Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
01-11-2024 01:44
Behavioral task
behavioral1
Sample
83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe
-
Size
12KB
-
MD5
83de82f6cb47aeaeef9abad6c5c729fb
-
SHA1
3408fb7ec9e71b85bb37a8740ade7b755024994a
-
SHA256
178904ee107d2d92a9672ef011397aed694afd3187590dea5ca60d9b1e12e725
-
SHA512
a32728312dbfa2257bb3a322bb3251530c01e44bf920b9a32d1921b4afa86df163df7f3f23609eeb46e5565aaf68a190b0a29df0617f13a2dbdcd5c79d0c113d
-
SSDEEP
192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMCabe:eebFNw4Pk1itKkpAjjI2YpdmCa
Malware Config
Signatures
-
Renames multiple (2193) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\M7qeHP596hKs2Ae.exe" 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\averfx2hbh826d_noaverir_x64.inf_amd64_neutral_da2ba9e8a30dad14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmbr005.inf_amd64_neutral_d140721f97061bba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Documents.gif 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_execution_policies.help.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Comparison_Operators.help.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmbtmdm.inf_amd64_neutral_2e4da8629fc5904e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmvv.inf_amd64_neutral_14cb440c800fe9fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky003.inf_amd64_neutral_fe7ea176f20ab839\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\umpass.inf_amd64_neutral_e3be362bfab667d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Command_Syntax.help.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_preference_variables.help.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hidserv.inf_amd64_neutral_f2223e39f37c69f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00x.inf_amd64_neutral_808baf4e08594a59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0019\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\System32\LogFiles\AIT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Session_Configurations.help.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_neutral_8887242a56ee027e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hal.inf_amd64_neutral_232b95977cf6d84c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmega.inf_amd64_neutral_f9c441ed24f00358\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsMovieMaker.bmp 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Signing.help.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_While.help.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnbr006.inf_amd64_neutral_f156853def526447\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_WS-Management_Cmdlets.help.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmke.inf_amd64_neutral_3e4daa83122b1559\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wvmbus.inf_amd64_neutral_fca91999602b0343\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00a.inf_amd64_neutral_a89d2c01c0f43dfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\IME\imekr8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\sppui\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_profiles.help.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_locations.help.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Command_Syntax.help.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\XPSViewer\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmzoom.inf_amd64_neutral_dd07287cee791f3c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\cs-CZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0010\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnrc004.inf_amd64_neutral_bbd3435eeaf576ee\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wpdmtp.inf_amd64_neutral_28f06ca2e38e8979\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Continue.help.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Foreach.help.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions_advanced_parameters.help.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmlasat.inf_amd64_neutral_bc1469ba40fe2114\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc2.inf_amd64_neutral_7621f5d62d77f42e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\en-US\erofflps.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmcxpv6.inf_amd64_neutral_f62ac4bd04e653d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky309.inf_amd64_ja-jp_afbb421e3dc1cb6b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wiaca00a.inf_amd64_neutral_163313056d8f34ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\WSMT\rras\replacementmanifests\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB02229_.GIF 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_flyout.png 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\weather.html 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03011U.BMP 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.jpg 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files\Windows NT\TableTextService\TableTextServiceAmharic.