Analysis
-
max time kernel
119s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
31-10-2024 07:50
Behavioral task
behavioral1
Sample
8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe
-
Size
1.3MB
-
MD5
8259b40a1d153db2118bad30fc331890
-
SHA1
8f51838c8a465a4ff8e7056bca2ade19e7ebe924
-
SHA256
5fe34d6176c29dc12f487d525fdaf589ddeea0f13521a0a1ce343dd84da81bb9
-
SHA512
45a11dcd21278cb499c6230c850a8e2bb1850b4fdeab05daa82a992ff063efe0b49b2273f9f9f5cfe2c37fdd45aa435668fd15e4b08be94dc2691f66bd9919a9
-
SSDEEP
24576:evxye+c7AXht3A0pt3ctzMA4rbr32bAgAa6Au9/oja2S3Ltx0rBeYVAe+AB:0Ye+cExRA8t7Aibr32bti9/oO2qGrBB/
Malware Config
Signatures
-
Detected Xorist Ransomware 6 IoCs
resource yara_rule behavioral1/memory/2980-7501-0x0000000000400000-0x000000000064E000-memory.dmp family_xorist behavioral1/memory/2980-7502-0x0000000000400000-0x000000000064E000-memory.dmp family_xorist behavioral1/memory/2980-9192-0x0000000000400000-0x000000000064E000-memory.dmp family_xorist behavioral1/memory/2980-9193-0x0000000000400000-0x000000000064E000-memory.dmp family_xorist behavioral1/memory/2980-9194-0x0000000000400000-0x000000000064E000-memory.dmp family_xorist behavioral1/memory/2980-9198-0x0000000000400000-0x000000000064E000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Xorist family
-
Renames multiple (2212) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\W0OOr53bdpHuPUI.exe" 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmisdn.inf_amd64_neutral_061c61abd3904560\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmracal.inf_amd64_neutral_857b8ff74e5a7073\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnrc004.inf_amd64_neutral_bbd3435eeaf576ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wiaca00f.inf_amd64_neutral_f7f7e179d99acc58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_While.help.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\faxcn001.inf_amd64_neutral_d23021a1eb548156\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_neutral_ae5de2e1bf2793c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep00c.inf_amd64_neutral_f0d9ddf52f04765c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Session_Configurations.help.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Throw.help.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\Dism\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Line_Editing.help.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wave.inf_amd64_neutral_7a0a0b166f55e1aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_advanced_parameters.help.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Ref.help.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnxx002.inf_amd64_neutral_560fdd891b24f384\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\qd3x64.inf_amd64_neutral_e8903726d63a3f07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_wildcards.help.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_preference_variables.help.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmarch.inf_amd64_neutral_4261401e3170ebfb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wiaca00b.inf_amd64_neutral_1aaa057d3d52ea43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\nb-NO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_execution_policies.help.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_neutral_cfffa4143b3c4592\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_objects.help.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced_parameters.help.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_WS-Management_Cmdlets.help.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netvg62a.inf_amd64_neutral_5817ae5135655364\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00c.inf_amd64_neutral_79ebe29715d2fa47\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-LicenseServer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\dot4prt.inf_amd64_neutral_e7d3f62d0d4411db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmvv.inf_amd64_neutral_14cb440c800fe9fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnbr003.inf_amd64_neutral_dff45d1d0df04caf\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Windows_PowerShell_ISE.help.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnbr005.inf_amd64_neutral_9e4cc05e0d4bcb33\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky003.inf_amd64_neutral_fe7ea176f20ab839\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\et-EE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Parsing.help.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_output.help.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_neutral_c70e85b87ee4ece9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\megasr.inf_amd64_neutral_30b367f92ca46598\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\en-US\erofflps.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions.help.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_operators.help.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa5.inf_amd64_neutral_ea8128ac5da37eb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ricoh.inf_amd64_neutral_66b4504d1fb1c857\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky004.inf_amd64_neutral_5db759db19acd3ae\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bhjoegjjlobddgjl.bmp" 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe -
