Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
24-10-2024 01:00
Behavioral task
behavioral1
Sample
71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
-
Size
7KB
-
MD5
71a135e0610b097e79fbdd4b2cf61d50
-
SHA1
56136f4d3ce97acdf810aad28c7538cde1a77737
-
SHA256
98603717c3251dbcae14c114a42a67c2a02a1457d189af7607a881e719039c81
-
SHA512
4c3dd12db86c0ea4516ec966f4f01bfbc9eeef75d60da9a73f05ded9e47af673f5ceeea18a5a43137147f1fc6c0a02d64e48be22719c535aa562380ced23affd
-
SSDEEP
96:2eZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExLeGs5MVaj7jRmW+WEra:Dzdrr1FG1WDCgmjPZLpbwXM0QpMUA
Malware Config
Signatures
-
Detected Xorist Ransomware 5 IoCs
resource yara_rule behavioral1/memory/2468-8404-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2468-8405-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2468-9049-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2468-9050-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2468-9051-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Renames multiple (2190) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\QdHW4g7tBB02tG8.exe" 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\gameport.inf_amd64_neutral_fe5c4f29488f121e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep005.inf_amd64_neutral_f2fbc5759618d8fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_neutral_3500779911f7f3ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_troubleshooting.help.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Redirection.help.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnok302.inf_amd64_ja-jp_708c81a8b0ad8846\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_debuggers.help.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pssession_details.help.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prncs302.inf_amd64_ja-jp_96eca15be06b1482\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wiaca00e.inf_amd64_neutral_5a376e6a7cb007d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\eval\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00w.inf_amd64_neutral_d4c93bb2fbf75723\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_format.ps1xml.help.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_command_precedence.help.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_try_catch_finally.help.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\averhbh826_noaverir_x64.inf_amd64_neutral_2fe3b14136d6e46d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep00l.inf_amd64_neutral_f1fa021d2221e2c7\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky306.inf_amd64_ja-jp_97f0de39317f6837\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\Msdtc\Trace\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Comment_Based_Help.help.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmbr007.inf_amd64_neutral_91d259640bad7d26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc8.inf_amd64_neutral_c93e7023ef90e637\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Language_Keywords.help.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep00l.inf_amd64_neutral_f1fa021d2221e2c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnok302.inf_amd64_ja-jp_708c81a8b0ad8846\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_CommonParameters.help.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00a.inf_amd64_neutral_d64d696193e69d7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_neutral_24c807694f614911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\Engines\SR\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_parameters.help.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky008.inf_amd64_neutral_9f6abc54cbf095f2\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\DriverStore\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky003.inf_amd64_neutral_fe7ea176f20ab839\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\slmgr\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Line_Editing.help.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_profiles.help.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\WCN\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Automatic_Variables.help.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmbug3.inf_amd64_neutral_7617862a9cc286da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mtconfig.inf_amd64_neutral_4de24f49b5e60c45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00x.inf_amd64_neutral_808baf4e08594a59\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\scrawpdo.inf_amd64_neutral_4c228493af8567bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_neutral_423894ded0ba8fdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_FAQ.help.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\XPSViewer\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_pipelines.help.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Foreach.help.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnbr003.inf_amd64_neutral_dff45d1d0df04caf\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\tdibth.inf_amd64_neutral_6ad685957123daf1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe -
