Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
28-10-2024 03:02
Behavioral task
behavioral1
Sample
7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe
-
Size
7KB
-
MD5
7757b8c71e1bffb96022dddd0fa84fb8
-
SHA1
2821b0a5eb311010a982c4bef0bdfa025ccec947
-
SHA256
3fa40d13414535a809b97e887b565841230af69a5d49b5fafd7cb31dd70a3d16
-
SHA512
f9dc1d089b755b2a44db352cb02c07acdd48665ed26565590f8a3935fcba89e5002a68f8e5649aa1bc01a5b0add5b2e25f1b9e6bb3c5393f4f481117d59548b1
-
SSDEEP
96:lXZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihEx8BDCyp97phPDRMUA:dzdrr1FG1WDCgmjPZ0Dh1LRMUA
Malware Config
Signatures
-
Detected Xorist Ransomware 6 IoCs
resource yara_rule behavioral1/memory/2684-5-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2684-8947-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2684-8946-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2684-9121-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2684-9122-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2684-9124-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Xorist family
-
Renames multiple (2193) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Vtq96q6fkl563sa.exe" 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\prnlx00x.inf_amd64_neutral_808baf4e08594a59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\IME\IMETC10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_preference_variables.help.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hpoa1sd.inf_amd64_neutral_caaa16c52c48f8ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky002.inf_amd64_neutral_525d9740c77e325f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pssession_details.help.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Arithmetic_Operators.help.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmtron.inf_amd64_neutral_1121c7f92e9e3001\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl010.inf_amd64_neutral_46f466c9e68abb4a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_FAQ.help.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_aliases.help.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmcom1.inf_amd64_neutral_96c22c683482d8bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmdgitn.inf_amd64_neutral_09132735f1063a47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmeric2.inf_amd64_neutral_a0575ec9ce5c7de9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmisdn.inf_amd64_neutral_061c61abd3904560\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mstape.inf_amd64_neutral_c2bb3ef1c45cd5a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netr7364.inf_amd64_neutral_68988e550e69a417\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\v_mscdsc.inf_amd64_neutral_8b1e6b55729c3283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\da-DK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\Dism\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_escape_characters.help.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc2.inf_amd64_neutral_7621f5d62d77f42e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wialx006.inf_amd64_neutral_ae607a72b46f9cfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_methods.help.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Path_Syntax.help.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_output.help.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmbr007.inf_amd64_neutral_91d259640bad7d26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_neutral_7f08406e40c6ede2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Automatic_Variables.help.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_environment_variables.help.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Reserved_Words.help.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Signing.help.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx003.inf_amd64_neutral_d1510a8315a2ea0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00v.inf_amd64_neutral_86ff307c66080d00\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_parameters.help.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmlasat.inf_amd64_neutral_bc1469ba40fe2114\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\pl-PL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\slmgr\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Comment_Based_Help.help.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\winrm\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmeric.inf_amd64_neutral_27c5b45728cc9ed0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmts.inf_amd64_neutral_b7f0a8d5f67c19e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky009.inf_amd64_neutral_8e54c9ff272b72f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnrc00b.inf_amd64_neutral_3338d41663aad5fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_types.ps1xml.help.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_scripts.help.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_neutral_8693053514b10ee9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\lsi_sas.inf_amd64_neutral_a4d6780f72cbd5b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Windows_PowerShell_2.0.help.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe -
