Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
19-10-2024 20:49
Behavioral task
behavioral1
Sample
5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
-
Size
49KB
-
MD5
5e9b5b1d952c74996c7f12dba611f205
-
SHA1
10458ae6b4a18d93301099f66c7560d2e2fb2d4b
-
SHA256
9417116500643733e12421c52f9e0b0a7b47e8ee54c27e40ad00864de1d5fc96
-
SHA512
534853e14b4c28d2205a0251bd08b22a9d7e40dbe13035e983f85990af212a713682ac536200ff3bbe268f2ec376baa291491d56748b4d00fe5790633be94d14
-
SSDEEP
384:nebFNw4Pk1itKkpAjjGF5rm0qYvjS7kDCgShqNVg483rXRB:n0FmBkpKjGIY7TDCRtbXj
Malware Config
Signatures
-
Detected Xorist Ransomware 3 IoCs
resource yara_rule behavioral1/memory/1356-0-0x0000000000400000-0x000000000040E000-memory.dmp family_xorist behavioral1/memory/1356-8322-0x0000000000400000-0x000000000040E000-memory.dmp family_xorist behavioral1/memory/1356-9067-0x0000000000400000-0x000000000040E000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Renames multiple (2204) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2EHJcamtxIdguLD.exe" 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\migwiz\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\System.gif 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Language_Keywords.help.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Users.gif 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Variables.help.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmcom.inf_amd64_neutral_716a306ec3899e04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Return.help.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmbr005.inf_amd64_neutral_d140721f97061bba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_types.ps1xml.help.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa4.inf_amd64_neutral_6e97842bb8d9e6a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_requires.help.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_While.help.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\synth3dvsc.inf_amd64_neutral_bccbc5fb46a05558\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnrc002.inf_amd64_neutral_fdb6f2e252435905\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\tsusbhub.inf_amd64_neutral_c67606b3f53ae4d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_command_precedence.help.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_pipelines.help.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netl1c64.inf_amd64_neutral_30b0b06f47cab8cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnrc007.inf_amd64_neutral_2df575afa0f7d35f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\Temp\{522f6bf6-ae20-0f66-d982-a746d010852a}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions.help.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\Dism\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep00a.inf_amd64_neutral_92a4c727cdf4c2f7\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnin002.inf_amd64_neutral_977d40799168c216\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wpdmtphw.inf_amd64_neutral_a7a22bb0bb81abb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\001b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_regular_expressions.help.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-audio-mmecore-other\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Comparison_Operators.help.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnkm003.inf_amd64_neutral_48652cda3bb15180\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnts003.inf_amd64_neutral_33a68664c7e7ae4b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wiasa002.inf_amd64_neutral_6429a42f1243419a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_neutral_b9280780a8000d4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmjf56e.inf_amd64_neutral_328dabbf0aeed9bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\SpeechUX\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-RasConnectionManager\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_jobs.help.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_PSSnapins.help.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote.help.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\sdbus.inf_amd64_neutral_735aa3b5ee832f62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\WSMT\rras\replacementmanifests\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe -
resource yara_rule behavioral1/memory/1356-0-0x0000000000400000-0x000000000040E000-memory.dmp upx behavioral1/memory/1356-8322-0x0000000000400000-0x000000000040E000-memory.dmp upx behavioral1/memory/1356-9067-0x0000000000400000-0x000000000040E000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0178932.JPG 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341328.JPG 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02746U.BMP 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\drag.png 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Program Files\Common Files\System\msadc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\System\ado\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00780L.GIF 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_increaseindent.gif 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02074U.BMP 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02752G.GIF 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\clock.html 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files\DisableGroup.mp4 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Minesweeper\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_up.png 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD10890_.GIF 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14769_.GIF 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21448_.GIF 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\THMBNAIL.PNG 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\ky.