resource yara_rule behavioral1/memory/2468-0-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2468-8404-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2468-8405-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2468-9049-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2468-9050-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2468-9051-0x0000000000400000-0x000000000040C000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15073_.GIF 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\sq.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01842_.GIF 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR47B.GIF 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsViewAttachmentIconsMask.bmp 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\TAB_ON.GIF 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-right.png 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\nb.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21342_.GIF 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15155_.GIF 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\RSSFeeds.html 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR15F.GIF 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\calendar.html 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\logo.png 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\month.png 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143758.GIF 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\DELETE.GIF 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0227558.JPG 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\HEADER.GIF 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_right.gif 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\SplashImageMask.bmp 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\vi.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\TAB_OFF.GIF 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\1033\QuickStyles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_disabled.png 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\settings.html 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\TAB_ON.GIF 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\settings.html 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02412K.JPG 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14795_.GIF 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21503_.GIF 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\VC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\CAMERA.WAV 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341559.JPG 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_Medium.jpg 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0387591.JPG 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\drag.png 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jre7\README.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\menu_arrow.gif 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceArray.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\ru.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Program Files\Java\jre7\lib\zi\America\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\amd64_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_11.2.9600.16428_none_0a3fe92b38dd8c45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnhp005.inf_31bf3856ad364e35_6.1.7600.16385_none_30e9a6119eda44e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-van.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9f61cc2a0b9482bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-cabinet_31bf3856ad364e35_6.1.7601.17514_none_9565568bf88b3e87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\greenStateIcon.png 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_9b79043567dee40c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-themecpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_eababfd66766bdf2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft.backgroun..nt.module.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8dbf2e4c46ccd2f2\about_BITS_Cmdlets.help.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..japanese-customizer_31bf3856ad364e35_6.1.7600.16385_none_bede10f970b1825e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..onal-keyboard-kbdbr_31bf3856ad364e35_6.1.7600.16385_none_dc997fab6806edac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_6.1.7601.17514_none_412fcd2afecdc412\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_Comment_Based_Help.help.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-rpc-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2ebeb7d7315a5faf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\inf\.NET CLR Data\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a4c9c9294fb161c1\picturePuzzle.html 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..pport-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6b91227dc652ae03\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_pssession_details.help.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-w..ty-client.resources_31bf3856ad364e35_6.1.7600.16385_es-es_16231a77350a8eae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..-autoplay.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_fdf2cbff82c7c27f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..mscli-pro.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e27790e72e1d1cdd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-n..ients-svc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ec129652d5486566\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..vider-dll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a04dabb3b308f22b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-autochk.