resource yara_rule behavioral1/memory/2684-5-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2684-8947-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2684-8946-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2684-9121-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2684-9122-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2684-9124-0x0000000000400000-0x000000000040C000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10335_.GIF 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectStatusIcons.jpg 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\settings.html 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\HEADER.GIF 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\7.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\plugins\mux\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\Filters\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\PREVIEW.GIF 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0295241.GIF 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\weather.html 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_h.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\PREVIEW.GIF 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14594_.GIF 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341559.JPG 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15301_.GIF 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\PREVIEW.GIF 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099190.JPG 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked-loading.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21314_.GIF 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21503_.GIF 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_rest.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_cloudy.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21330_.GIF 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR1B.GIF 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR27F.GIF 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Country.gif 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0148798.JPG 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pmd.cer 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\CreateSpaceImageMask.bmp 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00531L.GIF 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\MarkupIconImagesMask.bmp 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\macroprogress.gif 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_down.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\amd64_microsoft-windows-windowsfirewall-adm_31bf3856ad364e35_6.1.7600.16385_none_e6508032a8d2c091\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wlanutil.resources_31bf3856ad364e35_6.1.7600.16385_de-de_16ff80e9dba5fb3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prngt004.inf_31bf3856ad364e35_6.1.7600.16385_none_a0b67189fe7a0ea1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-kernel32.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a3645f7773564239\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7601.17514_it-it_2e02672bfdf9a738\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_netfx35linq-system.web.abstractions_31bf3856ad364e35_6.1.7601.17514_none_cbda187fe98f38b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\baa30f3e0869fa3e8885df044c880bbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\Media\Calligraphy\Windows Hardware Fail.wav 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-mreuse.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7101885ab508339d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..ration-ui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bedc147da5afe521\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..nts-mdac-rds-ce-rll_31bf3856ad364e35_6.1.7600.16385_none_612febcea3844c55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-stacking_31bf3856ad364e35_6.1.7600.16385_none_d0d2b98d4629a41f\NavigationUp_SelectionSubpicture.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_server-help-h1s.itpro.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bc02b6df0a89f79d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wiabr009.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_44f41f1d3d25b801\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_properties.help.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-dot3gpui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1bc44dc5a20889b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-epgtos.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_cc39e164ed9f744a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b9cb6194b257cc63\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wow64.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7c3ec8933ac2363c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-choice.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c7f986e67be6bda2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..i-accessibilityuser_31bf3856ad364e35_6.1.7600.16385_none_bf396ba9226e0702\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_zh-tw_7485b830f3efd39e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.NetworkInformation\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\1041\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-b..core-fonts-cht-boot_31bf3856ad364e35_6.1.7600.16385_none_1a0b146e42cd86a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..lient-dll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_545ec4e0c6ba7521\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-rasdlg.resources_31bf3856ad364e35_6.1.7600.16385_en-us_120323c561b3d465\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..omponents.