Analysis
-
max time kernel
132s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
28-10-2024 13:12
Behavioral task
behavioral1
Sample
79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe
-
Size
12KB
-
MD5
79ccdcce117dc3dbe22d5a999ca8a6cc
-
SHA1
3f750fa10dc50b127de7ba592b792a25be4e9b5b
-
SHA256
e98182d44dc7ec4a154021757da3132769db318cf9d78f15fc06c92682f8a253
-
SHA512
795ed18d899fe7c3d4b20d4d8b24beb2ebcca88e3b8b3a8927391a8f4842cf8f8fefb6dfad5af23dc4548b710fb10c2edf414ac369f91177a6d693579cd790dc
-
SSDEEP
192:G/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMiFlZH:GebFNw4Pk1itKkpAjjI2YpdmiFlZH
Malware Config
Signatures
-
Renames multiple (2171) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3Mj8k14CbmFIV28.exe" 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_neutral_cfffa4143b3c4592\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Variables.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Comment_Based_Help.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Windows_PowerShell_ISE.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnso002.inf_amd64_neutral_c3b7ce4e6f71641f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnsv004.inf_amd64_neutral_fc4526bbfbd5feb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx004.inf_amd64_neutral_2cf95f307381e481\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnrc002.inf_amd64_neutral_fdb6f2e252435905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnrc004.inf_amd64_neutral_bbd3435eeaf576ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_neutral_24c807694f614911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_neutral_548addf09cb466fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmoptn.inf_amd64_neutral_be2f30f68f2a5567\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00e.inf_amd64_neutral_0a4797d9b127d3a7\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnnr004.inf_amd64_neutral_3319ff2548f89fd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Continue.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_jobs.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx008.inf_amd64_neutral_75545721835fd863\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_escape_characters.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\monitor.inf_amd64_neutral_ab477c4d805d044f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_wildcards.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_History.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_neutral_b94eb92e8150fa35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\fr-FR\about_BITS_Cmdlets.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmcpq.inf_amd64_neutral_fbc4a14a6a13d0c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00y.inf_amd64_neutral_64560c72e81f6ad7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmbr002.inf_amd64_neutral_ce2134188ab21f59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_eventlogs.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_try_catch_finally.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnkm004.inf_amd64_neutral_d2aee42dc9c393ea\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\ja-JP\erofflps.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Variables.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_command_precedence.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_scopes.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnrc006.inf_amd64_neutral_7e12a60cc98d3f89\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Parsing.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Ref.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_environment_variables.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_do.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mstape.inf_amd64_neutral_c2bb3ef1c45cd5a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_output.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\SysWOW64\wbem\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky303.inf_amd64_ja-jp_b054bb0d59e0a3ad\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_do.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_format.ps1xml.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_profiles.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Throw.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc2.inf_amd64_neutral_7621f5d62d77f42e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IIS-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_profiles.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Program Files\DVD Maker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\flyout.html 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21505_.GIF 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_left_over.gif 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_snow.png 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21296_.GIF 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\settings.html 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_down.png 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdate.cer 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.XLS 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR39F.GIF 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\ko.