resource yara_rule behavioral1/memory/2980-0-0x0000000000400000-0x000000000064E000-memory.dmp upx behavioral1/memory/2980-7501-0x0000000000400000-0x000000000064E000-memory.dmp upx behavioral1/memory/2980-7502-0x0000000000400000-0x000000000064E000-memory.dmp upx behavioral1/memory/2980-9192-0x0000000000400000-0x000000000064E000-memory.dmp upx behavioral1/memory/2980-9193-0x0000000000400000-0x000000000064E000-memory.dmp upx behavioral1/memory/2980-9194-0x0000000000400000-0x000000000064E000-memory.dmp upx behavioral1/memory/2980-9198-0x0000000000400000-0x000000000064E000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\activity16v.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02810J.JPG 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10290_.GIF 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR39F.GIF 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR32F.GIF 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\TAB_OFF.GIF 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR34F.GIF 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\de.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierWindowMaskRTL.bmp 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\spacebackupiconsmask.bmp 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\drag.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files\Windows Journal\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\WSS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14790_.GIF 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15132_.GIF 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\DELETE.GIF 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_up.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back_lrg.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR10F.GIF 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382967.JPG 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsBlankPage.html 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\1.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_hov.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099186.JPG 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\PROOF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341634.JPG 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\RSSFeeds.html 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_thunderstorm.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Generic.gif 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\x86_microsoft-windows-d..tx-xinput.resources_31bf3856ad364e35_6.1.7600.16385_es-es_01eee11bdf6f7755\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..y-secedit.resources_31bf3856ad364e35_6.1.7600.16385_es-es_289d421b17a6a929\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\Media\Garden\Windows Battery Critical.wav 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-dskquota.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e9a46f0543779d95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_he-il_8bea70024ec7fc32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\msil_microsoft.security...cymanager.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5142ef2d57543048\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..rvice_mof.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0dd15ce9d5616579\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-t..tservices.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1a2e61998947e51c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-tapi2xclient.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_17b51aa814185729\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_transfercable.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1d937da73521876d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-c..c-runtime.resources_31bf3856ad364e35_6.1.7600.16385_it-it_86558b2879657e41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_flpydisk.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9ec97a7bd8b53136\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-c..mplus.res.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a19448344eba6032\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_zh-cn_ddd3dce8899a66c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-seccntr.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2906723664896d05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-wer.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_88f095a196003d17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-shsvcs.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4af06e370b1b5ceb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-a..structure.resources_31bf3856ad364e35_6.1.7600.16385_it-it_746f2146decc635a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-mssign32-dll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_60506fa5482da36a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-sud.resources_31bf3856ad364e35_6.1.7600.16385_de-de_08afeee290367fa3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_synth3dvsc.inf_31bf3856ad364e35_6.1.7601.17514_none_8fde8a14022ce9cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-usercpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4f212ccfbd479229\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-native-80211_31bf3856ad364e35_6.1.7600.16385_none_aafd9ab7a8a38ce7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_usb.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_279626901d0e291b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-0000040d_31bf3856ad364e35_6.1.7600.16385_none_6429ae6ea3bf6911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\inf\rdyboost\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\412.htm 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_Quoting_Rules.help.