Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
22-10-2024 09:09
Behavioral task
behavioral1
Sample
69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe
-
Size
26KB
-
MD5
69cf0d9cc7110102811dc6fb8176f1e3
-
SHA1
a4aa1c048bf70cdb7eeb9be436624f596491acf1
-
SHA256
e9fa54419d9b5b5938d52002f43e3fd06087a02be7f068304e044e1eefda84b0
-
SHA512
11126a601fec9fc2bbd82c581c6394d7680ae0fcfbf6440163e4883c8ee8358cb0eb366a3e852ae1f515b382c5c994614cc8f83967a82034f2ebffc7fcb906c4
-
SSDEEP
768:g9rVDCxIf0dkPSQNrsFrX1tiq1UTJh5L3A:g9r4xo0dkqcCtCTJhJ
Malware Config
Signatures
-
Detected Xorist Ransomware 5 IoCs
resource yara_rule behavioral1/memory/2424-8961-0x0000000000400000-0x0000000000414000-memory.dmp family_xorist behavioral1/memory/2424-8960-0x0000000000400000-0x0000000000414000-memory.dmp family_xorist behavioral1/memory/2424-9193-0x0000000000400000-0x0000000000414000-memory.dmp family_xorist behavioral1/memory/2424-9194-0x0000000000400000-0x0000000000414000-memory.dmp family_xorist behavioral1/memory/2424-9195-0x0000000000400000-0x0000000000414000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Renames multiple (2212) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\351WtMkTmA5bR1Z.exe" 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_regular_expressions.help.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_requirements.help.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Windows_PowerShell_2.0.help.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_format.ps1xml.help.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnts002.inf_amd64_neutral_ad2aa922aa11af2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmbw561.inf_amd64_neutral_fe42c0ff14d5562b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnin003.inf_amd64_neutral_3a3c6293d0cda862\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnne30a.inf_amd64_ja-jp_b2245ba886355a9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Signing.help.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wstorvsc.inf_amd64_neutral_d7bf942e99bb1d41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmbsb.inf_amd64_neutral_56a9f6bceeec7f72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnrc303.inf_amd64_ja-jp_b0dcc6693f67451a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmti.inf_amd64_neutral_4443b423d18c3ffc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnbr004.inf_amd64_neutral_a78e168d6944619a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_neutral_cfffa4143b3c4592\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\fdc.inf_amd64_neutral_bbcfca39fdc02275\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Windows_PowerShell_ISE.help.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Redirection.help.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_debuggers.help.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Core_Commands.help.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_neutral_024281c0e4e954e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_hash_tables.help.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\brmfport.inf_amd64_neutral_f41f35e5c21bc350\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky302.inf_amd64_ja-jp_dd74fe49601b74f6\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_try_catch_finally.help.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_command_precedence.help.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_output.help.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_type_operators.help.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\000a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_properties.help.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netb57va.inf_amd64_neutral_6264e97d4fc12211\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Failure.gif 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_aliases.help.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\tdibth.inf_amd64_neutral_6ad685957123daf1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Ref.help.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_neutral_86bb50f34c49ae71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_profiles.help.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep00a.inf_amd64_neutral_92a4c727cdf4c2f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\nb-NO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Switch.help.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\cs-CZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\040c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_job_details.help.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_scopes.help.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\DriverStore\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\xnacc.inf_amd64_neutral_13c4e272a96185a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prngt003.inf_amd64_neutral_8c9aae54a5673a35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00v.inf_amd64_neutral_86ff307c66080d00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\AppInstalled.gif 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsPhotoGallery.bmp 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe -
