Analysis
-
max time kernel
117s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
21-10-2024 12:30
Behavioral task
behavioral1
Sample
66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe
-
Size
12KB
-
MD5
66b7a800f6a7f327de0eed42407074ce
-
SHA1
90f85519957a2db82d86db84331d1479f2b839dd
-
SHA256
1a7c95f8c16c474b664589b60104a9d5d97330ac0155c199b3913b9854d3c2c0
-
SHA512
c795dbbd461077d047cec0c93b018175e1a844b22c94133eaf244a0ac843012c80ae7b35591eb5bec00c2ae38f38b62bacd3b0e73ec5e2e5e7d01b3eae791f0e
-
SSDEEP
192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMTRVB4:eebFNw4Pk1itKkpAjjI2YpdmTDB
Malware Config
Signatures
-
Renames multiple (2203) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\F1LgVty9W3N01xA.exe" 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\Dism\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_aliases.help.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_neutral_b9280780a8000d4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\sbp2.inf_amd64_neutral_332943647e950ada\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\umpass.inf_amd64_neutral_e3be362bfab667d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0404\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdm3com.inf_amd64_neutral_11abcf129a29fb9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmboca.inf_amd64_neutral_cc532ed7b3b5b5a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wiabr002.inf_amd64_neutral_b4ea26a49ad66560\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\SpeechUX\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_aliases.help.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00b.inf_amd64_neutral_4412894f52d39895\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_format.ps1xml.help.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\atiilhag.inf_amd64_neutral_0a660e899f5038a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Session_Configurations.help.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Signing.help.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Comment_Based_Help.help.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_profiles.help.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_transactions.help.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\amdsbs.inf_amd64_neutral_5cae6933bef20aa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmc26a.inf_amd64_neutral_547edd894d7c19d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnnr003.inf_amd64_neutral_c07c33bfb5764bdb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_script_blocks.help.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\it-IT\about_BITS_Cmdlets.help.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmrock5.inf_amd64_neutral_cadd97421d121ebb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmsier.inf_amd64_neutral_622ad8125bbeeda8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Session_Configurations.help.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Windows_PowerShell_2.0.help.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_try_catch_finally.help.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\avmx64c.inf_amd64_neutral_8ebb15bf548db022\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmeric2.inf_amd64_neutral_a0575ec9ce5c7de9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_neutral_4ca64d28e1be8fa9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\xcbdav.inf_amd64_neutral_cf80e4da1c95e6e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\eval\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmatm2k.inf_amd64_neutral_64a8fb018ead55a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\SpeechUX\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_eventlogs.help.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnrc002.inf_amd64_neutral_fdb6f2e252435905\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_command_precedence.help.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_jobs.help.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Command_Syntax.help.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmoptn.inf_amd64_neutral_be2f30f68f2a5567\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\MUI\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IIS-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\msdv.inf_amd64_neutral_571f87a277565224\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnrc003.inf_amd64_neutral_47e09b7cc0d9e993\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_While.help.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile16.png 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\settings.html 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0384895.JPG 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR46F.GIF 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02214_.GIF 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsImageTemplate.html 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\SAVE.GIF 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Program Files\Windows Photo Viewer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_disabled.png 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_thunderstorm.png 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_h.png 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382950.JPG 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\month.png 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\clock.html 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\settings.html 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\logo.png 