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\PREVIEW.GIF 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\resources\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\calendar.html 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\drag.png 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked-loading.png 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099192.GIF 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Program Files\Common Files\System\msadc\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\weather.html 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SUMIPNTG\THMBNAIL.PNG 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\currency.html 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115842.GIF 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR8F.GIF 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_few-showers.png 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\nb.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR37F.GIF 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Program Files\Windows Mail\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309567.JPG 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR6B.GIF 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Photo Viewer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\x86_microsoft-windows-difxapi_31bf3856ad364e35_6.1.7600.16385_none_0819f3b1f785b1ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-i..ltinstall.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b0b31218d2ed84e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-c..er-office.resources_31bf3856ad364e35_7.0.7600.16385_es-es_04169dd92e463986\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-appwin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_57d3b5cf96031da7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\403-3.htm 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_8a0227acea6dfc9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-hbaapi_31bf3856ad364e35_6.1.7601.17514_none_b18e5ca4be201fbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\msil_uiautomationclient.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9bda3d6fb1740abd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_providers.help.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-secpriv.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a3e2ec1ba1461fb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-m..ttheme-us-component_31bf3856ad364e35_6.1.7601.17514_none_b52573ad8e4c2d89\US-wp5.jpg 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-rasifmon.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad134059f9ed34fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-rpc-netsh.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7bcf9382c1e83fb6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Tools\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_arc.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9a2f852235eb699b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-a..audiocore.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7b7413a48cd320d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_preference_variables.help.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..structure.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2b809c1561fb7d37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft.windows.d..ackmodule.resources_31bf3856ad364e35_6.1.7600.16385_it-it_433f19f7deb07053\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_net8185.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_fb7b04a6e05482e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_Windows_PowerShell_2.0.help.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-w..veryagent.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b20508dbfe080818\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-u..rvice-mof.resources_31bf3856ad364e35_6.1.7600.16385_es-es_50d9ca6126027ec4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_Return.help.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-forfiles.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7b07f3073e7d99ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-desk.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0d9609c9a365cbce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-radar-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ab769d00988a82f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_scsidev.