Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system -
submitted
24-10-2024 06:24
Behavioral task
behavioral1
Sample
72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe
-
Size
16KB
-
MD5
72ac44125353f22e5e1fcbc6432c8e58
-
SHA1
fbf12e5efb4f8ded0aba082d3855c245f13f6f21
-
SHA256
726fcc36cfdf852f0a226228d94c6257bd04f3ee6d99b95adc6fbc255fb0f315
-
SHA512
44cf444d8060afc8ae143fec477d9ca6a43c2abaa79b1f67c04d19e8232f2f140a97f0f1767dd0650d32a4a81284eb51c8d2ccc04e13c7570ffc940d9f773e01
-
SSDEEP
192:azdrr1FG1WDCgmjPZJI84WgxFkuYpMa27OYYaOCIX5jj2J/e8NrXtUA:aprr1gkDCgS084xFupVg48zrXtB
Malware Config
Signatures
-
Detected Xorist Ransomware 4 IoCs
Processes:
resource yara_rule behavioral1/memory/2840-8844-0x0000000000400000-0x000000000040E000-memory.dmp family_xorist behavioral1/memory/2840-8843-0x0000000000400000-0x000000000040E000-memory.dmp family_xorist behavioral1/memory/2840-9073-0x0000000000400000-0x000000000040E000-memory.dmp family_xorist behavioral1/memory/2840-9074-0x0000000000400000-0x000000000040E000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Renames multiple (2193) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
Processes:
72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exedescription ioc process File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe -
Drops startup file 1 IoCs
Processes:
72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\GNcWPTsYMeQ17cZ.exe" 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
Processes:
72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exedescription ioc process File created C:\Windows\SysWOW64\com\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky009.inf_amd64_neutral_8e54c9ff272b72f1\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnnr002.inf_amd64_neutral_37896c5e81c8d488\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmtkr.inf_amd64_neutral_8e3809aa77440c37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsMovieMaker.bmp 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_type_operators.help.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_format.ps1xml.help.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wpdmtphw.inf_amd64_neutral_a7a22bb0bb81abb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl007.inf_amd64_neutral_935cd017fcb965ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_requires.help.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ehstorcertdrv.inf_amd64_neutral_2e1cecffae9c899a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netl1c64.inf_amd64_neutral_30b0b06f47cab8cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0014\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\WCN\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_operators.help.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmcxhv6.inf_amd64_neutral_81ba64c5b6150dd3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx009.inf_amd64_neutral_d4b76afd08f308fb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote.help.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Comparison_Operators.help.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Automatic_Variables.help.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmosi.inf_amd64_neutral_932d048a735b47c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnod002.inf_amd64_neutral_a10c656b6c7c053c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\v_mscdsc.inf_amd64_neutral_8b1e6b55729c3283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_locations.help.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnts003.inf_amd64_neutral_33a68664c7e7ae4b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Comment_Based_Help.help.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Return.help.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Windows_PowerShell_ISE.help.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_execution_policies.help.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netvg62a.inf_amd64_neutral_5817ae5135655364\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_While.help.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep00a.inf_amd64_neutral_92a4c727cdf4c2f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx003.inf_amd64_neutral_d1510a8315a2ea0d\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnsv004.inf_amd64_neutral_fc4526bbfbd5feb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions_advanced.help.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00i.inf_amd64_neutral_09ff5ee0a0cf0233\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Assignment_Operators.help.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Reserved_Words.help.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx007.inf_amd64_neutral_0b796ee4978458e2\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-COM-DTC-Setup-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_requires.help.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnttp.inf_amd64_neutral_18b899bdc8a755fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc6.inf_amd64_neutral_2818f7b3b62bdd39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\tape.inf_amd64_neutral_c6a6811d3d827dba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wstorflt.inf_amd64_neutral_3db956c41708f7f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmatm2k.inf_amd64_neutral_64a8fb018ead55a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe -