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter_partly-cloudy.png 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\VGX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\CalendarToolIconImages.jpg 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\30.png 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01268_.GIF 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\ManagedObjects\SignedManagedObjects.cer 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1px.gif 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\DataViewIconImages.jpg 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_drop_shadow.png 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_email.gif 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\TAB_OFF.GIF 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Chess\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Hearts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosecolor.gif 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR19F.GIF 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR26F.GIF 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145272.JPG 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DissolveNoise.png 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Program Files\Java\jre7\lib\zi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewFrame.html 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter_partly-cloudy.png 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\SYMBOL.TXT 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\1036\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SUMIPNTG\THMBNAIL.PNG 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\msil_system.identitymodel.resources_b77a5c561934e089_6.1.7600.16385_fr-fr_05d82a880676d038\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-c..er-office.resources_31bf3856ad364e35_7.0.7600.16385_de-de_ff3bcf7886e3cae6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_el-gr_12c9f045ef7b5d20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.8dc504e4#\4a5f2a8626e8af6b6f54e42a0f59f2b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-security-spp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f8bce8b9508ba1f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-l..epremiume.resources_31bf3856ad364e35_6.1.7601.17514_it-it_9ba9f45460921012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-stobject.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_c6244ba76622b424\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.GroupPolicy.Reporting.Resources\2.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-usermodensi.resources_31bf3856ad364e35_6.1.7600.16385_es-es_981164b3f9ab2ac9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\msil_caspol.resources_b03f5f7f11d50a3a_6.1.7600.16385_fr-fr_afbe0f06c0a2ecb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\msil_microsoft.transactions.bridge.resources_b03f5f7f11d50a3a_6.1.7600.16385_es-es_374ba9901fa4a0d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wmpdmc-ux.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_70ffd226f88266b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\15.png 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..statement.resources_31bf3856ad364e35_6.1.7601.17514_en-us_8e57778214225c92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..l-starter.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_22aa7c45cb978881\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..-comm-dll.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_48752444f902359f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-msports.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d97aa19cecb4f211\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_hu-hu_faf66397e6b5f43f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ie-infocard.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_21263990f3166138\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4d35ffe408da7eb5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-msinfo32-exe.resources_31bf3856ad364e35_6.1.7600.16385_es-es_565c6ee082f6eb4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-r..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9cf634ee5b0b95c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.1.7600.16385_none_729fe3c3da2c920c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-a..ce-router.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7b478cfdf5bb71e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.1.7601.17514_none_c239909bda09b2ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-sens-service.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a0071dddf8fc3cd7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.1.7601.17514_none_f20ae427dbae4faf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-u..re-atmini.resources_31bf3856ad364e35_6.1.7600.16385_de-de_48aec97982891c86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..nt-winproviders-msi_31bf3856ad364e35_6.1.7600.16385_none_3d973b8b74e755c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_a6e42c01e213f0dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_it-it_da156c29d2de7a95\cpu.html 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_11.2.9600.16428_none_3b1b8f66337aabc3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-i..ptdebugui.resources_31bf3856ad364e35_8.0.7600.16385_en-us_0c7a569d729ac0f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..on0viewer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_56684bf988e9ed3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-v..r-windows.resources_31bf3856ad364e35_6.1.7600.16385_it-it_01ffaa6ed89d4298\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_windowssearchengine.resources_31bf3856ad364e35_7.0.7600.16385_en-us_145b9a152dcf317c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-00020427_31bf3856ad364e35_6.1.7600.16385_none_967145da95b60b0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-photo-image-codec_31bf3856ad364e35_6.1.7601.17514_none_a1411820a400ef84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_box_bottom.png 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce\Windows Shutdown.wav 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-shell32.