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_80ad6afecadf6d8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\msil_napinit.resources_31bf3856ad364e35_6.1.7601.17514_es-es_7b05321b22aeaf48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-help-storagelayer_31bf3856ad364e35_6.1.7600.16385_none_de737c19662130e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..ado15-rll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0fdfbf5eb4643a1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0c7a787ee997b2c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_sisraid4.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a287bbeaaa72af42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\msil_microsoft.powershel..nsolehost.resources_31bf3856ad364e35_6.1.7601.17514_en-us_5dd36afa7c44c0ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\msil_windowsbase_31bf3856ad364e35_6.1.7601.17514_none_9926545e8de5b0c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_ricoh.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c55debbc3f7a9ef0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-c..snapindll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5312ee2916e83600\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-l..epremiume.resources_31bf3856ad364e35_6.1.7601.17514_en-us_0eff2b2a9667228d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\Media\Characters\Windows Logoff Sound.wav 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-f..ger-utils.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b0ada1f95c1dcfd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..rityzones.resources_31bf3856ad364e35_8.0.7600.16385_en-us_e531ea7e722c676e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnin003.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b5f6eb25f9e43586\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnsv002.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ca4592847c4c1530\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\x86_devicepairingproxy.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2330689a69e4d51a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-d..w-capture.resources_31bf3856ad364e35_6.1.7600.16385_it-it_04309f298ce9a440\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\ceff7eae18ed09ff1116ebf9af497790\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-twext_31bf3856ad364e35_6.1.7601.17514_none_ba2ad705a9940c3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-webservices.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0d2ee42c82e9fcb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wiaca00b.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8937ef5e212f1458\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\msil_system.data.sqlxml.resources_b77a5c561934e089_6.1.7600.16385_fr-fr_3475007751890860\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-c..mplus.res.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d1c3220460a9e655\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\0b5071ee1d40266575a7ac53b9b299d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\404-15.htm 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wbiosrvc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d42f5c1813f5d6ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnnr002.inf_31bf3856ad364e35_6.1.7600.16385_none_b91afcc7c666b4b2\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\91def75d3d91a7f7c698cd5c736ca52f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_6.1.7601.17514_none_ab379671230b963f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-devicecenter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_59bbbc0e61c9007b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-ktmutil.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4fd61d64bea7fc2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\App_LocalResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SFBIKZOHTLHAAWT\shell 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SFBIKZOHTLHAAWT 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SFBIKZOHTLHAAWT\DefaultIcon 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SFBIKZOHTLHAAWT\shell\open\command 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SFBIKZOHTLHAAWT\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2EHJcamtxIdguLD.exe" 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "SFBIKZOHTLHAAWT" 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SFBIKZOHTLHAAWT\ = "CRYPTED!" 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SFBIKZOHTLHAAWT\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2EHJcamtxIdguLD.exe,0" 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SFBIKZOHTLHAAWT\shell\open 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1356
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
547B
MD54fffbbfd3acf0f76c411387b8c4d117a
SHA14ccbd3276e820b4130811fb3f3af25cecba1545d
SHA2561ebb197d26c10946d0940d6ff5f2c32161ab0df5e73c84ba00e68937010bacd4
SHA512d59aee6cbaaf49ad727d1c709b11321092101735199388ee39a87f45a5b9b10e8dcb5082e1546c8539eb102e30347e3aba9f19cd1e368617c8efbc1ede0e30b3
-
Filesize
341B
MD5a619418c16078d18a69b8b8bdb22ed4b