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR21F.GIF 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Program Files (x86)\Mozilla Maintenance Service\logs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\RSSFeeds.html 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR20F.GIF 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_over.png 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21303_.GIF 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099188.JPG 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\db\lib\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\HEADER.GIF 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\logo.png 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\BUTTON.GIF 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR1B.GIF 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Templates\1033\FAX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana\TAB_OFF.GIF 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_dot.png 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0321179.JPG 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02749U.BMP 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\flyout.html 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Multiplayer\Spades\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145361.JPG 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_hover.png 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\weather.html 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21435_.GIF 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\Shared24x24ImagesMask.bmp 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\calendar.html 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15301_.GIF 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_snow.png 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD10972_.GIF 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\rtf_choosefont.gif 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\Attachments.jpg 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\TAB_OFF.GIF 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\TAB_OFF.GIF 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\amd64_microsoft-windows-bth-user_31bf3856ad364e35_6.1.7601.17514_none_c33f455aebcd9dbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..inboxgames-shanghai_31bf3856ad364e35_6.1.7600.16385_none_1c98ed5d08db04ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..y-spp-wmi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ce3090e542b2d0d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnsh002.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e027cdbfc724a1c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-g..cy-gptext.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1973f482f3c3b1c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..ty-spp-ux.resources_31bf3856ad364e35_6.1.7600.16385_en-us_54dae2e5153375ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-deviceux.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6f5269b70e79c17f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-fontview.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_02b2b69cac6b640c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-mystify.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4c60cbd8f35ca91e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\btn_close_over.png 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_78812fe3ee90d4d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netefe3e.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a931ff25c612460c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-b..xthandler.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_3601ec8bfd6fe009\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.1.7600.16385_none_c0145b0b22c3562c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft.windows.winhttp.resources_31bf3856ad364e35_6.0.7600.16385_en-us_3d419a3aa700badf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wpf-uiautomationprovider_31bf3856ad364e35_6.1.7600.16385_none_6091c2fca4a2e9be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_black_moon-last-quarter.png 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wiaep002.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_814c9b6edd55c27e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-qos.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9722fa79c8301db4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_profiles.help.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b12f1ba8da30ec61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_it-it_791e8ba25b9c7bee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_ipmidrv.inf.resources_31bf3856ad364e35_6.1.7601.17514_en-us_a6391f1ad23afcc3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-heritage_31bf3856ad364e35_6.1.7600.16385_none_5872c0830d0c4747\Windows Logoff Sound.wav 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-00000c0c_31bf3856ad364e35_6.1.7600.16385_none_63e734d6a3de0b83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\Media\Raga\Windows Logoff Sound.wav 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..-platform.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_7114dff4e89e97b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-sigverif.resources_31bf3856ad364e35_6.1.7600.16385_en-us_760dc5d1cf80d00d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_server-help-chm.cmak_ops.resources_31bf3856ad364e35_6.1.7600.16385_en-us_41f743e5920bb73e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\msil_microsoft.build.framework_b03f5f7f11d50a3a_6.1.7601.17514_none_972483844038ebd0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-base_31bf3856ad364e35_6.1.7601.17514_none_b7e72625aff23492\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-c..andprompt.resources_31bf3856ad364e35_6.1.7601.17514_it-it_0e34114dba57399c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-cttunesvr.