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_e6a0143facc12d95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_system.data_b77a5c561934e089_6.1.7601.17514_none_214585855c578a48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-fdeploy.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0d3c1b799da79df8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..-blutooth.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1c5b4d92dd8b9c23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_server-help-chm.saf..oncepts_v.resources_31bf3856ad364e35_6.1.7600.16385_en-us_820aa5e4ee8b4ffc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..gbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_99d78f6b8e497537\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..d-line-utility-base_31bf3856ad364e35_6.1.7600.16385_none_69c0c0c8dd122d42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-d..re-client.resources_31bf3856ad364e35_6.1.7600.16385_es-es_af4a5f336cd09c2f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_pssession_details.help.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..es-spades.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0ac7bb58de12e1e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wmpnss-ux.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1c6d88b93efd739f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_server-help-chm.iismmc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f4315cd189978f10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-p..ll-events.resources_31bf3856ad364e35_6.1.7600.16385_es-es_48fdf3dda88a41a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\Media\Sonata\Windows Notify.wav 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..opeerpnrp.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_99730ca6ace7a76e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_efed75e2fbac9517\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..component.resources_31bf3856ad364e35_6.1.7600.16385_de-de_35df405c35385161\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-mobsyncexe_31bf3856ad364e35_6.1.7601.17514_none_f1584379b2973708\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-rpc-locator.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d1ad99023dc6537b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_execution_policies.help.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\inf\UGatherer\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_6.1.7600.16385_none_696bcc240bce3ca9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\RQTLJTILBAITMBS 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\RQTLJTILBAITMBS\ = "CRYPTED!" 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\RQTLJTILBAITMBS\shell\open\command 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\RQTLJTILBAITMBS\shell\open 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "RQTLJTILBAITMBS" 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\RQTLJTILBAITMBS\DefaultIcon 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\RQTLJTILBAITMBS\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\F1LgVty9W3N01xA.exe,0" 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\RQTLJTILBAITMBS\shell 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\RQTLJTILBAITMBS\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\F1LgVty9W3N01xA.exe" 66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\66b7a800f6a7f327de0eed42407074ce_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2284
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
285B
MD5a7a0e123294b9ac4a46d54bc73505430
SHA118ad826c381ed09c78662a651be6f5152c7951d9
SHA256e950e0befb030c6adf6964abf1f3eb60ca7f133292392cb1f4b1de8eebb44786
SHA512d4959701c26086cbd32b1a3f1d38622325dee4b9393d0ddeb2fb77eae402ce0f965a73c24ae344cd3b37a720dabc066e23fdb8ff5368cab59265bc6363cadea8
-
Filesize
341B
MD58002019ba99034416ac6858066a10a22
SHA172d2af15eab405afd51a9d4558896f230e7768e2
SHA2568ac99815dd68e65c984d73b4eb633b65177edfa183caf75a96248e1e5f5b3159
SHA512e5708936b0db8db913dbcc5b371343f0ad2cfaa036c5cd375b47fa404bd4e361183650278bfb1781953200388eb17b46a01537c41313c1916b03b3ec9701402d
-
Filesize
222B
MD5fb06d66ab6e940d48d27b83232a3eca3
SHA10ffd0a7f13466cad66b9cf187a64c227f838086f
SHA2562f23d3298fc63159a5fe55f1b3aef5a03249db9003ae8af3a3a7b23765a0d21e
SHA5129295b739ce1a65f9cf6b5638aeab79e3750459749ab867cd53c1e21abacf1dcc9a9db08116ce14381cb4795b60235905ac5a2516c2faeb18fd61cfbd587e5ee3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD562ba755a2b693925001bc930b2c2cf3c
SHA1d6e4a0f267dd9ae166962321e86f586377ed6951
SHA25688e4624a7154319edd48cc8caecd3d9c5a2c574b08c01dd7bbdbac41625ce8e7
SHA512ce022a9f94f0c237881a40cfe0f9d7fbd934901425b267ec1f456d03ff413e5e055f5e0e7dcad251435306708f5843d7a46d6538ed3dd49190adbcb8349f97f1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD50de24d3124e7d39794756e6b26ba3e1e