SHA183d567d13b72a3d12966eed8a94341fed3d7a811
SHA256a2102d93a68000e0afd2e3a1a8bf96123a03684ee86a0246ad0b942c31ae02e4
SHA5128685c90f1596ee9e342a475d3dda920a7702cf81e260155345763bc9e4c26c52c806dc11a0dd2691460e042998b09e1b7a0c463a880531eb9f64c6eeb5405453
-
Filesize
222B
MD5f121eb0964b70c5716f803f39ae02625
SHA1fcca907b2993ae3307dd5982030e5e5b0405c098
SHA256e26a26c405e7fb01c96d07b409af3399711731f1d785e5921e8af652393d831d
SHA5123fecb75d7fcaecf1c5baf197de2040fe30f487008add7a6bf85ad118fdfcde5ca4569f6b9e745f7e4da5f2c847c9229bd2a3bf9b7fbd8b430364a70176d1dcd9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD578746962010aa42a17042af69a053941
SHA1a3ee5404438f9e3238e1399825536e7424f23a4e
SHA256b21867de86c179a0be4d3a6623d6e98f423447533fa87794f1224f6e1d4cd327
SHA512bf1b31a6b24ba5ab570a0b8ee8d24efe03156bbccbdfb02f943f9f4e0efa450e7033d59832e281aed5d8dc569182dff9bb6206901c4962cf16db1199ef5e87cb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD5ff732401c67a188f93b647b2afc82725
SHA1c69956495d65679b8a58ca735abd27e626a154c1
SHA256473a806f973175ab06cc5f930326ec4e8a447d5e3fba6f0f3aaf2134ed2f2aef
SHA51273935c0c3f682e6d30d85c2a892245bd75e2b6d48c632e4777b9df991b12f108c3f72f3d2294297e2960de0d1afa57fac21a499f3f8bcc6abf5dfb3f9a32b466
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD59ec1d695ebcb74f25c9ebe0e6f1f82a9
SHA1f97a66ae3a3dcc5a565468f2fb5b3edfb5542f30
SHA256a96bfafc50965c3f3cf805f4222abd6e6cd5021e3040b82fa9641a9398c98e8a
SHA5120c5df0cf45effcfa063fb130ab76faf4a962d4eb1ce95fbfab9491612b3807b35f05224840bcf9d2e4838e21823401719228131e0207f88ebf5c2ca32c2ca675
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5e8ab9bb56e15f0d1f33ed0c3e30257d7
SHA10fd1e5fbf58d096547daff60bbfa0dd86a3ea49e
SHA2565d08993c5ab8c416d943e4e1ec23d4ddaf3608cdd8a8ab6748648a23dd3714fb
SHA5129567671883c5b1075320659c9bc5aebb34df351be3c5f341b581abf2e946edd4860e6e7a61df62fae01db077a463b92caae3c2c28900177ed5e49c21d525f063
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD59306684f86755d060883282385ecfc38
SHA15e31aa8f954c4231e91378e128d091002a08f5d4
SHA2564a96cbc36086f27b8b5a0ae32438ca9f7edc3caea88275bacaaf392db0119d5b
SHA5121db46205082ed59e82bc7ecf9bd6f14c83c1b77d6a29fa1ba880a68f77e670e61b78005dae66550c9ce24e048b320bdc7b479ccc27551704ee02407d9106f8ed
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD5803690eac71a83f199e209894b3e8a78
SHA118b5ef7ed6886ad2d3af8df79f3225e8bb94e112
SHA2566031eedcc60d246cf6413df5248d3b2d3447cba0af8259d39fb83c8615340075
SHA5123e6aba9d04b4f68da400115665e48e2ca818a57907590bd01e0c4b93e0b511f4a99e40dc1220745b7d9b62577dd7ec7e1b009703e57ce4a7e7f46eb4ce1f7fd2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD5720c4f54d0885eac35929834ba30a6a5
SHA1af9ceb03f74f87585d7e75167db34c93d231a5a0
SHA2566ce00a1c59599bd9652c3078339c6a3986bc5e8161693d912147c010c345b1bd
SHA512390d8d44ebc66aa9688f0a14b5d62cd8391ce6511c4fd23870d7f97e1615e63d290924ddd4e379a323b9c9ed9eb8efdc52b893e4697f15560864e38d28f4247d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD50b7b24f23aa83bf75e2987b2aab24dc8
SHA13b43c252442537a15de3602dca5d2e2b943b1f68
SHA2560dc198f7e2d94ac0e3ae28f1d1723db7a22842abb20d4a27179facb9cf37e0c2
SHA5121750fe2a20024ad239d233ac8621c19356429e374f6fe6008360c16eeb8215cebfb671c8265a38c7b8ff92b9ea2b2b3ba9e1b02b7fa27ad36d6a365f3527f732
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD5da620473bdbba9663e7a5605e94f52c5
SHA10fe8a3d0571eb16aad2d21c2df9bca6e1ce7d1cd
SHA256423fa576a8a9afdf61d108c7491ebb94dbd2ed3d953a525403cdd7c1bb9c928b
SHA5125035279f11fc849b3e0190ecd73052cbdbaa94f466c348b31ccec877e7e63e6b390df9a27bdb56281903f3c9f49e4b6b20473ad9504c58e592ab1bc05a0f98e3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD59999e6d5d9afbdc2b6a4448220143a10
SHA19de550edb8a28d8233f232cd49548027106f380f
SHA256d961e45a5aed10cd6bd7963f4b8d42b664a505c694a961930dd4b3b7a834db7e
SHA512be79b26295830cfa14930ced8bac53de774e7162149411aa1c0bb56475a8fd07d8f8308a47922f6ed7d8f546c43f155a9691e8308ceb4f90d3c1231f46cb1f86
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD517b2a8d7947616b4c84e03a618948227
SHA12933334be0635fa7095d1a0619ae6c56cfabb73e
SHA256aa9706fbf1478d85f081a84bbc73aa84ea30f83babc069046fee5d66a8100d9c
SHA5123c806633401364743136f53b531bf23ea41b4e7c49f2ad9f85015daa475e7a545ed44e93366ec0b62a661374901ab438aaeda86536a0483439732586dd81a0b3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD528bf8e69ac431c4ecd21d2aa717a0276
SHA1ac46fead0e33014062c1a36c9bc0f2f0ded635ae
SHA256262227cabcab36842df8d734fc5e2c3390522332b17fc4191e83d55669e5a2f3
SHA512f6eac3559e451abfdbbf643a9c3a15924f2d055cbef14d53009dcdbf393ccfba6b1ef5d728b2072416d7de9bd39ba2b1936458b5e489dcee2c1775187723730c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD5486f581638eac512c33d448ed63fa6fd
SHA122bd634de511076b8f8fed2e477a659dcf36732a
SHA256e9767f7f3ea7ab6e56c998fd4fedc5da136694b6a2969f5343b31467de6e799a
SHA512f0993dfc57a4e1ccd41858d0d9f53d25723540a4a98fa02a63e33d9f0640999999923a5519d496de3eea0aa2fdb7ad06ce515f3e6aa784218bdffbab46434f3e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD5b53645b5672e247b778d8fc662ee3229
SHA132cd3a256978a06d6e7888c0453a26b28a6c5b55
SHA256e4993a6760867cf8c6752342739a1936dd3dfa3a34fa296dc310412cca505fae
