01bb742a4ddc29dc216d6524d4d3b3bfd
SHA256d74c78bfa53e715a7ab3c26b4a1fa726bd82d89e0187ee8bcdc55a86e9c33604
SHA51216a1f6a69bab04c9f8049289f6e11686d10b7a935ef427a4cb76dbc6096f93ce9457c765b9e23bfe9e80927878e27a427208e9b7c3cb9b5b3a264f1a958f38c6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5c3c4f23b4b141f91e591a458cdd0c660
SHA1e630c2a43c6c8186a947fb6e60ad934b8789e289
SHA2561680f6f362f2bcaeba44f5d9c8b785c9e2d131455822d4f947385a91f2912f61
SHA512c7be56db2de2a1dd8922994638a14a3c0bc1fd3da50112d7803ea26942f0bbc77cd62a35b90334e84c2719a30348af5bf4732339e74be03b22c86b24f2389533
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD59aa075008cfa8360c2e54c844483400b
SHA156eda9b5afcae4529631c23c83e69f19e0d1ea35
SHA25651de88b33d2c4d6685bb0cb046cec20cdf61f4afd415ed4b23d82de03ffb98c7
SHA512c6f5caf88910c5626cbd306003c9e8fb4f0ab9e1b1e86b7a9812cac37baf4c46581cf3cfa58dc9e9c8e09da565883d06a327c5cb3b50db349a1c9b89c16562b5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD551f76db7267b5e6394acd4b44fb4e083
SHA1e5773eba4cd1127fc5b91f1f3a778bc614fad7e9
SHA2567945afcd1789c1ce8ecec182b85d76d967c7660eb228d7b80e60654baa1b1d0e
SHA512ae31c83ee3a8d4a29c1ca7271336866c67d4c77536ae448e29f6bbd239f39a7f775dc5efe3bf75157af41592915bb09aefe68b4823108edf9b3733a6dc54ba0e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD5d9c25fda1f8551a5c6a1f1e634a1ee4b
SHA1f7df03ae5302623eab1de70946cad0d2d31fe120
SHA2561130598f72a58b27b19a8071acbcc9728d1aa9974a4ecb40795d8d4c11a2f8ac
SHA512abf3686959007ae6cfb3b32d9a1474cd12eca53e3db24648e31723a225cad5ef3485d863b2302e0fd5a480263f47ba6c3b74bfc96338645bc49b0c578fc3d316
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD57b1c45723b7429fcc67c5d74ec249e15
SHA13e81e5b1457b6ba176fc203d97f83bdcadebd58a
SHA256e08ff29e3f429cba6530af24f034dc9b958134b654c073257d327145a211b86d
SHA5125184fec554204b040c850872acafa907fb23ab3429efbbd01fb765a82cf653f888442a951e006e7764c08f9ed96e344274336c53ea8641a09f6d7a0ae2b8c744
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD577dca660893cdf64760af020f9b3c5cc
SHA11a0cb36e5eb1663b3d0a5c726cc1e7caae949855
SHA25654ac309536f3241060244efae73b3417b43029b9262840d52ddbf7d3218f36c1
SHA512ae9e276b442d4b227e879c7ced9e1a9a7923d1c9faeefbd22f00145e89899ebc64754ffb8d9fcfd5fdd1c108ab3dd5a9f8ad203530e29a3bb6793d46bec3dfd4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD552f9d67b57fb5cf1ea30545552b804d2
SHA1935a1e9fccc911af8c7251817bc6f22fd2adfa42
SHA256c020112381a37ca0952ce42f8bcd207646c280f36d54b4c5bab2a3c33e005e0b
SHA51245dc5ae6d07a2d298be872b3ed83995ee1ce4dd0d2fe641b454b4c6e4a3211a131df3383e5fdc3ace82a80653e98d66235efabbf00c0da99157bc040136cd108
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD531a4ca6d8d5f5530dbd550a2c8f8d0e1
