Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
03-11-2024 16:38
Behavioral task
behavioral1
Sample
8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe
-
Size
283KB
-
MD5
8c73ee4586554064c95b1aa1c2d753ea
-
SHA1
0d7fb93b497918ddb40966c60506f64884761338
-
SHA256
be8b11c92d36656054634bd0b42f97323804d4dc19d48779635f60267e3779b1
-
SHA512
fe182b7feff2c22cac5470ef24d8908f1a62666000333f494b7b6062e32611e2ceccb63db317a278401ab9a90b45b4a7d64dc74c110eb398a322e18da4138e72
-
SSDEEP
6144:E50K5shpcMMQEhdubxEXwiI1GA0qPmbtE:xqshpcQbxM60Q
Malware Config
Signatures
-
Renames multiple (2200) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\73coU0cSJSUWrCG.exe" 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\prnkm005.inf_amd64_neutral_c03c9e328608873e\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_cmdletbindingattribute.help.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Throw.help.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\brmfcsto.inf_amd64_neutral_2d7208355536945e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wiaca00b.inf_amd64_neutral_1aaa057d3d52ea43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Line_Editing.help.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_For.help.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnkm002.inf_amd64_neutral_7c42808e24ebff99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\Recovery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep00b.inf_amd64_neutral_2e6b718b2b177506\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_providers.help.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote.help.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\iirsp.inf_amd64_neutral_25c14d33af7f54f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-COM-DTC-Setup-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Path_Syntax.help.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\IME\IMEJP10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\WSMT\rras\dlmanifests\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Bluetooth-Config\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnttp.inf_amd64_neutral_18b899bdc8a755fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Quoting_Rules.help.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_aliases.help.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmarn.inf_amd64_neutral_fa693d8797766f49\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmtdk.inf_amd64_neutral_e567adb271831b5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky002.inf_amd64_neutral_525d9740c77e325f\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnrc303.inf_amd64_ja-jp_b0dcc6693f67451a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\acpipmi.inf_amd64_neutral_256ad642985694b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_neutral_423894ded0ba8fdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote.help.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_prompts.help.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\igdlh.inf_amd64_neutral_54a12b57f547d08e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmpsion.inf_amd64_neutral_6e65ea91a16f922a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_jobs.help.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Switch.help.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnrc00b.inf_amd64_neutral_3338d41663aad5fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\termkbd.inf_amd64_neutral_e561157e16aa2357\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\MUI\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scopes.help.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0804\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Windows_PowerShell_ISE.help.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_escape_characters.help.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky002.inf_amd64_neutral_525d9740c77e325f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_neutral_7499a4fac85b39fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\iirsp2.inf_amd64_neutral_9ed65fe0bab06b1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnbr007.inf_amd64_neutral_add2acf1d573aef0\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_neutral_22118b1072f57433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\IME\IMETC10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gjjbddgjlloaddgi.bmp" 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\7-Zip\Lang\eu.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02758U.BMP 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\RSSFeeds.html 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\uz.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdate.cer 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\README.TXT 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STUDIO\THMBNAIL.PNG 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\sm\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR46F.GIF 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\RSSFeeds.html 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR45B.GIF 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382960.JPG 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01242_.GIF 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10219_.GIF 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files\Windows Journal\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\br.gif 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\GREEK.TXT 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\CALENDAR.GIF 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\az.