resource yara_rule behavioral1/memory/2424-0-0x0000000000400000-0x0000000000414000-memory.dmp upx behavioral1/memory/2424-8961-0x0000000000400000-0x0000000000414000-memory.dmp upx behavioral1/memory/2424-8960-0x0000000000400000-0x0000000000414000-memory.dmp upx behavioral1/memory/2424-9193-0x0000000000400000-0x0000000000414000-memory.dmp upx behavioral1/memory/2424-9194-0x0000000000400000-0x0000000000414000-memory.dmp upx behavioral1/memory/2424-9195-0x0000000000400000-0x0000000000414000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormToolImages.jpg 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\macroprogress.gif 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\PREVIEW.GIF 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Minesweeper\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\15.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_GreenTea.gif 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Games\Chess\ChessMCE.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099168.JPG 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14579_.GIF 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_disabled.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21318_.GIF 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR23F.GIF 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR10F.GIF 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\sr-spl.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files\Java\jre7\lib\fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR30F.GIF 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\SubmitRestart.htm 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\6.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLN.DOC 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR13F.GIF 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01242_.GIF 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Sort\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_disabled.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_disabled.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\ShowDismount.odt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_SlateBlue.gif 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR25F.GIF 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SettingsInternal.zip 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files (x86)\Windows NT\Accessories\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Solitaire\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\TAB_ON.GIF 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\PROOF\3082\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files\Windows Journal\Templates\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR33B.GIF 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactHighMask.bmp 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files\Windows Journal\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_m.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02753U.BMP 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\DELETE.GIF 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Class.zip 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files\Windows NT\Accessories\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21327_.GIF 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_left.gif 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\SAVE.GIF 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\7c32e936a07e0c7d9cae3ac27497f613\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\msil_presentationbuildtasks.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ea869e73a72dcd7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-wpd-legacywmdmcesp_31bf3856ad364e35_6.1.7600.16385_none_bc743c4c6248bf52\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\diagnostics\system\Search\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\Media\Delta\Windows User Account Control.wav 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-afternoon_31bf3856ad364e35_6.1.7600.16385_none_2a05e57d5ab3659e\Windows Logoff Sound.wav 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_subsystem-for-unix-..lications.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2285cf63d9bf087c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-a..ercomtool.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4b365269fbcf9352\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-push_31bf3856ad364e35_6.1.7600.16385_none_cc073ae540855a07\NavigationLeft_SelectionSubpicture.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..onmanager.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e6cb80742e82457e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..iveengine.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_457cb6b3dcd4252d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..xtensions.resources_31bf3856ad364e35_6.1.7600.16385_de-de_75610a9f07a3a725\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnlx006.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ee798ef1eebcc2d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_Line_Editing.help.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-deviceux.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c66193be1f9bb5ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8ff8d5f6972fa091\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..ents-mdac-oledb-jvs_31bf3856ad364e35_6.1.7600.16385_none_5063b7c415805c24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..-localspl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c37c7660b3f11e33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..-freecell.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a388cb14e3dd341f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-scrnsave.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a4d8030b015501f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-b..xthandler.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_842d80b3edf6773b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-iis-bpa.resources_31bf3856ad364e35_6.1.7601.17514_en-us_f646fe79b78341b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1f85c65eb05726c7\settings.html 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-desk.