Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
18-10-2024 09:17
Behavioral task
behavioral1
Sample
56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe
Resource
win7-20240903-en
General
-
Target
56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe
-
Size
39KB
-
MD5
56a19e5b14e69a5026c51d53198ad0bf
-
SHA1
5eb79a58f2ec1681a91299fe924e476ee7ce23b1
-
SHA256
4c3a79e665b140217270e151cfbed8144b843e88fa0944caaea64ac6d880baf8
-
SHA512
a14970cdc5359199c58e555b506ce6ef15c2edbb7ce9b12b40f3ba7059527ab9e66421a78aafcbd8ae2f58908d1d070bfc7ab552e97b67b7c642e425bda92b35
-
SSDEEP
384:jrFjn2LitKkpArp6lrzF6qYvjSEtVHEF8VuPMB:jIDkpypAY7/xnVD
Malware Config
Signatures
-
Detected Xorist Ransomware 3 IoCs
resource yara_rule behavioral1/memory/1908-0-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/1908-4395-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/1908-4396-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Renames multiple (2197) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 64 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Parsing.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_preference_variables.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_preference_variables.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\fr-FR\about_BITS_Cmdlets.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_WMI_Cmdlets.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_environment_variables.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Parsing.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_preference_variables.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_format.ps1xml.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions_advanced_parameters.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_History.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Core_Commands.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Reserved_Words.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_methods.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_aliases.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Arithmetic_Operators.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pipelines.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Ref.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsPhotoGallery.bmp 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_operators.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Return.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Foreach.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Automatic_Variables.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pssessions.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_trap.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_locations.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_transactions.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_History.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_WS-Management_Cmdlets.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_internationalization.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_script_internationalization.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_While.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Failure.gif 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_jobs.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_properties.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Continue.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Return.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_providers.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_profiles.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_data_sections.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_join.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_environment_variables.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Return.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_locations.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_scopes.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_data_sections.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_locations.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Foreach.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_job_details.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Comment_Based_Help.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Ref.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_jobs.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_type_operators.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_prompts.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Quoting_Rules.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Automatic_Variables.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Comparison_Operators.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Session_Configurations.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_transactions.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_join.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_operators.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_jobs.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Comment_Based_Help.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe -
resource yara_rule behavioral1/memory/1908-0-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/1908-4395-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/1908-4396-0x0000000000400000-0x000000000040C000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\background.gif 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\cpu.html 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1254.TXT 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10219_.GIF 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14996_.GIF 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime\TAB_ON.GIF 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked-loading.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_partly-cloudy.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInTray.gif 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01743_.GIF 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15056_.GIF 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\TAB_OFF.GIF 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\15.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BOLDSTRI\PREVIEW.GIF 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0295241.GIF 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0164153.JPG 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0321179.JPG 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana\TAB_ON.GIF 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\picturePuzzle.html 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_snow.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\PREVIEW.GIF 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382959.JPG 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01749_.GIF 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\COUPLER.WAV 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_disabled.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_right.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD19582_.GIF 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR9F.GIF 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01301_.GIF 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\AddToViewArrow.jpg 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\logo.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\de.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\pt.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\THMBNAIL.PNG 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01240_.GIF 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.PPT 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen\BUTTON.GIF 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\cpu.html 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SUMIPNTG\PREVIEW.GIF 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145168.JPG 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02028K.JPG 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\XmlFile.zip 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\base-docked.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\LoginDialogBackground.jpg 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_TexturedBlue.gif 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\tt.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_45286e597214a485\403-17.htm 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\8.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\Media\Windows Pop-up Blocked.wav 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\novelty.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-full_31bf3856ad364e35_6.1.7600.16385_none_ce3a164d3f0fa152\dotsdarkoverlay.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_679a6ba79b07a3c0\graph_over.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220\Windows Hardware Insert.wav 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992\Windows Hardware Fail.wav 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_job_details.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\dial.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\500.htm 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_45286e597214a485\500-17.htm 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-sports_31bf3856ad364e35_6.1.7600.16385_none_c1c84490c211896e\GoldRing.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\0.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_0dfaaaec65b0831b\corner.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-ehome-epgtos.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b661d7abc4d159c8\epgtos.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_divider.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked-loading.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_black_moon-waning-crescent.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_gray_thunderstorm.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-ringtonesamples_31bf3856ad364e35_6.1.7600.16385_none_135e536ebbe59c28\Ringtone 10.wma 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\7.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-babyboy_31bf3856ad364e35_6.1.7600.16385_none_f13596916b261f67\BabyBoyMainToNotesBackground.wmv 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_preference_variables.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_0dfaaaec65b0831b\bPrev-down.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_left_mousedown.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-full_31bf3856ad364e35_6.1.7600.16385_none_ce3a164d3f0fa152\15x15dot.