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02201_.GIF 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)redStateIcon.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\8.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\HEADER.GIF 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143754.GIF 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\Servers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\10.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\40.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\sq.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341653.JPG 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_VelvetRose.gif 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\THMBNAIL.PNG 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\DataType\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15132_.GIF 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLN.DOC 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_Off.jpg 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Mail\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\spacebackupiconsmask.bmp 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR46B.GIF 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\x86_microsoft-windows-l2na.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fd3091e54ab7119a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..utilities.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8556ad9654f80779\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..tfmonitor.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3f8f4ab5100ed673\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-pcw_31bf3856ad364e35_6.1.7600.16385_none_0c06880570316dc3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.1.7600.16385_none_dbcd81fadebda0bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_Session_Configurations.help.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\icon.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-p..n-cmdline.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3644e0272d21fdf6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-sysclass_31bf3856ad364e35_6.1.7601.17514_none_f74e76b8cffa65de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnlx00a.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4e455faee55246f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\x86_aspnet_regsql_b03f5f7f11d50a3a_6.1.7600.16385_none_2461659e78807255\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-takeown.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0d1dcd4f636311e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Controls.Ribbon\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..ginworker.resources_31bf3856ad364e35_6.1.7600.16385_es-es_adfde4e259dba0cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-shdocvw.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c63a861166e5ad51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..quota-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6cf749941960d06f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0a96c93d360af1ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-r..lelevated.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5acae4bdd4a85c2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-usermodensi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3c276c4c4126c7ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_6.1.7600.16385_en-us_28376affe6d50544\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked_black_moon-waxing-gibbous.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-f..mutilityntfslibrary_31bf3856ad364e35_6.1.7601.17514_none_5ce9bd3c0a8cb522\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-memories_31bf3856ad364e35_6.1.7600.16385_none_51190840a935f980\Notes_content-background.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnrc00b.inf_31bf3856ad364e35_6.1.7600.16385_none_3a88c62811ffe8cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-0000044e_31bf3856ad364e35_6.1.7601.17514_none_66cbee44a06557b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0e83b619ada3e7ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ab26c700600ca015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..cationcompatibility_31bf3856ad364e35_6.1.7600.16385_none_8ea960f4e5c9adc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnkm003.inf_31bf3856ad364e35_6.1.7600.16385_none_50766fcc42797a9b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_scripts.help.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a56cb41c8b19254a\erofflps.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..-autoplay.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1586bb28001d59f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\inf\SMSvcHost 4.0.0.0\0013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20284_31bf3856ad364e35_6.1.7600.16385_none_b0f99b2efe169557\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..t-package.resources_31bf3856ad364e35_6.1.7600.16385_it-it_041d3a563d2e2e00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_server-help-chm.mmc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_47a312d7a4753a0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-p..l-message.