Processes:
resource yara_rule behavioral1/memory/2840-0-0x0000000000400000-0x000000000040E000-memory.dmp upx behavioral1/memory/2840-8844-0x0000000000400000-0x000000000040E000-memory.dmp upx behavioral1/memory/2840-8843-0x0000000000400000-0x000000000040E000-memory.dmp upx behavioral1/memory/2840-9073-0x0000000000400000-0x000000000040E000-memory.dmp upx behavioral1/memory/2840-9074-0x0000000000400000-0x000000000040E000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exedescription ioc process File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0400005.PNG 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\HICCUP.WAV 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_s.png 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_up.png 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21520_.GIF 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\CodeFile.zip 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_h.png 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_left.png 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099145.JPG 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14753_.GIF 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\MessageBoxIconImages.jpg 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\System\msadc\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\System\Ole DB\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD10972_.GIF 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_pressed.png 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02187_.GIF 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14656_.GIF 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21327_.GIF 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Program Files (x86)\MSBuild\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_windy.png 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01035U.BMP 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\logo.png 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_snow.png 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02470U.BMP 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_foggy.png 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR43B.GIF 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_hail.png 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099185.JPG 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full_partly-cloudy.png 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseover.png 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
Processes:
72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exedescription ioc process File created C:\Windows\inf\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_mdmbug3.inf_31bf3856ad364e35_6.1.7600.16385_none_fb6430b94dd81b21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-netw.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2d8158ebb363221a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-uianimation.resources_31bf3856ad364e35_7.1.7601.16492_de-de_882a1a9cc27d8c71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_desktop_shell-search-srchadmin_31bf3856ad364e35_7.0.7601.17514_none_a9f0ab75af7a5b5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\settings_box_bottom.png 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\692d1ed105277febf1550c93d00cd202\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_ntprint.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_06af8c0d1e2a49ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-o..ct-picker.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_092c2ad8e41ae243\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_uk-ua_cf512494a37b217c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000437_31bf3856ad364e35_6.1.7601.17514_none_481110767921abd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.5.7601.17514_fr-fr_172b5419eddfc893\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\msil_windowsbase_31bf3856ad364e35_6.1.7601.17514_none_9926545e8de5b0c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-l..terprisen.resources_31bf3856ad364e35_6.1.7601.17514_es-es_0778e1220bffeb19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_47cac8606858fb44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..ntconsole.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8de57552324e4cf7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-shlwapi.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_52473d2b30b31bdb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-l..mepremium.resources_31bf3856ad364e35_6.1.7601.17514_en-us_f7ef33e70a2e2b7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-ncryptui-dll_31bf3856ad364e35_6.1.7601.17514_none_83a31e2e4146afa6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_fe1bfb48db8f2ffa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-a..rvice-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9710ce79b161a562\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..n-support.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a2e0a108fb1d9acc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..component.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_69befa0f99b9cdbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-nap-oobsha.