Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
20-10-2024 22:57
Behavioral task
behavioral1
Sample
647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe
-
Size
7KB
-
MD5
647ea27f3cbaa4a260f9b349431be8fc
-
SHA1
26cc7092a922367b56c0d3a7be4bc2c8bdf1e81f
-
SHA256
732008298cfd71dba174d801c1544630f27d4329aad84072201ae6f3a9153a7c
-
SHA512
6f84010260edb78ed6a892db3e36a4a8df5b9e76ab247728e5f88dec494d8bd986945ab6bf13c3cc912a1506a0cc82eaadb3d8786334a0dd5f4fd9b71f5607c6
-
SSDEEP
96:5mMbv5xZxkQuKBW7Dm4p8/UDqpdONfG7NpH1w5kO2LgKQtQTLIQi1XDHxMUA:xb12QuKByDo/m/NMsQQtQTl4LxMUA
Malware Config
Signatures
-
Detected Xorist Ransomware 7 IoCs
resource yara_rule behavioral1/memory/2296-7195-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2296-7196-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2296-9011-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2296-9012-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2296-9013-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2296-9014-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2296-9015-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Renames multiple (2191) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3XgLAk5QZIO21lB.exe" 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\bthprint.inf_amd64_neutral_3c11362fa327f5a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky304.inf_amd64_ja-jp_1b1a158086a263a4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmdcm5.inf_amd64_neutral_0bb09f3e5a59f3a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnbr004.inf_amd64_neutral_a78e168d6944619a\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\IME\IMESC5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_scopes.help.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmod.inf_amd64_neutral_5766736c47b90fff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Windows_PowerShell_ISE.help.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Reserved_Words.help.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_locations.help.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Automatic_Variables.help.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Parsing.help.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wialx003.inf_amd64_neutral_db618863f9347f9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Command_Syntax.help.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Foreach.help.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_neutral_ea1c8215e52777a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wiaep003.inf_amd64_neutral_c2a98813147bf34e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Comment_Based_Help.help.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_scopes.help.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmbr008.inf_amd64_neutral_2cedaac353c381da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00a.inf_amd64_neutral_d64d696193e69d7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnin004.inf_amd64_neutral_c8902ae660ab1360\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wiacn001.inf_amd64_neutral_b7a0b2f53d745b5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_output.help.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00a.inf_amd64_neutral_a89d2c01c0f43dfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_For.help.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\xcbdav.inf_amd64_neutral_cf80e4da1c95e6e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pipelines.help.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_types.ps1xml.help.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Parsing.help.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Automatic_Variables.help.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmoptn.inf_amd64_neutral_be2f30f68f2a5567\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_neutral_86bb50f34c49ae71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netbc664.inf_amd64_neutral_673d3dfb961e9b17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-ndis\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_jobs.help.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_neutral_54f2470c084714e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\tdibth.inf_amd64_neutral_6ad685957123daf1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmzyp.inf_amd64_neutral_b64bd08009e7444f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_preference_variables.help.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\AppInstalled.gif 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\slmgr\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnokia.inf_amd64_neutral_a8e9a41983d33a0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00c.inf_amd64_neutral_79ebe29715d2fa47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_While.help.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-RasConnectionManager\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Signing.help.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\MUI\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\SpeechUX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe -
resource yara_rule behavioral1/memory/2296-0-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2296-7195-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2296-7196-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2296-9011-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2296-9012-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2296-9013-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2296-9014-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2296-9015-0x0000000000400000-0x000000000040C000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactHighMask.bmp 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_docked.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-horizontal.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10267_.GIF 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\31.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_disabled.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Slate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\weather.html 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent_partly-cloudy.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\currency.html 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SONORA\THMBNAIL.PNG 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_over.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\ro.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099166.JPG 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\tab_off.gif 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files\Mozilla Firefox\browser\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0400005.PNG 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\info.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\settings.html 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341448.JPG 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\flyout.html 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Chess\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\lua\http\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\WebToolIconImages.jpg 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Discussion\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Generic.gif 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\icon.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Mahjong\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files\Windows Media Player\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\it.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\DESIGNER\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382959.JPG 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10335_.GIF 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BOLDSTRI\PREVIEW.GIF 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\amd64_microsoft-windows-cabview.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c9aea7a9b6f49804\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-a..in-native.resources_31bf3856ad364e35_6.1.7600.16385_de-de_75b60ec66e44ec08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7c8f75f367134a030cba4a127dc62a2f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..tcpmondll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7b0701c2a3d305ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-c..tasp1.res.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6d98c8f79d52bc7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..essionale.resources_31bf3856ad364e35_6.1.7600.16385_es-es_49951833cac830be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-f..ger-utils.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f6b4858296db7079\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel.v9.0\9.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-b..smcnative.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bffe88f294452968\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_gray_snow.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-fax-common_31bf3856ad364e35_6.1.7601.17514_none_6a2ab458674011dc\WelcomeScan.jpg 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-a..nce-tools.resources_31bf3856ad364e35_6.1.7601.17514_it-it_0f226dbb7efdbce5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..engineres.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6cac38d52f2b60ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.resources\6.1.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..esframework-msctfui_31bf3856ad364e35_6.1.7600.16385_none_ecff8457efd7a12c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17514_none_75d78dc0bb37c026\Cave_Drawings.gif 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-0001045a_31bf3856ad364e35_6.1.7600.16385_none_05f2eb05972bf8da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-ppc_31bf3856ad364e35_6.1.7600.16385_none_66737a0b54629553\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-branding-base-ultimate_31bf3856ad364e35_6.1.7600.16385_none_979c1f2fd8e3b95a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-sports_31bf3856ad364e35_6.1.7600.16385_none_c1c84490c211896e\SportsNotesBackground_PAL.wmv 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netirda.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a48ba31132e1b6c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnbr006.inf_31bf3856ad364e35_6.1.7600.16385_none_4bed837728a94042\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wceisvista.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ef955ffef62cffe9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-mapi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2a5176554b8bbfaf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-harddev.