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Program Files\Common Files\System\msadc\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsBrowserUpgrade.html 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Program Files\Windows Media Player\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInAcrobat.gif 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_FormsHomePageBlank.gif 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\ky.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_up.png 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0295241.GIF 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_choosefont.gif 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\v1.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\EmptyDatabase.zip 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SUMIPNTG\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01238_.GIF 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Program Files\Windows NT\Accessories\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0148757.JPG 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143758.GIF 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\PREVIEW.GIF 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\SHOT.WAV 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePageSlice.gif 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\amd64_microsoft-windows-t..iprovider.resources_31bf3856ad364e35_6.1.7601.17514_de-de_716cf29f04ae9ac6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..pc-tabbtn.resources_31bf3856ad364e35_6.1.7600.16385_de-de_722e878d194be5c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-mssign32-dll_31bf3856ad364e35_6.1.7600.16385_none_ca0a23a23bc12926\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7601.17514_it-it_7a6c0813b0185bfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..river-rll.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e5bff3a3798248e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\37.png 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.7600.16385_none_72414f35fc718b5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..cardsubsystemclient_31bf3856ad364e35_6.1.7601.17514_none_770a7fb29038c2c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..ovidermof.resources_31bf3856ad364e35_6.1.7600.16385_it-it_fa874b666904bcd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnep004.inf_31bf3856ad364e35_6.1.7600.16385_none_948c2353452e6ef7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-s..iveengine.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4fd161061134e728\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_bda.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1d150d28b3032420\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..nts-mdac-rds-ce-jvs_31bf3856ad364e35_6.1.7600.16385_none_618fce9aa33b1d9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..oler-core.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_264f24900e1fc6d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.1.7601.17514_none_e27f805beca8b9dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.9c7998a9#\acd902e709e971559dc5dcdc9b623b5b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_faxca003.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a69691e004dd5081\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_unknown.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8cd033c4f648edd0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_do.help.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..onents-mdac-odbcbcp_31bf3856ad364e35_6.1.7600.16385_none_b0d14a16af76d049\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_6.1.7601.17514_none_e501f8e06b32b48f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..installer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_755f24abe639fb46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..ntmanager.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f0114c776a1a046d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cf32f45926d0be1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\inf\RemoteAccess\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-b..g-base-professional_31bf3856ad364e35_6.1.7600.16385_none_5033cc0ab905012a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..-binaries.resources_31bf3856ad364e35_6.1.7601.17514_ko-kr_296c045475b2b94b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..latform-input-proxy_31bf3856ad364e35_6.1.7600.16385_none_b98fc87d6c45f81c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-e..presenter.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3a7b83490cb22fdb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\msil_system.identitymodel.selectors.resources_b77a5c561934e089_6.1.7600.16385_ja-jp_4668ddbfa0beaa7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\5.png 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-eudcedit.