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fc92234d1c61b08a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-clip.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5528de83f4777961\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_042b8ea19be901c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..ction-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_498bf70775dfa1a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-n..ion-netsh.resources_31bf3856ad364e35_6.1.7600.16385_it-it_570188e306c5badd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-u..lsettings.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9be399f36d1b1ff8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wpt-perfcore_31bf3856ad364e35_6.3.9600.16428_none_81794ce7f04ffd99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-p..st-common.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5d860bbdf3db0c0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-r..rtmanager.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5ae85f87f71d9982\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-w..ommand-line-utility_31bf3856ad364e35_6.1.7600.16385_none_a1802b822e2a878c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.InfoPath\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-console.resources_31bf3856ad364e35_6.1.7600.16385_de-de_31259e1e6d22b96a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.17514_none_85287dc2cb339adb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-n..line-tool.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6e0cd4a1ed891924\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..lorer-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1f9279b1bc764ea5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\msil_microsoft.iis.powershell.provider_31bf3856ad364e35_6.1.7600.16385_none_13ad2b6b48f855e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-d..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_612fa75af0e7bfcd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\cronometer_m.png 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-c..ent-xpsgdiconverter_31bf3856ad364e35_7.1.7601.16492_none_622a8c2c8d1990ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_45286e597214a485\403-8.htm 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-qwave.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_017b6ee6d82e017a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netnvm64.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6005b389475d0899\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_server-help-chm.regedit32.resources_31bf3856ad364e35_6.1.7600.16385_de-de_90d2f2c6ce2512eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wiabr004.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4fa7e0027b0caa12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-k..-plug-ins.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bdb3f0b12bf3634f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-snmp-evntwin_31bf3856ad364e35_6.1.7600.16385_none_b6a71a3466cfbde7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..ty-client.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6efc5c79c73e59fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.1.7601.17514_es-es_cef4247f7f524410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ldap-client.resources_31bf3856ad364e35_6.1.7600.16385_es-es_372c37e840df1158\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..r-webclnt.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ca302e6ca7955c8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_es-es_30e4b256155b6899\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_functions_cmdletbindingattribute.help.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_avmx64c.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_84b034cc64543b40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wbiosrvc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d42f5c1813f5d6ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_server-help-chm.saf..oncepts_v.resources_31bf3856ad364e35_6.1.7600.16385_en-us_820aa5e4ee8b4ffc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-u..lsettings.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6e9546a67203ae22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-csrsrv.resources_31bf3856ad364e35_6.1.7600.16385_de-de_30fc527ebfb55878\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_transactions.help.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_scopes.help.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..interface.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4f0f87c3a9c6b432\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.500ðóáëé\ = "MTCRWOVHAPWOSSU" 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MTCRWOVHAPWOSSU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\QdHW4g7tBB02tG8.exe,0" 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MTCRWOVHAPWOSSU\shell\open\command 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MTCRWOVHAPWOSSU\shell\open 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MTCRWOVHAPWOSSU\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\QdHW4g7tBB02tG8.exe" 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.500ðóáëé 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MTCRWOVHAPWOSSU 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MTCRWOVHAPWOSSU\ = "CRYPTED!" 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MTCRWOVHAPWOSSU\DefaultIcon 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MTCRWOVHAPWOSSU\shell 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2468