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b856c4c605edc086\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_usbprint.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_751980c6d83e7b72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..s-utildll.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6f8968d7d8886e75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..nese-eacommonapijpn_31bf3856ad364e35_6.1.7600.16385_none_ede89cdbe9d4d600\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_Windows_PowerShell_ISE.help.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-ktmutil.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4fd61d64bea7fc2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\x86_netfx-mscorrc_res_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_c4ae794258959c84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000406_31bf3856ad364e35_6.1.7600.16385_none_456eb9d87c7bd6d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\msil_microsoft.visualbas..atibility.resources_b03f5f7f11d50a3a_6.1.7600.16385_it-it_3f448933231a51cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-m..epc-defaultlocation_31bf3856ad364e35_6.1.7601.17514_none_c31b1ef89283c51c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\inf\ASP.NET\0015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-scrnsave.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fc1bd02e1250048a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..cemanager.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2c493d3ffdc1b57f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_de-de_e1a69e664567dd82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-g..licy-base.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7438b7499bb92a94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wdi-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f019487827a47072\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnle003.inf_31bf3856ad364e35_6.1.7600.16385_none_3bd93998e623907a\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_mdmgl010.inf_31bf3856ad364e35_6.1.7600.16385_none_f9997b85348f7f3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-efs-service.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4b5ad37c597b9f43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\404-13.htm 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\msil_system.data.sqlxml.resources_b77a5c561934e089_6.1.7600.16385_ja-jp_ea24f6cdc947978f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-e..iewer-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d3fbe56a6abea313\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-r..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6716548b73337da8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-runonce.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7178bdbf3232c082\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-snmp-evntcmd.resources_31bf3856ad364e35_6.1.7600.16385_es-es_304b38ee1613be2f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_3eceef6140ec9728\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-van.resources_31bf3856ad364e35_6.1.7600.16385_it-it_fd3c4d1d187970e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-webservices.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0e8d75c5d7938376\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\Media\Characters\Windows Print complete.wav 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netathrx.inf_31bf3856ad364e35_6.1.7600.16385_none_cf0144fd71b44a1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-opengl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9ee9341436547754\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-l..essionale.resources_31bf3856ad364e35_6.1.7600.16385_it-it_7a55e8f5dc6ebb68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-appman.resources_31bf3856ad364e35_6.1.7600.16385_es-es_496d81b0d258887e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-pcw_31bf3856ad364e35_6.1.7600.16385_none_0c06880570316dc3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..dthemes-calligraphy_31bf3856ad364e35_6.1.7600.16385_none_c1407bc73caf8dfc\Windows Print complete.wav 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_sisraid4.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d18ca73d6791bcfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_hr-hr_d5bcc58ba64b77a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-h..p-listsvc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_604fd100718eb9f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe -
Modifies registry class 10 IoCs
Processes:
72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\GNcWPTsYMeQ17cZ.exe" 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "JCJNKHJASLNTBGZ" 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\DefaultIcon 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\shell 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\shell\open 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\ = "CRYPTED!" 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\GNcWPTsYMeQ17cZ.exe,0" 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\shell\open\command 72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2840
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
546B
MD56f648ef72a22a7904da3de08fd4a07b2
SHA16dcd74b159f584c64375b97d291497ffbc7d34bb
