Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
27-11-2024 03:04
Behavioral task
behavioral1
Sample
a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe
-
Size
75KB
-
MD5
a5944e7d7015005ff33bea60d9a1ad2c
-
SHA1
52c77133168d22291d8914dbd3aeea3597f7eb47
-
SHA256
c88ff0d644fc030ceb84a8b468bd74191a78ee06fb0344eacb7f353e69e587a7
-
SHA512
84ab5546bbe1847df979cc7093b0ec36c3b7105e1ef99cfdb6a4ad7c1c31b72480ba9bf6f603094ac192f6e54f1f7d347f869c4d02484bddfa9318f4995c3e65
-
SSDEEP
768:OrVDCpK4icOBfOImfxfRc9/LO+Ssh88d7Z6S/UUMmz:Or4pfbOB2nfxRkKjshj6d
Malware Config
Signatures
-
Detected Xorist Ransomware 7 IoCs
resource yara_rule behavioral1/memory/1304-6474-0x0000000000400000-0x000000000042E000-memory.dmp family_xorist behavioral1/memory/1304-6476-0x0000000000400000-0x000000000042E000-memory.dmp family_xorist behavioral1/memory/1304-9137-0x0000000000400000-0x000000000042E000-memory.dmp family_xorist behavioral1/memory/1304-9138-0x0000000000400000-0x000000000042E000-memory.dmp family_xorist behavioral1/memory/1304-9139-0x0000000000400000-0x000000000042E000-memory.dmp family_xorist behavioral1/memory/1304-9140-0x0000000000400000-0x000000000042E000-memory.dmp family_xorist behavioral1/memory/1304-9142-0x0000000000400000-0x000000000042E000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Xorist family
-
Renames multiple (2201) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gKG5X316bUb2Uh6.exe" a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\avmx64c.inf_amd64_neutral_8ebb15bf548db022\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_PSSnapins.help.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_parameters.help.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\brmfcsto.inf_amd64_neutral_2d7208355536945e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmeric.inf_amd64_neutral_27c5b45728cc9ed0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj3.inf_amd64_neutral_7e1053ab483310f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\monitor.inf_amd64_neutral_ab477c4d805d044f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\pt-PT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_requires.help.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_neutral_aed2e7a487803437\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_arrays.help.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\winrm\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_output.help.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\replacementmanifests\Usb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_do.help.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\winrm\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnok302.inf_amd64_ja-jp_708c81a8b0ad8846\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pssessions.help.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa5.inf_amd64_neutral_ea8128ac5da37eb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmjf56e.inf_amd64_neutral_328dabbf0aeed9bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\vsmraid.inf_amd64_neutral_be11b7aaa746e92d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmsii64.inf_amd64_neutral_d7409fccc5ef4078\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\usbvideo.inf_amd64_neutral_836a6716cd56c692\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\Temp\{522f6bf6-ae20-0f66-d982-a746d010852a}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Session_Configurations.help.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdm3com.inf_amd64_neutral_11abcf129a29fb9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_neutral_b4e8ccc6ba210e97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00g.inf_amd64_neutral_6f76b14b2912fa55\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Sxs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnbr006.inf_amd64_neutral_f156853def526447\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky004.inf_amd64_neutral_5db759db19acd3ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_scopes.help.