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f5c5d10f1763f320\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-printing-homegroup_31bf3856ad364e35_6.1.7601.17514_none_1bc768b4ea653f27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netl1e64.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_543e2537fc12f027\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_netfx-mscorees_dll_31bf3856ad364e35_6.2.7601.17514_none_e38fc171883ae1dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-c..nable-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_03fca4edeb2eb7f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..overy-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_db0db9f73ea4a0bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-smbserver.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7f7f1dbea0773732\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-uianimation.resources_31bf3856ad364e35_7.1.7601.16492_ja-jp_5feb38cc6ea19796\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-msdri_31bf3856ad364e35_6.1.7601.17514_none_c42ec687fee190a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..ytools-ex.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ee53ff906ad6f4ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_elxstor.inf_31bf3856ad364e35_6.1.7600.16385_none_08826a22cb03ca5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-n..ktopology.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4d9da74c90922716\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft.transactions.bridge.dtc_b03f5f7f11d50a3a_6.1.7601.17514_none_7bd3e97f3b0f2f9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5e7e03e26d6d129d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_environment_variables.help.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-ie-ieadvpack.resources_31bf3856ad364e35_11.2.9600.16428_en-us_63daadc373aa226a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_es-es_85e455db744936f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-garden_31bf3856ad364e35_6.1.7600.16385_none_f7a4bf1e15863e21\Windows Print complete.wav 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-vssapi.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4150642bed0c6eef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-t..nputpanel.resources_31bf3856ad364e35_6.1.7600.16385_de-de_be2723b43266a7a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..-comm-dll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4a3109b44d89b28e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-p..randprintui-prnfldr_31bf3856ad364e35_6.1.7601.17514_none_de1f63755188e0a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..sions-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_194039000e7ad3f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..omponents.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e8661411216e44a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..k-msctfui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1040a190ea581668\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-cipher.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2c9401a71d3a5268\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-e..nmove-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a1d121939c849ce8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_divider.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5c190fa510623c37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..i-asyncui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_34ef8fde742ef2a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_997299d423475883\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..ty-identitylistener_31bf3856ad364e35_6.1.7600.16385_none_d57180f075948160\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wininit-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bfd4501165b6d6c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-credwiz_31bf3856ad364e35_6.1.7600.16385_none_fbcfa2528586252f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..nesweeper.resources_31bf3856ad364e35_6.1.7600.16385_es-es_eae468cce5c3400a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..inkwatson.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f734ab4b52e9d642\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_requires.help.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v3.5\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-bubbles_31bf3856ad364e35_6.1.7601.17514_none_cca44baae0912bbe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f223685acfe7ea57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "HJQUJZLBLCMCNJR" 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\ = "CRYPTED!" 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3XgLAk5QZIO21lB.exe,0" 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\shell\open\command 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3XgLAk5QZIO21lB.exe" 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\shell 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\shell\open 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\DefaultIcon 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2296
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
283B
MD50798f82786161ca795dcd6a0999baf47
SHA1d304ddfc3bee87e23a2a2ad8d4f08b8ee557234c
SHA256a8e24865a0861f8281156eec1b3acb9e4a2e5b705923d39f07c860286510969b