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1e01b333da773def\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-winrs-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2121f03480faa949\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_mmcss.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_388fa26d0e3a5ce6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-g..tallation.resources_31bf3856ad364e35_6.1.7600.16385_it-it_88cdcb7606a01ada\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..r-service.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bf059600d0e1263b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\PolicyDefinitions\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..s-service.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a154901320876f6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_8fbf4b0735f59a32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-riched32_31bf3856ad364e35_6.1.7601.17514_none_9f081dc1e0ddbddb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-audio-dsound.resources_31bf3856ad364e35_6.1.7600.16385_it-it_449a271d412b1447\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_functions_cmdletbindingattribute.help.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..-ux-sppcc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dc4609a958e3234e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft.windows.d..ackmodule.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b65fadb214ac7473\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..mepremium.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ee871b8ab496c12c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..oledb-rll.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_023e06d6d0ae53da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_it-it_cba2a82d1ba25d8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-eventlog-api.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7abc20ddc9f8f54a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_19abef884ee5dccb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-r..tance-exe.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8ab6bd26bd8b3208\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_fee1d678cfc147fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_server-help-chm.qos.resources_31bf3856ad364e35_6.1.7600.16385_it-it_12b64ad00099674d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_hidir.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8de205c550c51230\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..resources.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5ce871b7366bd51a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netevbda.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7d1358ae85d94f3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-recover_31bf3856ad364e35_6.1.7600.16385_none_85e9a3f215ee94e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\ff7aa68fbf75e4b7ca80813225c3db01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..component.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_69befa0f99b9cdbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..ewall-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_794967650f4f20c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_CommonParameters.help.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.1.7601.17514_none_69a838f53862fe6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_zh-cn_02262b16ffcc6260\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_server-help-chm.pmc_lh.resources_31bf3856ad364e35_6.1.7601.17514_it-it_4baf80a1cb44069b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-mail-app.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3951b46e7e590044\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TCGPVQJSRFCBVRW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Vtq96q6fkl563sa.exe" 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.100\ = "TCGPVQJSRFCBVRW" 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TCGPVQJSRFCBVRW\DefaultIcon 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TCGPVQJSRFCBVRW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Vtq96q6fkl563sa.exe,0" 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TCGPVQJSRFCBVRW\shell 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TCGPVQJSRFCBVRW\shell\open 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.100 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TCGPVQJSRFCBVRW 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TCGPVQJSRFCBVRW\ = "CRYPTED!" 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TCGPVQJSRFCBVRW\shell\open\command 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2684
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
282B
MD569a98ef655778f1cb3764a923acbae80
SHA122683321e95c9a631039d15fc49ac5d3e639ac54
SHA2562ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2
-
Filesize
341B
MD54e432fc007aaccb0fbeb3ea70197ecfe
SHA1eb68085a3ea39e5436fad4c1c7ef66b06fec37ee
SHA256e9b13a487d9d4e2301bbd1dad4a33ed243fda84000659f525a25ce850f003b6b
SHA512d32dc46e3b1db6d34e06b296a2d5cb649921e3c93af0fc72cb641958da6d3bfc08237b6af3116c075505ab3e2f08fde4165e841f195008a07028cfce72a0c949
-
Filesize
222B
MD5e7bbf52497c438dabcac3698293cc93f