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netl1c64.inf_amd64_neutral_30b0b06f47cab8cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netrtx64.inf_amd64_neutral_410e89ed86071c9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_neutral_d834e48846616289\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WCN\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\catroot2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hcw72b64.inf_amd64_neutral_023772237d3a4ade\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Automatic_Variables.help.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_split.help.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnkm003.inf_amd64_neutral_48652cda3bb15180\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_eventlogs.help.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmhay2.inf_amd64_neutral_ff250f861d941dd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\msdv.inf_amd64_neutral_571f87a277565224\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe -
resource yara_rule behavioral1/memory/1304-0-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/1304-6474-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/1304-6476-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/1304-9137-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/1304-9138-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/1304-9139-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/1304-9140-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/1304-9142-0x0000000000400000-0x000000000042E000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\slideShow.html a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341654.JPG a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15021_.GIF a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\WebToolIconImagesMask.bmp a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\logo.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Thawte Root Certificate.cer a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\QUAD\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\background.gif a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\lua\intf\modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14755_.GIF a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_LightSpirit.gif a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0400003.PNG a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_HighMask.bmp a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\rss.gif a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\GreenBubbles.jpg a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01301_.GIF a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)notConnectedStateIcon.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\FreeCell\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145212.JPG a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_m.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\settings.html a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new_partly-cloudy.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099154.JPG a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21481_.GIF a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0149018.JPG a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR30F.GIF a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\settings.html a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_SlateBlue.gif a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen\TAB_ON.GIF a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Purble Place\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\icon.