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4620b08ec72a4f30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-winver.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a770f7d8b3c199b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\d122f8c71cdd586e76d9617f80a0297f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\Media\Sonata\Windows Battery Critical.wav 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220\Windows Default.wav 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnok002.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_420a748df5f408e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\Media\Festival\Windows Feed Discovered.wav 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..ctory-rll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8c2f9ee004904c05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-duser.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5dd0337406abf37e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.1.7601.17514_none_2f54961b4c9f4194\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-ocsetup.resources_31bf3856ad364e35_6.1.7600.16385_it-it_32812db4254fee20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-sysdm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8d1f895657f89a87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-a..llservice.resources_31bf3856ad364e35_6.1.7600.16385_de-de_10d22dcfce04430a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-blb-cli-main.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a7c8814cbbac2b26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_679a6ba79b07a3c0\icon.png 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\500-13.htm 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..extension.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5689348b809d6bf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-webio.resources_31bf3856ad364e35_6.1.7601.17514_it-it_8e2bcbfb61173709\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..tpc-uihub.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5eced48c043dd06e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnlx004.inf_31bf3856ad364e35_6.1.7600.16385_none_48b53049f85347d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7600.16385_none_c718d071d9c10a2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt19c51595#\5d271a02e221b644ac9e7f0e29b9ece3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wdma_usb.inf_31bf3856ad364e35_6.1.7601.17514_none_cb3de110cd7a6fa2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ie-networkinspection_31bf3856ad364e35_11.2.9600.16428_none_57539d77690ed353\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-lmhsvc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e32c263d184c03ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_subsystem-for-unix-..lications.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2cda79b60e1fca77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\inf\aspnet_state\0015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\inf\ServiceModelEndpoint 3.0.0.0\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked_black_moon-waxing-crescent_partly-cloudy.png 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-mfc42x.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1e62076fa8dcca99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\ = "CRYPTED!" 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\DefaultIcon 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\shell\open 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "YWOFEWMRQAYZQVA" 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3Mj8k14CbmFIV28.exe,0" 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\shell\open\command 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\shell 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3Mj8k14CbmFIV28.exe" 79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\79ccdcce117dc3dbe22d5a999ca8a6cc_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2536
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
343B
MD51ae7de2b41041af2ffedc29f60e6e1c1
SHA163969a651dc2d2aec18aaff8c86acbbc3fb86b6b
SHA256534c8054977ffcd823939e2c00ae7f72a5b153fb564bb089ce4b20cf3af49d14
SHA512f3f47d138ce2ff2e0b6533f613a078beb1295459c20270ea8f31f8c4efb4ac063ee6a09852ccb4a03d450aa5c7aa89780cccad480f46521be70eceaa5b5cbcf8
-
Filesize
341B
MD5e1c6b2bfde0d11b6400bc2feff6e7917
SHA13e3461d46606fe786b2447cb5742b8f9665bda43
SHA2568a3f02dd8b826f77cc80107d2d08c172bb25e89365887d5767ed9040ec50ae64
SHA5124dfbfc7460c4833c1f6630da5da2f77ec43d91eb7debc1f6bb2e73f5296e3af3092fafffdc594dd84dec6069737c222199a18a6f718cb4475c06e7bf3d6646d7
-
Filesize
222B
MD5fe80e2b52ca8ed1a341e424df44a4c47
SHA1c5418fe7548f5dc6b1e0a3b2a072f1c993ca5382
SHA2568b73cb59b4ed2e494f0471114e3c789e47bc3b9e3d7ece68c6aa4165918f2c66
SHA5127e91f1e0373a34504a54e7435a813a3956913438e224c667c873a062468ffa5c0f9d76f63bf38d0d3bacfe30f678537507b6f605352374034add9c1ed3e206d1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD519c734077538186c9715812c19d982d5