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a6812bc1115156b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_operators.help.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-diskraid.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4d28343009ce7c3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-nshhttp.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ebf4640b630bad9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\inf\SMSvcHost 3.0.0.0\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..homegroup.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e09c57750c431b94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..clientext.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94e9d41c0c769e83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..-multboot.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e593ee7f79d69741\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..ponents-mdac-msdatl_31bf3856ad364e35_6.1.7600.16385_none_420a021325513b63\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b\usertile19.bmp 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_beb1ea48766179a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..vider-dll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_54da02d7d131de5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_hid-user.resources_31bf3856ad364e35_6.1.7600.16385_de-de_18a6abaa160568df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0accb12490597570\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wlanpref.resources_31bf3856ad364e35_6.1.7600.16385_en-us_50c0df8c012149f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..xe-common.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b782d21ffce64151\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ie-feedsbs.resources_31bf3856ad364e35_8.0.7600.16385_en-us_bf29277a68e95bfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-taskmgr.resources_31bf3856ad364e35_6.1.7600.16385_es-es_329c60dd78eb1cc6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_megasas.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6a9f7adfa0d9a71a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-dataclen.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_480cf801f40020fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-dns-license_31bf3856ad364e35_6.1.7600.16385_none_d2be1fbf49aa63fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..onal-keyboard-kbdcr_31bf3856ad364e35_6.1.7600.16385_none_dd0b06d967bdf233\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_input.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7d6001acd68e038f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.1.7600.16385_none_68192a650bfba522\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..chxreadingstringime_31bf3856ad364e35_6.1.7600.16385_none_6baa41720aa2b58a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-kernel32.resources_31bf3856ad364e35_6.1.7600.16385_it-it_300f28a13d812fbe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MKNSZGTTFCJOYYL\shell\open\command 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MKNSZGTTFCJOYYL\shell\open 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MKNSZGTTFCJOYYL 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MKNSZGTTFCJOYYL\ = "CRYPTED!" 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MKNSZGTTFCJOYYL\DefaultIcon 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MKNSZGTTFCJOYYL\shell 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MKNSZGTTFCJOYYL\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\73coU0cSJSUWrCG.exe" 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "MKNSZGTTFCJOYYL" 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MKNSZGTTFCJOYYL\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\73coU0cSJSUWrCG.exe,0" 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1728
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
293B
MD560277db100481af312f3670fd71f4d58
SHA109c6f55a3fe02e77aea75097a7a064dacbbf2bf4
SHA256572c1cea36f80444c6d9d692910f47ff272c34e87d4a0c9b8d23594c40771940
SHA512f27de3f4521431f718b08e56be43d7d2b98783dade7b674b90090e339f6d5f15a103478abe5b84e2add2995952534508c411dcfd32cb93b599aec3a0147febaf
-
Filesize
341B
MD558600864ef3b9b154e3911d1d91cee4d
SHA1778b8a71a91532bae250616ea64a64a6873ff69a
SHA256655d12d412a2798a98b2a0462a7139d705fd07634edab5b7bead24a131e0ee8d
SHA512112a6a6b5238891eeaea083daf2c9568ecb255f88fb862b955719dacdc4ac1e07516c880d168e25195c191f7bca4cd1ce2951a0b499510360e2a582f6a9d2871
-
Filesize
222B
MD5e8cf19ed9874e7eed0379a6253cb9596
SHA1c53ff1d2c89040c1fb8cc8aa1e8351366e43f574
SHA25686e1a411fbee93a232cf0273c1f114f77c997a05654744784e24ac54f1129904
SHA512c15ca2ebd5272c3e310acaa9d537e947ca088473e4d7988d27efc3f5fbffcc25bb32383457ef64c4169453253868a195ebade626e20b3e45865133ec9aeab061
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD5263904b467e2249766c85a0c6f9370ed
SHA1e6a25e77e9c2de6028a8bcdfee59008a5bd5ffc5
SHA256afd05f532d8853191963869b211396ba9a13161b3db9b14f68a01da6a827fecc
SHA5120d2098c11bf44a453c051037feedac1c1805c53c43eebdcab043c9b4d6bff0c033fe7bcf4b8897852efd191cb23404dd59b4d033ba3e0370ff92d905c0004758
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD54e5aed59193cddbf3896d6cb8d66b947
SHA1bd7ea85ca2682cacca140bdd9598f7bde5ff63ba
SHA256c267dd05428f4b3e86b3621234c106cbc9b472517c8d393f153b515918d07f19
SHA5129881a336fed0c64c9be6f121566fa0123f3f1a8faa1c41d9c291b589794775fe390ae64ff3b411d43a344e0e4d36b995b51a0e3d9ee3caabe1357bf8900e9517