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_WS-Management_Cmdlets.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287\Column.bmp 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_scripts.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\ehome\CreateDisc\Styles\NTSC\Symphony\Symphony\Symphony.psd 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-5.htm 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_pssession_details.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_do.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_Throw.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_black_few-showers.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\403-9.htm 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_4f7e32f76654bd3c\GreenBubbles.jpg 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_679a6ba79b07a3c0\triangle.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_join.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_execution_policies.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\4.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\undocked_black_hail.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-vignette_31bf3856ad364e35_6.1.7600.16385_none_cc1304de922cc585\NavigationRight_ButtonGraphic.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_properties.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_Comment_Based_Help.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\Media\Speech Off.wav 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_format.ps1xml.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked_black_moon-last-quarter.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_pssession_details.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-t..ied-chinese-quanpin_31bf3856ad364e35_6.1.7600.16385_none_f79af98021986eab\TableTextServiceSimplifiedQuanPin.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-e..eady_eula.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c4a3b307f7533c7e\playReady_eula_oem.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bPrev-hot.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\404-1.htm 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-flippage_31bf3856ad364e35_6.1.7600.16385_none_0f19716417635239\NavigationUp_SelectionSubpicture.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_WMI_Cmdlets.help.txt 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\Media\Delta\Windows Feed Discovered.wav 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220\Windows Error.wav 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_4b7bf556f6fe4db9\icon.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked_blue_snow.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_black_moon-waning-gibbous.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\modern_m.png 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CNQMBAAHYSYIOWJ\shell\open\command 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CNQMBAAHYSYIOWJ\shell 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CNQMBAAHYSYIOWJ\ = "CRYPTED!" 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CNQMBAAHYSYIOWJ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hXOylrsLTUL3Q5F.exe,0" 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CNQMBAAHYSYIOWJ\shell\open 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CNQMBAAHYSYIOWJ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hXOylrsLTUL3Q5F.exe" 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "CNQMBAAHYSYIOWJ" 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CNQMBAAHYSYIOWJ 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CNQMBAAHYSYIOWJ\DefaultIcon 56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1908
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
341B
MD5b3113e3ab84500749780d634f3e1c3bc
SHA1d35e4a1e7697fd6ede2eb3137bfcff7baf4e6a8f
SHA256edb385822ce4f0779227507653f446193a159502ad917776103c6c06c495acd9
SHA5126ebb64f4cc8a424dde8e330ef309d384f6eb652cf81c64783f5a356a7ce6738025fa545672dce9dc7c354c690bb13beed92ccf01a963988fdfc5de475cf8a3c1
-
Filesize
222B
MD588a9c7195f15f77e294188395c391db7
SHA195e77c223562928b58d5eb90e581e0a15c206efa
SHA25632fc28439ad1c4ef7ad4eb794dfb1de6b14a6a69b388a5adbd02ecf4d5a8e332
SHA51292ecea01ce3a15e311fdf11b0416d3a3396875009e780a8c4eede65fd53dee6f5d6a00ac9958ad92b886b9579586908fc268db677e9bb7e5a627d3595bc8514e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD51d5ccac2bacc2904f5d15e7ca3a061dc
SHA17e27355bb659f7032d3dedc81529089f4fe1f6f2
SHA25679662cd3149c55a25f4a135a931dd008ccca19f92b1fbf2c971054edc3cfa359
SHA5126a2b1a3bff3d502769df21d5df8c3af61c1b45511027934675ceef1804acc85631b54f8cd699c477a7b0521bea6486dd1ace434164e5e7daf0163a9c074f9070
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD55aec3bcd1008d9175b9406f8660fc7fa
SHA15146b6ebff441599622efccb9a5c7eca001bfa9d
SHA256bb3cef4fd260fe94e216f19e233c6d321095711fba79232184f88942b1bcdd13
SHA51242ba50bab598c5f7da85e292fa9d65229a384e375eb5ed3f8cd2ffbbb5f88464dff1c5a2df521f8cb26eed3bf6003cd9d2e5eaf56bf291794281493ef6d38957
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD5e589cee2ec8e8569befd78a28e496bd9
SHA14479c466d7e4110ed0813d9851aacedd5b079b46
SHA25684dc7c7a6e924bf53a69ae566005c7c071b7baddb0fcade338b523f3990898f1
SHA512b0b279e9effa2bcf92ca78891eed12fe06ccabaa9cef54f4ab47a41a181965bcfb77ea173ddd8375733f878ef39abcdbb957f5083e014a987b1a42020b2d8f68