SHA1484d8b18c43aad3a0d6bef3e06e8ac52d2f78806
SHA256e8a93d3dee0545a65b711e2caf1f54ac65ad69f52d7917738e9238fab6459dfe
SHA5126dd927032e95c2293d0052644ba35326f57d837e8af570c4befd07c89b0ab8807bba6752c2090c5359fee84beefa50393b7bdf92112d86388f7183df39abf6bd
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD57c8dc1462650a48ba239a28e5b1bd3c4
SHA137a369bd60a5d088aadd314edc67aa434873ed83
SHA256ac9ff3f0a975af33038b5f8405810fc9f312a99f58fd046bd21fdb675fd040b5
SHA5124b689e3c4da65b1624b2009490ae4d0fedef4fc2cb063213f12400401e71b2cbd95dd66d3903ce880a4c0c9811ee595d420d64df021598445b38a80ebdb6eebc
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD50128b386534577e28991936f521c899c
SHA1bad3145f0b23ac55d988af32fdb341c0e10e69fe
SHA25671ac555e4682f9e584ec2a3f308d4deed38d2367d9b265b4e7c7c8e83ef58175
SHA5125d40db28000080ca413655e454775627acd5f837f695f0ee14f85cac5bb63152e8555575223e9aa863dbe5ab1a269e7a60f99f160ed0601123244270a3b86b1f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5514a790b1496843317414ae2b9cb0dc0
SHA1fe5f5a2fe862a155702449f0bb03ae7f9c525106
SHA2569715a0cdbc43d44b8aebc49f2b9cbbaa52a15912ecd811101672d3e4ace22360
SHA512939bbe211dd553c9bd394376caedb2d0e6eb7b9023c2721a61a3dbd54a4890de79ea2f8070b417d296cc00ca02b3638a05026152b15219fbdb766e2a74d1208e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD55abd45bdd7468a77a9effece23a3a845
SHA12c7dad25505d1962cfea344eef4af161df0c5530
SHA256ffb24fb5b9201556548cd7b68f93f0831c138490cfbbe85fb27480dde08c12f7
SHA51278e77e60322efbd2af16246ded5702d12bcb62837a7da3d27d373760bf807d4509fa1c5af14823127f1e01cf5d5e3b28374208df51fbe5c7f6d1402770fb2e22
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD50ad6cb7c4d5512661d365ef8e0a253f0
SHA1f854348d84e3b77a57e08fba5b00972725b8e3ff
SHA2566583cf5e998b718f7b65ce3b2b0fc93e4ba7ea6e88188904ae2dc399d8707d4e
SHA5122226ff0d3a9c1510223d19f8b737ac1439713add20a7ccdcf418d09582910f87770dc24f01c56b6b0b13e3e621bcc828d8b292af3eb02785c081c94c0b1d4f2c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD596b568d06377f5f60bff03a6ef07d07e
SHA16427be4ace43d314f6ba3219d647a430e724273d
SHA256e7e134a81b06a2e76928604a54bd8e90d4139e0d3dc8fb9a5e8dc01db3890f03
SHA5125503166dbb278785c47012365ee5d0c2415d7e14e08d6f1f2879eab0e5907d56e7076a30e436afbae502039f2eeebaab94679c8323b17f3591ddc320b3385420
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD57fb5c03e75b0cda14ef2524b2fd9b48f
SHA1d702ae6d7d605c3a1be76d1f5cb1994802fcbea2
SHA256e9b431794c84af4f100666daca215df734073741970c633946c3cd62a7eeb12d
SHA5125b297e28d448ac77583ac38ea733ea8a2d30a3cabfa3a42226906ead6fe724f92e3b6f690d6947b6e0ae50d886ad2f92fd1a56c0c6913a1d3ce2a6081feea687
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD5153ff090a59af858d8a1391765d69036
SHA1dd48a859a8db1b24ac79399b81eb79add3e3c6de
SHA25671c3b3040f0993e5b4b8645169df522d17e8312a2eb457618b6a741372bbe33e
SHA5129709167c8cd86d28f107d92912dc627ee3a75b56f8731b3327e8e066b27a021c2164898a1f3a10b2dff7792de2ce0a7b70232fcaa84ef1c73171a93f1f18d9b3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD539877bc8011e7785667b25dc0c0b5c6c
SHA1dbecb859eeab925fe7fd6a8f43735314b5700284
SHA256cb02fc9a62f0253bd7c92d76460af0f5c1e54246aba6a169f3525e45bcc08df8
SHA51226fbb57000d506e28fe4d8d34f3cb97046ffa0891ccf11fbcf1edad7a52a78ef53ae2bf51847b60199301bddbb0bd13ecfa89d311b88f5a1b1e90de767c1f385
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD517b2a8d7947616b4c84e03a618948227
SHA12933334be0635fa7095d1a0619ae6c56cfabb73e
SHA256aa9706fbf1478d85f081a84bbc73aa84ea30f83babc069046fee5d66a8100d9c
SHA5123c806633401364743136f53b531bf23ea41b4e7c49f2ad9f85015daa475e7a545ed44e93366ec0b62a661374901ab438aaeda86536a0483439732586dd81a0b3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD5b958eccf8a3552ee960a8ce0c4b2b821
SHA152573733dc378e16b386fd28ec39987e91664c0f
SHA256cf39c9b244a1d52a875ad50d9f2cbf76f49177b6e4a88f1f8113f74521469569
SHA512427b002e3853a39e5329e555cd8f19ec44d996b077b0d6e5cfd331bede6fdb6a61654f0e49402b385c3cce4eb2c2d69e670054fe7e27e9a5f5ae1856ce8e85c7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD58f46d55f0ece8c31604e4d5123d8c733
SHA1ed7e25ca133f158a5a64e01e10cdb3f7d7d6c64d
SHA2568581e7d635566a152c701179ed5e7027861f75f0816120baa4ab8ab1f9c671eb
SHA51298b948d6982c9744f4c8af8c0eff341630c4f793f7ec840cff6878c3f3f5a2c2f24cf67734c10036d3a0053bac74a0f89e0b21b5395794d1569f921d03793efc
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD5206c6369ed5c9d999eadc2e8e9267359
SHA15619a9f4cc707bcf83d79925d8a7add239746efd
SHA25636bb728e2bebe58d76c275542e714503de62d32165970d0e60f1af758efef042
SHA51247696a4752d932ae9947c5787058f3824774cda46b4c16794834688d37f73ceeded406758a411176a6233a3bb9ad4c547372d58c543fcfb3f7b62a2fdd5636f9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD56df9dd9dc993171285cc90ec16ca034c
SHA18ec50be12c83e7b7289ffd8276f6d58ad9dd7040
SHA256d822de9e7a306a53ffabe38cdc507eec7900856c587f99ada1ea979934b1a5e0
SHA51297681a86f2ca69ced2ef7a2802d68562e7d2bd5be805518587f6dab53f1b47e68b887cffd2dccb79fdb21ccc470b456d349e35773e7c3c550dfef8ec6b07e4b1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD59fdec9ad4f4d652ce5f7b54e9847a33c