SHA130f148818a9b5ce04dbbcec6cd0944f6e5f78583
SHA256f0ccb91630354b418a4088e65afd16b103c7a6a53ab7422df8b8cf1416c27157
SHA512ef9108093d7858ce27172a10d62ec10ad33ca54fa6b5fbf2ed14f6e8594051d59e9c51f79871e1c4ebe3e259b7b242da70a00d7b9d332e0dbb0c5e6c9c4d1761
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD55cc4e3856177fde34e1d3cbff10ce8e2
SHA1531759acea73f773876cd5dbdd8e14b825381415
SHA25692d0f0c719c0dc54b3c56c9b14655e82a85de38e49d2bee9637d547c505f2e10
SHA512dbb1b116dedabb493e44db093684f40f035165d70f1e5bc7ec21daaabb46751941536347aa92ab8caf2750a4bd5c661061f170c2ef0e7a1b2a97321ac1b0e503
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD5038c20232f6054d8349980ed77c41b33
SHA1ef0ae311c14deae9b4ec2f4c7bf525fc8307269b
SHA2564b318e8a70f2372ffb5f52cf10d17a295254501d1bb7022bb27dbcfb13863385
SHA512921c8c7040d76e5b7b44529c828eb0e10ec07a8d9d6dfcbae60584216d916579b7518c937654860b31ba91005ed286283813417dea26918a2a16dabfe2ba2425
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD5fd506d37a2b9c705153437b0844102a8
SHA1174ffd09868b15e5f36f3b84776b9a301ca5cef3
SHA256816bae1489d40d2410456aad9e66f10ec66331cfc24c7a676782d39ff9c13978
SHA512ba761085ab51bb01c8052a54338be3a605199571cb12229df359c200870e5ef6687e4bdab7bbb73e1db9833e1752ae7f01978cf0be356f828d177e5da1e1ee03
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5c08870ef31ab77079466005b48766f7d
SHA1d9363b311a8465262ddda0a754e5f0c9e66edd69
SHA25644e226c09e775a03e731029754a0c962bc026dcbd7cdfbbd386a19ccdd9c1462
SHA5124aaef0c818e7ebf94c114fa2f2b4035e4c64d5dcc3374d67caf3faa4bd5f856dd0f6d92c03baa687e4c92772f9323235d88616a63610a3ee2a90723c796dc589
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD5eb92b43559b25d6d3545642537316cee
SHA1ad3d835c576151013dd30410a4de190ec6f19bec
SHA256523b66381d44bd2f33ead992224d9ad72ddfbf790bc92f1ecaf54dd8a4976e0d
SHA512da7fdc29a6238ce17f551464e480b8e20366536208b545ddb140366bf5579f818cd8f094bb9bd7aa646a7a2e32b865d8038be5bd3ced5dcd0b0d19a043d47fae
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD556a2fdbe5834e0932c02ebaf61bf3911
SHA150d72aa63d3f9b4a7b2b5f238df95733ff1fcb57
SHA256c27efd1103889ca5a86d236e83a0bdc3616ab52bb6f81e58f4412599bcf78aba
SHA512908120e9bded24f9ce2f6463b9091dd822f189768fb71b3c4f9cdf505fa663ab1abdf21e9c6a44c6e4d02dfa9340fea35b0c120b913d8cff9a3be4ba765f9774
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD510a21afe372b4db85b37d7e534a541ec
SHA14f572335e774417df50cd6bc1f6278f4824f7aab
SHA256bb5bc84a5099faaf7c4721b1b5b1d06cffd8bd6adac4194804698d2e9fd77546
SHA5128bedf93f00b73f9254b7cefccc90d3bb6fe79cf40c0a3275523eec7f4365c7806e0293ebd923d288cb46bc7929ada60e65820bb318f8d83e28f00a0fd8ccf876
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD51826ec12a0bbfc934c7d50f92ecd4e5e
SHA1e746e6f7474b7d55e62acbf82ff5476d39de2065
SHA2567142c91c73124ebc48f0d300595902514a862a5acc0aed8fe746ab43a4ee21ee
SHA512f573a73c050fd4b554e99aa0b5b5b0d08fd2ea94c9e1c8f63153bfc8ab244ca5868d563c5a12264ab8a89b672ecc834f43bb9ebff6f90fef16247c94c4c01054
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD5ddc152a95f38603fe1a0320128a98260
SHA15c2531bf1ca67d9e3573f631b4be20793474752d
SHA256a2715105e4d34c11d93d01cc20ddfbb4ac0ef69ca9aad83c585b713e827fd375
SHA512b601206654f8030c81b646fe76aa3fe981752fa1ae9f5ef5d6cc99c39dfd3eb1a0deaee4ec76ddcdf89c61a19d686f4bdbe2cc0c487a93f75ecd98b912b5f4dd
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD5f3e5863e441cedef3523a94d2ff7bd89
SHA1c68830fbd19db27c3d3161dc6d38d5e0c0566e25
SHA256721c03997d5ccb03cb7c1107b27480c4d880af821b22554cec14db942ccb343c
SHA51261b8b70f6a16cf1dcff110c45191215d59aa29c0a0a3622f1ce795bd9866671f30f0aec2f4f4fc30f61b30768144740b7fa7d8769b6afc938b68c177eb310953
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD5a69cb8b0282b15a5bcaf3fa4a24fa4c5
SHA1c38a9faa368eed93272616fa19d90956c2a15fb7
SHA25645432f497102c7d0b0586f32cdf52d1673975d03b0e8088406dae9efa323fbd1
SHA51298bd10f6c2fba46f2bf313480e35db493bd4fd9f06cfc20ba1b33ba073c455f304b4de32659fdca97172635503f01c7085f495a8e6af37d5acee1028acb610b4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD5033551ec4dcdb995a4c1320f422d960b
SHA1e57294820df674ccff98f5178535f576dd9749fa
SHA2568714a53f0892f1c81241093cc7b8f6787cc1df5a27d2bb021b5268b86210a1f2
SHA512e765abd24420e30ee89a93fddf979cd5f1fc89877fbe660a6a96d1127bfd0726b4c32aafd0be7fbe89dbf7c545488825df82ae8a01eff652df9f0ad4d9eac810
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD5bc1521e980bf4c3bf2ddda157ee6cc4a
SHA15c82fe890b17b45c993553c2c10a4bb8532d32fb
SHA25659c3af3d176bc08d6cfb8a6ee1e530346ed4609a22ba68d81abb4b8d1614ceb8
SHA51221538ff5eda63472610d7962a5259dc9d25297f5dd86fda183fde75988cbc3d87a0c3072e3e5d5b00d02c9c5a49eaab688d1253e7b2d3e4ee99a68b9a1a5c262
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD56f99bdd438f8a6cc3f23e2098463dc28
SHA1f88e794bae5d6df72fbf37f9c198a29128ba93ad
SHA256954f3c4a979e65f9b2f1e439b7e2a4c9c6f86461574b50f32e1658d534534771
SHA512c3a79029df48b04cbdd2bb41f105bd9565f9e333ee11faff24d9b4e4c66383a30f594adb98cee5c634eaa1c107607958257983d0c71353fee3e85526c859aec0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD53eccb3b80dc5f93c68354c9b743a557e
SHA1dc22cfa13748949a2b51e342f7b820a04d1b638b
SHA2565f6b2446a61024a4b51f0675b8748fe41b002016981588aad4fa2fb966c19313
SHA51206e120155978c51df89a5a95a6d9e7a9a731a21afb789e7b02213439f645b8bb533b755998a569bdfd670fd25b40dee32b08203b3b7a5131a453539d3dffdb51
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD565c3718149a7e9fca3380bc18e453c93