SHA256c210bf789f938a56da9dce3d5875d54c05f9cec2946a35ec8eb3b36d13a47912
SHA512c0a5c9d8f852eec7dc40dce74346c66e85eecd2f21524a5ab3ef88d938d373fadbf93d171c0883b081ec1a998180a949ba1d33510751baa2e81661d2cc2c3ec4
-
Filesize
341B
MD57bea46d5960d58104f0dc54fd4a98d36
SHA189d93f8573d78960cc5f1adba6bc4dfe97458a98
SHA256d22ceb226f65b9d7e5a0fae0592655ceef3678c919751e83909f4f19001bf6c5
SHA512a6e91d8a67adbdf506dcce95bdca37fbb58966e0262767cd0c3bca1c1c4fadf37b6df540adb6c0a127dba8cf8978b51932c20d9c5394e8f0ccf0ab668b95efbe
-
Filesize
222B
MD5e6c48604215542799106bb24880c83cd
SHA1f8d8fa91a71c24e38414a463c7a4fef05dabe36b
SHA256f511b5683321214ec2e21928afc6df6587decc9b480dd1467bbba60014955ea9
SHA51250031f74c37eb879491d6f844913da1a803b9a978106970337eda0420cbfea2534f6a0a5bc1b0cb5d5ea3d5ad2aa1bccae55470ce3afcb80b04ff579c6fe9977
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD52ca632fd110c97d7a02d03538ee14483
SHA1b4589852ae41fdb836f977097367cf49be682fa7
SHA256d33697912a4f8a71e4a215165f2db044d4d0cf05e1593445cb0cbe9fa930433a
SHA5127065352e23445c6256f56b80cd05b1084c4816488d6da071328b3ecdb57c8ea72e6de4b3f78366573fddcae0054d4d7f51d160b8ff6620cce976ceb2abc20c14
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD5abe7f09fbbf00d4cda4e2b1c5d106e29
SHA1d234eee2768924093382c15b26f676a626fd3e28
SHA256c9646be0320f3db2bff205013dfc48c1ab645dcd92c912c869b98776572a8ca9
SHA5120fb9663e89eecf03eeadcb49280c0096d9461e1eea54d8e0d1752625e91bbc5bcf4721966b79c1402e62e660b96beeefeffacdd9d13f233c2ce9af3be5b66025
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD5b4bb9945cd9be668b41860d67c8c4e11
SHA11e5ba8264e18950e605334026155622226b0939e
SHA25617a691881f509db091e9cb1672156b20b1530246e72ad5c5f41f9a2f9c5b7a87
SHA512f8d3b52690d80e0fb8f1f2894addd9a0f6cbadd51c40b97605dfece0d716231895b55feba60504f678f59c485a65a5335844629d2af4420192fb9cb6c78c1250
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5a2a2b9f367d2d4c016c80ad267bb848d
SHA13c3fd8b3cf923e5926e98af13e4c09d5c7db3473
SHA25614737cc9bf1b25b8e802a4ac6404923d970edbe8c7f197bb440c4497ea8b8428
SHA51222950f7f7dee8bc752e558af1a2b9f3ac5f170b153ca240c78244be8d5a58e4da85def49fb9a42a35077a38b82cb1f8b8c9a772149d4d07d976cf73e7d00879c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD52323a3ec9d5f0a345c1919f301ac18ee
SHA16ffe77d64b4d50b5d6a2f4ddfe030ae9a642f3b2
SHA256e001c9c479fbc0723b8d8d3ab4ddde47a7dfe531a0478164c8659dff529ff127
SHA512fa2b27b14e5aeda0580adcc3a5ce7519e9f3235946df5434e8a5fc30e099c5bfa3988ce06fd8a8b7add4a89211577e526e47a9a24b13903920290266b312cb33
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD5da066dfa05d7b304db6f91acd585d8ad
SHA143e71f4010865facf8331ec2855f35d23af88e8f
SHA2563417605eb5d04dfb12375d70d9792a458a3934b0b710b87d1875eaa57d1f932b
SHA512f478fbc7e92727b9570a6351322dec1e57a8687a10e15d4e2ede8ac0995da227ddfd2305c9a8abc495d40aa4d778a1d28c4f1b89f6db983c6feb504c39044d28
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD5577864f5baf598cc30647fe14d96ff9c
SHA1eed53948e3ef9af30fa48e78da91dbf999a889d4
SHA256807688da9a712d855296883ea9562d99da259b1d88308a005056d38242307e1a
SHA512a0ea7947ea0dffc1abf38d8da50a4ec2095ae9ce87c2a35055e008a6c15ce2efa3d2cdb6577b2be7b64baefdbf38507d4e8351d5f803ab03e40618ce706bad83
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD54696c691b12dd49d9e563117a8f66c0a
SHA1554f1ec36167c192d965a5d7e538c93d5dd7cc85
SHA2568f3f0d0a0754e758426635bf8a08204f32aed889ef3a00565939ed8b3fe42a70
SHA512327a1f8be48a5a1c1d84c2147418cd173288161b142c02af1a687cbb18938f32c4ffe7c6994590e68d03def5ac59a0da05a4a4f04182a36d1bb50d63594ba383
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD5b84351287c9b0e6ad4ed4f44964a4bcd
SHA15ed70eda64edfd99816d859741203c1480282cbe
SHA2568abaf5bb82347500aa591318f30ebcb8c6686f1e5bbe652764405c09a864fcad
SHA512859a161730179249fa52379d4aa73eda8e549f9f731b224c2752dfc5f8ae76689225ab24552fe8e18052fe035ff2f71c2e6ef91102f5f5429ad9fa5aa2ad4bd9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD5a98e4beb06bc0aae0e0c18c7cdfa70ca
SHA1aba50a075297fa2992b9379d54fcd51c1a371ec9
SHA256e5fb6d2ff5bd2947352155182b2ea5ffadff5c8e6ccd450d54362060eacafa88
SHA512a850ce5e304a4d61555bdd7d03e1e231b2b3f05df0692415c29757c9bbc5ca56b3d6d8d4aea068a8c402fcb52315c06badd01bf04797369899020c79612024a3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD5fb467ab745d63759f9d7bf1216df7f2b
SHA14d25641eb12953b1004058310820aa7e4eb3695a
SHA2562dd264b7e962c74b328ed35b1fd5991cb8473e74e1429e7547b4292ad608f58e
SHA5127fb712ea10f3724fc1361f46057b7fd046747d59b26fa4d42f069774f605116776f01bee0f2f7c80abb120d40b465d4a5b5aa0548d3d941865e5843ce732117e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD541ba9476425a50b81f5ae6578bcabee3
SHA1b2b32cf630f48659c3874fb519061b3f223240fe
SHA256532e6f28b528dc8a09a383fdb4438b7ee7fb7a9ffbb1d3a0d183ab5561cbbefe
SHA5127d66283d7fa77ff3a1b696fa1c4db620880007f2d7366180ea951eee867e676efd1248a63c9eed325fb64e1d239b8b5ea3f5ddcfccdf451dca6851b6ce266f3f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD532c9ba068feace298fc7710ebd035a9c
SHA1e98b71e1998f34d7c6f2d8e9182d50eebe4cbe42
SHA256a444c837e3408d5d9b7e2e1e010b2f132bf2a848793e17906158fa807ca00e83
SHA51229490a40a3e8af3af88e1dce2c2cc5709e19c9712e0d6b7bce4f0a36dc68532c1c76d851a16cb506870670a3511d8649755098644a298c35434f767affc6f784
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD558f6f39924f48f9ce0ed5cb784d91a72
SHA1c0810f8806ba4c535f8055fe91363a7052aa026b