SHA1bbbd9a5c8d46392b65769eaf022d6eec2cc69d1e
SHA25635d9f47b20a1a1d03b21c8540f7c3ed6b98dac9d15071f4ff893ae0968cefa59
SHA51279f92c7cd0039964e98e7402f168e099b751f6641242d2c52b7960d839ca22eae5da25f1bec60575ffa728c244ac64ecf8426ec69d78049481137dbc39dc7fce
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD51a463be032a45eed8881c086c041e21e
SHA17ab9b06fe7070ff3801b010dbe46ce331ba1f5e3
SHA256e407bef03d1be3a84899bffea1c8ccb16e54b12e2a5f705780bc885260787c88
SHA51254f7ea3f798a81f9cffd29f6e357ccb719e6fd3e47c0da4055a8d649fb4a1391641eadb94003c0c7915fae3d8e80ddd09151140f8e0916301f123955bb685749
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD57af2c719e69d24360ab72d43e531a2c9
SHA1c072de90960dfb6bad19e7ab8c3e440d3dd5e84c
SHA2568062240de74f2386987d06979ca5cdd8515d32ad5e8d23c82d568c19e8ba4aa9
SHA512e165868acf83a383ad907be1212e6c2bb63b9b5343bd17ddae99b66a2df7b9c8da420c137f7e2ea0dfa83951e3a7b162d50ccf1b3f4847d35d30210d83c1f578
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD59487f25b7aa577deddf2d9aa51207af8
SHA1919f56c3df734161b1bc2b9c30bccf77d5b969af
SHA256c66647aac0e3723a91f052811af8836f2bd770c4e98cd0cec04fb88d1b0d425c
SHA5120dc9f53cb0f3db2573f326d93050ec229c86c38d805cc79a401204625d8b9000b2ac69a5268984a084e5c216d210a252a393e428b8eb2f3cd93848ebca5962bf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5666c74f33960751922fafb53d5c3cd8f
SHA13bc95c645a82b78748b472f21005bc91b9b70faa
SHA2563a8d905a3c79d5453aa259332f915a89c111ad5f0ce5b767a7e3b8d97493d004
SHA512016abc8ba4fa97dc6014464a323996b98c7f5fddfbda3ae490aa9f843e1ea82660e6802aca63049c7700f765b28b33f94791a874066157a4a977516c6c97d960
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD5893b9e0b945728637f4c287855b990d7
SHA15022a7f191f7bd3f6cf5000f0b0c6b9168cbe634
SHA25639870017c611ee7f03cb7ddd472932e7407f8bf069086277a238a9879f9ca0a9
SHA5127a4012eea033ff316db346feb782cd0de51cf5d1b26e53c142194fb152cc54cd3eefafbf26d9ee7d6d3cb47902234a3a15539e268d1c2068b8c3851f9cb6e081
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD51fcd5f949f2897a9818bd9ad68020b4e
SHA1e161efbe217b902c2ed0fd2e92f8240116b9fe81
SHA2563ec34a7b78c68cd1582fa0d179fb3e32df9a55aab046ff7fd5e5bef65beb2b59
SHA5121a2e444dc712101a8a5a6500db9ede7e27847e389316c67651d02552a463c3092edf5dcc5f58dc65e83f35cc0c11367ef5e196fcfe44782f453f31c843ecc98c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD58c50d2a5942f6cf697506692ca6fcb68
SHA17e0fcccce3b12f77358330ad26f9c91f4694324d
SHA2565c085aa6cb7b31c61fa84f5312a18a3699cbb35a25deaf88dc6b145382e7c26a
SHA512efd40c0834bfc51847422c7c45ab208674fc57c9cbf8eed8337c6dd430eb238ee8e4b71d1f39557e8caa043de26715c02129293c2f26584f372b2031f36cf11e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD5892cf2a62e7af91a6a9520686bc556be
SHA1521a3cf3ede1f09bf492a7c314a05e4d82d6d40e
SHA256e02b812389e4f5c07561b307fc95ef75a59eb422869d8b5b2b52bac6398098dc
SHA5122ff552ae9a284b16901f1e7866fe81760b55d84cb324a6593416578a81f57520e4e71fd58c1e09c236468766633b735313a9ba333dfc512786fefa31449fd71f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD58796e40b7ffff63ae822b1f07796a1bf
SHA1c8e80d08548057de16435a88a19fa77de7845165
SHA2562cfa12e16764d8ee5cb2bc5f2ef37ac1c363ad015da1918814d758e4470825fe
SHA5120f56647dcdf70378f70093f907da78a074de33c3e1a8db64c6019cee69c79cec2535b3c7efc154284e59113e01aa078f8b79495241516908a1b787a76b19b6d7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD5bc4ffbaeb9749997eaa74d594736629b
SHA116eb7ccbbf7afa15005e16521bab4058cf843ed2
SHA256d3c77dbe61354da83206995e0b774142e2e374cc402f957287c56d745c887ec7
SHA512823e55edd9827ce78c187a58e6a833a2242d251af97babbd71ed6eaa18177e7cdd5df426e9c0d74f2f6432e2e7d0ebe7474cd0f45e625d74045dc967813f3b6b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD5a43c317e1971e9a8680179d768132520
SHA12eaebc635181b8135590ffc78f341b55048e3ec6
SHA256c21ce3ffea5d6eab3b7184a2871037dba7a27a99e3c5f4c4906a86204067df14
SHA51292010b631f20ca6c62334b38e3c44597e54224a3015251866623790153a02a7b7b7922f2d2a96d332c45e0b1f5ec3dbc19f2192282ebf52802aab14a9cd83636
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD58583b1873ce500e67ccf1daa3d4a69c5
SHA1755c91927bbfa9fdc55d3fb48972a0c1fb0c88c6
SHA256332dcfa60bdc48de91c34c8faa9439e7ae0a85b1fecf1a347f26d36485229105
SHA51299fd231a8ebb8d18d14326efbd362e878e881bafee531425cb274169e7c7839b445d34ee4457bcd967ac8f6b407c1db32a1a966f68cccf002b3ee2fc7acd50d1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD59f5ca28e4147b280c35ceddc3e0b8861
SHA11f2408cc9e414557a358c0dfcb748c9dd07751ee
SHA256817a1d69d7e5e02586f1ae899e73b7ececd382914576199e1254d81b935ef95b
SHA512f4f755aaee22c6ed478dd27312dd5044956197cbf1323b2ee5438cecd430e2b42e8e434d9812eb8a11eeec5144bd1e719c3cc43525334e92f3b5c71d1c43aa0b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD5bb0e134a26696361ce5d1df225d10e82
SHA184bfee36ea656b1a8447f4c174250e5addbb9f5d
SHA25659758e161548ed7a0c57d7880f092c1c1cad48013d87558579e888bdb0ba94dd
SHA5127705ffa56729788cc5c102502656e37c1ee8c73c8048a8cf8d5576125c704e3bfc6d0f1f7be7e1a4b93554ece9359661dccf617dae01e9cd578f0329f00f28c1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD52b92c5342f8e4540ebd4fd87f7c9df52
