Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
19-10-2024 10:02
Behavioral task
behavioral1
Sample
5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe
-
Size
175KB
-
MD5
5c163ae67a1ca838fed2a2b66048db06
-
SHA1
312b2a1e7c0e2633018b88b0f400e37517b91c15
-
SHA256
aeccddc1c218b341c0e861af48b6cb19798ea9747e04a306e9383304dba035bc
-
SHA512
ec4452d42bd7df850426dd7dd1290e37cb867de7140010e2b2d673ab170964df8ee965fb28c1b81ca194be9dfaf6d80d43dbd2214f71438469d91826ab36d537
-
SSDEEP
1536:eODQD3wWg8bBJda0+563xKBB2YoQ+K+eeNEGDYAu0u9KpuJcyJdJnlOtw0J:lQbt+5+Y5+teIEGDYATu9XPnlmw0J
Malware Config
Signatures
-
Renames multiple (2312) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\YF6kL11GD7aVr16.exe" 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\prnlx004.inf_amd64_neutral_2cf95f307381e481\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_profiles.help.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmcdp.inf_amd64_neutral_170c11f3a6d3f0a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netbvbda.inf_amd64_neutral_2bfa4ea57bd5d74a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wiaep002.inf_amd64_neutral_0a982dec66379cb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\SysWOW64\WCN\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_eventlogs.help.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_trap.help.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_preference_variables.help.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00a.inf_amd64_neutral_d64d696193e69d7b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wsdprint.inf_amd64_neutral_f91980f20f3112ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_hash_tables.help.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdminfot.inf_amd64_neutral_fc6bcd80e9e6a3c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnttp.inf_amd64_neutral_18b899bdc8a755fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\it-IT\erofflps.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\AppInstalled.gif 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\System.gif 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_prompts.help.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Switch.help.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmlasat.inf_amd64_neutral_bc1469ba40fe2114\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Break.help.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_If.help.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\angel264.inf_amd64_neutral_04b54b6322607cce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmcomp.inf_amd64_neutral_e5ca2f01ca47bddb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Redirection.help.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_hash_tables.help.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hpoa1ss.inf_amd64_neutral_8cae09a2238d64e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa4.inf_amd64_neutral_6e97842bb8d9e6a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Line_Editing.help.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00d.inf_amd64_neutral_0600b2ba575729f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\SysWOW64\lv-LV\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_jobs.help.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\igdlh.inf_amd64_neutral_54a12b57f547d08e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00y.inf_amd64_neutral_64560c72e81f6ad7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmairte.inf_amd64_neutral_0feacd08cb9c7fe3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Assignment_Operators.help.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnis3t.inf_amd64_neutral_857ff0fa9c73850a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00d.inf_amd64_neutral_0600b2ba575729f4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnle003.inf_amd64_neutral_c61883abf66ddb39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\SysWOW64\IME\IMESC5\applets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\WSMT\rras\replacementmanifests\Microsoft-Windows-RasApi-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\SpeechUX\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Reserved_Words.help.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Networking-MPSSVC-Svc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Core_Commands.help.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep00l.inf_amd64_neutral_f1fa021d2221e2c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0008\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\SysWOW64\wbem\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Session_Configurations.help.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Variables.help.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netmyk00.inf_amd64_neutral_9c0c35afdddc16d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_locations.help.