SHA5122e1d85b102fa16abe96f11b627d71886aa98911e879c5479b011fde3e4e1da4ed47a6642ab1e6b99e5e91e3eb3e2a852d7e598a2894d9fcde90ece8c49c7bcd9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD5388633bfbb301cdd6e6f9897f20c8d48
SHA1121e5d7d25bb40ea873d41f04efb2e9cdd8c78c0
SHA256e8fe79e6f8466ca7d5b5daca684b650358bd53b729f9901395d194ba81432252
SHA5128568dbcc44615ad67e3989611abb827e19019f9793d771b3a9c8558f2e7832f64a0bd44ef26ad0ef25e27c2716ad658d17a66a0e109d9cfe91617652f94733a1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD5a7e1e31fda3b8e86189d5cd9b21bcbf3
SHA1c077cc267109cfbf5c0197a0943549f52d9dba4b
SHA2568fc5ee8f4ad8ed0758eef424fcd39a65255042f2dcf454dab7e273a95738f7d0
SHA5123ef1521e62430be43dbe13266f92344e66989d3c39dc8a5433946a942e6b1b6b7e9ab1bfed054e337da869b2c21d1f3ad02422980ac382d0bbea1dfb6502b8d4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD50a0fff11aefd09600f4518bf28a341cc
SHA151aa0afb42bd40895ed6a25511454b80c69a0e68
SHA2560adfbb4aa970ec2fcc43753a0656c2f437e96ef927c966572a62b32eabfc17ae
SHA512eb60ad89fe368f6e62bbbd78ded4977e46ab3785b4d9cfe1a1c7cd6fb298a7dbdfc13f93eb506a20f299cfc3d975b49290fc856d84ecd3a3fb5038a49b5d0c42
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD58795d6ce614f511ebfb0291109b3b8e5
SHA1adf89b7d342412b6373618ab027aaa7f912ee1e8
SHA256173764d34d939382c51c3e673e6f0bb922c44b67bc2681b5e959759b65382674
SHA512b7f5bb83cbf6180627915f7ddfccdd2f66ae75bd4bd6eec39a17ed64009352e6c277ec714c36160bd24681048029df62273361f89c5c29ada8e0fc1e331c782e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD5b452d302270839186726397c7acba356
SHA14252000488361e4cd8aff37e097b2aa05fa24c6e
SHA2564fa3b9a64ed3904e19f7929ffd169c251caab6f4ec024f47e8a6caf43f3169ec
SHA512b3dafb737dd982cfec27bda79eda1b9ed16d9959df492d1fb59d0d569801e72f4ab919651880f964413c075c56c75bef45df49570062573c53ae5f5b901d5146
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5c9c02936bbfc41c18b7cd23949b8bb99
SHA14a1225ffb9a00a3092cbc7db40fad8888cae3a2e
SHA2561d8612a77a2d9e1bf7baa5d8da61c236f091e6c86cdd1de4b01d95527cb532ca
SHA512c7343c765520981310454cfe77d71af7dca7ec01d578af3f3995f0ede5877d4bf2a2beef689346ebed742994cc5d1a71888fc2db5a8af2a599f575220cabf018
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD541e2e2b5c3e096fc33cd21b84b829e13
SHA19926858239e956ad286f214c2baa669bc6877714
SHA2566e5b14adc04aafc1833c6ba3ae8665c56211248cc06b4d84d3f2a84ef9f191d6
SHA5124f982a540eecc80fc435c89d999443a1bd044b5140ec79e58ecab71617ac00866b3a0f5521ed02ddeb1726c36c0c5f3ce625b3d277acbc8aa30e2d5405fa9c54
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD531c0b1e7900b023c814b79375254441d
SHA1f24e89e9adc2be0302113bb85c1465ced50eaab5
SHA256d99014d859815eb71de7e7c59d3e730421de4424740f2368e0261b5a529af497
SHA512c30d492dab72da32a21fa83980f86a90722ad0e34b28ded2fac07f40e1a60330fa35d8d9349cba3f6070335fad0026369e94fa7276312d94f337390565186bc8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD5ee50ec23b3196437b7c3a045d6358975
SHA177caca90d4cd0223f2dc24267a920f36428da801
SHA256b1ca87a4efdff0bef138ec94b0cb8a7a3d9ee556940f49f71a0733ce0481fbac
SHA512adc75e96039655c3fc4a3f75e3e7fd779f8016982eac650267a79bb2a9cb08d1065e3c93c0985c0150341905df4c7e954ca6eaebdbe0ebcb8c839d2b6c3a5e98
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD582d42a57b3da1b21c6944fd7b9db4c64
SHA1437a1959fdfe98bca26a9cadf205af896b2145c0
SHA256fba429ffdd2aac635623847cb84636339680e256ee67ad4eac026206f8fbdb75
SHA512120f9fb9a6bf06f9275c9c475bfd9e460d68bf680fa2899efede946d922e9b2a61d336ee1ec66c55c62bfdebb55f8f8a0fa4698b6c1cadbb686a36f1d4753355
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD58360f1bc1f1e2373ed2899d48d615347
SHA1f12543fedfcfdfc9c9437b3254fffdc60d094c46
SHA256475450d919e720ca32f39608762a18d3e3a058e46bdb842a2c7128e378bdf9fe
SHA512ef09393df740754d8e948e60e7bb484addab6de6d889806a1c9c58264ed7cdebad0417a6b42a48b5b0c5a808871beec37e32c923c199bb5d0c0046b9d1edc2d4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD5b3bd954a264fe19704e6cc38bb8eca0f
SHA120989d5848e113570df45e006857c089bed220b2
SHA256c1de4388fdc5922c3714c519ff96699b1bb3eff4524ce1584a90c8262572a976
SHA512aae5f386133a33103deaf313b29f02ec9866529120173efb5bc012a6f81ad1d8bf5fb3b901767d53648f1ebe5c2ccf8c4c958643013a21a9e32a41b1dcfae27a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD5c86a5024bac612cd2ade346efc5a62a5
SHA1505ddbf73ff00c801464a193028b05c67148882f
SHA2560b9f270387f6372af815c6f1895b3682203263eb8f95ab2ccf6eabfc27dd3033
SHA5129dc1b6f6af4d182062f88e1d8e02cc52e81f0cf3af556c3c5d2d63e567d01ded6b0efe276fb74b8796f46881c50e279ad268cf863538f837f5c81668d017e6f4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD509ad8b1de7a4553f5fd31ffbb51ae7af
SHA1b4ea8f7b8dc0a4f5b86fdf0fb37cf0bbe40b4658
SHA256495ccd1e3f66ed4e932de88ab64efea8d4f30fe4072f637f0a44ed25e1bb0991
SHA51283eb3c61cf3cc8ffd5695c9bc3b988222253de5ebdb186d95aa8c58117d3dfc352198d04d57f77005c3cbffd67f9254414781b399246230d7dc31bbaa484c53b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD53e85dff5713feab984c7121f4b834c6b
SHA107907809945469594a94b5a89d6a11fc89e59808
SHA2569825b9e7a161f1c97c833728fe7f3a88d526795f07fac77a1e3e93f1da4a28d1
SHA51239638e632d55e78401fcf0fc23b9620634447caa20bedd2c7780179b8aae02881456a2c0338a64444811dcfd45d0130a21a1bf433c77750bb7d4ca78c6eb3ac6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD52fed1f0af9c0576c8a2111204819e254