SHA117ee70319629b0d34d87f83228caaa0bb7c92899
SHA256042431538754c55496dc992817d74b09781ef6f6d95208fbd62aa318fd9f79ce
SHA512e0152e71001cd648843cabb14f9b1cdaa775642de437d51f104ca691462f3bab54569a0d79bf073ab3807d229cc9814347a82e19182853ab626b4b57bba53f3c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD56105cbc1fd909ff232e9645920a4f7c4
SHA18047c599655744a7d782eab1eea6d0326ecfad7b
SHA2564d864d182740475e9762428adc6c522cd8b05ec2f751eec9b6cf0914f5eaedc5
SHA5129ce07d415a8a8470703f55a9e80f9c84864052164959a1f52c0d4a98df70e96241d445ef6d5a7e75be8fb140cfef0bf02209849332dc113a05e8bfcb771fc166
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD54d998e0f0ae009bce4780471f862190c
SHA10b3ea30b8a5e1df07fc5b2ef9520b16c6f0bec90
SHA25698583750861b386ff3f05ba8259fe084e1e47362512a5ceb83d2c8fdd7a87b60
SHA512b75394f583055a4d7f15f90ff26503741b929c553d9553daf2afaeeaad570028f471d54715024b78957f59b909c4e5f655aad01d107a4ae98925e004fac53d3d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD564978d7b22123ca6d5c5bc2c4586796b
SHA136bdb0eae0570dbeac5efcaf2f66fd045c69d208
SHA2569ed6d0fcaa205824b1167b4e13ae9628078cc436d2dd26fc2b3f1932ec27c83b
SHA512384d7de1e3f40cdf96a3b722106f2b47ad39af56c92e18437b90c6a4e6355174788bcab9cad2abee880376baeba86f5502e072063cc6ecdf20982fb0a234234d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5a97040368437642b674045c1dc1438c7
SHA17638646694c7de97b7c72df51057b820bee11630
SHA256991c414f7532ff9ca5f4c82a97ee36f6ba164d9e5862a9e46ee3bcf3d1328b8c
SHA5127a142cd27daed7bdc281a2db8e9b64afc0cefa917f9e51e309c9ea2e9b0fa54021d40eb3737d1b7be3f35c10c58e68a6478645dad5f11dcb06d4ada2c84e0c27
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD5319c75cbc1040a72290d96a1511ec76c
SHA10e360f889cdae887ef7eb2f7eaf2fec17442c8be
SHA256e14e568e7f11d2093b6510f81d7914e04b03d78a5921eb793e163764be45a770
SHA51225d52ad7b4718faa6cfd4c23311e542b6fcfbf215af6b9b620fdbfad8b87cc22ac9761fb9032abf982becc14b5df1d882ad144f89175ec4cb501df0d9f3561e0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD5cc3e005b383659f5aea56d004eecbcb4
SHA19ed97fda0b891815d7c8b3a508e45af26d4b172d
SHA256c999bf94e1e2c6b7ff7e1054d4293e09c9d6faf72c8e652c1c4517770804faa9
SHA512bab45f118f3764f5ea6cc671ee896881c7bcf0cee46a1478a90e7bd08bffdeb991f315433967f0134adcc252fab3a74e47ee8c5c4caedeb56e8c3a97675e6d2e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD5e5562cde4a75924b678a485be8b2b610
SHA17397f7f5912a38861ad72106c12b01f39483b8ee
SHA2563a845511fd2fac207873c41da569c57b0f4b7b40c4ffab862dcdc7d165c53d3b
SHA512d07250e91a7f215591a3afb027e270cc9eb1c8aad1b8bed14d0d8b126001d14291033652bb33a1a31ad9d13430fb23104c08a5326f8ab453accd354eafa60b29
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD5d473afbfb74b58e513775e1d35faec0b
SHA1acccfdd8119a78b435b9b2e5157d71f42720226e
SHA256b81a9b0d1cff2c4781667befd55b18827e3a68dc3b2a9779376ae218e4379efe
SHA5126ba0ac28521a07e7ba59df0d2c578285943b95dc816d5daae3465e48259c51d8ac9c3e73d0c79829f545f3791304c15196c0f9dcc17b18118f252eee4ab540ad
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD5748b3e97f6a117b38717edf05343aaea
SHA1ede376ce795d5c073f5d8c8cb26023e8dad023f3
SHA2567a0dfb6d91053573015649400b6e322f2efc16e551e20d69ca01c549baa84a10
SHA51275eee1ae43fcffbd1bf267e75c5e94066802c86325129a479fba58749444421b308588058ad075e7314ab952725c20ce6a75ab815f0b16987017f274963333e4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD5914386497d005f4d4bf3406b097b662d
SHA1b4b3b36197120f855a4dfd43ddba45c2b20effc0
SHA256f96448d400d43e0e7927eea4b9906b0e98a45a06c8005a2e11b01a6001f26866
SHA512f8d0ba37b9d09a27c9091378fa5a9eaf5dc525a53545649b3db14189731382d57ba76712f70e0c346bdfe5c37dacabf2e9da3170b1f1fa5a5029baaa375df3ce
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD5bb62ed6075b0eddd2921acd95b2bf4d3
SHA1f27dccf9a03fca5cc9a60f7c219f49ee997b29cf
SHA256bff2325acac781da9ecf18a5f34c61cac5ec9cdb3a3755b507daa039069091a2
SHA512520aee32e736f4a1c9c7b6b13e669c63b65288eee44464f9f10eb8d1d6808dd142c06bf851cab9db837b8517809c9806b5b0334e83acfcc3b445207650466232
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD5051deeec417b0184d7d6ccfbab7cf0ce
SHA15b5505399ca03ef5f78e7400deb1f37e1f6d26ac
SHA256507fc3ffd44c0cd5860f30e86366a3dc886aa8737b140fb36377b0f5e4702c02
SHA512dc049051c4942f2e12fed201e16b186d9ed5b92261e039dbde39b1c7c59fef8a253bc507c8cc67206b0e73036cef37438ff35fa0e09f43eee568433286304ce8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD560b118c2619730821fe1f2e9155e736b
SHA1c606f8a76c1432ada1dd2d107bfb401aae6d261e
SHA256096acad18f9f2daf7461972e2bdfa0e2260aacef260d8a096caba64435434396
SHA512744af5500d5c58488f2f008a4fe26daf1b14f2765a6384fb86e37954a2aa27b141d3fe7cb4f571e0f3a8eb2edfb46364d754b59212e3a2e063683bd3b16805f0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD59a8456bd486a4a25aeed285bb88bb945
SHA109534238e49e761f38da66f3061ffd3b9f06ec81
SHA256741aa901e2f510f1328864bf3a24f505693150229a42b795a1be017e87ed694c
SHA512bf92fc3cccc1f55d70813a0342bd9b33af1cd6b5c2cdebf68444eab427445493c5471cc5007ef733c783b08d8edebec608e9a4ea1c4d7bbcff643e48635cda35
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD531856765894e99b9c2a2598a71148859
SHA1a9e53f9a928c2cd2118f53367c0450d7203c2aae
SHA2560d8b23a1e8706e814ed9ccf36b1d101d403242aef52afe630af294a527571c53
SHA512d5c3c20a63465badc04c3b869784dd9b5da641b4e6580c635b7a1349b5c53867b02787b1d650b312e8de094ec12d66c05623c8c4ee7a264d4d147b6506b74c5c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD5b7c8c5009ca68d4ef7ca8b2247ee6236