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\image.inf_amd64_neutral_4a983035eaabe2f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\lsi_fc.inf_amd64_neutral_a7088f3644ca646a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ilnnadffillnacff.bmp" 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\BUTTON.JPG 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABMASK.BMP 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\More Games\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_h.png 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\navBack.png 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR15F.GIF 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer.png 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter.png 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Program Files\Java\jre7\lib\management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR46F.GIF 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\TAB_OFF.GIF 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01240_.GIF 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\arrow.png 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_alignright.gif 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\ended_review_or_form.gif 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\Adobe AIR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\weather.html 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\currency.html 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14829_.GIF 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Solitaire\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_settings.png 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPrintTemplateRTL.html 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\cpu.html 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382959.JPG 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0214098.WAV 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-disable.png 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\PREVIEW.GIF 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\SEARCH.GIF 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14654_.GIF 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14755_.GIF 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\DOCL.ICO 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\SHOVEL.WAV 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_windy.png 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_up.png 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Library\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\drag.png 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10302_.GIF 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\HEADER.GIF 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_m.png 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\weather.html 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\x86_microsoft-windows-i..migration.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8d1e36ffcb0f0361\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-a..structure.resources_31bf3856ad364e35_6.1.7600.16385_es-es_43ae5084cd25d8b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..andgroups.resources_31bf3856ad364e35_6.1.7600.16385_it-it_fc3efc42837b1f46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-iesecuritydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_f28b13d21e65b224\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-r..bilityanalysisrules_31bf3856ad364e35_6.1.7601.17514_none_28faa4edfde69b42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\x86_netfx35cdf-cdf_mof_files_31bf3856ad364e35_6.1.7600.16385_none_9a2d3ee4e155154f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_server-help-chm.qos.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b4dbc9dcf3b47928\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-getmac_31bf3856ad364e35_6.1.7600.16385_none_0bd4ecde034ea7da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..-components-jettext_31bf3856ad364e35_6.1.7600.16385_none_067df6b907b9fe71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-r..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5ce8cc353cb724be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..yle-specialoccasion_31bf3856ad364e35_6.1.7600.16385_none_01242a21ddccaf3b\SpecialNavigationLeft_ButtonGraphic.png 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..ystem-web.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0c773247e275eda3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-photoviewer.resources_31bf3856ad364e35_6.1.7600.16385_it-it_07fe7ecf1a266703\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-workstationservice_31bf3856ad364e35_6.1.7601.17514_none_2a601d5ced714bb5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-a..core-base.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c5ebc31e0daac1f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-babyboy_31bf3856ad364e35_6.1.7600.16385_none_f13596916b261f67\BabyBoyMainToScenesBackground.wmv 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-quirky_31bf3856ad364e35_6.1.7600.16385_none_e55404efe49bb9cb\Windows User Account Control.wav 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2f0450e0d355cdbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-stickynotes.resources_31bf3856ad364e35_6.1.7600.16385_es-es_564acb695a8c7ea7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\x86_networking-mpssvc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6b1807443a2e22bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_mdmgl005.inf_31bf3856ad364e35_6.1.7600.16385_none_cedc019a9436ccfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_142db74b6d89628d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.1.7601.17514_none_f20ae427dbae4faf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.ApplicationId.RuleWizard.Resources\6.1.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-photosamples.