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0506219b59cf98ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..ystem-web.resources_31bf3856ad364e35_6.1.7600.16385_de-de_63baff6af370f039\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-r..izard-mui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8e1752b7029e2f0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_hidirkbd.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f0d1a908e7473790\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ddoiproxy_31bf3856ad364e35_6.1.7600.16385_none_9b5de95c17c5b6ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bedb1fc5861a7f39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-rasdlg.resources_31bf3856ad364e35_6.1.7600.16385_en-us_120323c561b3d465\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_en-us_1039fd7fa6efbe65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\msil_sentinel.v3.5client_b03f5f7f11d50a3a_6.1.7600.16385_none_3195bdf86ab0e4c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-n..line-tool.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4789d840ee34a138\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_ehstorpwddrv.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_12b31bc693a9d6b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8486739b50ee62de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnkm004.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9bf1d2f992148a01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..shape-rll.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_06230c8e3401c6b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-clip.resources_31bf3856ad364e35_6.1.7600.16385_it-it_85e9af46061e040b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..demanager.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_37fecb9490b2bc32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..ionengine.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e8e9df027c081f74\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_netfx35linq-arrowheadsubsetlist_v30_31bf3856ad364e35_6.1.7600.16385_none_cbce459f97cb4759\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-p..noverride.resources_31bf3856ad364e35_6.1.7600.16385_it-it_89688f644c55f72a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_it-it_fe36229bd280f900\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\msil_microsoft.powershell.editor.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_a62ed8facd133c38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-t..nputpanel.resources_31bf3856ad364e35_6.1.7600.16385_de-de_be2723b43266a7a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-icm-dccw.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c482d0bb7d6952bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-nslookup.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d0b7705de75eba38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_b627d45ffdcc6f00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\Boot\EFI\hu-HU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ndiscap.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7c266127b4fabec6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-syssetup_31bf3856ad364e35_6.1.7601.17514_none_cef6913cae56559b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.1.7601.17514_en-us_f6719a27fd39b2db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_usbvideo.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ff02be6f0eea6bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-l..terprisee.resources_31bf3856ad364e35_6.1.7601.17514_de-de_afd2a018d6923470\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..subsystem.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4aab526590e1172b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_61883.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_91f21dbac7469950\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-b..ore-fonts-wgl4-boot_31bf3856ad364e35_6.1.7600.16385_none_d055c2bb563e6783\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-tpm-adm_31bf3856ad364e35_6.1.7600.16385_none_47f0687a93cc8b71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\info.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..nailcache.resources_31bf3856ad364e35_6.1.7600.16385_es-es_363ae77f3d816251\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PVWYABLYSQEXTCO\shell\open\command 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PVWYABLYSQEXTCO\shell 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PVWYABLYSQEXTCO\shell\open 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PVWYABLYSQEXTCO\ = "CRYPTED!" 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PVWYABLYSQEXTCO\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\351WtMkTmA5bR1Z.exe,0" 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PVWYABLYSQEXTCO\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\351WtMkTmA5bR1Z.exe" 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "PVWYABLYSQEXTCO" 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PVWYABLYSQEXTCO 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PVWYABLYSQEXTCO\DefaultIcon 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2424
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
595B
MD59d1d2b01587f181babf6afc8b679a517
SHA134753bf0a58375d68a91dfe3b27c66f484dada93
SHA25639d2e715f4ad93e67c166e2e8e5b1ff70873de4c15ad25e4454a2544a17af8f6
SHA512f10828491fb7a4fa7be6c7898bab20422233ae6eeaa059b287ffa98f514fd16b8616b413247edb58126c1554c77ceb334cc6d8749e3d7eecb95e6703f5304f13
-
Filesize
341B
MD5192d6e23c08ecc0f6cb2d04b56c35577