SHA188cde6ebd57878ec1c4cd783f9f9c63a1b2bab33
SHA25695686454dfd3b354dfaaa4a07177c40258331f9ff5c345a92a60e17feb415450
SHA512d8171b0d609112cf0d9bbea2e2f09bd3c822a1a61ed09332a0122ec974af29029b3cab80db4aeca221594473301b1c301c0e8aac0dc94e881a5a18afe7a26e6a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD5109adbaff54cfbe3ec7d98963ad193f3
SHA10f9d94b371dfcaf2feaaea428d45b7558463af84
SHA2562c33a4af66ef72734fc882126eb0168eafb0c336ce992bd575b0e8edcb0bbd45
SHA5126cd16a63299db9f0fac79902111360c46a1fc59ad5b97d538c30e403b6f5ef7f455010a4b6c381af737c384cdd480c39cf9fddf194f8146305046a2c11731c3c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD5004cf380a04f2f73ec650b5f9a21ac3f
SHA1eab91d76e8b631e22de88461d8f2e8e85cdcc7ab
SHA256c3a7155ea2d6a53dc9342d7338fc84ff53c5d2ffd9687a7494ef44188b036d8b
SHA5124ff9efa6f3413803151b83a4daa37bac7fc378ceb490bced8e0265d311a445a40573960166e5bff9ef1ac80ac64274caf50ecf380b396b38869caa24c5badadf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD54283732b8800e7bfd70688b4e11c2e94
SHA1b7c54bbe0fb7d895d6a874db564e1e21c724641a
SHA2563ccc6c2486a55ab0f38e2f70d397af7666d2a21eb0c681b9561f101f3d3b7739
SHA51216120657ff72aef8cda5dba42085498449136523ea72667cf69fc13e9b64a66cd575bda5323fc7e58e3080694cf9e89e9da2ed05ceab10a4fd88974d1d38017d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD51dd39d01de0ce8ebc65631dd47cb615e
SHA113b30996d98b07205c5953564380f21ee148ecc0
SHA256de43c8347b75ef953b1db1d350df694f0c19da48b685c48a695da7327b162ab1
SHA512c92ff662f775e1ca6a059ded56b6ce52601049ea42509aafe294fe9164d133bd4768364a82cd947a60e4b2ab0b4bef3f4610f5831e95fc6a1c8368d0005dfe3d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD54723c74935ad693bc90941995806ed47
SHA1febef6b97268ae2f5a88ae10656e8bd46e7575a5
SHA256d1e6dc171f389f8a08892157d77099c8cc76f9d388356c52e9059655a9450133
SHA51256695f50d30f93b374ab2019e6ff098caafb6dae712e944b6cfb830a18d510a88ec5d96a21479673ec253ce5c7aab7a8ced27d279e229803fa60e3cc45e15871
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD5bdccf627f9e4cca175962686069c5a53
SHA1f70736cbdd145d6945068b28db44ce8c964036a4
SHA25674f51ea15780fd19a3066e21bc50a7ac408491e84111817f5e8708ab35414522
SHA5122582dcf81a5d54053cf9bd4b7e767fa18988ec32e96bb1550ea39cc77d7d660d973836b7b30d30cb37d95e461a948e34308259a30222a8ec611e0d6981d49040
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD54b6ae4c427072165dd689a1fde60dba6
SHA138a185f147c22bd7f29893ec30e1056a994500f3
SHA256fa90a9fb0b56c7ab6f1c87e2e6452cfcce10cef5c916ebf2cd578ea484ad1ade
SHA512875d3ac0f016688e657cd7909f02c91a8288bd42c2c2224b843c81205c153477b7a9aec7eca30a07124801169abfb59d5c48776a4e8dee199cb05a65e06dc02d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD5ad267cc8b6ad586057b7396ea5c2a291