SHA1956107d332849ebb62c0b7aaaa549ea025722cc2
SHA256068fe9bb56d26028f7786a96b2a30018557da6dc086189ce8dd7d2f62a1ea1bc
SHA512299f5796b48a802b812848e924139a5d0d6160d7577fb0b2f87b24eee6d0785b894318b32c42f86c78196500c107381c1c515bd8f403f28519f1dd6efedf30d2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD50d5b4db8e520ef7bc6d04ca5ffca6520
SHA1e5141600b00260ac5ac96907b58e8b88e39475f3
SHA2564efa4a8c39f2921f2e71e1df04a2709d104e41bf83a9c70ea610d3b0a198fb70
SHA512d8f2ca6c4c30a687cba0af1c2ac95c16c06b24ed3ca5f7f3bda09389a7a9e6e3d03466c07679ebbc9315fd65725fda392ae0ba135e52b1597c641918800e2193
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD563a377fab2e8d801b824a9ce6452c3d0
SHA10a9cf00287cd137be452c9353888ecb716589cbc
SHA256b76347e30e50159c9a72bcd4e153d4dea97a83188bef3b965399eef7ec9901a4
SHA5123e54e63d4e1ac2f5a096e38f4c8443932d100f88d82dd19a7bc309a615f91e59eb0a090a972dfe7f204e4321b160dfe07c6a1893c9ac2d10cfa2c5f409dbcccb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD50ef316c30d04fdde29d5a73934915f01
SHA1b468ecf4603fc8f51340e692880668ab2a9bfce9
SHA25637a28e78752b212d3db0ffc1d7c186132b68b23fb5267234901c88e03316c8ac
SHA51277c45c71a870010f6312228ee7a2a48261dab62f8ab939b5c23dde83aed13dc94fdb1ea726aed13d1b7f2de5092147389765b990f5dfc4bc616dff0485570b5a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD5d363fdede73e48bffd58d10da52146bd
SHA12a6106440ea07a54603af7ad0637765f16687ab1
SHA2563d12872d3d17190b23f0b754ec77588790d4d47ca19130245f432bace3a2966d
SHA51262c0d19eaf9dc641236f36e1191c3199f8826171faa91024141e0863403625bcb12337cedd4c53d0f4944065ab74ce2351a1848c279ed60428774dd0c074c70e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD59191f620f7e164e89fef28e30445abd5
SHA1515dd878374360638e40704a52179a4f14ea5681
SHA2569f681fe58a8fe6d2fa07d6e41505ac3ef9af4125f97bcd03fc084fc2360d8094
SHA512b7b3b73fe1e48f974c452279fe8fcfef045c2c6b0fa53024b8815afb95e44a33c164e93ab392ea62deddde0855ba60a0e5e1af7dbdda0e70c201d1726e00acc0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD57b1467591313d893c0ec0cada481f451
SHA1eb864a3e2488f0f96b8013b29e2f5cac06ec55e4
SHA2566780a62bfc4c83a6710d040cf267e6a095942634e962346805fdb5173013d78a
SHA5120c213b32ed20753339db04542a8d882ea99fa79448b9a10e0a5b78bc6ab43eaf54067da0e99dfa44584b59780120a9cb30e09232ab07f000d9ff1de4fc9b9260
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD58f320fb410dc00881701b3ad96de5a7e
SHA1aa70dfe7235194f98829a686ddcfae32a2fbaecf
SHA25695cae6dec28b0452ad2259b0536ca5ce25cbd19c165dbb2c82c66ab2c50f1a6f
SHA51214772dd32494e6333cd28ae2cbfb648e8f4454e8c151b623fab861e155050c851e64ef183320264aeb3469c333d178ab1c7c6149abb1dd8f87ff0fdf552581d4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD562e37593c974d3b0cede25eafe757397
SHA1222bd2c5741b2351790a6b311f8edd7d0d756aa2
SHA2565ab1ba5108ce7e6b5cc655efde46b3708804e1631910c31c938ab0a882e7b63f
SHA512400e70521df3525a247ef95a67d93cfef70e57b2f6f5a701beda99e1756d3542743cea25908f1c690b82f2efbbfd53efb7fa2572968e054c1cb0fe05a28cfb4b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD5c4f12374d3464cc8444ede2a10217dcc
SHA123d1bc0e91f96bd2abf3c9eed5f96f93ce19712b
SHA256eb9611a3d9ce9993feb4be8050de9e8e5c6e26065ca9bfe31b1cbf2ceb5732fb
SHA512e9dae8e4cd3be96a666f342b8d012b51a3a51bf300b2da18c8549fcdccb53528940d75d3c4fb659f86616f3978aadc88659e5ea4b76aa42fa384d1fedc2fda03
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD5e0e8e050d212cc80095ce89c88077b7c
SHA1da7249ae6bddb7ca8772b26f80cd6082b686d31d
SHA25654dc46ce1aa3cb9d83246c5532ea99d9c98c37fa1127824b5f503510d58976df
SHA5124ef1746018e7f8b10e33d374ee0862d2667b8e4b4843b9e2629d2c69273ae6ac9b888b3616231e1f69711fdfb8a3b87231d19fe8db8ce6052442ea004c83eadd
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD5a6b445b37ad022eb628fddb15b189b5e
SHA14b5aa56379626f8d4a818d8f3fcce91d039db6f9
SHA2569c2bcba948980a176076e058cecf1a84e38cb255052b35b6e620fdcf9a045a85
SHA512aabf4ca108b288735b0c1f5ce37f9c5115d7898c041f762d5bdb02cea84f070663065f4ed9605eb36fa8ef57bc94401305828803522a0227fcabbaa1d252a7e9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD58d48ef16fea71843462848397560f64d
SHA1b06e0ab267ea459080e8380eaff5b23c525150e8
SHA2560dcc445b9db6679b82af7cec0ecf76bea0cb92dcd82a6308127729e0c5934a46
SHA512ebea887ba64ef5abd49a98e73a2d7c120bc6285e27a022dad093fa0022f7e882f5645c58ff2762e71fffdc434f6a578b05622245b5daa38613c2977652637951
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD5eafda1d8ca09ce4d476a42ebdc0eaa7a
SHA1fced63f0c1c620768841edb596dea4d8fe6dfea1
SHA256d4cfa871cb95de271befc926f40f31a20f6935cff231e1d5e604cbe5e38a94a8
SHA512254349c8cec57d93e3e171597aaecce326c84ad4f76f7ba5a099f210cdb5dfb324eb2711b77a99f44c83dfecd575c32ce68ecc8547f0d8bc376b215f6af3f4b8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD58e4889b07cc125ce51c3dd9f076c5402
SHA1fc490ba43ebb9b4f99dd6eea25cd4ebe77b504f4
SHA256dd455c10ad8fac04e74673cf6f943e74ba8d41164a4b7948bed8558f40166393
SHA5128a8be6a0c982d152513f0782a4619c19611b15f688c175bb2147674ed8cdfdadc61fd1c213d7b6a842af82ce004d51393897a9f48421641bedb03bc3349a380e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD5ef0ffecd748173f9fce9f6564a1fa6e4
SHA1f469281f86a821f99adc02c4399939b369842182
SHA256abfbe5e6a1ac603a0910f91450efa8e9c20a7791274476ee87a30f511d583eb9
SHA512f989c346a36b02ec300209184e5aadb6b4d37fc7df7790114eef53bc387073337712a34f5d0fa0a83a45e4570d3d3f512615b0506a93aa9b40eabfb9a7f19163
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD50ce22b9e860722b7cff7c6dcf9953101