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b502a62ac370cd05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.1.7600.16385_none_c6aaf278f1332711\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-mmres_31bf3856ad364e35_6.1.7600.16385_none_bacb7329f882f019\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\square_dot.png 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-h..p-listsvc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b7939e238289bc86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..-mdac-rds-shape-dll_31bf3856ad364e35_6.1.7600.16385_none_cfe5c5221e722874\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_blbdrive.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_aaec62abe07cf649\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_fdssdp_31bf3856ad364e35_6.1.7600.16385_none_96d2e43e8def6808\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\4.png 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-irmon.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ed7d6601f1dd220c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-shadowcopywmiprovider_31bf3856ad364e35_6.1.7600.16385_none_0c3203245bb07822\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\msil_microsoft.build.engine.resources_b03f5f7f11d50a3a_6.1.7600.16385_it-it_e35d5cdc18bd324e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-p..n-cmdline.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3644e0272d21fdf6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..extension.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_82db2f021402d819\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..nvservice.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a37364712fa6d3ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\401-3.htm 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-rasctrs.resources_31bf3856ad364e35_6.1.7600.16385_es-es_264375172c48afbe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-a..leshooter.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bdadfd83b0b6c2d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-sysdmremote.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0c1eb55b02681305\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-uianimation.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3dd1cb9a2943d5bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_48ab2da59753f08b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b5799ff47b17c78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-n..orkcenter.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3faa671a376a6a56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnlx004.inf_31bf3856ad364e35_6.1.7600.16385_none_48b53049f85347d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-ntshrui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_011bf33454c3b8a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_de-de_be43aea76b666dfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-msinfo32-exe.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e33bdb264cfae72b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-a..apc-layer.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f49d36a560966648\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-o..ct-picker.resources_31bf3856ad364e35_6.1.7601.17514_de-de_bfe995c4ff325211\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.Resources\6.1.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\inf\UGTHRSVC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\1036\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_brmfcmdm.inf_31bf3856ad364e35_6.1.7600.16385_none_d5714398a0c68fde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_fdphost.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_93beea9328d99c35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-fax-service.resources_31bf3856ad364e35_6.1.7600.16385_es-es_36ac3b1d0f7c9dc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..nalservices-utildll_31bf3856ad364e35_6.1.7601.17514_none_138553d0ef80e052\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehitvhost_31bf3856ad364e35_6.1.7600.16385_none_70ce67661abe81ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GYSRCXWMFRFSUPU\shell\open 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "GYSRCXWMFRFSUPU" 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GYSRCXWMFRFSUPU 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GYSRCXWMFRFSUPU\ = "CRYPTED!" 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GYSRCXWMFRFSUPU\DefaultIcon 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GYSRCXWMFRFSUPU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\YF6kL11GD7aVr16.exe,0" 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GYSRCXWMFRFSUPU\shell\open\command 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GYSRCXWMFRFSUPU\shell 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GYSRCXWMFRFSUPU\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\YF6kL11GD7aVr16.exe" 5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5c163ae67a1ca838fed2a2b66048db06_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2372
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
553B
MD561503d650ceea0789ac070f9f74d7d14
SHA1743fe84eda55e3000fa28d8ea496288299aad57d
SHA256aceb3adebe48b13b6dd075e56651e041e75e15bb657b16e37768e5f151c83519
SHA51265b6e279616e051709f9cd244fb8172ac31ec955246c7b3da8459ef050ea7f9ef6329405853476ad85ae8b8456edcee9d6aca0032b55860eba393c36660843d5