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD53364bdf90308369c03c6b75a78880dc6
SHA15e6b4de94a4c231c3ddd5ee35ec8c0be2d52f8a3
SHA256d6274aed03279897f6777d6acdb82a9b72ea0ee5f0e4539df8806a979bdb6be9
SHA512709d255f30bb4929bb3be69a00cc9345877f194a4dafa80eab2ec1d02f81ddd051002de0065be3439a5860119935d07ed8b0acedc043423c14ad688969b238ab
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5fbf29c38b715554916b67a5563f61f07
SHA1412968c4a1ebed4a4ad2a20ad58eb8cb0a56d3d9
SHA2565ffbed4311e33a2c842b5b8a3cb9a73146b7a625fd3af60bd7d44d357a8c0b8b
SHA5124b4e9df79bc6fd7f048afa706b287626fae764ab42045d758032fac9deff41b60eaeff1c7eee52f4fa7b100d461899712a42f72051fec742688641a65ac09b69
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD5172aca298286d7a1f190674a11151cda
SHA1803c68f52634456a5466c0f53d857764577661c7
SHA2566aa9f62e750f162ab7cd792f355d9e22416ec5754645a34cf1a9f217f83bcafb
SHA5121fb738cf1dd111562fea60d48f677c009c5e1dc32b6f190e5c3273085bc1c777afd33926813b18afaa291c230d1690a4a49cf541378a4d09da00ea5ce462fdaa
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD5ca8b2b14f710ba2188a85db9cc755f41
SHA1a95f9f41c4d4ee5b5e5542bfd7230d935d9df62d
SHA256d171060b4b382ab2f1220b7e089e2a72bd1ba9424464ac6e218c53425bf94de7
SHA5129e36b9aa424bb825e433b577ea5eb765e619f90ee8b165ecff477747a6258e11cc1def8ab7e05eb8be08d35dd2f4408a1feea084a4328fb28bedae3c005d2293
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD58b29a9930ff1bfc3cdb3f0d83b5da1ee
SHA124e2959b3888852eb0e0735186604bea1b222d40
SHA2561cdbf37fc803fa33a54e0ad9ee41fbf00572cebbff70f5a051079b7973f1d0fd
SHA51257373cca9e6c5e9c412fc4965080c544c594c7187ad9e16d4c4a342db181021d7af14afb9515484e5724d5a6e36a44eb986dbf7c65814fb0ccb7bdcdfbb10e16
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD5a1e1f68eaee5f34483fc32b708aa0ce2
SHA1234cc516d87374042b9672462db2de69bf56665d
SHA256e6a77c09abb9e1e512fd822b4bf50c297d2f919ef7c82c9bfe87deaf3d6042a4
SHA5122dba8909372234a4cfef6c5fc8842d18f0f67ef1cc4eb2f58ebeabc1603fc7e30a71ae5c72c99d9eb7b0a97637b42dc7128323b9a22d4370bac057789915ad5b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD569f6d03b0eb331b2a882cc5483ec7918
SHA1fb2ce06d12a7a2bccc578f64035470920109e17a
SHA25695562033ccae651f6c9682562d8b52405cb8722ba9902c089b424a01927df9a5
SHA5127c073d2e51765dba8cbdf431659f58093db0e3090d3d388e83624f40653054a6f12a3901e0fd0d924bbe6c9069f1e67ef981b3ec930237b9427c3449d026da89
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD54b051722b3bbb5fa5314ba2d5668efb8
SHA1c68ee7f2c7297d0b76cd9ed9d4472d71d716778b
SHA256fff551b577d5b3683dd58ee56672f01972659000f5de21ae62e1b8cf46d35c3d
SHA512b61599386514d383ba17c14644e2730ade1ad033affdb44dfb4ecb1b1e7392196f4cad125ee5efb120d857496cb00d6640b9ef311a6a35277a51e30c750b30ab
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD541c7cae89da6a7fe5f95d91b456a2dcd
SHA13e7bad1774130c035826d9fad063c82e819b91f5
SHA2561ad82fc53e3debfe44c267972d0172a3f19e103474c11d7474953d5047ef173b
SHA512c68e3956b5e7a08d411487652cb27dc2ddb88538c6236b9997c0e301ebd5900d088db9ed45286d6d77206eb1c0b8c2d5341fd5782ee624b3694bc252fcdbd04e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD565df7172d237235c3bb4d41cb5afa76b
SHA123111c0617b506f3d9247e01df01e4e69cbb2b3e
SHA25666e2c8d869fd8e5d23eb73a3f8074d48b8505ac1723e66c7680fc320b847270d
SHA51277b621a405ec5a001c6422248518f10dc7248bf24874beb71205ce28bc5b60a41b566ba359117c4efe086996297bf4fb27b0c4ea939d4b095a190ec7c1dec401
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD5edb622e47b4ef95ca45b6a55b6f8660a
SHA1d6c36626167c31507bcaeb20e3d02b87e4e0dbdc
SHA2569582afcd3d3dd7adae49fb2ea1ae5186ca0cffa6b1c735e00f1a02860a76d9de
SHA512441d2ee49e97901e1ca8a0ae76ed2692db5eac790089c9be856f2164537b1449443672711d79de620eecb0a5ae18aaadd9d803e6fea7805bbf8a5d6cfd7ec844
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD526c74a0278cd39d7abb199426632775e
SHA175f652b6dbcc27e2b2943797ff8c4eabd937ff66
SHA256886c378186c55c753875f5498aca933bdb248e19053b45f7ccba58a1fb348b8d
SHA512469af6b24ea272911922b0b0104982cd830ed957dfcf5f9bdbf8c516a76c8a1784988ee5a6904e4b80b7738da2b51ca68989fd3e6dd4812368912ba8d56e009c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD5f2813309c3928b4e59a8af1f395424c2
SHA1d76f9802b368e5871f10f7a20de1c3390cfbe8d6
SHA256ca502cd9dc8c1c1b2609758fbbd3cfd14bc886dcbaa828a0283f8c51f2928de2
SHA5127c354ec1f2efa8fa61556f53f93cd8caa683e7cfced198c2c67a6bae154fe75381493291a034df554ba58f3a4fad2a8b7503d31be48a2c67548297f6772c5ee1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD5cf8d7859ca86f18d1dac391ae803c380
SHA18c384d9d9b5d7e0af3ab51e767aa26f1ad950bb2
SHA2560896b4f5d6a98f166b6d3d5d365fdc8187d21fb77b90831faf05f1f4bacf5b40
SHA512c3b78d82007e6852bc48ab0867d2a0be265ab42907036848cd41e839665a8f7015c2f534b80b66c310af5241bc50ff29f34fe0fbfb704bbb8cb72d027ae07ab6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD556af8ecfa42c58bafe84527ca7ba6e90
SHA1540434acd7f3bfce236f3395bed7fda87e0ede77
SHA256d30decdf49ff20de48d12800ccb13e5257f9d18d9470656a0ec0cc39611ba0de
SHA512cb9246ab55ce25598ec5ff2da0572ffc3e1d4e270d99be0d9d05c2545dd577f378f4c23fe759100ff8125136754db24d12eb2ab3f6501eaf197fe47578b2c554
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD5180b68bb426cf1dd324592375319107a
SHA19464f2e742aee7e1ccd7711a92a6ae0323bf3853
SHA2561a0b8837608a6e2141749f5c9db5f650369280c658890c009b1242a02c6364b2
SHA51222a8bb4b296b877156ea2447d0b3ad6a2f03a468becc3af096b939ddf2eae430694bedb7b71526cf59f29aaa42610e68ed1c569c14fb548cbe7f487407cfcef3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD5527ecb60aa4e676a7754753464d70cf3