SHA51280b9d7fd8ce4b66494bd27eb0783c8acf832dd6c493a280e5e64cd2e8a9e0411c93015896fe965a01fad8c974fd2bbfa0d187e9fa1beddf4089d9046615edf26
-
Filesize
341B
MD56ee9736b22d1daa48f587172c5ab61da
SHA1c267b8222af6677b326b27a58146883f5950369e
SHA256e4b99b18932a35d5bc033a16e9d8b02a250aef2e50c8311badc23c2337f6daa3
SHA5124b41f6bc8e885cb755b82ab93f10f14fa8120e7a9ace8fb630e17b733fd6afa016b37e313dd5f8a4c7967540aafbdc2520ee78b3d9bdd8476f3a0a2b5021969c
-
Filesize
222B
MD57a2f450736d4d013e96aad75c308599f
SHA139c949bf1da42dd25d51d4ced1e1b938a694d0fc
SHA256829a1689f04f00e78290cb7466dd4d650f019ac079cbab7a5ff515a6611bcaee
SHA512701f20aceecaf4125d08ad096d205e95477b3d012a5bb434ffae142feb0a777250cc0fd6c74574b379297f360342545b8df1bb3ca8423d659f7e53509e7baa3b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD5424ba69afd55b102bed94a81db248986
SHA154656d0410d7f3dd27d5a8065b2b310e8db741db
SHA256118d44a7913030f7706f37a2a282fb24ce68882511b1a84c594b85909e90caee
SHA5121cca5884a9da2525c502c543e883e1689848637a10e682aae8bde5f3a1e676c80310332b6c3c99ddb2d5c790bba78874af526e700d4dd513b8db6c6105cb80e3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD5701d0c1f61f7e7fdd990a10896b49622
SHA10d3aea34750bf1a83fcc886c0b53873be12333ab
SHA2561f91302b4cb16edc53a72669b3ff1eef39efb9f95634533325827f14cda3ab73
SHA51246b0f44e31b1216031e430a2bfc2310dc8a59a3f23f5af058935d13e82e53242f98600924c10932ee283cdf1492eca14652add9005fd4ad0109b79521adff84c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD5fa5b874fdd4493c17aab60ee9946763b
SHA129f479383947146d61bee7b9938148c47bf62ece
SHA256254656f7b580484f31b7fa2f072a540fecd3dbb8caa9baeddfa6f41d6ccfb3d1
SHA5126cdce7e611ca636598ab8dc8d3b4a5737cff202dabe93f548e978bb0835655030052b1fc2eaa2933aab9583fa410b441b24352ac3eb525ae94880458d6229375
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5eec07dfcaed2fde34b7aa6ad44c1dd55
SHA1f508973b31c3c062641c39c06763efa8983eae9d
SHA2560a8587026093071663a829ea5ff00d15d9b84547cf9a2522dba8d25293df4ee3
SHA51213ce611844edcbf56b8245c71a49d9e1d70ef0daabe427a9ae4642c0352f4db48f870a652e016f1eaf22b01e45c3e1df8f74a36c58448ccd9449aa90da50b161
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD5e5c3a8c9e51ac8a392175b51e10ac13f
SHA1ea7e5b8a9d290b6e0372b9331484528a9f51e017
SHA256bfb8cdd631517026ee137c783081f4e9ad264554b49ec0e76f9653b2ee41f3d9
SHA512d29ba7f51c51ea0ee9a82b1666f222a4290fd71263f4c11aeacdad452d4aa4cb1a73ffe871ad09c49616c1d462a36a382cff2e0f7f623805f1827e26e35405dc
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD534fd09a0b406b5b68a3e81b9aa2b60f7
SHA1500712eba56a56e11d4cf7aeebca9e75fd06e335
SHA256923240d3c997f1fdd8bf9023908ad09f8285dd2fbb1a0d0fdf3c6740a47b7cde
SHA512e712edb092d99bf234c301a3c00c1c6e74d36330d728e984a8231e5e1a29e9634219f636ae115d86f0391254e1bdc1f566fc7a6d317454e15574129e11cb386b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD5ac4f976a462b209e401995425537f844
SHA18f4ae9378990f44e5aa5f9b8aca5f60444c44670
SHA256522402522e63f4d6b412b057165cc7ba3e02d96ab163d90345a1781696c15d2a
SHA512fe2907646464272becefb954b537f871f534238d262da0614d1b2f37cf2b9469209ba13f6ec950b6781f706ee3ee9c19f7cf2b91d37ee41ca08b945da2d834bf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD55391124ee60a4133432e22449ff25002
SHA1a2056f958a10c7328eada4a70f7191b66f030223
SHA25626ba5d993f2ffcbb0132ae53b12edbb3d54c4a00303d2e7c541905daf5b844e2
SHA512a9d0b922b589985e1174c54b97300fe48cf2fe4c684410995ac95541d27bc40d7e824efda5d572a178378a1f0d8c525f6877fd302cf6c7971273e9a39e91bd0b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD58ac42d0fdca01aab73351068f783f71d
SHA10aa5eee8aa882f63707d1f348cfd368a4b4a3b05
SHA256dd11ca0207ecc5bce2edf03098adb1ed3f40ccbe27972452193422b5c54a0ba0
SHA512f121cdc0a4e358ace7efce1fbb12ca7dcf7c73be8e913525108dfe784094d98a85a5f9d8123c0c3feb857872e58cc8b2cc00ab48f10a2440b43af92ca8ef1dc3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD54ccd0872eed07528cda51c590352c551
SHA1fb36241d3839aee306f0d3ec3c15f040dacb5597
SHA2569f9860919caa43016c05c95c8704fd39c0852f89096cc64f20f08c2cf83083f3
SHA512db62cf1353c1b196cb1c413580fb03433783a36c69c6e5e3689f36b59b6c1f56177b983ce74c879d444e1544a3601977ff9cc9c2dd361b5382c023c5b049ab2f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD5d5953db1ecf0fde16d43743c1b033a2e
SHA1981ce25c3ce8116e5b81daf4073de209fa1b0c82
SHA2567ee1491de2b43e91974f925b2ce0999c4682504b69b197a12ebf1d60668b99ea
SHA51201365fc1e74a1cb7ac24ea79e244f5933f060318d16703c1580a4604fa7819601dcb9a742942232c57e8305035d58b83fb51ff8f30bff4bbcebc3c70797b4309
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD52e2c0704b9c7943d888618f5f20888f1
SHA1839b257f2fbe8900d4bbc1d274585a27c8f48ee1
SHA256e28f4ac229b0a350c6e294f0ce8ac50f86aad0b73218592395985fb5d8474151
SHA512dd29bbf899ac2e00ea8eccc97e6bdab8462ed47805c5b1a8936faa76fa3155639a0905a9dd415291b95b6b9955b4401c0168d7c4749e93c3671509901e5c5d5d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD50bbe9d39cdfdad9ebdd6eac2de5cee87
SHA1c615c5153050b082a3519d8daab762876b471994
SHA25646b7b98df972afd26d4a482756da86a1ccb6ee02ed5e774aafdf7c01f07797a2
SHA512dfcf257b61d448c0a817235f09f0da4fad237b7776a96ba5ca08578c5b008e922714ffafe835a550dc3f02848d7e3bd21ab09ae63f0291b56f7509c9d33b402d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD57da58acce99463d2636a4d41b189b63c
SHA1254d2d0f9786049e0c252084fc1606197c8eac2f
SHA25696d272c639145fef9914bcfa9fb44eed12ed52e1e336dd328ae3873e0543a384
SHA5123ba8492819e1dd71bb3ca5fa675428d8ff6ca63a033a73402afa41babb09363d64feb06882187114a7e63d046e394700db4ceaa7021e7bdc420ed66c7c05cf12