SHA168aa012f86f40a84e93013bdf16328177212cee7
SHA256550655b6bf3137171604a858ffb56dede36c5d1d46b203f3acd56280c8907c8f
SHA5128f1fef934c0cca7c7b0836647940b2bcf7f00b3ea2757b0cdf8345eadd874798515e55f159733c11d3bf28c430cb1dc57f5d0e3508b3026d603d4ae661d3e0d0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD53c91856b14a6a49484eea84c0d36127a
SHA1174ea95b3e25538428b5d1cdf17a1e2cccc9a563
SHA25629b09d0cfe14aa739a0b1dd2decf7f5a52083d26e0db1bab3fc5b3e564e629e1
SHA512c26af7b70467421ad307ffdae0183342de55adca3552821942b12109d8bb591a7bacf9813962b096546a66d1f9c11d6095e3c94df151877bed6a4a8485626d60
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD5a3a2e10be1cace767167fdc86028f40b
SHA14e63a02ff98ba2154f9bfcc8cfec023d574625a6
SHA256d294c58ce5f105b480074b6001ada3e0d7dde60c4738283d78373fa7d89868ef
SHA512851553a692a53757500bd1272c0398c656c78321ef81018f588164685ca272a5036387557750c5c6833af5f9f374d32b311bdb21dcaa335ace71c103a06ec542
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD585632a56b7a11f3aca563f7d3cacbfdc
SHA170b7e0deb6a4a31cc1a747d52491ce287327491c
SHA256e50e2bdd51ac4183976db38abd4b8b32925fe8c72521db41e206a2b9af34df9f
SHA5123ee1357e43547309419473b886ba86698f7d968b5955695a37a66bbee21a5cf1f63207f9f959d9939d4c5cdad53b9e80d1ca46ecff3355c3a3f492776f09c8b0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD553041f2354d33887f149abd1abe14aa4
SHA198d0a200bf961a782872e33f194f4614a69e02fc
SHA256dc0a2558c2476ec38e4852cd5a564d0111ab53eb6a759e7df7236ff4b55f61ba
SHA512964e572a7ddea4d54c2edce5fcf7dd4b5cc0858ccef8cea203b44c54fefbb73bf07f627c71b677ee2c31894c32323a3c3b1eed541878b052447a08c4c902cd71
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD560bf26e3acfcc73b221988d274353e52
SHA1f09da5f2e21dd6b0b95e3987a16580f6740d5583
SHA256d962c3ee13d13f81e5f32bea8810986368825e5d19c1bd1ea978eadf0786b2f4
SHA512828767d3fdc1252b7831a5edd869147eadcdbcedfb2d21e0f4ea4d2f3a821fd6d4dca9a3c0954c85736728d78aa10265351e62905a1837f356a6ff548ba4c091
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD5407993d97ec35ff3a46fee89690799f3
SHA1fffd46e8d2ba3cfd1ab6989a5bd291ac3b1769f3
SHA256cc965bd9124a3dfb846202a996ab0259418abf2bd41eaa550dd82d7101e7b327
SHA512c326245a223138ef68e615ea9a35f75bba532fac770b5f4a93aa3b8e1add571d5bb0666b3885ef264e2d88a1711974fab019257d915010423e109c3805f7e0f7
-
Filesize
580B
MD5cf01112d28bc65e097615b5f0beb7a97
SHA17d758da2da9f3877a45f504cb2fc8cd8bd5d68ee
SHA256c2c4fbd02957d98fbf56ac11a029033a85394412159621728a5a2937dc1541f2
SHA51257bc597be4fb259afe00e57bb726a641709d62335ffcabaafac36bbc78e7c0510063f9cae3be8269d7fafc3fbe747063133f4462b9ab2a4b4b2ba53bb39da19e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD5d3cb854720257bbb203b7c74f95de211
SHA165a6d6345a7d3d43d6093a95fce23d07ae4c2808