SHA198e2f5b777570cddd52f13c0f865f0d892c53c54
SHA2562f555209f64f1119ea89c8a258cc507ca5c5d196d6e4f2e41f9005723a102e4a
SHA512fdfa89e0e50f03471f45c1e4f80781d2b4c46eccf6627c813f922535d77a1c271e7fcf9b3f56016bcff744bd309d7545abf5ab98a610d5d2204cff6acaf87707
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5d9c9048fdb05efc7612d3ca3b173eb8c
SHA1ab4265481d7c7de811665c9d5f767cb18d39ad46
SHA256a161b41116a30ce71e87b6fff76c926e489aee85740292e7d0e1ed6a02f44bf1
SHA5128fef630eda640b1b6dd98409c3621b33c34fefc11ece950209d48280790dddd8f7adfb17df367e8e7aef22f4eb73ab277803756564076b4692a7bd93610954f8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD56579d3ee07a991ebfc1f52ea31f6a668
SHA1485daefedef0d46603d94318666b1b0b7cc499e5
SHA2567d5dca22878190d8adb5006d821746285ed2685dca589b8549431aac9adb5e84
SHA512f5ad00d9790776a1f75608c0b12b51a285715b85e0fee42386f2d3e5c0339e06c390e8961bc358a9c6b299527bb542b66147c0cd900c44e6d451235bfd55a40b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD5cbf276ecf1f66803ea337b48a4629033
SHA1337136d21211e92c003551122fa740f7701d0b25
SHA256dbf7ee587d06f66d1b6367d27b0bdce74f14f1e8038add320f56a7017c978c68
SHA5121868e7895b18b67d592d03e02f49c4b5f06280c5c0bb895a1d90dbf4b5360cba834b8d65e518ab30da898d0bbc8665d1ff18376ce0c376ada3669393458e326c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD5c1faf6fa724942fb06a147145a204d17
SHA1a2f293c748e4e96bb48b255f92150344201866c7
SHA256f54388d0c13b3c583184c4871c97b55c3f0924367d6e473333e8a57348c81cfb
SHA5128809645db56957d55c994c156a657298dca46521593957bf536c0e7bf48d38d56e7a8df4eb9aa9ad11814ccc5799e2f0b9cd974ac26cfb6ad9e5c5a662302481
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD5f3529d782567e67b7dde5dfd7e39332c
SHA1fac7bc80b5afedabc9f76979d917478c96cf32b0
SHA256fa43ae09c4ad89da2a047e3542a250ed889b0ac88850e68a6d49f5d78549453b
SHA512e76ab8dcbde6fefd22f799c4bb4a7ab5d272c499f9cda5239a82b3415dc880ee5dfeb2b2d91e231c3cc453e665afb763c4bbe991aa38112b2487f1a68a3588ec
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD51739647155c3b699a64c7b0a248a2053
SHA19139a9d9b571cb6f2f44fe47cf214f283f862607
SHA256db134273718eede47c331e635af0f0e077b4e0bb2e82f93a4a19f0f010eeb3ed
SHA51264fbb9376de638d0e6a95a72ec03273c1c924c477f3abe92b0269dfa24cdce047ec13982e7b62d79055c948d895d8a4faed45d4c23efad6b30b27b0996fcb7a3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD59211bd0c024cece2d336a88d186deaf4
SHA1e43606c9cf696d546c753ffe93b5de6eb7b6bc2b
SHA256032c740a6ab59b2351a033e6ad05c04faab7287aba785cd6498466fba8979b87
SHA512a1a673482c08502c6c354f66c2225c433f17df1b22ebae45ffa70e77256163a419df7f7fe3ec81ad9521a5607712fde2f92e4db839d8b08199651c7beefb6dd1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD50f3b8e729c1437a4b08005b73765c473
SHA1024cfe86d7dd9b4a508155109641ca25d43da76e
SHA2568a2799f6b91a8b4ec93ea168580e37486bd038dea01471abf810d683820726a1
SHA51270faadcc0a78de30a46fbce16d0542d8d5e76b19736bea7d2e584f1f0bcb4af6c00aa87f098023027496442c0cdf96044b192f5502a4cf9dc5aa80cddafbfa96
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD5254d9449541a156fc85636bc38026a4c
SHA1625df54469a445663866c3270d4d7e1a11a2b8cb
SHA2562b52c75ea29f1b5dd9ac1b002af97cda772210d7e04e5e19edb680f48fa36543
SHA5120c93842a51fa26b60fda36ae06090d071aa7f73260748f57504c6f8c18a0e6ef0329b100dec2666284d7083743b4e6523061eb7d3e28d3ea06319171f4e7aa44
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD51c74a23ef28d3ba7f4fabaf507be7f2b
SHA18bd03a817bb8818ea2c29cbe0e00ba01fdb629d3
SHA25684ccbe8257c1871da6878509ee2c2b6a67595cc0a795eceb4f9db6f66ace0615
SHA512e5eacf492d48ad06a9a465303a73d8262ae167d08c5538db09654946ba4e28a984d17c011d82934b109810da5e67f1cc289b734cb5d79b4afef793db96520495
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD5a0db9f5d4b86abf1d129716386f246d8
SHA1e53997e5218fd4ec6aea3c5d54f35f05f6ae7aa7
SHA256cc8eccc419399238fb70e3a2e5f469f839d2bec8fdb706beaa71e1aaa8c6945d
SHA5127161b59f1b4ed962685180e383e196397ace0c4714f18d134b3ee401ffe3280a0cdf5943b327d17ea7070ace296025a9e72072267946e4fbd228c9e73ce23729
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD558c1b2d5e653fd9e528fbd86288277e0
SHA12e35774c90b5698b43efca1974e10d1b88a454c4
SHA256575d0f946da7681c130b5fb6d05a76958a1a77ff3b2e37f30f07feceee5c040b
SHA5120b197d781835d79314cc4c88420185af828cff0ba9234207937ab3531fbd4fc315cb1da93e030d5efbd555c7c60917c7d6154cc03963e787aba17ee820e35e70
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD593c443fd3d8c8f5ac0e53b0f7f616550
SHA12431335f99e982121516e5366fc4daf9c8e47e2f
SHA256a1292dfd2b09423613b6a4dd5cd5321791d7ee649ca047ff76bd138909afa537
SHA512a754d261475e054bd2a11abd93acc1129a186020e90b0a4a25f29c785567fa9617f42ee9af8d9919cba152218886c872096a94b6f4324663f00284af1559375d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD53233d89b96378839ea1a4b8800ff3597
SHA1c87e9447b0a87c4316598001f7089c880bb6a19d
SHA25697025b9ab34e8f1921395ce0e528db94a20784882f22f6299647ad1ad7a781f2
SHA51208ba18c356e22528ac9fece3706234beba65de2ca0b16be2d5594cd60230c9a0c971ebe4ea0e113d757959843cf607fd2654697bb88171e2ef6d94e4ee68746f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif.EnCiPhErEd
Filesize815B
MD5f2e47cf2483f4fd747ac9de9129232e1
SHA1047166f15367f7627a74b3b938a87473c3883588
SHA256c960845bf46c7ef3e77d4e3c032e76a329fe13a591921629ba43d49760bf4457
SHA5126d8bcc104c36f53b30b1e6ec756e88a8bfaf7413d0ad1689fa4ed9e4981c894dd0c0a54b1b29350a07879690c0374aedf1a38a2197c83a498536c2f3e85bbb59