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD591e3fde97849995dac87426f17d91c95
SHA13b14c0697ecd8bd34ed97a8ce6cc128289e0a3e2
SHA256a9a875ec511e44481f851bde386fd0462322d3a819626cc36aa1a5b2cf3b2046
SHA512b1517f3b0ccdc6e0c66e57be8370ac738e48898c48c842b145a9e093c65fe00d1a00a7a9100a69f54416405a1de324aaffda8ad363f0d6c85808fbad4b939581
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD5fc123acea3ca12434cf521901265e678
SHA1834b9a3cb1de6def97f17700d9762ea7d9fc3664
SHA2564aba6c3d67b72d1f88e2e0821a733e8d51d18ea778682bdc3adef572d99242e5
SHA512de6e49e486e61e8b179310b3595432170203a80192df55c1fb629d25751aca6326d5f48086e9cb31f664097b49d019e944391480c3552fd3dbb26d4783f3d08c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD521433b8d5334629362f1434b5b3a9708
SHA16a180cdced3dea83dea36dd55f518450218f7185
SHA25674a6f5d4946816c5cf1be388f69ed6a04c3aa3d184a3bc2d4039837b3adecd7d
SHA512ee20f91e7891409b9d2c6fc5442ac572ddaa4286dbbc3943357230b1c95b8baa5c7df14b0a8ee42c692d749dfa3ba18dca8b731c929f2d27f3b36109232c6ff1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD53fcf41731577e8a5e545cd86ef4a70a3
SHA19bc531e6585e8ed742a2b2567291eb6fb118ae55
SHA2569ce573257e279ed0276c54c1390786fd1b96dc8ce5843e15b6be17642fe79b51
SHA51280ff6b39e239f132fd1332ba5a642ed90f21c60b342d096ade18c62e1aeb0b79d6eea8107b9fe61fe06d450b0c25eb02cbc1f2b7bd13d9df150019ef81f29307
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD5f445bd00fd70fefa28bcb1816955a00a
SHA1f99b7c27ebf213f889ec284f51eb940be54e38de
SHA2564717685128b54715c6930e054cd8b72fa6633b64bdb88b82f4c2d54bc10fd909
SHA5123e419d26667077c2dd0ffdf1bbdd94553e0dbe699e176d7cfd3c2380934980d5a014f9fe059696e60f8cb8e1497f256fecd3c1fe178640283b330a7387d71c0a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD5e105dfaa3c62007641f590e1daf31a43
SHA1d0faf2bb18e4156ad6c164ef7820ffe5012cfbe8
SHA256c44ab53ed2d0c7f05243d8eb8b913da284c8a6cbff601bcb150c226459f96986
SHA5123e8a24111cdbd13f038bff9fc86fa3d4d2a479cbb7aa48d95399ed869e17a8e68863d1715d6e684dece09650d525be4a717507e0d6d5ed3e35d68473e2f64315
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD5789f7cc813ee4a13eb5fd311ce15369c
SHA1a4a350a17e275e6c4fd98d5627708d1d3aa4dc67
SHA256d8d37407f9457f19b392d86ec2462bbd31f83f41ec768ec3d6d287fd5f397947
SHA5126cd2c761361d39145d2026a6de0829dde531058d54f57f7d2519cc7867df0fd5b115167d3a2f7eddf58205a8c90b7460565e18943ae6a05237385802cdcafe28
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD58c6d22f4adf09e1181b59cdd1b995fad
SHA178c183e36f9185f18665b649b8ba1f71ba04029c
SHA256882586d76d814e984d1ff86a5de163d03aab2b4fc3f82f2e25a56663353bf6ec
SHA5123dd2d6eecb54972ea8b0e3c56eb229ab84c866588851e9d6bf81c15fe9289a72aaad350ce4b30a6dec5c94218d8c00f618cef0de63b3188656573465225ce3a1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD5c66d24cbfc6dcd95b3e85c4c301e4c9d
SHA1e52a20df07d2a25abda7ff18df172bf5639de0af
SHA256208cabf423c838d8adac6a4d937671c1ecc0e607862c9c38df2374cbf76ac99f
SHA5125ccd083dd19df05c3cdd4d8ea561d536e5c52d03271311a8e2a9374b8c7b573a6ede9b2b0fc5a0a637a77b92691d580b55ef63c0fca59c5c4e1b8e4dac076547
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD5039c8177b8a929921a0f7b4010bcb6f8
SHA141bb63c931d3037adab9f3cfa65ed1c49224d567
SHA25689bc79a445c220fc86351136551ac6436384a463e24aa7d15a6d4c5b8a74388c
SHA5126a3dfb184b5f08b1cb084659b11171ad988531653c28ba9e975551bf504a4e5bf8e2d616fdc94b8b865a660fd3550b7b20169c3515b3d95500ff266f8d3f6a54
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD5bc3949fdd1145d168bdf91a9b531b565
SHA1b5bfd55170d84a367c1c7f3b12e56dffc8f0c5c4
SHA2566b9f46095e94195e5daf7b3e66324c0e1c09ae662d4e05833fe0b137737aa4bc
SHA512f25f3a756e23a2e18e30248dd4bb897303658663d0d522d180d73b7c5efeb19e337064299a082dab46f2aabb228ed065332efaf3ce3dd206bff72518415508d2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF
Filesize3KB
MD5cbaa5ad84a81010ef1fd77d7787475d2
SHA147b4be2c3affe9e626dd6243e03ed91b4c53b056
SHA256e4c1a2a0a1d33d9550e5077a318d307cda0de4ddbcc779246ece0b2f6c779f3b
SHA512e4c380dcdd02a36662c60d4aa7af6da7ad7efea1a320052a2d03cad4725eaa81f1dedb3bc2818ed97e0f5f191334465c07ff6adb57e5ecebefd4d41eff1773ec
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF
Filesize462B
MD5a89e9a56fa3bc05a4ea31fcdf09b0ccb
SHA15177b6c070cc59605de64fe34ea5ade63a96d004
SHA2563ef49cb9a6937b06005746b44c4c8d6562c01f5086d9d1cb8b3f5ce8099b311e
SHA512fa36acc065be0a1547ec206a7de42d5329b53fed65f9125aa0bfeb48a067180dfac70aa228b4ad3ad97674432187c8fa5d41b82a5236e7d1429594d61f33e710
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF
Filesize264B
MD5e8cc389a0399755a318b7af9352a8a04
SHA19c3042b366d218bdedecf81cb5fc4dfca9f0913d
SHA256241f9230321339966831fc80c00a8cc8ca9dbbbf0c363e0fd2274d69c56d0c2d
SHA512ead8840d56356116cedd3f11e8d0e8e5ffe7eb7010839a23d95665eef93b29e9cf202b6700736c35feaa567a3bf3aeb742ee893dd2156e2e5577ba62e59f75cd
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD5f93602e65e2a3329571e3bda1e02d1d2
SHA13c46ad7ae84772e656852eb69547c562763dca13
SHA256c3ab2ef5d1ca3c97c4bb8f43c8935a56f5fae7c9014fed88fa50d2e8d35d6d7c
SHA512a69593646f71b1fdbebeec35081d4449f77e40c9002d4d3ab1d68522f30ffadeb4379adcbe68cb81ceff3f9be28abbb172aa0b4da0b90c684578ab67ffc86dc1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD59f9c675286a7c892857aa4341fdaaa40
SHA1e6079741378bd50938203f026af04c4f3f857a5a
SHA2569ebfc85ac999eb8365e2ad28a7db6ad775f652e19208b75a54b6bc4c484ec6d8