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
116B
MD57c355de1bfc0bfa2b77b64bbbf8353fa
SHA1d8be0e8da07423158c0f32116aff467b2d60119f
SHA2565f1b69c6d3495d094255390c44d1fdf6229264a5d08038e64824bf66ea7669e9
SHA5129e2c5f5dbb24f3a4aa5285158c07c120c6b1b00f06d7dbf22b1e2a39c57bd36b2d8c7a3905639494293d60fee2aee49ea194ef8682bd63a2ff7120d39b760ec8
-
Filesize
341B
MD56db98a3fcad043b3a69d3d86e76c8b90
SHA1245fee5d72726913e5cbd2685644a00561c69423
SHA25603316530daab7c8a77a7f6e4085f595b3a7d073caabdacd4f03ef47d7eb581fb
SHA512983c3ba5f1dee45ecfa8e988b23093266aaaf6eb205527c46a1f59b5bbc9b68eb83a80f90cbc05d99028e4df1898f3ff670a05ed51cabbaba60b1c57c7d4720f
-
Filesize
222B
MD555ee77626ed3974cbbe05238211d3a2f
SHA1aa9aac491f473c9b42f4d1e249fd0b4e6abbb21f
SHA2561018329f8ab07ac42b2c84d6d84efffe3c24ad9061a7e4cc5f4c2c67a724cf2a
SHA5120ad8ff77ef69e2adbbb4c8b2639392c3a39ed3c66eb72be302b7e7c940689e8a506876299d00038fe9f39fc250b0c61d40444c6686964e2c52b6fd7d06fd0c92
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD5de3dcf5a974df0ba979ba60f0fec5255
SHA1600a021cf1069bb7d72e18a0f318d486562e9dc6
SHA256408642b5a0c53aac6ba9c0de8514ed8489a010fffe6dfc59c03c11e9edb95a60
SHA512e6921a509afff9e3ab39300b82a55da31707a4dc09dc28ed7a3ced6a62e41a8bc00dc3896fbb0fef8360e2f7bf4deb9cfbb3b5ee23caf249b7b25ff0930b9f67
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD5750231055684ea8fe527fb0f3643a31e
SHA1cfc8e7df8b76190032812a87b311f049bfb2be56
SHA2567117847e8df9f32863b19ddc4cb1eaf735e417e378ea646ea47e28dda4947863
SHA5121d96d490775e35995f486d9952ac5a210f6f75b579819f2955811e91ddd046d612042ef4fa668be78d6cdb14bba2e9102d49a0c2462f0c71de9f3e63fc2e2447
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD5097a13ecc05f2bd122cae43f82d643eb
SHA10a4fa0fb4a0f1e18d72224ea232dfb66f40278dd
SHA2562d0b4809a975bfa33d3f93d87055852e532954d272b7cc80dc6cf780773d9139
SHA512aedbcc383c4e1dd5f29c966a0d45d6a662804f9ca37c7ec54e054dff7f4917bd194190f5d55511248a2f28f27dad76f250f2f011842e9ead451887e9bfa88520
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD522f4273defb5a0137bae19d313eaefc2
SHA1a3681ea6fd672e1fba8fac9943173426b5257526
SHA256a5fe0c358bdaa76481a4fb6c9519be981e70500976b8bb46608a24ded9056503
SHA512c38735426c6c329cb2f7c52e3da02df0cb8e31c11fa37dbb62cf254542ec670ba143487703fc72b96f611a9ac2beb3ebc100428ce509367cecd084af35c20f83
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD51ca139aca5f0ef7d7aa888ad58bc6f6f
SHA17045c0c2bc6ee3230c8aa2923b5117c77c153120
SHA256c235e8d414e943544f0326cf0a38899c02d4bad4d01c81190490236bd32d1bbe
SHA512f41d16d43a819021f41b42a93a1f64d3c2c7f98f50a32abcdd4dfce598612af2c8827d617d6f1f5c509efba5c4b6d4ad5eafb01259c6bfea80411e266235e958
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD5f99a9bbcb258754ed42bc961b7c9dfac
SHA1c3f0b69b636df33db0b3a91c35d7df81a5aef8cc
SHA256d74948ee5cd3b60b5aa9dc9f8b26d481f0f31896d59bd002856ea42921d5fbad
SHA512c244b8ebd1d3879703c30b126ef9c2f1873aa68ddcfa5593dec1901e64935c74fc45028dc90964b37026b0c04a3dd7b3f61c643cc34cbe32ebaaaa2989ef0edc
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD52774c0a1b44a06b47ec2e338e410b332
SHA1bd844ec9761a942c580704bb28b2a6978096dd94
SHA2560c698fc165d24463bb9a984090b58e0c4962efd5fed0dbb0dfcbc1fa35d95adb
SHA5124fff4056a1ce2eca10f2aed46da25d773dd36c48c2b74bbf8f7bbd6b838e125407e9d6c8bc5d113dd10e247bbaa29b45804d9744d76023ce7a08ecd2b319f349
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD5c824182f8bc57cdd474ef4c5c2e61cf1
SHA10db1bd06dfe54994df39e5d0c83a98689068e57e
SHA25605c15ab5362a1f57499fad9c225675c895c9527302c9d22c83657cd136a3f2b9
SHA51209cd51725d43c764a56ae2ff87a5df289b007a139e274a9102a16e3bc0c4a2cf6e1dc07d5213cb85fca8293df593b01921562dcee118b2eae285f7e9dc2f3b6c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD53ef50b6d6fabc0f2661d30d9f0b3a0fa
SHA1c2701b957fb25dccc90b5fd7ad652c304d92be65
SHA256829e268ceeac42fefc614b1efc05cf3b49ed920bd7d7ec0f672b5d37d60c8e8b
SHA512f7f4bf73c7539dc9d9529ea7df74cecfb5aed6335007c718a73dc010d3259df2bfb5e7c458803cd47e23ab754c552e673af2cd456ef2963f48d4106f027e9206
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD5392a40ad88901b8e6d7fa5b5144a542f
SHA17ab961e25668e4a1fe14a0f50a511fb5b1e17df8
SHA256007ed0d6bb0bd63d519109519c0f5f3c8f2d8a81784342b03868af4947989ab8
SHA512ab077b39a404bd1f7053de95e4afa00257a469a15567d63058f69eb0ba876eaf8a29060514f101b3873738e7a7c68155ca73a897e7c66ce0ac01bd1cca0875ba
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD5d153aa73762ca6766df048a3f248ddc5
SHA156cb156684502ac447e593a0ffb83644ba2f8fa8
SHA2563d9629ccbcaf62b54ac8448a8d9ef789221d0e756fb50459f8f83fed812813a5
SHA512a0119f2712cab122438ae0f866145f638ae7596fd941cd9ff064cd077df217f03958fa8c5ecfa660bd0a55e3a363357b351edc120ac4c1ebd3157f1a4ee20550
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD520f41acf3e9a61f1c7cc162ef345c2df
SHA1f40c4c6d33c1b7ebac7a80199c6efbf3fc555832
SHA2560f4ce68641114d06cf0eb615bedf257b6c85aef641f528ca283c26f15252c024