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD19582_.GIF a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Stars.htm a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\System\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\GlobeButtonImage.jpg a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\amd64_faxcn001.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_75439eef85e28e30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-a..nager-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_abba0ea167743612\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_ph3xibc9.inf_31bf3856ad364e35_6.1.7600.16385_none_a0a14b454657e48e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_system.web_b03f5f7f11d50a3a_6.1.7601.17514_none_83d6d124beaaf396\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..l-helpchm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_35ed0d7e549dee91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.1.7601.17514_none_749de8353d4bd160\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f8e6ec408bde811b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_mdmrock3.inf_31bf3856ad364e35_6.1.7600.16385_none_7b0648ec9d3a4bf4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-symbol_31bf3856ad364e35_6.1.7600.16385_none_2b1957ff6a01d63e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-n..n-clients.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bdad5d9287414b5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..-freecell.resources_31bf3856ad364e35_6.1.7600.16385_en-us_74b882de269734bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_Core_Commands.help.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..putername.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ec2a8bc0ed056604\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Speech.resources\3.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-dns-client.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_47c3a7a7b5db2631\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\modern_m.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\Media\Afternoon\Windows Information Bar.wav a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1107dcb1e9c5b5e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-time-tool.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3199ed74fb3ae559\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..rofilerui.resources_31bf3856ad364e35_11.2.9600.16428_en-us_2c22db3e194aa92a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..onservice.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9d774b2480379bab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..ntrol-rll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8c48a0cb5e48b35e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-services-ehsched_31bf3856ad364e35_6.1.7600.16385_none_0167f08155bf1c81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-photo-printing-wizard_31bf3856ad364e35_6.1.7601.17514_none_b30ed5baf3b15725\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49\Windows Print complete.wav a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netg664.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2682446c93017f7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-scripting-msscript_31bf3856ad364e35_6.1.7600.16385_none_90381958050e76f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..ltinstall.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0cd1ad9c8b4af61b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_45286e597214a485\403-9.htm a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-icacls_31bf3856ad364e35_6.1.7600.16385_none_8ea990b7bfab3802\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..etoolsmqq.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7bef78d9f4a6a8ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.ApplicationId.Framework.Resources\6.1.