SHA1b1ff2eaded2b892422a5582e3a7c9a29b7a72243
SHA256bd94b5f15f1c7b5a743d5cbde647ab35d330c5b376803e79a8081e0074806ac4
SHA5122ec62046c6ce04e27c8c7c7b752419b18f2e7af5c415f646d41c7c548052923a974d5d6613848b612ea4b12fe90fd2ed647833b254861b5454600e2f7b7f5e43
-
Filesize
222B
MD5df486690091000a5da92fe79bd43d4f5
SHA1a0a3294221e241432eb2cf2da5ec3826f1441ffd
SHA25663092307ad84cee78abff121ff83852c4f85ba0a35d74aedbbe751a05b2c3e2b
SHA5120238e964d7426cffe748f6f055b13072d8a87f87bd43ee1c955540f4873e46081fd62b9111bea375e4d89a8fc146fceff907c25a0b01fe84c67ea02e97cab447
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD5743e338c6e0e74ef27aa7144e871839a
SHA19d7c04edee59ed8c68ac1c720b57a4f288be137b
SHA256a72511699b98c1a4b73a1cd2783e8f9d1492210f055f86c7e9a2e39fdd44c977
SHA512c6cdd4df2f11fe3cb222478ece451eefd053d2c771ee32e84dd2ab1be0da2f35f5e32f26fbf56ff863e30cf65921b77ccf0f0bf053fd0d00f737b87332b7572a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD57d03d9ef50a07d6ead481dfd96152dc2
SHA11eb10f44a9bfd59553799a8cbd41f9d56ecaa1a6
SHA2568fc19d09c50ee58616ca6d53d786dcd04098062a4e413f9883d9e40b7e8f760f
SHA5128a883bdab878aa1e3091ba6f68728929d8210c99eefdca94f8cc44cfa52b786d02d3dbc1d1de0f063f0167b8337dbe69b1fb217611bea7351867303754352b97
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD5369ee0571d725969779240468e57185e
SHA1e4ccdeb27db39bb17e71657890c187a8eac1678d
SHA256500f29c837bcbc0b46d78c3ad87e173beecd1afa10e60bfc722ea1eee19a7402
SHA51219dec162b2d6ab22b979955bc150395c74cdce6c3f0d751e26b746b77112c1c87a09a2404f7c5299a7f8bafaee737f97788b3ba23909a7345e8867f07c38c51a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5f282fb6e3b33995da8c29281a7a575c5
SHA173811feb8a215211093747797ddfc3a83564c594
SHA256581518b16c03da7dcc6aa668327490034330ded3d4675a0de8537a6f1cd5ec8e
SHA51237931f3bd51f04aa7e80c0e3f24b2ec9fc9ce4233ae58e876a5d409404a18e71373dee8a9e26e638512f178410391df48a936d1471df112b6c357949cdbe6b6d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD5fff41c9bae04d761a8ec7d1a97ed7d54
SHA10b01a5259865e8524c0f9d87193b6ca526359109
SHA256170fa6d3d675081fef9372e446c3f548bc18b45097c79ff00e19bf90b28a9aae
SHA5126d49862d104c531413d65082a31736c7f0f4603b132e06df0b42f61ed8a650187cd26a03af389e1797459308b927ea6e1f77b69cedf534cb1728db02b9272036
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD5e8048c61fc10c75bcd742b254bf36248
SHA1ccfa7e4d49e7127a0a53fc6b7bcc5f1485fd8f4f
SHA256aab2c3b6c6dd9ac9b4053843ed51d981f523952ec254102e83972f32fa0afe05
SHA512d69eca1e9f1ea587be39d955ff76e973fd76ab4c26c6a8e5a8f113b17fe0471029b28bdfcdb6788939f368a76d5ba275a20b262c26e43cb04d9cdab665eda75e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD52733d05bdf0e3b80ef0dcfda0e33eb78
SHA170deaf8c9b4de1d5b6c35f2b03d2377e13d7d039
SHA2568ecfcb3f7ba77316a7c6ef61258c963bc0e68a3ee544eb51b7085693e283bcee
SHA512d123a79c31a0217647405a723815b84517427bde88c222aee45d972b826dc394ede0698a4eef84f6e3944efe0a126730efca24ec5e0cfb5b554b24c10c91d46f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD5691aad8962fc84a332897106672e2a6c
SHA19694c6587565dad0146bd9d8f7e891f182d59998
SHA2563db982407f6fb2c2a8e5bbf4b31b79c5b4618a261046408e0ea08ced818b64b3
SHA512d5121640a809a2cbe3082be4657b01a18dbb05829e5d5050de704a92da43cec78dd32197c489de32a7e5a469e87e46109f72c59fe92b6237887869817ceab750
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD5ac969aca9eb882e9c8070946dca8d9c4
SHA1ba9a4e2492cc7dc6fa48dcc57cc8d92019576732
SHA25602b0eeeba285cbb629230f94267d8111cc2a1cfba3504c3fbd3bf9d6371eba46
SHA5127888bb393193538c284b971a46ae76fb64779fc8be13ae0c393bec473a7ed41e697c02050ebc9a51573a5eabd1f01d70b622b9ad3dfad1e7a2d452110aa0619d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD581b793d8317e82653171e802ed92fa15
SHA1bb84b45eb7c33b849c70f7f9514c2617ae2defae
SHA256cce0fc1de5b3febba361ba16fa69f25495169fe4c828d3deecd5ba584e5b6e49
SHA5127d654147e891199b946c71e1634c5435983492de46f3eb915fa3089ecde6190ceac9e0bc01e0ea27904c1bd77da253e9496c6a835e07ea3f620f9d70bd3d9aa8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD5d65a182121064b3803943e49ccf3960e
SHA102e632dc263330ac0dec4954659e974204fdbc43
SHA256ea183006c38cb42bd035537d0d26bc3205a5e2c0abb698b5f8caea1147dcfe3e
SHA5120404669c07e99e493909a77dc89e96bc600b270a6ab3e34860b347d6e66e6c98619306bf2b79c8daf6c6424460e520782e13b973c54aa278c9c59296ad9caa3e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD56b50ef6b378855448bb7efa453910d5f
SHA110adfe38cd213c850f343ef47397cafb361831b2
SHA256e8a75609da91b7760eada19665b77b7edc6ed8830aea950d820b7cf142c2764e
SHA512bd54ed15a09783243d63ab3a519356564279eed056ff478408583150f954d8cfed1268461af0196d4a0d59d35d229b064cdca0e3449214fd4e00e5e807b5e9e0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD5b2202e7edca65f17ca099936bea4ecba
SHA15b1e778fc5eade6a8e5d65989df8aa76fe58e90f
SHA2563343a9090bf0cdcee5204155327191d0789f799dc2d76281de091410258e428e
SHA5127d0fa90a3a8d52eac77cb131e349362d2ea0051e42d17a653e5543f0565d27f8c1278336913347facf8cd500891b268113f296977101b8e8ac7e35caadc5f739
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD52fb86b97d2fb8894f1419fbb4b502f6a
SHA1d0340e90d96ff3209940afccd13ee642f1e1b3cd
SHA25689845cd2d4f9e5033a3ac7079f52a88455ea017cbd5a3ad51497d295bb9bb0f2
SHA512bcd262b7aa88d5433532e80a9630eac5e9d679f9fe3a214143d85fc4b76c91f59098d4dc2b3ef8f50b47c9b6b17fe743b0e0f940635ec1b92f08a231c288baef
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD513a413f5c28039613892aa53c1494149
SHA1f2e32cf137e036b4bf20d146353c3c996ec27f7c
SHA256ce4e51edf9207d6d02c5d984674e7dc316253c3ec4ee09290180176e198a3bb1
SHA5126d2ea89d7a9a77dac68e931033bbf22d4cbf7f0d87fdb8a37cdf4f3e74fc6346163eaa4cf07faddad30dd73b5f27470da01b72a323a8a7faabffb5858f102125
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD57d20c93e9109b9ae2854abdf5d4f4a58