SHA51285988f530d1bf26bf3088f41e1b3a2e5cd2f635d48efa17b8115c228071edc51486867736aa2ed75d12a7614f8c3bc5e547e5758ff839d0d0ee3f62e81fbf7e6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD5e537f49035998e77f7ed4f4a60c7d5db
SHA1a94fa43cafb113a7204174c62e9228eb732c2d84
SHA256a190a5c45900a9c90050ec3e17f339d6d923ec8e76b6cc48b1c5b23c5df56c40
SHA512858bb5054c4c16dcbd19fd9b273f46b0237362ed303075d123535a1a6570c1c95b94ee57d6c7fd26a30008cc683ef06d3ad6181e51149452f64b370eb9a4debc
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD515765671a6effc7f81ee8d4a9f6ba18d
SHA1061d5b0e52ccd3808a0cc2e189f790f4d8d74db5
SHA25684d2e70c00680229ff9de309d2b59a748d9c0cf8b8d424d434c8eccb88b19995
SHA512e076aca76418bd36b7f49ff7807b87d4fadf1065d71cd5bb05ce810a8ce89cc35e5c780d3c55d6a24e87deff97e7071dc1576424eee8dca25ec8a82bbc9ef51c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD5441dde1367244b122ff17b3184fd49e8
SHA1bda3c696e15f8fd1eef668af1f45c67a7dad0793
SHA256c37bc2cb8d5eb64428d34baba02a99d434eed464074b4a13c456d24f4088e9e2
SHA512d4e251a77360db8c29c0b90a110536f69cd03d756e465d4fbd765214e19fae4777224ea5fa874e77a9a47b1b5d35b5c1b19f5a52c8df0f27ef013ae703faf663
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD565ce800f83ffe4b410f9d3973fcfcef5
SHA1bc79d8c9a3eced8e4a191ed0104461e09d3c047d
SHA256f43dfcaca2dee8364e16de291bc56e496d4bc7ead5f9b6b95bb7049716fc649f
SHA5121dccfef3453b1fcd7a9937b99c97f0d0bb289a74cb4cffb593af398aadd02a9cccdbb372cf260d8cd5abfb265b0a35531b43119c8316d0c00f1ed2630772f1d1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD58bbc5037529f91630b94e86facbcaad9
SHA18c5da41bd94bb98b43a4bbd942d32e0d4c0efb21
SHA25633b29c2778dec22aaea947fc669cf18b256b9207be02a6886a45d54663d14741
SHA51206c90712dcb78e63d5b71541b7841dd3147cad8a25ad33af6a6ed7719c07ea95c48f615d86ebe3981a9fa3d771ff199216ff74b67207e53d2bb97a528b84256c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD571b0c4593e80275a5f28f63f874a88e2
SHA109be7d72c80db91f5890185512833dc0550af6d6
SHA25660531bbca94d2f442e3a849d0e987ccc89a3954c18ea0edf3fa49953aae9b759
SHA512ac53fe6d255a39a7e3d2abd0111a3ff34423038bd15441081b6d30879cdc702dee99f98951b791929db5c22c1323e2c8700069dc60473e47e1f57ec2065bc757
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD5c125e99ae36a0a7ed4155ac3f412951d
SHA1b4d7056737d5f5552c8339523abd129d99e5041f
SHA2563e50928de2737c788f13468c622fecb3a76ebe2309ace8b9a7de8006a623dc3d
SHA51291686ee9d0ea45742d2de0deb4ab00c3a7639278b2ba1ef932b3d8f831d61453e38ac070d4ad75150869fcca2dcc9d3141d8aa9a8097f9e0a94955578f50fa07
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5aacfa726cbc21ae5c8f339d2d1a9c0f3
SHA137b09762e070d0b7e62cbae8280427ca7cc89900
SHA256c02f427d5da28d19c8712f94c246a8768e2aa888cdc4ce45496fe36b5cc1da6d
SHA512c5ef5e3c23d9f54d7c63ce92d43cd67371ac26ead654df4005041e2867cf78a01e44e8466c7bd38096d47d6a3399eeefc5edf6a13d533f39cc0e83b9dde2368e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD5dacc61512304fc0de403a42e7bd387cf
SHA1697cb96f96f0b628b82409a907899c493e84ec38
SHA256070bfd24733e97fdfb44da38cbce16015bc53390282b616b8b0bbd59eb4ffffc
SHA512f3dc9e8733e39dd6b6e6fc8c45e58ab47c6c11aa4f888f6b842a458e8dc73781a86223b370367401635a84797d3499154546e0f52f38bde3d9f8e644fd95102f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD55f7d191be2fbec393793892061489f55
SHA192b87b848e1a166c2e2e0113790859fc4e9e8ca1
SHA25600a899027da9c81ac6aebd97ee3aa033b37b1a2dce2496c5c1acdcc3e75353a2
SHA512ec43b0ec6cff09e3114806b88dd9510dfa9efc04c6393d894ec30dac2d20878323f4c06dd16549f06997f3d46e7299a43de10046fc9af65b9b925bce8a7d3239
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD5abe53103386a2807433b309c1ab60c14
SHA113eb1998a3bcb322bc4c20049a54e89ef108e517
SHA256c86ebed98034037b74f21183afc0df18cd67b2a510af1fcba11a82a642caf77b
SHA5127386b9033de55484850ed833b5d810e55fd4a6090c675052c1ce4278e4f82a50e828746fff025c639600f1036ebffdde6ea2262005a48a4501f0f2f7f17c3bee
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD55576f9a328cd602f02cbbaf902ebc0d8
SHA17dbb88f3bf95bd547ac307c528af272ba74c5932
SHA256c106375a5b335dc55c3ad74f5a8af63a9cc9523e236cf1263c30deae7576d4f8
SHA5129c93ae0fa3f5668c183b5773b67429faded7773cd4bc99b889100fb0b004b7da22289c05e4939233647e07aa837b48f87b3a952939bb9b548c32b0913e8c6629
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD58457ebc4fd45998240b7c396d72cb1e4
SHA11bf4b89569238002956e2b56f79667a0f43d3098
SHA256b05c188e3f3e7aaba92c95605757c2e8a994487ca005a14ab65443aede464750
SHA512bba1f252cdb1e7ff70f0e47199fbbda8bc0192e2c1c886bb55921b01a441e0b1bcdc3bbb815f553ab9c4e66bb20a32f6b33a797701aa46e957dfa141296be973
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD58a29609fddb7f9c51b464aa63d3150b5
SHA14f625522a807ee899a6ca2dfb197fb00073eb111
SHA256b96d78c5ec6f4a6a9a3945b06b626ffe4c179b8449f7e92c49f39feaee65dd62
SHA51228284f91d30f4f29685a704139050e4085fb4f1e685493c6c4e08eae87000ca3ff06f6742a084143db72d3b8a4fc7ecabdcc1aaec30833705295b7ead198d0ba
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD5d6a2c2ed3a79dfa32277848ea28be018
SHA19bca6e4f0acd1cbb5266d235564cc0b16a2c5862
SHA256b43cd422b4858f6bfd17212be2930f93e377fbdb37b23e00429ab20ea71728c3
SHA5125d4a3d380a2e7902da8ac81a91a618da2426f759ab1f7e1dadd870d9c731bc64424dd4d5dcb19845d687777d54c578981ffdec6d1d63d0d324cf09647f521ba8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD5c9a3364bd0fc61d4a8856d02df25917a
SHA10719760f115abed75adbf769ab4866d649f6ea6f