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5eae9461ccf7a87fc914979a31b44c032
SHA11878c53d8dc6ff89621f7ccee0f9db80439b9726
SHA2564a52785c8bcdaf35757f2524e261b82f9445560407f6c05b1021fc4030bd0058
SHA512ec4233ea676c4a2d7bf66411c1ed23e1ed9376deda06bbe48896157ad3aef7f62eaa64d128e24a2f4ae6ce9f42dd04290b91bf3399289889fcb909be80a6f794
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD582053d854a62fb6e6b5bbe89c438e5a7
SHA191fb6f9a47a0e8de811e9eb1b147cf4a1b648520
SHA256a22c97b97af40bf3bfbe040051a13ca6ac6fe7e4699d4e859bcdf420d6a49dbf
SHA512956db45f8f1dc0a23b1991e1efbe44bc3976f26b23f8d46b4e121b246aedd807fba4d0879cb137ffc45bee14118a527be71b517582a623b4e787b7c49c130e32
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD5212252cea5a4009dbd51bee7f92b12d2
SHA117c705672ed2d4053072e8803c41c266adf8f81b
SHA256fe6753322c022beec87fec99993073478d95267c6943a4b081a61d6b1450ec7f
SHA51287facf973a23684659c767e2a87dc2a8094d092c2ecae668a1eff54a2ef59443348b3d17f3debc646ab5beb6a25e7521b4b751e469b25e4817e568feec23c794
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD5e9662870f58bb79094b62e80e91c5212
SHA17be52da3bb525c03bf8f8597e393e9832eb5dd67
SHA2565f2874e0082000718f26fbcc838a4679a6d11a574df97e9b0f66833941e19fd4
SHA5129c75fa7a1ddac5842f68d19f65e0ec2a1ade7eebc07b52d9816a5b7fb98fac57f8f9675b4055c8e70d3e3cc13bba2c89652aa8200aa7fe151eca0e0f88b3cb9b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD58e696408ba443d250e58dcf881c39389
SHA19d6dc9f6fff1a51d76930a75512653c1879ce206
SHA256f247e9403edaa5c899a47ad7950976399cc9ccf33dccf0f17de3b9a2e93135f9
SHA51293fb12b4b2b0112e7612bf9aebf6df30c48760824b4eb09ddb476b68bd480e178164aac2560e82d25557cbc91fd685a4e9892962b2e141133d5eef27ad514f31
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD5df621de161686da3a7e840b63a09e9b9
SHA15aa863907a0affa1dcf3ce72aec9b418104f195f
SHA256cfd4674ec758a2653ab5697222a37d34689faa1f8b60d4c3b3a613bf92692cce
SHA512abf55afee253606f0e5ef989eb8a29e1f20909fe661d05f38db3b40390569be1f2c21deb13eb9e17b149814e5e50ef73d229419469efea602255534b4a5094c0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD54c187b4289e2be7cbec2fdde8e95e0d3
SHA100c6a10e8c9cdd4b8dfbdcd2b1e6e6b296ce4f0c
SHA256e884206bb795d88ed2fc4bc694a38fba2bf9176c4f7ade51aa44a5f923c00479
SHA512db81d7fa888fff68daf99528d48251fd14623099b97e70a1d0e52e31c1102bb0631ba7b157a284700354b865fc84d9cfe932d41a7bf8e878d6b226c20a53329f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD58215e0d7f63deb3393c6383c63969f44
SHA118e835cb5902fc932c5f474f3cea48c7ff783679
SHA256c1693dbba918c06c00caf3217e832ea74d8bdbbe65d32e443463639454a7915c
SHA5126cc6876b54271d16517d2ef8939f3bd17c4da6c63b1d7fe6f6d59e7c05d50691a71a31722dd1f877579260ff34a868b0c25cb85bc29bf88c415b2d93286e1505
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD55db63241327ce17cc5b18cf817f4aac6
SHA1dfecc3dd17c2fe564f78c80cb425dbafb2fd3783
SHA256a809e8bb47a571f79b20a8fdb04b9e2c63439a7f18984069a052e87f4abf86f9
SHA512183f4463333d38eff2e548e293402617addce77b39070f7c71761e0475c05f8acb67aad417b3dfb0c85a72b73ffe08883555bc0eebee84e4ce8a3b573bc2d6a0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD53f091dca27f48f5766e45ceb55dedb27
SHA1281b1c57ee62c5aa01ef0c3465664a9d42344a76
SHA25618553169d02214641b804fcbfdb1c8916fed1edd85f72628d16ef82272646cc9
SHA512644512cb5a4c54153a4c1480ef3b5974e8c4ff75f6dfcbd074544d862dcdc260d9568dad51ff6f1c245fb4fc4868b036c901342ff1be634b2e18505cb6a2b756
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD5f17f156b5beab8b8e148cd2f5c64de53
SHA1479f2260c32699a6411c656ea190fbd2276352fd
SHA2564f8e4f3aa2fdf1a5e61875e0b6caa2a028f92467857f6ac3b26abb8429419a2e
SHA51202bdad6960d006625d668cb3da1288164fd6cf72d9c0bc9474d48544b266a14223a66af6ba6d3438a0761c190dbe0dc64166c797383a79d3f29df3b676a2d039
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD59fe36f382c8df4ba34902be49e46a2d7
SHA1c125499f9c64836b6ed1ecfae855530ad4a17a4b
SHA2564ed7e265deced70a7c952e5056eb4764ee729b50a6ce41120bb00e20bab02f40
SHA512cac0901e898dca9e9ea91ec98066917f087da2dfe8ce27a78f51021a655ec896d725e93025230e26903e81f5b4f384159b5d67ea9784cb87432479c73fd03d55
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD50947ef251310786a6424aed3fe8d1f3e
SHA19c71ed0f289af245efc9b129956ea24c16773f46
SHA2565194812c34f94ab5620ed488b58e60479ee06dbd86b211ac9e339f4f0a7fb683
SHA5123505355957f65e8734bd04a299596dde206c81bd33a7e9195c9245b4a6de6bf8de6c9b9d6b01b18c79a2d363f50b2092e671d8451b5f7f742c45a773d327bb6e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD56e7ea2e978083c043a9d3b10371e93b5
SHA1a5fed1f7332b47a414cb8104adb0fa1735ded72f
SHA256f1764e20d9581fff24b50a6128c6734802011db02d3bdb2aa47305384632f084
SHA5128815abc07a337446ab35774778793f78eb5c3764dd4c7710af3d4c4315d0e6e2898850233a6d6050065947c98dffd6f653abdb77428b244a3e15003cf00171db
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD58e9b55b1a49d9d8caba94616054bcee1
SHA1dda28e8369912762f2f6cf4c978ca82f3be80aad
SHA256d43d7baf217615fbde21be1799b34e88c8eb1bf06a32df836d896c7b1bea1343
SHA51291150e87f00c9b816429979339e0b7508d2a47c3484e0de6dfb2eb91ff41109ddb16db73aeb3be8843a7b41808b0c3a079ef9d552d65e0bc284914d0d0383756
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD5e81a7f243bd74630879d7ff05d4d18f0
SHA110c17cd87c1898df68a61e7cc3daa6901dac83ad
SHA2566fc99cf61a68dbb18bf4a64f93b4292729d3749de0aa7bd041eec54bf7fecb9e