SHA1ab76f650ac0110eeb6e62333d02d35ed2e764d80
SHA256bcc12730189106b7f22e60b1d75ddcb22c747cd2e2d25a8ea8d8d6a8532bd297
SHA5123a7a1cf1c069010d1ab07a4c201e5ac9a29b235031ef8f69594bf966305dee404d72c5cac3a768b9adc6e797c7f994b1ceef4b5e81caf82785ebee2534d063d6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD52bba61b2f020f3b25e734ac2724329c8
SHA155b9c89bd9c4c6e89b42354d3c3f784c9a0c4fbd
SHA2561bd6bf63b698901a82c36ca3155444d240674878ff5e3e4bb834b3e962c13d9f
SHA5128a5415bf5c8d432dcb3a73a9e3a43aabf0e677868f3bde40ee23d97b94fbefc15192fef376b77a481f726ce89ea5171d759295bcff868ebe01c4d1ab2afe44f1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD52d9d2024505ce36aea55f3b618ca9896
SHA125f3d9834f22db22bd186d297aab274f804c4eca
SHA256abbcafa2ba62de2470783bde3134f42615dbe0d74a4b009f3fbcb468aab7cade
SHA5122b6313a259a48b6c19f8bf2fc10744a45bc666b0f28be17c7414c48b16593f5398dc87664d3cfbd136be9ad5eb31d964f982bd8b7fec1bcef6b5ee10ee3a59f8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD516b76c903760ccbebbd60a04250faae5
SHA1ffd54375da371ea318118c34e9534a78fd3496da
SHA256b820076430c594c879cacd2bd7abdf15cf9445f830cb439e6a4623de4e3dc6f3
SHA5127e0e501c107e85c315fe6e1e647289d273f60faebf4d93c5f94d7985315e19fbea8adde2abe6d3aa81c6d01078756aa3edbc02a4e85a188f93fd5a9f577e43b5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD50dd7316f7dfde323ecbf54e2671e8497
SHA18f6eea6cadd7c76e03a821475c0b98adc5595936
SHA2566d83eac0ac11782f6405940039dfcfe6b323c2785c0cf374cf1f57395a3a37fe
SHA51226a6316b9b3093ff72f91a1ecaf998d95df0583a2123fe7731771a085ce1a57af531a614ecf51ccc68bec38e2f85b6bb64adac92781fc0b201ece46f70ecf2ae
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD5a84ba55fa495bc5c3022699e4a63727d
SHA1811590e20edec8843f2203d944b622202f64e208
SHA256e9e769d252a363681893b6206631aaa72f26b215db4304616a24b0c87ab1221a
SHA512c765e757dd18996ffa9350a9d350fe4cfdcd7060721d07a5ec6f65449ff38f74f7c45de6bb92285935ea07b9eee60ae33150a319881e44df9888324bf3cec7ed
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD5e6f1f51afa30eb22310743e7214e5fee
SHA122203fe774438e58a85c98203ec33e7c5574f86e
SHA256ad4f125d1bfeacd9f44c306139021cbafbdce0f653c9ae794e0acb4382182647
SHA5124c8a9c0360e098f05fb21d0af74391398695a7ace688f05f3898a6eb6be494925a6fdfa952b60623f3241afeeed62e4467304aa87b8b7f399c7a8ba646c4de6a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD5d6acba969f56e2f44808ccfc482968ca
SHA1260dd59b4f1d5450cf991b05c3686016fa15ebf7
SHA256e322752b7e5bc48100165bcfa5fed88890994423b0fd362ace3983671ccf7b1d
SHA51218160d8333f7d51aa0ab4a1844828bb2c5c95bc883f5dccc84cc3c4988d3e846fabe34c954095ab576fa95099b6220586bcf6aa68825ac3496a31337b3eded91
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD5aa166061b5632b34fc0db9e0bc90aa99
SHA105a0a64b356227d6f483d16dc4effc5c599c6e4e
SHA2569a96ec7cb52b6eab7a0914ef5f111859abb29c70aa5294521b10981cacc93e80
SHA512c75ba0da9c06bf920a7b5e21ecd714c6e5d280f97c012465d7259706f9b76283b9c8ab882694f02e7c9702727679d0288ae59e3beed6c21f31b5e114bafa6a91
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD5d0eb76f8e8afe8562b8a86f5f7dacbcd
SHA1de3c0ccbabd0d1b20aea1fd740d4c0935a81d89e
SHA2569bbb52417b74e6afed7e4ea473bdd440f2530d56a5faab18bc059571ec45cfc7
SHA512ef90b7c126065ebbabab47993b0b324a7c4af9f5fe84ad6f444ac59bd2fa198a9c1cdc63fb72d6035a84d85cb92cec2e934c4b80bcd9c08e4dc82ba8d0ce27ed
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD5ff0e093f569d9ca46ddd0f13a5eb94f7
SHA107e3e58184699ff8bf9193669022a4102672e191
SHA2560a70f2227fa267a44bf4cd5ca4c7d0eda2a0d145768fa79a4d8f8936f703d635
SHA51254d4ee119aa389166a8ed95979b40687260316ca3ddc7b5a67a1e6527f873d12f1e2ec451bcd9c8d9263ad31e5b62a68ada1d9b65acb79fc49eb314c0852e1f2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD5a6f57eafa5e6c310743b8d3390cc71f4
SHA16e709be954eea6a65a5f5012d6ec1ccc862c4b5b
SHA25690dece39c47aadc56516dc0e60592ea04dca3fe975e068b75f9dfd5038a89f96
SHA512e8f31d222444a3f2c96454e10d11da70a94da933f8c067312b2f90277fddb6993f300055e010aa6c0bbe4db32a4d229eeec9da8e6c9c7a055fc880d4484999be
-
Filesize
580B
MD585b3e7db9710fa8b68294c827c58ca7f
SHA16ae8c963704ef2e4da6ddb15ecdaa2894a1ad53b
SHA256a27ab8225386eba67c9695a23a4e154df4bcf91fdda21c5dd03cdd80fbcd81a5
SHA512f933441cfb01f410c2503411e4637cb2be51a3fa4d3559cf7788c617b026dcfd9de1a35ac67f8e51a98f25229f78fafdde7ee338651bd029ab307a6f908e05f8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD5fde90e995be4b64a2412d0a49d8510cb
SHA190204636965358ad587d87e2561383a995f41030
SHA256513e85aea196e302043051f5f08c346d9d09a823251500dbf99084d5ae2bca00
SHA5126780194e5adcda53c0939caca9a690b407ee564913d66d40f3661fc1f8a5e9a15337439237faee58a91a2313def8169f41460dff3d9f150f4fa26fb3b52d69e1
-
Filesize
625B
MD593833b7bf00daa739e8ac05e8e3bf7ee
SHA1f116ddcb46b59713347eeacb314363c9a5bd30d0
SHA2569265b69d16f7eb4acd2d75d041c13a254ca9ceedb697fa4c105bf0bed7018c6a
SHA512a210b5f85476edf58a1638401d653b0a72d14176858ddc4038915c8f5455acf1eeb8e47cc05d5ff65a4656eb40b3a497806e537f26238c3991a7de0b817eadce
-
Filesize
873B
MD521aa321e83637cd75f02410cb0b14c7c
SHA154191ca334e3c76e94b7d2a892acb557636c4898
SHA256718ca9cd01e75d2126d441396741467682a00bf93ac5f8771bf499adabb2527e