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ac55c720383ccd71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..ator-base.resources_31bf3856ad364e35_6.1.7600.16385_it-it_80ac4959a09d7b38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_msdsm.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d280e72d7e9fd67f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-display.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_263d9eada51ba1c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..tyle-resizingpanels_31bf3856ad364e35_6.1.7600.16385_none_bc51073aee3391ed\NavigationRight_SelectionSubpicture.png 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..ols-klist.resources_31bf3856ad364e35_6.1.7600.16385_it-it_15edb5b7bb076ec7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..rbleplace.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9666f6e1dbe77f43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-f..rant-heap.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0b67185739e9df83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\inf\TAPISRV\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-powercfg.resources_31bf3856ad364e35_6.1.7600.16385_es-es_84baad62842af330\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7601.17514_none_ce2d22115368db7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-zipfldr_31bf3856ad364e35_6.1.7601.17514_none_d62c4fab4be810dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-backup-cpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_590454f6d9c9afac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-mobile.resources_31bf3856ad364e35_6.1.7600.16385_es-es_50534a5d13cbbc05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_fee1d678cfc147fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\settings_divider_left.png 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\Media\Windows Logoff Sound.wav 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0c7a787ee997b2c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wave.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ec7d9f2906b77cb8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\SecurityAuditPoliciesSnapIn.resources\6.1.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\Media\Garden\Windows Pop-up Blocked.wav 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Speech\6935e1dad6ec5de21658f8d38999099a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_679a6ba79b07a3c0\add_over.png 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-tvencdec.resources_31bf3856ad364e35_6.1.7600.16385_it-it_33d1f3108d482e7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Device\64b016e546f8d38525f02e9c73c559ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_methods.help.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-d..asks-sync.resources_31bf3856ad364e35_6.1.7600.16385_de-de_42f5d5d5e17a3849\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-a..wdm-audio.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cc7427d01bb287d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "VXVQSRVGJBHBRKD" 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VXVQSRVGJBHBRKD\DefaultIcon 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VXVQSRVGJBHBRKD\shell\open\command 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VXVQSRVGJBHBRKD\shell\open 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VXVQSRVGJBHBRKD\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\M7qeHP596hKs2Ae.exe" 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VXVQSRVGJBHBRKD 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VXVQSRVGJBHBRKD\ = "CRYPTED!" 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VXVQSRVGJBHBRKD\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\M7qeHP596hKs2Ae.exe,0" 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VXVQSRVGJBHBRKD\shell 83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\83de82f6cb47aeaeef9abad6c5c729fb_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2980
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
282B
MD569a98ef655778f1cb3764a923acbae80
SHA122683321e95c9a631039d15fc49ac5d3e639ac54
SHA2562ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2
-
Filesize
341B
MD558377c0815d6923a7e97e0e3d0b31a38
SHA17803bc21dce62d9dc20d166854e43b001b4fc0fb
SHA2569821c90be6fa530e80d37b0945a9734c285250ab5008345a8713b523da92a35e
SHA51271914ab434108c0ea7f107ba8105b2a5337ab14dd4a0dcfd1a4cf623b3cd2d7378a7cc37eee8f5ac8f0b8be0deb5a42073c2c1c8d1f6bf11573d621c20f231b2
-
Filesize
222B
MD5c7ca8befdf58256cedf747a3963d2399
SHA145ddd1195767f367477c212a8e96a42ffd42555e
SHA2560e24e42fc17b077c1dc118d91a8510767a9620174bdb636d700fcec8bfae85b4
SHA512e1f8938217f11b324463a36bd92107c4215f41dc047e0a5f23c6bbef02242318b7225ca14f61511e8acbd060ab1455e07ca09156941b0ee950a7f6872ef16656
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD51a1f4021ad0f8f845103c6a90407d44c
SHA1dc1444b9a1cbeaeaef1628d290e09a30bfdf20d5
SHA2562e33358e2ba1b1615694f1daee5992f5c1b3ef530f3e8d32c32164d12c1cd074