SHA169ca9f19dd7a4191da614bd8cca5626b1553e801
SHA2566bc19dd856fc8b43092d4ac104d666dd944310568c426e2c2f19ecc42c02532a
SHA51286d78d5daea2dba81b1c5265daee63cb2f592bd46bc6ae8c1a89840336d3c9084ef850a091113c2c06ae2294c8dde4736ba9988efabc6da054605460f341681e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD59b1ce043621ba6cfa5bb69c86f77f865
SHA1b95b10f5f9cd46e3b09b7a21626b00ed4d498431
SHA256ae589936fd5ed37db522bb72be1cf7a4478fd6c6a89367de23993d5d521298fe
SHA512653e1218e64bb2fc1eb9d90bd26cba764e48a2c37b0c64ed62f0ae599497caa0045b18cd328329ebe1e998c3ed83bb2e47f69acfaffa2bec643027c09f375122
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD56a9a48ed80b9469fc817f159a66d7bed
SHA11cf778c4d383ae17da31907449dd424b7f4dd3df
SHA256a19021fe74151070263bee902c06bd48a97003a00de6c3bfa681f6d24fa682af
SHA512ba2e7793a54c3dec729553af0a5faf3848b9e5af653c8971ac3f92f38a364714efed18a62b003fce52f9810f6a7dc5087e8a24551f4fe175ed7142598cda6ea6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD53d91bb18c1647ab79cfa670faa53f9f1
SHA12392a8f43f5e308bd14d7db7d3707cb00c957478
SHA256b17cae78292e583c1c83a8c8f6cda2ffbc9ba6d452286061044a8f0f19e8273e
SHA512b71526e34f480bcd855ed8b2e34d2b77e7837642e64f4ccb5b795e7fcec7474b927e0231088168035a7eb7ceebba237f33a6a1f8e75fb08247abc748c2f4e6b7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD5fd20dfaf3d87383927a3107097c6155e
SHA191ca3651d8f228718ab6d0e8e3ea65c338c31a86
SHA25622fd9b35033127009efea791b02933f0e72b66b8ae54a6a5b95f779e8a38e80e
SHA512d97714857011c4843a143ef46e7a51f64c6a267f0b586ff29b4b2ae41daf1b7128253c6747029bb9a987ee944c7345bb3c7777cd207eab8da8a2943150d68a27
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD5cfb9c1757141caa1cbbe6e9dc53eba34
SHA104b96f7b6eedc24333b3e9476be0c13ff6c76291
SHA256dba9c5822e683c7d55fe63e6812a86d60bd4bd835c4ed7452822ef6b08315363
SHA51280a4616e3d2f57540e97b318ac5ab45aebe073dea8fbf4bf9b1d1d3882ac84c68212b695532fceaf3a895392fb5a97b0d60819e7c27fa751bea8c201da6951b7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD58ad46d42fd8e1f667f5ae07e4be0eb3d
SHA15792f89a774092a2bfa0cf934214098a61b8d944
SHA256c71f580fc2f6a5526834d1c3d193e2a43bc26a743e73bfabfe1d5a1dede72c19
SHA512e9216451a6e6b7f0aeff297bc2e4418813eb8cb9d4c2ec0b02b7b4c369b9bdcb4fc4cb0739dc12701447d4689399f6c9d7aa43edd77a175d3a6ef0291af92510
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD5cdf488170b2fa7e5eebc26cad8c6e8d7
SHA1fc41919b39c8701a4eb40733c64e78e562612dbd
SHA2565b539cc186a09ed3fe5521a8779b74a12764f9914c57bc569e13229b9494eb50
SHA512896315601c80ad79dcf1b843bf60a054c30d1c211797213685fe6e50f5b32d67fb183ee9d10a3fe34e1b65c934b5cbfa2beb57f0054fc08cd2c2e148acb889d8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD58e6aa6b3b8ff48ead7396e4c8aa01241
SHA102006a8122abcf44f1af59aa7a93f5fabc8ed2d6
SHA2566e480ae8972a940914bf601ca8ab2629631ae544ab07a1aa8ae8112ffcada1c4
SHA51281a175b02cc0a9adf3a004b6da570b139c04d3bb5ee66a618ceece223463ed2ad100cd3446410e0bd7c14d2e67023a8c48d5d265ed8171ed5f840bccd000356b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD5c3c67ec45d48756c5ee3e5257992c6ad
SHA1b2cb41c6459bcd656d653a6be3fff665e650095d
SHA2560735683456c10aa40677a314bc9c1defe18f595bcb874881cd597071557dacf6
SHA51241fbb9f814fb25ea53b8896e9576615a198465c77841d92f552f805dcd325407462f2a055506aab281c4a8bb09e818b022f2e28bc972ce9c58ca5c9b27bdd787
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD58d8fdad3bd0d17229f3d4a4b04cd3207
SHA13c4c4869b53ad33629dc14df80877d57bff267e4
SHA256da20743421584052649070db3d1686fcbf5a8a205c2b072195b137895b7288ba
SHA512e231b5c96de890f423a79e32a345d93443830edc58dfa95cacf3674fde58a0d180eb6cfd52ace9dbbbed775e0bb2a7d571fa0769d83c0e71aa63a55bdee1593a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD50a1bd8c4583f8b3335e7e0dac4aca7cc
SHA1d5312f455f580cbb73708522726468b1e7607012
SHA25622746f769cf6dcc662570d42812bf327d13e99f8493c6a789918ff4e3bb7ad54
SHA5128e8908085d26951f2ae04210ab528254bc1febd184da8e9db3e8e1fc5186a7fcaac0eb9466bca825f51987c7c33c4237c5f3461138c62bfc00a910f59fd692c7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD5973d4e68df03bfc6094a799faed5ec5b
SHA19bb6f370ed5685ee80e2e59e8df700cb1701069b
SHA2569227f340a1f91688edc795d27a624df2abb0093c0c5f8380779899c3af526843
SHA5121421d8b6ef2437984b1729153c699a9a0cf11404bac69b14c4ef1848b4ade8c1ea4d5cb7ab7af812201d2b59d16f8938193b2bebc1d616e81699b0d19afc6c99
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD53f225a7b17117db0390c638fb5168769
SHA1ef415e46065a219c9ddd78e4418defa242d3ed2d
SHA2565f01bd931c73240fb2dc8735df575ec523d3ecfc0fb84369b282fb8c25e1d0be
SHA5122e5ef82a2590caafe79790741f050ec4ca05763cc7db0ede51cc36fa26725212028fa97e5b80bed7fb5c7487b5cb2aeed408d7e13ca80106a567986abadb3199
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif.EnCiPhErEd
Filesize6KB
MD5cd5d3d0afa03ca10d6290843296e9433
SHA17a64ab7753ace281381a425e831f782f301f57e5
SHA256983c6af0e3dcf3eb6e769c4d5c992734333bb689f3c71372eaf13fc993bdbfdf
SHA51219cdd31fddd46ea206a34bdfa666b38d12e29f7bf184322046df37c75c5d0603efb40eb9004a768425ce991bd8ae7413cca664970a5d4a0698fd3ab2339743ce
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD59bab5fd178afc99abe5ff80903756fcd
SHA1e574b4094906cdfb196cea2dfd12600ec6cd3e10
SHA25696a579496eab813fc7381bfb6093a4dcc17e7407a4e46a40619be081e017a1a2
SHA512725218bbf07b8b82fe82fe48e32250b3037642921519556502c505e4b4fde50b181a90ead28fdd1e4d6918adf68d1d55db4384afbb8b8f5917df74bcd1f5032e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif.EnCiPhErEd
Filesize815B
MD5a8eb8ec8e0f708093b40bdc9d81ecf5f
SHA19d8faa2dac0d3c479464670780a17efa487ce20b