SHA512024d0d58dbc900636615a2246cc58303cde950dea8360f9e6263424205a484f3bae11e52cb14227e3ed33a20ce04ee2063346a31110da8df5651e116775d2e13
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5eb7058ce90b57abefc014707e8a04173
SHA15ff9fc079c1e08fc714b6a4177395792a689fae6
SHA2568a965d093cb1552db0dd33063f6df6e7a7124ed362e82adf2d9a9edd5ff2bdb7
SHA5123267f060b37f438306c53b7c8e0429c4570943fd74d38f8fa9c8a3e75e370e48cb482ee611b9ab9ef1290a9c217e6f4044547ba00f1a6f408213797c42e121f7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD5d9752e142d5367b8d4ba5db5f2e63fb4
SHA1c38047bd589d1695ae4faf7d57b70991bbe8a181
SHA2564e082fc0399ed19afdcef26c7b896973f14da115f16f5060adf982aacb434a41
SHA51236e45be76eb9dbd89c935121da0e981c521df884e7a6f217086003bde5f472156cdcd548e8301cf04134380ca403e8a852ca02a071d6df290d582e18af5e37ed
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD54f14d4ebd25711dbab7ce6c37f08832c
SHA1f24523acce1b7e14130f54ac095f1bb8ffad7633
SHA256b036edb49bf3442e1434a1aae9005b5e782788d3a1119a2002b01d156c233a81
SHA51226ecf0980ea6d0087ef06403ea1fcce2f22406a647f0f0e208345f2991e6ae85f563db6d8f0185b24b5c66c77a0b3c24a854a8bbcc50ccdb6db902e34f580bb2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD592180a35894d1511d61f7a459bdbad8a
SHA16aa2a4ab5130195d8ff0fb89e0520fecee24691b
SHA256a2536623ea25ab0880a962f3d752830eb107897da071a808366326a66604fe30
SHA5129613564f370a16b50f01b219b485a6252371548c3b7ac839fca7c52da3c82e05efc57c4f6d3e3e25189cba62aa224156234006faf56e004807744929ca1a8275
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD5a3935c887f27a81aca420cb52a8774bf
SHA1647ae14ccca9b3a4704000616a18e2354054fe48
SHA2566fe9d6ea452c6b7488aad54cac242a4f8435b4a50024c33591c43ac6069c11ce
SHA512ce66392105f08fc808114cf3bc1edfa681552ed049265f733cd96eee630cac1b149b7dc3f4e36e088c0b6d18d2e4e489b5f43a046f39d0cf88c9a6a0902ada1c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD5894dc6f320e6eee3e2e84f38bf0bedae
SHA164f5dc3e7a2006bdcd1af6f3586367fc12a193a4
SHA256733ac640127447f8f6f334ecd68352f331fe9a9e905c170e3ef7e0968cb07f38
SHA5126fb00c80103c5603ae333868a5f70f21170b43859063dbdb84734fd3c4b5c7a6f05ba4f4b10f48b3093136698f8492f6634ab4931cdba5b80ad449f06589b49d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD534d2a5e62e198627b577dd9bf1194ab1
SHA103c69a7e220729f19b6317fa627d062957c59eef
SHA256ea77276a8b72a55c579d1fcdc80812034521fa3f0fd01b33f81508e71adc0aae
SHA5126297f977992e5d05f25027bc82a4b96971ef4e5fac665099a5c1151116d8daaec109c258806e4029f59d9776ae9b45a975cb4697787015e64c333297adf1a04b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD51e7b11991a31be3b4740c609980532f7
SHA15888caa1d5e8c2ed199c8a428322b08493577339
SHA256b243d2f27656ed510c4febfba1459b0516c0f093d6e5fb278a2181e318d7634c
SHA512dd689882d242dc1fa5e91b139035dc0377a75111aff7c34e1ac5a94fd4818278436750fbebb97bb13cef13e4e7b13566f59afecd733501109b45b940aac3f049
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD59b70e975981f9e44d5b1c6037980dddd
SHA131d4f981366bc5bd5e0d0e0e71d04456622b38e2
SHA256729dd7616ff198054a1d8435394c4fe2233efb9d362e7fda77ad75309fc1e031
SHA512e892ebb99cb4d313f49179c088fde45176c6f065302d617a4565d37323b563cfe60b9cd0bc2329580048dd7ade08f619b6b5fb9b777eb23733c13da64688a3f5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD589347f46d2b0bb7f589f672ba1fece6f
SHA1b422e9f9079a23d948c26ac1d61a2a8901a215ae
SHA25619f9907b5e68b73ddcafc8ba6159390eaff86207094c5d27ea6d4381b0c8bbb4
SHA5122b4058600ce589899fa217462fdd7eb12751b4642bb900a93c8ad2281cc383dcbc38390cca19a43ab51ce594a1708530866e8166c939bbf0364f078864441fbf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD54c8ab50687bfa5da65c14b00713a9c57
SHA1a8625c8c91721252b183eb28ac441fa6fd51d7a1
SHA256754672567937c07042ebb51f173eb0a1eeec6f629e8fd693272cab7a22cda9d2
SHA5123d264bcd7ae1ab4efdb1633544ea39a89c2dee41ecd6a069ba04e2bff6e692a02321b9ca5617e8d1ef651dfd51f3935439c4d278d6bd7edd1dd4bb66c98cabad
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD50a63ba702f9fab566b403442294cbb8a
SHA1b9991017fb1d7edf656da58f36192a2148fb86a2
SHA256fb49d608a72f1d9472f04f9acab5757a140b309bdb41b1eeadac4cf04a379755
SHA51293ad7e1a9d7d53f38c7b9d0f11bbc661fe49bb474cac07924638f1aceb11d8f3201ebfb88f20ef08907b1a703ce703c59b2b5b18ac676912700c1d2a17712c0a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD5103bf99a53f1218a40f7f2756e6efec0
SHA17b5c2bb27bd2c394aa542a913a8c0bd13f3deffd
SHA2562dc7dfc1b8a3e945fb0f35753f056eb7ec9bcebccd2d99c6181f0aa1da83f445
SHA512be094830bab947fe5932a3e56a5a7c907c91b17d5c416edfbe8fb882c8b494282dceebade5866df2a6110a4cb9ef92bd64dec476946bea8dc4f9ea7362911090
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD5879a7ea985844d8fc922268082be2360
SHA1748effd226782ba75912d233cc814367d1ed54a8
SHA25694c24e96a284c050138c1242e9b06de019239d4fa497716194d2b3ec20d1bfe8
SHA512ef517261a5e92739d9a3eda93f8a1aa379adc7a6e905819351abe62a6c9c7c7a3c1d89f5d8dab6bbcbc21ec06b9c0e123ed32d406cd27557ef8eba73a3012091
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD525d7105f58b16cf342c9de660fdc30ab
SHA16800357d10d2a623e4d025dca302de0768f389c6
SHA2560baf790a35beaaf113a98fa40d2ab76b39489a4478e427d72ce8a60e9d5d614a
SHA512febfed3568a1af3b807414976ec11840fc97e7a09162a4cc48b2f3846ec541316236fc955c6555e0d33042e4f6378e566f0de8e512dadb19ca1927cd764d63c5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD5b9710041512744300bfa68d9ecd6340b
SHA178ae6fe6c02ab8dc4f5bb8b72f9b678e94226c38
SHA256cb72152417e5a88bc197a5ee48cc3e8c807b095b81f1f90b7e7ba698facf5ea2