SHA25693160bfe8ecbd34fcc0408f3e15457dea0d4276d00b10605bcb59dd92e47c9c7
SHA512d55dd9c3523a28c09001c836e88280e9ea14833700d9a1eca0cd5eae47dd7ca2e0e2be2da5c45fa0c0414bb209f190724585259c002b3b13cde26b794e59e53b
-
Filesize
625B
MD5d29de6008fea1601482a26cb71f9f4b5
SHA143a304c34fe8e6128059b04b32ea4468f4e75f42
SHA25604905a97d42ff673b7190bdb3810e754b3fec30d812f243d4d42789dfd9b9cc0
SHA5128774f6e1c7cd57e49ea289e76a2f2d4c6ce1d18c204329ee59a430b8a312eaf6aa6e03695cafbf492ae8ae3efd9e7f48f1153bb7d7e7457cd5cbdd5a29ffc61c
-
Filesize
873B
MD53d99d9deb4c60fb20a00faefddd739e9
SHA1cb219266aeb5605ba2ef5620bac72f8b4478aba0
SHA256274af2d7fdba3503733698611ef4dd35f8fdbe910ae2da7f558d30fe5ad0303e
SHA51240d42de434d90be629b9e404695726d2cd7ce9f77373ebca1364415100e209ffa23bef0eaf93f678b34bc181e286020ffe4cfbd688185c6ade276126a07d2a7f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD56a1ee9b3c7684c65efd36fd5a79b471d
SHA1a89f7f3faf39783570e1799d5bea5e0a4dc89784
SHA25660fcf7e07df9cb1b8ccecd96f787972f5569854ceaa031f4069514ee8a7d59ae
SHA512a6d19858ad536e153003ac04a5d071f98e0af31566424fbacaf9d2316dc182652e12827999ee57ed878862c278fda98527544323e7188eca71ab35c536b7698c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD5419c198fd7c05eba5b4e36d11d161409
SHA198682c9019415c16450542aef4e5054f4c253465
SHA2569e01bab6563de30d1a85e9340cad415cb4c636241e755cfdfdbf5e73e3148d82
SHA512585de625256b5048f3ae1b2fd88db2baec10ac01cc853c676aeae34b1a6b225c71019ce2bd35c3955e8e9350eba94f27d266ba104f67ebe6d2f9e5a781d52cf9
-
Filesize
615B
MD58f0e11ed79bd739ffdf02226182b44f2
SHA1e20be582ebaee9188e376f3baac24f0a8bbff0fa
SHA2564d185d1bf5e9bb70dd8cd1304b69564b7b77e107dcd43a5061cd0be08092621f
SHA51239419c6665c6cb00e9932789f6cefe2b5067887894a42af9fd4cf1e5294541379372049b529dce5416bc94018da9c679235094150cc07f7cbde55c95f7e083d7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD5039f67c8bc3ffce9907305591a4c8e16
SHA1dce0f2f1d483566ab928ca9e78b6058eddc93572
SHA256aba64c5ec47b508086f5e011d965a1334287466bf924ce34852e7cf229449dbd
SHA512db934e86e88995b5f7ca76b90008ec07d5fe47e3b5f60eddb54e22abe306a468512acdc98be0ba8a1fe70b23b79394ca154c05caa932387bbc06516e8d93eea1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD582f5dd67a1e54ed405f0fa9a1557ade4
SHA17bbf7a2727b8bf91bfb5778b0304407e7246056a
SHA256d407b3010aa7859577a037d023664b765db4093a098dce1d2fe6b89c23d19476
SHA512c528da4e4cc717d186c6dcca7818abc049d775ea310f63ea0f718f2d4a306de71f9f2a27696299e20c59dabca564e788f32bcaa8a8f92ee124f31530713c69ec
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD547a510792445c4caa83e96de25c5240d
SHA16d08b572ffe81364477c0f4be22b0f010077a36d
SHA256697f830a2be44020ec5cbcd16dde1f9a7fb246a3c816599bd801fbd01db73868