SHA256c3e515ae5c28cdb6ff6a476d76f58f43c05c9c6f5104d63d462bdab978a55a2a
SHA5122bbfff67cdd0f708f25e25a987f0bb985ec58420cb2a114ed7124888d328a1e5b41af2807d8340fa655519a88505465007884cc9977ebf0a6d746ec9b1a8d46d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD564a40701f7a43eeacf8f3fcff3b41e10
SHA1022767554976feb4041b0dcd3af6d5c0bd30ad70
SHA256ec6fe3afeec30b996807c50b0f7c954f8ab503ad4233c7b81bc81cebf71218cf
SHA512556763e05fa3496001b0835354b6ec212d186f1086200f028542c82dc25f7c7f38e6be460e8a960c4b16d175f2999e4493b6f71abce6c707ba1f01dfe1a149b8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD526adee8cfe4b5b8ba187334eb7474999
SHA1264711f8eee5d314e8afe7d58fafeb30dfb7f1c7
SHA256723a7f7bf8bf988568d259bce853c5e2818a2626414d712468cec41f7369f7cf
SHA51296c868bfe08949030d4524f52a62a16c22e51648b3286b0083300baedb28d230ce7ada03693a1cca7cb12d794c3dda3bb2aa52d5eb67ec4a15cd895e7e6dc155
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD5c6067b885a18b6b8db19f3db3e9e8e54
SHA11012548bdd795f5b0cb76d4294ba3e0d5f9b9a78
SHA256d6396d4fccca4c6eab0ad84e312ad4ad10cd7dec1c83fcf28277d2c1234eb259
SHA512835d62972edf14a9fb5b2f8a807f3a80fc4a3e19c858fdea0c9a54591f8f6c2b9fdc4a8704e4cd194c1ed08743d3901b79b09356b6d119e516416315e7e6ace7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD51e4f83c2a0abac52a735a8bd9dae3dde
SHA19453502d5cb5a1ad5608eb5daf69fdd0d940d149
SHA2564dda1d07fff2a97827c997fca64efc7876bf735affd2efb9c478b9d4e4359694
SHA512ac056d385a4a8386ae5d1198ec45099607ae456f138859bdec01d8bda9a0649994642e1fb07bf0cc9ba16c05bf70a6efab6d7069c91cb8dae4a81a9bd8b21fb3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD529ddce6613e95501427e0c634d57d104
SHA1bfab163ad83bf1f1799b7b66c8f142d6f44ac6b8
SHA256db17c1de05e7d31955daa34c7c13b9cb867f4702ea2d32ab31213770be5f2e28
SHA51217372dedcf033b8356e171460044ad73efcac81f03aa327b3a14867a4caed18cc5ec370fa5aae7c0e085378fe01968e93a386776080be1a9a99cc43da8b9989d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5c11bbd80c52513f37929b98e8a4dc8ab
SHA1db3e8cf4249ba1ec64b3bcbbcd387d83270098ec
SHA2567f3d3da4c335689ddd3d6bf64911d59f2d01d6275d063db2b43076101a32d745
SHA512f53c2c09054cabbc402990e3e597695bbc651aebee1952c72ab5534864eafddbe0204fa92f48722fc978bb587ab1f0e68d79c774b3f327ed9fc843cc6d2a63f2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD5cb028f7887fa736534be7ccd1267c4e1
SHA12b9f6a658946d7691ce873b0d829a340516ef7c6
SHA256d5750f7e12637941a873d2e4f77d5c142cb9b49a095b603cf91fc1d8ac67ba99
SHA5128710782431a9634856eee24489223dfd41376f55e4eb54fba84ccefc34ea9f6ddc8f0ec2d0dfbdac5daf16ba55dcafe423fe70709c3cc75a4e63e005a2ab5c5c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD519ec95c328989f1854b9fe1b02786cad
SHA19409dba6dfcc3fcd417bc8e3569f1af54a6895ca
SHA256d4dbfc0b5baad77cc34b8d619f0db68c4003167958b311d164817b606f8f7b55
SHA512d02a2b4ee9dfb1506d052ffa377320fc8aca3f9f97bd4ab248cd749f153661c10cc945c0088f4977860d479d2ac551633255f23b5ece8d2550b330eab3f35fd5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD51cd955372f1a49d6e538b20301944e27
SHA1794e82371ea5eba3020e4cb3bf09b7a9db1d5985
SHA256ef3785a60edbf17dc262bb2ce71f0dc76d5d13d05d7ac6029ae5a8292a0d4c75
SHA5126d073e1ee3e71799c17c5e685cdd6eaae17420b069f4a418f8e4f7a7969154d5d5eb3a60924419a795db21f6f4f7101bace0344c837bbeb9a7bba4965b1674fa
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD553ea6fb9d894f0c7f898e0e147d72815
SHA19489f46882c7ad0fcde366924055d6b75f323c30
SHA2561a676d430c2c9ea9eac43bfbcdf4ea822e862b6d4a716a889d0a4d2c0e6214fb
SHA5120f40a7833ecbb66f09d9e41bbc05bfada0df49ebd88bd474f7bb71c2f36f226a447d52d5c550d3b7366423c82fd3f6d423c53b8e67e3b025666595e2684f59ef
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD5249a0aa2ec7bf0b07b7f241f1aefecbb
SHA1cb2d3c0ae6de124e0f5967dab3010372579918f1
SHA256d0f527f5381a00e53d66dc09978170632b0ba66591c8b63b9ef32fc55094de63
SHA5125e2b2e03f05b299338cbadb1f0881c26a2513ecb621345a1ad15ce42bea1d2800e6c591a44d4d6ae8502f772deb5c13667787e9bcb6adb7deb2dab8c499619bd
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD57f057f63e18b78445d42758933086d2a
SHA1e978ba33af70c0a00656078c62658d8fa21cd982
SHA256b545f3fd2ffb364d709fc163653f710f1f73b34419bd9b18f11e773b024682a8
SHA5128c200bf44f017d3ed9161855d787529e00238618250de28b6a107bf5f0b6b6d387967852a71041bd6d4c0bd7afd2e8b38f3a30fb11888f366ce666ae10100f0d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD535687fd3f34513b1b242fdfb509d27ce
SHA17bf1973b3cfff3eeaf1336ecf914de2ea462e3cb
SHA256fc2ddaa59f880e8f3d7996bd61b36e9c3fd22b7980459d218d7eddf9c4d2ac4a
SHA5122f531b15686b27b109a72b74248ea339f65a59d37064d4a2a1ca8b9212d884b6b061805f03d4dce1164afa999efd2ea9a9fc9fa099a197f872fba577cd1a435d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD518a18643c90a16fed7082af83e17c89b
SHA127f82f48ee87795815e192f77a10338ff91f5f3b
SHA25669e81b22242ef9135ee4bf6e03b234da71555b47df267765140f85e1cd1a4be5
SHA512817f81fe8cd4ab5f2653f66c5c591a1a81ced26052e2c5d37c830fbbd1b27cca34caf449cbb0b9cc9e184bee75a7782d0f7424a108d88f1f3d1d65a1901a0e17
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD53b1dfa154fc74aaf54b8d0c4f5c1c74b
SHA197844fd9ac37a3c2fd5dfe04a4ca713c6acfc367
SHA256ecb6dadd9fe17530974b5996024b737273ce02e620fdeafb2e7bac36fb0fc1e6
SHA512098544b31495c37ce21c93d233756ab61d6ec467cacb82a547f027361586a3d887258f7ccdb0ea7ec3919efda6fd8969b988f6d4b6d5b4a7e6725f7ee694ab33
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD5c9adaa03684213a9e23009f2b1116099