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD541d44ba9219f9ac1ced78ffcf59f6fe6
SHA194dce2b662c167377f73894c0bc7db2a9d164b39
SHA25607edc5ff620b2757c99a8d6a603da14a1adc64e869857ae3f18298a2f2f47b9f
SHA512d77d6be9a559ae9babae219fe9baf792b9fc96da20fc4cf8e44e7db9b3cb143797ed12e75d0320dfb3b51666b6a7927d12ae754f31deab4917a7b6402bf4e72c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD547774d7ccda9d9d07e70847893f3e9f7
SHA14c246c8d890f18a51e14066233e1de066378ac60
SHA2566bc9bc2ddfe75a8b233b51857c2ac9b3dc6d75a6374264b32ec99a97abf12439
SHA512498f7b2265b4988be74a2272b08f30bed21aa001c68f7cb010e630bbf29ccebe010f1f4e222014fc5117dbf860249134f625818d85f2a84fa65093788d6ec4ae
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD559346b1e7db2876646171847b4727cfe
SHA1fdecc3056e99e47dc20a2c5b571c032bfaca7f9c
SHA2565dfc3b4e47fceb80d2ffeb631895a07d5fb895c4764c68dca3d4e60225a2f1d2
SHA512b787328cfeb68434424b8b4bc710b6d1a584362e145712701a86ddad079e6aa76d2e8b8be8f5137f9aafd7473b67922990704f995c747a4ecdfb5dc9ed2066b8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD5a9404e6c79e71d9222ff94c2b837c648
SHA1cb90227140aaf3b76443cc6a59c505f62a5278eb
SHA25629cc5fa26a4e1e084394288764ff65853d544dc45b9b6082ccfa6c3ac62229bd
SHA5121849b0253c133f77f1726cc39a2c372f8cefff86e65964c71498a23f3e762e59048f5501ccabf556933507edc478d239e2f5b404f76e4f294c51d6a51628203e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD53c74458fac005591e3702156fac881c1
SHA16df1201c4d7bbe9be803b762c34ecd44cb9bf38d
SHA256d2233deaf44b1cee8404d17ddfbe4529c25de559e827ff587dbb61b016495858
SHA51258bf0f4f1cd905ec85082ba3f598fb8d3cf091f9f9dafc93a7847de1c1161b769ac64c18b1a5a0fd63ae0b1f1b6f61da00b31f2ce20300b5cd550ad834903411
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD50473e638cea794079cae2df5df1c56d1
SHA11125cd78dfeab29760ec4470a2e2202b7724c32c
SHA256127bdf8ec7e6770e9653e33fc70550641b32fe6122438527b2c9c8732eab5401
SHA5127cd1a3a83464806c06b13eb7b8e190196ff4479e1b839f231c5f2679bbc113501be7cfc2a5eac16be0e85e8b5c85f10aff0a7b75d2049fd892a0857a77271bce
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD5e5d84893a0e57af74fc574a214c3ada7
SHA1421402001c936b992d05db061789966ed0cc98aa
SHA256b20fbb25210f1521661781f63b53ad8484c7363e199881e91ee034322aede93a
SHA512c1af33cab4c20600334858b36c4afe418cbdada301410c843134677254314f3b32fa189937165bc2ec5fbaac72f0b47d2778e2ff8ef3e75882214f724143a5be
-
Filesize
580B
MD5c3842d62d0a6314ee0e3b88d99577623
SHA114179827fd6a8c169d8434aa9d99e64a0a296e38
SHA256f5f38d15c85eba007fa51ebf6e02e71392bcfed119ad66706b470f9543334c1b
SHA512a56437a438a52ccb69d93f88f31d6f8536574edbe94dc4e0b19a27b84cdb2266b8ef843825c80b018261c6dc3f6c30056b59b3418cc488b13bfa926e6306c621
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD520f753edd2017016fed55fd7207e3066
SHA165c273cffbfe99c7c03ecebf161633adddf40fe8
SHA256959c1cf0b273fbaeface555a7bebb8adcc79d94084d88d6ae16dfd8022ee2279
SHA51229cf1724b32dd99f7655013b6838c51a62a36204903bf23f36855ff0d7d9964148469541524e04feed7ad97299d7fd1a395364d6462625e169e231a2ff3e975e
-
Filesize
625B
MD5babecba6c86b149d8b591af9cda6af1e
SHA16bb19adf646911c267631221a8064670239db7e7
SHA256bc81dd329c39fb4c94f82336b8a35c5cda916fe312779444ae4fc4a9d88a1cd7
SHA512dcf8a3e564f9bd39bb7cb3bb70b4cdb866fdd4cf85a77a57b20553b49e1c75502ab85e2ee2e6d810c9c865d27104b0b87f53d1ff608956eb78adf7f75c295695
-
Filesize
873B
MD5635b6e3b6f6e92d0eda74f352358f2f1
SHA1beb9e51175e1dbb5f8fd603a45eae3b015744dce
SHA256c1a1ace139de1612fefe65c999e3688b03676cf45aa62f2ddae80b5872d75b2f
SHA5126e092c48995bb6d3a7d6ee084c9758a34353fe4415bfa9738f9f0459e912aca8105100f9c31f594356e386fd3fce0d6a303a05616264e430cfc472262673b57f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD594aa46c52d13596c49b02c066d9ccd78
SHA13ed02bc786dd45588285403da4ad1a7379e55f9d
SHA25608367d6ac9a82ea71f7d4c1d4be0171e39e6710d93ff330c6bbee562a96214a3
SHA512b8a96b5f37fe1373f6fafb2606d235ebf7ec224695330df5fcecf59fc3d54302170ffead894ee99e54341cdb93f19dfac38f0b1059f262d00a43960b69a2a615
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD5f949b35fe5232f11d3d07b178bc11980
SHA153c25ee9ef6d06b5abef0d02beb45f02fa6b6af3
SHA256a6bac58ba3fac176301c94371240985ac7f5878f52c5f940d6c0d80d6ca33939
SHA512acd1b88188300ebd41690817e4fb85ac42eb6f1b73ea987db454bd5eac93f06e0bbe409b8759ea65cbe32abc940a3787e22e44a351b88edf0398559038c04581
-
Filesize
615B
MD5320f324294d92bbe420cbbe0aa77f561
SHA18c481566efe661cd93001d14fb2f9e0f0e4a43f2
SHA2566d04e2f6782b1053211192f5f4f77716a1e20a951d081130faeab6027588526e
SHA512e5a7d198ddf64e6d2e1a87bd1d5939a0759eb258070390186d664c84e3e1e8b57892c295df2b0cb55c4596b7613a50f37df20d45493cdc37de271355bb2b97ac
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD50554dc898d9f389fa66cffd89dfdc172
SHA1bbc0a676da08c540f7b18a7ceb3f5c0c028c3944
SHA256f71f6eaff6fbf79e9dfde982583619c5a5e75f6bae0d2521fcc9c7db47482d02
SHA51215bb3f69b9c7a7cdad77baef607a7c7cdf4ba10cc92e2774fc9e895d9637e70a1ad2a616aecd31bc7150c6ee970a88b9693947c819e6a51a34947bc52ca0717f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD5600630d8e97fc546ed202607e15c34be
SHA1be70f2282c9664220b3aff06f587e429c1979a60
SHA256c58158b67dd871c3b5005caaca98e04357272bf0296ae2bf7e1d44cf2c6fb285
SHA5129253bf2a69a41420b236837daf8ee6058808bc8af25039f67387d998c191de4a0032fde5753912a161209fb50aa1198b5b3bd1194cfc4359d31a7c7a7be2f2de
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD5760a1de4f630b240e5cd2e8e1a35e919
SHA1aeb6af18135e3d3693161c5ef9311a1ece90ad89
SHA256fdc8a8a16e97ecb9bb01409a0808fc4de220ce6ea67c5144f3bb8dc1c4168e8f