SHA5126fe6310b4f205691ca916cbc5cddde866582bef3978fd7942907deb49d5dfe15785ee902ac58e27fecc448f644772e59c98fc2fc19ec9f63e8d197e94b87f1c5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD525df2c4b7085f50d0bb3025add39bc80
SHA1e485baa251cf92fab36ae1b86f03bada704a81b7
SHA2567ec0106285f049798dce6116f08b990a9015fd6ccd258a848170e21b17a0ca6d
SHA512340928437756fe5be825677949201de405045cae4075bcad6778727adc21b52513454a9dd6bdb7f55af1ab0b719ae9e01c87a4668bed6dda9379f587933d967a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD55893d6cc104c8efd3a44c1d4320f3a42
SHA13c9aaa8be2c58d03f0ea66b936c7d63f85a3b83e
SHA256bc8db85330dbc2d174cdb026163c1d9b9b3c5cc42d07368e0cfb874410574196
SHA5125e60f1fd3eec02822a6519eb7629d35da83713d8c25d2c86fd5783e83c1e6b21f1b6200db0915fad7f7eaf593af8e25e28eb2803253b4534755a6173f486eed3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD59f95ff6dd7a6938e07f9432df00c232b
SHA17ae2c012453e4a0aacc59b2b4e1f159c1248fe67
SHA256a0f627264db112171b510cc77e8562bbc5a015bfa5be32b0a55c92e4e4a3031d
SHA512d95a623f14f3706140c2ea285b274e6d640400546869e0caf82ae35d52fe4a9bef412bff46b0e36f337666e52c601fb04da9e72c9646c910b19ccccafeb38a54
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD58db1951323e5a5397cfe179b32c17868
SHA13884c546f5f2044e8329b02d58b89a3467958969
SHA256b4e946c464b8b4ef0ae171dcaf2bb2fff5a6396342c851db28a6e277abc875a2
SHA5129f69cf0b4653479f70e3ed21d8291d7a68f443d649285725bc91ee89dd64570cb7e82a4868270b96170ae75bed6677b11725faf96af123609d13331afa7e084f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD5311e8897088191c9cd6bf86f51ea3ab6
SHA177240f2405709224b5b616b535a4aa03a412e39c
SHA256880c8c342c19eba95dd0819dfdfabd34c03a37a2ec04a33792a8a97604a9e572
SHA512cb5f5941bfcaac3af597c3bb7e4c511c005315f99639a1229cf865d76294bebd77d9780cc52931c130e4cfffc66e56eeb5c1f29a04b283c38f900893ae27cae6
-
Filesize
153B
MD5d27c0c5fe3e64ef41c0c03e28cbfabec
SHA12bf7c130c5d4b0990f465f54f19ea9464e2ebbde
SHA256522804a9bc40d71d21dac4feefe348d63cdd7c16378823cbe30853138036a59a
SHA512b95a755e9d6af1318757ac00ab98d6797ac30da652ba71eb87e5ba8f7694b570d9a7452536bb74bbbf3a2fe197aa7c97be9255c665a8eadee3c78c258fac2164
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD5d746ee33dd76a5b2d4f7e78634a52f9c
SHA1f54d42814d192d35f6fe15867a1b9d7bb707857f
SHA256636ece6840173d9de081b2e54d4f421df907ccd93211f5459b9439cda641fb9f
SHA5121ae3cbf3fad5efc1311e1f1c8293539fb0f6eec627a6673305d1688f59c95dca7dc1c4afbe169cdeb70e4c93acd32e026a3f71dd12168b2153dbd9265bc4921a
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD52137f8f27b43f9a0d0cc84e9a97f089b
SHA188a5c795468b345a6c55f5b4485c2db097f40c00
SHA2564d215adad6b8fabba54898957d75670d0a9823e756ab22448d32e276481398e7
SHA5122bdd72a2b7cc00cda98b6335953f7302c99330835310eb2f3679d23f314ca588e01583372defee9f7818be42571814f66ebebfe1e3c04de0948c812481be1ce2