SHA135100bf1539d2e25da6278eea4139243aec8de08
SHA256ce5197eb75da2c626dad099d30de319e80ade7fa661669c7640d6779f5c4eaf7
SHA512de9cb8f763f139414a0f89e45b013e2dc7a5d0e357d7292630f7efae0a2301202988a736c4a55758519a9b80adff4261dc34056b73bc3ba1d806b3eac6cc4429
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD54e3d39910de615dadcde688e9239928a
SHA16aca917604b837151a4bce1a95cf987a43a88fb7
SHA25695680a3d6fa9d311f94f7c7cdf9dd726562ba43b4a6acc6d348e3b6baf97c38b
SHA5120ebdacf4a37ecaab26831e91bf0d8ddedd35116aed53ee3a29b6d870bfb66246fb44bb204a013ecbeaf30f34da29f5e6feeeb93f3d973752ed9ca7d5df09c555
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD5264ce392ff9d75d7225c0e6e0bf8f289
SHA1abce6bdf0db0958e12d8865610223b1c80fa4948
SHA2562251dc25956f0df6f9bf4871e73d74d4e02c4e634931baf6865a39166f273541
SHA5123cb743b9b62f16a1fb34ef4424ee73544cb63d811e7a41fb53010b198e28676f0219cda868b5229bf877f8b60de517c67477da946e95ffe0121b591f1997ff08
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD51608c421d47698e6e46fc86d8eaf5038
SHA1e1c353607b6e18efb566bdfc84ac9d8049e7b92f
SHA25653b714c671a7d5cd758ba473aec7b9be7ecdb60c8f33f860030ae19e2f443176
SHA512c7422b396cb3f4bfd47f3556d796283528e928a810971be45e8c2b63bc5817e21239475bd14f2173e85db59945af9b0a04265d151d6d52c09f5f6ea9e63c43d3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg.100
Filesize3KB
MD53f89442aaeec5ba894b35eaceb5fa51c
SHA13daa3db2817f758e6cc4f57b734094428452cdbb
SHA2568f7207a86c8092b0b34a0232a77029b9716c37487fb7623ef68d5ae12665ed63
SHA512000184bac48033d1a7d25bfab6ad7e3eee56393491454fa9fe7156fe9d224f1d2800614323ce98d5162f7948a853a0cd8f9afebd60ea28410254cb61a396020d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD5c9a60f1d347716ee42ff0d5efee7e71e
SHA1e0f5c71e648def742f3b825dcbc8a20c4f4f8560
SHA2564b8a9e3da5386362cc92a65d2e5477fac5ca59bd9b784c04fe435d8b5add4e5d
SHA512e8dafba30d80787fee0df72e71ec444f6212f4c6b2c62ff52b824998c7ba1453f16fd3160d21f4be62751e17bdc0fbf57d28b75e06fad58b0766bac00542d5b5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD51d1c3f848f4f3e761e9f04155ceb7353
SHA19a51a4bbfbeafff956d5776ab5143b0d831b8e06
SHA256db864f99b236d8c1e9b67e7e4f07ced39f157d73e721808ac4d990a05b744ac1
SHA512ce9b3feda5722a3bed28969cfb1784f945383a76d4924e80b7d465b8ac4075e7f1e77b32d4b62bb5d267d3c638db8a75bec0b1ffcc7ba8b72df15e2ecc96feee
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD56fc2403b13ae23a25ee5aa99be9ba010
SHA14519468f18687f61388ecdbcecd594450635925c
SHA2566808ee0d70ba4b8e84c21c7d33d19c2328e3b4be0f1614939053cc9bcb6b1fa4
SHA51208187b468aadc16b95ccd0873cc321f9e602a65f73fcc068d6c0245e7c01fa4a870a34cff77d95652c2d83fcc3aa023d8d2aa5ccfd61b065382b0593468e0a27
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD5ddacf433e921c82483f4bcbf54c573e4
SHA1d746422b41b8be1d9e2ac95158ace39a11ea608a
SHA2564ebe6286f95646184fc47343fd6454329035cafb082e8bb35733175795808696
SHA5124e0bf8ba9cec56e51e7e50d5b61b2f311edec1867a407d7fa5eb2ffe3edfc7d441a339da087fdff3d302a00683a0110930a4ad3d774996c0f73c641c37d38a12
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD566ffbfdec274d609436f5408100c7e9e
SHA1759927490061fc5b23c0205cbd9c3f1ce2881cfd
SHA256c84455ea1fa2e8c09cdfc9ef3e98b60228d8db92a2fc9f8b728d527887a68cf0
SHA51292876630e5006c463511fda94ccf68b22a1ca4e5e99cb64676164dbabf491fa12c146a27b4cae9db4a858cc6f037d56a5b6104dbfa39ab24a682b50befc47b12
-
Filesize
580B
MD5e64d327c4b86bf93aac347630bbf279b
SHA16699d2a8e89912b69024b1667c6d87505c1df6c8
SHA25642399b078ae2c611d84a51d36c16f4527b136c592c959798dd20b3d12be7fba7
SHA5128d4be6b6413b1d581fdc41971675134e8e42775b4046919d5e608ed22fcb40c5cde74a2ca20c4d5976d56a649ff06c4a532b9169656b19f165b796d8cd7488ce
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD524b6478fabb5f33a29486b0e78be2d17
SHA1f0542c4648fd23e60ca6ec54fb34ff8c753a1492
SHA256a765b41530096c2067bf1e55b331de8abd254ca318e826cc98e808e1bb03cff0
SHA5122ef633fbf53651b60769300622871ae22a41963cd8056cc19070f5c8bc52133408969c1bbed30f236d9af2ce1589bc4756ce87dffc136fb3ac31b59a8b9eafd7
-
Filesize
625B
MD5d5e3793d3794a180fab3e2ef8fa3d78f
SHA129fb87917d2f832851bd253b8c13e19eb0c2e1d9
SHA256e314025e37228f28802978c324e4a3f5539ce79d1cae2f960d6d7313808153b3
SHA512f09de35770ae5918da643b4e9ceae78f9e10f3806925901c71a4f73b56548786d47a67044aef7f7ba9955954d6ecf1b1694c879ad18a4c3ee9c0fb68b141aa40
-
Filesize
873B
MD571b896f2dbe31df812398c3f9e2c2dfd
SHA12ed2b40a994148b845e41ad6776f1e9cf0ff13d9
SHA25657f53e47185ee2b363cf8b8af36035d5d978e7243fa2cd4a3805ab782badca31
SHA5129dab0a18eeee29191d455ae737d6e119e4ba0fb74f95c3541d5875ba2d679357a79842dcba72c25b58d4e0a384cac959b4746b4f6ff577315ba29c03dc87b80d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD58b9662843282841833ecc0ed99f3bd90
SHA1040ab00ac96e14a61d10400b0deccfcf0da356a0
SHA256a80c9dc453c99163f2955e0ea37f3f12d75851883353eb288b2b15514105eb52
SHA512ad22402c8b782277bb66d5cd46831e9c67da41cd9b970d21a5325e76f6579498fa8e5fd11da13278818c13ea71fc7f45f7f290929b8e0650fd03375dd54d0f05
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD55f6ab4d2442e1c71bea151575a52c40f
SHA1b53eca2da9380b962948b46ff2bd3bdf4216c3c3
SHA256ddd15e2d44df2b27e49a7409ac7c916831bfb275733a60032c11494525583e23
SHA5128dd5b8885a9786d55c6453c5afd85856e8a8dfcc88532bab6e08341f089853b78931af2b8c706e046449e863c3a62fde014f6b2bda99d9f588d46c8dc939afbc
-
Filesize
615B
MD55f34efd7a39131f876565faebc422029
SHA1d0be821bd33cd9b0124291e7c34d1cf8041cd055
SHA256cbee57c9a2463cb073ba3909ddbc5b5fdb7f01499fef0b12df365851ab95c759