SHA512354d511391eac73c45721650f02d5043ef87cd475bb707977ec3291b61891f346ada7efa318447f172a0e16c483a1bce295ac9c17c1754d87a3e67366511635e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD59667ecae2046ec8caea1317981b04162
SHA149fad8cfb4c2e7d05f5fa44c8b93b0316b62b6c3
SHA2566f5159ff6e403b121fdd5ec629f14ae6b58cb9d86a62d3f6291c1c4d9c40a3a1
SHA51243375b768c2894864e501b823b9c4030095aa5cd836c83b9529c5b532771572a7d8c0d0e9e22b75567a7970f77b7b3ad6e9933c3863097f1f75b32e074be6469
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD5668749132b10549c692fd02368cedbcf
SHA141ab7e297a2d0cd10abcb3ad3232455292c02fab
SHA25646dfa9ec8d817cccaa87c0a47e3ee3cb656bae5092457e4858608401ddbb5e09
SHA512d3ba15c26cdbf88410af95c3547dbef0638cdcc09285a9d7a4bc7a671664d2b657f59bd66fcec5b383097c2368112eeaf29ecca960420b5d4149809914b2083f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5b1dabaf17816f39230461cbd8c16e018
SHA1926f86a812ed21de82cdf4ca5d63e2d08804c6b5
SHA256418c6e4a93f105d230325464c9f9c62efa86d70220846058618f430d284ef508
SHA512d3abfc3d90ea0765756c284694c814b58de7aeb3b040dac2b11574f6465f533f906e4ff0de87aee59b5f5dff533ecc7c968ebeaec7ddbc6601e1911b43329e81
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD531bd29bfd556e802b9c9490a113cfdb5
SHA1f2e217282c6aef125b05b3b882051226bb962e1f
SHA256d8b15c77a998c55c0afc41109ed0ebd88fd58a1e072a7ac619108a301c588070
SHA512820068f5b5381d9709145c3dab1240922f21c2d36c266c0b4ee43386392f66ea9b4b1370c2730c0eca142c6c0a83bb226b8c35b31388a85cbc74a85533952476
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD58dc4ed0a11c3d4b08e3485519101fe01
SHA191f2c927ede3badac9910e484880e9c0eca0846e
SHA256861f557bd888dd7cca4fdca153b9dffbb1cdf209461984e307923832b71b0f14
SHA512798c29d6293fdc874b651c29da2e37982b41b21e383cab40613359b5a25ac0ae423d810a9b925b254d4e6a91c44cbd79aa2fed2c077619562d791aaa19680df0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD53c68f52b8ec879eb141b77928fac2074
SHA16dd9abece6bfb6de5e6edc11934f71d2ac72e4f6
SHA2569aa24278cda4e295d87b6e01582fbc26a7a543e0af099206d8683b259e7f81af
SHA51232de92d4c47003b22736aefbe7ca2d85854a581985d45d6bd4e219c66eed92fbf84cf399d149ac332ed2db19fc0c47bae24f0e875da0e71c3e914d190ce7ffd2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD5ad52688672a42532ff866d6a6201a131
SHA189c81821eb40abc5ac7ae29e30e37218b56c159c
SHA256b5cd8fa421e97424ad2c06d7d8feffe6905e8d1586cebdad7ed782ef19882829
SHA5127a8effda42a15bb62dff6b9be7210e89ab68a1c4d3089c3fd221e8de066728d93f479a55c2d95c0106af763cf1048436bfead0183b48d78170601f52684abce3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD51cda3e84c3fbd3a91a386c2ea74639a8
SHA1d4c23407d37b9846f5040f1fb5836e96352a71c1
SHA256436e6f85b083b450ffab713467399010f9fb5c5536b0af09214cf4b49137cae8
SHA512dd083c80b831a38fca75e6151d154fc74e3aafefb2c404d36f8a727cd0282ed2a5fb7658e866369b834c38d870a97d28e40540383e18a68ce59f66a48ef2bb20
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD5187090a93b4e70730526ac452ce132c5
SHA1fd878b1d0242d32a0b77cac16222a1ddab281800
SHA256c9a040b8f5a1f60b2a801807aee75f8be3f54e3b0d96f0cdf8e937e70d0172ad
SHA512667457fefeb13e8bb0a5a81226476fd8be3a5011e47262de9fa8463f2ac98b5af91bfbbde8baa40bd84e0a28e01a222fb57253fa9871fc63657f9f9baa13e463
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD5bf6097bcfb815db02b1c0d4a7fda1130
SHA1ae002d9e78b983e2535b93ef35be3e81ad99a986
SHA256ff59ff0953847b34656dbeca05d4abffe8a6ed88b929c3d4c1babc91199a7ec2
SHA512bf9e189abef5c5f2c053638ee2a6c4d3977c4c808076b8d57188a621cee7c3cb50b98242937b56b56a13c70687c626f0983b3be36613f4b114c0c33e3495c3d0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD59cd912fd9e1f3d889a593eba0fbb7abe
SHA14aa587987e74a49d84c0fb00c7a0d1d9b09266ad
SHA256c8cd269f41007c5125fc18019ee693594098a57eeddab555037578f4679cbb01
SHA512ffdf7fbb511b121c460e421a3010692c0377773db634cbd607279704da8ad6ca21deb9ca081d39088c87d1bf6864ea36a12fe97580e52d319a2bb15ad0cee4b4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD5c598e69eee4da231578dbbda6a2a9ffa
SHA1fd8dbddf422bb21ec1ddaa40ef96a44162b0b551
SHA2566f6360986cd62750a11728ac0d8ab17b2028bfbd38720f9ebf7c20910afa696f
SHA512872f416a90a877b3f6fab98421ecda19ad3971e5b843c8233de9ff90b3bad5fd86a162c263e7c7f983548032d06144cc2b1326244ed4a7599af4d2102a5e4d93
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD55dc6a8381ed6445602bbb8d5dd2fd72f
SHA1a6fc810ca334254111261040925725f6d861805d
SHA256f7890deb2618f8280f2b8347866a0801c3e251094666dad1ac0d5ce38e06f00e
SHA512b640bd54af0c0635fc0ba8ee19fd2c43cd3f3d4c765605771e5208782d2f9751563a0a1d257e9182ee1457767270a947f44642d40779a084a205676e74ed4dd3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD5528c689a7f6fffc2b46d1ff952a11a6b
SHA19768b13784087ec9a22feaaaa0d87346cc968581
SHA25695d9d2cc64adf09d067212fe63b28bad63fd89b583dcb3aee4405326f21d043c
SHA5124f3d0cb8264fc82ee053f892dc0bd8f98dfba6ed82cbab7d76ca8e192f20d3f0b1fc8bd27b6ba777befe8eb5e828a81c00dab20a66b1affdbe3d814cfbe3f396
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD522f086c7017a2d618dccba7bce2274cd
SHA1b914e3bf56fac2d96e39a69120f63beb7613c729
SHA256852dc67c98fd8fb02a5bd4c312d49b617d757e9d8dcd0bbf3141a4dc2bb165d0
SHA512a3570d41923a59ae9165e1a6f73d4b5f622ea2db0119dc1bf0adb16f3f87b3187c9205f18daa4433910a34ffb18331f14536156878d9244dd326f99da1a451b5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD57599326dcacda2e470666e88ffe3aea2