SHA18209d8eb33a6eab2f897a44d6ecb4649445dbc4b
SHA2569ea81aa4e63da10a529349b3083a48458ed8a57790244edc22ec10bfa224eb1a
SHA512592d6ef77bd808470a0ce1c9616e701aad275a61f92cc05521afedf88d45874d5bed290662826c0ee4022208b1e847925dd702bef6097333722d837755d5f737
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD5b7f1516f48768f27a432a67f2df6462d
SHA1cd22854e15c35822c8c3e400b273af8041a15b0b
SHA256f278cd0bfd2e19254b56534e0363b7216230340c163335ecb3ee9382f3df4a7f
SHA5123567f5de6fab794974efe92af46a20a82295332975e7b3a12520906180c5be6db9050a6634a28fce7ce6fcf70a34a8ec8ba726824fdc3817b52e1a558c39e5b3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD55ba3e287921eb88d2e2a783bd9179d4a
SHA16bb739bbcdd2092154d284757897dcbda669d9c7
SHA2561e63cbf06a8f54f5a2827ba2dd946ee4ea4e4945086affeb7bce002c1e04dfc6
SHA5125346398970f327a292ede7ec72aba7484183f7e6115abc1a3654d71fa52dcc97aef48093b3fab41c7548c837e45fa5220ee8bc5f3f4a0d9a74ed11a73f4c871a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD5812f026b50bd7b1ea01e71beb3776e03
SHA112a21f21e004fecffb859189c2fcd038d8113144
SHA256cd97e43d7e563ef030683adb669da3acaf9d1c968bbf3ab3676ea477a703ca09
SHA5120e1e30a3d1730769de3313814a0da618ddb77a6ec9a21c0a32b411100af037c50baa0b6e66344bf2393166e1771f1b5b0c07d605c99fa8bd1c984d6a49a6c9bc
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD5468f3032e40ba63d116cf99f635a9fe6
SHA117f34e9521a3166cf656ab2388f524d1b736b4f2
SHA256e78004c639ee6efafb9bda3e1563afbb37e049969bffda28d27c96958a2109ce
SHA51237504fcdb67bea6c7097c41dca4655809385133576b763e81874b1b3b283b6357e4648a8c79dbe8d71737545a47d2b69aab21540187b714f9854ac6fdd26983a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD5100a534178dcbf448c24739a82a707aa
SHA183d46d259132546304d4b5c1423390ff0117f5fe
SHA2563b0234f1884257a3ae5287a10b60b9cb96a6adf25d505d39db956827a4857fd1
SHA512c54b96a293c1e79b3146a24a82030e91415e0aeaef650aa6072e5f5f5c7442099c9e5e6c6da9cf36b81011b8c6836de97ba7940e74b2e44f1435434fb61728c5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD56d0fe54aaee6f96da6d42886b2ff29b6
SHA1dce76c6320052b120c446ad31166a37fcb4188cc
SHA256067cac75eeef4035c1de088119b7eb6b25f0864aa7767497149cf27ffe74aa4a
SHA51213fae1207a678e7d2b7c48fdcb8e7772df9cd02cb11d7a8a8c84d50e94740191bf9c369be6ec24f61334fca2620c3b2d4df1c56ee32a0b5051b6658aef30be74
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD5805e6a03c166895a9277f83f46fc6837
SHA139e85c4607346899a15da925b380a0c3707ed166
SHA2562531580c09974bb8f64e45d2bdc6db192ead95ed53532a60978f07710bf45f53
SHA512a9c97fca772c86172aed29323a4c220d2cea53c438d718079907d3a0f42efb7d5bff709f5657521663df55e879d39c6018ceb7934ed30bcd9e4876c5a3f98f87
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD5e1e7e8bb8506c2088b243b434cd3a1dd
SHA1754cd6202a727c94fccf2170c5ae221811c5733b
SHA2568bb367f00770b4778b06be8a262848ea1ed3aa2030203168fa83bd4844f3bb31
SHA512099b1302652c2caac8d77776fe460a3f1ed199e4dd1b7412ad6e2355ea8b285d10a2e00134bf4764b10b396105c808e740a87a9a79eac703c0b9c086dfb38687
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD5db5733edabe7a0b179dec998cd34b7c6
SHA1baae6b2d41227f15322087a16771d614c1bb24b7
SHA2568e2cb930b8249829f58c69bd455577a658f62687ea59f51f4c764f51e196a3c2
SHA5127154e921f2e35230187bf69bad7c2488b19a6510182cdcb186c31e96b4664bd58a5c3321d6843c7bb66f7f2565e8140f3f1b347910bfc8060e4a9811ac471a38
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD54136ba98f6ac72f1117f7258679f58f5
SHA1bd7f2e996e36d64bee303ffe257b5e49a5dbfe3c
SHA2564642567889570d650d06de6f7f9e742157976ffd7bab39d7fff2cc8ae7bf7725
SHA512aee805415a69c4e0ee63382967d698dc69355c3a7194ea567391f9faddd7dc16c16c779b9e7e1bec8ab40505c72446ce7fac9f28df042bbbd33e07d4e7196183
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD561dc187d50c676254426b470d51a639a
SHA1d810a46a81ad489911031bb47c9b0e2e3e8e356d
SHA256882d58b2e319b1d6420191fd9a0201389b3c942c65af44413119c9c1f180abe2
SHA5124798ad9b0837c694a3c565ef4e968e34766617dbf9275bd6271722b564899d6136ea32e4e75470de48191ad13ec74f8257a41b0d701b0c86f5db717badef455f
-
Filesize
580B
MD502491390de637110c9d75c622e0fd1f1
SHA12653edab4b1879903cf65182e49a85f06b93699e
SHA256e2ed9fe55d67fea0d6049d505f6f23a001212cf59c6e4447219c6d7c9c431d09
SHA51225cb95a97d5dcea8aa0c87dc91639778da2ed93e7e20871bd41b91c2b1ae7d29311e283901ed80b2299b5ec14a955e27dda71157ca51e324ba4104d5a557630b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD5672a93e88109abc9ec30174b10f33b1d
SHA17756f805789aea9d1c5d6a232fe8e13bdfc0fc88
SHA2564a3b3071439eb05bfbba484fd4525cb36dc7a947a6ca59ffa0f2ee1fa5ecc91d
SHA51291d17b640bcee3f6af4ececab969a26ae78fce94b6073534c5b82b26fa0f2992f32269b1baff05f9b004105e5ab024b33f2fd47e9f9cc81a50ee6c0192f955e9
-
Filesize
625B
MD50df2295721edf93a94408de7c548e416
SHA11b4eaa6766e9c44d61c3b5c32ce5d69ac8586e7f
SHA2569c5ccb9a80b4938c93773a1afeb17f8e3629243a44e9fcf10c194bc6cbf9c203
SHA512da2e8e35dd716a1756bc91570fe70481ee92632b3c320583d6c1f3fc9c1e8d72544da8682a1f1124d5763b52896fc84be0e376e8016ef674697ff39230dad870
-
Filesize
873B
MD5daa0b6e36ce670bfc9e363893356ec64
SHA1beb6acbc3f42173348147144ce9c84de1bba38ed
SHA256ba4bad41d9165308e98bdbdc2a5ad6db4a2c66f865bb02f1c5a9fa6baeb9fc00
SHA512da94e2a915ffa44d38f122cd69a77e490607a4f9703dfe5750a4e1366846c58dc3c0af717c6c5edd83b57692afe54dc5c71561e4d454d68fc84fca8e0f1857b7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD5f7b4ba8a604c039bb7033fa0a3edf397