SHA18ab79c3805f9b73a1327069c588548be1923923a
SHA25626b64c16319948e2feb75fce8b2aefbb9771abae24a565342856368b54b547b5
SHA5126a13720b87d3a52ea1bd127020d8dfb0615c65c42cde8a6345fa85aeb922510a18b4a0901b7450d71f856d3799a3ed0b0cc72832ec149e53b114c61f3f244323
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD516a8fbf25da11570ee18eab2a26abe2d
SHA16c245241c3d113867c55edb1f0e270b756567467
SHA25614dd8f53168a443901c80d07caaa00a757f71df468965efa6797a962aec7715b
SHA512c33dc9c9dd4643d9abee45acf9f4dbd21b81765350ccb208cc862e85af8f503ef85f2fbc1dd8fb326c741ebbfd579ec4eca3c69c8511cc3b3486770c5c64d3e9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD52a6dcb48e4a5405d630e50b6895a209b
SHA13b421391113d023ba55580235540344da3682cd3
SHA2561a716d5cc3ba468a23b7b1284401356c74f96b148e892cf483c798f829326ba6
SHA512965373389a8bd3e9c0fa5167695e2fef8be0e4a76beb17a8ec31f18d646c54a23bc6acb913a86159ef9cad1c288225136cf5d9241e7b0ec9b6554f71a6328a70
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD57eabedc7ec4b15a93999eafe91f27527
SHA18c98089b2f05f02904fedcef447443fefeddd851
SHA256b1f4d176fbd560bf99a25e915640f2ebe90b140cef241e2ab3b6c0b3a7455adf
SHA512b619a531593f7cb14028f7b11e00a9c0cacb0f76a4df9244b12f6e2aeb0419aa743e8aa19ab78218fb3cdf43bb432b3393e177a611fc554765ce5cb94fec6d58
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD51da6acdb6ba399857b881e1538ce2cda
SHA1a65822df1a930beca25829656df77fb8a8c10fdf
SHA25691c3296126d6c6001ac4688614ccc389ab5eb01b00707440cba0001d5996a986
SHA5122bfb46bc2bad8fec771ce13b81ee6f91d115281a6bf915f59d2932e718b2946a24868a82acda57a8d69d723b28678517acf85b42290a0abd54c5b882fd743018
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD5c8c16d5d3a7b2a6d5354c40e9bd884d9
SHA134c8a391349f00fa56e12551d2bcd73ddfd5c741
SHA2561c3e8a235a1320a82fb3a1a6c551f5ddac3d1166988f5d743cab0072a2d1e5c9
SHA5121c7e8e6fd0d02afb66462a151287130b99eec9f7b78831eb99c5f7f8afb3f0452ac26f36b40f6f1813d6a876cd1d92ddf6028fcb87233ad669a7b358aa8d5230
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD5a906f2cd668cda22e4f76ac797371897
SHA1acaf6220cd1da046bcf8ec1278aa5d3b20a4d121
SHA256bc6f098bb604aa91e2cbaa343bf02abeadd50849254de1dd2cfb5163cdce7ad2
SHA512bd3f0206600ba0b9f7eb74903cf9e382c59d77809027e6d677823164076f1170be3f127831cd6c32e4aec4c649aa563eb58a80b60232a07c07530f6a2926ab9b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD543499610550e972f0f92b53b128ef781
SHA11dd77cecbe816550a6f5c8db182f648f988c9d83
SHA256147f68bd7c2281459f8ae0c95b8521209fd7a2ec91523b3ee7f3b99a4b6bb442
SHA51295d80995fc5408dc48cc9ed5e7c4f922f1300249ac4724893c1a4746e4e5cdf325dec75f8fd65245ef71f66c041e4fbaa2b23fd155150463303f64ca04d96b0f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD59def09262ea37f8c70a7428fc8d1cfb5
SHA120385c5dec4bfee361ea020f20cf11991080137d
SHA2568736b659b55f980788c95bd36417e1338ca29ea719df58f2e0e487f21e2eb992
SHA512698b8e867e1cb09e8063c9ce164d65b5491b47c509e21f14115b89cb54a77a004709dec6b82172b12db87a6b560fb89d0ef478e665c641fbc77773c4fb3cbb03
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD5fd649648de25c347730a8cb9dbbe308e
SHA17ae77ac429ccc5bfd7fdc59e617c6c495d8c74cc
SHA2568466be18563be9d64b94bde3175ae670bd85e7ff2a6c218abcfe2c740e7165ef
SHA51281812be6e216e6b044d1914ac24d3f3be2249ff166c1e1c70a4db00194de4f289c33971acedd1bb0acec6f8b6801be91398a6be330ddff07e99e2cdb9a1623df
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD51360a787abdabe07a62bbe1dc519a392
SHA1a5f1dcb93a87558bbc286fd363442ef00abe2f34
SHA256e2c2723362377adbf0c4f20daceaae590bc3066a0c1606f7301bc1b3cd8bbcef
SHA5128093f6d707c99cc080db0b81ce269b67698f0439af5d9fd470c4bb9eea6076845854c7a6f720657464508d285af0833cbbef7ef50955228e15651a29602c899f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD51f0d85ff9fb39483e8b7b8c8b682e9a7
SHA117b0a4c9ec9f0d368939f90e7ba47a1263f89f7a
SHA25656eb398ecc02c2d8b667211de61d7238cc92ebef32e5d41d30caad7952cd4aed
SHA5126d4969b43c59c1997150c56a2b1320889faa8d900f1f272ee4755d5d620dc46ac5442463b2b3ddc26c1041a4c8b03ae94d92cf8b74e0715064aefa0c35eb0d15
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD53d90e66eb22659c148c7cb20a40705b4
SHA1807eaddb353c7c19cd3be02dbb7629b90b86a21a
SHA2568f0d351b9a6a96b4ca7ec31100581598e53fc22c6e321c2b96ec4c5e77d40c24
SHA51237213331b95691c55ba0ed4513e6212220c46ecef032b0ae140acc945d191497c9e959c945173a993e6a8366752bf98859b8f2c6b6aec3f4767cdfbb4055a050
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD58337d8a5ad3c0f78cb2238f7b089500e
SHA159846824af6ac656e6ec3cc1aa96f0b149431005
SHA256c57142eee86449ace3e0da9ff8d1e1435ec21202e55fdfad6c14648eb3f67d50
SHA512a93d06c82d004a10f999c504038d550789a275ef17e6307445631c76f234c34073429035fc45c4c2b3807334c2f7eea2c2896be65563827d310f6994a959fba0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD5d9b0ba75a50d1b23d73129aab2a7ea49
SHA1e415f8d5217d8e2ac6188ae55f49ce8b769a718c
SHA2564339dfb2a8d35e642586647c08c3927f73b5adb0bb13c0289871c09f051c4cea
SHA512e3ae86e6026c062334a58c1271b238dc6e1f28b1fbb91f4dafd9c04ca1319279cb86e71ad7282453b4137f90cbcfddafe6c89bf0942146834376fb1ab5ab6be9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD5269fe085ae5057817dd56e7bd9e3bab1
SHA1a049b4c7f18174042cad525a00c4e7a63bdee8c3
SHA2567838e2c156e696ace37bb471cda3b3c388079b76c7024277329c3056558e6155
SHA51241d64d41662be4366a486d69ae4a79f1fc13b84d2a370c340ca9ee9667c1a837f3d78ca651ba32476c530abbe7c96951055795103e038079a9942cd426c2f068
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD545fac88027a41073bc7685f4860fa715
SHA1b01fee9aa2bb2ef62a677b26d9fdf991a40a63cf
SHA25607c5d940fe0c1b26a9eaa8e4586c12bf6e5d9a963d9dfefff8a1108b664140d6
SHA5121c8a464cfd48bbbb42ac3e5886eb45416be27bcb3623b809f1d778c5e403608faa26abbaafb2cae90727dafa2337e4608c3e96befb08efc46e0e602dd147b249