-
Filesize
341B
MD534077c9ee98425639d4a01725332063c
SHA1dd127492161730a3fe4079828710fe0e133aafbc
SHA256fd05647648896257876ca341152f260dca12b04567657f0f0083fed318a08296
SHA512d2237a76e45e7e7030ec4205e207ffde0c8162bb027694e0e68f7fe7f311a5dd7fc4b86041873518513e7f83e86c281af7ba0dc543eeb16aed10dc7bcdd21136
-
Filesize
222B
MD572853901ac89965d991df449e5c59aa5
SHA104d425d335c9948d29730463ce756178f4bccb1d
SHA256934b6ae4a6d15bb19beca99c9235b2e464cbc0ea61e37abba58ced326ba19287
SHA512258f2de63f5b35a06eebcacaf19715537132d2621bb73a8a95eb4c1cdf32e1e12f0eb2ae9d5dc177235e1e00cd3901a7a633894ecacd0b210bd2a0b0dafd3339
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD5fa41e5c67ed7b4c2db1b4836814f4e7b
SHA18b14596a245bedc3563fbb6a94c694c3135e8731
SHA256990a90284b56026959018cb77998f2eaba663f930637900f5a2ef5639b3a8b56
SHA5122d42116ba93c5c459d94dff81b238d1be19c986753d494c35bfb2fb297499f2d085fde316d1fbe487562937013a323080065b2ec57bdedec53c0d6dbef1fa420
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD561f804b473c37b51f85f4091341efdcc
SHA15f865221f78b7a35bedccc391362c74a4eb9e584
SHA256db85e568edc306f9d86e8fd1d0707a2938b288b126d204576c60302351aecffd
SHA5121f40592ea3a4d39327ff8677bc9e868951b37f288a6f1bb1536666b48623aa51177431b4b45033416a95f52c3be4361f02e0bd346b4c8899cc8d25366a9f8b72
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD5b6e213c834d57362c208670509f93f0b
SHA1c94309ce3ba49a6900c82c6d3237a268fc4c645e
SHA2565962ae961c27d441251b1917ebbceda2a1f881ec1f808292ba3b02de243347ba
SHA512914ae218c5758b1130d112fb1acfef5de4895f091b21865b2075fd7093329bde97e9a610d9fc3910f466fd3c3826bc85175d55363751b62941cc091b58296e1d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD50c82eaebd0c7b4babd02a1df74140706
SHA113ebd43c4caa9ed30de43f31ce2c449f072bd1f4
SHA2564108eb5d0e13d7a6315d07888921df7839e3f3eded4dc37ea74c34812efa1fb4
SHA5121f3429309387272570db482a4791ccc39c91062cee2ea3d8cee9a9f7615eb1c70fc134490e5bef8492e13d2721aeb4d29e41a1fe7aa86470fc8193d7ea12f3a4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD52eee9a28cfb427d91760a16691a2fa03
SHA1d12c06b056dd2fb8fe24a416a52ad0365e02dba4
SHA256f3ece13de35d7251c90c507b11dc4a58118bd9bdd05dc927f4948f6cc79a15d6
SHA512848f9f371ffbb0cba9ba22dfc217401f8085badb04b046e9f9ff3a29393ad78cb135d8d9eaf9007452d39d247b83767c08d69aad705cb6d913a10942a90aa532
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD5b4b897385adf6ed0494b0c6858d02a49
SHA19c41f3dd27ef4e6251890e3ee8c0bcd146868dbc
SHA2569ad868177e4d80f8b1f1dd4bbb7b323d76e900dfd4495f1268df8fd13bc46886
SHA512fee4a45d9c5dcc3c7e2e92e3a7de14c4320fdcc15400b708f30901c9b69ea8ae779a4fbf4005046538d007a8ed6d58ba8e85bb0870515f3fab6abd729b31e3aa
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD5ef021a4ac9db11f4560e910a98c58a3c
SHA1c9ee390d8d80250819bcee5d765c5e77b0aa652f
SHA25678de9be46a19fac4f5ce1a83e11dc25bf043285e958050db3f23b8651ad59ccd
SHA512f8b99b09dbb2031260606a12365120b45a1fafed4c5518fbedeeb7b27ea21052716a3b2fc8703604e96af90b9b4ac57e749fa24286174528bb9e5197357f8633
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD5cfbd8c40e7c19c16b59e32f071d9f8a7
SHA11f8489725c958c3804ce803b7620c3be2984c421
SHA256cc629807b1f4c91843c66d06e61c5b06fae0afad06cc977de5e31589d1431af6
SHA512162b1ddcc2a9db8660e25f6e79792ca3be2e5da189c825466f05a2599404a3cbdec15e7b7a82a3097672bc99732547da8b6fa8db1554aaf5aac8aa2c5685cbd9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD569dbd3357638ad23ba2e14918ee71904
SHA1cc683d8878005b3a3a06648877e1aada92e040ee
SHA256cfdc8cd5434afb5ace50a746f3610d5df7f6eb1fa635a456740b79cfeb7409f7
SHA51240488a2a3a4b0a8b0c1dff0b4eceebf7dcf876c6406508741e3cd7984426df2e5c78d26e787d30b4008f22aafa509cfa5bc30a0c79b6d1fdfbe115654cb31687
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD5db6397439fad7bdef5b502fbb6cc9dd1
SHA19c3c2b299d5a211af181f329668cb30327918797
SHA25660ed46e6197449a2cb802583c4f57d4d1afc1054a43d719ead72cf58ab063ac4
SHA512db41413585a4a3ad1d1574dceb0c23e2a0b2bd09c9d6acee0b836fad1750d993489ca68e31a2135643b86bb8424c7c334759ab34d76174d5d0967bf56467a188
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD58d2094212d3be2505246066139cc30a2
SHA1e39515838674feea0e7f2246c6ce522c65255e9e
SHA256876108dfcfdad7c6aec81f4899b3d770f4c6ae3b5d8968dd5dc1f9cd01d3efa5
SHA512a6da6a1c518c0c60797987c21f05617999b180351b5d972f2b33b426eaf1319c6165c51d7b191edac6654ef6894a5790de58ac1ddc108807f2bad2b8bc668037
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD5a0a85444e25bf225624cafd464656e27
SHA15179d2a7b2f3194a621529a3c32b4aafb98d56d3
SHA256c773490c72f01c9d4ca0868d9b88b0be509d7a6b2e9d83a08aee950c72cb21b4
SHA512b9729e6f65736afac57a52804d2fe04e8fec24a8a60878475bbf98be17a78d75960ddc80a0c498f110606a9277f88ed2bd9724869ae13eeec8be828cbeec4b34
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD5567efe0f6523e51a01a118ea812dab68
SHA1c0ffcbb6e32c661c0294f255ed56372f7573b93e
SHA25601278c8def9c5378533db592c925fd28c7eb997a9ca8a0b6745d5db1d7fcf5f2
SHA512ce88af8e6b2b4b969ba1fe5f1c9c57d127df379a78c264626dbcab4d43968f520564e30f461c8297290ad94c236417b3ed7095726aa7096750618f029d098a03
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD52e3f615cc6d66ae96744e283340a5efa
SHA101c8b15419cb6ab9636a550bcc29bb808acd0a6b
SHA256bb5431916d89615f54411a12f352661bcabf31f476c4741d4215f977ca5a67d4
SHA5124a1232f8886aa63fd4fe365970a7cf124bbc2376ece5947b38eb2decda61066ed37313ca98bb069e81600c0628dfa36fc2ad0896a548fd60402d04d69526f232
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD53c3f5e06e082d95f830045d6c67957ad