SHA5122c3fbf402be39301fd787d5efedf9e73fb32f34c50dfb91e37cdf38383e580be3671d9144334cea2e24ce99eb358e7a051bb532b2fae2ca60a841e9d88ff1c7f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD558f77d0d531cec77c398bd4e39d06d14
SHA1eb4beb2a789e5beca8716b672f6b9a37f469f0d3
SHA25673e3e0d751bccbbeaf8bd0bd9655de14421e0d31f962d688b5761cb50bbe816d
SHA512fcfc5a5b9125dd6a35f542106ab79f0b8f44e52fb98cb491507aab67e25584487b087d752447204238109c814439547a2469854475def7186798a2f521d59043
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD5ddc115d3e21a34f194cd8464def0f23a
SHA18cfc66d44d31f42f342a243a306e3ee27b4a069a
SHA256038d0d19167755076a3ee52a69cc7c37f8e06439c976a124ff030c266d52991b
SHA512f6f813f5593e4fddc38a5ae1ad54c77ce678465c6af74afc5499e4c62945a9a2fae336eb31eb4117d054b319bc262f680ab8ae3f68446b81030e73f6052050b9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD5ae20934530518f08ca74c84bd3ffd0bd
SHA123dc23c945e4d2e493b82a182321ea51c0778954
SHA256a98baed4e30f117dc5cb3b1597c15130504f2ea9b393aa58e77905386528c3d5
SHA512661ababcb7fdebc5e7b8cb1634ad239ebc7bff4f717bffcd84a7e67078b61d9fc1de1f8b21177729c556e2de4fbd4662a8991a5749719df797f116c7b8b38414
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD500a86bddb59e2943c979c5e83be81f43
SHA1989610c80b76a0d2c2712cdb1641f91bd6e79020
SHA256995443fa6b96a274a100c52e1ea3c20dcc37b57841f3dfbc8466125283c7eef8
SHA512a04efaf2046bef780a98c0fc38304f6728edb91754ff94741730b7b9454c7dd9f5c850127f04ba5c54f2326ccf28b8ab512070bbb9912a541dd9902cf2ab7291
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD52bf94efec46772a85e6363408d0803f3
SHA1e569d1e7ae023a20861a4f8a8c06832a4890e777
SHA2569775b3bdcfe8d4f2cbd2f0adeaf604822eb84d18b23825c9f3097630d20fcd54
SHA512be0f3fdd72636edbcb1a87a53a993e1608fa0415bb644f299040ae0bb6ce8df4cd7efae423877f3006e420adac5c8852b148ee5dbc29cbd015c7aac2c2473655
-
Filesize
153B
MD5b68febab9e4bd956943b37073c81cee5
SHA10bc53c3915474f8b5a663d83c2d45d41ee795b11
SHA25614c920003653fddf1d9380b4c88e06bf4fe110583fcf7d1acc152a453e21572b
SHA5122282c9da7151a1d439432ab82683533113514da3152480b769ed0773098991730cca0626f61b53c2069df89d58d4679b8e18da416d26c2f76c1043360dca9b2d
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD5d11ffa89bc6c122ee03392d48ef2b89b
SHA1e4d0568e6e616663b279e105f8b025df2c7cadcb
SHA25660d74e670b1309c4e79046b9c8b3a7ca0ed3d1ad73152146d1b922bcc5446acf
SHA5122fe8e5ab40bd1584a2d75db745c2b8821f7efcc47e687c5c412da5b87cbc2a9c54a8416470d22890951235fe7bf2caa557f06c6c8bbf3bb9d3385e0a9eca8ad1
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD5135ffac24d7a81b627a675aeed5d2c4e
SHA1fde476bb57d854b769974c07af9d603ec2c9df10
SHA2560fb9988f554af3ab1b01e5a271daea4e4952ff31a6562c34e2b43bdc36e94335
SHA512e5de1e20ecd8e762b09cc9da88a32dcf767a6e3cc16edb4b3d0fd01404b8e40c6ba87c9114a5c5b096d9e5e1b094b4a1a8418491403760fd6c623cd55a558a7e
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD5effbe87ec46ca5f5a6c559ee21f467a6
SHA1c03c5780d53fd1433edf27249f7f22c8630a5540
SHA2567e7d8874cc202a16c247fde2cb6eec0dc6fddad891be506f86c343329e060076
SHA51290f0dbfdcf67d79c81d19cae160f8e5966b1cdd70c4be7007354ce1d528257481fef0275b634f8a787905bd1fff34efb3262ca61944b35a2d9c5552be94d7907
-
Filesize
109KB
MD5de752078fb66de16b37e67d8cc38a920
SHA1485ece3f8de1f1ede360b3f9bf911dfb278f5c37
SHA25667b1330c9857c57f9ae288cad594e67397f4c0a1dbaf59231f5c0b9e098c354b
SHA512b98d33b162aee367cfb9d301e8b793aba82a3e97aec1281a7b5e6ad5f5c62085c1783787d11e6cb55cfa666fc0256ce72d906e3486748e35e8d9257589b2816a
-
Filesize
172KB
MD57f1e6c6efcd80f7a4fbd142a21664084
SHA1bfb2c607ca6f8684791c0758fd56f030fca7a1ec
SHA25669d72368a1a4371df8e9d1098397486cb7a9d4138bdfa4144804e078a2c24b96
SHA512bc6c305e8852a2b78e408bd96072b7bb8d9885af713ddaa4b811a0d23d99d146bcc95d6a45e82f56d1a53939f58bcd05869b06210a16697b625d21dbab477e8a
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD5a41f628d9d6da6a53e539610f46cb3f6
SHA130f4831041e64c4701f55b8b4650d86a4126c95f
SHA25686cf40986740234a7f5cd3030298104f46e20fd6095f027f926f7ef440c25efa
SHA5123e4d44654551271ea9b225544654245f00c837c61c948477b8fa95452bc3afe32363980c0e2536562850581bc390ba722b7499500d1f2053942529e15f93a3f6
-
Filesize
49B
MD5dcc1d186aa456a2335d33b84cd87251d
SHA1e6d163d73473acc29ec99e6470172ea560513577
SHA2561565b2e8a456d7ff3c8b884ed5afa279c07d44e9e0583431e8f221dd5b40b9b8
SHA512cff1713e7e99acb73dcd10d057ed6fefddbe216288fc889e05ca9007f52e98108295466ab75bc9876c0c42f0041b865b62a114a9ccd0b6cbca3dee024c598acd
-
Filesize
21KB
MD588a6a46f377008fb4d4453a55d537471
SHA1a2cf7bc9eff17e327c201a8cdc4fb7032c1430a1
SHA256ab56d415c400a00861ee3527d4555e0e2c86ae2a0e44eab8a2ecf2c3e532e0f3
SHA51214a0c9c44cd820728e43ef5cdd185b51f4fdfb2d277046d88ed5964cafd935c905164ccc181cc8f7503689fa4b000d6dd2d28e8b82d0c3e7afed07b9760ed6f4
-
Filesize
1KB
MD5435c56764fafc1712233b1e66dad95fb
SHA18940014be8dc962f0d8065acf58b21206f2b186e
SHA256607bef64757e6e454bde42ade1be6e10352214f3fbe46ebaf5066e553636e3e0
SHA512de39ffce06951a8cdca40e0f20ab90ee08fda65806c76f676a429a122fac2fe18302b364cb2d494650def8aab7d09dd0946a9def0d379e7ca2dfa89dfe6f4970
-
Filesize
952B
MD597b15236e4a6ea6a294341682939bc6d
SHA1b163d8ab97fb6cbe0b2ba14a5b3cc4d87d0c834a
SHA2568773d466a2a89de8b32c9acfac351d93d854386cd06beb40d79942334e62fca2
SHA512ba84ad0a8a5367ca8358911903eb749ccd3b4ed914ce261227aa9c35d6575d2fc1325c7e02521e8b37f4f5a7d0d6aaa0dcdfd00eb103f1a24d22620e7180d3fd
-
Filesize
121B
MD55d88d6bb58a3b8409703c72fe1d2edc8
SHA120c4ed0f90a3e313ae70381e64e9bda161ebb8d7
SHA256c067c1dddc033a39e15a76785e31e9c36ed75906af1d197387fed8d654a5cb5a