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\x86_wwf-cwevbtargets_i_31bf3856ad364e35_6.1.7600.16385_none_c58a91b3d5a397ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..cture-bsp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_29a18b107d8db6f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-e..ingfaults.resources_31bf3856ad364e35_6.1.7600.16385_de-de_29907b7959904400\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-netwpr.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_67d018097cfcc2d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-a..figurator.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1c8e5b1e7f02188d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..er-client.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4c7d4f90fa591567\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\Media\Landscape\Windows Battery Critical.wav 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_brmfcmdm.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ef3606e77a162ef9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-audio-dsound.resources_31bf3856ad364e35_6.1.7600.16385_it-it_449a271d412b1447\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-tcpip-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_bfa7a96ff1a81600\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wpf-uiautomationclient_31bf3856ad364e35_6.1.7600.16385_none_366de9d75af975b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\msil_system.servicemodel.web.resources_31bf3856ad364e35_6.1.7601.17514_es-es_2058cd2e14fb8082\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\(144DPI)redStateIcon.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\App_LocalResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..resources.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a85c1a931842e8e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ie-behaviors.resources_31bf3856ad364e35_8.0.7600.16385_es-es_9df1a9873c925692\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..n-playapi.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0ec93682b5985879\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-i..onal-codepage-28605_31bf3856ad364e35_6.1.7600.16385_none_514b9d7f48024d16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-nlasvc-mof_31bf3856ad364e35_6.1.7600.16385_none_08565704fbb27339\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-dsquery.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5586d010750337c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..rtuimedia.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dc6047163dbae5f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-rasapi.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b49b20fca1133b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\msil_jsc.resources_b03f5f7f11d50a3a_6.1.7600.16385_ja-jp_74d728ce68981283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-f..ruetype-dilleniaupc_31bf3856ad364e35_6.1.7600.16385_none_8390abd0a70bdb46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..l-helpchm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_06e8222b977ee0d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-rasauto-mui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c5a9614052e986a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-n..meworkapi.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f3897b7e29398bc3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-ole-automation-stdole2_31bf3856ad364e35_6.1.7600.16385_none_e8ad19677a48df45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\ba0cf5858766f7bc9413b1d4af6d69bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-mountvol.resources_31bf3856ad364e35_6.1.7600.16385_en-us_df676f75decc2e10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_functions_cmdletbindingattribute.help.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netb57va.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6208a60b3cee8a98\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netxfx64.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ce0f06ea5226b815\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\msil_system.web.resources_b03f5f7f11d50a3a_6.1.7600.16385_de-de_272a4b1b37647937\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..ltinstall.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0cd1ad9c8b4af61b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FCDVCIFTUOCAYYN\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\W0OOr53bdpHuPUI.exe,0" 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCDVCIFTUOCAYYN\shell\open 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FCDVCIFTUOCAYYN\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\W0OOr53bdpHuPUI.exe" 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCDVCIFTUOCAYYN 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FCDVCIFTUOCAYYN\ = "CRYPTED!" 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCDVCIFTUOCAYYN\DefaultIcon 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCDVCIFTUOCAYYN\shell\open\command 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCDVCIFTUOCAYYN\shell 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "FCDVCIFTUOCAYYN" 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2980
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
305B
MD57ddf4c6dde57dcb17565138cf75cd5be
SHA1bd88de3e907e1baccf5dce3ac2220d4a957f88f5
SHA2569d935365e2e54fd8ce1d8a0777dd20a21d8fc2d82d6c5d1e3bc4fb2d6974b83d
SHA512ca44dd6ffc3f71107611b5c96d775fa84f55368cea9143d6c3f6ca0650a0a1e55101820bfebbaea851dbf601c58c1997a0d4803b3b500fccb62918aa515ca08c
-
Filesize
341B
MD5dacc96a8170994bd99f76fc55fe53d9b
SHA13a692caefeb13657f0a20451d4f28598f61da90a
SHA2564e833312e1fde2957ca28233cbd44bbea9ad902ff9ca40f706b7694a1c40fc26