SHA51270b7700388defa22d18b6fac994472fa423808a12cdd8106bbd6563f6544f7392a87f8d95745265644fc8d4050290fb5fb7d481286ca5e42aa129dd9ca8d5c43
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD53aff1c589cfe1ae1706a2f09e6fa51d8
SHA1d314f3576dec18d99632d314104184e7b13e8a54
SHA2560383916055449912d877f531423fa19f4ee338089d04e860c0a122e138ebeb41
SHA5129f316973f81df6e2a78b9f5c4cb68e419ede9ab62b9660ec4348a8d4a997c281ecb53db14ac3a9f70e6f826186ec269b82f4a3cd4f656ce41c54154d4a538f56
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD56607b07f548a5aa7e1fbab0bf4835d0a
SHA1558f7fad6a2cd46afc1cea0ddb64b80c7092d6bc
SHA25663317b3008b31be6b08197f282ce622976dfb478a240f11eec3edd5fb8a56058
SHA5126c2343112ec9482a3605582dd08122a833455a1d9137a56b5b89cc4649571acb9c2105274d46dae3f4093d99a71b14e3e8b14a5ab3ef0786df2df7360ce80c8d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD5c1f45190fa3336f10ac184a06d3aba8b
SHA1c33877768ca0fa40fe87b0a41fec881f3dc65a98
SHA2561af61a194720572cfb4f32e2e590f4082dc76763d58caf7b25da5be29a770026
SHA5127bf45a67eca9dfd83809d0ed18b8f7187c26f62a59d2830799506488af02f225a56b2c6cd7697c99f13e0f8fe5a82e0d983141653cec73d1ce4e6ce96c0dced9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF
Filesize26KB
MD56c7683a9ffafca89c48576b226999253
SHA1f58167ee0e826a89bd0ef090a4a85be6f93ba9a9
SHA256f77ad849f4bd0ba0197bf208d4ca2d248c6d441349db5c19c5e8e3b43536428e
SHA512db8256cae5a1f912d18a05c48980261bf409d46799e5d73565b67d45745e11ff3f22b4762152b874ad0c53be04c6132172e6d24842319f4db7965bc47f357be2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD5342af442562dc10ca26cc1e63b26389a
SHA133341fb4b1ee9e0f18c931a29df9da0712ddb16f
SHA256b5dbd676eecf3c1531cecc820e7074d6edc41f240aab229d334eeba098b32fea
SHA51218ca6d9c905cd5801a2b1960556d774743ad0b8f5960f755795bece42d4bebed2c57db48cedfb7f5836226a1853349afeb55ea6e57c0f14156cf5f0c918d1441
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD57bb06321d879d6e30f5c9d759187652e
SHA1a418355ef0593c517e656b76fbf4ce752df42a25
SHA25601e2b28923b7ef7dcfc2949bf434b58c24219cb02c95791f432177d4ce72c7b5
SHA512edbb5ea8777cd1d78ca66f44f4dacd8664399224704970335595e5110fa67f2ae91e12caf76636d61e683d661c25edd177c42f2f8e4883292d31cf7bc1b8f57d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD54c24a391f1e4a8f9649b837be88d3ffb
SHA1bf3763636614142492f338af890e6d344ef3ad34
SHA256cd355f4a36df71d5ef9a5b5d0238cb92af83cd6ef7f3e431df996da513702261
SHA512dce2cd8d9aac27a64018348110ff08bae2709489d73bbe7fcb6b9aac07b5742875004acf6530fc6d8758445a5739cd57efebabc020c5c4aad43347f54b93b5ea
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD52b12f1596d21629c83e93a8af893dac2
SHA10a27f272a3f94ff94fcdd1ce52290c208e3ecf2c
SHA256063a06daa2c0600f03bd0489be96132cf0ed7e01bf490f401c804ee412c3af88
SHA5125b2411c26c4ec9c6815a84b87bdb69fefea62b42668182b900ba842034506781aa69a9669ccce454c570ab59bcf01a531dd0ae426431d8b5e042676d7f36a746
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD5a70c10f81c33b6f609dd77118c698cb6
SHA144a277d7a511542a1f17a6c1c6c9140d65b130a0
SHA2562c6506fe96608fcd1db3f560d116e80dde8721e6a4901152beda6a3faf641e32
SHA5129555dc2f333cd12979ae39650f795eec78e747526ded9836b7a5f0cffb9575261afe8fd713d6fef34f8c5d3f49556440f8935377969ab5cb560445137eafcfc9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD5175f147c1143133ff334a6214d58dd96
SHA150e317da04c8d61e8cce4fa168740e3a2346de6c
SHA256d5a08b0ad5500523b3197f26744a8fb2ea78f601c007bd54a6fe3f8ccce896db
SHA51222da6c4c22089f944ee4fde86dcd7eae2e3fe5d068cd1707545c28d90d54a98519999d7660734fe996da342528819505cb11fe2990a065c5dd2c41954ced3101
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD5c21b4693659551803df28d8c20a832d5
SHA1f59d6d03033eed0ba374013409f312abc03f8101
SHA256098a9261fbbf2d40f7644b65ffceba2c1495ab82efa89878f44a9bf663331fc1
SHA5125950c5bd3d1856db15f42d16f54bdcfdd3c1fb370ede1d9cfda5d968ccc63e71548794a5234dd7a0e5714f96145053d9ac0a81f623e5c363347676ce82e2c57b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD5dab345170373aa88ce0171837337bcc4
SHA1220719e8779e4f07e6ef79a866cded4165beceb3
SHA2565bb9f2077724973b91e36ffb51783368839cddb28a1c81feb0c64164aa75f6e5
SHA512dd82df47c5c4c04575802a1e9cb6bfb3e04b3f05d1e2b0eef80b1c09fa6d6366f1ed31023ebe2a90bb12d5a91e97fdb3a1c926111d0047b2ea81f89b9b1be060
-
Filesize
580B
MD5195cad8076fe671cbf94e417c870537d
SHA1b2f680f5a8bb885eef2cd6407b59ac2de7942d93
SHA2563c4a9b5cefcc0c3f5951ab9b62f513525b9b96698e26059fab75b0eb472a4311
SHA51299a918e4b8b23fb92b990c9bc66132ea56c4216c9490bf793cbd306edc04ae32a461d758c450e011ffb80c93154afd4caa9a1073d16e61bd7b05ce54c3eaac7a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD51bc8a0141981772afccc08132e91109a
SHA12fbea1157abd1efc1b61d5f5bf9a72d242897f7c
SHA256b97119f4b8a09c8be8d73c33b40ea52c9723797f0e22f6e45018e092546e74ce
SHA512c16163d200f2b195a9fa03c90022d88edcb391b6ecda6e809d47c7bff0c932921b951c9b2ba29c7d49c114f9c2c7527446d20b5b81450da955e8c109c71a5c04
-
Filesize
625B
MD5120fe55ed54399f60efb48bc5ed6626a
SHA191c000a4b78b659c07907d856e3a3dcbe7fec201
SHA256d9ce4d43ae50bb947584d96c84f960e354a96dd34204e289a793c58a02e70c46
SHA512ac460b44f2b48135546967ab0aac0143c10c9c4c9c89975354d8f35b02ad9ffdc3ef56b99129db9826fe3c1d04979fdbf4e16c143b4f19efd151195f5df51c69
-
Filesize
873B
MD50cdd21470e973d41860cc45d08be719b
SHA1130b3f2cd4fca0e4c431d089ba0b950cb284d65e
SHA256c4825e4da1e5c6c97c8356381fa295cbc275f666f6efcab04eee91586501656f
SHA512c9892d41e08811663f2f565ea8582ae2635bdb0c31cdc58f5001df31c4b6b38fe8fd877c03d0d01bc3d8811dc8e2f9da1a524b83f22c5587ae44a7c04093a85b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD56e781858e220e90efc306b00a67962d2