SHA512105ae009f18605108f550556a05b2e8c5fc0011d91ac1f433a564f07d8931438fce720d69fdafc97c3e25449a275f75bd37b2f9824eea3f4c128568547196be0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD52cf943667748d239adb4fb1dca4db5c0
SHA10907ef2570f2a38edfa4ab7f7fe35236feabdec5
SHA256cf21dc0ec7bbefd0657e055efb7ed4127e6ab631260a1e5066b5e19c62e4020d
SHA512b468684789221e0166a0134dbb06025ca11c07a876c8c24dc6c21ce1de025fa8bb03defa2cea3f5c898ad311efcc0345cf94ad9fe122e4b82b5f65c904ee6805
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD549f3fe3770bcdc777899ddb692c34252
SHA1f59f16d0417121608aa9ec3c21d940435b1fecf5
SHA256f42b2f2855636709259b00bb5166bc8155e7517492388b5f73912b8a8bee3f17
SHA512d07e14d8d04a751057436d21d161825fc082e07979ccf616df22d220f70968a7a97fb500f73025cf5630a2f05c31b67287abff1fda406bc75a5b06d27089ca8c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD5e20089c557145e20d11cca13bac93340
SHA17e99b5420cefdc9c38f39ced16ceeda79d7774c1
SHA2560df69f447e0c52759b667239edfee2b195b066f48f6ef3e31d27d82683023732
SHA5126500b43e08e8474e838faa0ec7063e76fa1a924ca1e2ce61dc74f80292cf66c9c746a90370cc05be79f3c49c252a92141a9e0a2c9b7fe4b20416de9d07836ca1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD59d715e286c636ad85b3478e9ce59a6b5
SHA142bd71eaddaaf7fb846aeda792d370cfd2c23597
SHA2564871b486ec51b916a6a49a1585fb3861f6ddf5ee56994267773ad8b78f58ac50
SHA512edb0b9c5c232a85fb2c59ba0b1a6c44697fcef8700a25a07d505f51f1a0f3fbf931d75b6874a85312b03b0dfc76dc713bb80649b922452792dbb4fa4a38c97c6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD5abcf39c19e072ba2cb18971093930ead
SHA1df1d989974a38945a183acefe3874d46b639da68
SHA256cc39ae067ec8457d9ea03a267579e2eadbea2260e39fb102619133f8c413db29
SHA512de31c79b6da6bbf5a41c425e0286135d094612df6d3cd4e3e39643bb2a8b75f1da6353464344d567bf82a4b283448e9e68d6022e5d0683fbe963d20076daf540
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD5bffc20ed29e5ff57e73905dd89e6e279
SHA1abcc591b93f695f76aecba7eb15e4c68a3120884
SHA256a6730a91582b85280257e5ce7f6088dc4dd5893012066d6c5223eea5c536a07b
SHA512952cf41e9f93fa935cbc4427728c6b949e6d513779a27cfce258093142f3bb09e7a00e560e69dde2287657d800d62f25d8b10db71daebdccef4048ab47139eff
-
Filesize
580B
MD5084216488f77196efde7f21d7f3a0952
SHA18b91a2ec3c3d261bda2312f9d54675ae70ffa888
SHA2569454e9554586b4c9f2da93917bd1492857a8b9e5aa8a19cc9f5b537c830ce8e9
SHA5126cc6e4722fc63086b4577939df6613f5d0d47a47458fd7226359d8dbf3ba3d92b33d8391367768d6cbdc747314dc007de929273cf3e46daa592c730014dd9e0c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD5a72cb261d64a17e309da554aa6151045
SHA10ecdf17e0c1861c8caafb47e5d5325bff6db6a82
SHA256ae558886f4a335ac460d4b479396c61136fcffdcc039425b5b2e9a65b672400f
SHA512fd276648edecf08667551c27b0d8cad0b4fe3355ed8171747a741e771b0ef759bb1b3ea3f6008cf8ac596d7feb60bb2882878152fa450a9f71463989f82d4651
-
Filesize
625B
MD56637fdc1611fe195eaa1380b84c3f51e
SHA1a3cb546f57eb17f4c0b8b1112691deb094d16e68
SHA256654bb7b1739f309a6fdf6a55e39684e727716ddd09310b0a5fa17ae08f673c70
SHA51247d3fc1df1557005e8bcbc6aeef4530ba6d6c8a056b9de614621d164ba74e937377de4525cb255edc39c2b56fd124ddce8c425c9efb599862487106b4c657596
-
Filesize
873B
MD5de8db3cf6d90f75fc0e9e96df982204b
SHA1f015dc5a3d8c4c57ed7c34fa0b45e1729dc923ce
SHA256d3ddbec855236c6efc91c3adbcdab5aabbde9b4058c466d1ebb676783ee43406
SHA5129323a3b5021ad8ff006428e2e63096de396888e40d08f1215345b591f5b42c044b1f5f5c4c09a12a22adbc6c00a5d8b38f4b7af05826d1ef51aa9eec52bcdb3a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD5be4e97cca10f1172a2f042a105128cc6
SHA1a301a6b9bafa758d95156040bb654de86e52661b
SHA256c1709149de098972e6097496e90ea57dc7421427e3461c77ad7e407e6d044e0e
SHA512d02c189ae6967a170e0773418ff3877b90ac876ac50f753abd20ff9e7b2f78564e732bb2543436b3910f2ba4dcb7119f268daf1c3566c2c279c412459a30d0a1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD51ff3b3134aa1d1beffccdeb9b7c864b0
SHA10eecab8f07746adcf8d8b2d074a21d74274157bd
SHA256b3349381c097b72bfd13e551219036317a82dc519ececc0d7b99b4c639b4e6b1
SHA5123878fd2e49ccf56d74540c3837e4e4f88d67cd6b467d7775cb7f73bd72a3d813d65a7d95e781d956a322db99dc5d7ac1534dda75d326b6ef9e4c121a5fe2ec2b
-
Filesize
615B
MD5765a7a610d242b96259d63ae2a7f6dae
SHA18551c53ec11f9d20e4d9b95adafad0fca7600911
SHA2562ab3deba2cc804f0a2d7c02e5fc682d294c1eb3ee7f0c62eb084b2440e414dde
SHA512bd71be714b539ed68153848f9e95c3e00a5f7e998201921290a5fff1739548d6a6db31edd7c8add7694fc6c8d1d82e4bbbb28d96ecbb978285da329bdb601dca
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD5d65b21a7427082a431acdf207c958373
SHA1201ee77c4b7bdf965e836f402fded2bc27b51c52
SHA256b04d00a913040796c3c2184a71a73f856143afa56bd8f42bfa665cf18f26ce83
SHA5128cea3bdf8a9b3334f7bfb4eb8e34ba7aea772b97d2b959108290f66616b724b7a6f6ca8f972287ff208896037f097939000319d2a7ebbc353dccdb0424cb5f5e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD545ffc0fee86af49da927d9f5de1f2fc5
SHA14c8d1a25273db177a369f1613daa5016584ba5c7
SHA256f0f2ed99b394e3e6455fde85648bb230dd84f5b819018943d8b67b4c45bd1a31
SHA5121d5a2d9896991b1aa21b04e19ff6e40c964cce368ae95bedfa59ea317243f64469678e2c5d71c90ddbdde2c891039948220f2d53756a8f38cc5bc51f844e00e6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD51776727f263d8712a8cd20a6cdfdd995
SHA12183e2a5e6e5e28a13caddef17c2b7f47b7c0b2e
SHA2565f2877c9f67bec805474ddfa085a9300fd6fb50cbad6ae2ac87dc40a2a4b0721
SHA5122a9e77f666f31c7472588c3ccdad6db82a81cc736e83bd0f0590b384254b04444bc7c891c2a09f26510ce6127847cefae376d70f85bb4de07bd8ec0bd7fbcfae