SHA256c57e55c8ad84b4c0ab3763e795820ddfb52996102afb60a8e24e033b3f5cdf34
SHA5124fa63c9b790b4d3e0aed902fe8ec054c76d4e4d072be40bd88b870fbd7cf11b236db9a9ec73daa661fdc088a09bfe3b33b5c0cd070654040c8b68f8ca3e51d0b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD568ec04752d777b3a4b618ff0c1957a03
SHA10effbf4767d758570003d0fd13b78ad8c33e5482
SHA2564315f66158d0005122f9e23d7fb7a73b80f5ee657e658c74e703f6803caf8be0
SHA51215b6236e1f6cc8bc5958d8a25530343ae4ca7d9c4ab70175bf0218d048e7c32336053fc2640888723cfe4f09c352f14c52bf0374a9b0965f3c3b7a323a3284b7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD5335b6e70dd8ee1676cd802246a83baa9
SHA1ff8e109ee72492bb3f98b39f410b401961741abe
SHA2560aae83d37030dfa2dd9fb7a2b1328574283ad190c756c2f6aa74b7b583dbff87
SHA512644911235056ca26f57436a410d1b86b1dd13f9ae17a95a455109ba757dcff1c12413afbed0312a6b18a987e9f95331182f95735033c7d67cb3f47dfbb3e9c20
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD5bd0557ccb772728f03aeaff5f5602dd8
SHA114232637f04b83bdf15797b42cf515647bc7c8dd
SHA2567949560892325550954e33ded7bf96132f98d655557f01a1ed363d5727b3c702
SHA512045610328579b6be347f869bea082ef1bfa32910fd3eeebee38a4f68d01221d702fd6e041843b781315f18dffc8fbffdaf1ab3091655b9680205dd4d885731d5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD52a65b2f1390d5a101130a2bccee50863
SHA12a40f04e0309d5c9c6026267ae90ddce905589a0
SHA256b770fd2c7b2acb36450410fe12cf8307636c525ee7493911df56da84ce27c248
SHA51280d7ae68690b975919b602250b274e2583aa72f35b5702bddd33ae320dcdf7be77524b4231a891a702870168630e40b63ebecd24a6001909fd739721277e0794
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD5959719a948f7979893d22e6f9ab8ab72
SHA124f6750d053504cfad62c58ebfa4a583ab8bb3ab
SHA25616a665ae98ee3342d69b4b2a951219ea90471b7b56079065d917fabfa07fc7b4
SHA5124b4b698d7e0a764d60bba1caf1de80067045efea2662881f60a123341925cf00c2172c6c61648828065a62aba9951571c58f47a5fb56be2d9d0b6c0d7edad63d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD514367cb3f6981571b06a6b3182c546fc
SHA1a289ea2441a5a951245bc358d55cdb757b0d20a5
SHA256cf93fc2b5ff90245ed10a2291c0edc9a364abb23f790fb54d291c73b8fe92bd2
SHA512225b4abcf71df04fa0d33ea9d0f325e3da7cfb44075a259bcc485b82244188fa54a90d799b1a001f5ca7362d1eacef0284a992c192585eabea440fcbc6739b0d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD5b8b9e938f6339fd5145b985e1da11c32
SHA15670d91208865e2566f437f04c667559484764d3
SHA25603e1a7b132e8a69d368cd8bd109dac9eadb3bd3cb291ce73ec630cccf7dc0563
SHA51248b840e26c9a6518b034ca762282f1a030ac60c1f66cde7456c654fd319fdbe2bc9c2353ad213f2195377ae5661bf2f744ff70e9b045e53d97b7aba62ff75e81
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD51ba0c193bc9c6dfa469293346666132e
SHA16219d9ba53fc8bc995242f146591b74ca6630a76
SHA256d392427b5ba43d6aa65245ecad25e84b0f306da82d5c492e4b0070baccbce9b4
SHA5123564f11f7962f361ebb3c6c767b9e66542ca4e69898128959ad5c4bfb988cac5bdd41af9111e295950655c2d248e545433d0280b54328c1afd0c0543464374e2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD5befc06281c9fb672f807bdea1a77fe7e
SHA1be7ca5b82411ce8311fd4d9cc660cad2516e0b89
SHA25629626c91519cf1a29f8f96b5ec78a08ae52249c9bec9b3a6964a2e4dbac544fa
SHA512e19cffef9233321505682a54c5c3576b2c1633900800daf2bff0ec84315f192a137cdd024059083305d6fac552d299b739425cb86eb29224731567aaf7259476
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD5c3aef0e4fca05ef8b33c04c8795b0ed8
SHA1c89dc82e5edf138e56e62cf63769b528626c8baf
SHA2565440e71360ed3946a64684ee4eca3a0771e1940957fa7406eb362cfe42a4b4c7
SHA5121ac6184380a225c765f6dfa7efa94e22037b0c9b3fc1933cd477a34fa39486b961f6fd678664b50b76967075ec9f094cd28fab97e5a41baad2532dc816143881
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD5ccd31679ee22beae52df61cd5f1b9277
SHA18fd812d39eb533f5c20aa69d488047e0c796ff97
SHA256a482052773b8eb9d9ca161402454a22815581608a987ca4e3bc6580f6185b9ec
SHA5121c8ca9a6a632defcaa9740cb8e5fe446e1444279d88d3865b182af445e83e8f1df699b75497cff7d53c5f5ebc77c281966ba46c10e51ef6750c60c158b390e96
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD58744de8d6fe7f05980fe4b374df401ad
SHA121ec057b5279852e6201e5323ab7d4258d4e9446
SHA2566ff03a2219a7600c7fa2b31be00273a2838f8fa936c07e494d50f761d051f95a
SHA51295a60a1df26e6b06946e623bd08b28258663447aa24b8316da569af6724d9e29fc5d3495ce46eb2e2fb2eb5243142757b11bcef1a11bc5dcf36d6e0991fb5e72
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD56073d3ea6ecf912a8f60bd3fcdf9184a
SHA12f20b3a6f80451b8e1baba3dbfe0b2cddc831cb3
SHA2566612a639b4ef124dffef77c20e31d51cb1b96b8627fc3fe5358c2b9f1b009643
SHA5125fa1c45224b0313378d7b5819ed825d89999bb9e96f4a5a28ad2f6d9237c3af55698ffacf023f735137bf161f8548f44f964b96be4e31d43219769dba48e90fd
-
Filesize
580B
MD583ca5e28c144cf83f50b5c64833eaa52
SHA18bec4b13ab2961db2861d07d1294ee5897a3a8d6
SHA256264a571cbc16695f149494aab0244ac160ca3c8ff04bec25173cf15dc204ec3a
SHA5126ed25b0a739a1c9234e11cc9a3308dae433590255364b7ae541b078d220b0ca16a555043b20196380051e1e22807210c64fb440a97840796be1f6b445f045703
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD58775fdd6c8afa27c5c43a46ccaeab785
SHA147d4e810de37dff55229861a627e590c11ccf747
SHA256033b5224f49c330e68c4e8929aad59b3803a3d401155a892c56584bf4d16011b
SHA5123fd02aa058d0d3d0f2434ebb89ea94d1cdf0306e4bd8e432af42172d3cf393bc28bbd873178100ca36c1dd386ee93c1c6e5aa4a741fb1e950bb1272feceb53b9
-
Filesize
625B
MD557483392ef54daeba8711795821c9411
SHA1fe8c347519a47b51af2f3d7407c152b377a7c88d