SHA2568e037fa9b7b34065fa91cf393d40bd8f2928b1d018160275db1d05246c2342cf
SHA512d046bde968334e43b38cffd633bc255194ffd267132428bf5dc34722f84ef550e5541da267525a7c5b7907dd1d48feca13201c9fb946d91b2f95b1611109e528
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD5af295efee68cddf787cbae60ca76c8af
SHA1888222f7cda88ba8ebd2ce54f1e7fad9be945ff7
SHA256f6b8dcfc8c101dec6b9b6c98737b6c999e9174c61844d966383d44bd1d60f510
SHA512ff139c2385448083503e4aa241b753e58353ac25032216d8950f5a438419b97027776cac28bcab5d878de4508aa2c27bc6a54f26a2c308ffb2ce47ce782b4d5f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD508eea701f65829452bcfe066b2094468
SHA1e2e152cf7369b5b2d9c6dd0cabab10e80f850a54
SHA25667f98fbaaabcc65a6585a29bf6321f4bd67507cc94b6ddf2c267940cef0b8bb4
SHA512ebb54748602bd6ab6785607375f942ad0d6d467cc8dea27a6b94524b0e81f18929ac1c2c63b62a6b4dc62c79814faada48c52af11c1060133324a7194f61c21a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD5a6e446760b4d5f34f302111ef29b7b55
SHA146beefd604f481dd6a24b7082797dff933737bac
SHA256249cbc8d49cd3062610c01ae8f3f23e670ab352daa26b9bacead696991e8fbcd
SHA5124dac3b7309515d3c05e1dc46abc07b93e2f894ff47cc000068179f1fbf2f5a9b1f26443fb5c42652642a32947ffa1ddc207fdcd580854cfcd99d7c6371507fb9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD5d4301c1480a2cc06fc98fa3f3f9b6bb9
SHA147f3a9c8b054a366c2f6c1e57e1362893744b6b0
SHA256d3c9cb129e89f66e8ca342f9ec2dcede1a3b940b6f48deb07b64aba229fb7be8
SHA512ee885a890b515b15cfd42783ee3a6b8fdb6365e9a4b16419eab1b315e81e9a52a5ec344173b006376120788fd93a2d2c7aff0fa0beeb3e615fba9fbf15fea88a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD5a14dc21ae04c8b6e76d0a86a228f48df
SHA1e130006b0d1508be623f156de6b78f5e8580b799
SHA256650d382170c5d85215efa000b216192a1bd8366deeb95a1100bc9c134f27ef3f
SHA512c65d8d477715d16542a5bb195e086a66de9ed3d267718a81cb8bf19c95db52034ce09d2323ae9f91116407e394572bcb6e54b50188e810026a65a24260e16caf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD5829d1879f9ec19f958287698d8e9e305
SHA19c790edf02beff5f422dfda4184acd8b1c7b8ef4
SHA256e29cb02b1c101a7c8bbe57ac5ef72571bd9ddd1cd5edd508dba7802686c8d653
SHA512fe2a29d9d68f3a0e43eb07cc0af73398f7b248a598ec10ba5be7de1f4d621a2a71678be7a67665f80a19158df3f866066f2e5a8bb5e130934ddc8db4229948e3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD52b692f95dd11ae28c7b42660daa3bde3
SHA169e6423d5c64f79b14f5f79a54144006fce5d87a
SHA256fc8629f8fc4c29a65819b81825946c59449331d548b9bd20a78e001c1e5e4f10
SHA51234cf2a5e7c4b5867336e5a69c17771f0899c70c7df53d20bdd89e7780e4eef4b8705bfd10355238dad051ff9d5c62776b129a2e88d93438ed7de8ba1a0c22ce4
-
Filesize
580B
MD52c0044cd4df000b804cf5922ebbefd70
SHA1fb47d56cf33e5711ab707070b7a57d858d8395a6
SHA256046934e65536fef349a264e08e55f9d378cd035151a947dcf3fb178d06e546d9
SHA512807b7eade2382c28af92c5a6b1e36e2adb336a5dc457d6c8459dcb3ec59de296d7f3de03dac84d0ffcd2e6c8876d89f5cb9131426f5a254d879f205f8740fb0d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD5bc9ad679feff99233a9ee8ca4ad1f478
SHA1c72149b8bbf37d75bf62219a48b60b99a076fdd1
SHA256e4ef00d3ed8c6f662ebaeb6ae40e7af757aebfe3b8eab3ecbb5096e63a8260dc
SHA51273271a937ac66243bf35d6e9bee6b18e6ca36a1b76655c12cef72e0ac4b29464309884f01329353f1f97bf00fcfb4ecd25c3bcba0d7414ba47e5c0a18ede633e
-
Filesize
625B
MD58e883a8142813baec0a22e4480018986
SHA147f69b77a81ca1f1087cd2d3cb0ab5e5a33c8ec0
SHA2566996bdc87b3591c3dbcf30b20f4c096d45feaa27b8747881dae5347472675c9d
SHA51247c18643884b71d15a04fb7f047f6f21fc963ab900b26f621672ef698dc80e8aaa60cb24245298008569047cc66f1d857a7f4d343ebf6f075ec29f64f8cc597c
-
Filesize
873B
MD5c50c20cb33a261bcc7794755d2b5a11e
SHA1fbd548d8c9ed9b059b0cfb28a9ea6a68810074da
SHA256daefc377f5c626c4fc5e257ffdbe3faeb4406f33db8e1a4dc2bcaf95f3f10a7f
SHA512a363068c56429d1295e13747a6534497748a9842de6e9c3e01f6400c5a54dcdb0f6dac2829d854051bbc64d126cf1fdce62ee601fc5a2d112cbe3255c7e01b98
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD5ac3ca637d0f09b08ba527e99ac15c541
SHA138a86bb60f530247c42e0a9e0cfe999acf77d092
SHA25671270994c0b26eb623c83d45cacadfa04a5de046c48e710cb05301838b4104c3
SHA5123d236a4dc87e075286a6375670565ddd1f22cdbc5b697d7f18ab5b7cfef2fbf644260242ebc1c61edcff4a6d3b5266b650bc8d573aa05c076f7b44c310897edf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD54bd56bbcd6bccf7f0ed952c491eaf2ef
SHA1df2b04a8d7c9174f398783ab9eee137269134245
SHA256b079067a350d16bde4426da832efccc085b3539b5ef64a7c2b1e8f9dbe56785f
SHA51213dc642b34f8179be260a7430c658358b124af36eab58ecffb252ff9d695a6740c72ade120ab1ec9aceb8de654dff655614c6bc7b0fcbe048eb31a559d958bb8
-
Filesize
615B
MD511f42bd45dea438f979fa48c6ce21a62
SHA15e52b53456519bfba2ff386f29235033c9e3c957
SHA256408c6bf5198f33b56185bc5b81f38fb5b5db2b3abbf1480d48ae105b1af9841c
SHA512690833212a8033ebe57f4b918ebb78a75350aef3edecd1d8c02ac0f6aedb0f6e0d7a120098577333cb971097ead0da0686d736a08d1360c8eca1650ce82d9fa3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD5954eb33882b66b74128aae1b67abe1d6
SHA189e1385799fbc7ae3d6e56141847d43188072bec
SHA256ae6f279cee7bf53186b7f7779a58d77317ad76100ba995cf699b8f69fe02c8c5
SHA5122a267dcd536bc600bc22939fe6695cfc665a122ef7c9b139e02a17aa3a4dc482861ef7f5b66dcfe8ce11d70f4b23b1bcfc76dfeb798c56f256f4871a488134c5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD5222805e2fb958aaf1119e86e8d0411d3
SHA156d06138659eae6f4aebfbd9fe2f31d705429853
SHA256575560ba1e4804a076e1fa7edef9c4059321b663d15def7ed48490dfc1b2eebf
SHA51275589e53df2e587619991e4622575b93fd49bbf1275373511edd87544c270d04e256aac2fd2cc23483709c58bd54d050674395580553c3eaf743b728a122b331
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD590b1f7fefae6a08fe6b495fbb4c27090