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD5892b60e6461234048777dcc2608635d2
SHA1c8abd66a689fe35110ddbfb2c734de01688e6f73
SHA256cea2db85c7137144c63a34972ae25c57bada198921ca7ba18ab03040d577bd69
SHA5122784d1fbe2384dac668867e75c89a9b21b171efe9a73a8c82f1d3885eea6354bcdb8f282faeee041e0765324f54b55e6ca068b997f67b9a48c1ab39b2eda7088
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD59aca5a4d9410d51a08bc3a9b7534f235
SHA1c7bb886559be30cbd5a18e2d56c3280e1c4e6094
SHA2561605f48870d7cffa29eadcd629ec2f41df45588ef12e6cf1862346fd45532aca
SHA51266504202f81ee34f167caa1745c573ac26d2315bfec1e6b90fd2188339bb748479f09ee703449ab0c700288d992827f4680fd78f5b90fc78a8bb1b732f01f0b1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD5bc4d330fc7d9f833d96a0a1383e5c769
SHA16cf76f8788262d9df68d0bb8c4f8f7566c700de1
SHA256edaebe1f84371bb86760971b3720387423f144a22b776df6697225f1aa18baed
SHA512242fcc93fc7eb2b7bc7c4bd8f64f5f6f70b5dba317f9b4c05d77afd3562f171337669fb011e05644cb7b84e8f3e87baf1c425056d4f6416f28a9f3ae3e61d012
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD5f1d60980bdfe607b0f4bf35ed1b30716
SHA1099717c9ab4eca9217fd4db5896e832af2321e87
SHA256bba860f6037b9e75b230d0d8ba3979b82850d4ca123491d2f231f86e4b4fb65b
SHA512fd2eef9af2162b04cf56b2a0d4d898a9564d264ecc2d3fe8437fd271409f03c418d58378f93d13c82eaf5e93302a709537c2ada1c99c088118093d4479956e3d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD571a4662941ae2cffa4c3d275e2a8b7a9
SHA1cb02854ccd33f7d676fda39fd9c260d6f5d6595f
SHA256968ac1f2c4697c12bd03f7f16db9b6429ec64c1e742a39cce09f735934ae4f8d
SHA51290c1d2088da2c5a3af58835729453368e3d2e15550e3e332a2dd322298185eaf27475529a57c5bc6f94f84361caabf087715a06f7ac524e9885bb93caa2d80dd
-
Filesize
153B
MD58eb9679fe485e4138cf824205b85ebc1
SHA1252553020e0cbe310b4f4cc31cb48257ad0014c7
SHA256099c42b3bff1eda068edb5f9d90a4f28fe8a9ceaf0f8347bbaa125db0adbd056
SHA5129257f090a3b631d2af07794242b363adf412701b61246cce4c793bc73adfb2fc40612176f566908f91a68d851f2bb542c906ca89ab1287bde0dac16d143f4b52
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD5349b2a249210fd7479b554ddc1646518
SHA1155d21b26c410232c5fe1f8ec08a1a39e79a6c4a
SHA256b370e954af6d5191c840bbd6c88c2485cb44bb0e9860bbf715d8ef7488adfaa6
SHA51211b73762ea4fd2dbfaa85f3ba88340a86925c7d9416003f62d808f69efd73c4fcca35bacaa45e10df9f62e383f3b20bcf3ed7ce9fec465e8ce1a026741b1d0b2
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD5b4c7fc9e13a336d5373eaf2e47627b6f
SHA14fbc1c5fe9dc56a702b7d390082132ab7e878f27
SHA256505d12ac0013b12c958246dbb27859058897a1d3bb73ddd547d588f8601ad127
SHA512e2832d42f692ac73b373f3852a8340432630d2bfbc457f92093f4721efa0a481566e6a18ef74a4c8d5969e9621eee987d53e9f51420b1c227daf3a840d1c61b7
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD5a763d07620563cf1e238a22c2d6af507
SHA1290890ddd67c84a9aa2e617dc3b74aa7c027a46b
SHA256c7dcd592e508a8a3e902b70da3c16144b200edade27eb056b8347d252aca81be
SHA5128e6bf066f79508a308ad44078edd97fed4f5b4ff0551b1757784917fbc022f39f4fbe7a7d9fb259712551a0f5cbf6169cc833f676efcaf312c9a3d491f059c5b
-
Filesize
109KB
MD5472052331588b044847a4128fcc43a9c
SHA1e7966542302fb97519ab6611210661db2aa3d2c8
SHA2560a4356884e447d373e6b6abe5470c26f38da4c806b083ebff48601443f19fb28
SHA512ebae863d20d8da82fbfcaf3e66c51797d43af63e3d6298329e9cb7a9f3b3310a69c11ff3fd23dac36e0434eda67c756ce74063b594b60ce7e42d888cfd7c86c7
-
Filesize
172KB
MD5351b192259f6f1b504541ee8308e3646
SHA17f203b5b2bcf21b8751f455bd33ef3360c3595df
SHA256c214201c660335213d296fe72a3f4ac3980981a8e30cf0d2256b489f9336bb45
SHA51273f2a6c6482896274b002d199d00661c3d1b2606678c61bb75b856a1cd58cbbeb4b9829f986430abda02dd414e6413fe10fbd9b48208b462866e6373bf1e4d6d
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD573ca24a98a2aefef67a7351fe88e6638
SHA1b8a77b9bf1c4e700b9137ebdaf4c0592375090ec
SHA25668781bb1fb18760a0669b1e793514738be32a77b8ac23137c3a7f6dcab08f42b
SHA5126b0d19b312b6de97e5eb720be1028939133acce8e461c756575c47e50e99f303de60ddf7a98b50e154600375e6b8137e8d11639a0bfacf5ff38bd989b6f69861
-
Filesize
49B
MD55fc260f6c91e5d2b3a55781f4fc4cee8
SHA1a2eddecf56742ad8e2e902cf280018b8d959d421
SHA2565f929ba9a52e20f177bb823565c73cc3087c38d04b5c820d36c7734c0edb9375
SHA5120e01b16d3ec5982596635a02ca8fe195862cb7da57e3f5628ec276d2a36745a0d25282250ed483817265af34de1ccfa7cdaacbc36f2f54857af4471f4d384b93
-
Filesize
21KB
MD52c2fd068f524e5332ae2a41cbf73e215
SHA1f30445437ec61564dbdc9bf21d4b4fb05487534d
SHA2561f15e91e8adc838e5b13fca6ad0b9cd0a328f0ce248a1e6d7c89099145f4adb8
SHA5121292abc99248a163d9f8264abc7676529806e6798c45eef23be803ad877e5c368f0910e90117e95418fda1fb146d63495efe0a2745b06f9e6077a86f9ec7c318
-
Filesize
1KB
MD53e825ae640ebb6a217ba73fb186bfb9e
SHA1a992f5f963475b82d789091eb5d8d5936c31afba
SHA25648707af175516503714c9c1d18049aae6f761ce6c7461d019b56075b34e8e6af
SHA512295b6f21759dd6d6beb5abcb1e1b8ce19b1e1ab238f249b0c3330a95c62d7fe7148a7d41695045eb04c95da1ffe14125146f98133247d605ced448506df627c2
-
Filesize
952B
MD5f2a50aa44ac7ad67c3bae09bdf0f96f7
SHA1aa88cc10af5f5bf5ed47190cd845c34c4d3accba
SHA256efed7f6bcda851d77befb1356828a48bd066424a34b22844c546f6fc4be8d3ec
SHA512148845d2b20a7cd9a59d31296cedab8c94cd0b329dc203d54fb71e07062c55b140078b13ed58402321512e69b20f39c1d9e652ba069a84d27057463e4f902208
-
Filesize
121B
MD51db11fa054d87d072bfd6faf3706c332
SHA1951c8db8d492e90de22cfa820e659601eec68f09
SHA2569e153915cb4b01c7b9f90ca97f7ac9cc6c7ab1c512b96c4bf1ea710ca681e54b