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD5a1b1ab47d4139d30f2169a89ba2ba704
SHA15d40b669fa236045363e763e6fecbbfa9bd6ef98
SHA25606618c7f5dba84c5b889c9581aef76d2e97eda0f215dcb7bc045f7fe04c15578
SHA512ad27e1a6e9e75177d69dcbd6b4b0bed04f95211b81c41e1c5b3c5c17ecfbe3e4aad8b5e0d4739fe207cecbf6fba068f695325c0a355e7e132c37b33c53d4ae1d
-
Filesize
109KB
MD5425f23be01c59b14b877fde097d23c54
SHA156125e16da2788df5d1495136daf58e772c72f6e
SHA2568ec0f7eb0ca0dc54aafb8a48c42663acfe2d4ed2a10dc330f0ae2dd57adaae8f
SHA512e429e02ed53a5d889ab0e0acd0db02b9c64231b4b476ee8079f4499fff60242bfdf5c80a52900f5902ee9d9912cd62fb858fae317ac1c3580f079d81caef3567
-
Filesize
172KB
MD5e0723ae2d9cc249d85bf1857bfcbbbfc
SHA1b96e65b4c98c2286fd415bb8dcee8e3630bb14d4
SHA256a80ff826344bb36e2f784dbd99877af29786b3127904a691772bda4f6de35582
SHA51237e169013697ed575dcc1405caf174259cd8a8d31bb63706c8860b18cec0230f16ddea27d8ed90b221eda348902ff1372410256f875510051e50f02dcf7bd672
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD54c7bf4220c71a959ddd158ef021fa57e
SHA18d038046daece74b51c99ea38631e07fb8e0abd6
SHA256f7ab8cd04f957b9dd1185656a903c4f8e917f527471722c690691362791cb5c5
SHA512fe1f2f85804e825c9180ba01a34a180c7831d979e2555a3a5c899b494efeb8e99928cfdc8967a5e0ef1e135ede1cf8fa5186ac473fcd8df9e241b1b58748fca0
-
Filesize
49B
MD5dad3de0edb747b996c1d07c02143d8bd
SHA18eb3899cce1df55dcf51b61177c5699e2a11521d
SHA256c82fc7d1c270b1975f39cf7d3d9725c0c74cb1b2e8a31718a0c3c3b97a9f148f
SHA5127849c7cb8e973838de870387eca3213af0c3e23de8aa7c8457e36e80d8848a4c78473d3818674e313224a5e7bcc4ecb664412366d7986ae370c8cdb7b8fbce95
-
Filesize
21KB
MD581fbb7ab23f23787af40ead269c0eb51
SHA18ccee06de90cf3011688bb7d4d311035463fbf71
SHA256a400c4588a7113b503cf1ae8eb38af5f389d2843e8353acbab03dd79886128e3
SHA5123d3fbd67aee7f4c0509535a74fe059ea15b636586a600d9476727ae37a0001515ccc9ed926e7c457b1f784c3c46b8b628fd3697e819b1e944e679f43fa44c010
-
Filesize
1KB
MD54eb60fd541155290a5bc17dc9224f3d8
SHA10f3825bc33467b3d933356d329a3310edf408e43
SHA2562046b7881b9f2e18d5660277ae6428a197ee03b3e06de8a0dae2ad06585b1127
SHA512102b01b17fd15e695ad1004a71b08cf03143068f2e97f8821cc2497ee0ad4e804b42cca2274eaf6bb248c60a19a928d2c7b1e971623f168396a2a83f4b2b30f1
-
Filesize
952B
MD568459f615df8e7d7248a9a073b76cab8
SHA12ed8f590362685f0d7320f40c7470b2f20585227
SHA2566808ba0eb7cfdc1780bc7f48ef0846ff26f057afde67af59aa8ab96d7abb6b9f
SHA5125d93f7e0f771a618fd8f8fe8b74d48594e30f082c927cb5a7b69400f69e6d051d8b376fee41e18a5b527892c0d4bb6f0823761e7a6c9ffdb20963d77e0a2bce3
-
Filesize
121B
MD5248211beb5f455bc1b066ee277ebd404
SHA1f8ded7d351fad489665d76a921641571a73f86dc
SHA256d3ba0df6ebd25e00d445e8041b95841de790361e4b42c46514e3bbf878c873ea