SHA170dcb81ca09c68282aad0405fc48cb9bfce7b4e8
SHA2560b74491e4287820d430e9e77a622a0d28a11051e75aec8f631cd246642f11e5a
SHA51275c18fdd64ba6ccfeb8834c266e6b98f291ad7b01919c21d9a3b7814acb7e1a80cbe7a8307808c733cd84ec1c5f8674abec54bf8e7ed89bcfb2add3214feb31d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD536ff4cb3d0e8e066c316abdeb6580af1
SHA1c91be98f7751aad16e3e84c92654fbd8ce8d8906
SHA256e64093a7fdd42b84326b3251c054d63b47caed041974ee38ba4d9c1b2256b4bb
SHA5122388134609f3c032765f37542f2ab9f011e56fade46a6a3d8a5f93a3e7c06c851596055a37a96d38e34c68ab71e688e7d0af4cffdca0ff3a2a73398756631a56
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD507b942d71b081091320adbf5f3e1ca22
SHA1b50f27205bc80dfb793240c1a4c9f7dd54ea8059
SHA2562fc6eff1dae5769295d2b06360433aa2773b3ec66948449a8e2e6fe8425f25d6
SHA51298cfd154ced5bd61462c530605d1d30d55615e358d402846c202669745ebb9ba6dba3e0305f39be4252477de577056389d9fa13b7fb86fad0c333058c59329a0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5839f1831501a59f32694597302c3d5b7
SHA16e193866852b5c0783ad9c1d5c666e9bd338e4a9
SHA25642fb951cb1ee967f4f6b41c2fb536c75436efc541bd63221ece007c70942c2cc
SHA51230072fad4e08800a2f7a2a52aa60f4bfd7894123cf6f3286134e476b2147e6fe9d7fc7848498f7783a72c74226d47c319b126afa5a5d7fb574dc4cf40cd9aff1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD55d3d451294e41390e1f9963725e370d7
SHA1de6db7a38288cdbbd2eebcd938996a65c96804de
SHA2566c69729f82be21fc3dbc66933f9a4319057fc4e1091e5e59154db2cce62089c6
SHA512308d862217af9aa0d802b907419d46f3412692e3022ad71d3e93de873e97e69cb727fa06470b088c6d57c23bb63930a7483b4404322583be659456ac11fe554f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD543cf1346e143ae030c6608e8d241b300
SHA1985796c1f91b7c34ff031f3de0a926eeea4322ec
SHA2560fc23b3c5a33dcfb674ae9669c276075946d6c945928da43a999cbc248bc1ab0
SHA512c8bb36b725da428f873c2bd48d250661d6884c21138fe7cb762c600d314721bec9c9c3cd0afc0300200cff85b02ce9085685647b2594ee390a686c029b229a11
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD57ba2a4443c8ae74221af7854d396b8ac
SHA152b9e4f4af08da3800e98c87935f8f3f207ba7d1
SHA2564771911e030b79bf9c96a2928181b21f41ae39f30301e680edb2bd4da46a6521
SHA51264db96371b14e70a9054e722eb7b22d2c07cc132e7aee61ba004bfd69ec93c07bfd2295a6adcba6781463235cd1440ec599ae4f2146e2b7ecab1b3c1eaadc110
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD5dc411f13aff93f21f6c793f0354022ed
SHA190f424943f3c2a1e932c139b8bdc7d3aa2fe809c
SHA2564217fab6c61bc1a05ce111b5782502688cfe5182af427f8cc10b2d4a9e870940
SHA5125f916e8e717d08ff8005ed7081ae0df07fe27bb1cb5d6ace743ccf8545667e026306bf5ff495ef2c2b015a2c83408790dedfd1dc95404cccb52eafe89b3f6f92
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD572ddb86fdaa79531ca8fb76719dc6d71
SHA1232c98021667d73dadfc0695a1b4bf757289188d
SHA2567166318f61481393c6744f80672f58f13f3673df5539a94d960bea93951e4c8f
SHA512d92478c9c2f6f97d05cf392388ef00e130efb3934003b4093758ca866f3484d126dad677d5459a5ecef158071ff04ee47fd84a2debe02cb653e9bced3f6b8535
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD5b7c467599c33734ad20c241f4c197dba
SHA1308878c2664111965abe8dd77ba3dcc67dd043c8
SHA25622c5707e937bddaee445f4e215a44bc44282eddae841198a67ee3a5b5d7693d0
SHA51235f79f08b1ec9732d5c6c291aafc9d2ea3bf21674c9fc5ca2d94e59a3083a419fd34a01dc7971ad0f6b94603e2cb4bdbceacad1719fb1ebb2b6c0f3d25f232d1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD528bccbafb0b4d3831cdfc9b035ff8fdf
SHA1b1e54113f49c5313b8ac811f4dfa30a1e6538a04
SHA2560b7730f62894cb3f88d690e55915ca9225358d022950e8b042457bfe5fbc191c
SHA512af6383385b21e2d201f4ce4c2a43c3dd4389d8f91620779552d0fdc1e0757fc69a4453b6f99c52203f3aaccf7126eb10dfc4cb42b4b7bb909e9f291de4b1ce44
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD5877b4432ddfd063c5ffc808ddcc3fd32
SHA1889e9c402e4c6d5fca10d8ccf0b6fb1b53cf2e42
SHA256a8e51acf5248d971444db38d3b771f735c2a88c909e66920ddbe816973bb4a11
SHA512972a0d9d5b6261da0340a985a61626899ac126c7f2da2b06602202a362dcbcf61064e10842f66c3394ae045a6fef162f8263e9959546577d54dfa1aa46703203
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD509c3abb760aeda0db715eb79e96dbcd4
SHA18b8110b09f8eaee4abbda4a04d192f92b4914089
SHA256747152a83934f17a4ca58dadc6bbd5158c9ddb97c1c77fb76b6e17587e0cb74a
SHA512ba3e68dcfb5c8b7e10496abdf7de52556d9f8c4afb5b421ff3d2729cc1d58c7ad3d001adc76f6521b5d120e1e5b539045e481e7560fe0ae7864d6bc4f3ec4445
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD506512eddd42065be1ae560876d285fe8
SHA15ce5b7f266947b69fcb5988616b723133bd0b68b
SHA25635e04a780cf400f5638a91f58fc6035bf19f48cfded36c7a09bd89c12e1f18f4
SHA5128bbb134ece88c71e1b21f07306b1b6d9e60e9dc9a0d74dedbc1d7776f5a736eb4672a9186fd36cfb0655edea7c6c6a960e70ba6fe61d51d562a58b56f1ecb123
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD57d493cffa314ff3258245f0387f39dc6
SHA184b16489ca81a972536a67404725dfc928fa71e3
SHA2565da2a925ef3c67ab0d2e4334ec9f1fa4fe4c39e6e8049265b9c203b244738649
SHA512576bbf27a8b2d151e8d86a5c855e380ca6c9d2b9c83dc1d354e1e01d5d9accefe685e759e3c7ae76a81d90e4916298088579e2a64b360197595dc04ac51d6c45
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD58ef886509447cb2c70e76a012917222d
SHA10ca31ee7d7e5502259d764231b01805bf7ec27c0
SHA256903523b81624e1f46275c3f495d1e019e7225a8cf4e96b348beddb6e7f477610
SHA512721153682f76351fe35578f7a0091cfe65cc16f2ff579072f53b2c932b7e178993c129bf5cea64a6ab24de36c90b28abdc6861ca88d20c5051511c2a4e578259