SHA51283aa19961b7a9bb51043b231eaaa8a2aad3fda4a42522b7e6c0b5f7740a8eaf0795695eec6dd7a1e05fc899d19f99c38886cad3c76606c84a8acaaf85e3b7268
-
Filesize
1KB
MD57f5581a9bcfc173f8937d19fab93ac4c
SHA1e382f0d322ff1f620d17fe83821c3380b9ce4bac
SHA25663b7929ab0b3c211bd6d3cc3b6b16d8a3972a349520bf8de1249a48a5a7451a5
SHA5128c0fcfef881f5571560f6d6c9682418e9b6331863515304794eaa81b51435a5561dccacf8beafa1e7a4d37c979116137a8e503b97380cdbe85eed2beedc6a28a
-
Filesize
8KB
MD5abe137245f71a180f3e9ede7bf5eb048
SHA1d9f6bc37736fd54cb40ce6498c3dfb25738b5f40
SHA25654eb68cde208b9a55aad49d3334a7e14f351e273924ca88954b4399d852d9859
SHA512a783747cb2152a299b78cae09d4f6c9824b7e0c1cca5e08f5f15344c6fa9220ae7005e5b312379959563d8b21016e84585540c4c63033a75cacb239a7856100b
-
Filesize
61B
MD572e459830915cf8fc0722bca6320b618
SHA11aadfd4275b90d355a33927591986964d4deece5
SHA2569613b092f5936e77c4260f4a678dda8bfd21129eba3729ebda3cddacf10d16dc
SHA512a3b740019564f52f253080972fe9c185d52f2faaf5030c082b3eb62499527aa209dbd77ca173027081ad2d01d45fd8568750481d5dd126a1edb0cf1ad6b71c34
-
Filesize
914B
MD5bc0c4da994ccb665866361bebcf17ac8
SHA163d0a222bc035b76993819c9ebffdc4bad085bf3
SHA25691a4d503a389cf45e9f6ce8a89e8bb314155e384d97d65e045e7e5b858e2489a
SHA51220a9041da76bddc2d9ffb6753363148228daf8232e653926bd0212a17685c5e5b2d5ef43acdc760ce48717c91e939cb24786f4467fc840573c0d9d9e4a910321
-
Filesize
90B
MD59be4657ef11e0132384fc50f1e8e2f80
SHA1ce29dc102bc67bab6d6120cc7019cedb33ed505f
SHA2561b7132f774775db013bdac4aec836337b167f061467c592cfd493a48029e7437
SHA51290bd47514eb0fc45e167044d8a0f9b4fd8ac256bd87ed5af790673217f4fe14386b8a582b1d4d9cb32c4d6f1dcb75f97b3bf9cb391eb0a8513edc6ff4a9f4131
-
Filesize
90B
MD55b8ee4d4ec5e95da39264d7a7a35e8de
SHA10490f3b102b8b3f762bca4680558a397491ebbcd
SHA2563b10306203fab8fca07279e2382aad28c2cab8585ac332fab9b0e85dfac5a4ae
SHA51294587978a3716c2af0d1a76383b12feed92f6b7f837f5deaf38283b9aa73f90a9c80cc5866c10dd5962dfb1bcda7373866b4d8e74ef68e337cac0872c6bacb92
-
Filesize
328B
MD565f073833626dce9ca83a3f96b8ef8d5
SHA11842ca57ea9bd96460f1c18c801ce14ce152c77f
SHA25674cbcc90e663f6a9783504c739f4645622f75fb5b5a675b6e3c6fed411b5f40a
SHA51200752dd370dd4c536b200f50034894a71bb11e4b88650474841951772fb83cadd1678ce26d5b9d2f079e2d9ec0454f358e139a767cf8af53a65a312aba748edf
-
Filesize
1KB
MD5e100d6c7dfd0a7da124c840fb938d371
SHA1e085f1e770d156e3020a087cefda22920e5b4fb0
SHA2565f07ef05809bde2683ea2fa0dffbdf895d6d3c6a254586f4e768b172bb6ea445
SHA512e5aaaf051f17af3f1b02c7e36c92e7b88e75d9307e23218b989727851f89e624bcdace20088cf1d6eb342b237ebbba1e767bd2ed9f0ddacd6f387698bcb591ea
-
Filesize
162B
MD5e7a18c2f4c8e3fe1161c942963ffaed7
SHA16bea4ce39343dac6fe9cde49f1009f048a2a081f
SHA256ddcd34fea2c0e57cb902d5c9b766c2559c45476ebc96567362ab1239567ead53
SHA51253f6f5c9a20703d573f4ce1bbd8e39741e1c3b7def7af52d32178bf01df349ca75b736a44d537da4fff8702d649f4ead1745280f3306198f155d7c9befe41f0b
-
Filesize
586B
MD58b4aad5ab3be8b7dc2b316d9e9a72d09
SHA14aa82277db081ad6c3cc63564fe654d946cc4f5c
SHA25673ba6ac2e33192f67e0db315a8846ed6bb7e2f464d2073680f4df2d312d75dfd
SHA5127d28af845e1016a0baf3398c4ff072dce9001696328a7c153718ea4c63b3c592257e11e2c454d0901fd464357a9052863b0d4abc8b96a2184fdcdf149a824976
-
Filesize
124B
MD5fbe3ca6cc8d02b36a698c2db5aba23d0
SHA1d5bb63249d6c94daedaa90fbe2a758cda2715b1d
SHA25636c4eae63ef34898cd6ef68aebff4b5079d066dfd0adaa9eec83bb632d8be612
SHA51252dae005c4d6cfb16a47d360b88103049152cb655d2100604fbe5002f96668f43894bc9fcfe7785e654ca88a03ffaac42fdc73b5e04b24c81a0cab483264d2f6
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD5eb86f6ffd10185099854555729c99877
SHA150df23407cf5d1d7a8ffb416d1b2b251402e4eb4
SHA256500d4d101755ea3371cc5d23e1aaba43dafb1ad6785ccacc55c6a3b3dd2a3e47
SHA512a255a34190e5f6e31baab779d98ce2aa0278e1c9a596191d331d26ffc8233e456e6abc69bffbb087ede1fa348af5ff57a9244e73759ea9eaa30f9faebaedc9d2
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD56c9c54935663f5553c20dace59be3ceb
SHA1db790a94c7a17c9142cec1ad24bae09afc287a1a
SHA2565c9fd85b311ba4fd9abe764191ee7ae7b75e2e88846569ed559d3dfdd8ced093
SHA512d33ab45f54dbd80bab13f18a14e636860459659e409176442ae50a3d5bd3516692d5619dcf78b17f43594b168bfd3552bb2ddaa053d90033f9cdb8d4716e71b6
-
Filesize
8KB
MD56dfedf5bfdf93927fa00a057458eb430
SHA1a745b2ebba2a9d5dc88d6da8c04c0241ad1ea2ae
SHA256957fc49c227913ed05a41b22bf4554767b31f07a9f0a72d67fc814bc162b0671
SHA512bfe627aab1de05df811c5827dd5e1bea5b51978599c538571fb031e6a6066fc3065e5e94d2d9047b288c2e5fa6da34dc5e5b40d30d2c483d894c5357498f0d53
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD5f35cc3f590d17d9d05af3a3acd5ad77d
SHA1a59367e54e1a352357d8994bab3d86a5d7f0f22c
SHA256ddd0ce99ad7959ed9116a1ab2a22ace8e2b1a6fc6009630609e69e8e2a8427e4
SHA5123e8265522874af4b1033dff9ddb7d5f2ffc1e5a9eddc3472ba095f7a2e29236fc1182523bc259e5909a9e66e5e73a860cfe6b413fce828dd79b7f445c6c0af09
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD5681c0f8b85f40430dfc76dd8e758c97d
SHA1109a6f3339f3c3b242811fbee27e59046ac7d356
SHA2562e0c9fa07b7f3816d7ae96c40780dc45ecb505eb9eeff5da4da8c66aba8c3c61
SHA512b84f57bbb4cfd8babc5a15d74e45c811412f666e7c0a1f71608116c1daf68f373246a5ce2ced8a7ef5ad3857afb589b2efba3073bf67ebf5ad29713374244e32
-
Filesize
880B
MD54c8df2cb1d68e9e259353844a635e39b
SHA19c4b6acf493fc9cde5c9d8ed47a6f74a45fbcaca
SHA25630be586a98fb440ec309d5f003b2c9df154ff83d823a6af9aa27d2b1ba6c31a2
SHA51224d9ab48284de9cabd5f2afc29e76069dd4d9d7e3d21593882727b0bfeeff561f8d98a3ea4602d1e55884131f0385415e30fd71b71d8946df4361be5ae758589