SHA5125550948cc70bd57ef0258b3d9bf6602a6a53c813ebe5380e615e77a87f31facde5f502a1349e35ff773094acc416bbfa6eac7a004d6c72524c65a36de4006b1e
-
Filesize
1KB
MD55ff770b8c59c83ed2cd519009edb3179
SHA1d91039836463da40761ab33461295ee6c4547c2e
SHA256a638c49b97cf53089efa5a4d369ad83dec00becb8240b8aa0bfbf156ecb61960
SHA5121025b8e110fab999ddb8a43188aa7c367d4178280db91a8209971b48df388f3bf9c557a385858950cac6bac688878a9615fd5d53b32639fc07839f48f1e5a734
-
Filesize
8KB
MD50fd2a8adae74e716aea7e8d219be7ef3
SHA12bdc02e5bff0177a8ff74870cdb60fd37ef8d29a
SHA256ace53d3c502902ff6cb2846c1e2fe3d5bd24c98a63d451d17651f2f4556c7259
SHA512e399cdd6fd92b7448ad912cdd6c16a675ca883b06b72492887638e4f7a759ddd6eace3741f533e0b3a5773ca5eefa752773235415ad8637c5de61e18262eea88
-
Filesize
61B
MD5b0e4b86bf068ef42a00d15f61301d2a3
SHA18f321a35872b44aee7fb4cbdb958f8bd1d9f433d
SHA256b080aa328f6360ba3c80507d1b5677d6cf0aa0c18352a4e48a7fba54f5819a5f
SHA512d81c65f9c99b1815c035a38c8ba06b21f138c92d9e591fe6303dacc4478f8b03a9ed71a53dc10d2b75ee7bd91e2f6a117d446ae587f7986b74004f47c15e030a
-
Filesize
914B
MD5838faba3686168db638b1e744574a4c7
SHA146936b483487bd7e77c2d67a79c371ef736bcf11
SHA256e836215e54eb22e0da4fa3c563e930f6f54eac3a8fce93acdd10a4974d6054db
SHA5122f735fb2a9a41a9301fbe911aa14ee07cfc68f57e3951649198ed292fd93dd14955727284144b1fef533f8effc27b5ec2395f61f5abcec3c146ee0b6c2b39704
-
Filesize
90B
MD5f6670bc357f96471468f6ef962415971
SHA1f6ebbbe0954b336ab0355b3c386640ab81f0e786
SHA256a9ec85172e3edf677e000880a485814f52ebee81042db5b727c5596fe8fe4386
SHA512add49018a4019ece500ced0ea770edc28874e429d172157d7f58bd7cf9deaf780bff720993208d17e38091bc22cfcfb8c823b0658a0e81082131b2b20480b28e
-
Filesize
90B
MD5d37b559e4a3661c0cd2907a05e7ce89c
SHA15d41ebe3b67a2e9137c1f35ad5ac7448c0b301b9
SHA256fbefd7f40f9248bff08b490ad467ee986949714dbe13ec1eb366a39639bbc8db
SHA5129f2e8d2d081638651b9000472e944f878259faf64a9cc27472ad802f9a3ba8ac6035ddca40befb46aa59ac2a552ea566e8fa34dc8008d291aeffbfefec2a5e20
-
Filesize
328B
MD587dab104115f5f444537b4b7974ea0c6
SHA148707878c873aa5c9dad94a98e65642456056bc0
SHA2560238ec18e261836dfa8c03e5aa9221c547b661730e8e9648a9e21840238dec9f
SHA512fb6699a719cd681c132759254fceb41923ff6e227df92b55eaff6c82ebe3232b86047a655151fe2c1d228830072dc3b7168179c81fb1081b43d6a53eebb5067b
-
Filesize
1KB
MD523d8f7aa77e0edff4ea6d2b854527c4c
SHA106319903dd4331d7ec5a783f9ff442172abbd79c
SHA256390b0af89b8704508b671dc191a9b0aed67ca5c4fb4af720b7c60e74606fdb0d
SHA5128728abe4f1e392e9ba33132fb8806a4df38e64bf137fac9213a238915602c7127f1cc5bfb5458efdd5e3f13e6b9df8d27ec1e5d8c2bae4881e9c090e9d7aa715
-
Filesize
162B
MD5d14ba34d3b9c06d486d9d68eb0f8a29a
SHA1dbf6752a44cd30d4edd3f71a87fc91c18cf6868e
SHA2564fe3258600bb20ede72a13ec635bf4b5ad1ad2d2c664390dbfd66bac2da43bc1