SHA512b9a166360618985ff75b3095bb2e3b8df775a00d0c851b60f696fc565ad9bfc2e47d3379f0c205034d29ec1e38547c329558712029e9b8f77ce97101ec47ab2f
-
Filesize
222B
MD5e2a5009713d0e1693794e229c37ba375
SHA101a24413dfd83f06658a86f701f19a5074187187
SHA256d37f75c0883a28223be247c16a73aae7fc27df613e9105fc6f13722b6f51ed53
SHA5122c0aebef3ba73af268d0dce172bc5f0a5ed9efd7a095dc50c71744f28956f51925eb4a90cbf0a5d6bdfea34d39ae934a73411075e310bdb51fb5f7f8d9e7566f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD564d0bce70935480c8866d82086966cfb
SHA16f2eff8a12542792c82ab0a313e5deb0721129c8
SHA256ddd3cb23e6f1eef499811e92632c450f1993658911a18c974d8b3a1fae9c8b47
SHA5121eab820f41ca01f1985c64307bf76b4800db54aab5df7894e8c0e46e7917550eef947098e4e586cdb845874e4fec61608a499df9accd83da57319a4416f0090d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD5c6e850ed813d133fcf29be9159e34f6d
SHA1d9d89ebc015db92ccfb1dca07ccd99f179102746
SHA25664c606961dadeb24d18b100051937d94b0c96c000a1f55ed9e615410f60f439c
SHA51217e18eabe75d62331bdfad2b79b6c8f085c1486ec23348b3a6878e9f4d0ad921fc78f14066c9ee8d4a5c319b9e26cdac44b2a3aa40bbf0eddb87c8deeef29c7e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD535f28d23575f460b6be752b1c32d4bba
SHA1bcb2b0a738568ab5653e0a32f546fd1a8e86d127
SHA256617e518ad21325ba976fea50063cace9aa724a0ee8e7977e8444300c5be82ce3
SHA51277d156101bbae5e72e30bf17f46ef07f2b4b2a4cb815e170c4e6d102ae6ef674a3ed933cd3a5b07afde16a0137c5697cb7ec1e1e450b5d9aa76718592bb07834
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5b9a1bb8dc635b20103dc8674f2bd08f4
SHA16b9ddbbadb0dfbb09ec8d87b6861693cc4ec3e75
SHA256725329d070b3c66ef99a35a01db34d38dc14b6db8f813058f558484dfac41155
SHA51294fafef27b5ebf178499cfd852b4989c90ede0b02866bd5b21cb9b533d4dbd43615c00dc0c99a71826acbd9d148f36e5b5220f043412b7c68ccce92a9c9eae61
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD520a45ff09f2ea7376e6e05b9b049611e
SHA10008c3a424f69f5b6cc354bf5c721dc3296a3802
SHA25606bbadcf3cf1556755fb65f6e66a463dd8cd66e56ec5771663d3aa313964cdc5
SHA51224f7aed0773bf09cff48233501258d872fe2fa6734e81aeb2cc63e901ee49e592a7c7604898f4e09c26484eba87b6d0bbc96cb7af68e2baea9478eda4a52b56e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD5240211f71c55522ededd16239a50d973
SHA12ac9667f64f623a5ab52d2f46a37f0d30d42f1e6
SHA2563ce51fb6e0291e88be915c6b2e99a25fbcfaeb86d586994c2c521d3b71398532
SHA512dc6d42947517ff2393524a2fbf2d6ae2c8999694e7039b529a89a1c9055d2d705d3b14f0f2aae54e222c593f9816c0e9dc374f866374066bc1036c736011f6a8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD5f15681626107811c644350367869f5f3
SHA140e6a78e3aff87dd8711c8f9c48f611981228d4f
SHA256c42e540707fc675976f1301498a23057d6bbcc3ac6de788e35fe2f95ccb173cf
SHA5127417d44ce0e5887bfccc15287b5495297fef2bf322c8bd55364a1543704959b9797f0ca7d22229ca87b9d165b7443a96d1d1613fb591ea00cd291260d4cf3166
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD5ede9d2261fa00417cc8facfca0b2ac3a
SHA19c4b739cd7f2ad0a0622ea7180d84ded4dcb22a3
SHA256fd9d006ce95b3d8fe20ddc7b7dddf8e7c7ed20022b78be04c62f17ff2fb48334
SHA512e25b95b944cac1dfd0fb6e44d495967fb567091a7153de48b243fc780c2e0ab54b5fc6a1d6de94f4e38d7f61ed1792f1fe62d5faffcbc38dc0c064be8e135e99
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD506eba864d29c117e29c62a5d4ac1f45c
SHA1f3b22d63daa6e67c8f0c189dbf976fb8a80faa50
SHA256731b4e6273812a267733e835053b718f0d92d09f46341a53fdf05c7580721fde
SHA512c5cf8966167becea2cfc743bf42fd5ec2a82b210ecd0570765a77b2c9fa71b5c034f41f467bb208ccfeb76b6a32657eab88fa660248cdccd8cfb1d35145d63f7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD56ddcc83de657d6e7fb011c2b43f1d5f3
SHA1e51d525ae40259214f383f0c00332048f4495f49
SHA25643da44886b3cdcf1efddddd56b6fc2cbe19e20d08010bdf91c184e7f30c9360b
SHA512bbfaee35e08a311e3cc193d5bb52cc287ca693d3c31bc533d57ec963e1a877bc414a29de475238566a3adc0aa7ff07a6e18b513dc1d2ba4929c394a351ffe924
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD58746835922adb953ca61d188c037b472
SHA14936cff90d2bdc5564eca4acbb281983b540ce15
SHA256b2f2e58bb5f2ea206a3362e06720a12fc6710a322383d70e5a38c9944df51d7c
SHA512625d88552480fa65fefadfcce20a03a0a3d5d374e0697c48b86270a52e24e1b5273f3056f4b7955461090394677454aea6d81420158e66d2404123f746818426
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD5ebb38db1643f1521b26634caab4c80cf
SHA1a23bbc620dcc104beb2c1501fa7f3201d45e5872
SHA2561bdef44668f7186d70206a3ee9eeb5a3e783d547a9c6c17f3580c7e38ef77ea2
SHA512ca4e07edda688cdb53205c38b4e382b27024097a3212decb6b7a0923d26c242fcc8b58963b57cda17bcefd5354d6aec8afc0b8615ef0dc4dabfb086e3db9c50a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD54ddac38a73191c02a1f16cbef7973f6e
SHA1a0d4fbaeea9aabdf74001935d63f8798fe8949c6
SHA2565e7793565fe4d808c3376c1fa6c84534048c0375bb2f27abbe7a2ad8e76db5b1
SHA51294d963c9bf6150a173c571565a73c80160d6cee7ce7c411bac9b6eb33c0d7f3ce6d642359d92223ba30116b0bf870922ae5e98324e27a9ed5deda09057348e8f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD5b117b3d6ef8fdcd2853b0706d702df03
SHA1063892cdd9f9f77983a65e75f4657933a4b2001a
SHA256413f19eb3889299bd25ee31e69d36bd291399f3bc12e7ef00731c5f6b8a98eca
SHA512c9b09f082da89af24374ff5930dd7e979ba4e1e86d6e5ce324fc73d64352912c1d229f0734e108c8e3000f2a92beeb3943663789fb1b9f6ff68bb2e96a7b24bd
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD5af2d27e6b63dabcdb72efccb3c556942
SHA1f5d6cbbb504220dccbc65a1837d7f1a128db0da9
SHA2563c4c22e2ca06c4ad3bd531bb1323cbddf4f10e59120271fba7a5df8525cdb4bd
SHA512523df6ece081b9e892b2c16c148f5daae5ab7305772b2ec665faadde7b0f55d91e6ac840e52ea20e36e483c8b0b19a2eedc52cfb194d27e037bc8ead1368633c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD55ada2a7499deae6c066d694e9490c796
SHA1655708aa159792c2c8ff2bec1e7b609dc10331a4
SHA2564ae3833ea752fea89760063b3ad3054dd2e76a38769da029aa656e4351b32397