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD50e0ba9130aadcf9776150a1ad908ea0b
SHA126dd214675dc0c10fce352df715d82f3ca800e0d
SHA256eda84c1c46f26039b6f6b598337f8ceb980d53d17bb57bd03328eec19b049aed
SHA5122bf6fd9351b3d1b4b7869f7cebfc717f95e4827c591d86a39edfa001c2fbf5fd8e4fecd4adedb795b6d43b032ec3682d93f96b4db3ca47acbcf102254d2b6dd7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD5a59db690b52174ee11be701ddae6c8ca
SHA10e0e72fa32ae1554f1a22f5b4bbc8de5ff6e23ff
SHA25605de09ede167bcf9ff16ea217a498b50236c28a0ee4a737369366a51ed654da6
SHA512719d9994036aeb423dc41d5bf03d121e3c1108b5c9bcc440f61d316463429641b7e81a43e270a3fe8c1700aa55d1497fe22de13f18b6d096f4a4dbc59358b0ad
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD55d717cfac63b6aefe5728caf62b0ff66
SHA1d897ca5bfd86bdea3f984342350c8436644b336f
SHA25638f65cd4b5cd12aa69891ac876d8f74c574ea2cdbd0e8e50835812fcc3e37d6f
SHA512834329b4177655289f681a56df507d72d87bc1d472a27a84727fb736c989acafce32f46294bfcd298c2dfe980c81c10d241049169f92fadc285a7bf2922a6887
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD58757e230c1a8871227f0e928ed949df4
SHA1ac69339d0ae87980f4a8ab64b7cacbbe08c9d8fe
SHA256f3693790af987279eebc7309b4dc1433a1ecf9a5b093e33f2ff6c9fd0fbbd243
SHA5121503d8149fb7c0bac35098ddde3b00f9b2a0e6ac63a81effcae67fbcc783d89b52933c9a5f46ef6207a0faa9b7c24736e1cdbd56e09e7b67de3b9ad8fcac5274
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD522a1df0a0e92e02bc3277dafa1a06d2b
SHA1612797d05f7a05f09c978979c64c4b951e1f9772
SHA25663d0dccd4077081562ae4ef579d87621939d4eb803396f6db306db7ae28ff33a
SHA512e82def21e53c6fb4810eff23e65db125fdc06abe9c66353f732e1849f484f4e2f6106dc15a60c6ead907f9edff8493db2c41ce8eafd0dc9b4089981ce6a45dba
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD57694954bb37980c8ed49b327d34e10d0
SHA1839c15144f0c527d3da1e63756ce643c12bac98f
SHA25684a3b1f80341b1c7ca07cee48a8b1fd950754bdc7df5548c5aca22df9d6a8338
SHA512f23924120e5782692540cf00295bc2c3f52d376dbc0e2e78cc425db0faf08b3a16f439e2cfc93ab840edfcb0b43c8375702782ffc530b2b4342d468b01475280
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD54723e07c7e0d52b243e8db03673bdf5e
SHA188f4a9c56499db4a7c5427e2e33f855ad77b0773
SHA2566bfcff4d63c87db695a57de476cc39147c0d3ed79f377099df5ab7a77cf14183
SHA512455a6f1b5addf1731cf77382f0abfeb9928dccacde1eedf9e4d4958332cbf50a65dfe61d96bf3981f03773de876b3aaff78975a1a1a41aaaaab9d02b66dec465
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD5edd3ade5ce2f0cc062e9f71e6b57a3d9
SHA1b284f3d902ecb6276e731e67596305d22ecd3df8
SHA256134e0c1ba03eaaca1c67076231b98b32a7b1bdfb75e04e7472089b58d40f18fc
SHA51284baf7f40d2365f3d4a36158e32cb9518b8f39c5279ac8be995727618a30e49804bc4db062a2c4c21a0c543f75c8b546e9edd822a1b56476bfecca89419d8fbf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD518ab1effa4a57cc9568dda079a50f50b
SHA16c36e8a8a44297d0eba53f9c8fb70261a6f96efb
SHA256d82f2084dc14aac2ccc7fdd192271a7f61f4ece40fc7ffcf2b1b4719c52b9dc0
SHA51269096d218559925ab9b464f4679ef2322ac39d727611b963e1e17fa99e531ed5f318082bf8c947542b21b8e9844b44b031a874ae4c00b6e6944279b373487921
-
Filesize
580B
MD54092f18e05d71e00fec0cea244e0b5fc
SHA1c67a500bb09ada261d03cf67817a840f8a31a212
SHA256b61aa68db80ddac13dc0d12a56dc2faf47aa5abbfa6b5e31e06507d41b7fba80
SHA51294aa41c4a54de97518c76b43b62c5f0997361bd7cd47717321bfa21604dfd37e741bfc10ce54bc63375909c64dc7c17b7cb78434f739d37a3d608da56ee1fc66
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD5be2ce9fcfe5c4f9364aa3f95d9b0b0a5
SHA170b0a0fbe9418e731a6520e9d5cec7b499563678
SHA256896907c43dc36a36b7a26979f738ab30e962baa3e4b9503b343b783e33869774
SHA512d977de9a13162d6753692072961771b3f8ee135819eacdc82eddf9122b99f96890b50c4c987012fc9250823db77e1cc04f0de9cfa9e6eee6f53932fdf8e0a67e
-
Filesize
625B
MD5cd21fa53cf471f4f2804ab351eb1f627
SHA119564405fe9e074d7f884f539ae68de10f41ba6a
SHA256a9ef6f9ca5204290ea0898a24115108d64ebd8fe678a53ee7ef645c5cca2ff3e
SHA51219993c6f8c3cfeeafcdb27a67850dad6f9fa752d284261f9b16ef985104e7eb25624a8d134be3fa0e49ba5ab62cb02754dcf8e78af995699f282f181be82365e
-
Filesize
873B
MD5c5c5a1a3585f2d60619ebdc058edb7ad
SHA1ca63f4811143e1763343b5fbce1114c8c41637d2
SHA25651a8092f48b7a814f1cdb79f84428097f746a35e16590636ed83ed2fc7ddcd42
SHA512cd88b64b8e8d760b9a431617df6f8b574bac88f8ef8c1e76673503f5eae59cd3ec1cc84ff24b847ae141e28f327f9f40a3c76a56a10f13b9920db6323ea4a3e7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD55bb64cbb112fd7a24917b253d64c8e28
SHA12163d4e4f2ccaa2fbceba16f9dc91bc556cd33b1
SHA256109a1bafced60221910a28c5d6afcb495596bf172f8f62355f7e3a18613af5c4
SHA51286175b7d2addd71c209cb6a910c9905fbf9cf655fabf4ba006432ed050d2ba6e2302ce15985fcf9d2d6962c54bfbc3e9aadb2f9d5d07543bed5314359bf00bcf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD5e3db0cad8f20df9acc52754c3f1092f9
SHA134fef581dae200d058e4259c7de3eb0f3632d59e
SHA256d45a8eb7da1b3139cc4f2b4d54db74a4bb1094282d2a8969af24ff2521125583
SHA512fd44dfd566bab3d4fc182e9fc204a7acc42fa22a06e0c8e0e26495bf9c30081d9c8472ebcc0c7380f6f4283a006984a9cf84705b39b4184adae81d3489acf7d4
-
Filesize
615B
MD5a3336fe6b530e389919eee0dc1c3985c
SHA1d16fe9200de3caf026c148e19719d855b3c3d585
SHA25650ac7f820108cb09fc5a0362687988f8d4bd93d26900103cc5fa16de080a5d6d
SHA5129d4da62446950d4a553d516aa485f83f652a63bcf81dc6cf0e425aa6de3c5cdcb3ea9112c301560ac75ae74ba509fec9eb8b832f93ec7a38d016e82b1de01746
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD5c1d5744c40779473f69b71834e2f8388