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\PLA\Rules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-addremoveprograms-adm_31bf3856ad364e35_6.1.7600.16385_none_a053d741312f3b44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-directshow-other_31bf3856ad364e35_6.1.7601.17514_none_6b778d68f75a1a54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-timeout.resources_31bf3856ad364e35_6.1.7600.16385_de-de_763e93b2d1340236\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\1032\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-f..utilities.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_81e23baddd2d2be7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-push_31bf3856ad364e35_6.1.7600.16385_none_cc073ae540855a07\NavigationUp_SelectionSubpicture.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..rk-msimtf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_cd9dd16d431d523f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-printing-printcache_31bf3856ad364e35_6.1.7601.17514_none_af4d5367890eb1fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-credwiz.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9ac9eeec9a8156c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_box_left.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..tion-core.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_26ec7b03413540ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnbr009.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0a5e3f0779bfdfe4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wudfusbcciddriver.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d9b266741b4c7456\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\msil_microsoft.windows.d..is.sdhost.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_858ba2b4829c64b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-bits-client.resources_31bf3856ad364e35_6.1.7600.16385_de-de_452fb95d9556b1f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-yibaiti_31bf3856ad364e35_6.1.7600.16385_none_b436b1f0d44f46f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-performance.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_452b34a3246c6093\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..madvanced.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_adbd254c98aa953b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd\btn-back-static.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-rpc-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2ebeb7d7315a5faf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\PLA\Reports\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-n..rkprofile.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0906518574a20aa6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_c4d0cdd7c56b493e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_hash_tables.help.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wusa.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c5ebe722637ae4df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..s-utildll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e33bf3840e3b771c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\btn_close_up.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..clientext.resources_31bf3856ad364e35_6.1.7600.16385_es-es_65e4e8c94f5790c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gKG5X316bUb2Uh6.exe" a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.happy-hack a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\shell\open\command a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gKG5X316bUb2Uh6.exe,0" a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\shell a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\shell\open a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.happy-hack\ = "IIZTZRIYOWDQFAF" a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\ = "CRYPTED!" a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\DefaultIcon a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1304
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