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD555ba63044486123c0a609d1d89f61de3
SHA14d21eb563addd866bcf01b2da8c2e1ae4155322a
SHA25692876ab77efe025de54eb79840f04aeba7939a965b64c318dcffdc065ef7e60b
SHA5120b6d347b4130a2152984a4890aea592f07ae1e53a20140e58ad01911034b6c2192dad4e78343d056374b0c80839ad65952bfc25c1005582f6dfd82ed3c116d31
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD5821317844a44a46f9b22bd2a2ddcfff0
SHA169b55fdf5be2743b0f2f0680ccaa149e3e3613d9
SHA256e22f52531ee89ea1b78ae7ab10eb2575e76c294e2f8c47bfd5b0c18efea39517
SHA512553131302ff8387df447ec5dbedc16a654e611bfb92a39f2873e22abd59bd501033e538ba94b4244067e35fc59d8795d08e37872126c9091c8894bb1d9d7545d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD55743baa06dcdcb860ab92ba8cda40e3b
SHA1d0f7cd80772e5ad424082390c6469ab8338dc890
SHA256216b5440d0683e54911ca7cdf6ab5b6aab02f6ecbb78e7f79368bdb7c3e7936d
SHA512e9a4196ec975c9a676a169957cbcf7620b3b41c60f2fa5d8abd8a902d8b90ea6820e2aed30f3ac9cea5e161bc99eace0b94fc57d85f0481ff01569c6e672f80c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD59579cb030e9ef6aa9abdba67d31b5ddf
SHA112b23bde8b71a0c2577f52e16826fb9a3fb5271b
SHA256a1c70680b394c7c30e806f2f0098bb843a096e0329fda2bb3ca974e3a4c477ee
SHA512e9b9606bd151cea2458b94be990f30071e29f611e09a873fe41b017b169ad81bf709dc802a60cb92cf190ba7979c83e2b1141edaa2a144ee29450926f214a590
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD523ad6f1114e82d6845f6b579cd9c129d
SHA12b2851eb79ea21c1f8be07b8f3050b25859aa705
SHA2567b617565e19bd0b0296d3995c6c28e64151621ae135e799da112cce67626f528
SHA512cfb13bb796b916cb5b38e7dfe4eb6602ae4cdba4f0bd7ad421cfe3a0ef1ce0ee5e5a5533cb846e32a09fcef3dcc61c7349f9e64573c539eed2e59ce0e041df2c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD5fbbf397481c9a22042d2dc290a2057c0
SHA114d9ce758072c6eebd94d818302518e60f608ff0
SHA256263a253ea7c0dc97e77bb8e2ec078193a2024b68c49a248c282102672096f511
SHA512795d144bc7d831caa8c5968cafa1d90df6b6b4f102e2f57b7a36c0c95f1cb7f57e0486ffedb2d24ffcbb5b1ec80ef5b2182e7a48b9122c0ad91eb2246ca93297
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD59f9c75872c808338d0414d2057f0fae2
SHA15d534a6e7ec709b2b7ed73a6a191a0f974fbddca
SHA256be8835cd6ea9678ebc5092dd2efb35f4baea5c9324047c7ea143df37565fa182
SHA5121ce7a742514dca9f4dc8681c04c36c1b109ace1d8907b3421c9cdd24f079562291134c140c44f96932cde8ddbca7589ffe3988bf1fe7718a119ee49f3d4a54a5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD52ded526b6e31a80bb81ef2489f3d9928
SHA16b1192e71dd9b55025937e7f568d6ccccb67e10b
SHA256f012f456f220406ed4166684577e8266a47204fc46dc69e766122577639e1ac9
SHA5123d4c98761d47d4c8e3b2d999d2c9da622440e4560911049fa4ff20b4fab1bc5e5b9f5585e71b1b8af75a26c005a28277587e838651c189ce8039e79b76bec95b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD5a3ae506deb3a965fc8c4dbbd6b872bab
SHA1477bd7319791d5c11271d0cf86a20f8b02029791
SHA256bc0ca76d94672e3961ca92ac4e60767e667e4e107055390eade7653521fca575
SHA5123cb6ab2b9d176c6530a3ae1e1bb7793a8dd846cfedc0aa08588912a5e9b8ebf3529f173fe9cd7922c49a7a118bc485140d4140ae04066094a171164bcf5358cf
-
Filesize
580B
MD56531f9bd83d96c9ce0bb41171738f447
SHA1702892ef7b7769f226286e2842026f62e2f46716
SHA2561b7fc4348c092cf22238f972223aa3582f01916118d21c117d64a723c9e76993
SHA512df13ac8d3f4d485afcfe0347cbe4bf0193b87d0bac7480c457ae1c5251eb5a8429d090f31e99363f7a2c1c8fe9420fabc87fa598c1abb8f06b78675b69f8c71a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD5366496512f79fd4508d0bbaae107beb0
SHA19541371ec96179770e113d265409f34aa56c16ef
SHA2568cbdc59708894cb4514f9ec39eac6d8cbf9586feb179f8a5f57b64c161197edb
SHA512bd1ae1089e169634613303b4d00643a86c0fc0c69025407493af8d3027989168ee331eccb352f0d8c2d182705ceaebca88b914d0a00e21a6a80dd8dde7cf5d74
-
Filesize
625B
MD5438b52beb11fdf7d731c0f561e5502f4
SHA182a6d1536c3b96ba66cb0323f3cf64947a10d73c
SHA2561ebdf2b241b240ee90b1ca656c2bc40317948b38b4a354c4c67183860fbc17c1
SHA5127acd7437a64360486b8c98efa3ac6a1f2c44d0681669ae954cbb0c824b9076116f271ebc9d715c0253140a884029831015cdee55230d0fb22032e697d1a1b459
-
Filesize
873B
MD52d4f256a5202d8b9b5fb8cb3285a0efc
SHA12da21934bde732312c3cc5041c2b41202017d4f9
SHA256a4a697a059852f3ea4a63773fbe6eed39f2e5f7b1573caec60ec1a8a2a38aba0
SHA51271f350a5c04eb42d58e8f5823bd507e4a490dac0895fa71db16080b4822ba035116829d6364f6dcbc175f9bb886e571fb24d77c96616ea6b66c7685589788bc6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD5f4230abbb334d8cd3404ac0c559558a7
SHA1e9675fdd49e7bd6165f5f53ba915cb0ed18f5757
SHA25639bbd70f2b757acc4de1ab1ba920cc3250e7290d3d05e38d8e896756a0d1e78f
SHA5120000723bde5cc7687edb06e39b4418840c53f23a53ede74be027a65261bc24681d944578eb6aad6bba117d1867cbf9285186969e24a46b331ab8822e4e8f65f8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD584c7b004821bcf9dc0574802014f5376
SHA1d1b1ca9b1e25a755c83aadfe996820e8d1df0bf3
SHA25671e87eaec8457fdcdd0e2d10d1a25dda9cc9c03a832bde37daceb42e2546a52f
SHA512a8e958734afd32bbe5a78ba4a616529c69480ad788046d82f4227f2586021990cc96a6467c29ae55e0a1c666dd4052509195594751afbfa18dc6a326486e3efb
-
Filesize
615B
MD5e495df40357cc0676fce13c11253d050
SHA1411e380423b5bbfed6f2c468a03d1bfea889a2ec
SHA256fe6aff1bdbd4d1941b9a24a600f6c846aea4b04e2f8a27a3234be615b227753e
SHA51292d4e57844463702694c63fde07bd36c8fc7277f558d46612194a559f66eed18f7de966432d4d410cf600b38552261c81d2f853ec79ae729c4c8b63dfa7c6ea2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD5ce7db716df38b8a628eea9133b25d082
SHA1dc767e62debf3990dd1ab4ce859fbbc6bac74ece
SHA256c389ca1a96209879bb7595a1b363ffe66dda04532114e1e54f5663644700be39
SHA5124ff7773abea67501fb25c912a30e173dcb59b6fa98e6d12315b9a29f85293b24263db81b443f263067170cadfbdae7a5f1b326d608754abc9170c93a5286f3e6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD5bdf0edf5d95a325b0cae907de94ea733