SHA512993e86ec1b60c7b1cde77f13f57d809b9efd22fda25d86350b98df26afa012d725336778d58f712e692d5b1176a402b861592f342be04369c21dce028d2291ec
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD59c2cb645ef52412b9656a5048a92b778
SHA1e2dfef11063856fea747f7343173daea16db0bc9
SHA2565ab1ac91f4baac6449f260f799a08916ff27d13866788c7f6612816c9a8eae55
SHA51217be5dad36fa4f7d2f4ee0bc13258ef8c7b141d4c7e94f403112c238ff83f4a8527657f315798b0ed754bdec612362c01f76c11399128a5b0e0720aae281e8c6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD5c40dd3101dffc0cececfa6a05d8723b9
SHA16cb065fc799740ab4e3621713bc5f54a4853ef4b
SHA2563ce2e65db3841b50e88fb2b862937125e3a989503a355424c347237cb32ffe60
SHA512e2df0811f0fd4f2d2247e0f6393e42a060cf6711110f0b2aa27592a6e73c9d7c177dfd0c939fd2c7331c5c8ed744668e228e4404393ed18b71f6dfd3c38fc93b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD5494d1d83c60d54cc0fb8c73c4fa48ea3
SHA1c71ff950f2fc2285deeadaecfee45d7e1ccb00d2
SHA256c7d0fa7e27e10fdac85cf3c330484014be5b5e6bd2399af304c51c490e5f5f14
SHA512c2d1774b7318285a41ef53fa7bf6c88e45ca10e5650512f5d1330aa4382289d46be75b60f88c6cc94983668dc3a645564c079e6c79fbfc4bcf17602c7bd4d314
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5b1a9e31de6e30d09f834e732c4da1d4e
SHA182e06cfc98768faf8fb0dcc089cefb6afa5fe373
SHA25603ed8d2f9748889675f9c88189456a63d162838d09cc047f23c86ee5d7f24e8a
SHA5128dd50088dbaca88cdecf315a79f5198c7763d17ded372e681dd3555712b3044b938aeedaf9aa6ee83c4f6213899f53af49934bd2499535cc9689e49ed6a08ed6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD5dd854fc36113c1cf304f1a300df9f90d
SHA1545122de29a6951c767fe3e7d443c7c5d90ec32d
SHA25601295f73e92b60ad92bb01c6f9c3f1efad13c0367f67440380b4fdfb1063e991
SHA5128755c711c92a439bfe049c5297fbcaaef8ee842684a652e2129dca1eded7fac6396b533914e72dfaea5fdafc0de16517803e056597442b3f17390b98a37c8945
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD5ce9163e21903651b66d180e96c59ed4d
SHA1e755620d3094c15315659b24caa624fcab57797c
SHA25692db375693683b976c0ebcb65f4b849ebfc2e9a76282b109951ebfb47baa0ed3
SHA5126a9490d30664208f42b7af6211cd10b155a2ee8be653399889b3c8e8bdeaa5a05795ebb2c2d93c52d9001530ff5285e1a6ccfc642ec2347e25e0cd5de705e7d6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD5838eefb437127c0c65a8af13fdfdded1
SHA1a722263792c4929f9f2463665e78796e23f4d99d
SHA25601712ab6594f379d646125e410981ea87b25ab5ca5bb763d00e521e386300918
SHA512d84ffda526033efd7dbc0d36300f184d014878176d2d81a3623b343f1b644e83c3b4ad072b56c87bdddf51ab379d8504aa74a58c96853ff817d55072cb606f45
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD5b465fb26651ce1a660b1782aef27ae3d
SHA19b0318bea336c248084545c7ddf5e03200680659
SHA25603e422d595d0973ce6fc989faf517ce858bf60a48dd1aa652483c103dedcc9d2
SHA51298392968034f184de3352df647670adf9fa43b87547457faf7c9a08454067bf20bf320bb2445e32a786fbd480445a75db85e5257167047d5d1f5cb50b8f799f7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD59943cafb9ca0e54cafabe4095db787db
SHA1cbc174b124052490cb2ac008cfe701a6c8915483
SHA256a1faa65f996438951587251cfa4c31c0e1e5bdd93d3c2acf437d0f0268c474a3
SHA512fa05aff1603994405c57542f2747b72b02bcb3f5f1215b2e9d84dcc32138f9154578fa3680810f3f44bcf555ae64564740432dc262d9c3917a90684ec58bc31e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD5f05f42f917b81d10d67340930d8081e7
SHA1adb400ccd9b2e52b0926c9dbaebceda025bc97cf
SHA25673ba6d57bb73bf1decb4f2e108c576f3b23e4dab2755475efb07b87401d8f6c4
SHA5129959c37dd007ce3a878ce63227d7fb2296f7334c944d795b03c49db2665580f143692a7751f6b24fd972999c91f08d8d96901d6551719e26baf36520daaaf253
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD5df475a5e8943af8075ee8305d7a7fd48
SHA1670b118bab30805d9ce230d8d66089a923711edb
SHA2560c09c7d398c6b1d09b014d92336fe21b64f367d44d4e7ab923b2377f58842d8f
SHA5127d2e173d3686d3a49ccddb8d78bbafb81ee3ec0fc8444ad4c96a405d0cfa38b4da5617fa4ab40cdf28f2e308cc0e53b18c87e66176bcdd583c67e854abc09792
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD5df41c62ef1f94de4dd0752c98457ef1f
SHA1c1a9eaa3ba39493a2562ba03a1aa88ea6cfbf805
SHA256ee9c78506aaf219ca31c7f9607d29b7b338eccaa47bfbb333edada067b22b8c0
SHA512a185e6dba9140e98a7b3d74077eaa0ee9191216c11e28af21be2c8793c4dca3431f1ad5e1cd64cdd8aa22066a45652c18cb712e2f7e3a76eff0ec23d843ec961
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD55b65b450c5f73754dfab33d306ab3a26
SHA1077b2b760983d6ed1e06c6d84c645ba69c7418cf
SHA256e6b6f0b49c15d964f9f0de133d48b33db27625fa921ebc89098d57bb8906707d
SHA5127ea5ac65dbdfc37b60cd4b743588f60d62d4bb7f9a35fde643a6f810a5e089b20b71965350dc62c34af0be5ac230f569e536f006bb37019b672f54e78e05f151
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD5d76dc83748093e48898a0bf8333bcdd1
SHA1a80815b2b864bbb2e4452c57aaa22863e0a9f054
SHA256f8ba90073fc5dc5eb9cedb26a8355a392a1384fbdfa94ecd5e28a4257fe6f162
SHA512fdde5a8fb85839ec43b848a5159a88594d6359d377b0b2eb39946c1a4787bbac942e7556943ee0e6bac31a2141553e27aa0387c9e920142dcbd3c4b53cd7a151
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD546fda81fbe0e4aa0bfaa823d89055289
SHA1bf524df04203e73547a1f56a78bfffb4a5acc033
SHA2561e221d12c3f1347a8dab486bc8651a85a981d5abf235d94c74f1b0f4febad872
SHA512420bd96e5da2986820f46d8c7fc13672005dfa7d28ef8a9e778bf9070853cb59a8022bd9547c49ad2adc7d8d505551073125819c549a6631035c0d95265555ba
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD585aa653911d20be8dcb64bc847129b2d
SHA1e4a89a44bbb9361fe84751e5ffe50d6ffa114589
SHA256ef252bdf72b842a48d2066e80cbc3da348872a394c28fe4d51a04604a7ddb80a
SHA512a29181992c1effb3d35693ca4b1cb387c0763c48157f46e749f79cf02b76dd27af8ddde00a8d59bc7c2be325b90f1f280369e603c1b0f3b52bb7d73b27ba2af1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD544f4e75a8557dc88a8680dd6dc93c822