SHA512af676b8d6c3e4e48b3cc4f3e026540afa746955eeeabcda6843f94124f6ff49e3ca4bb9abffa525ae3727b1f0d91303af195fd80c8d231cf05442500793f0243
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD5251791adfd4a265269bd60f0e85e89d0
SHA105a2017622b6c7a6e3f1e47f0ce0c05d2a418485
SHA2563272ec090743536e28453cf09f70c773256bc07517ee426abe50ee147395de29
SHA51298734bfbdab32f69b4de60bdd602b32db3f6f5a4c58a5f2e377eda1680fad741d076dcd0767cd71807fef53613b6be8b2b787707b042fbbe6dac4bd5230bc6a4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD55f666bdb74a00e1efca09273fb03372c
SHA14253046cd728e9152ccec92c1e857d962a120fbf
SHA25627fa045cf2de64a0818566556510c3b65a92a678b9352a8c1569ed865adeb11a
SHA512f35fe2937098a0b99f0513b9c28bda092a47cbfd235003971d61c724a3de53028ac3e1a8dc5f7f57599de118a63509a4a50ad7abc23a1f946ce110b81ab002cb
-
Filesize
615B
MD5bc48d6e75252587fa8453ea2e711922f
SHA16327940663f89802ed550642da5a4dd26f9c38d4
SHA25695878175e28d8077a784a5fd233aabf865725f7bfde7392c1d3a061ca95aa230
SHA512b390a4a071a9a7ebd1da5e47d2d5376ccf0f07d2eb35dd07e2be3ccd6f50a8ed0875dbf039cb00c7143f4edf05ec9b04dcc8701c18ef564751ea646f848b1b4b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD5068b9009871a3e9fb47498148d3f7e53
SHA17b3ca1f709d1458e9f9d8a8f8ffdf81868a8a4d9
SHA256fd5b54ce5220f5574b9af64350d108a2d4dd1afff8b04dfdf9662e1ed1582766
SHA51296a344cf11d7f610819c7339207013b5bc439c1aa00258a0579a3e2f009b0226d8e8a6ce4b3562885fe769d80dc2c89bf5df823ad14efd3fa1d9946777532629
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD5e7a75dd78fb6050163d4f7c594c10958
SHA1d0ddbe056298fa7fb830b4f002ec4336733a81fc
SHA256cb5fe722a9859436fca73d9b2bc76f0f11b417947b2e4dce8d876819eccd2caf
SHA5120dcc5308b4696d2868bf3c856b36a547506d64ac37429dd51affbdba7842c15d5c7d2c0ae5c1e03a017cdb67262c94bf1a416a6f66d248e57be4133d228b034a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD5e5f13ef36806558a8a2a7f5d92d6d8ca
SHA17123a62a9d37e90ecea35f7955105b799d5ff304
SHA256126bfad50fe3cb6afc8a168c462225dab910f93b72e3d009acf1978d0ae143b7
SHA5124b5ff5b78cd4966ce60dc127b202361848ca6cef1eaebd6632d09ff49647d0200ac765d96cd2edc52543c85bb2a21a39aa8de766116661b3d473e2060f6dc64a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD5f322d5ee94f0d5ee528de592eb23fa6f
SHA1f8e934b3cc1ec9f82d39236afbbbb799ae7eb8ff
SHA256e1bd08a2251bdeb8ca5f56124a9855a785f3e33735d1e70c6c08c2e93b08124a
SHA512d29b92f75ba94e1de2e2c5654021c6d2b694491407118fe2dd92660ac582791aafdf6184dd06cd472c67d60dc2de41d757b14b2c547b097c815ce5cc23166022
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD5dd16d4f6ff9878c2be23c4732ab60292
SHA1383cca28b4793e821adb6831e5204cd8cc3a40a2
SHA256614b27aa4306d27d92eed09e43679c33b5064d5dd10d0b00bd9fc936c37e6896
SHA512357cc4c58800e964a2835e1894bfbc6987bfc56fd99653048c44bd36ece74a90c0e86a08d794e4ac1d8217931ac0cc137a583203d972a9d293e8d5c133eb9154
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD52b0a3ebc197761c23c83400bd47bd2dc
SHA1ef3fc08b824a342d56392ac395a43ecc047f4069
SHA2567c58b3bc6fb0b021a3f01a8809ca0bfb642d615fc5d51042fdc05bbd7661cf02
SHA5128bc8d9f9488c7b3f63e615627b1ed3205ae116c84023ff91402c0fafdce03c649d7eef9dc4fdf13d878631bc18ffcc0ad198c0cc460507921af94327b9c59336
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD5182279bbd6ebcc7718ff65262c0c9a28
SHA1466f36eb3a7059368950059b1c54c638df25365a
SHA25671edb260d7d47fee6776178393668ff187867028eef622c01ec8d35eef7bef74
SHA5129a689e1a1a4251c073bd1babfac6fd56cbf967ed3635b632daf63a4b2a71e4da57a7b120dba9cd82f7ffce53d33c1ccec839b6d40a021f39dea0bc30e2944528
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD587fdecfa42e16eb3ee24f8fef27600cd
SHA114297bbceed91cb252f623182844df37da59c632
SHA2562414264e78aec5147d1e869a701372620e140222ad7aceeb4b39b1269c518b0a
SHA512b415dcdbe48c8a3c6a65931f7134a504231ac803095835bddede0e60468da433e8e3c36c2a51310baa909ea6f618c5fd9f26d956e61261cab900e2bc71749b93
-
Filesize
153B
MD51812bfed5b7bedae4114d78be29ef59d
SHA108f6f4e3186bf9ad4088b235466ff05fb7f9cfe4
SHA256db8dfc46121fd7b69092562b58de21851f8d88c231e73ea416846a161e144a60
SHA51292f21dedcd376b9eb10108f90f3b936f60ce7be583eedb2eef257aa1f98eb66983a349f2714925ecf5a67323a040ca15a308c62add5e8712b137ce788a4ab9ec
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD58c4869729bbb21354cc3f07ec3f1b224
SHA1a3ef301bcae8434bc76f464c627549ad25e8a27f
SHA2562ac240111c2d0b15ff224cd0d63d69c08512cb1f9a2d90ab831fa2ec532683a3
SHA51242c52898882696877677469f2e27b403b23550a3e50e76d78d0145e85eba8d17d22193711b07006d7030cbdcef933c1c757ae1d4e2d9cc8ec28ee80126094b2d
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD5448bc1f6a94af3c567c4fbadbd46f7b3
SHA1fbdb9a4b09b821cc63294cfdca3ab80ad991c54d
SHA25676b821492e5ba636f0b6ae3b4e1ab83f3c4b1cb6d8d9d8121f6eb968c7469210
SHA512c7e4b43ab87c94e684a804ae4c30ac790ddd0d0cd61af8d646610640a7ac141775278ab2892625f69452ade98451ec1eb177938bf70279b43dcb5e3c5807abaf
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD515292d7aceced172ecb051d340847b36
SHA1eee5d3a27f08de11f8a694c5e478d240c24d7631
SHA25695655568a23ac07e8f1f62f00d19ecd2661d4aeb31063da22f8346350554084d
SHA5129061a79aa474a6dcbc9578ecfc5b4ced8d4e6c6164794b3c45dfef7a72ddeb8fa3421635e6746eb559608fc23644475a7ef521134979a2d4d76239d01db1c7d6
-
Filesize