SHA1db2c792206883270465beecb735537aca2a90f3d
SHA256bfbc9d7d40af0fb88b86b1c457c7bc8b5ade17e3dbcf95c5e63cd70d4cf54ace
SHA512643a0febb71c18294a8c32ebe1c94da2b012f503417d05531f651f4530c2c509d5ed7a09029a012fb0617a44111a0263860ecdadb35a73e6ec596d92624713e6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD52b65a8d77778bcee432fc74953c131d9
SHA1ccc295e38f2e7d999683120d3e5598fcf766eed7
SHA256150652bb097e380096fbe9dc4dfb76cda080860ee3c33140e5f1dab609426a75
SHA51278fd8e975f9edb6b401390d218796a8bf49be6c49365673665cbb591e9ef2c868a3cbcd6551876a78df4ff5573676733dd672bfdac7c240ba29bc0ff14193b08
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD58792eff5d36bb18cd2ea950601bf1d21
SHA15169bac91b285e1fc2b2c0645e70f6612d8c76b3
SHA256a793caf4422d59d6e71694552fa5f8ae54239041b7c17d00f5d873b9735f1362
SHA512e0e0149ccd696aa425198441d0976d75d8ba57cc37be1a0aa4a96b913dc0653e5d66d8c39953fce111726a19ead58bd65e79477eb7f48478168793bc96761e12
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD5d444185202e68b8e183a059b3ec08e45
SHA141b5670d8b6c8b998b2bc02c4d7c9091e3fec03a
SHA2563abeb3bd6bb263b7bc1f383121a548c6f06c55dc6d0316e23377961b1d195ea4
SHA512d23243dba4a4cb8f8af7f1d7efec5db0d1bc19d418bcedf5bcdb5386d93fa8e17def0d27db48cd4a5d8a7407490a98ca4f80350059f2c70c02b2a74d190906ae
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD565edd435a7b949c93e11d48fc810174b
SHA136a101eb2ba06d84a0817058cc0573162b65f0b1
SHA256dbdb47a4ea306fc64dfe2d473fb3fc26ac374460e0ad0579ec5650cefb23c3cb
SHA5121937e110d7d478df38eb6e2a4fe60e64f3c7763184e8c495b13f398980a572973b185b7f067090bbb990b136714806e73d7397ec4355ae9a94291d41f739f50c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD56f5830a3c09ead79e6647a03ba21ddb8
SHA1a09c8f260357a2fe9f51a399ec76c00ac2e9c5b1
SHA256cefd8dfdbdd5df66d253113da87c4fbb5eb0379e9e97f85e50187571d839ff5d
SHA512ae0224c46d1969788a3574c719e46601bdb1e207022591d155161a049a3cb29f280f02e144723c5cd09cd195ff140010a31ca4944c6a29fc1666a5bb7b79a0ed
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD59b8b1cc5701b3ba861b647ae5bf3544f
SHA1398b66104e5fff63a92d2002a29b49617e925278
SHA256cb435d2d8a5791082a9577ba663ae22070ad2b0759c3a3bd78b2fc66bd6244c9
SHA51288dbf94edf4d5112735b38db1a326a28bee80759e19a2f5afe01578c0fef5abcd183ecd8acb5e0b430019f8717055da15b009c7a985bd646d2765a6f0e83af5d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD554878da0cc80e1387c2a6ab6817a6536
SHA18e21d9e976513e4e60605dabbb17294f0b37388c
SHA256c55baaff0f130570942499a24fe79f05a807eb76fda7efed4162e2e551b264cb
SHA51223cb0f56e618c4636f75a3b52b1c77db3e0c933368cf2610ea264ebef5f91cd158591368edd86a83814632fe51bb6cf4278d77ce59552419010248e5306755b2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD59d76a03b277a8a77c41843cdb9f59b53
SHA1e9121234c6ee1ecefcf8168c3a15f8234f8f8ce1
SHA2561967f8951fd127590dd29df5caadd07ff76d7997687e8bb0970943cc1e603382
SHA512d711787addf10c53fc5ea22a3c387b596c844a5cafe2893a982e62f37b57946abba6711c54133a758af8712df684a11a199bd2adf8996ea99c7e27e0b899db64
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD50e7929b7fbd03e155949e51fa8bde8ab
SHA1ff7b2a2933387f7a59b1552e3e1c992eec8d7b7c
SHA2568e2f9b30dff655c35caadeb7b851259bbb54e1543d837136532496c4d079ce8a
SHA5125ffb05bff0bc2c8325eabb905ed8dc6602c44fe47791ff6ac00655158ce8c4e7e4f89250d7612e378623d22753dc178ec435ba84eaf12790c55b6d292586651c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD5f74be8adc2300afc147a91da3f88af1d
SHA1befb1fb1dfebf455cace0acc5986dd1468d9371d
SHA2560d8d3c25db74b5d6e452c8b3d4fcbe4aa6254daae58a1dcb2351e543d0ae2412
SHA512fcc6a67eb98d7a3274e0b6ed7bf7b5b7c4759c8c9d841954b6718854f3106cb21b869c0fd2ebfb1a8fd724259d96a621f6fd1c0778a8859269b2b7ebdf9bcf76
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF.EnCiPhErEd
Filesize580B
MD58812866948db1d1b2e462be84d185a79
SHA1255943a56882f8e305796ab209b2fe6d075f1072
SHA2564553f302508ff16c375cfacdaf88c11f1937cc0aac658f95c67ec0c8e5158e38
SHA512ff4a6e4dcf8fc42253d9326347361c8232b67a64eb62ad9c44cbadfb57abf4a1162df6148bea69cf3491c0199ccc0c9768742975745941ac716ea1b890a8a2a7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD5dcf8129e85710572ef2b354ac468f2f8
SHA1297530be196c3d9685f839f207dcc637161caaa8
SHA256e9065443fcc8c974c5e5ad30f46267c169885bee59ba9a22bd3593039d6c68ab
SHA5120bb3964876dcc627d059e46dd393d8b6e5969a28748d5413ab8ddd7344097d85c9ddd4b2c2373ef9c4b5f3f9f956147317e4a928cd6fe25a53417c421b95cf30
-
Filesize
625B
MD594981993fd087c0e6f7861194068793d
SHA1025ca735855002911cb083c494f386f01b5064df
SHA256e109aaaa1e239a8bb29496b036aa77ed4388bd0f024d48c253db53c1a3d6a44b
SHA51226f9b61581f6116d68b26977eb4a69062b77082344a5b03d6e56cf89faa8658c464066eaf7dfb0a1b655c8e2b7baa43f3db3b20d1ea2cd1fb2e0507fc743096a
-
Filesize
873B
MD504aab197a9636f3770dfdf9e299b5e67
SHA158388af7b7b0489588ebaf026caf20f247fd93ae
SHA256440862a23190560c6fb2fc7c8216f9b54ec2cc5bee26c35091aa0281fb3f843c
SHA51276d0eb9c61d23b528125aad3cf495b2f71ee686aa0ac81b2a370caab9088d87bb7431ba5a7c08ee0c5d6561905cd7759d2e8245b61612cd62ae23dbdc0ae627f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD5b090ce5de67c23c98f2bef58ffc64cea