SHA18e36c9a2af4809a5270d3c6e926b3d41e0cf3fb3
SHA2567c3c7b55346bc1c2f23c979c5ca90cf8541a025102823a1459612996c816ef4e
SHA512aceeae072ab2ec16c37ccfdb95cfae0dd39746bba99cd740c16caecaeba601be8fb423dd6b2f2fcef562d1bc66e6090ad41d3843f57fe0268f4a8a7a7dd33242
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD55c448f544f9a37fe72cce8278dc6b7cc
SHA1c4d03b8c50ee80d4a34afc0605125368d497888a
SHA25694322112de33ee6582691098fddcfec1ebc742bf91177f51e3bbb94cfe1db354
SHA512d91a646349f1d7b8d328e96f542d78d3bca820974af345f0629628c41f6e1f45f5b6a37b0f01c29b2638027b05060904ab5693cbf8f22ef50457338e653e5325
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD531ea7a01740fd2de365093066853fc44
SHA1ff79577872b600c1ffd3a8419656371242e6b933
SHA256327137bf28ab81098016ad61a6c153d1276164ca1da874593f6bc9831c65b052
SHA5122fdfb8654dd46204a1239575ce319c56004b4dad00e611cc26114541820c8338e90646cb90406acab3cb9d947ac9a3d2fc814daf21d952377acd2d1207275091
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD50d20e6b4385f8432f326747d989fb5dd
SHA1e7142e5c584afabf99b89ae9c08e8b8808e80c2d
SHA256b9ad444bd0232e9661528b239a535f22b14ccb0ac3abae44d30a6c7923f97477
SHA512d515ec65b40d29c1f06cb540e099cef4c0398995897a972ebaf953005d8673082f22b78012efc85edb4a2d35f627cbf89e0f41a1c82c69199e9f4d86fb457c74
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD5d127987b77199b191666b40a73850e3c
SHA1a51c55e8b93f223fef148d623a5c1097fa8ff857
SHA256b2ccb79f0e9fc07e0f394f0ba3b8235596d513d670476e9974cf14fb0566a832
SHA512fbeaaae75fe1c8f668761f505f05bb397ce798c9b09bf88f32ec914cb20653cf4eebf2b9f659654387775e48db1ae255ca02a8029f93591bb0611819e94e4152
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD589b77b18c8cb1683db5f5f63e383a425
SHA1209d92a1b0f7b19042a4703fae2b950537a4ff33
SHA256f3190c7e3528702b505e15fa22d382570bcb65778280aeb6fc05a80fc8d6151f
SHA5124b8b7cb3a68cda4e687855f30b9dba7ae15548acd53e30c9a7c06b1bb6511e7d21b20ce8478248157276017184065f4a02a523c5caf73045de9673d0bff82dee
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD5b81a0cacd08e0b84b30817ae3fb66449
SHA105e5cb1627cac6f1f08003b304cde9e2690d2766
SHA256d7f8d2413859606e4800310eb70d13f1cad868820251f6497515b1b45bdabe50
SHA5123f2699f3022948823ecd3b3351189e944a779f2d728dc5d95e82de8f60b4a05fdd7cd33634f87000c2e60b84b2e5bc96cf043395a34020da93889a925d903b14
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD56e8fd4bc140bb548bf5e98fea9c0704d
SHA147a92562356be51cb5a31d5cda675b0367dfadfc
SHA2568c57ac6dae35a392b65ea53ce7b80ba179d6c9404f898d00e55ee2f3ee1e7e81
SHA512c1a9b3f67ca2d77a6cdbcb268929688e4daaa3b36d48774f1f929fcc2bab557ab17e3b08f9f4fc93e8b3ae5265934bdb73f134d62bcb7c252b83a6653561c47a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD5db5d9264c05d18953e1d75901efb0bd4
SHA1512c08fe1e3ef8872a27607e2db2197aab1d6c8c
SHA256861066bb48838ce6b19e45d2c7b0784a9bf4f7dfc93567f35ce72b4a68d971cd
SHA512a412490bc2d24093349c7ebf0164eeecfa5f3794d415bab89b7d33dc34fcc0ed3860426e2e10ffbc38fb169b915a4c621ef2ae0ed6b4346ec09ae2e011100086
-
Filesize
580B
MD53d0843cebb0f34d6f42be3486c56e947
SHA171a5c248ee7b809a690af148b2b1cc51d497a2e9
SHA256cb49451ee045f1f514feb5b45e56b6c90f32198f74afba8efddcf31d9e4574af
SHA512841834cf7e85126633a3d777bbfa12a408a190016dcf99f4abf595af67b6945ef211664376185d571c17e30f16d5c7358ae6d39881b2074f81dd363eff3251e9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD5c2a6c88e34e7ecca6a5b9f54dfc0adec
SHA13bfe0fffc727084a3f1de5f243317f5c86dc430c
SHA25630f0bfccd6a9a081c4212b8abd72dba027cf47642d26b505168bcb947201abda
SHA51260888fa53f5357bb69105ffecb47625a2d6946bb5d1cefe53bfc0acac7acc944552d2ca40c0c3c172c7ee8f37bb5c896725e291f8c7999443f368a0b0ffe1178
-
Filesize
625B
MD56c4f352020237c1c093dbbc0792b7e53
SHA1f405f41c8963f2ddd586ac9dee74971d70c1200f
SHA256fe60557868f17d828e57769aa1a7518ad311d7d6419c3520b452afe7fa2cd064
SHA51206a6ba5db78b14f082e3d7ec1a78c19b4b59009fd3d4ae857ed5fb0d5e7f26c4113333e82d96975dbd5211c5c5b30abd67d1aa7dbd4e7549c0e6a38ea8d44d3b
-
Filesize
873B
MD5538682fc4bf2cd13667a83e4cad9627d
SHA1a5e360789a7abb211cea32a2d9073042087535b2
SHA256a9cc49e5202e659a3fbb9f362402574e20c2335109ddadf83903307eee3298c5
SHA5121c84dbcd13b83d5c6775f38dde8a2816ea6288bb4ff5274acd964e774a2c8e486f81f2a50a5b84f541af75b68127c66cb8e736734d8874dce9ae70cdb4f4d638
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD52fe795ccf290cf9eb68bc1682413c69c
SHA1a46661a9a3cd716279311eaa7ee7334f99788259
SHA256e317585e91f395b2d6c68ed2b0cbfb2aaaa8bb2aaa34df279fbb4bb5d530a64e
SHA512d4015de0f12f917370b6070d29dbf3a18dfea165abc2c17278f07c770610a1314b577b1da8ff0dc0cb1dc14978f45a59390ced3a102f8cd1930d562503ddf730
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD54d84c9da2973ff83745b7373495990e8
SHA1520f4837967ce565000db65f823b6aa5935f020d
SHA256bbdcda274b24baaa2b191668f289b9f22b2257998493ef8660eb5e530bd143e1
SHA51246607e84754c3ffb022cfc0575f3ece0d45ea229d27ffa587211daf1ca590e4d965c413b239029cc10350a2c491ed42c752bff2739a40aeffeac8162df08c9ee
-
Filesize
615B
MD58a1c046be616fdaf54014b396923f007
SHA1b42a7e8b35ea9096a53353ebed0a86e1affa4f25
SHA256a9fdd758d2280600af44e54c79915065eb921a2c77b3e04671f81848a0170982
SHA512c5e52ff71be7d93f5b34d98fe455675540889762b41008f10b93f1018903a3c20884d15f1a9130e339b56a8de6375d2f3c0f32a5a3fe564540dc8e334fa19c2c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD531b35cb4f486f9e1d929cf5d1251a3eb
SHA18749184320a20bc9d7bb003c6a8e9ea920440f3b
SHA25666c3a7b460ac142354d723425f8d3429f3d29cb2d58b42e1cbd59aaef334360f
SHA512c29a91a4955b5b867b17336e0d20fef7348af0c1552297f406d55d019e757787954dc87aebc075bd97bb39dfbe7c1c48ab03ff75312936cef04a8fcac17675e1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD5347986b6d8779a5c41e07de634693c3f
SHA1249a0056d976a9ba084855d598e89562a61ddc29