SHA512a858fb940584a1dc0ef0814f1b25706580b6be4cf022a2ccfc527d62381b4312d73f56c87ebac1971f8e2ed116e64353413f9196e11cb763d01e71ff677ef7ab
-
Filesize
1KB
MD550f50d0c28a42e801574394ad89873bf
SHA10deb4628f1a5ac9825b508d4f07b8b2fc7a4dd93
SHA2564ad870106137197d48cc6122c4493f72b52f1ba8b54d1ec4351e5a17d334cd7e
SHA5123c5176e4e8d564ff47b2e0ebc189a7364d5c4fd7876736228b08706557554a77708610d01082c420df0d9e05a0abdb58353fec486667cb89d2124e88120ddd30
-
Filesize
8KB
MD5a39594141305b14fa4ae639f7e86a260
SHA199ad61dba4b45d6fef1da90c2f7aca580ec83bbe
SHA256159c37fb253b00fc1bfe49dd3f3c6ce0400097b3b48c25fcb2012695d0d3c41d
SHA5126ad6bb8db2a758f31ccec151331dea108afecd8842b956b6d365f7ab4fd440a7652117a2bf051661574b241d1473b2c451dd2a7bdb25950d4fa5c2d40819fb46
-
Filesize
61B
MD58d3da6e56eaaab1f55c616204afbbfd3
SHA1435e6f74a76ecd737696fb5ed68dadebe3afd3e4
SHA25603c2089322077b66ead2473dd1e1fdfdf87e27c149a582638486c2a34541b697
SHA512ffcc0d41d32871fb419ce5d7741a119a185fe648a9054e6fa898c0f1c74d08d999f4d95a8ec17d97bf7adaa039284221829868dbe94e38f46934737396fdebeb
-
Filesize
914B
MD5b49566cdb735a413da6993123d52311e
SHA197d682c7ce09a28cbac81299ec7e67ee963b5319
SHA256faadb6b496891074c90971e347a7102cf67daaa49c17f3282fbb266079bcba71
SHA5129cac5c104d3710dd3dc596fe28e420840a9370904d398755e2892b1abf093d241178fb2ecb9d20778c702da6605611bc4718c50914b80b5f1ae73ac755cb4b29
-
Filesize
90B
MD5f249fc347d8e6927b4108161c95b39a6
SHA1c9edf7c54d00340984d8d3f95c99e72f582ee408
SHA256366682569178fff5ad306962b808ef2049aaf1b71bbf7c8114ebb5f86d05f9c9
SHA512028b5c8bb7bddaacd1c1bd68aa70bda66f0b12e9e68d9bfdc75e3414ae229cfb5f70006e049dd134fc2986ff704f9e4305c559a2c96de72a7893f96bdd7710b2
-
Filesize
90B
MD5f263c147babcd5dbf5afa255ad7c6703
SHA19869eceb1d8edb7d80d7e505dd08c748a5c07e5b
SHA25624004ffdfa47bc5d6bcc2e885a40ebdbe987533c8e0906f15b7efaaf03a84fbd
SHA5127837eb1df6d01f81800bccb0cb885bb5d69928a03e5a7b64b54c19c8e94e329d4b05865ee604fd17f365b74c807f130797abda278b11d69fa33acf803ca55592
-
Filesize
328B
MD573b773d1b8dcf143c5f84809062f2d03
SHA15d3b210e6471613c976c95bef67bd5117d6ce530
SHA256268cfce896ee7d0f59c3df7bc34f6615bbb47f1645d166daca584061b984e66b
SHA512bef027797a91db9efabb86c1009afb3b6bab9e45ac2fd4665d49f054455cd7520d28edc958c63d55bbf5b8952d4ab75de07dba57502e9f226f8aba6340de92e5
-
Filesize
1KB
MD56ef251006aa7f378f784dff65ad3a562
SHA19ed55ea67ebe073a944279a2a2354667704fb320
SHA2562e2c4e79bcea750302e77e1a0bf4187aa8301754454f53924717762699b7a258
SHA512f3cd31c0ea89d7c8c624714c837e3dd57ae670102e49ed72f1b49f3b61be9528a1d26405409a30c938282374053fe26eee3cce4298a430c688c68044ceda3d61
-
Filesize
162B
MD5362182a8f69fb2484046d6b5076f1dc2
SHA1f83d11019fff21651924defb8c31c69750fad2f7
SHA25624efe8d1f621592b11193983d253a722cc0e8e5f8941f62efbdd47843c0b064e
SHA5123e9eeb72499ddfef078ffe63b2c4fb00d79d08775ae156e95078c3204ca1c90b8d341b5c3bbcfdb136873fff01d8f920d7e40a85bb43a88a236af3e954d44922
-
Filesize
586B
MD58c5a94eea9e23d2f3d53d9369f77a939
SHA117b0aca80fa8d238c5690ca903d737f439931132
SHA256caed197e1c6b4f5c518d32479f8aa9b24d7806dcaf4d7d4b26ae7eaf74293cb5
SHA5122b21190859f3164e39873417f13694950ff9f7da442895fc6116c5df7a01e3be42d6727e525397377e8387be459eab4491f8a15fbb7fd7a150962af14973c603
-
Filesize
124B
MD534131204fc1c0f8f1d0e6f5039400f68
SHA163878c51c8846b405f563323a946499dd6dd2005
SHA256a898591a8cecb7c52b8aafed77b0c8b98c6da56b1321cdbadacaf46d9e4d20f9
SHA5125015b88f7b4d29ca841596c26bec6adf1f5d3b8e1b8344abecce321a3d4ff2d0a20f229e73e242452c0cc29732e0d55fe7fabdf5092ad742ec788b153ba1f6a2
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD5da9c3a767753002ac01a164b76dae8f7
SHA17d0dae332367d888b3f30458149f9d905b672206
SHA2561c41b99c2abd255e883ccb6aeb84d29eaa1b618c33b196c9b84d12f511472649
SHA512e26179798a8465800061628ccb23e488c47b444b9f366557bd395ba3814b203e669690ef44d05f61618edafc845da64bcec68ffb45e2337fbc5cb21f1b72cd2d
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD56d4edddd387a97f9de761a12c77cbf16
SHA146843ec182a3f1039e966785042a0f8c4df6ec12
SHA256390f7a870d9a0b9f20ea9e6c9564a585e7ccd8ce7f1f52e24394060861231466
SHA512339945c0052e1154f3978b373cd62c4bf69aa065a97b1a4285707dd8e55eedeed341d1431785541cc366bc7fd13bf01d8f810bc6fd1706f79a17c2671ad1cc1d
-
Filesize
8KB
MD5a1ef554405e6bd92dbedd68b7a35cdef
SHA1c57f2043d6d1f50b0b89fa2e1a93244054f6872b
SHA256bee86547700dcf4259db61d8cf2a84437f1c0fab6870c20d1616e369f72c4843
SHA5125ff671636596e60b3fec73828b147491c3ad6d0ca761175ef4155c2c65af32a123774fa37359fb51d4e950ec3cd3ae320edcaa01edc6cf4d63661b69e32cfa9a
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD5bbe9cc8aaa8a6e56852784f21ede98ea
SHA15578bf1f284e398353a42868704d5e8ae2575e46
SHA2566859e68144d51e134dd0e5b1eb54577578d20d2c6673703bafc4ab72f9b4c230
SHA5126dcc62fc58f21a4ab68bd6e9ffbcc1b6b813909f9ec1b70f362ee8f2cbab0b5c4a7c1bd7a9941e564ebef0760fa6b3b2ca3be7c3e04bd52bcf97d53e2679a6c0
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD5d52485bf8b4552e70be8552e89318c5c
SHA13105b45abaa2934dd18e0b2371cda51e9a1da0a4
SHA256aefcb31c207ff7b4a4928b196467d1637f5ecbcd0d37be4414b2aee7779a6e5d
SHA5122770e04c4f77d71d52cf30104b28f6957da5f2d8905299e23c4658ab7f6bc31311617f21fced424010b4ad5e20f4bd90129bb1149ea2e958ae016705952eca03
-
Filesize
880B
MD51d0c1345fb7de018248fde6c42850b12
SHA117a3cc187e3e9d60a205de1a95f6f213062c1c7d
SHA256d98ab20b60fd5399be438bbb104254969f46c11251bb39945c3e42688f168c0b
SHA51260416748b78865a3c657ca9f4f411e57cdd7b16392bfc4c556cbe9f0f4d30389a0d2d82da6c5cff84dc9cb7fd7cafe6dd298ea551e7bca3ce3f0329454add352