SHA1c49671bd42d53a753e04371e6e0ce24fc3e86db1
SHA2565a527fb350f0e450b8a743d1ca5045d2f54c3edc4f55806ad0f8a2f32336ea1c
SHA512a941bebd67dfd0763807d58b4c1809874de6cd2755dd5a3293041249b0df372c041f97221897a6e9e1f736f48dd749bc6efc9e210f6d0876ea87bef1ad6965b7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD5b955c64b4e9cb0231d8a36e929fe80c8
SHA18182f87d208cee5e310f8f9685d50d1d87a00de0
SHA25686ae8174e7b890cb9f31fd7a040da30b2d5cc47402209f4dfe37c3081f024f07
SHA5128405de0d0f094a2f41f3f07ce83733408594fdc7f4232f3f501d8414729b6532a3ffc1ef1ec789ee805a32ce2d0911e69b822fdb9f4c485ba0b6b1b05abc9d80
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD5295327a0f3cde69bb5c91b3e4f687038
SHA195f080664fcfd52081212b8ce51cf2a9916ba556
SHA2562aeec1cf0389baa9aabfefb038aaa097405d8d97c852e92a19cc6060129dc7a8
SHA512bec2e6445d7f7982ded824a283d36604c83526ef3a8fb3590f3b882102ee2e8917c2cec308609d8e0a3fcaae6d376905c0b4f535cf133eb813523df6995b3666
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD5204d2d56cc7053897ecdead6e98b2a4c
SHA1b04e3e5f48e13b89e3e1d209d0fc3e6f307b5749
SHA2560a9879f485a3fb8263a5a611fbe73396ec246c092223bebdf73b7a622f4a5938
SHA512fc8495a81fca490fb1d18283a967724a13aebd5d5b052495dafb2623a122423117d69e3bcc49ed588b65b7c106c21e6caa86d05d8e49ba370f2b6fbb21161647
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD51b341cf7914018a0bf7d8ca063bf2501
SHA1a99271e2ad8d65ea41a04671e3de48c7de278df2
SHA2560c1dd4e4127033410cc55f8686625c3aabcd900cba85366bee412c938fe80bab
SHA512cd30721c39835d26c52e28601167a8fd9fdca621745b43c5f9acd1eb98a9ffe6e47b9f2961f9fb09b94a925a2591259190d1c4f32709e94dafae291dbfc2f12a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD5efde4bf300c9ebaba6ce13fe420862e7
SHA146cfa0f0f14492440d289e31efd0d27a2c2f4784
SHA256d8f647002f73a46e528d8b9d0e0ed5cde8a37d716f4a2df183da678859f729e6
SHA512d250983f253ebe8c1c409ecea57de7e756f7c7e7adf3dfde535138b0d6b3faec47b14b70442b10bfe279d7481e602b1f5d355654f6ca7e1f9886f7768ab5f7bb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD57d743ec0c29787040a03460b80457d06
SHA186ca19ce5d2202926140ccaf6356fccbc35e67c5
SHA2561f96ba7571b55aa0ac8c938686f9d5fafd569b52352a20d7e89b7e51a6ba2780
SHA51211b6c8f73a2f5d524d79039642c84428dc1eb9a3a6c35450fa43ca61277e4e1695a33e3a5d1e5b19c0f2adddd4d0d5b7da9cd7671e192f325378d31654cdbdbe
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD54a2d2bd2e579c327d5895241ff3397cb
SHA1e39bbf720a013f582b60d54751c25adc9d4b2ac6
SHA2569585cb7cfacc5d9c329ac9b7651209d791b5c897a40ecdb669d6b42e4695436e
SHA512fd6a6f1eb46b1aedd55e2177b305ea4bdb5bb0846ddef9536e62dbffd60933e22853e2de151d56a8e10659076866c59c8bfd1b454f3ce70310687009834b4aa8
-
Filesize
153B
MD519415e075cb169dbe4015aeb57fda3f9
SHA10b873a946c361e71792e4e99b620c0c9604c9717
SHA256d2baabb983ae09a211066b0da58a35b0d2581b10a2e41c0d8e8c789f62606c46
SHA512d1890e42b08dd65cb4ebebfa781344d09a23c053125bf5d10d9d23ca157453cb2696469e1f28f588ca4d1112d1e888dfc4b0e7ed1d9b872d5b63212cf9a1bf8a
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD5e4df8bad2d07daa24c5bbd9383587d69
SHA1891e3392ac1cb242311e4d5edbf6b5323971141a
SHA256f0a4e6907d9d96a666a51a6de7ff6714f66211ee91f3a1cfb079967f42c3c321
SHA512e71c2921a34a0e9fd4789167beefd33f12ea3c236c3f513bd3d12fb23ff6136e855ea0274dc9a8af19bdab0a54da46f966afb309c92a776d11b5b600c3699fd3
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD5b3949082c185c82d730fb04c2da1650e
SHA10403ef2b0e3f2823006013550e764343863effdd
SHA256d02983921480dcdb10a8adf59bf47af920fd4dfcc8cfb12ce04e4c0b23656eb8
SHA5128ac9092ac25328d2f0689b135cf4f2aaf37fa23bbd08db69f0db6f3c212fe133c94000123dfa15f2dc4e7880234312c13a1752db2081b1bf1b5643c7b24b891f
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD502b1277dcefb4dce6d4ddc66e6703cc0
SHA1c2dc580f93a6543d100cfed9905e0c6b0caa422f
SHA2568a8517216fb205a46a578c21ce2753350298258904cca296299aa1c445239929
SHA5124650e473dc9f7146925d26212dc2fdfa5d853323027e06516ecdbf5400ecc716bd2b85259acb30c55f607a62dcd6122a8154c8c76838a2ed5ffb8647dddd844e
-
Filesize
109KB
MD514346c3a83f4347a2f78742050ae18cf
SHA1fed27bd29f2fb7182b5ab3952ec2d02ffe897c8f
SHA2561d5da9916638a5a8c3e8ebba1a04ea59f1d559bfef60696c2556a0338edbb191
SHA5123ffc2e2f4aa9976937398a1690212e1d266d6dfccabb81cdb7027a7b69ffbbb3aa1d11ea68e682ef30e0322f3ecc944a20492d01376375db8a7ca41c0543af1c
-
Filesize
172KB
MD54bfd662af53203faaea011e1d7ed0eaf
SHA1dfbfc365c78485f002465bb24980608ecbc7cb59
SHA256dff52bc673339b1c46f14c3890fecc954a53c8919928605b8fbcc71b8b6dd3fb
SHA512b02bf060482cd77ce54b73470c3f8d444d59ea7ac99994a9f943944353da09b2b982a912230272ab858a10983e9e23b6d8754fc18f4be7e27767505ccc863b38
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD5b2b8eb83199d4a2caa261f39556e6372
SHA126480d6c91b8bbd2ac7ce79cbb55c5bd56790519
SHA256d0f3d4be06a44c1a473481093f731ff26486f9a8a19ca88c2d6265ed4c2f9ff9
SHA512671f9bc1e084f67ecc02c50d5a41e180101fd8110760b5f20d6358ef908b099eeffb798fe838dfb9992c7d1c8f7910b2fca4297a4a443fca64723a7a18b89d71
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD5cd43f10f293437ed98b69feed71d30ef
SHA116c84001f49586daab1eb7042bf2c74755c77183
SHA2569c41c70255e2eb65dd4f0f1d7452da3b621b856bd49aa56f6fe0b0a4ea80fe91
SHA512fef0c266717c493c5132e97976d276b3b101000cc0e1a241045e833c5db1ae99fe4b03c3336873d28e18d378efe3c047c27b0d8ddbb9b536bf9725be4343d1e7
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD50bb6bc70fefb5d6ef27e28664b39b1dd