SHA2561630ad7b031ec18cab05842c2a5cb23e151e26ce15062accfc7583b99da5bca0
SHA5125f25064169962a586e441d68fb59d86e2dcfdc945d8e36392f1b2f34b050586f854a86799e8ba5265ebc761a68bbff912f19b545d7f199fbae38a6a114354e9c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD5e153d5405587b5529fff62829cad0ddd
SHA10ddb9a33591420d1e818ae895e4754a3a4ecebcb
SHA256c0ba07b8236638aba2f6faa1df07cffa64fc51ebf2ec4976ccb830db3aa6fa07
SHA5121188cd0bbee69601dbd0bd3369993bdb4d22bd73ef39b44d571fc0204e2091b5c8966896769a8fa654eb006a5f725cb7c7e2823a34dea6a398109c102400a480
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD5cede4ccb399a4393628b19cb913b1d63
SHA1d6e1e839c1f6b8c21300e57f7fdfd5f4cbc3b3c5
SHA256760f9e9e1b0952ea9948de6ffaeed0ed06c6c18f80718ad06f1430c2d7a388d0
SHA512c7ef45e716e0f30766d7e540997e07a205d2eb3d93dadfa4b94991dede82d52151b05e5e05c5af54e9dc4f1d83cfc6694b3cd067eb03d9a2c9dceb537f6c4e28
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD5612db4a95dbc642731e054e4bdee7e1e
SHA1c2d1672cfcb0689d88ffc216d89384c16043ff90
SHA256bb05bc1077969fb38c27da21f2ca313c3826e5b27ffda8d3b0b69ae77b706f87
SHA512163aaac57015fca877dced0d9dc733e53824ebd29c819406a1aff1ec8184948cd72383b3180a7cbef6abdc9ed85dff6b10e3467b95bdf4a2cb2b7041f8774a65
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD50b0f7c0735a52c76f4ae90422b332154
SHA19fa065f74860f216c23d9d0660f52a944a2ad22e
SHA25640a5a26758bb5dbec5efc8d66c8cec3e4d14d9c3a3820f9747937671a5ab204c
SHA5127136a1ba7a3b67b08336e1c9e0609c62d95f6cf733a92e3dc4ccc6daa2de2560d27c681de4a700e4c8e9c3d69a3066b39787a6f69a89241eeed9cb966f44107a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD5fb8215b1f1304381501512590da58a8c
SHA16f3707e2853f90a7449cdccd46212e3362917c69
SHA256faec48dae200a3fbbb2015732cf7b76c79a7122f614ee1c78fbd4a4bda26abde
SHA51268a1afc841b08c55506f4f443bb5ff97543b5ec2b288643a19558a218e4d39cdf9380edb3a9452346bae8317d2b9c1b1d1a75f50f0ca129c124d1a8d051d144a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD52bcf997380c1373ba457e10fb1e8bc1a
SHA16bcb6699fc8d0d3697ac823006e885e3cd5a6e19
SHA256bbf1107407c3c99768e2d583a0e8bcb878ccfdace548b6d51becceced93434c5
SHA512d0b4287885a1ebdfbd8019f99dc3ffd02ec3de0822528441b8e78b2b80bf417c5f01ec2f5e8093b8cceac749f674ccef04cbd95b9cd793a99f8840e3c165abed
-
Filesize
153B
MD5b15613819262e8da55c23e43ecc3c898
SHA121e6f8a76f2df801f5303bd85df5a978764d54c7
SHA25644418d68bcceca5c1c3c21b36beed282db7fccb2423859093a7af8518149448e
SHA5128e929b9c6cd8c7fa9a48f857faa81e133a56c121e15c39b76e819e51219ff42d7c06fa13583b8dde879e2200eeee6820bf635b0fe2ecddf8f3c2c3254af71035
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD59b4e5e308bbdd8fcaf5d15f62f788bfc
SHA140b93557c7ec838685feaf6111a4eab46f2f4e0d
SHA256f935b451876f2790100f3b5d391e7fe385e0f7ced22097e799cbc4e8ffb52ca7
SHA512c9114899114ccb198b5a930b566cda5fb74bd924abab9d0904952e25ead97d7737ad30a5c0074662477f2ab3f3e00146455e4e592cd6171ae6420d6fdf462214
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD57d09f5eabf2d07419fe1079c1d3ff8b2
SHA19a34490b7976f4235bc9530d369d3127140e8dd4
SHA256675025c4dc917091c4686d6ea85207d121a59bea1d3124a7cf6ad28317689ef7
SHA5122a3afc2dd76b772acd0c3e1e82fe555b05f96058a4b0ac0adf2e9d2ec5f69f1c98a9f63a012455a46d8cde30ba4b7d41b4fd3133cd6640cdc192437347322a3f
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD5300f454b91ee5da835dc782515c9e989
SHA18e91925176150388bdba0ca6e88777b351765db2
SHA256e01038be47e7464fef8805dc8fbfa0b1aba7ef20eae207e45b846b607fba0e74
SHA512cfe87910b8147d5d2e0749b3981a14b26a51a77d786332cc9b568d396428a23106c1fb21d2d701235f43dd9196d36f967cd711ebaeac161c13d2d2c51603b89f
-
Filesize
109KB
MD5310926f1b5218ba74047472bddcfb376
SHA19ad170189ea425caa68ba1ff8527d0e3f4b97a6e
SHA2569b096e0cb454dae70ce473f6fb7349da24a1dde4fa4bb1390ea1e7a49381b6ca
SHA51230c9fce4a8721926bd5cc00fad914a8ec986a35ed64ba524ce46285ea4ba187860f8c589a39cd6e89aa61db1e357eec2a2861241dd9f0ade6fee5932720f25f7
-
Filesize
172KB
MD5be377d5cafaa91b59ca8ed56149330d1
SHA13629e1a47165d8c40332bef825ef45ebcc199550
SHA25689c4f7b531294650eac53ebfb1e643b21ffbf995c74b3561143eb2f5c801fe0f
SHA512c8ed56f29598d5b0d053b760b2cdbc9113e3c4ddc47f21dda9b6cdf31995d8a34fecdcf0b244acfb06c3c4aab6551e588d2717328b9fae9311897329585f9dd4
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD511cce6f99486979bf7150d13c5bb18bf
SHA16265d8539eaa17fc1a5a042a117e41ce56c9393d
SHA2566c26d52e60d08c20377afa4d6eb9df1575b3a9749515a7321d8a8f7395f8714c
SHA5124d4f0363323dd0ba91518182b5ceedfdc749ff4c43ae52cded70b1ca0eb0643ae4dff21a68d34fc994ab4f4276d5ffb13d8fb7af8d6f0e4c257421912f79c3fd
-
Filesize
49B
MD599663ab38edc0bfbb1458bb51634267a
SHA1297740ffcc87f9423624c3542f8baf60b3194a5d
SHA256090cada03cf6cb83dabef529297bc20a6d9c93decf18f579ddf6e3cd9bafda51
SHA512a07daf116475a5297d4d662b5b3661070f58fac3a68101179b832d4d6ac83cd405d221e4da89a151fd3714d0fe5fcd663b3542f937f78a15cc4cb3c7f5d2e5b3
-
Filesize
21KB
MD53f22f5713ce539fcf6d8838114d478ce
SHA18c392d52b8fa9b57ceb9651a737d2f37d076caf3
SHA256b4c068c362d6b0cf6c791c4d0097565ebcdc568494af541e456e9a26be25464b
SHA5120f60d8206d6e49f0cc0739052e4237dc111e4597eef995afa5afdc9029ca12ce8b51c15741f333dec96a26a87738a945f75fc50e8979a7c8ebd1842370106514
-
Filesize
1KB
MD585a790e088ef20cb920e55fccd9e3abc
SHA1f9e2c97ac67ab8c73e96bacbb9c0bb5fe837b1cd
SHA25605c4a615355bfbd13fceb882b8830e5d448582f0d20c8293963505de771bdf4c
SHA5123b672c9d07f8aa4d66ee23187796fbe9d1a89f3c7786cb7ca02cc9a9946a924fe8d5f073454704ec57368cd7d4f7cc7f8eb3894e922c4f8b44815629f0fd3632
-
Filesize
952B
MD5e14bf4272a7523f737823b203146806d
SHA16cf4b418d9188bc94332803f9b98e6854200e5f4
SHA256de83e46be0e2a2cecd20ff77e39ca246ac7f693a3ac6d4eda25e30eea91027db
SHA51242a70d82ec3d297a18847943471edec35f65388748c81b092b45a81913cd25a9f9b057f258948d32d708c993972f8903e4756f381c0842a45aa2c5d5b191fb72