SHA102949fa07994fadf8997f0ac0ee62fbf38b29ddf
SHA2569e213cfb6e9959b861e7e5c7a2d1b110fbf292f05fcc0f7d7709ac7fcc33b01f
SHA512fd0a83b8e6adda3ea0ca725e578955da51e89b15368453b69d7dfa8d17b4ae158e83f19d52e0966a28d8c4dad68fdf211d6266c8f6c07a029e1a6347806b760e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD5d514ecf2ada750095ecec3ea12e75958
SHA1ffaf738e4d052dad7f7977d7dbe41af3ee5c5561
SHA256f663ede12698fff141ac0fad512f74ee92d0dbf10c58a2d7f209abe894626a01
SHA51266e1fe75254ad5964991321817ea880af75942df170806def6ce38c325d659dca0d44439a223780a909fa8401004430f7a039641cbfa91a3f2a451c318e7e627
-
Filesize
615B
MD577f739191380de7e52ce4ef60ef4e979
SHA11d9f13110ff7b712a189330542a55e531fb29131
SHA256f2a284ce3d9c6bd63a2e83aa8a49dcf7661835ce01fbf2211f3b9dd525be8c46
SHA512758444171a78550884e26ff21672c36025789ee2bda7fab37cd4caad90b83b6a62d38c422395335590b10eb95820dd660b7ae44ee49e1af43fb637bbf55407ea
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD5f16e4ae4bf17a2de24dc68fe529ec653
SHA1de72a0c51cb43cac1cec17f034f4e440ac9a44cc
SHA256154756e2eaf28f68c1cba083cd4bf60e03ce1a47189b8a907bc02018a25bd0d1
SHA51233d22f033fae0ae40f750fab5da1b758a222b3bb0d78dde9a45a18510ea1d9ab1424e7706d7a0f87811b9d3ce3acd6e683001336fcac94b3456587ae4f2e7f1c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD5a8a20bfcbb03a2974dd9917d22dc2be2
SHA1566ffb7231e5bcd0f20deaa0c0103dac59f359fa
SHA2567b6b767d4fc71cacc93b63ef0973caaffc1fb1da7e4ae34c5d84ffca9117f5f3
SHA5124f8ec9cf3d8112ba401a180a24b6d8b490d585b40e3c19e7e6ca5a78eaeac35d7d7b27afad427d43af51a62c9d60352cdf3822d28418c4b04d34dcce020c3eac
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD5e89c68540a7453a0af02f60008710e6e
SHA1f8edb9e9e2f45f4b47cb63eb0fb3d85fe1a2d369
SHA256d1aebf9f31f8aa8ffc8408108bc3a4a906bcdad587f246d1db287f7467013287
SHA5123ab7f48f4fc369b93a0c26aadc50b67064ef2534ce26b5c7230006c73d32eadeb6af0940eeed6f44c2d4cab0c1a6fd70b4e709a228de2309457dec39b204a5e9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD5a82fc2e21bd02256eb3d324a4cf9f3d5
SHA1fc555d71e919c2753aa5ed827d294f622f012862
SHA256392323c6f822c3a6c3ecc3895c1cb4e27a8d1934e54f3beb76b21f96790983a1
SHA5120be04a6e1fd16d815b6fb45378b8a07a635a977bc1e69143bc4baab3368c95d6d253c64354c48da1e1fcb62d64e5824cd214992d3805fbae28590a0c40ee2285
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD5d2824b599c581a152e5e82eee9a0b745
SHA146773721931259c788c1b9d485461d736ecca068
SHA2566b0f07de31d8e4dd2d4a00cf36ca7a58acebfc663a1158454d8d68df31a987ae
SHA51231f0cd8f99dba20f2b398dd3d08b43e3d8b30d89e920e7b1f2da9f93ce1139df8113e2fa464eb2b6d188f383508b05a0dff9c17bee911f665748debe88d0b975
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD5a08038a56dd5a8430da84afc1ac25e70
SHA153ae6bb8ebfb274fd4c99118547aade312dadb42
SHA256d48700880d68cb3e70cd66138d3536b6cb5c8f9098082109322ab45d5a2dd4bb
SHA5127b5f76dfabf9a4d42a2db55bc904afa5004d847cb893cc5179d0985b3611f8a913c5208b2437be40913347d2f36240702253f3f7e6f58935350623191410f42b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD531112e8152dc0abfac03f9a996f48b55
SHA1cda5d167fc45f95cd4bb7ffed20dea98356b5f62
SHA256b9d13b05b7405238d76a711120bd88f19af40b2e835d313e8c435a1e16482fcc
SHA5127a1447c03866a84f54833d92135b9f93160b5b6bdecb007d489c718699eda7f045828c607b0666eb6fd65d9468db8395e57ec0143680b75290941b40c7c5a00c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD50ad31b401b2f54a8ec46b11d19770d18
SHA13813962c9867b4972ed644b498c316b718c79fb4
SHA256bd74ef7e70b48f9ac3f79955f0a06407ebbd2438bf7176b944969c9fc5499d75
SHA512338368ee82c34440fb9425fa80b5c36d4a144191536a58aa1f65560b608dee2c49dbe5cbb919ff6b29e176f38dbe5ec9f46e315928c7c664cc4c3aaae98624ad
-
Filesize
153B
MD5b1a295e73a5b5f6a55a54e0f790e63ea
SHA1cd29e9e01272f86beb2a1f138a1d195493b04460
SHA256f606f6edb2f72fa25c3c7ddf3ed0ce203c65af45c8e98c0eb8d9beff8ed4725f
SHA512f7ab05ab1c74f5eaa13c588d7ef8eb2f822beb7a80ea2b1d76aa2fdc862627948be76261f772a754094f1f1941bf6d5aec2150018488beb30fefa1784d43bca2
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD58a596152ad321704d33b67ac1be4ce3c
SHA10ecf107ff9973390aca720c0d238b7a341f14f74
SHA256c574d238b46c3234e5f332afdbb0b52fbb67b76449e30a05a1898ae9639501cc
SHA5127b8e95d9c68c60831c5a7cedec4104632dd32e1a5174ec01951e6234b8788cd9554043fac8a18c8957386bad23783dbd4d6a5a521119cf54778772cf53cbb50c
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD580c9ebb0058ac6a2d44543f856ca41fe
SHA1f550874460718b9956c541a6e987681dab28e198
SHA2568abd0bdac0609fc23de515d9c7220244fe60ff872e081caa339b628af2d62cb8
SHA51207b17d261802371cc807252970c40f23489e7c406a5478e4dd84457d31da452e3b5906f8bd1b05f9d370b3505b14b4d6ea2e6d085ea7de19d5693a23049c9d8e
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD5129bba7bd5c8c954b46c6794c60ff0a3
SHA105584377c69245b8eefd81fd34f98bf3e4290ae9
SHA256df615449e75d439ad89fb8b16f010c0bce599353172ca3888f56f0781b69afa2
SHA5122b0e2db0259f2aad71f319cc1c5487a00558edc919138c26e94003be70d9e4b947c9120be56734e3de38029c9d6df1c4c3478b3bbb0164c20bdf89d5d7a04f0d
-
Filesize
109KB
MD5bf0a19546a62058bd9189f6a8a3a08c7
SHA1c397851d71efe82cc31ec1d7d175c29b84c3ab62
SHA256f6029c3eaaaf5cf4758a42290bd4d60ced866c3bd90640571fa1406ed50f289a
SHA512a1f3f3a70f8eeea2536bf4e2ba112235845766a41db54035f74f84ef97c841667d9f16159983289b42ed8aeb788e6d54e58191d8c10f49a28ce2712c7d32f577
-
Filesize
172KB
MD5d13e288c0c71d13ddcef4e8e08027f06
SHA16f592e11d92eb3110f237434dde5b7c4dff1872f