SHA133f55d7358e88a5878fd9fd4dca1b2892efc5267
SHA256e1a3f3137de3ed8c6f8df4a35addc1e8a06ad98ee117c3cccdd2ab23558f2562
SHA51212ee08dbd37290c4347efc3fe9a9513e44bd8602c6ed1e9fbce5ee8b8df8f6cddbd4e3da8b3c69c495899a4047d2be0f1cbd74515fe7f7fde849680a5e4aa8c0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD5dc1d89bd1d74dcab82c33f71db4b8df3
SHA15e736e0ee83f5b0ea85cf1339b2697be43e174c2
SHA2562c954f0ebae81832f49c6040335d22b3a010ce305f5bb9974f4c70f0b1c12f09
SHA5127464c2b6684ce3fceceb7a9d59bd5ffa08e310d7577fd5622c4651e1e7f0cbf5c5c3b94d1c537482d18fba11c54370ce197e025f511d3abc481a2273b7f8f3a5
-
Filesize
615B
MD5291b65465f5339296ba78bae9f757d9a
SHA186ed692b645d46f145f7ae52ed4412c944327668
SHA25621bfd3e9e70bfca4f68d464d62f05cb1d3800de56e619d7aa8c14f1cbed9e98e
SHA5124f923bd3244e025f29ea1520acde604d610f9cf453d804736da41bcaa88675e70967eb466586ff4f66cac59db1dd7739fc3eb91ca359392261d7492a8363d66f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD5ff1b4bdb676f19564289b65822fbf254
SHA1b0a0e0efa2155acbece8ddd3e04c204322c1b806
SHA256ad513bd00d5d2e9707887868a434cda8ad975e33d9633faacb21650bb0ad363e
SHA512987e3e8dc6380af1066bf396e116cf3c9262852c0a3783f9bcd2d64fe86067d8af3be33e66317c7bf12db58be31d9ae34bd44b25ce13dc653d0a3eaac038368e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD5165ed7d34792b1f3cd510144d2c04d25
SHA1dfac2d536e61d1aa5c5a3d3e4a1a6f98c3618e60
SHA256d683aa4788ae465fc40b37b6b64213815375c888525f8e0f548e0c8386b5e2fd
SHA5126b2e9e5db4a35513e2014084ccf6ace95d9d8f6706c60f69a3c49fa986f6a720dd04f4ba5f995dcea0b29658f5a17bdb70a3fcf3ef1b797de67cbd2e8dfecac8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD5b899bd7a68dcd72d572b30884910f04e
SHA1454f8f948762fa42b88ce62c660af212bfe018d5
SHA256ef5bce4ea1ca134cfd16bd9e86a3bb473226ee37de21f827c0f68912c34d7645
SHA51210a6597b064c478d88a2479e462570365dd0d6e319f816db77ab0fc480761afb989a69d537ddf1a5bd2e22bc3d3c71d50dfe4f3ad1bddd718f98c20b50463143
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD50251e651165408ea0e1c25e1ceed6d4b
SHA1e1dafaa2682dcc6458a3b0065bb5987553a38c76
SHA256eeaffc7c6399627542c2ba046f933ad4e8843296c697260695c9c79f802cd0e7
SHA51299c30d02fd18883d538b0c093cb28fe0ac5dbc3acf0a93b3cb74ab97ce1624e8789658aa3dcf7f3160b3b02b1ca72898ab2827cb4ad51b9add631836317dbd54
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD565401e0a3d4cf27ed4c57c101da7c033
SHA119d62b3c21eb4b36717edf5de5ef78dfe656b2a7
SHA256d03b41ff98d3c40ba812a67f4dc15d8be34d12c039ef1da4819338874bc2a5ca
SHA5120305d64cef65166a7460a41da81076aef3a71cf080c7f7faffdd60cf7ea3d62bbc7868cee9f9cbb3af9e13c38f630bd8e633e271ac1631621ae8ac4e0b96f97f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD577bae7919bd515c03d1a20fff390749d
SHA104f1cf53444d85bf430aa9c16debe7b752196f4d
SHA2560be3b726e4e545dfbcc893ac9101921b75323ac53aa359b1af07ed5823e9c749
SHA512fd2f94250de2161c5d74e56b815657057c38df7a5b658222b7095b9abb7eb8296c077b5a6e0ff4191afa8e45ddb6c3aef073cd718a3455de2a0463e1a36dddb2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD516da124d2635c0c039cd8df530b56814
SHA1dfc92e6202939029e525c985fc423e23d4092922
SHA256a1716aa49687e0a644b0f6c0fe0258dd39ca4441c3844abfa34a98b44a3d503d
SHA512b7c401637357bcf0b4658f42a33b54085be1a8c746f53483309fab3b1ab1619448cf7cb3f324b72d4e22e21ab8eab87f4185c8473bb2df1539d6b3f92a52efb6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD55719b3659ea7b98966ea625334be1228
SHA16ab9608b2654a6f03eca5965408c0100eb2723b4
SHA256b4f61df4bf46c484d1c42bfcff2e14905b213a2acf577555f9fb819d8e9a8254
SHA5128e9f3b822a118f1e2e6641b0ff92b5ed49c73410c6d3615b88f94811f61a31967f0d520a687ca9cc3774a7bec7b22f18b435416097750d6b03070a34d9c576dd
-
Filesize
153B
MD5f99f517a9d62044a6ba96e5514ce99e6
SHA159d39f93c7f3a6469361e25f335f8115d3cb8248
SHA2563216891a9fedb9e9a02e4fc32b56c2ab5f8b6ea013e27e1d8ca26e7f05642961
SHA512100f3118f495aaf087fb638314a5572b5ff06b147d206c6ae7f5b6551b97e39a514338709313c224acce7b2f735adbc51701676712eeba50fd681b86465f8c2f
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD573e26ffc2f27f3bc58fe6d23ad2a6655
SHA1817cd7793af53e940ea29d1be51b25665d9cf639
SHA2566b87a7fc12dcd4a25d31ffa7d488191730f333a06ab9ea3a57c236488a196fbe
SHA512f52d66da22b576ab9e20867510d40f25f9f5896fae1fa24f3175587df32922fa112edbb4ff77517745a59636e9440544c08cb8e1c75fb9903f4065b3c6f56aed
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD56fe875f535569b7bb4802491bdb9ef7b
SHA13043d3bcc53afdccf42df675e8e0dea2a1615535
SHA2563bceda4d694af050395914a51b8b48df9bf222e3dd217bccd709b9ace1faba83
SHA512bbb9f9e8baf71bb446af15e66f2a6a943b613cfc18bdc8e1f46cab4575b549f9db663c82cbf2755644786c35b192dceed8876f4f7b537eb62199e1cd746482da
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD5720d4201758e5272ba502fa08e5ceda3
SHA10d95790ec67b7e9706c132c77a4e62ab05851e21
SHA2565424930f701154fc9e05d7f610372c95463c7d7fa0a09056a658d10865a85553
SHA512951cff8429c6d1a2ea63c0feb8cdb520ed386bbd896fb8ee33bf136da1ce8b1aba47a83ee84a634f458a8017888c0c4415acfe0a15259a2f18134c0843630ff6
-
Filesize
109KB
MD5baf26a0658b5abfaca9841c993ef5a4a
SHA175b281e2f0c9756539bc28214952e7c4cfa3d901
SHA256572921cc25cf5f9e59009ab7c02c9a22d5281c873bd3184b35cc91e9d98c8ce3
SHA5129cc95d4a985f48e33c50322be663930b149617d0d637e2c42fc2df6d490d300e3543916a43ae7757c7ddec800935c104be9c0d63f65bffa5ff1c57f877992385
-
Filesize
172KB
MD538ad9d588edf742ad594a939893563b7
SHA1e47a6a2feada7cd9d59fb77ff6dde616c142cabf
SHA2565c83a8ca1fa93b5ebd4932165e4eb3d11159026c58c548bed028624c3cf35828