SHA1b93dc3dcb1bf6f2e685bf535cf707b7d0045470f
SHA2567ace63dc2e2adff9d10af0f47fdde99ffee157941f63ee366d9c1b00ea06841d
SHA5121d36cf51fee14a69daccde18b1b0b2031dc69ad00460797126d8f1527f7e85e08134b02c372afbac84eff7426134e3450e7b19c5642f4e2a09abaf9bc8c1bb2c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD5abc91859623a2c10e3ede94a50f9262a
SHA1cb26c5b6da671b93c2336948f5b250b56809d848
SHA256b5ac81383bb9c014d4b4030a9232e1b33fb7e51a6ed1cce6885d05e7668e255c
SHA5121b50a635fde07565942f91facdeb6dec7e73928d127be8c992a99b2026061d068db567b06c57ecfe024edd59e63753798ae09c98505c0501326d2977f4db7f06
-
Filesize
615B
MD50370fda81fdf9150e3a40937737225e2
SHA1830fd721b5cffbba3cbcdb40d66ca8e507fad251
SHA256ae1e5ecbedd341b099586a599d4a353e632713f70ee173275f45c7847c050abf
SHA51203c78ae24b1880504f599455630a89f76167582ca0aefc4305f24f52f0851b4876db67f0dcf8aca7a5b1b172ee5085aa158fcf9c7e6106a99d2404a078fc6985
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD5ae7de0a715beae6d366e61ada8ba40a6
SHA112e744ea3b1cb6a6c491053e9c6887d45b7611e4
SHA256103663af9f96da9e3e5f8cc9aedf008bd016bd9949e4c9efdfa49b747b993b8d
SHA512a658cba16212766d228dbdf1cf5f9ba79621f594adc411cb33cd7f66395dc16c57d4aea5a0a6ea49812e1b9caf874b179b362735da5368381d8610f90e3542aa
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD57f6d4a04a3bdd889c3212f15f33f7398
SHA1396508392bfae9f8c7a8e6304faa1d291ab3c155
SHA256fa2c07a04210589acb523d78b4e206288e4c32e13d4104d8b724e5270189c5f9
SHA512fe767dda4b88a1fe0c8df7f547c66fc4a51918c6435a871e955f4458155d338c24d6d7b02e29db251717d319ac130e4420225681a72bdf6c41ff78a7b85c8727
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD568588ec9212406aabbcfb38a33306f59
SHA1490dcf3e25405d3162fad141434496c136e55322
SHA25638f10954d81dc62d6abb82fe0a15e767a4270a873380d0bbc16cdc81eccac2b7
SHA512f9efb4328786e9d905151c5c6fb2749162d3a7ec87592a305b18a070505a5b9813ebb35bd00bb53837bba4d10f0d5f9cf7d2a879e0910cf7b587ed872ca6ec93
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD535b868c4277e87b4db924c9a826f5f7e
SHA18109cb7a455ba9b4a1941f9f6a3b48f5d8a56a1b
SHA2561287ab58524e3567f778d1405722356014a8273beb96b856962d719032e7e6c9
SHA512895a3a24c6ca624645c79c49497bc49c65773fc361392eaf40eb7da2862598716c1e715087f4090f0cc40d8977bdfcb3174c0247d4e257bff3e268c5b67fcd58
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD5a87b93dfd2fc242f101901ba68fe31ee
SHA1ac06d77ad1999fb31873f38f8dbad465938d43ae
SHA25641344919ad75cabb614765e35a48df766a5849a30c0478e5f12aa52557dd4814
SHA512482215397ec21711eb7038b5df1b7e23a8b7e3bd4e442ccf886a0bf96f3c9f3e80bebac2e4ef8db9cf67f90102a5268d3010f9c49ca609902ebb855effdfec7d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD5ee6f644d4a9649fa58ea4509b54fe812
SHA1a2025058862be8b77a963b439314357dc09a1d45
SHA256da014dfb8f77355ef0d57e47537a66cc818df935671f8337f5334da10c44a2d1
SHA5128f354c1c094381afee26c72b060975b2c6d575f276f45064bedcf2d2f674e99d3eaf62e65f3df162743da82d5c940bdb5e810022df95db1338d6128148480250
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD59851bbe5e4d552d0040fae336c57121e
SHA108562b1c90fb7fda8bd6d86ef3dbd9105436bf7d
SHA25676b6bd0160137ee0fc0366de83a5577d769c485204a4bf54663448f8feb892d1
SHA5126a7c96bce81933c01bc836396127297e88bcfc2d1e2e4137d798df05c33599bc3641a67edc9498bd83c6a5affac19767e17e518fff1abe2d6fae06b0f0f9498b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD5be39544bace0ffb32d77dff7a47104fd
SHA12a0186fa829169c2ee8f99eb5bfd261a7c98369a
SHA25658177d383e30896beeab48de441b0e4246fd627fb1d100e0489b9afc6afd1225
SHA512c672ad66c36a0cbed44d628b0e5624df6b1aa08461d0e42f5cc9cb2657a6ed2c820ccadd99f98a4fd23f180a9eaa5e4e5dc6bd5f05177f73d89387b59ca323ab
-
Filesize
153B
MD559c648fe2cbfedd1140dedc3118ce680
SHA1b86c936102a9a2440961406ced685948841c3b35
SHA256fe59774e4ce28fc9bbd765319f2bcc577377b8812c28580a2556ea33cca13a8d
SHA5123e7fdbdde4cc89c18cc4ada839ba6f3c406cb8d6b284c43e3bb7add24709b4b4ccafdea709eeeb181ae754904879d5dd6b458733a1f0fcf5081befc8af5f8379
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD53b7521dc7c164f808a325f085e6954b0
SHA1df77d92d78bfb545ee2d16f6729e2dfe20688248
SHA256cf6161e0433cdea651f1c645dd723dca97c3cf37d88704c28768a6b907c09c6a
SHA5128cf0d9552488057bb20f8daf57785786b500d9bca5b776818612bf94f6556b10c71c166f2c49a1381b7e74290b42222c9123c48d8776fa0c9407b994cce50f89
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD5e694ec4ef2a92e71922a9e44a45ecdee
SHA1fafe837a33038fe04507b557e651ff970990e84e
SHA2567da48ed1f167b4aab1788fccd96290fea9a7e71bea8451ded18f58f15df470c4
SHA512cb299cb3b776928d4747f6c87433ad0b345fc3ba0dbca0ad390586bcffe7ba89e46acc375fa5c078d03cc82bf55d9b68af138f3a9d147dfed18a36e455245cc6
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD503e4b10b06b64688af4a576f59e7c26f
SHA1eeaacb36d93a7adadab2642efe6cdbc5ad7cd148
SHA256f7087a4928032f2f66b51d8ca64b165e45639b9daf93bb5ccf1399fed279bf62
SHA512277550661cc05b3072f65e7f0bd461eae6df73ada6493682d0cf7255a75bc49f264a94be53547c3dab214e5e26ea851e24fa86e5f806f7be4b432f62ab3e6165
-
Filesize
109KB
MD507fe4b13f3db8b947dcbf606801a8ad4
SHA1507e9aaae02fff60a215e29e415cf6becd9f63c5