SHA13596347756ac3a3cc8b1b603d39039529e47aeaf
SHA2567b2b76b4249bda2dbb02abad832f67f19331ab089ddd3abb5e51a88854ca0145
SHA512320dd6320e46d573fb0af152a8f0a89dd9a4a95ef91b042845e6fa3658b99fcfd327615bfadb3e033c5e3c91783a6a54e0e1e188c8d5f7f43440841c5d15ddb2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD5d15937a1088861aa6cb44c362af6e6d6
SHA1a5fc446e589a284611994dc804215bda6b2a9606
SHA256703c495334c3c60f994c4bb367bd831cedb87528e1274c85d6f1b2051a435875
SHA512fefdc3b0684d465a1bb4c1c32840445ea119fdd9437a740951df67d66ff6968c7513112d7b3ae97d39425008764c4adcdf995a82e525245f037cdf7f48e6bbd9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD5548ee3478679669fe1f128896989f4c0
SHA162e1f6b84d0aa465b92bdec8feadf814c8676ba2
SHA256b1661f0bf6c9b87328b398d910dce08c67fd8f2ae6b07f1c2f59d8b9117f0c35
SHA5128280d7f0ab204ccd984dc38506e3e630eb8d865e5900cac18443a5bad29bfb1dd41aff4728b5827654fee85a5f8a24d5b750633c299535b8f98f987588b33627
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD5920cdcb2463bbc6b4e73c59e67d4c5cb
SHA14911333cf69f54564904b18b7ba48052878453dc
SHA2566e5377bd3ad56569d62622a35c62a9cb7ea591e701b3a5432c5ab28ed8431606
SHA51285e25fed13c8f1013353269bafb94dcc0c83328f3352586cf5dbe601f8777809c2fd842993595a5dcf8213eec8417e8fbb2266c7d726a1b7f84e8cf3f64bc519
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD51f686d5835494fe3e8921e815f2b7a12
SHA105b3801034721f56d237f0dbac9825df9b26089a
SHA256eb310205c8e617d4c3f94d61eb9cc232dd7f98dc236096f5bd243996d228ae5e
SHA512b0fcff202d81641adb7f407da629987d4730b909974ab368aa80266bf2bb05fb597c58edf7b7689a706ae28124ea689c1335aaf65bd042b27c30a26bba25a836
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD5acfd733d766a361225f3430f6f7100d4
SHA10afe13d061ece4f1e420fd3f8a02e1891fc14258
SHA2569587b5e744a6e9a10c908c08262b47e3761b1165bb7df9658402467f73e8b57f
SHA51244aceacd7e484e52cda51c01858a06478cef4231ca3f45e0b97a51a2c2ee7688b3e998cfbe51aaab85d73cb0036a465c68f79561cee66f09183d125d53a3b556
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD514a7592f37e31c4d7fc3e5e02cba79b6
SHA19c20f11707114458cef1d0b4ff5c879161d95839
SHA2565879bab60442e6ad4c27dabcead7dcaa8de06a72cc455d629d797a46f95f152c
SHA512b5193dd8ed9a40780cf7799dffcf8f8d220e838ba90e81f3528478ac1e7f09f06e165fc607900a9a91cc4db0a32d272c1ec67dd444abffbe2bf28bde726615ce
-
Filesize
153B
MD51470fad93db56a4a0d718ffb51d49e0f
SHA1ca143a882c1fa1312a893b3bb635d39dceb11fe8
SHA256936f3e2972c9f5dccf6000f932100f3119c360b6645c60189aea9557137bbc84
SHA5121f9dd207c0d0319fca9e4038b5f8421a25acb772867118240d4b0e554d221f8c86fc776c7520f0506ae13e359e46058e71fb9f28867ac9b4b5208ca3a220ffa1
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD5f31a09b82cdbd48e6922cbe2addeee2c
SHA1b786ee19cf82a170636278ebd0da539ecac7fed6
SHA2566ed7afbc5d377e96ba9469adaadea3fe041bb3d0781c806e410cf4cf0be7650f
SHA512079b28a412e97133197fc216831ffe43edd96817adaa88ceb3db8792594c35a517954b9106b156462818e6a2b18e4d7d6020f689c82b4657332433eec55eeb8d
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD54ee4aeb9a3d0c9e40173bf19a0142de5
SHA1766bb0ddfb7e014a63f199b6bd84c916370e0179
SHA2565e0407c147c823e33d2057cb6cc225f3be95d21f36f7d9717ceb7678bc3274fe
SHA5120346fb4c8288b91aacec2550f87902640800d55756e190f5a3e56458fc62fe01836806003d40f2b8f90ffff3b8face3a23f950ce5322ec851994b8cae16400ba
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD52eb1ea5e8d4f7c27e0f47f59eb66e2bd
SHA181b0623bca05bf74fed9c241f2e29e15e5eb292a
SHA25696001b2362443693cc1abf3aea4007029d2d6aee8a74b8132ae9a295498cbad4
SHA51224440a00df75340ed234cf72f8b8f5caf15a7599f7160ba9133bbcb592b370b7dd2bac0919de86245f84c14f1dbc52390febe7e90977d6713e733e1f74cbe2a5
-
Filesize
109KB
MD510a6c00979103841b6852fe40d199cce
SHA1672ab3a6e7487cdbdc18dc4218890aef843aa810
SHA256402664f32e5f1835392751c0b1873648d9d78f722ecd0904e0b9dbe089488948
SHA5121f2a8155c8c921e7aa2cec8ca7e378c130c6a190f434e1acd60c0fb487ef9b86894670a88736c153e01efe66ba7fcbc27f160b12a28c939ceb6c3f4939b29f29
-
Filesize
172KB
MD532a04c5c7a2ea12665004620237fabfb
SHA10d75d361cc4c94adb8a49fb2d9172fc60b59664d
SHA2561665fa112e64f132b37e048c3186e5432b1b8869407500bcbf231297dbac6502
SHA5127d3c7bba98158035d3102058b2c035a14fdf3ad0055d9d9e6ea0876f612ac0bb9a17fa2ebffca2e3832b87f62b246727c454a37a8a6c126d59c50b9b570279a4
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD512bf2aea42b6055240ed3f8fbf0a8713
SHA10dd363e0a1225883c98c66e26143303c8494d8b9
SHA2567c3b29f347a82f7f636311944e7c551a9321bd1bdf55f2c34d168a178cc4f245
SHA5128e681edb3bc6009812ef16c2051abe3ab2ba9da1ccaa7a9dd743b052bc6336e3792c354f469c1b2570fb9510ada29a5bb5da297d3be704bab2879d531c18ab79
-
Filesize
49B
MD5d869afd27f2b1337fa23a48c84e28501
SHA17aacb0177a5d8108ba72b096b38e84af0d9f2339
SHA25690b7be55d3d826c81300e61dd2203531196cc9c0e49ea4b2d6bf6f0d323c9eca
SHA512ac05ab57411fae346a69c847d39d297d22ab4d03899fb3d83f9692810380c5ba884cfd1f1d28939affdd676b08c38e0d1858c1070af77848022e9be3ca4c2e78
-
Filesize
21KB
MD574d98c5e3da22a7a52cc4ec304f8a036
SHA1e46ea0c465302354f4c8cac90bd4b3a0157c48d2
SHA2564fcafc3c6bc689208f8bf6d1dc79cc8efa7742811be3b4ea49af15896243ef41
SHA5122f567819637b1ec1610aafe0db4dfecb4c82575bdd56576496131320d2c5b9f965f7d4924a62ac03ff1e2c90c8b3ea3b8b3c7767e89e45305fa1ac80201286df
-
Filesize
1KB
MD5f1f586d7b21adedd6ed068633a63bd9f
SHA16f47ce84879a654927ef9c4df9ec70d6c402c2e0
SHA256ec3b00fc5558b138ae94a4635b05a2160ca04da7d5eaae365fb592baceb35a35
SHA51283cdfc0d324ab057dbc378edafec3c8a145772eb3197e5cca3a954e52d546390bd50ae2fbe65e2e2c19dea4b34e24aa4eeb24065163f8476b4082ff61e8600c9
-
Filesize
952B
MD5e8a4c82b6d9b8810818ed2a1f017cf62
SHA1d4b728b22a2ff67dfdc8039423381ce7b59ae261
SHA25688c45cbe53f55ccd7e8cc68987897070cebd95d059a8c0fa5d8cb71323e09093