SHA1c72659451f6f25a968355439cfba8d0ec1f52c2b
SHA2560ba39b376e52c16b657468d4a5a7991fab6402dc78c61eec3f9180179f9c7403
SHA5122d73e6de0200a9416f14d2299ebb72a6f7481c217a21dca31d2f79eec9da05310533aeb31791802505cf8ba5887645310fa8fa41e311fea1e9f26cd895d8b574
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD5632f46178259e44525e8479b766eb893
SHA1c5b1e6a1480253d8d7e8fafc213f9067f9982521
SHA2569cea658435cade8e4f240d67cd07232a03369dcda0f3fc1522eb3265811fbb01
SHA5122b9e5d28337b727d842beb2903577a6b3c48e4bfb1926d59e6ac829dc4b912fe18068ece3803a1a37f5af0254482562771bb165256e4a8ef9b6809f742332c49
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD52425ac7dfc6ba81c3fafc6fd8f0252aa
SHA1419d2c14c7341a2a2f4cb10ea0bd00a4a4aaadf8
SHA2561fd180d94abd0a038c436bac82b8429e095b6c8a5e3a5ef1db8a38ea6b86c0f1
SHA51207624265b25aaf063faa215fbc9b519b68dd61fa83cb188958aa626e224f3dfc7ee432abdec2abfecb32effb18c864442245cd2c10b093303071723ac206e9ab
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD5cae529815a439a184c2a595685c056a3
SHA1362e798abe7d437380e30417a158849e4f62ac41
SHA256fdb1f6d7512bc0d00f5d1396945c1e73c0ba5e1125433cc8a595491008c69ac3
SHA512bde2a35f1951fe6bf99c601bbd7569f12dc48b72811a00554840fec60feb21cd38ac5e41869b8cdbbef665084a84a0fac18e71a425f8007376ec450c3048c424
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD5d6fdd2f98e92f1efa1373ad3db5f70b5
SHA10799b3f735e0fe1957957eb6bd7c02450e74d8c2
SHA256a6f489fbd330f0abc5527c108bdeeef756ebc6378f31468c879c2f4ae24646fb
SHA5127748e7d87854dbfd44b714c2ad8704947b1e7f2773b4d131e226ddf9afeaed9a19a90bfc3d836219104828cc91a6fbab807560eaf0fa61e7dc6d33cbaa8b5127
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD5e0711ec267da53528aa3558549938c20
SHA1b455f25348effed663948441cdb421d52c841e7e
SHA256bad55d7839316713d986a026ee284131e31a880fc252e847c86bd7ac93138223
SHA512a3b8ef6178496ae90e3577e0048909fcd7a9a8ee6b3dbf13904cc941caa33fd363008124f35b298ecbd6a6af82ed329e612a329faf493cd6c9984b29859308c9
-
Filesize
153B
MD56132d8a462a751f83a15e2d5409d707d
SHA1016484ae958fc9be1a0dd139b9086ba375eab217
SHA256888051d99d198779a9cb19ecf4534fe2d7de8dce1e35e7ed7c4ab253314fffca
SHA512a3bcfc6e5975a5054d367b0418d788aef5f2e8fdadf32ed51153cea5bb225729d69a710e74629ab6d4dadf98f03487e48e7b7ca3a87c55aa7f1279fa525566c4
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD5e521e1995a43c911c00217d9f8b11740
SHA19756a775a8af21bd27faa5621fa582de043ee8f6
SHA256a7d9d897dbb7b7f9b3780064b05962dbe42dfd07423d72898b576d0decc90128
SHA512c582ecffc21e6f22355a4cc0398ea97913fb9d9f034e00b9d6ec47d28329a4098a59d0c7c59d0bd869e63eaac0276e0c3e5551a3c5a6e9ced8ea231d1c13f474
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD5ce6725c6568627450be04202eeeb889c
SHA1a32abfe82bac03b35a04fe030fc88ca7dc1f0c66
SHA25640566acbb83c64725448ff38aee901794bc97e2793aa218cb9cd991dc950408b
SHA512bdeca543402297677439b336adfae63efbca97f47aa225a2091f184306a33438f7bacbacfb1d03cd43c4a6dc33f03254ee47e5b3db0e6b279645918a0b29b13b
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD5e0356eb6315f67a3a28d6b2080f2f27d
SHA14497c4e9a16495d096ae5d3fb0b11ecf2d718544
SHA256b3ae7aeebd3d58dbad6b35c7ca23c30bf48ec50c12e562426f9041d104368195
SHA5128dea34133e25ea9f124339bb695c460d48fc4c7a82a03f1cf9aa6e35d96a1f614a9d4819626b7dca8b9e84ce2336a0b09344d88efffb221769a6582736d317f8
-
Filesize
109KB
MD5062b126267f95bf6a4696b646567b889
SHA1c13f2e47dbdb8b55371295f18245cc86734c0485
SHA2561565d5a63d4c1b8ab88f8339dd900c320786f18c9f89a2d316586503c01369f1
SHA512270c25f6ac2823b58609fc25894be3e61d48c84489adf7eed05485e1eba9364be1772e5a7cb95ea7bcfe14b69b1e85f8374d6dd7a7dc2ef17147c85b654d517f
-
Filesize
172KB
MD5e8ae88e74e5b0dd89a5984ecd678e30b
SHA121a0b26edf9fba4e4b4a7a1f964c654813914cad
SHA2568e6ba553f0a0939727be48012969cf0252e2bd2b2cc66c4785ae8f9f4a130911
SHA512fa415011cd632eb6d306e70cb7f2a5efc4e9d4b0ce5356f33d5c26bb48f4ae3d8e2ce45d1a8fa52b7d67f74f6b170f86834d4e0e66c38b90ccaa0ba3635311d6
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD5764a52b2cdfa225206f8b368d7399bec
SHA1767af618800ea88f864678802fc1974cdaceb95e
SHA25646e6b0a8f50bb9fae6ccd5b855b91b7d5637c69f6ae0af88b207368325116f3d
SHA5125bd1c3c90a5d54d255d97aafe0da70a032dbcf9514a7f7363cd1d2c28ac4ff6d26cf6c4e78b6d87573b3b34b2e54fee051a80c7f8201a636471751b0cee2887a
-
Filesize
49B
MD5bddc97cbfb38280e951b43a61cbbaa3a
SHA145094681a7d3b93c20cac89ed655ecb8f778f5d5
SHA25696b312beed0101a92f84868c24c42176566f1457638796d0f1ec2a65ad13aba0
SHA512c94332d514aaf019cc6f6066ef279548b6e5422b2160a6a7793637c64184efbbd41d28efceafbbe3138ee96f5968190c182dcdbe8943390d4e79a131f7cf5bcd
-
Filesize
21KB
MD522f4e2f23c1198900d51f7b865c6c6b0
SHA1345989c83688a6e00f89652dc2a252164bad757b
SHA2564112bc6c34848cf1b5bcacacd56f76ea4bad8f8b4c1570bdc2cf451f6d739c8f
SHA512ebcf5e7efde879c624c9fdfa37f54aba6cd5f00aa9e8378cb649ea938740801110578bfcb12431b64bc045fd271884fc0dfe681dd536f4edb43a4c1c5398631e
-
Filesize
1KB
MD5dc65a902b273cc903bc5822f35bcfc8f
SHA18dd2af171fa753b3aab86ebb5ab89ca75dbee910
SHA256b7b7a50b0fcc11f2030da9dbe246c35c96888d6dd45a061d4546ec7776c42cdd
SHA5122be74af97609e18b1d90463c71cdc3e1a4e61b2c6bfb9953ba712ad596d5fc9b49645456ac98fb36d44ef4e99324f7f677d7e1fa00f390ebb6916b9359f81c77
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif.EnCiPhErEd
Filesize952B
MD5230b5e3b5c7ffc6cc58bbfcb5f89cbe1
SHA168ccefe86bc6cf59c3abfe33ef78264ea0f0c1c0
SHA2567b4d1b1a483993feb4fcc4e9ace44f872178962b00f5bfd9e2b3b58a6186d89f
SHA512d503b1df607992ac86a251bad9075beb9374a1e4825e2d253d1de0f55b24e98eb211022c070e2ee9a597bb43f1ce5d9678e8d3dac61e279f20108f5e9e29f30d
-
Filesize
121B
MD57fac68c30f4d555015aed6528dcedc46