SHA5120883f02a822a5554a7ebe94444f99b26d3cbe8f1972b7cda61aa57f93759b76647072a9e5b7d932635ac967d5847c3a95711bb49414c176d947a946d82a3bfda
-
Filesize
586B
MD503ceed9f9648969a54a5e792cad9590f
SHA1050d69154078e5857588e1042018c63ce2072d32
SHA256f6beb5d78bfbe3a5abe136e1da7574411c266d35e86b437354ac4a2e79bfee55
SHA51291140bb32f00fb15b1a2b438dd700075f49cdfd4065cd600f1e00c5135d1dd9b485fd2aeb71a0cf6fd972f4cce671e1a86cc2c7be4f3254cb3dae4d0f12b9162
-
Filesize
124B
MD5bf0c7437e245106e3434b40f02cd718a
SHA186593cb9fa4a8791a4dd9038319f05736ed4fe7e
SHA256e781d39d15d7e529a72737614b0939a9d2846d19353084f4bc37f017a9168fbc
SHA5123f0cdc539a1d10acae476b69f3f320af0522f0c0aa60931aa0597aafc04bcd57e74671985317dddaeb04d3742658b277089448c5312e410feae97ffb2a49b560
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD500e1a724bf3835992e0d802d4292fc63
SHA1a71b96984e5cc115bc503aba9b0ee4e946ea19de
SHA2567cdd058c3c7cb5e441ac5aed15814d8c938d6d7527cef40c6dcc10799347539f
SHA512de00456f7f55daa3bb8863abb38d053f580699a59778ee35de1061254a25ea78fcd3f331e5b88eb933c54561338a57e1105d6cb4fb8bab9a153971837612eb45
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD50733951ee3c9b0420096ac0fde5184e6
SHA1a9aac94b99520ef6b48dd485fcf7add70ceb56d7
SHA2561d7ba1f1fd6c0cd1f5d8fe77446167ffba1b477133d83b9176f122394e6ea7e9
SHA5122c8c1f5ac318da5395a05ffc8a6bee86cb8566969901eb1f32b59afea55270483d17cd7f965a80141607f28fd18b1de32ab23546e0d07ecaf15ba68e10ef7c70
-
Filesize
8KB
MD586b12c51c40b4fd7d5032b150b029bd0
SHA13cdbeb1ad4e27eaffcaaeeca41ab89b02822f492
SHA256df762539f37ea111be7013546a37ce8fb577b4fe470e72500f7c2f358f0d201a
SHA512c11e12ea7d8222d10ace491dde1b402bf3e09bfab77a619701076f6d96a839d68924c8780469daf100f63038edbaaa3c0ade1fc9346f011acefce1fb1d6bb685
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD5b1b9c0811c2c1f90b491d086373c87ac
SHA1ec64b5d3b43d0a5839307828fa01627be08e51e5
SHA2562438e14178df83b0ac1b811cc921f20500733a25adbfb06460739eb2c2fbb4bd
SHA5127a7935c8124e16fe81ab04834c8ddf6567dc90e050e798e3b0cc0a5f49e5126f91e7fab44c1db57be491072476ebfeff09a8b666501f363a828d3253ab013ded
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD552e8c0eca33f8d7554a4a8457f6e6f42
SHA1cc7feb528fd378bb6f347bf469be37f2d1aa2aee
SHA25618c1a6c742f022b99efe631de63c70f84b6a2c57554cb3afe5672b57a11ff345
SHA51245ee4a5364e4efc96772bdea3726abe78905c6ffe5ebad0029a50114489b4e81b246c4429704a357671ce18066afe42fa77bc3b62c4375f960c304449cc496f6
-
Filesize
880B
MD5c2fd1092163a154d29c0779de5a4b1f3
SHA1fed02bbddefd365e84b657f4537c2d825e93b640
SHA25614a1b849c3b1690013aca4bf24f881710df7691e9629a3e2228b52797fd0a123
SHA512a4c3c79f13fcc78920c53955ec96bc4adc3a30bda69b711033df2a92524256609498678f3475e742152626124afe96e275d832ee7c12fd42da97eaff68019119