SHA256d2be5c4cbc86eb75952fb4b151af693f2492c33491402ac608e741385ba28741
SHA512279899d9b55be89ca4e49a793d302e61eeb55a1a9e05ca09c0283c4d32a8bfab498d182ed8392a351d48b7e357401dbc03592c3901976ca21c484df3ea9051a9
-
Filesize
873B
MD57919a0008afdb118ecc9148baf336893
SHA13809035ce7a0dbf713b9fa1c7158081068b96f07
SHA256b3ef4b3e9cb30a2af7bac12895c1922d9f30d16707a36ac4a9c5854f79ca0391
SHA51274ad53e38f0201f7bc3211be452fe61bc3c944aefe6d83979eb435d2cc6abd8cf78a17ce557133f1e455de6c77ca7d3ddc97efb20d168238128421ec9ae3f56e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD58f2d7752ca43d7de9c70be8fcaac9eb9
SHA19f5dbad94cfda4724c1436099127d93212f561b7
SHA256c9edc9af54418760aed932c32ac80882e04b9e2245773d6bf1b61323b8977bfd
SHA51218d3bcd1d2711013554acb2a2dbfd2d40256312cb048b5ba6e79776d7d503093cd9cce003f6ba6d4e9f2535f044b3cf867c317afe8b5918fcb71a2b918d2fddb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD5efa4d987b1b85ae3db9897a1bbea60d1
SHA113bfe6f1fa563ff4bd079b50aecc17f2a567bf40
SHA25649a8ce36308a72d00a32c43bafe6278f71e191d18db3440dc654e60c6122f974
SHA5125ffd36cfa23b0b4398b25d4a3ac844a3af5b21e53bcd9cef997a6c6f175626987551e1555d871963ddc66707457f8aa45f0a7b54c97ae665fdbb9f8bb45ded09
-
Filesize
615B
MD528207fdc86f2f8e16cde00ad4822a477
SHA13609579cb8da055feeb089e3937000a0b6f48da6
SHA25681fc00a5b24cc3db5ba7fc392af104300f4b17a6ef594e5b924c192bf1cd1776
SHA5129977f1c3eeecb33523ac165331d32619a7604068fb9b49cf797b4a643c96ef291e10af25d131c6315cf810a10c6bb60b0404a8f7696c795e2c5f81a3f6b045a4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD5ac04eb0f73e3df5b5614345aa94a9fcc
SHA18141197c84c90736c45a4965cf6fd67d4b960c04
SHA25681d8fb1447b44cf90e7fb7daacfc0b495b38aa8eb184acac1ffc6eba603acf17
SHA5126863ac7d62ec1b970f64a355e995b0319d3b28c527702ea17136e21af65825b86db3fba43dbc1c963e4ff9841b8be22593e55ab208ee33d108c554fc5f596452
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD5538025ae6301d2ebc32d7c4fd6a902c5
SHA134d0fac1b49813258e8bb99029c697a2731652b2
SHA256f5f2a020d3c7f591031b14aee83ce8ab9d34a0405df620b897777813a6993aed
SHA512febb5d2e744ce65c166a8da74cf0e9390ee4b9c325d2604b36141ad25f5945106e62220f29ccf1ef3d968c2c68d1a579c18bc6ec107ea4cbefefacad4f96ab8a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD57293d0eb05f77bde0922018070506907
SHA1cadd053b81213f7489ddde56a8e350d2694e252a
SHA25658b0bb98a232ed64a3e1ad71162cfbab5044ecbeccd260b5982ed2d9df581272
SHA512f2b67c6eaa89e79f02a2733b9ef99c6c3101aff0c7b56458f8bf88b284d0bc930df83bdc49f4295b45a5691e0a0cd6fbe0ba4e3f852091146af20f42bc60604c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD5daab4ab5ddf70793353521bef183fd97
SHA14e4fb73d9235bec656d3aba92d9588b6b05893f5
SHA2563040fc1df1bca61603d26b76435e78ef6cf09d718376beb60b5abbd57ab7df21
SHA512bbb4ed0c83e29aaeda53bda2f2676e2704bf8ad08c7a4707bffabd74a629c80a844e5e3fa6788954179ff7371b41da16d480e4bd8509382e6c677cf6710c0963
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD5eb42cffe739c63231ba60ce2f0722dc5
SHA1081d02391613358134a6e75f51d72dad7185bf49
SHA256b4b0cedbf35a0e848fd57139cb2bb0652217dad91c8b58529eb604fd97921809
SHA51257365b6224d151262ecee707a8314b3dfd1196e70df853fe6927b7a14b46ef290ce1baa3375895918a3ca4411b89e11e1f8ea384e6eca735f74ca0d2e072cdb5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD5a0674abea3e9c15d905857732c3022ee
SHA1a7090c51f1c88e5ab68d7b249e6da8dd8a6cc4ac
SHA256a437ff3e90064331fe8819c23e00362398bdf3b8052bd8656f12ad06072aaac2
SHA51289ca8e8631a1e057ec61ea375b5c2406e2e2a62b2f3207dc876537935a5e111aca60bd17ecc281590f079bbc151f169dffb4fe6088a9316a6f7ccd9018ce62d9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD5cf494545ddb0bcf0d46f24dda969d597
SHA1da3b19bfdca2c1bb5f8d03f2b2b81878f26ce7f6
SHA256550f8358f392b41a7c41932414256894fd4677cb86ea11541b56456f5460fcc1
SHA512b9c1b9d90c2f3bad4891e5b514fef91bd90579d335e8c5146dca24f47fcfed84476a489979e5fe53af76fa78f9544cc4bd21f0bca5dabc1c98e03efaad42d988
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD5819ea62f448455d3b5ad0658017b158b
SHA1ee57eb8a2aa727e6797155effdb4e4aa5022568e
SHA25679a55cd85a77be1bb53cb893d5f21054da1d13fa9ee3edce6b28b46594f269fd
SHA512a0b9bd85b3e7882e20574962da8fa4dea3f30b9294e9b0cb118ce84c6255c5deb42298db1c0038c35d6cbf938b529edd009235be6e623176ecc1c292264ea1f7
-
Filesize
153B
MD560d21a1685dc7ebc3533b7ed517b724d
SHA1e1691d64afe639043c37f0a0ef7fe95836105030
SHA256069bbbb07faa63009f665fc80ab7c46df08e793e1b2d3cd7e5f5671d303ac898
SHA5129651aae5818c10149a1857ddc02a38d5f0fcff61ba0975135888e65e2e891917594ed935b14b98799555f4f34ec3409438e631d7973f916d1b49bd383970a5ad
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD53309402e1013d5b586bf9db2be3a9316
SHA1865561c2bb977197eaeae3d14daac9e9d9a6170d
SHA256490f623e69377ca186baf978cc0964c9b75672e3e6accf337157b2660f951461
SHA512af136e463040059cc1c24ca04771ad6e01e364a93cf264d878acf6ad1f2bc59ee79a77bac464c6635431347ed755b4fc74f1e4a6ca7db639f5c7e01e8000223e
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD5302c39c2b8ecdc86bb7ccbdc639bf250
SHA1badac57f32627b2ea6dab0f73a63bb962ad67177
SHA2569e3aaf6642debda310807d07e51a9bc94460cda60a321caf2d76adc6192f27e3
SHA512975955feaad4783ed3a576db43889b1370014662a17e44422c64184049b8167e3eef49f15f7a332777d28fc05524e2942500804ac8033dc3c53c9391615284b9
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD55d564b1d0b1fb076a7d5b438583b8a5e
SHA17d5e695989f7c3f2241058aec415aeb9e12e5d31
SHA256140db9972ec87d9e9d4485ee2cecdaf228ea65fab393bfcee35ae5098a13c062