SHA256a3cc6e54b562ccc1a0c3f1a5160bdc93d875a4760a35c05bd1a0dc04551baba1
SHA51286e5a3c9cd5dc54d3dd7fd8f1ef6277ef0c347920ee50d88bc4a1f5cf6af1485d4de0e6d4d0a814b606936d07bd2d31e0e2a355125f6b88b290e964d3ab63573
-
Filesize
10KB
MD50cab262f83e913bdebafe73ce56fdfe2
SHA1e4791c49ea69cfd7d80b3562b610e711f4b0ef61
SHA2566a36711327e1017df9becc68e382b60120e6f93c4eea3bdf71f2869d88ee7c9b
SHA51297318d7cc3effd7e88e289e90decd41f73790d8027e8c23c74d0698dc5c1d7bb836a69d52f77d346601bc3fc32e3178d1fd64c71033d795ed64025293c968918
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD513545d2ec68f771d2d83488d443e24bd
SHA1394531448eb4aa69e54ad5a7113b564ce4c8e246
SHA2560491749f804f30374c38386505aadc9ca3aabf954308d4e24fb4f507ee4a1ecc
SHA5126df3140802b5e43c55cbf6a450e39e596d3d5e1c024f47d3ae45ccd1ffa0fb2c40085e5f18f3b3d64ead0b528786779d24cb104fd89a889e0d5041165a7363ce
-
Filesize
21KB
MD51910bdc61a47f40764e99418e59220c0
SHA1265664e44ecf386e245e44d451c0a52f4d955f00
SHA25685c4332279b7982dff2a5705a79869bf7b7c5e1bf25c12c7971268fa4a366de2
SHA5128a8be835becf464508369e82748f04a438157d31c072f1c4adc0fe4c069b20c32b223919bdaf0540737f30aff0e9220f37a50f067ac356cfef01cdcc014d041c
-
Filesize
1KB
MD589dc14dbb6a9287df627c48d919eca8a
SHA16119b72375f12e876d0aecb1ff63e6f07edbf856
SHA2560faf0c4334ec81b70f2a9090d0323009fd639ff8e7f22f41fefd5c0e49c4a4e5
SHA512a0a0c50037595af7b76eddb5556aa85868b69e6f91d3367c31c5fd3ae5db545114e1813315547b42e99b1cd986fabfa43662335add267fc4cd8ffee2e5ae2e56
-
Filesize
952B
MD51326c90971be76954d79ea26c6e592bf
SHA13c60e3499be27e2936f6ec9ebe1cf361af9ab810
SHA256c4933a2268f2867545cdb373123a307c2073be639bc5a168b84f7f35903f1ccb
SHA512b645cc7de744b3d64aa749fe6e254f2de40ec26e19f1f1f5ecd24ec32d4acd58ff51fcd5a03dce2139d7b2339944b595574b9973736cfbefecd74e7d9ccacbc4
-
Filesize
121B
MD5bc60d114ab69b8788b87dbbafc5f6ebf
SHA14b567a2ea842cc00af56e4b1f429b0fff35d2c07
SHA2567bd64e2c1dff6019282bca56a03456ac11d508fe2d32b7fd8d624d40a90ee738
SHA5122fd55da2a543702cdd05375b78f6585610bfa15af00e87a69348cd602128f8a095184d5224fdc64452348bc4ac03b483c69457176e0a1f6710496d46ae9e7fcc
-
Filesize
1KB
MD5f6e46cfef5980196bb303e3de02cb3f8
SHA181938732d74621ebb38d8d60cca28101013b29e7
SHA256b8494415fab4e1fc5fe11fbf50f2a1f466d2e6831916fd2d727500b309bf53fd
SHA512918a3e738616ef6e7e3b3aa17228acd9e1630cf617525158a910fc8f628cac55f0faab8ebdd33b52e4e6abc157c9d37fc2c78e7e021238f8fe5d3be4e08b633c
-
Filesize
8KB
MD5ebe92eed5ebd6b4cd612bb5641683edb
SHA1a99ab66f8348ae052398fd1edbf86eb40ea09fc8
SHA2561e1e240b3b89c9696a70a9bd4658f87f5e505e4db4109b8110963b25bae88279
SHA512287a3ec5152e7fdf0e85cb4512a33014a23dc128face82bde27b43ad312e8ec2dc562fd67acdfaa13ad9615dbaf73f948a99e46f278745a2bdf31bdfc61e221a
-
Filesize
914B
MD599a1e04abae5bbb595db007a97450536
SHA19d527114e87fccc7bee21db5dc2691a8fac2b8d8
SHA25648c7f9786c7678ea05222e394e5096403e923ad174900ae8eac6c97faf3bc869
SHA5127549183b57cc8247edb0245da203f96e19769cedd8f2ddff5b7914162a3f000481fd722067c89223bc2465603da581c6b379227f4f704fb0d06014cc73c337f9
-
Filesize
328B
MD5d2f98c1efa381c6b49c7db5cec795d37
SHA1bf1c8a1b1d690933915072b9c91ce9717e350488
SHA256ca3b7f41993607d4512d9ecb35a6779418cddff033b9c461c2db64eaa5be768e
SHA5121172fce7feef0224991fff92a593268bb6929c4d391afb6c10837f188c6dff7e3009f124d878aab43094bdf5ad799fc39011eafcc03046ff0f526235ffc0d132
-
Filesize
1KB
MD59662d71ebd4d6ed1f57be964cbe6c6e3
SHA1d34d452bb946f6ce7d7a740b18e8251443a9edde
SHA256de48fdedcb5c8f3f8941f67903d8c68414fc490ff97aa00a05f2263f90baee0e
SHA51272cf211b5ccddedd84480bd08bc1ece348d3fbbf0be11a60a8dff67375f24668b65f44b3c1dd43ef75ecbbccc98af5e3162e8e28e1c1ecfef37133ccfa876ba7
-
Filesize
162B
MD5634dcee58db44b833b6add584d3bd9dc
SHA1a86c804c8d9dc88c722552470b4aac0c93ffa3da
SHA256b20838becec7af28fe21360e14c31788d24f3f9aaa480a35cec0f716c0b85f2e
SHA512388334d89130c1b2a05736e1404998f2e1108d887444d46886798ba61b69a911ef4390c18773c426acc26e95ee9a1adafe99108e1e99fee0df0bb1776fc2b420
-
Filesize
586B
MD5ac8eb69abee19dad425d4ba4fa4169c0
SHA11e5a98d1929fc03de7b3c47c4c83ceeb343577de
SHA256396e2d15aef3664b6aa3d0410bc0d4a06ca7e6879a6f1115e457a3b58d9ecf58
SHA512fb045107e5e9ed3313dcda1d842bd31a99ae38d5d0fd3037819392fdc5a90a5dfd8e01e2ee639e0ba476d0e7f368b2c0ded19f684d5202e384bac393db1ea66e
-
Filesize
124B
MD549577f4d8d16855479f77590f97320a3
SHA1895d65242e88365016d606778c1c5e1cf21906a8
SHA25695575a7fd8da61f586a42db01abda8ba56a3d56e46c8e15a5ea0e9aedae9eb8c
SHA512ab02f2513f2e7e6824beb5fd308c9d560d5ba15639e79a0ca5cd9c95394b4e1011fa493fe2a78a4170db72b1bbfb87942ec32f8743f72b9984604c9c2d9aec53
-
Filesize
8KB
MD5cf6084e848372a8afcd85955f12a735e
SHA1a59c2b06c486707b4932b661ee4e9b890040c480
SHA256037f870304e74619250ce314d7590cf332663bc474009f746e02458ba9544fab
SHA512db6c508a432f6919caa63e316e24dd533e7b6e33744e0603e3f9371452214235a04e107ea0393534c3f8e99f0f0815d7d588fff611e45eff7c4c34d7ba000fc4
-
Filesize
880B
MD5b5c4a6bf1a83f70d0150b927deae3793
SHA1b415339ad985644f52aaa115f206e46f400aed25
SHA256a99d8904326ac6441a1bb3cc37ea5a6e2ee1265458505bce212397271fba0e3e
SHA512f1e1a8d5b946b8d9e984734c902c98e62af8ee9733ee82c71174b137ecdfad4b59d726cffb57de77e341e77331e45eacebc407503a5fdeda6d6a86e9685215b6
-
Filesize
82KB
MD5b566b9f39fcb70260141a990709feee1
SHA164607274c2dcbcb146972558413a0e07a9b7e541
SHA256b29aabc587de449421859577bc14214da7b2c81f2c9bf71e239afb851aedc639
SHA512086f4839cab6c6ee265f141fcc06e762e1e57836939c2db871e4c24e276a79a32dcb0bb07268df9e5200e53e81b86c36e6b284b71f27c52dd04918e98ef221d0