-
Filesize
121B
MD55bdaa9b09d7b89677b21ada995d279f8
SHA1cce9f2591514801dfa449566920403ac67c4acec
SHA256cde80a6e5b6b78c5a0554cb6f06baa4cc28b36fa44a056c4aab520cd7245cd70
SHA512f07874f57da75a8afa58f7badb1a3480788b16f9795a89bec41f7734b0a3a8dc8280d1f7339f2750a6ab3ab96efad0bc433380e6ef8f442bc9888aabcc3f39c1
-
Filesize
1KB
MD546e958e61866143cacb6beed2f49aa07
SHA1077a2b821cb048fc3c0a2cb900d1ebeb40bf6d0b
SHA256e06be3a5fe04792c9c0c5d9f032c69f17aef41a7153cf24882b68792ee4bb67f
SHA5126a942810d5bc9d3366fd217941026e3e5d9c98580b1679d793ebf802a0746413178b53d25809782e2aa9600e3a63f2b768993b37eb6da5f20a147fc2a06d6deb
-
Filesize
8KB
MD5b36eb05dde9c33027b4aa575ed3d0e5c
SHA1fd393d72f6d1b3d89f94626e80249a3b243861b9
SHA2562ec2c87c2d72c4e13b577213716022103cd5c247fc3ac203174d3974ba36286c
SHA51235eed723ea084c1fac3bc1f6317168572eb7eb5b998c988cd1604ff5557039ff35304cfac13f84d6f53718b46858ef439c5fc5365ee26ac04e2a33f6ff63b36b
-
Filesize
61B
MD50a0cc02a6ca6994eb4fceac44c7afa3c
SHA10835a5df7149889f277a59e073c6ab204a6f4cb0
SHA256852f255c7d12d7bb8331d0ddfceb753809a6df2fca2246fce4e313026a539853
SHA512df77bb0133c199787931ac24584d6822dc92887a1b3ba0d9ffdd217158fc38cda508fc49374df0879edb02dbf670bb1a1b725b7a8c5be3c53b9845097dab0a4c
-
Filesize
914B
MD5c00dbaee6dd519e7a762e6edd03be341
SHA1a33024f8e2ee3308579b3b19863c4a586bb2e0c2
SHA2562d71bb66a4a2f5b78def681c4113a6640fee102d57dad0430e054b49359064af
SHA512c3db67018ddf60b975b56d94955a85650b307a02d5483e6f0171060012480688342726cc8606b4558cca11fa48899c4c4809cff86eac1881555ae58d9c406d13
-
Filesize
90B
MD578d9e0c31323f304e3ec64241334811c
SHA108f625386e7e4caed3854856a502739a57ca3e06
SHA25654b0b723c5ae6d70f6ddc4d75f71df8cdaa90b5ed2c10b5fb54ef386c1510d2a
SHA512cb44f05c8a4702149c3e36e0fa297c286694b371db1e90f7f8185ea3d277dad00977fbb3dd41a105d69b753897d9b77aa7cbee16d9cb0956e65ca81889fdfa2c
-
Filesize
90B
MD5ec5e34e63c569df639ea7188a362d7f5
SHA19b028cac58e2bdce5ee63cea867c459d80517aed
SHA2565779568e7c575de8d58b5334e9c083a121f10abca6748a140916dce4a176889e
SHA5128b760b8f010fd7c6c8e7ee0cfa0309ba11476d36384b31ad92fb098553f1d118926a6b3aaeee2e41ef64f2854a1a2e41f18423cc4730b1cd9834bfec9d2678be
-
Filesize
328B
MD503ff9942dec367f512453aaa401c44c8
SHA1ea3eb756a42bb35de308f2aa999bbaa1206ab974
SHA256b4df63302433e5fb07097a8c56994ba49a7e4cbb10e179b5aa60ed3f5e2580fd
SHA51279ea8a9a5862fb6dd8bdabf26cd0a7b3fea5c02027f4d32e9c73a5a20c4e27f5727009c0c379a917363aa152b3b0039091aaa4bfaed6a15ab0c6331301551559
-
Filesize
1KB
MD53a0db1d37f690ea47578de49d68cb948
SHA1776563ae66bf05aec62eace580e132522ef75969
SHA256a35c370460a7509d768e3226e24286089d02e8fabd3483e3b73024070b4c774d
SHA512f782ca28c137ba33d26c323b84d1b2c9c5dcf5da3a1d18bd759516b016fb375a3e197d9bff0b645025f8bf77749ab4208efdb8929e1236fc83775867d02f32d1
-
Filesize
162B
MD5730a6f927cb5ca53f5d5aa978906a5cb
SHA1559c49cb4c62d55b958d2141b6fbcebb9893ee34
SHA25657c658c2b27dd5d8ace2e316e9d7fe0658fd86c85c458a9052b52afbc79c9f67
SHA512053778675099b8fff90a90376a1b80f3dc3bf838ba30736bf3b9d4c0a71ca4ae74fccb52c53d705f645143995d3529f47593aef593659e6f2d436e22899a146f
-
Filesize
586B
MD56914726b5e0755eb9b23fea5369fcf17
SHA180fce348d4e73481785c991a063b16f7a60be522
SHA25678fc0a5e58317de63565a3a4bb670a5b1762e5c7588101ba110a821ddad672de
SHA5127daab4b610c0fb64562483782303a71930db9b50e16253552a920b36fd3e39950749c1bc7eeb4c852f447a48c53fc63c8634037303ff41ba5dc388dffd0b8af1
-
Filesize
124B
MD58232a89d20d6623404a2ba95cc637ae4
SHA17f459d64359d8fdf7df69ff4a98169d4ff531e7a
SHA25605dcf640fcb8e79bf8783bae7245ddc4bd62a600e12f4fa8e0964806f27a5880
SHA51250f4e7c8c2278f2f96c53b683e85e250b1119b9de106d1d8d828827872fd1e3355900a51d40ff94ba3579ccf6fbed0fbf2e251ca5354093c89a94e94b03d4bd8
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD54110eb60848106db4c3d4bff32c82a7f
SHA14bae6ac0c033567329811f5d2bd1eb3a7a4abadf
SHA256e29a7f8814584eac27a0bea6f5751ee5e4c4e9936af0e68b672326b614a8d7d2
SHA512bd322c5b94915dd9cd552014f5127fc9e7bc39763364fe75c5581f4b7ad49127d0b30477e94ccf9ebf49db2c099e0d954f3a2eee2d331268559ec6fa714cb68b
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD5fcae871d1d25c8656e6edd8e946b0dd2
SHA183d95b45788893495747001e93ab710ee6219afb
SHA25651034aa99a033509a5a770d00fd0c278ee566654b9a740b3bfba397471e94219
SHA51278b179a7a11faa042d3c77c735238597ee7b819b530fdae0f8b2f441fc4e59514af8933dd3c261e515bdbfa3c411949381b2d63e608a47e1a5ad99b6986744a9
-
Filesize
8KB
MD58b446f9178c3a3f54acc79737d98b126
SHA1fd4dd084167e012f2866d2e156b6aa8564a5373e
SHA256089850470d33f7d5e5c05a14362c449e4383f463f6855385777205cf5fc7a7ee
SHA5124445abcf78ca7b61dba56eb809313aabfaa3f6e184084062c7cd039b44953ca845b6c727de418037d7f38501598785fed37b03a487d808a0c49319c1711b3610
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD5a32da0a3095bc4c7dbbd71ff7d5d5486
SHA1c6c7447999da3261d5838ef9fc1cc844847f8a82
SHA256d134cf262d4b232febca4147907820d9edeb00c6f0492b927805ba54fafc350f
SHA5121c187c45f7dd49c8605c7c48522540e2a00a721bc28bc96516eca5c0ba148cc5193b6558d2af4dd71f187b9a39913fd43a47a1ce2f3c947b5f242d1316060fa8
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD5a0354b630bc9606d21dc0307821a48b6
SHA1384ca2b5f7ff50ec1974dfbfeea63a6b841336ab
SHA256413cd58597af4cc6dcedc6a9375274f4037932dc9e79780fa0b7c6bd13d65446
SHA51284c9e79e5f93019f6128b86d2fd5c3b27c5a3df9f1f8f93e0ab3d8d2a561fc6dac7d46c343c26ed5f7e94b8ef642c972bd050fba4eddf29432ed25b5c2fa59b1
-
Filesize
880B
MD54aa2354ccdf813ecf65140dc6305cc67
SHA10d5fe86f075b4977b7550493df9a3ccec0f119c5
SHA256c9cc9253a9a58f33ee1bd47da7906cb03b70d240e66d5b2347df0b8d74efb005
SHA5127f588275a6c0325efa25269fa39cba117beab8a6fe91158defe563320c63ad12686c59ece66de2aaaf1432d7719dd850531dbb0295bd6cfe06b87ff298e34187