SHA1835fcc1cd21bf95b919b994642bf7c141b460114
SHA25619c5ec8b29f006a1ceb0bfd7a29faf0054ffe5811ebc4f33da5cc2662bdaeaf3
SHA512465d5579af26c337db8982e7c82ef1e82041121f8f25e6449ad6b3e55d9a4c1e042b73a7adeec94910732529d9c4f92c0d8c50c7954bc067139726dbbfeac16e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD52da4966491c68ad1328564c880742506
SHA18e7aa993bbe99de56fcca0adf42870e52eb3c0de
SHA256be1ea5beff65da04374c4f010321642f772131298f64eed7091e0f82068edc00
SHA5125923bdd3449b65d24b0c8490ab5847b5d20074c095a165b8642aef69c08d944de743ec93585690ae84f880bd07e0a0a45af23cd644f0ede131f6268eb069b252
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD5119d5b1a6527d66ee68b24fc5b26fe25
SHA12af7fdf28b2eb4d108a147d60507e768e2700946
SHA256cae3cca7356770569cb7e6961e51a697e049a47427f574630e888d48ba7df0e2
SHA5125d56548c730ac9134fecee260ba7f54442cbfbfd980fdfe402075451449d6f042f894c983ae06c34187477a96875e8297f6ab5a01ffac92a0db4304770715438
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD5c6fae0478137e75f2268c4a863eecea0
SHA148c7a043d2eb570b1e24ca6f6e6653ecbd31deba
SHA2562f471e1828f5b332fb1cb039d45761e33ff50aa2a03560be247f8bb9c44181b8
SHA512b06183c37aaa2c4e22f19977c76529aad87b1213f3a1e77284cae86f17bcef1a8bdec5eac1820895812e126ec1636412c028f8317ce1c2fcbbcda40e993676d0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD5c869aada9d7d0ca28d24a75e661273ba
SHA1613906f8e16b6b1e12d124f75ffcedefec96d726
SHA256e76befd7e7dd4c8938cb4012464491cc2530913f4b691f76ad5cd5e5edbe5e15
SHA5126b656126c4dc2e5c3fb484eb435357a8f2af3dc2b035226eaa89593369fe1330b500570651f3b324b0edf0c02805aa63aec7aec9e815595e8fad4de6e4248840
-
Filesize
318B
MD5616dd3db69969e78a66b35ec3a104d41
SHA1c5845ce6b507849a2227ad38f8194611e5f7a990
SHA256b641b65f1fe84e2bed7b71cb57b6ab507e2a655f8433c90e5e844c47a60ec479
SHA51201e8a77629aa3aa9efbe0a4f7528ce537fca4cf92672eaf4197bef996374706857dfcc6cf8cb8b2cd4152f3c461fb0415f412c086bd86cd6a32b4101c6e60493
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD503f85e09afa8136d15475d0fdf26d609
SHA1672f6ff830e21b8c417793c570d3e7e929469971
SHA2565f5c3ad7e34eed35186b0ff20cbbdbb5f0444621fd014e5a796349c18ce012fd
SHA51268afe641473b4f4fecc86bdb3428d8e4ec9782e76ac21eeb1d55b5cc1ad9ae2ac51084cf6fc55a2689625c6eb6d84f50dac52292f423b788cfa336ea21a702a7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD5f24578044d01b9ee8d356f88fc435649
SHA1d7f13896c5b423f614f882bfbdf6151391ee3eb0
SHA256e1c15af1ee631e47b0c17d70b511a03595e5abb8a23627bc45668816ed54ba72
SHA512fca1bec0600c78108d1547da99728325bc35e40db6f02a237705db615b8dbdc3989c2738f9e7745827dc029b707e5effda602a98b2056c6ad76a78619f789041
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD55fd6e8306bbe144e92c68da59e54793d
SHA1ea23e5b9633556d5f2b2001e41d66125d67aee6b
SHA2563b1427294b644f97762e77c6eba051c6423b378a110bd8fb7004ebdc17a16679
SHA512be0358c5253dcb2eebb2bc868a69df367796a0a46e15775d6026889bcabd8cf055179248169ddb86ba3e0c4740f4c44edb66512028aab68b542b33f86e3d158d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD544b43c0d89e4a46fd6e001edc570cc79
SHA1a6096d79b1e6220fe9c6ec4d7d94c67037c04d3a
SHA2566efd8d80685383315da69dfd5faef9b9cab5b61a073a57320bf50e24e977f008
SHA5128efb792e2f9123c8ea86b0184f60d58f8ecf4c4ecab539f330c9baf6ed732b791e5c5363b4f1970ccdfe66b596ef47364e8870831cbfd0eb51b257088951a4c7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD570ace789d8688280867368ba71aa361f
SHA116767f376771fa83ff185b3ce36a1e675f5061df
SHA256e386d97f6f167db0cc82a88ee3739e70daffe952de2a81261f40d2f0a16933f8
SHA512745d4b68004979452dc1811936c8a4b7832243ed70cf70f05817a0ed657e07f2af9e2b9728fed9ef3503a2a0798868f64934e577ee289c6a076c9f557a5c3bc6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD5a70080ca39f9e49d4569d7bf381be53c
SHA1974409de8f6bd3f279bb6557176432ce3be6cb30
SHA2566d836a1a0d29d7db4d8e8b5eb3534139ddf8b4657f3f1f0f151dc00ba95225a5
SHA5126f0c2c66e05e2ccc2932bd25ef513199a799b8d86bab4ed64345b52678b56c130db12e0fe6f3a5dc234b79f986955bb5a3cebb3d90cbaf25e342f3b31371e95d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD52e65fbf64be23ccaaa2fd8f5bcb473c5
SHA17dbfd4fb1d2ec228dff1769d0d80c890f66262a3
SHA25650637d6c1c40f20375e72f49be74c572564199259fa1045721274936348ada77
SHA51238774506583dcd07f540881c21a415d05b3248bdb0dc302a8905b08b2ebbd4ec1f1d93e0eca28a0796a91fb6452434c4e3c0e8f4e8f59a364a8b2966698d1068
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD5fbe493fedc3968c1f15b3d3be86449e0
SHA1f1c2622bdb275e09864a6628130d8bca2dcc9135
SHA2567baa401bee188e12d79bfb910a82cac263a7fd05ba920483c116d40c70e6ae0f
SHA5123ec506a9ce09315f737d296c4b9df008f7a66ce1df6099adf95753b42a4c8ebfb5b5be67e81f6745e861630f7ed5ee171a0c6af0d6b04a1405469086f37d864c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD5a2bd481c6f7ea4a98719873b75688777
SHA1c2470fae61912b3ac6ea57afeeb8633f91b227ab
SHA256bb05295b004c7ab4b0a660cb8c118b22665c8d2e9ddc341c8c1c9255d4360e06
SHA51294cbe47066d26e061309e10e1ea6dbf8036a4a609c8adb5f336d3239460ba5499fe65887d3b8398ae35103feffa8ce0ccf54c28ceecb322b995b517d8cf808c4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD597795811e15e56f3d886c4cf1b6109f2
SHA1f673a3b69b90bd9f353bb8b28586830773083080
SHA256510be2bd6484904abc5ca9f24da5e35af41b969919350fc3363b842b2967efc5
SHA512cd7f7317b8957c8f390e42d3757eb4b9518d2e7cab1b3593177f297e8446c9fe92450f92c31c0eeb9c031b279bf8c09bb53086edb0994dfc3a21201fa9839614
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD51b3538d7755d4000ebe2ea836551ad8a
SHA1bae3224509efdc0726ca7f82f764f52ed7827622