109KB
MD5832d495870e7e4a17fd3471da429d51f
SHA17c19562afb336e022303bb4455b6f804741d96fc
SHA2565612dae8a2bc971a5114e213407d626cbc4b8194603f0d2f432eb9c51eaff4db
SHA512c7e5fe2b342ee038b8dfc763c8db9844cb66000c5115d2ac8676f93346c13573001f0781eb6df99fd764575be6ce93c83a70a75abffe7b1b89b6ad6ba04e4a70
-
Filesize
172KB
MD5f53144674f7bc33e1fccc55c8c6f923f
SHA1bdc4371b14ef2355779d45924880e80f5991a58d
SHA2561fedfdb532235d440050365b025e91c5afcbe27b77de45b611786bdaa51fcdfd
SHA5126eb705714a214e24ef16677b19349d7cc234b578560e7521635d73e8c691bac98d79a84b47ebee53a3c2a8a3c718ef77ba6af9eb55d43f83c3bb8a85a9a9f2bf
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD5e58558e7647f310e7b877b8816c73025
SHA16433e16d7099200fe7e240cc6a06c88676928ae5
SHA256293a0ecb0b915db61610e952765735b227a16e7bbcd8e012a3a9e91a25786ae9
SHA51288889df9fb705960ab32dce33de119be5b5f605ba31fff9cb7cf573708ff5708756b4eed1915fd44585fc08d1029710cf310ef39af23073ffff95c65a084cf4c
-
Filesize
21KB
MD55b5c12f923d27ee61330668ed6bc4d8f
SHA1c63f08314eab243190cbeff3249a16eb9202d77c
SHA2567eedd68d73f75c53adca66588fd802141f8d73762b6496d9d0197495bef386e5
SHA5120888c5a9af769d5408244a1dda91dbefb5873bbaa9fb2aa7168c43ef322fce584119db3345ae08ecf04355a6906e7ad76673251657f72003171aea82e8d87c1d
-
Filesize
1KB
MD56bc8459764cb9157a2e8ce62c0652ec8
SHA1795dd78ceb8c81523fac8bde12e4fc44d6bf4784
SHA2560fca113a1c0a24051de93a539a9e1df4f5d453e00ee5f354cd4ed8d19d4393bd
SHA51270a52cd1b2973acf04429155779f12a6e3c733d2ba906b50b6b4b1e88607ec5e4a875a116e8923c5a02cf12a8306bba0f25fe1cc50956644fc9d5968ab8e3c51
-
Filesize
952B
MD5b8bf18c7d548cbacef1a856f2c8ce5ef
SHA106c00c2a469659679c4fecfbdddf0a8b2be6d2db
SHA256783bfd9eea38b5720030ade6918c4c629cde00ba13493c646ac5a693be89ef9c
SHA5127274b6d461dd5816776a2539a50434a40ff396072f193bb7d68d64769d0ea9b13c1d2b876f50a1b14a271f9c1211c1ab29d70247fcf095bd2bd806aadd04b6c3
-
Filesize
121B
MD58c08058ebfa37a2269dc87c4597b009c
SHA1341a269774559396e7fe992cde80f7bd95aa5c6a
SHA25648af867f372e34b5c69728bdef6e26371dbeb705628cb4f53574433e8cd3adf3
SHA5123729adb080f4d720acf819b2dca50493f1fda825f5ccfa87c3efe2b12c6538d7a9df82e506eae1c7768ff93358c6f7e4705dec4d7c3622f8705052684e2d7500
-
Filesize
1KB
MD5482676076bcbc2a86f5ad860644a392a
SHA1701329433d9da2abc13e722203994c8d8b3e738b
SHA2562f3ee991758cecdc09743aabe0e694c629c73bffb30fefd6f70d12a67e77b74c
SHA512cb99ab583e80d9fc31bf92710cca94eaaffd94a669c4da33b62782092f05888677795f7595b91904263093724366d28e6b5bc8b300e12796fb4a38b1e7c91cca
-
Filesize
8KB
MD5e7b446716b9db90dd1b525af2dec226e
SHA14c98535da286cc977aba7aaffd9773706138d379
SHA2565f5d9c9a9fdd2fac81ae77f9019cd70ac6b10b18e83c4f0b1b0f249e33abe6bb
SHA512872e34d715216c2ea098d0a8b0db262f2978bb1b7e5a0992832089b3dc3df0e65b5cadaa5ab9e2c35daf85057b21ca2649319f7fd828cd249a85d533c2032529
-
Filesize
914B
MD55b987769fc92bd2272b4773a27cc5621
SHA18c551623abd7723c52cd5f10e1abd4d0893e5fcd
SHA256960f73b5c28a6225438cd6287aa275a9931a98ab234e0e683972e8903bfc5b4a
SHA5129f7c75d84d72d8ba89bfa9f733dab84fcd2e9b715989c5d2c92fdb19efebc3549f4fde2a69f26cf061739a629dc5952675a7fb336e5cc92a64dfd7c8b8d8b6ef
-
Filesize
328B
MD5e813b7b4e3f531e39929c1d2b7fc91a6
SHA1f26d327df650a06c5018c783d2a1251138ff9ec9
SHA256e4895838d8eb6c1ff9f928a24c14b77999fca5ed958b84f33a33f33f6c7f17f7
SHA5128139806d28257bb2b631c4e81060c95e8c54d2d6f552b44b085a3b90e017a25d741b6c74527cc9f345499901291a9a80e2dddb85d74464cc2e27da28b09f7782
-
Filesize
1KB
MD5b754cc6dd289feca3a7463d7166242c9
SHA1b75bae1ba2fdf76b46ccb9712578d114071b3b78
SHA256bd4de465207622571b6d4f0653d9e142c6d861e81d051bdb63bb636a0b1bd788
SHA51273fd351757598590dd5c75247d84c775c8bc4f2201828b839a2b6d41391d2a452b46cf5126ef8244ff6bb06ee8316342354bed355cb4f655172f1f83485180de
-
Filesize
162B
MD52ed66c33a08fb4f2e9c8892d04a96fb7
SHA1255daf6dff023af86a4df0fdb43175ec0625033f
SHA2565cc27baede7bb077e6ff088041eaffea9722b0fdf980daa746d8039951b2f6cd
SHA5124adafc3e38ffeb9819faaeae7e61c89e0ddbf45279950bd7aa00102bc7a4e18f99017cfdff16fb30070ebf9783bd1f94c1ed67d4579fdcf962ce91cdc5983b58
-
Filesize
586B
MD5e320284b4a98558db8310dbb6e8a1046
SHA1814a22b2ca4fb4a9a0e6ecc851accd27bbc9ecd6
SHA25604f3a63741d9b63773958296aedc088b688ecd368ed77d79a17569317e1fb0d9
SHA5127486aebc0a9a82c78494f2f9fe73b56b2d76b4df690cd8089e0de6ddde581055df4f1db595aaaa5025071202858d81f47e8f609b5066e4d25fd75379f66146d5
-
Filesize
124B
MD5446a9f4ff70ed7df19352c88eb0849e5
SHA123e034ce3b3d575d7d664c766eb3761863de3a34
SHA256ae60e9501655148d698dc676d9d6becfb4e23457620e1a953125baa279fdb0fc
SHA512dbd9c971b7546070e93a4b6205edf127e6a58229bbcdf4ebab7dbc0aa6e7e85886882f30c45c8d0747060faa1e22c4976475f0dfcc3112240bbb2955a51f8f3a
-
Filesize
8KB
MD5416f8d318117f550478329e8b2551fd9
SHA17e85de4cfd1fa061a78af55baa506af0fd93cca8
SHA256609c90c254b71a36ef7ff346a76a679c2ec57eb5759bd59251dfacab3e221e7f
SHA512d714ac236b47547cf99f33e07987a0f4abad99648b307e6343f30256635c9cf819844b76008bab80f8b23521fd2e8c2ff65d4e4ffedf67c4abc5cae55505940c
-
Filesize
880B
MD58670c2860b74a00dc60caafd1dfa12c8
SHA1a120b57d05dae79e767c79572f24cb041b6ff1de
SHA256ae15d8049f41e8d252b9471a45a6a70e9aa088487ced1e06dabe75c697dde66d
SHA51271efd873794500bb9029cef47d7202e4d2c61de472297ad6f60890888b397292c238e505a4bedef069f1237ee18cdd0ff8102441e25d954df484b43c886b496e