SHA5126696bc2e6fb21b32236345954d4bcae9be4019170a7fd74fe3f6d731ececdba0928c9d50942fdab60d5a31cbc9fb219a3ba5028daafc3ddb3bdbd2b6bc035d07
-
Filesize
121B
MD59a9344bba4043f9304efedc3fe6c77e9
SHA1f53a2744d48d41b114044fa8c6f242a46034c7de
SHA256b41ed2ab4e618347b4a6e6fad0d2e100939072e27e79741f670ba49578dc8a8b
SHA5129756dddb3157a28563253d9904a476323f2be0f325187a91c78a08a9a7df47620e3c9ea96a244e08d3b5fd376470316ac88930b3dba3996ff97ce4508b67b3f5
-
Filesize
1KB
MD5dcb0fbce4b98a2fb2241e3c44b7e2684
SHA10145ab706942cda5a8853197df51680ccae2ab89
SHA256266582c0be83809ce4160a2a4788ac27f30bfff057f6890d41f89a46b8194c5c
SHA5129b11cd409dc22deb99aa6ea7561ad1dae8f2fe18c71f465197d4865d256fe542577b9436e65a3a766b22a71eea8c163a7d51963538cffd17ce22a7fd2f8310a3
-
Filesize
8KB
MD55fc6a54caff74ff95e79fee1592899a4
SHA153bd98d02e8b3e1c4488648d21fe01dc88005d7d
SHA256756036098d7d6132e83367cd74f0dec6f8ba41a0d759216f5f65de95361dcc53
SHA512cfba37c40f090930d5891fd882d4798aa4a4381b74ef38ac70a11623357920affd9e0ab6b960786d4e2df1a726ff4cfee8b06375368e1b9b624bdaf65b3eaf88
-
Filesize
61B
MD5e0e2fd46a068024fc5f521e6bfe83d2b
SHA19c12baef92f45c965bf3ff7c17027d4d315f6711
SHA256e8dab952037f0e4678caa50c7bd460f2da0145fc31ddc3ec2a57ae662a8d1ea9
SHA5120f4249d26267c61d884181ededf0e27c1cd1a2ed7d3629d4649fd416b8061caec17c4bf77029d39e047e127ec0a06d1e86c282b6d10add5ab54edb43f86df5ab
-
Filesize
914B
MD526e51a117a97fd7085ff773230f48575
SHA15f0b40245073c0e43655801d5a98c0acccb19ebb
SHA25650a1d54acb2c6dd7bfd38f0959c64d569b62c080e1a3d443fefc5eef62ab5d8c
SHA5123d628b17f236f7a061ae255b7199e7c044be84f76d9cb8b34fed3a2b5feb33e20cca200d40b6da84d3b0a9c85560fd1eccce70fbfcf22d1a5ce83558f704b09a
-
Filesize
90B
MD54b56328541e7224dfbd0d54a2121f878
SHA1fb32cf41791c1ce546463d498404ba277720c58d
SHA256b74bdda0bcde84436623cc414dcbf91d14ca85013e3a16b160532613c5dadba0
SHA5128d97fefda2165629f5be9489e3c6f6c6ff60986cea674f04cce75448fe8774a71ce2dd30e4b5d215aab705367e60b602dbd7279d38817b25cb666c3d61e5c000
-
Filesize
90B
MD5109a8b571418f26be383bd2801824d73
SHA16f56940fabe5a0ebaf386429c4f555b835bca5b3
SHA25662ca8216fc830acd4460c96530306d24c92af349c6d86e8859de4ecb0bdb8cd4
SHA512e84fcc2fd6cab3013d20682e880e8bf2b4e9e4e28df7de9c2b8435b587cd8aefcc3d19515b46cb62dd857c5e30dd539156e8dd4850c0f92996ff25ff9df4a90d
-
Filesize
328B
MD54edcde076cb90c231814ca3baf172f33
SHA10f58c29f107b3a1c696af64d3341665f7a192221
SHA256e2691d6211e6111823051d4d4e50b5baec935c467e930a6f3a3b77aa863a2ece
SHA512ae22f39f9c8d94ba3f43f5d1854fc3881961b080dbd2d1e5a372b302f973a4e31a5d7a2968dfa43d0afe7a50ebb5718ce7d73c70a8e62b7ec775baa115e9ce34
-
Filesize
1KB
MD592226de4841a539e7aea0c89b6a062a7
SHA15454f7ffc24357e8300157e36119448899ad7741
SHA2562204f239292c995d36088f4d8926967dda769ae20a7bf62fc0109bf2d2180906
SHA512791f4af121adca7390de9a950f28846c6a61ad039047762306966b2aa34659705da2ee72349cdf9b4956c7bfe5171dc77f50ec6df93482231afb9daaab562e17
-
Filesize
162B
MD56ba473537d9390afdf9016f5ae8a1f82
SHA1a85754c819d4240ed923250aa4d5fd709dec1ee9
SHA25674cebd8a0d07264d3dc823e49c2d5acd3b7e513a42ddd1b66371519bb41f588b
SHA512ac5eca102f9a0f57520f3c0ac9b780b0c60dfb63a77f6d131625e4e7e8502ce8cdd06a3a2b163f8344f2a0c3708d2db2267a083fe6f69bd90b9c8bb4ac426207
-
Filesize
586B
MD58342baa2b0e4c5f0affa0131b963d88a
SHA19dc3afe55fd7c29db7ea4037616d89d2f57c8032
SHA2562774b8dd57c9b1696d81027a47611eef692a1deca3accd708bfee49c9e4eec3b
SHA5127d0c8730b8f87d686c81d16fd327ca3250173685b3beac3fcfdca92169b3f756c1d29316758f469ba0ac8dee45d041709d131bb0c532d0c67f83f7d7a3d28f03
-
Filesize
124B
MD5aee29abc7b8e354f0344a560d6ae5b4d
SHA1012f9ddac666370251c286fe3c401f7e53ba9502
SHA256230193e53bd1e010fefaa45ccfccae4fe951ff064c1ac618a0b23957012376cb
SHA512d1d818dd33f987a5bb74eb18075a5abdc2e31031df689fd1c11d3cb6fd96dc5d1d726343adaa035dca58605f454f050cf95a5d9f7d326759924f97729d343263
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD5312215d77f6271963f20cd7867955328
SHA1086c34a4c016cf0446bf14bbbd6041eba2d15f7d
SHA256e0e35f0c0d2c40a8e15fd564fa443b908a5716aaa8362169228c5125e0305776
SHA5120560e4b140262bd5ffb9aad195edbc63059d2df8dd47b58cdc7e9032cdd011d87ff4e3c2f2a6c937d247bddb669659313c245fcc0e7afb681a19a525fb7801fe
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD5cca8b9844d808ab6d620c9531e57bb47
SHA1ef99a027611ea8d0d55379828075e6f67d410bb4
SHA256ea6ca7284aa7757de50ffc6677eb9c39233ace6d3f1b53b960d57b64b27f4127
SHA512e1bcc989619dc785d999f3b0e127b6079778e07d6f4418dbb4e24f4e67af28ab7987128ed41a354469b7e6524cdbef64ed75e7c672bc072b19d686cbbca4e716
-
Filesize
8KB
MD59744b76cc66a38129b158aecbdadb385
SHA16ac61fa6f83fc49e2963744db038fd1c26b2f64e
SHA25624deb06d2d8bc7d7b23255fc6be3574dbe461371c7e3db9f428faddf825dab1f
SHA5122b4d95172b0aca28068c7febabdda4226208d664fe1e414013632776884344cc69a333d8571abd69d79df7c0afac61fa80df23c21cf35fc5920a6a620bb70654
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD58235575eb5340db6127af413d4d2726b
SHA1d361672516740ee20fb3b7416044f14e821ed582
SHA256df3cb79040378c7cdc29f5788bc8faea7dabb1e2bde174f8b375d3703b140dbd
SHA5127b8f6fa1abcc29cd89c8ddf5a8da48745fcf0ea38216f2fefa7edb023e3e51facb4de79a2635e501b0e611c3652d12942b923f94da879b3e0e51b96d52589e87
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD5f6845fcd30c557536dab3d1476c3b3c8
SHA162f65c4a9b3eae20dcfd430e0553c9358638e41b
SHA256dbf2f4466f1c88c6ea170febe6cff5e96fc01c54b7542a6d0f9a3c882c7780bd
SHA5124cdcb7b49d1fbaddc27a099b1c54371899d0ed34858f365dcf0f50b4609f03259e5834c10bfd51c62d18e0b1b4a819bf567fc211fb183cabe3ded28659ab09b0
-
Filesize
880B
MD5a0220535848dc464faaf74c8a4af9386
SHA10ea808177c821bc1e8a5de4cd9921da72b35e9ed
SHA256b44029b049402b57e8b538a99414a63451fa513b3addd9c053e3d183a78dbc17
SHA5126ac2c1cdd275c840027c418b08801b7d439d7eba2ce3af52c1ad946cecc1973a50dc789b9cabde21e7f470cd80ff5ddaf65156a51b9f75445a55f81278596bdf