SHA512f4bd7cd3b9453d8d6aa437c9cb7d7f553fd5fc32fccde5f26d1ef3439366b603d7905f370039dec2556892015a079c754b6b5ece3fe6f104a6a543ae2d6c9298
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD52166034adf5f02d677ca32a9982ddd92
SHA1f6bb8aa68436db00cbb8260b7be0044e13d10e50
SHA2561fb89cf1688e2b0189d8fa3f297cc875b9bcc9eeae80ead2c41d98d610b4e92e
SHA512f9d9f0ff85fb40899c3a1180e91fba8aa082642158c0e93c106ac92ab6faa40dc3a63c2f72aadc206d4f575fdf84885632abe87329807f46af7ffcb8c7a5a03b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD5889fc41b56e758be0755a9b08a2be43c
SHA12af1206ed998ea98a7355a9342d54719f59fec74
SHA2562e02980e7146bca1944cadd079be95d0e6b84b67734a596e9797cb20d8cc3aaf
SHA5127dd03a0d93c7df7f9f89faa8aad74ddf2e2c7b8f501ced0be7d850e448edf15f56d1f41512c6464dbd401b742879e3d12e33a82092100f84a25a90ecf45ee526
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD5a759d1475960d8e85a3f9c0ee5174484
SHA168cc661e257f7d0b6bf88c612e60f9e8fd519cb4
SHA2568f0b9d6e704083d11066c911ed23a7edb5d347e01a7865e065e61bbf109aa1b0
SHA512fa638b62b19310e96b6a886e736581bf185beb4a8eae2c345cf8570e9a143cf4c22eba3e958c056ba92b1bf47edfbb5cbcd687b41c1f92d8215d4efb4a65b877
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD512a5a28d32f98ad70eca73590c005f09
SHA199fead53fb4c387ff623c6320c12efd881e61137
SHA256ddb1d1ac80ef2ca53cb6faa6943c2e93275182dd4c1d20c97712e7229a05b498
SHA5120356af3b58a3a24852ad1e490f2e88c428b935d4d7a7813fa1e4dce36e2ba1b37b08c72ae70d716cdca221753e2bd3f090682e497bd79166e41664335fc10f6f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD584a8fbba44911279582e9cd3620698a8
SHA1450f99a8e74c84ef6bd543dfadb8d7bd18a7bc88
SHA256849bac9be18f5416ce840273171d791177772cc280c74e9538af27ac9288324a
SHA51235efd6ac362aa38161d4d42d2dcca09c4dcdfe15ececb779cce1434f1402567b9155686afb026e808577e0c7b0fe91176481de428165e1453bb96242913830a3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD51b179ed866aaff6f9e3067c5fd964103
SHA12d379cd00a8a570898666cba2b36065f5fe588e3
SHA256ae811df9dc05f60234fa777edad09335303f770c1fcfb51d83c4755470c0c01c
SHA5123fd36af12af0af56c62711b0a30354329d4b114c882ce981d99b0063298dbdc0db5668b95d8e21d833325e468a2de1ce2271f47cb56b09308d0cc130649f14fb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD524694f8e7ab1d6f9611cd7556fe5566c
SHA130330780be3336c2c3ebc3f6ac858698134a8e64
SHA256fe26413bdce082ff1639efbf445310d50e2c16680d58863d268ef1dfe29aebd0
SHA512f0f3da16493c9216361259acda9c6a0f7e1a0b053b8dc07e14d93cfbee22296de3f3026c2357d6367fcca7309c832052d0b3b58b743dba960eddd07fe1cb0434
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD550930ab9496b892028c7e45c3ed4e1e6
SHA1fa308e6cd4d1a615ccfb4d4801ac858307ab4919
SHA256d4496de7f10bd2fdc415a4710859fc8c10db121b8b8dfd8cbdd5ba8d7f6a0fe9
SHA512309c4f75d2cf31ebabe4c03856be29eea3e944a8383772468887ba5f43cdc027b5ce2f6eb4511dd41cc30e157002b0fd00bf4e16b6f893beac3814488b6a44d7
-
Filesize
153B
MD5a5e10f1c520ebdaa81d164c84170688e
SHA1141bbc89125499795ab06b5d73ee393e6aa49a38
SHA256528fdff7ea8b0f6f1ee91840c153aad27a0a0a8ee9c8987a6738db562e3dedcc
SHA512de7dfcd202ea6d0675996497506bf3f307c38937723fddf398f03cbc94f2a0de488d382faa38ddb3012e1ee3c554f477867a149cf3ff45990295075dc253a19e
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD5a7e1d141440a31667a526441f6cf1227
SHA1d855edf5007a548faf7be405540a4ef36f3a9abe
SHA25656259fa02c5a7235126e4832497fd6853e8c6dea50c105c0e47d5e623c2055f5
SHA51297ab0fbc5073dd89edd952d1633108b4767397db210d9875112654676fcbf9412ddd278d37accb6fc71e8a3bdb48508a0221933c85082b8652817857990f0ce6
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD54864a8bf07ab66e9a482cacf38ab052c
SHA16178515a9e102e3749607796dc63ac4e78a9a1ba
SHA2566e83da01035a33bbfe0f999e2e74b3674274da185f8f7eb0079433e80d89e679
SHA51206f003d44598218f707d26f8cd36c2411b82537f7556b9e1658466e7befdc9c4f1267ea23a02ff9b4125b3f6443634e1c1815dc329b68ee0f2a87cc680be7e48
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD5ed5d130bb6d03602145eed2f4afd9a97
SHA1d9c94392be902db34f95cfa4b355abda9217a1a4
SHA256f24cf31f60d1655714a93d13e1a7344d256a3051b548a4e095329f5b401c9da8
SHA5122d289b6ec5b22f4e3bf574b39de3f7490fe832ee09b8c348a2cb0a27f7ca3bbee01e58e74866b182801afe2db84081297e5dad28926152fec9f1ad99c2aa0fff
-
Filesize
109KB
MD5f8469e152a0be027313f98265320fd5a
SHA1871c8965e2e3e3dd454c947d02e59256c4e151d6
SHA25621862dc850c9870c3ae42b489343bf029e27edd2394d25326b242b05ac53e3a9
SHA5129a739690719982896bae8a3019570ac743c8ee23aacc5ec4fc27843f5355797f64e85f0d084c41a0504b687786b13a8fab8749849386bae5e87827862edda63d
-
Filesize
172KB
MD5383e8494afac942ec7f7ee27e8af0e7b
SHA1aa0cd0da4233aeb5e5754ad422219d66e8d1e622
SHA256320f3aaa8d3b531f22d143a3dfa76823d1844f5c0c912939d45a25788182af18
SHA51286c8152aa47f1d04d60d5336b467c6f2e0f6c5f0c39b976fc9afd32ea76124fe639d343c8470b63270a427c9a5d0421dc15f6b0d91afde13f8b5966134203d91
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD5c56b7cc5e448c5c0ca6fe15e0b982488
SHA139e87456bf4ed1355b6bd1759b9ab04ddb5aafb5
SHA2563b0f7f34abefab20eedaecb7e9f6aba0ad080c4a114e3ecddee63f94dc0c807b
SHA512d3e3761454d53fe379d4cad4d2d14ccec7260e5375201ca82157d5e8445176c718fba425d74618e2bd8834f377b8cc3251acd7fc8667469f873c8a2b7f54e62d
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD5cd43f10f293437ed98b69feed71d30ef
SHA116c84001f49586daab1eb7042bf2c74755c77183
SHA2569c41c70255e2eb65dd4f0f1d7452da3b621b856bd49aa56f6fe0b0a4ea80fe91
SHA512fef0c266717c493c5132e97976d276b3b101000cc0e1a241045e833c5db1ae99fe4b03c3336873d28e18d378efe3c047c27b0d8ddbb9b536bf9725be4343d1e7