SHA1511f31e41e564f6220b8a332654010bc96c4d5eb
SHA256d244035662ba0c12d001fbf619bdf30ec4569c264b99e9804e02339942a13ebf
SHA51225362f4a6a0fd36aaaa4e779c8fee68b2c114c96e593f2cf2657531de39362d63730c43678582be05cf3d41b0e6901fe6bb23fce52735f66655f0b1c84ce02df
-
Filesize
21KB
MD51aea3f642c016da2ee1876460a3e9ee2
SHA13883b1002656e119cfe1bde248a92f4807021ec5
SHA25691549b3b19840b433ee186bff1d783d0dfed6247d9e7fd006bfb6d20fe687afd
SHA512ef268d88c9a0d5052406c80fe9d742da11ed763c16b4cd034d95f08c3b708958e943fbf5daf55e551117391f3d5305a856cefc9099e8b512b938eb7eb3c7efde
-
Filesize
1KB
MD5b4f347ca3d917e4eb2deff0552871006
SHA194400d159cf4b5e3ab60946044bc716619c9473e
SHA256e83345de35d38c565796d311f9964f4c8aa990d6df350ef073b13aabc9acb247
SHA512629047832cff49a0df759b5a158b46b9f8cca01e3d829e479d3447e52d73ee3ce6780d0d3035a981349d2ad47a06ce3d685915d8c91e7ee2fa3033a1fce13c74
-
Filesize
952B
MD55bd1add6c88d794b9fdb0423554cfbed
SHA158c2c6904c60ba4c1af951be1bbb39276a93414f
SHA2567231df299cc0e0e51d35c9f16b56f7baab3f5dd1fdf33bf7e6b58da190ec2bc3
SHA5122ae19178fa1dc24af651983a3cd51b42d90d908c6432e1584a75ac1e45fa2c849191b0f29e320ddce7f8b1fab6bd85d507f6ba50c1b945eb871937de3d6b0d7e
-
Filesize
121B
MD54c98d6067f0ea2afb5aa2d2554ebeae5
SHA14d30d6ce3d0388ad3fad5ce628d3fc5d0d348790
SHA2565ba2991435a01c91c9356200eae3fc1576a4959469c3ef89f77424f5f1213668
SHA512dd2210e9767de471c838fae34fcd4df6f9040c56ee9517d36dafd2f9d970d8c64c651c147f24da172538b64a70c539f9ec9fa36d084ec2010509f476d5a45b33
-
Filesize
1KB
MD55bf09f327fc24dab153db65a8d9660d0
SHA11c3a90046ee93ce37751539c8408780a6cbae4f8
SHA2567e3aa5473521981ea3b789504f0f3f9e4d31f133d695d554abcfae7fd8a54e4e
SHA512308006c0f2c98d2212b1a0f7fa1f54cabe99fcb1fee5788fe4eb264c05999707214af26c392a282fe6349d6742cfeb1012f33d748f26f1bc769c0ebca622a4e2
-
Filesize
8KB
MD5b7a4e86d4d3b5af014a9931062b1fda2
SHA1dd09d37adf4ff318fa288f1d861eda46e58ef49d
SHA256c9e315d60581a34f751843f4f40cdab959b55f858a823fc8e5ef6a23c45414d0
SHA512ee73d537e91346b95cdd5e4d9deb0f43dcf6ccc9c3adc9d34cf118fbe7d892a38c309bff3159b52d645ba447b93e7df1c8f6eae1819dd361165e2f136fb2a04a
-
Filesize
61B
MD572046d9ce2b319185af8e439624582f6
SHA146fbb2926f66469ae85f39082fb46dc868dbedfb
SHA256fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd
SHA51217724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d
-
Filesize
914B
MD597123fb20e5f5db7522e89280e2031fb
SHA14c2790c7560aeb5e3427c5b4e459d145a49dc532
SHA256cac96b9debef2f2a4854a5cbdbe49cd86c735e811f9641cca1f69e9e8f163efb
SHA5124eec867b66d04112c1de3387ffc1cc0c3a141a90bef62b9b213167caffe841ccd80f412168381b89f06598a3de53e731134ade4261fdb7889add4c4a91761f68
-
Filesize
90B
MD51e58fe067139d8daedac863e447c8a1c
SHA143a5b454098e66624dd40594f12ded5e72f23a19
SHA256567bc11d9b25eb42e749ac9e9e464d69dd32f46667d2b634a8d4d10a546134c0
SHA5126cdd07cb480ef60bb6715cf761dd36dd7caa40302e16e1d0c7d84ed99dea639bf76abcf9467143cce8fa0004ac0c6e34e978efc5f0160406e788abd2d904f30a
-
Filesize
90B
MD55f947aa1b00c0ac790ab8bffd396d774
SHA122cb7b86cd8debbda1af22d3cb32168b7aadcfea
SHA2568038eb14e7ae6e1d1aa02dcbc82dc09211a75b8ade195fd5674032f2742ca22e
SHA512563e0ad27491f3ad576f0d73bb4ef512eafb4ac68f9fc8a83052400f3861274fa1a5cf9eefb75811222dd88a5010a93c447160a869f7b98f37597b986a5e1abc
-
Filesize
328B
MD55f0c6810cb18abcea7fa2a15af609539
SHA15e20bfa4361abba197b373bd65137260945a82c4
SHA256bba5943d2d43d4f86fd0d7ed76df98a22e8c59a8611b9746dfe82da1e57710f5
SHA51251db0355ec128fdc26cb1ab60fa9716f9ad13fd6fce748f10e3e851b13b2cc3a3e43add4537f2da0b0507bc781a96cc2613e513fcb91c6adc3bafd5676c8e451
-
Filesize
1KB
MD5374493175a734a6002e039b7cdf0a47d
SHA1d1e25557284d0927ebd319e66c4f1421e65e09c6
SHA256673d0633074c270236d06d34f395ac7428e9247863771d8f806636be7829e0c6
SHA512b161767f8e82a288849a0542310aea245744d0f6aca2b16b1d5637d8ca460bfcca9901d4309203c1b04014e354cab0e857a8dc3af3cb89eb57fd8705b72b20a4
-
Filesize
162B
MD541d8891ef205059df23a1c1bca86cc04
SHA146c33fbc564326128b94a32660e27160c1017534
SHA2561f54356bfa70c5e1a4dd9b5619344c177525c9b4181c0316b1cf399d40a24a40
SHA512cab5aebbf793954d362102931c7b9449449d24cd83bb3fca5e661869c25ef3e3f4255ab3c4b17ee6923fc48bd60592aae0e1b62fd91898fed7cbeabea0da06e7
-
Filesize
586B
MD52f08b2568a66298575ffd4431e6ebed9
SHA10ac98c6161a65bdae8d8e97acbe44001011fd26d
SHA256f09dc0ee49fe05fccb0f2686be335f79789d97967cac744b0a98daa3af6b201c
SHA5123b15920c176f469138757d55e8f2c6d30c67d777adcf03285e8151f3d3b4ef3bba47d68a9ea49bf793389a2251591e65f76062139fa83c1a5cd67785690a61da
-
Filesize
124B
MD56f7772b6ceff1b2755dad7fe2b935901
SHA114a5e5f50f604705815495e9f952cde126fbd112
SHA256ab084f01511e8a874f0e773cdb39190586972a782cc017c5c1bfcff4498d785b
SHA51242f6dbda86a9465b51a301122b31ae4e123a0242248679ff3defd291ef29735d1997739c59e7f8a9a797d01a3a6d58a8e0d819d034314c0fdaac71ed3bd83453
-
Filesize
8KB
MD5bae97288314db63db12105cda252074f
SHA1ec2552e376bc3187914efcfb35a83335ae8eece3
SHA256db09f45fa9b73da04c3672947765345edce4d18143ef6a0a89b4f271d6a9b093
SHA5126566eac582e95158e75820f4b946ec3b387ac364d37199a20e23877cec602100b06eee859ff3886f4cac78631fe3468fd1eedaff0c98ec2da7077ed8c692abed
-
Filesize
880B
MD5d5411e8121de922a6b709db8fa20a4dd
SHA1ef51cfab054e1ac536bd5c3b8def976785d6feb0
SHA25666a64223e8d987adc7cfcc90f7b678949c9e8414e3cd47e9b5790526dc85c67c
SHA512264368c60b59863c16ef991e506fee8d69839c0bc713d4976e4cc3c1ce372fae64a987e90c3f4e709e1e7116ef5f417fdbc6a5a4a21a8a7b28f795d8480b80f2