SHA157cb5d29f05c0364397e74cee0849dcd4c6a7cb5
SHA256001461ec05f1bce8d3b91d929caa53f51432621a9830a7ea7193a94dd86fd473
SHA512ea814da665100e8b4de81e857f5f73a7b38422c382c6065dcb0701a7be4ebc4c0e572955c30fc8c6ace12e4cc17c1c48e24673dc4b74abe5a95cfb532f5f0efb
-
Filesize
1KB
MD50c28233f85a4fd653a2fd25abc1be47a
SHA1cd7e9c9ceb603e4a5ce5ceab8237f13b2cd22c5c
SHA256a2d561fb3b47085f6689c8ade1ecd616d07f713c1e4f780bf8a4345fd43d5b0c
SHA512592e3f8f4196a19319563b9b2088fd4ac6f54b677f20603d7b955c53d6c23bd71d28b67c3bbf00c7c73c69ddaac4ca571417bfa42cc014782b5022c2c7bfb706
-
Filesize
8KB
MD5213ee0f14b9371abf0bfb605edd52201
SHA1df928a79572cfcae790dc7d7c24fe4d447e9db3a
SHA2560bcd3ac2aa3dfa11582893937c05130ede66a9f909ae0a03d243ed636ff619a2
SHA512df302b66d361958c6781f22d0fd4919f8e5dbf17b55e1c970628749ee3a7b200cfd81fe2f47e3fc915028376b398acbad8e5e6ae77ffaca682e67844fb67a583
-
Filesize
61B
MD585423017c30958499affd6dd9aa54766
SHA1b57b0907b759205885da858caf1cc37b1ccd3f6e
SHA256c2179096f1f71cfca80a685040ec183ba4d6d67dcb685cccdae4659035e56024
SHA5120d2ee10f7f8bc0b73f5419a016a31ee275935e32d8cefb8da3fc8b55ba9b9d9581fd0531443bee4ac7376726b056e2fc1886368cc934f2e6b9ed3d15575453bf
-
Filesize
914B
MD5245ee848279789ad9a0be59dd648e7ef
SHA1237d2760d9d8d0f68af8a2f645c9db594475231f
SHA256c7d89596851545891dd9a9c5376909d81e47e1c5f7840561522d2bf30e0b18c6
SHA512f2bfb7f9d5477e265e851b8f2adf89e1c6cf5b1d4ef7b138992e1bf92202d321a82ea9de61b4e464b9cf78eef4c6c558e19b79b16305d14586e7aa2b3eca4934
-
Filesize
90B
MD5443e86363fb6314e91810a94490db2b8
SHA11b5c987b7a3a1b20f59024cd98aa70ff4eebd298
SHA256a31a2d34f1a254bd5aea332eb88d6d57355a1a46040dbce8b58aba09b5adb9aa
SHA512d5c207e107cf5eb6f5f6222ae7676c302305b62d4abebc2f2fcb8ea5ee55c2000bf5bb3703cb0b104116227bcb6393b342b0f00c93030c121656a3b5a34b4947
-
Filesize
90B
MD5d841ad7f3d8398d6e2bd73b7b364ae0d
SHA17f1b978bedadd05566ce4cb025b1bf6b6b2b8ba6
SHA2565c1a46b0fd22c0a5d6c31d18cbc4d8897787e9657c7fd6a76449260213b2d4e5
SHA5124e8d75f70e232d0146e91d5639afc4c1780ad3035c6320a467a27bad0131f0b6007b6b5a99f17ac18aa1b35636bf4d5e2c5dbde5aecb5bcdb0ff1cad9f813ee0
-
Filesize
328B
MD5f9408f8234c0df0acb9d2a118c2b65fa
SHA1c1e17f64375f754db3c8de39b8111d72904ca789
SHA256a0bfddcb61326a8e9170e67dd6ada7b5a93312ba52e394b55bca38eb9037e022
SHA51227e2d961a72f7adb1c1b5548e897f136b0ce4445d5d7583132c2f4309b977d41484985eb05ffed5ab0ea142b38adaeb2d5bf82b09881803779b42c6fcc540fbe
-
Filesize
1KB
MD53eed7760a7fca390e30f8696c4274616
SHA1572b7c5672a31ddc4dd796b62e4835d8cc1f8c90
SHA256233866fc209438722d94feff8dd0183b66ec2b141450bf030ce4019ae81775d3
SHA5120bb294784a5ea233d083dcf818ef495b0b7e6bc941e1b1eaf8917ae43b1c5b34eb06641bf41fbb501c26e9aa0aaee0e0175cdf304d4858013afebcd564857b7d
-
Filesize
162B
MD51117ff16b9e3fcfaa7d5e87ae9b8def3
SHA12c55e59b0b65d5f6ec47539e96b94de6dc02e274
SHA256aa7ec1b4bfdee1ef784f65bfd9c900e8ad743552afd97648ded9b26720b89b8b
SHA512df77cc693bf17fc333ec469773882dd189330bfeccb3b958a5cd06688db2d0b8fcb82bd4e860057bffb408554089c6e4654b586639f41b7257b65dffcb2cfb6d
-
Filesize
586B
MD563b72272232e2889f1aa7d08ae9017ae
SHA1f8f0d22b4a90d66f515f099525367665754f579c
SHA256ebbaa9ec449199a197eb011415db87d12ebbe5e5382bae1745832e2789ac362f
SHA512d2ae5ceb892a8586b966737bb0a3a3a7fe041aa632a2eab3d839b11b81410778d064947dc4ff3d2d6c47b7bc69a0fd3d982d0313cfa3c6109a20bbfb5a2e8345
-
Filesize
124B
MD593646289357f70e0f3afd3405d2d3e20
SHA1ceb1456e992ba0f53848075e3dfc7f4f2003b913
SHA256b48aab91594bc9c56febb87ca6cf2d3e976739f669ba8711c5e15de1d4328983
SHA512ebd613613937ad4001a61de7cb6006037723384d90a425dcac95e77f431f49eee760b9fedad87ae7bd5d4236f7c992a3a4fed4b0afe2783ec314e6ff97785bb8
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD5850d56b39ce3e14d03af9908a1fea705
SHA10934210597c63666172021b138c25e0cde049cba
SHA2565169f280687c9b39d003a6009d888297a23efc0f7d735deadff6acd6a2b7d7db
SHA5126fdeaabc9ecec5e5d85def8eae2d21d3c6ba8989534106a273e2dd08d93e3c06645d870fa991570d8bb82bc4efeeebadbbb8854a3435cd0dcd124ccee535329f
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD5c04c43fda5e13be8e50600c5141a38b5
SHA14c0ba5b3a73279ef829dc70f1d9160f4b7b2f93a
SHA256cabceb98b663a041d77e43b48b4a89afc97b48866f4759343b76ebc210c4864e
SHA512945a24537914df0bb110eb0b61f21bb092366e5306b69af55bc31e4413d8ebb71f3308cfab62f379516438d514dc31527cd469545a551af3f60abfe7c6fdf32d
-
Filesize
8KB
MD563ef645050fd6437d13639e64d22b6ab
SHA1abf38824c449ea162975e68e345840be0f6466b5
SHA256c3c12844a6cf1ca3b78879274c740b53cd6fe0827f7e149e5b9d38514c6da803
SHA5127af9db2716bfe4310700a80dd8f709858c550746ee6fd02e65b57bba6cddd23d14c41c4bd287d13d5539e7d8ddfdf5c6fc6bf29d1c2ed02cf6135204f3c239cd
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD52697d7066e8ba2a75a354e513f98b0bd
SHA16e3d0d4d67e7d3b6c823f5d56d4a1f66e6cef292
SHA2563170e4afc8a84718dc206f28c3d966cb29a423b0991e4f68db7df89265dc68b3
SHA51241bf2f45e573e675ae7d6e7650818e6392b31dc2cf8b4ea7c6e7a46e08eca21a3db455e37e201c59b4936199522c7aa9db61bbba2256367c1762b26aad193b40
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD5d671227c6d6db542ce73700c0bbe6ef4
SHA1ac3ac6c19a079bffd97c4866d3c7cae5ce8bb5df
SHA2562e8481f10432dbdf584c848efee296843a110cad5871a4287cfd30fd590ac3f3
SHA51295ea687d98c2f1121a1a6f43520406c0876f1912a748ddf4b8c3dae5dcf08d7f6216cf07dbf2ab50a459435740d0a69f4ba7bdfe4e885f3657a7103260cc3fe3
-
Filesize
880B
MD5f70b5d88964043c9bf10ae5ed754cc57
SHA104f9b82a55e2b771524bbdae132652e655878071
SHA256e9186aafafb3eae70812b08738dbe5bc1e44397de615082f61ef8d0c1f648d14
SHA512cce43cd663a1a4f233a6994c40d6abfe3629b07f1ec453da951c406c347313328e6de1bb5434fa0dd01ed009dce86d6039d609c28dafecac3f642bb491854248