SHA512f3412be9009ad971f290a608e763a91296cc77b2c119069123e5bfdce4d78d97fd5886a30a5dfaf9b5dbc7d41758903dbcddbee65ab0c116b5d5c22717033af2
-
Filesize
109KB
MD56109bbf16c5a99077e0e5fd8eb94ec0f
SHA1b71a1bc05479784e9636301eee15d11ae3b907ab
SHA25622bba979880fec0ffde3fb6bb435ea3ffea967b222da8fb1a0f573def9269ba8
SHA512a5cb42979d44bdb9319da5ea49846666e0c5b60ac3567bf445845d7242332b058bd84f71a826b7f85a6879647205f7753a351eb2429913e1dfd15cf8d95ff52b
-
Filesize
172KB
MD51f2969f497484e6a56a3108b8f3194ef
SHA196e5caa0e0f025ed62355d40263ae1d6858cab84
SHA256bfec6b0717e220a4ad9c99909f20b79adf485ce5b5380c1fa0add8790471ced0
SHA5125e51211bfd9a5a5858245a530ac4a8c86d190962d9a0c09b28dd09e1821074b5b6253979a51db4429cc34b56f0b2fc6672a7f803209b26c5147c63718afb8c1f
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD5a6a3faf290238ab033b467a57c756741
SHA188b38d048647adc7bc92668ba09fe94040d07395
SHA25656d52b9f3cf356bd1d2238c3392a290f01c1888e9658528bcb63d6e328f1695d
SHA512e2e14896c6a91a2fcc6f200272c8df63237d3c30b605bdd56a2767f6e9ae56f2549e9f6eca633418e271a1dcc8b49e54ead3659d6f1ec8778f21560a5d6a165f
-
Filesize
21KB
MD5d365546f082dad0be972264cc41c60ae
SHA1fc2771adc7145f7b4493acdd558ed95a73fcedc4
SHA25681dac8da2106e875cfa3ef03829204a7c632c55df4e7173a157aadd527b3329a
SHA512f0be1103d140fb6be49f250251fa3e368c6fe2af0a61facbc36ef475c3be06bc01ad78ee61019a32e183afd0f9b4ae7e465cd71b166a1bc0721d5e4c97e56f7b
-
Filesize
1KB
MD5f809a641e5ca672895d9cb8e364da8d3
SHA122b63af0a325a81a9cca2ed0fa448f0ba0e7081b
SHA25638ff9cf8b25a0a5ca33c7d53969c66f03f51e9032fd6e7daf2331d99fe5cc148
SHA51253d95ec5c21a040de470ae19bca73ccb9caca9637156a38ad211faca328d79e2efa34ccde452ac46b729334961ec97f87786cbb375c5393e509bf2343eecfb8c
-
Filesize
952B
MD53dc090323dd1751617ca950c622f1b38
SHA15b6908a2ecdc5d01c8879cfbd808e702ec8e9b59
SHA256ac5ad363c52435f66904a7c9c3ef0a28073ccb571d01b12911f43de883041419
SHA5125ab826340125cd5b9adaf9ef6785a399da544d87572464c2b21933d407c4b67862764b44383088f5227d53e82734cfc2a9fd7950c0eaf6b8a5aa5bc77dce9086
-
Filesize
121B
MD5d1b93f7afd7842b35f6b6e7d92f44293
SHA10b38086c6fe78ba9608afc3a6c6c10350f41e29d
SHA256858766a66d80a6478ef8706b6ab6454b361516392a45d3e1ea87a583a6e8bed1
SHA5125c4dc86e2ea6f03278ffb5f6dbb80a9578a6c5798218d4b429cc02ec4aba31986aec215082cf456465d4f072a0d1e637651c9c00e8162228ae2e75fe0d3ceaab
-
Filesize
1KB
MD5967d31f1dfb9048e624bea6bc86a8c7d
SHA12ad3942f8df270619b24b9b0884028ecdc61b9bf
SHA256de3ee4f3901bad68cf8959f60ca8368d2d147ff8d39ae6875d82b0e63677c9e1
SHA5127be55edd0fb0b398bf1d888eb11ba20f73a8c29e4b1fda3a4d27139d08730d6de9788b62f78a2beae9c56829889bea07cc36151c779cd417f32d9968fbeec68e
-
Filesize
8KB
MD59406b78662db6241eb94d2d14a873699
SHA13bd299ccc0651e8bf59b6424669f845f9e1dc430
SHA256b9be86b1f85c7afec6c095731f1135b52b9731d00863f091eec7f9af8f2f654a
SHA512b29b3c87ebecbfad2471e8e1a7ea7bc7ee0fbf6533c7787937ccc10bf410faf4042b2ddf46b1c73f8b079d2fbef4823a39b30a4d09e20e39dd06e2f7ff865b26
-
Filesize
914B
MD5efa9300ef78f3f979ff1b75408684d1f
SHA1e53a46b922f2d4961997e8fa7c61f9daa2eb9663
SHA256de02a0c5e51e48f741679bd3e39457bedd1482ce34130066741d16159f0c534e
SHA5126d0fb8ce1f8328a63b86d49a1df38bc9626cf65b97ed445c866522511528c8523f06d35402f2f9daf31acdf7f71e72872d3987365eb2bf5d3a3d8809ffa8db2f
-
Filesize
328B
MD563982e2fb4fe0fa0f9129edf976446b1
SHA1f9fa2b7761d7ad53c606969d490576582a1411f8
SHA2563ebc083ae9ef41acd4608a02518d8529bd9523f603331ffb8901d1897bbd2746
SHA5129ee6b6168e19808019412e3a1f9ee16320e0fc7d3a02bfbe35777b8d55c9cd9b4957c93b20d3063cd4fb5b6cde5217efb13a293726fda8dc32266934a55d7358
-
Filesize
1KB
MD5ae5e0741b77e13c155d37b6780c5ab99
SHA19eb4fc264216beb8c1dbb09c2d3103bb5c1dff4c
SHA256dac4046426b5d4ad041d70ff86e03640e3814c12bbd7edde0ec355d008451063
SHA512f15ac0a5151c5de4ef4f6830d90192533fa46e9c9cf57a6fa695fdabccfddd7383379e03ed4582dcf110dece6d0de3c89ac674e50fdb615926897c01d03c6cbb
-
Filesize
162B
MD5e82ef45022b5694e579417830ed22758
SHA17594369d65065f4ff988d15a04449a33159e1576
SHA256eed7d0403834899c0d581f0101e8907516893b09a2b716b0f0a00e04c2101b4a
SHA5120dcb62207fd45b19b6e0f1486081e666ac450c0d5503f7f02993ab7613bbdbb7ca2cc99a1d63380e1bf3f357cf109524ff718b1e13dcecf04597cc3a2448d497
-
Filesize
586B
MD5ee830085e80198fe9ed3294124901acb
SHA19836f7e2c237bdeb53b8e5ab795c01282ee27783
SHA256ee5b0c26b44c8a51a1b66bfb75f160a8b252f0434abded21addbf1f1fb7b4ea4
SHA512e46d63e58ec2b53ff01a767b6578e3ab0b08f6ef57242b50fea024eb0df2257c9b855174278d2929bfc6ffd7c6e9e94f1ed582b5e7d5dedec0b782f9e4810734
-
Filesize
124B
MD5026be259634dbc4de05bec0799f6a2ff
SHA158ad79b1ffc106f7d42cc47560ac35b6a4413552
SHA2566d3d28064fa237563f088d3b325c0ba203309c6bb82f7ca7bd45fb84c23f15ff
SHA512945312a84bcadca87d82fe5b9e7e59c04c74b42b4ef04790ca329778475c23413eb44a46a01ec3abe66ae9afc793808371d9c4886be2ec5348df68b2d838670a
-
Filesize
8KB
MD5cb77d480373a2d123d7875146df86d37
SHA160120147e158b6f5ded6b80052b0680a72467787
SHA256f6214b98648cfcbd12a826c9967e392e11cf874388793070c9a5b91f356c313e
SHA5122b5a99b904c081037b5bd37e80d2c54e2bbbde97e302da3babe60ce6d91cc86b1d25ef39d5b25e164ef038d2d6068471746e037002bc4f26927859456cb37ae3
-
Filesize
880B
MD53016dbdf8c94577d8356900cc217f8dd
SHA140b1fffce1b89892265b5ee2aabd783cfefcde08
SHA25694f4a88e9502e409e0657e78eb6df6f51bfd531329ab0528df72341b27a0e703
SHA512c4337b300ff4d60656a4f89ac846105f784dc00388029b768140104df0e2056d520a9326b115bc83e7b00851f50cbb033cde26ce6dcae3434430cafc86d6c900