516B
MD5d2987286e7c10a94c88eac7ed4bf8cd2
SHA1cf80d111a96cb914bd4338b93e57034eb70af8f9
SHA256cc5f8be5ec53ee11a61f1d380985ccce61e0bdc0c9b97cfe20b4ce1b45ffd2bf
SHA512638ff7d95dc3332e862a2ecfeee36c74d33793ac2e7eb28f748aaf81673f8dade1ed73248c2b2a355293135ed3d71ddb95107aa4095551e039fea3a69c6be61b
-
Filesize
341B
MD52481c5ed0b9c0cd01080c74b7c8a917f
SHA146619ba5f821bf8e9c274f6373b86e146b29fd87
SHA256915a1cbd26638531cced2458a1490896515fdc725c51323c01925b7babbcdff7
SHA512d0d0260f3ce969e2d0de8832aea5eb69a6ba501c6a3d6c689a71ad2f4772603b4fc6c41899c1e08d522946114c7778c49ae4dc54ccde219969e54f15a8173bcd
-
Filesize
222B
MD5337b1966de4da3f9e7baceefbe703c6a
SHA1cc1c209b48cddb76cd94f62f41dfbd6c67549c37
SHA256b584c33b5bdba46dc24a3928b919891744187bc2fb92f8957d26d9ecab54278b
SHA51200e1951eff58d20fadcc8e4dc3b300ea7f888d0592d021812d4d7d3223a341095b662c3cc98e2f35c970aa1908645b95c2e5eef7e4868ed0d9f1e69535f9f360
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD5ae2ab5ebb3886d8a6761733e8e3ed7cf
SHA153b5155769880cc50208d960533c9f0c511376d8
SHA256582aca9074962a99a778b388a9d82253beffcbd8766e670a76da58bcdd887a48
SHA5121e7098939a424c643677bf4d0cfcaf54f0d7e8b428e99c105d0f41f68f657e3b79150b03d7bb90b8a042977b438499abdcc2c8f86b90da5e985aaa5678527462
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD5b743627ae28b5f3064256bd0d7b085aa
SHA1d3b790103e89234bef876725a7d8a4b99c28aaa6
SHA256da7a22881fd76fe289643065a3194e5802362f9b439fd89a9a29ce7606cc455d
SHA51282e3773a9a100d2d2c52d418a8b0d15033a1a6440ac919aafc12e88b8502fe239399b9dc4feb6a2d0baab2c9557d839934235ef1639c679bf59f3027196958e9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD536b86e37720d3b04d195c026b607a4a1
SHA1b8252dd4ef64e235cca67e4b2dd68c43a46bb4c5
SHA256a1182c93250d33163a2d8f6fd0f5dc307f087301bfcb6b2a966066de172219c2
SHA512fd3aad1e39ec3ccab350c583970cd39e65feb6f6a30559c2ee711dd105bdbc5622a921963f3a8b02b2b20907830236121c97681f5dd924d0b7954e02841b5d7a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5029dc797f725ad74d9c69a931f7c4a42
SHA1b44401cb2737acc2a5874b812507d0b5d3a252c4
SHA25627862911f4d3e8c281fd2ff74d5e2c473f40c20e304b76f3743ccc729454c874
SHA512e2e7dbcca89562275816fbf8d91dbb7e8c95778d6124f47250f8eefc2da7e4957c17bd9fb5172318ba9e623f347b24d07e4f4749335b501e284f4fa12a0e635d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD5f370e5de9871118d0f17108addd150d9
SHA11eec1facbf25c21176d0fd1f7b6d0a222aa2bc27
SHA25644308a9bc54b35a8d65086c0adc79603b3a15ff19176d97856d2ceeacb9629d3
SHA51268b0a82b476e78dd5d1dcc1e1c49298b9a3f8220508d48e807ef624817eb706ed7b19b3b1b173e14cd13bb3590f585e08917e17fa65dd2bb113a9201154ca881
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD53a608fef537b4a05a6aeb00f8ef039a4
SHA1363bd562105f6cd8ef47431fbd563fd179d02ee3
SHA256dc6eecc6307350e48c16d8e0db0c5eaa0482d70eea217571d524ddca45f9d578
SHA512818a4644fc3199a8cde631b3a8fa6c33b020cabcb19444941557c91483b7e165fe9baf98c86cc5297df8574e4e01a5f1d53fbd7210c85832291760971ac6dd70
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD52686e9ae8d0a2e689b6560a07f25d033
SHA1c057f457414065b7fd7ee17264c5111dcf8daccb
SHA2568cbfe3d13fd2db1147e69ca9d8c5887badeb50f9bc2292a811bcb76f01a159ee
SHA512115bf33a559441b40f1430227e49f4914357bd82eb23b9fe4cea0a03904c4675f181f7d49b0da355d4d9e5fdba8630a14b3de41f43d1a4ee5a9b6d825dcad706
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD51abd905324bc7549a53ee42d83c17537
SHA1aa6fcbf6c681384f16bc944a88232a66c7a966c7
SHA256b8d4b9f2aa46886a3fa25ffc1a41c4c212d1f8536226343133b1b6633011b24b
SHA51262b279901370c450f602d43ba3bb91bb28771e87378372b5e3c32dec77062d114a213ebf0a192989692227a640ecbdaf58ca0e1b7237a69f3f039b2d3dcdd88b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD561084b2c4b204c0e54a36ecd5546ccd8
SHA16d99d55792ff842ff100e6751e6127ad96a708a2
SHA25603b1640278e09c2a574c961e1b0e2c2897c91d92f7c973c8d65dbedd81358bd1
SHA512735e304f9d94a60770f25006b59b28ea0a2376b0734b1f39fb0424f3c6745e199c4db6f13c6ab25cebeb3ef1af19bfde87e0827b072a03e71812ade3ec5d1267