SHA256987259f06cd4157a516c2a216bedffc8e515927d00516bb098d733299054d0bc
SHA5126edb6f53172e51dedec0b9b66cc65f950ad10503d5f54565cb85a38649b7554fbc00e609f4a6841d570a4965cb4fb8154d71f97af02af192ff220bc81f28286c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD5aa4403163868001dfb4d38ac2d5799ba
SHA1d5f9e955cd1f14f650020d42b797cb2f9f1d8571
SHA256ddbb028aa3c7909d9b8923238c30d50cefee6bd1b3763a040bc67353ebdf2be2
SHA51231f7065f961034dcb08ba51afe7b5becbeb04200aebe3f5741a35ea8eca9674063230176b80fff93878e3a89c448ccac8ce775ce12e7fd8e1daa54249280f2e6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD543a04aa41fd57e6c51a2b8ac833971c2
SHA11f1069ea1dfc252acf312c4b0cf8fd0bcefcc115
SHA256985ce72e86b07ac578ff0e2c2e7d3c20f5346fccc3d8874f8678065f35095246
SHA512b58c31631056edea0fc071ac6ebb7309c0339e28ed841222d1d8f115fe4d8be475eed3561e9fe729ec5fb822b5d7867620e67b866bbda2fea18ee288cfffc628
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD5409cdce1d22dffb71dbc319dd3425a90
SHA1e8ce6b529d31dea8c264f9adeebdb6f3a8626373
SHA256d1e426e4ca6bb7bf35c2a6b18a09a1bb71ec3a66377c943283bdd0a69d07b56f
SHA5128aaf5e82927ce55cb89064d9c54249abdd690c6a4bab793132bb56143fe226eb700c2fe75a267c0e3945d95dfc4a325df71eec62069743cb6f79fcd7177f6ba6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD5c3b820a4f70b5630de085e6e4b77db0b
SHA107e99276998e4ad4c08d86e2cce302f8f8f29070
SHA256a5a520de27607b0be5328e9ce1bf99abb36d5a50e010bc1b08d60dc3ad561104
SHA5129b32c68d55e13b1b1e17cc54c4108cbc6804f84c92500237e38d8a7b9dd8b2f286ffba526b3dc7e7da628bf45f9aadf69541192141db7d3470e87c3477bd283a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD5c0d3898a03c817a5dcf68e6ecb7441a2
SHA1e770c23c2eda79db15934133fc29abd9a0b4487d
SHA2562be9eafc175b2cecd78ee165b3edf21a28c805301258f22ec6db6d67a69d2d54
SHA512b9e37f9ff44be387d6b24023f94ff77c7a0f2afd526a52727c4c4210faf344356b9bfafb5a0bbea97352158b038a7cf331e3e08f970387ec1d81ab925d67b71d
-
Filesize
318B
MD5c94f71dcfb34173b780745a98548a8ac
SHA13d37f3f6cea661d9ec9937c589dc64b98d910c04
SHA256af84095397eb615d970df9c1fe7015f19870db71c0dc6888a6463762083adc18
SHA5122b64a1ec1d905c47e5ba721e26b6b07f32a635d731ad02e64f50a898f8cdf4135f69b0fc39e04585ef33048250451528206e476b6441405b75fdc32f2d33776b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD592c76168f86df139750ee4280464e9b7
SHA185fae207734867727b0e5ff62264e4f4588d806f
SHA256f28903e7048e6695fe554af7fe5c187524eb9ccd7c4d40fa2a0141d7840996c5
SHA512118a1eb7b0ebee1d75038c48be01e5b755957be21ff727e35828d6da63dc4ba2b389da1a7d26cc3de657a77e2d45882402e6ddf7fa530743ad7966f645cbeac1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD553d49a368c8c37fda9abfb23215f4a54
SHA1263729d65d8594428cfb759b797a0e7e5fd054e3
SHA25646ac3d02f2e3b8cdcd9ef419df488ecdd14080cc83b40965cca2bb8d6ae787c2
SHA51272b4a32ce8289ac4ba9e7978d6ee256104830315e69dd158a5b86f4d58c11738d29a2a1d3fc9fe462ddd8e2c0b048a9285f55c436ca41d8d7a717156df69ad38
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD5c1ae21e7794fff33bd225b3c54e7fbac
SHA14a030e9859090fe0c280377c61418f5bba3a368a
SHA256aaaadc0c4510f82e8e9a46e5703f23a5f2777c5bd4ace634edb87999029df8b0
SHA512c85fbced7cb67fa0ce5cd0ed07881156ea6b66ba85cd11ede8fce7a295c9bdf74f95fc013b031d6b273980906455375d7165e74c0b4ffa3a3c4dc971a01ded2d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD5eb2a44556716eb6a6234718f55856180
SHA17631e0d6ab9266c50330ed83100b0cd5958ea430
SHA2562631c15fa8ea3c168f661680815ac0f64a706be55688284e4e00c9ed9145db02
SHA5126f921f12847335a526c69089cca31a2d8f3ea14c2518d98a5ba47506a19a952189dcb212ad43ea8ca4d36f033e91a0fc403ce1840d0631b9024783c224867393
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD505a6b1de312b2a70e4f44ae43f987ae1
SHA181967154e2013965f97e796b9f6445c00c388ba1
SHA25688530174531dd354894536901ad3a5f5ef24c82c586202fe7c2dfc2657e5d728
SHA5128c19fb62460ec23a92b0279e983ae167215a653f24cbdde8f4076826f22fdcf73e5af76b146c5f5a632043eb1a22b612c3346790cbd44a93a6023d443db15176
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD5cb52ab4b311f1ec22f1bc0d3ef8602b4
SHA187f3e03fbe9e0c0126a5c3a4f3f2fb63844632a7
SHA25637cfab40fda096f235cd373d4b2fa52833720c990509fc916eeefe3066628fa9
SHA51278e56c9b8815a01adc329d0233fea92e6f70fb97e45ac9a21cf6cf5a434f9e9fcd3bed7bf559d3d4eaa32b60f5c5fd1adb94f0cfcd4a79595a966e898626737d
-
Filesize
580B
MD5f1832c7faa4bea92876b527265cbdb19
SHA133657bb0b81a4a241b0717f32b1279b48e406714
SHA25629dbe8df3c83e8f63ba937e8b480f2ff3093309062fda6ee64fe45ac2d2f4219
SHA512e83dd2c1f910fe439fd3cc75871d1640974447b2d35a290c9dc8564500bda14652d9c8877394b6e886e72ddaf5c6bf6df320f62d76ede08ff1c462bac79bfb80
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD569d227609bdbb6a59d8df205ac392b7b
SHA113edacb4f0ca5eb8adce79cd4312e7d096f202ec
SHA25633e83f9141368ce63fa0d27be7629ba61d44d630c20518d5c1e24553051682e4
SHA512710bc3a7d1dc91e8b7c9fd6f03a3de2814bbe390f184f7c74c7472f278643984b023c35de16ceadbb419706a85f0b65f72f015dc9970a37f6ee73e798ff355d1
-
Filesize
625B
MD53594df0be12c1c93e1573e56080fa69b
SHA1555a3f131cf50bcc28a5460b20068d0703e322cc
SHA256c6e75870a87a8d6409ec443cd4d487718fad071ed9847f84fe9421c09acfe781
SHA512bb6bc0acd689058aec1a146befcdf63468a94a7646ff1b288a7416169c3996b470c21d5202e9c3cd277ccd6e4d30663f1356914c9e0a4678b68e7b437743d993
-
Filesize
873B
MD5e62387944fb14c82c43662baf3a4cb72
SHA17de69fd4af13c55308ebb0b00ef56a61faadaf45
SHA256f8a60f3883dba3907d2d6fc374c0fa0b6ae8a8cfd8254e97dc0800d188049174