SHA5125317ba65e4a4224f4f92dd3b14bf642a322ac49ca40734d7d23704085905fc494abbfd697f402318a5c858882c5aa481cf91618c5d1b4fbef6095d9ca996ad4c
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD530fed964a05a7f31ab0a596e089cf240
SHA180a284f7aa5baf801f83206906c4e414bf1d4db0
SHA25601a62d02069cdff10c707c9ea0b353e5700012ea73e21798431340f9f9b18b46
SHA51253686bfbff158f85050835df176658133da39aa5157cb8dd17317d047eea8d6b6d90b8bf7b8f35527d13f3c61d51f0a61adbd397e50d061cd329e973cc6d04d6
-
Filesize
21KB
MD55045fb57000d2eba0b6493db4776bdcd
SHA1f5b82e684f4ef3b8308072726a3d2d78a6d2d57a
SHA256d24b0b6902aba9a08ebaff2a4d1650372566e38c22e16c7e6680869a0cb2bb29
SHA51296b687fd46a8ae07cc118c6048a63f3a9690e4d7653ce50ee8a32a575fc712d60f3c9e8c225e3553467f096987a658857cf89a8e44a3afce2c806b396a0a34e8
-
Filesize
1KB
MD51adacf2cdae6b6d9ad82fe1bd73721b4
SHA1b11ad374423beea4934834cdfb5d4af4ea015fa9
SHA256c3b2892ade1d41e80163b79f6028a312963f524f1c388d4bf27448ec83034869
SHA5126b61333571892e7f05102f0cf07f34c53fe7bb16bf4f90cb60009b81809e2efa1d3abfbe0c49987db091b928bd31bc013510a1e69f6bd418d19e812f73fb01d7
-
Filesize
952B
MD5f690ff8f1a3fa6157c8b4c5757074fbd
SHA1a06aedc04dd3ac525561985e223c6d59a12ff1d1
SHA256b52bda519d461d2cdadec6b9e55467a285cd2d0fc16146934a2e40f283377c27
SHA51225ba47cfc074827bf3986d0f1e993491363984d62d423e50212844455b5dcbefaceb2ac40ae8579e60cc91e1c92ad62c962e799d4cb5e01cf2ae5c90f31a06cf
-
Filesize
121B
MD5a530742394e42076d12a656c62e713ff
SHA135f804e3da6801c74fd3f89b013cb154688ebed6
SHA25698f7fbbbf1e522289bf85bd1041b7a000a75a26506148bf1c4ade3dc5cdf4293
SHA512c5649a1025f517cf023dc5ec6bc63f0dab8448cc5b01fc6fa49a6491c6241c0796d2349353b577f5445eb5254178d2c8f12d6a63265e3be4b5a3df56ef89ef36
-
Filesize
1KB
MD5eb1130fbbdde8679c783de428d40459c
SHA1b5aa5acb5c5ed87452a209a2fcc43b65e9eb7c17
SHA256ab3bae093e87f682d46bfe57f1fce7644719240a1ad001510576d2c9ffb7ee90
SHA512065ceed4938857cfaeee5fe889c2cc706c7bc51d773a3e82bfcebc29826d708e5cecb29a0b8868643f213f86bee66c3cb6e1abdc8a62406eb141d04be6ec17fa
-
Filesize
8KB
MD58932eb3d8d98be3d6b7b816f9b4c0451
SHA1db4c03ef9d1589db0397d90a8ad5f3d2205cf035
SHA256ee2bdaa1fe5f183bbedd703682d5b07ca62830555bf8b20d8883ddd5483b5f81
SHA5124fcd1ca131c3e932bedcbcbbfd56a08d7035296ecab392ca27787b885063a5d65f3b95e1b991d425c445f60586b3bd334def157500cd440beb4958cdeeea11a9
-
Filesize
914B
MD5d02f250b3d163e8667201ac3d22120a4
SHA1c53d171ccfe80b49214c4d4698fd48f26a40fc77
SHA256a4277c1b5434bd3543fec53f3a49547f9e08e235b068eb0661e2ab8e1330cec3
SHA5124d609a7e0acf23671030fecc01da013e6fc69ad48bba19b5f01d7eca2e1a5d8a2856fa308d878308c21270ff67431145c44962bc8efdaaad81a1648f55036a09
-
Filesize
90B
MD5f0e4931ff203bb8f312c220ea7288e52
SHA151e463906e2b9cf85da5d4610aa859f4ac9480a2
SHA25648cbafb9dffd320a878aa4220383e2d61c27027ea9c4b39dcb6cb94a5379dc0f
SHA512d086a205007a19ee9eb1c5eae7fdeb41912c97fed59bfdd98812c9af0077d28c75bee571e702f53488d006e245c58558c37cfb9f3413a553b7fa464f1dd710ba
-
Filesize
90B
MD503d03e51e67959e9455df43c06bf58ea
SHA1a360804bffe0dddfcfd692dbe5b2b977207673b2
SHA25630e7fad37d3498dfc5da9f21cfc57496b2ca43be39a90f9eed2bc6f1ce62b0f0
SHA512f4c58b2ce4c53401cf7b0936268e589d097931c3adb174aefe4eee553653bf825d599c1db3298af43a0187c1acdd417716a696d50ee762d5f075d2dd1e5457de
-
Filesize
328B
MD593b6a746956237bd0a4cb2c056bd7f12
SHA1d51602b5c2a10308c58397d58fc934b54dc13535
SHA25628d9da29ddac12cfa49ebad9d26d7dfe822a947864ad68ebbe3a70ad728f2168
SHA5121305bd5b8d60b3295f2914854e2455e2161452932fc3d4ffd9e7d85fff592ff92bad0f8aaeee836685090d270a62f5646c45930f361c23d2e750c8d1374a5d94
-
Filesize
1KB
MD577bfa2b6d0f3357b523912f66a2d3fda
SHA13d1d9dd1815fbf273bf9192181bfac55c39a2a51
SHA256e491d17e6d41efb534ec224abc42764c4c59917fca6a48cd09fad6c01ec7d5ac
SHA51283b398bbffb018fd9b3a058ab52b7c49e380801304422b77c2cbe18500614e8b2c7e159505f2c08d6b711f75e6930b18322208852f56d51841719978897118c4
-
Filesize
162B
MD5d94aa698224d3c806c512be368d747e3
SHA1abb2ba77fbb3dc23298feeb96d60b0f5c67d4b94
SHA256bb7ba5f7ba5762a5664ab18c3bb4863d9ff118cb6c6ca4e515056983014e0a32
SHA5124309c3e8f226e832cf68e9de2c8d324023b92bde385229b54330cf113a95a124a8493b0d7e75e6e314dad6f1f49af3f827695b754b013b67fb0015de522898e9
-
Filesize
586B
MD528aa555accaf835adfb8031bb9b9b69c
SHA1baded71e444e155d76b11954aa859a1c657729fd
SHA25677916e19fc970aac1f38891440604ea3311752ba17794cce99d082a5d7b3d630
SHA512b4997e8055ffa2a8234e71d15a142e2a52e482d2bc874b1a4abde172fb86b91da47dabb2ca2ae91ee08e722315fff5c0ff6eaf20b97fb8021f4cd3c43ea4eb58
-
Filesize
124B
MD59671317bf2072377df40b0b0113a99ed
SHA13eb6295495848a2a5622a70b9b321e4a8d81f39f
SHA256562c3d3e1e99079a61be54568fa6e2f8e616f0cfeee6863fc90ad21305398713
SHA5120e58c6b3fc0848f83c1f4df45a205eef7927539163e0a98781d0422192c5af56c8ba35f46a289ce4746f506871c3027530e8f6897e10d2cde68d4612d2bd1813
-
Filesize
8KB
MD5fa4cda5e2fe8b69aa1a92d03e9934223
SHA172d69c52c24af369bfc2edd6ed11099f28375b3a
SHA256018881290b2d1fcca6fcf7252612c317af6fc99b8f20a7d46d35fe6df8ef4509
SHA5121953a29be80527c0d8aecbd1e7891b78dda6c23f6931b806a5ccc73942282b913abd4863547f0e28dd9183d032854ffe14f233d912810f58074bf67cd7539a73
-
Filesize
880B
MD5ef239de90088e1d350b01f820fb6ba17
SHA147c157ae8f766b540398b27eb096e0a4767542dd
SHA2564a17b86b63ec28714d1064990bd7030a091c090af8361a79ba41a83a0e569add
SHA512f418b4826de2d79401eab395fd987fb5b0ec4b8b8ff52b0f70c168a5256e762fb4f050df6f64f037d55e3f85286aa3ee72595115259e5f03aa98956e0caf6540