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD5c1bea0ec01c50eee7bbffeca1c3c9f1a
SHA1763e54af3902491abf107cfd2f7c8bad3b3d0abc
SHA256e01737e66c8c070a335eb70d868f42893c67c300bd762822acb86d8ca2af8c54
SHA51243ed16bce26716d6e49abd61c0a6bf92a10907453380039ddb0b41cfa24a955e1ee12772e11e532c62dd7e105b09a88476911a1cb1d9df2668d5b66c141090e3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD5570bd48dfe7bcd89d594cf3e09e9018f
SHA1795ead59026485bdb6b16cf1c277a4e1f5bc8042
SHA2564957268d3ca5562ad0a724f42cb61e20fa4505dc6d92fe51a2748fe95e1797c0
SHA512b9715a2b0573bb719f6e69355ebddb03f8e46a90d0ffc3cb3507cb938aa91200945e60769f76a81d5591cd4ea6fc89af7f0755813b3d44b1e570940b5d093fac
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD56da316ede93c97b7b1b4633b3840e31d
SHA185ac63cbca1bc203b3a6b82333faa65c4613c18d
SHA256c949f67d156005f866856d9b678e27dbc23fc48a94a484cf6bc26c6aaf1758e7
SHA51234a37f2287be03aced809965e1e74afcecc8846878073521574c36396dc3952553339d94a07f6a2cd8377633e033942a9fff1da58da4b095a2e1d640618a8432
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD5f64b303c8828b856eefd98e6b2dcffd7
SHA1796acb597817c109b7bc81907fdd3499d74c533a
SHA256f83a63af8cffded9312caf8bb0168d4d036c32f437736969557641b8bb88c6dd
SHA512bbb8ebdb7f4067e4db97ec48ab296e1fbf4ff23c8252951094bcd60e1a2166bc2927f84d4a3d80badb2ff6232e42bdab4d1a474045c19c6a4599d90102a6da21
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD52c9a1217002e96c6635334b2e6f48689
SHA1d6833502aa1d25ff1d6b623e4a10edc3362a38dc
SHA256ca2b88b1c23357ea7953ef8ec459b7a10dc1484da5838a4c4723c4331f8f6743
SHA512cde2136cae93006a6d8818a2d48a93d94425444633e86508590e53dd63fb528bd8fcd54c28d49ba5a65e42aef652bdd44fa2b9098720e10f52e10748af1ef9a8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD5a5be5693f4cda862df105b4143a026b5
SHA1cb56ca3188a353c47ff31ed1a92e49a83f4dd271
SHA2566b62174a4d7d192ab508688d357a150d1c5432275324a8cb79919d17ab01def1
SHA5124fcaf91756b692889f0c58390f1037ca03c276230877ec4dee154f6dfc272276ea196b9034b04a857f8f7c2b0e23bd048566551afc5f6606f7e40d055870d81a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD5b1436755117110bab0d6d987bf012673
SHA1477a1c4b2c789f9b03df7f2506e8b388c9705c72
SHA2563a924be922cca3d2e34355f5f9b3c8b8dc4cfecc89f2057be47d202bee61eabf
SHA512cc123f215864b34e1b15dc54e40aec02ab7f3c48eaf49038cb03f16d7434581faf40319ea90577988491a05d32acd1e20d6b19183aa57def84e6eb8efc098b45
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD5f3b1830d5c9e8e28b5a1a3b9c4b4e5dc
SHA155441ea054c1c915c2d8f86c0ed74861b7adf4cf
SHA25623873f1e767bd3d946561f3e8731d91e82a4192e86c42908e5805a6310b7acd3
SHA512e605b3315d868791ccc7603da4754ad717b72151ff54e75f3bac5ee7d48616decc23a06d0265401c65c3d7b46e9a015022b0c2bfb9cfb045e7d93700eba1bb25
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD56c1b22979af19f95e1b07c9fb4402448
SHA1d7c03c776fb67771de708b9f8360ee7aa298e393
SHA25607234c762b993c6e27253780e51bea7adf8d5b90107dbbd94dcecd2e555e5d1e
SHA512589b2c8e127dacfde9cff498853de36b6e565d3c2bd389a86c58e4d591c682d65854e598006ec5add40e5952fc5bdcbd8be6d96b88249dd84e9b46b01f1ce057
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD5b04723245ee31833d42d9c30431c379d
SHA15363b0dfd75122d76756177ceaa3c11e13d15821
SHA25630067b70808f2553118574618fd6917dee524eba3b18b38150feb3564f6b73b3
SHA5120d281717fad0a322eeaff1536cc8761295f723b9a1aae8aff2c4a5e0718438a0239354b73683c58090dc48e311c4db6c3a2916907787478080fb4812e485bb33
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5a67148840af4a7c0a9e2387f152c1b70
SHA18d4605219055ba2f4e104391ccb7736df00154f0
SHA2565c1946aeb42ffe6907c082e4b9410bce2a4abc549f6625f06fe9fb72eb867272
SHA512d78ee37aef100f5e9bb23cc500ba6568f4ef4cf435c353a7ef4e5c3a48136b8116b30097fb6a750ce8e11b453f5f998e699a6dadb95d463aec0ea7a9845a05d2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD5602d5d8085844bfcb698a5550b552d0b
SHA187cce6f8abb78f7df93e27ac0c12bae36dca5028