SHA5126f805e1398bee735fb41e3a0269e453d695797a11cfd93793a89c9510a02773727f4795f6d98067bfde6f760b50125a9399b1d1baf736897fd921f9be6a0f3a8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD51838545487cb726e0f6e8bad3819c6e3
SHA1afc831fb3047db57b214102871516a2faa6e0e2e
SHA256999829cc69567dbad452619a607d7724f3ab45b698fa64f538c0aa2407427a91
SHA512702db41090d5e1c34f913ebee1373bbc8c0c13267e1eb5e82674afd521c6b9050bf4967aae25eb9f73da1313a710af94bc55b48cc53ae5cd6e8669a0f1ae5fd7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD597ffa2c1ff6c0fe125d110bfb853ad9a
SHA1248b88507f11b07319312f168a224663b45509d1
SHA256581478f13e92fab6a9e93ef115177428768860b3e0f86e326347862b9089685b
SHA512551feaea7582fb604ed2ffc3b273a97c01e0eff4e4cac0efc496c6e628577302c9079b9c890f8d768326b5958b358ae4d7ad0335cd1cf5c127a00a9d1ce6d62a
-
Filesize
615B
MD5bb16bc664b2d5ab74dbf16e41335308b
SHA1f4cd37b64246439bd8d2ca901f7f9b97aa487916
SHA2566fdad5c60456dea50bb56cd3d11d1005e8dfa41f279a8822c46339e0c5310ce8
SHA5129c59c62773275529fa9749d5897f2dfbb39c6c367ad283e7184a2fd6498f6e65c76c698c3aecfb4840273c72cceee1897cfcdfee80a6e8e881525a5dd86c9d65
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD59711cbb68cd5a43c267b4b04384a0817
SHA11f7d8c47bbc1f9f8c3ed2b5cda5386050add54a1
SHA256efc3dc97df0b9a2a561987c72c9b7e28af08c54367951a25e37e6a90b6a13c0d
SHA5124842d188bd249ebc6ca7054812bb211570f7896243603dc753eb2465e7a007fac843106a0d05277a94819bd1d8f44a5703c61e001f617bb45a6268e421c9e87e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD558e9af93f0f86b8be5aaff21a82ca924
SHA19f65a741d758bbb061625952df4dcf4cf24df6f5
SHA2568a39747c33197419694ff1aa318383c6093b6ad70cd4f1cca2760b2bf676e91a
SHA512e41272bb5cb2d8b2540e5586cf8b50cef3a489766d84bfbf0b73a43f98c5551321171813775f288a39923ebeee0c3715bb872040615bfd7630d65cea373ce09f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD563145e937ac7c1c0d01edf6102ac2b5c
SHA151bdcb09aeaf4b63d01157e3ec6508a806e6aac2
SHA256dee9bd6f93036d3ec772b311c130d32d1318c469b46d2b7fe35b6c796c38b4d6
SHA5120093d0788b9dee1aac76deb4b6826ed4e2216de149f59ad12c25241dc58415016d6e1c64150ed24ef2c8bf51193a3db349b16058730510812baac9b6bd755928
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD58c641380653aa8b75c43a80e4a092e7d
SHA1e64ad44e7e0c707e5c7396749d4635c354d88895
SHA2566fe710f30a3a648c87838697007afef315b833eca3eabce4a4583b797ad98808
SHA512eb6388d53e7fd4616e1a111ae54e3faa0e1f09cbcee5dbd8c77e2be59a2a5ecf50183042776fd17dd5c3fd76ab679789339ee983a04815bba7e91f48e5a707df
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD5c7662b3568bd45768fbfd7f431d145d4
SHA154a9dbbc84292bb7d24809ab3e5617a36cf982cf
SHA256228c6fb9d474667f4bebe6f6cfaea65ee2bd0cdd14bc1f2d7adff6681c5ee9c7
SHA5121db6f608586ea91bf829f9cd5683fbccadf21d48f60b0a4876999220e69fb8e767af74526752ddef90b57937f7d43630678e908860ca820bd46558a7182b3508
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD5f4e2aa19e5347704e2fa179640c99e24
SHA1201fa75fbfe3e2d14db7f68859aeb567098b897b
SHA256e6f0d76bd0fb4c9624758ecc7388e0440be66d9be6b7852e95d57ce7f253286b
SHA5121843a40978a44b1728824baf152119b21e5f27ea5c4de35eefa7340a64be432695f8ab4502b319d3d7f2d01dd7c52da78ae4f3263e44bb52a34988b655cefa60
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD54294f98b868d713a5031fd66c7723e0c
SHA1a3872f495473822188b6ffc96577ef8bcd978120
SHA2560a42cd848b7022cf4c7934ee89ef74303dc01ccc0877f5494d546c87a06c52b9
SHA51222a5eeaf8739744d7888f4eb7f11a81a292dc1b062f23c484dca859cadf038e5fe35e49cb4606b3cf74cd7c69a95a01736f64b331e08d02a424a231d04a76035
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD597276ac38d63ec8134bb3abc56775f13
SHA1a5e2b9ff3255873130543a1434cd83c5bda5eefe
SHA256875726633992456abe3613924a8192aa865056a6e90c7c5807c97074a470d431
SHA51218544efdc9d14c1d58d3d807b3df6f1a16c3b7e3cdf9115cf6ad61a951574497d370a8e1d452fc52fc66d19e2050f132fce11a4641879d21275b6f35eb3d9f8b
-
Filesize
153B
MD55a445d93723c2062b61510a1474ca064
SHA1d134ff5d0d353e9848e089fb07d2dc5c6bbbae31
SHA2560baf1d5bbbc7b62b2a5d5ea1d5441ad747b20ce08997208f298f1bb2bd0fceab
SHA51271ffc6d88b2e56d6981bbdd9fe8aa6af7242d08523907e34784c682e31d0447f232dc56d091390e549bfe13c3b0a108b83bad283c33d89b80f6176bdb42fef1b
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD538ddf2e06cb5ef054f0387350f422020
SHA11f4b9167f2e41ac6a6972e794735096d8db40046
SHA25643920982041a133a26c5c2c7b3926cc90b8c0110227dcbe26087573fb476e37c
SHA5126eed16b7c39a4b3efe83d7b37f9ae1d87e0fbcc43b68a9aadf99f7c9b5b29d6181c16526a11b6b80f0dd6490cbb7a80c65028b56a8ad72f2657734bbef9b348f
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD51ecde2cea9b4f2855e9dfaea32fb3f80
SHA17fd183cf065fe19c37d538ecd25485e27a586c25
SHA25663c6a2456b148e26ae24a8cc6effcb2e3582fe0563c4d646cdc4c6e6322ae589
SHA512b3f8ef3c508ba5fa6906edb17e03d61b7444b78962d07b10902bbf0bea6a94f1b7bc14cb2e22e3b48b8f4f4d9b916deebbbb2e3936285305ae13c8a39f82a6c9
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD5775b928388a6d2101cf12e9a5bac99b7
SHA1dbd570eb5b43bfa25ec83f2a785991f82ef11fd4
SHA25662b6d5cd1972ec6244862090601e2382bf3e9c64563da998b64952fd5dab6917
SHA51280da268c8f4f1ab39d9d6330dfe93b9a744ca4ffa8d6fafcf127d41295f7a6feca173204f562ada6bf00d716781ea7637958ea952b8e55a933308367a1db9e2c
-
Filesize
109KB
MD56cacf762cd42f186a1dc6379225d9831
SHA1d5d25991ca8f4c06fc9b832ccc96e71bf7c4c51f
SHA256e4be227839dc39224cab6949e850e3dbb735b79bf75e39bc94ff6d60222a9e60
SHA512914bd633aee56559d341a96de9953c0deb06ebbb138a2dad61e25c43b84cf6fb6c78e39461970dd3daa1d35010a55de8ede34332f90ca41305d5c12cf5c9ec00
-
Filesize
172KB
MD58e2c229206a7c7b68496fc9d4b75e376