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD50bb6bc70fefb5d6ef27e28664b39b1dd
SHA1511f31e41e564f6220b8a332654010bc96c4d5eb
SHA256d244035662ba0c12d001fbf619bdf30ec4569c264b99e9804e02339942a13ebf
SHA51225362f4a6a0fd36aaaa4e779c8fee68b2c114c96e593f2cf2657531de39362d63730c43678582be05cf3d41b0e6901fe6bb23fce52735f66655f0b1c84ce02df
-
Filesize
21KB
MD505c6d20b53947d4efeb1e0e8aa5fbade
SHA1ae832a439cb6f6dc972ace595ce95c51a92cf435
SHA256ab51fcecd433bc7f137dbeebfd622944776f9a60a4effbae8c67438979888839
SHA512ec329b93f797bc653cfab671f4722830558800dd96e3b61e336a70fee6c80a0bb63ffdb25e61959fa975c34d416db700d879be7991ed7291cb05bef41d32d493
-
Filesize
1KB
MD5ea22f44b1183810a9093fb31a0a8da3d
SHA14a4c8ad8b0bdc41fbb37dc38076f25c1c5ff8458
SHA256134fea6190b86e48cf8625182d02f7533c124ae9dc393d1f53cb073a81cb21cb
SHA512cc6f4330778c2f29c4e7080a8051594cbbe5b66f5073cf8dd05e7df8ec9890433844db9df4b94c526e01527d468db2ef933a03cbb27ac6a63b8cb6576ece2ba2
-
Filesize
952B
MD548603272facb53782bea9e2db72460d1
SHA1a3b7615d26f780849745d0dde1a8921054960572
SHA256a88b05779ff369f483f8b6ad1934fef905a12d6eb15cb9855688f2e75759812a
SHA51278b4d08412789bc4bf528b6285c5281ed788a8515ad8566c098df651ec1ed7e9d5b00e94e5bbd89a736a956818af8d1bd0f151ca38eebaa910c940e361da5ff3
-
Filesize
121B
MD5ee33f31681b3668b5eeab7e95c206e5b
SHA11d9376e566bea721cc94fc702277faa7d1a66db0
SHA25654a91d0d208d202e53470309594cfb992f686cf11365c577130b9bf90d247100
SHA512ffc81a0d34155687b783526a302a83718a49f8add2543e110f5d835179c86cfca55fae8ccf125e250525497d4dbe6cf9f32c4a3297ed41d0dfd442f6e464e1f4
-
Filesize
1KB
MD5c079c622791d18924e1c82cd864df058
SHA1571688b710fefc3ea3d9a1072ac6b30cfd4fc808
SHA2564156d26209e406a4841239442c0fdc44bceb221b5ff4133c0e68fbb599ad3f41
SHA51217cdd52971e804fa8d127cb1efa0b3956cfa6f1ad112d62002d3a0c3d0c6952f1b9e4e42ee670b3a9a3a65e89cdd40d3cd270734c091ece7a6687fde657935f9
-
Filesize
8KB
MD5a06b85b6fda3157bbf9c4d7da11fbfca
SHA15176b6661cf49c9817cb966459b6045580a38a46
SHA25669fb7e60f1b345b7c4b3d96611699e5acea932e4c8c15e3fb135c31187f196dd
SHA51264f205f618c5e9d21087e0bdb2cc169fa18f2b9c8f1ce39615b3d1d5b8af283fae1429a0ef479b3362eea1105feb9cc7ea3b46feb17a419c32d3fe1656b558ad
-
Filesize
61B
MD572046d9ce2b319185af8e439624582f6
SHA146fbb2926f66469ae85f39082fb46dc868dbedfb
SHA256fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd
SHA51217724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d
-
Filesize
914B
MD51c318f84285c0ecf62b0139660842a5f
SHA17283bf7106a01d299b8df454b49b4dd22f3fb035
SHA2563411e8e94449cbaa7c3d2ca8c214dda8a1592350d0bd7c8dc897fde15a11986e
SHA512c8c4e89b4b291cf36c630b89908c9f01aaef088e2ad1504ca08c7ea22680ea623a77f26417428f738ff40c0580bc4e6e5b102158220b9193ba1e045539595774
-
Filesize
90B
MD5abb89ed5355a53e7fed3da28e720ddb0
SHA1c75dad5a2e7bae74492d26d13578ff7ff082e64d
SHA256addecddcb3129cc843b8c991c874d8b8dc85237df088d5a31d5449bd6ee75b45
SHA512e1f9ff9ec5cf0fa07614bec8d48033a145bba6c72bc4b90d598ad276cb4f51bb3170d97044f54f12fafd57a65a88fe2425b8a9da2100a2a102dea19460d61c97
-
Filesize
90B
MD57ad5668be1c11eea02b3915d56f9d247
SHA13c2862c14a51570d170580fe740e62bc9782fbc0
SHA2560e0423f1021ab92753a2a8802701175d569d32e1a5f9bd5ae10fdf3b1c9e7b55
SHA5122910b0f879f96da036a4d1b04a12f3779dfe58b54bea6b7656ed0c660adcf551c86475f73aa5fd5ce9cd794b38cc8bf73af36b0d6b7a194d285335d5ceb10991
-
Filesize
328B
MD58ca975ce98fdecb6a597b45885b00f48
SHA1c3ec60a7aadd20f33306ae7b4426b43da61b7f11
SHA2565b2113000e936648c2f028dcff4e789bf977cd2f55622a626f843dfe759fc3db
SHA5121a692a1c6136df99684993170339b66f76a2931c7e770704f48e05c892930a47a8c3afcc2fe8a8d86913ca8657faea89d41cf2233415546a07e889523ca18e6a
-
Filesize
1KB
MD5d8ce849dfdc3043e0a71078d407fd9d9
SHA1814e176e18932781b038118a2a29692ab58b0b5b
SHA25684f8d95d73619dc8fd9ad16440e1216e70c6fade021d8d5bcaf9e0da6b1228ff
SHA51209b18f55ae8c01ab056c1dc12711672a04108087b81b66d4953c1c6e8b481176ff350f6732f295ed740438aa8431da06642991e1cfb325c27e7e6e0238888513
-
Filesize
162B
MD5291b21e8eafd34e48ea0ee8e9297ff8c
SHA11fcd0ffcc0a2f5ea4f8477ea28fb84529772bf8f
SHA2560df86ed5eb2c9655a31afbcb8b48686b66e110df9199dac1222d1550ba4f591a
SHA512ae713c841c56ffac8d19b064a499e41f2d96a679ad0dea3e6a3553ee766269c2fa4fb780533d79cb79e7ae8f3131d37b1aaff6e6536a91eb7f313aaf2293ba28
-
Filesize
586B
MD5e0f6c1eb89a7a45c6106af5065d22a30
SHA16c3ff0433fb6d81d1a239d3f3eb7a559611ae175
SHA256635060e7fb052f5f673f299b44639b3d0c9b31d755a8d775717a962535b6ce15
SHA512b1375c6bf3c51763e0c1bafaa5e4c38d7e2e4666cf1c06fd987f4bb1442979d638d512d016c002919c598df2862687b98254ffea98a958e066b46ba131edef45
-
Filesize
124B
MD597e1155f0dbb5a0dfdfe3aa82b3c3425
SHA1609e6be5fad4e56afeac158beb87ec4dcc25c13d
SHA256ca3fcff60ecedd10dc097622569a3d2f93104163f6056b7a8438203c9ad7a5f1
SHA5124ca3f5a7eb5caefdb4bef935e94494f4efa0f1602f4cb1711fd96275142f4a937319c78ccdb4a1dd144e91ec2b00bb1cabdb1cd88a00fbb883d40677a0bd26b8
-
Filesize
8KB
MD5a6a20c9443aec0f0ae4c2de22183f42d
SHA125e068527b23a90b23a871d9685b746bbc298b81
SHA256da35dbdbb99f6359f24209306058b53f290a2a63607f4d69c2d32fda889edf1d
SHA51277a5b7952081aa6df9ed62143205f1369e8d59adad88fdfd053ec3a8186a1c6ffaed243074b75d428f826b19da4dc30b7835cc7f9498819530acfda332746034
-
Filesize
880B
MD5863c2decc07576618bf6b5360500058d
SHA16516035d13353a18083855bfdc7ca1dbfdf0c4ea
SHA256f082fe76fecc24cf16d05dd3279f54aedd5e1139f7838db7d7d34141c966a87f
SHA512d478d1c495df96592cab321c4cdae815eba451a79aa22a6ce37359a5edf1beca75a250bd9fffe44a65fd91130cba1e635c295b993c8a0739183294624ea53c71