SHA2562bd743302404a8c56bafc266610a9e010bc3ed8061e64d9291ac4df989650b85
SHA5128476660661d3f8313d72a479e4955234f4c6daa765dbe65bf1dfbe51c7bfd5217b07814e93e8b8ead5d01ed6fb2d2ca2f0ae256f59232d525e80afb5657ac3fc
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD524adbb7437ee9604a6bbe2ab788fcc2f
SHA12c3c57f2f0dc260ea5533f00f1275b2e9ddb19a2
SHA256f77b125fdaae31f16e0972f6ca49864766f7bdf181a061ab4c7408cc072dc210
SHA512b0e842117b732cb9b461435332c2343398484a6a51bcdd44189f31a96d229aa14117ae1a27e0fbce1b2d899a6eae625ca623d475cbba20a8de7f860646426103
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD5b4f5d73fdb2a54b2aab529d388673a59
SHA1f4cafd6e3319764ea402fc298efd786f0ccd9b56
SHA25640a6d04f8e26bae5c9cf851de394a7d271065a96dbfa023219742e9669d01234
SHA512a4c71149c9ad220e62b765b6e3f83c8a7fcc8759cf52ab543defdd72c148f50306347562a1cce94bff0ba3e2be3e4084d5b53b6b597a715500ae66cae4b0df70
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD5faa78a75b637c255fbf5dda8c44f34a2
SHA13aed2e72248400a99717e8bd3d11e8ec5170e9b5
SHA25652b25ab97368f927f112d43c318ddb9340734493388ca633628a9a947e139d6e
SHA512c4069186c7d0246f4b4d0cb5ce1ddbbaf13c10226b752895f922ca17e3ac1cec727ef933ab362d5150bd2aca04a22b97695bcde1cbdb4dcc5da3d822309ec280
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD5bf188b8ba29b166d3b236d1be1ec6620
SHA125916b56310ba2a9bf178a88145d11ea3c84cdf8
SHA256b4b9cf5d7092d475288a6cbcdc4afc252fc188e4a840bdee817aca5e44e63549
SHA512e23f787b9f6cf07ac507741cdc7dec6f4719590d5d2ef770be4a4e4f9bc7ea9a30faebc95215062ec6f4bb65dd1c7d823593b1e6fdf6b23c4e9d742959d01909
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD5f0ad82c97f158179783652541bf34219
SHA140e435777d4a7755d275ab9352a8709bb81929b3
SHA256ab66f60833a896c0996f3106633339ce366be0cb35c50752930db971f151ec0b
SHA512dc97a287a022a7be77062361527082a29ae53aa6e13db857ae9870b81a9012414c5a2811b8ded2ebb63e3000076d339e32fc5425a2ea3093590c1861d2d56df6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD5be60f53005995e4e89b3931e97c4be97
SHA18c96e2bc5cbeaccc84381496f5e1e43fd8594775
SHA25639d038c79547a0ecef9874c32c8575ffde26ae948e5deedee25b9ad36d19e36c
SHA512435aacbdc1d89ec0a37ebdb983a5a55d9d1188fe6c81434aecdd071e492ba717f214d0c33f09b3ff4fcff86653b1eacc7623b1def95446ad5cb5220b9a9e8f69
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD59e1c17e77ac3cf66173cb8559d1f3686
SHA138e78d63dfa6204c06bd06505a7da1d7a8238fab
SHA25657f9563ca906a8a8d396f5012ec101a8185addfedd6508a86072e4177b83e11a
SHA512951354300d31eafef56eec0263d0d726378424bbc1098ac3689e2eff2dba81658cde0bb160603c46ee2cf2b6edcb88430d69b3ffcf8aa5ed2a29aa9aece6c98b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD5a1d93fee069c38b6841461e1a1022226
SHA1b005145b5ae0bd4257638806c2ed75eaa596d6ef
SHA256d1f10f42367a253697995d2ec611d35db8cde64b04180c8f597bcdf0652b3f87
SHA512ec4ff945e4d502d75d42283d17d1404b2607b25624f7a334e4a667c3a08f2fedde69ec6a27efa39be78d88cab0e2c41fadc6c553aade90cbc8abd0e8def94c7c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD5fb77e6db448a03b95901aa748460b267
SHA1e2696005358316da49df8ad82190085344ac8caf
SHA2562087a2e1c821e5814135dc454dbf57f14427f858ff93a5b56ff50d7e6a67bc46
SHA5123f43641f848e686d0a4129cab9a05cd1a37121dd853d0612880f1b0fce8ce314855e8b7825c355d12546cdfb9ef5067d6b2e86de9bbb0485cc874f1aa5968e49
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD5925d86d7f5c8f9a9489e0037369a34f6
SHA1b3226cde685de5b08efacf90d0232681d6bf8133
SHA256125091db9da116832b21b2f939ad9bd0bd143540c139c96e563b2c700a37d42f
SHA512d142f335c810d3b71844c4ab754f9391b9898fc1abb67b425341235fbe9d6d5af72327e89de99b130594694adfd2ec78f003cff483908c391486857da43ce84d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD5461ce5b4d08eff5c87b3435184a7a981
SHA103bdf37e216d8e9278d8fb1fcecd6424bd74ade6
SHA25638c8658e6de4241ef5fb411d0c09f9e3ece3b72d3bd735228c777957d4812c9a