SHA2565cc9cecb99fc0834906aaaadf06bd4ea1540bba7a1ddd5ac219b17eb1b2a28b8
SHA51290cba53bfc1c68d0f56fa874a7e4fc4df3d53e7fe7350627a44e23c802180a32644e1c31739d5dd55643cd8abf7d0231f7b289a15c95f08b0c6d407181663bd8
-
Filesize
172KB
MD593fada582c9c1e0c88f600a28cb1980b
SHA1eefd4134a1f7b009adb805dc7efacbe8f365e2dc
SHA2565cda816783afa2dd5836bd3bff7bbf4d612c78d89a9bf8ad7f8c3f1a769551be
SHA512cb20146452cccf16c0e8d3a36288936932746dd54b6abe741bbb6bc85cfc1d0dc0716224f5bbcf0b5f36a15688894aa29913a0a5f22a43d2ffd0e009eb3eba0c
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD5b7e40b1989767f8130d5f1627d887acd
SHA113e195d4b57270bbfede8d6303b9d3de7fbf436e
SHA25660a2bc0a29fade337ac1d6c36d6b8648254a65905f32757cde371bd6ad5f084b
SHA512f032aeaf243aabba4dc0f11116a46cab18ae6536406f4b5aaa53182631f868bb65eb1bece520c3c533c637ddd6419c331062e5f1132a5384982ae4c7f04e0e51
-
Filesize
21KB
MD56d31a8aabef010f073cc9e9b7205a648
SHA13575a61af9ddbecddb33e6b45db56153ffd7cec6
SHA2568c78075d43bfef4cbc3b48ff2ab07530dc3d9d02f3808bd2e0873d2cd42f7aa8
SHA5120a9a946018ecee2d6e899dcc154d3d1954ce03bd67ec2578be11d9611360a3dd974105c499c6c4943050920a59879a3d7e84b3ca9201048b477d0b750f645315
-
Filesize
1KB
MD556a5fab3d46a78289a87a0e484a6a712
SHA1d6a91a5774d2c4089c3f65606f3ef7264f34c20e
SHA256cb2bb12f8fd8c6c82be9373830d4eee759eaecedd4e2401dbf08e8c0d09f46d6
SHA512685dfaeb89308a356277702c417425717ebc85e0f8e541057c3a6e8cfe8197242231b3c18ffa36af0ce7e0a2349f0f0541ed740c8c86a7a9a144b12ff77c8bbd
-
Filesize
952B
MD58f47dddde8ebe2da9c7d2a7bce902f76
SHA1eea8bd3b60dc722ff9adf0d1bd7307c96ebf4765
SHA256a18f72305f585d2a23629cff3550eaf27821d7183042cc173c8603b7dde4924a
SHA5123da62aa71ed2d66113dd22eba2d040abba72cba034362b64e0a655dec34733300ea247df1840274f0ec12a0b8277c90a39b7f9793d11b384c88dd8a1881bb1a2
-
Filesize
121B
MD58deea690b28e4c7380cd7b6ff8f44595
SHA1d0f8c8e6189a652431cdbddb8aec5c824f7f9417
SHA256d105c5a1363cf7073ce0c340e1fcd85393f8ca15b7c8b705fedf314520bd622a
SHA512604898b0a5f2923e6a6fbf49108b9189df6e4626bc56c4b216da42d8a5a28993f7bb386a018b8e9e764ab6f2655874d10f240a17fcb7b51e1f57c2769d993492
-
Filesize
1KB
MD5196ffada3fae6d3d3e8ae3ca71676a66
SHA189397c36bf2750a2438a67ee6148e8b9f89823b2
SHA25674f6c7b11ac296eecc0c73b1c9cfe787c29e84416ac0f6cfed444f124f932733
SHA512fae9c41dfe8dc0af6490b918932e0831ce94c2f685d9101a8daea5bcb9cc9a32a79f8800d179d1927abd143b88e49400cfe7c4d472dcd1ac30243bcbc8083d0b
-
Filesize
8KB
MD5723f70bf30a6544bf046d95e91a9a962
SHA109d57f7ebada847101e9f795eb21866d75a38ba9
SHA2561430768b15b61ce265716b546ac38cbb959b3f810a24834a8c13fedb6281e4da
SHA512d476119bce6d116b8f5e7b14b39a1d7a19cfa54f864d1c6c6e2647d9d788c66df7671228cea5b22192db66b822e306c33cf4f9c1a769c5e6ce83828ed258a256
-
Filesize
914B
MD5a8ca9ca034a0c93eab5548f5578f5079
SHA1ef292514e2cc4b25d39a764fe7ed76ddd1b31188
SHA256b4ac2ca5922d53606f37859c983adc22e5eaa2d65c0d1e6bdbb3a27e296a3b94
SHA51262e0a994dfd22950c03c1d42ce2a71e9d5637ff4bb481a24b21566ded26f8de228db2058484e2a14175f844a5e7ea809278ad98b2252ec1bdcf35994d4aecf97
-
Filesize
328B
MD5aff307211cf1007149a63918dade65fd
SHA1c8775783cdbfcb92f87a3dc704308c7286c90f1d
SHA25676be7d93dd7801409f100b1eeb3228bbd8430d0a8b27a588d50b3612f3957758
SHA512bb7abfb92cce32ba3e030238ac333a23216b9775a84a85f2c13c4fa22a8ceeafee3e2002ff077979c7338c7290a444b6d37c8eb40fc823b2419d2c8c9c45d9ed
-
Filesize
1KB
MD5a604126017f5177d1812238c345aa4c8
SHA1ae423efeed643d83cc3f2cabdb9a19cc8c7267d0
SHA256b1cbb2c5be743ec57f2dff0d52457703bd971ce7d8bc7952b4e5c0fed3af64d7
SHA5121fcef4da041f543dac17aaa532d7e567349164b45ee5776d4001b04e243fcad9da3f35ff6c567bf235171e9291fb402d6ac502d1a66181510ce08a198bca9292
-
Filesize
162B
MD5833e62d200fa60046d8b087d9ec61664
SHA1ff99714c353e7912921b106e6b0d9e00fb5fd6a3
SHA25631b8a06e49ed1c8ac50092d888001f8382d3cf2056ba132d9804a6d5574911c7
SHA51283f7a83563b992c8ec1a5709e636ba7c3aa1216ef0dc052ea0c6cc803d2a14880546a0ae7c0871a4df373d8a9a1531f33f2c7c0d136b42062380d77da87db53e
-
Filesize
586B
MD53e97b748c76b67d0310118739fb545c4
SHA16295ecd8fcd4d42c09bb12f6ae4f4abf13ec94af
SHA25690e501cf684840951c32ff5e67cee3e09bf534ecb4ed4f2082b520792dad9013
SHA5121f0b4496a8d4474c0691259e4fc25062468047f226c14f2f7c72d1b9c2bae76caa2c33bd8d46905e4a1fd798229983ee81b2ab61378652a6012e9ca2eec72aa5
-
Filesize
124B
MD51ecaf3aca971f7cd386283ebdf5157d5
SHA1d5c8588dfa5bce64a7b51c3b8a3c0c9e54a6264a
SHA256c5c3b20105e8b61031bf34ec84c12ac0f5f33f036898d1aa5de923ed0289c9d2
SHA5121c7c34fd10316b872db5119f989605624ed89a56c0b36c2ea18de4d508892f92e58de330b5ebc33e9a5aafe6d49f3159c6a332452ad7f50da93d102036a84142
-
Filesize
8KB
MD5394eb72f51bfa0e039ad0759cba709dd
SHA1004964064c8ca579db5268e17d4d02bed2915be4
SHA25656e43458b11a23b9735be1d99bc5c08cc1eccd0bf74f7fdd7f1c325703bc3a27
SHA51298245a7acf73836b78dd7fdeb744ba9d1141150058464da558a76c4d44a823f454a4663473561619176385f53773aaf734850dbebaf94e40e566f4694a91d9ec
-
Filesize
880B
MD58abf5a81bf17492edf503f2120b2cc2f
SHA1a97e130b14c3d5dbf5344977b046327ade6595f8
SHA2564834642df66d5f75e9d9cee331c571febd3b5c579411b36cab9fc8fadc97e1a4
SHA512282fd5af0b60504380b971faf5422084446df747e6df90544ecb35c048cb0fe7df4a2ce2fb412f147cc2e6df4db0d76af7fc3ce7b8da396500750f58cb16ed34