SHA196cbacec8c86ca2b3ee8e9e0f0bc2b1e109b0cee
SHA256167ffd4c4db1c3f3cefc89a1720f3b734bb9a27b044f14d19162a09f0fe619cb
SHA512591d885e433126f6125ad960d40ff312bdfcf92622207642e8772cbfd9e877a8edbe74d4ceb931ad655bd56ff746699ced9c7989da77b15db3d6809a257e954c
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD540745c066207999ba34de013f51dacc9
SHA1979557060625caba2cbebb7529d7f269ef81c934
SHA25682c2bfb98871edefdeacbc7d95cce7520453589dcdf44e1cf2e573a62d0cc9d6
SHA51250853c0011963a70c5b39b6b04b9d9c8dae38205c8c7b560c23918357111d5db693446c7fe78ab144f6cb77c9756697fdc6d4085cc5be5502f517bc54621ced6
-
Filesize
21KB
MD55fc14da5a5c6d76dd3ae315e5e688e48
SHA12f15d7b89ed999970cbf1786f88dd253b444fa4a
SHA2568466f39f0097cdc297fb839fd435cadf9e19c06357297fc91c640124e2b23425
SHA5121d9399421687c67073829649a4a2ab18aa382e7ad69703b032bbb827dcb5801e4c4c21ad40623808d6e0941fddfbdbd47a7f2751902c8feeef0953d21107b92c
-
Filesize
1KB
MD5d54ac570f9eaf6080798ae52bf070823
SHA1ed7383eac1fb3f409d8867786d20769209e4984d
SHA256c6314a1bff18c536efbbd66fd9ada9763406a8dc949f62b63e9314f878c99bf7
SHA5126bd98b5c18580218d8a4d426ccc6680950ed528b1492fcb489f1e4a0a8c2261f54c7eed8cdb0c12848b64b43745e9b8ad8f383f95368983b1d3c0d551f84d0e9
-
Filesize
952B
MD54a37b48e07a0b19a0d8c0102676d4e11
SHA194cb9f35abe749f80be22c2c3cf1db12940691b3
SHA2565254b19cf363b6169b130c0f96cb3fd4de291968e19dd244afc8f41963a7c1ca
SHA51275c531ade5cdb9878ade00c3aaacfe9f11968ad9380e6c41f79301db505e08bc868893ed50f7a2b1fbae82763ae0b1097e1338fc97b5d18213c955eb0cbd30dd
-
Filesize
121B
MD5ba24dd0c1a733bb0aa7e7c9fd04fae4c
SHA1a07cf38fc498ae0ae3ca8411312b9d7e57eb7df5
SHA2562fb4c5cfbf3a498e843517ea01cc66504f74cb5f4571db1b1b5c6f53bb56b982
SHA512325218bb52ba626197c18b7f03dfce555f7fbd5a994d67acdb5e58468b4a22e5428e0ae3fd29ecae4238358d8dcd98cb8f8c12b5ad2af7ed9bc8f48d9ae8fbc3
-
Filesize
1KB
MD55ccceb8a67a049732b15812a27340ba1
SHA195fe68577762d46ba6df1238ee980aa3af24e76b
SHA25604f396e7156e24ddb668ff44ee2695db28d32efdf2091516c6d8245fd19b6cb7
SHA5124d3eb8f6ca0d9f73632c6a6bd6a21d631c37f3ba01089c80fca27b38fccfc1ab3e2071cb29bf8215c741a6e00affa07717838cec3a26cb482cac62969c1be3e9
-
Filesize
8KB
MD53d3b69219e8a085f8582c4fb190e074c
SHA19f3a0e1aab06d7b819d6bd506d27fefd0e3cefb5
SHA2565ef3e67ab16d2ea8246f228eb480613a6d50c0def533dd1b32d57bd01f546762
SHA512b39f66798c3d4bd90a2829e42bd8df382034e9891a56d87573c1a30954f16c8bfe5ee4c644a3cad90390d829742669ea1a58822adf4048f58076945a86a1ba29
-
Filesize
914B
MD5d5c587915db02c3838c1877f09580783
SHA17ffd83ab9bd9268ba7752432eef74646ed955023
SHA2566b1d867fa8ea9d7bb5cc2122b6269a51e02b15ca8e08b9dfafc172d7c57b26aa
SHA512dccedae8e0a2894ff254271201dd62ffd96b76aa3ff73d10ed56b1485227f12565d1a31d3f0c62b02e0dcee8a660e7d9cfd822ff7161b70c80630851869a9b9c
-
Filesize
90B
MD5435a7d0a8ffb995138b68ae1b83b0103
SHA16d58d94d2588688f35c0eb74c4f5ba7efc50c091
SHA256eb363739f1a3552750c219cce7c3412ab5f437ae1ed6cac3b53adf5b0620a232
SHA5121921f0b80bbcc5019cfc4993072bc7878d9399e84cb20614f807e18f45221c7d44d21fdbee1e30df8cceb0d0f68f0091e49bf1865eebb575ed757d820326757d
-
Filesize
90B
MD5a4858bdfc6a8c2f77c7666b9cba76f0c
SHA13d6bc50e18d155c41261435546c028e9bfac5d9d
SHA256524d28a45b8635deaef0e96cbeb656e30e3c2a3089519d3c0b87ebfe1960c4de
SHA51292d56756f47453801b0645769a4590fcf2e03847f054f65d875c2c6e891c34b7b379719e8096a804a41bb5e9697fa19dd7e2af79ec1430430db5ae9214140b66
-
Filesize
328B
MD502c33dcfa66f026850cdee037c2ce46a
SHA113f019215944f0cf09dd5123abe3758b474a9826
SHA2561073e901636fb68959182cab5bf4d54bf80e93d2e44211507a6d738c8346515d
SHA512da623ae1836190119cd636d12a0d58024017111ab57cc73d374307475dbdb0d26d0d0d1a8fa14aec22bee77f58b982f303834529c4fc2452fb79e651cfa910ef
-
Filesize
1KB
MD5cfc584c5781a6f6659ce73352975e2a8
SHA10c1e3247bb2f591b929d3bc16ee34de4bdfea86e
SHA256da6e55865b247ee0082a9bfe1a799370b597b1fcc687fa7e0f3577c54207fadd
SHA5129e14bf00c25888b8d7f9f675d45d099c809bb6fab531a373771e66e76c2c10a3b27dda2198a01926dbfcbcfd927cdc6e9f5f2a4a3739ddea304b775b64aae0ed
-
Filesize
162B
MD578e8d2e5b43715c2220d2a100b03d02c
SHA1536bf6b91a2b7e949576f7c073e7d7a36bbd6479
SHA256491aca081b6205424e986b247460a3f737cd18ba3cef875d4db8bfd122914265
SHA512c9b3e51d72c78413c72d974b7432b6192ad57af72fdc15c173fe206a8cc75605fb8af332dd65e883b11845e86d822a2a11c9d0d61090ae14c01a5bb4e49c5031
-
Filesize
586B
MD5f22d0d5c89fd09839e2a56b269a24eb3
SHA1cae3c74bb7656495b5b3edf6d2530e4e63535d09
SHA256bf4023b6623b723b1edd4d2cb252032b5342929af9dd7e90543a1f1ce6b4bb81
SHA512f3ab8fb48f36c726a06a86085e6f8ca043ddbf127ea3dfdd35ce918caeee8f9686bfede981f9add87eacae1f6eaf2f2d890e706b0c4435bbe416795f3b0256c8
-
Filesize
124B
MD5f0cccd936de4627465892797e30f61b2
SHA10475dd11b82b2dc0f097641f2597e780cef7b9ba
SHA256a729804bbe80ebc82f045f4e737a19376034eefe4a0e2cf3baa2a20c963bb8cf
SHA512153d4433b94f1836252ddb47d95a723766e456a8b47faadf9e4b94910d0955754eae7ce562a939f36122202f59cf48491690ed7af2c4d0ad6fe66bfa6ecaad66
-
Filesize
8KB
MD522e389969634215351a4a9de71174a8d
SHA1b55609822a4ed8dc50dcdb6aab7c55e3bb3e8d51
SHA2560b8910b69565efca5b3b7e3b0aedba54495497b57100dda19d2da62601152612
SHA5123d7a64aa2e2ef6476fa71f72e03bc119dffc3f28f882b5c333aef6928abb1d7388d61f84ac773f3a81e928b4b02922485f8a66411a8f6312149ca3a4220986d2
-
Filesize
880B
MD58225610e5c1ec254c37b02abefddf497
SHA1c2f9a2c5a6b5d14999208d1b389104afb2851873
SHA2569d6210f89b9186406ec657d4287befffb7baf088902416f49d44c0ffb58a6030
SHA5127fd1d6460649556512dbaaadf8e7e0bfa023c687e8dfbb812a6025d05ec61c384fc274ed5edb7a0de6dfebdfa58033dd077bf1b0490413e89237d4540633df5e