SHA512efd902e07aa99938df6b7d6200d03d41f52050eda95ba36d4fc660e1c7634d41baa61af8360852dfb3f048423df8ca199b0226feb7bb4916cebb0d67dbfb28d5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD58052ef491dd1f4e908a94becfbca4a3e
SHA158ce0c8f86b6c61a1c9ef65e60335f9b37c1fde4
SHA256d6be4be0b2a1b4f57ea9c1e249069a07004f957862ac8cae0b39746e02d12871
SHA5124f462785d559fd5770e2c67fed6536c6c35d9ddf46ee0a38f38530de27d961ea5d1148aa2a950372637a6f42466e3012198d4bc24e77aff431c11400caf4f7f1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD5fbcb3666b45894e44f02d746682dd527
SHA13a5fe509960b84c2141f8c52c9b02f5997cc0304
SHA256dae6ff4cb27400f802c9691f497c37640cbf7d5a7e979606f22dc2d9bcab3419
SHA5124a4059ca308017143b651518da810d0a29b360e7a4459132e3b270f2a6a37a187afca0e103bfaccac2b06ec688c22e1e4d8b1fb6b1ef3381c9b39436d9fe2b20
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD576022fc4bc2eebef24844bc49e7c5111
SHA17b2385cc1ff5633bee13dc4629dd0fadee13e997
SHA256f9ce49c044f7a060cd154254ea238035d4695526341387d4e01a03f815f29bc2
SHA51284fd7faf743aad85cc8a2efafa169f1868375b497ece838a992442aa5b8a39eff970c8bc76913244f5f05c42185851fcd43bb4dc3fb53af357a62aaff667adab
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD5b03959b853c22f00419f6e6a9d9a2fc3
SHA12515bf2bc2b031772488f9002001b4e0b590d9f0
SHA25694000062a4f8cae8441db5d7808540cf6cfc810982549e5fea9aac7c40fb3bf4
SHA5125544d5120445b214545c95d565fc0016249369994821581d9a11b4a07563716c2ac2a610b774e65d38fe4ccb8835b3a10762f5a41814df77ac7505af31c5427c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD5f51eece49bc9956b919a896eeea299d4
SHA140317d2ecfaa697b3093b65af50a90c2b68d1164
SHA2562194e07af5629a490bdeac0b56c05a7d64450fd61f56e3e35ad6a7504051e6ef
SHA51275f0208b073bd13eaad901fe96403ee749d318f71e1585260c7b42b7408c206b91e67afcf2558a99513d1da232e31c341ec638dcecc7eb9524a636418dca25df
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD542042383989f130e15943a0fa19befd5
SHA1b2eab647583cd368fb93c7a68433529e22bf77f5
SHA2566d3a7585af304450234d20ff6b0144d5a236c50aeae0d3f54e1e55d70e996dd0
SHA5126a1b36225e48fe8e069489a407d84a7de809bbfa11baa33e0c558abb293df6c0d4def9f108b8bbf82b88b922ad2cb677216dbb664bac12bf0490692b3e3d4947
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD599e4ad50d4b0fb2d32f1369c0a7c86b2
SHA1dc34ed6782305174540fa4799c060c24262a9e35
SHA2567da706b959cbafc0f0be6a449dd3f818187910c4bb9f45d1b7c5b3f83c4965cc
SHA512c6975b2592f059f6ba3b077a14321836f79cf49f4d24f5c83202179ca893fd8d8851b1537ee4d93c66da90888322e60eae0594bcac468d4ee925498460aaaebf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD5efd15d8b775dcba027460986b761b5ac
SHA11e94cb914b9ce1cb2fd5eb5351dbc8b6b4e55a26
SHA256e32ccdf4323865a93fce6a5e17dd5c6cf880eb3a53b98832c6e4f593ae644e93
SHA512153f1ede83c0734ecc7babea479578e29c54f1b0f1573a81cc5542ed428fce3498c2d9b98709978066b426178646e2624688b40c8400ea275092e008888561e0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD58821d50387dee1493f27ef5ed9c6b218
SHA1ee9c16d0de4ec5d7d0a52f78d91112efa88295f8
SHA256730a80ca3815e36814613b5a78abb4b2bbb2e8cd2bf080a0b6cb16253ddd0c92
SHA512a80cfb8a97a0f8c42064a41ed9a083323eb844bcd7bb5aef8369207f188ccba6136a8fe7a60653a2cadadd046425e69e8e04353040f7b612533a670614b6dd30
-
Filesize
580B
MD5d3a796d3a06fa66b9a7a790c0db1185d
SHA1c0343eaf2f46ac288fa11371a695fdac1b8bb5bd
SHA256841cbd8eb38f2617c9e610b42ecf682c217ccc40359ef7dc39d4f8c46ec1768b
SHA5124884013a9f6d14343ab8532d8af6d1af9419f7d9d3a6badfdc56d56c5b41ceedb6554366208dd70bbadf12aa63570c68f57878195a621e4d117fa877ee43ed7d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD5aa1cf16f8437d2dc66dd972292a4993b
SHA1e7885d1639edfddeaca790cc2594fa5e03110a9e
SHA2564b3481b44afb0022da2b0c417ab5ff392048e701a6eb17d7ae11165cf7202b84
SHA5128d4f68ed6563fa75d94885da2d6362d0aaa08e40316461ca9533d3044f3231006b289a089db7a195d1dabec3c06a8375b37535daf2fa7e8ef0fe3bcccbda30e2
-
Filesize
625B
MD5876f3644b9064e95d2861c255818235b
SHA1cc2dde68fc12b8d883dead29c701e448476bc11e
SHA256d18c78e8c025d214187a217753ff4131d3288fc4da37498f18b3788d70575a4a
SHA512e832306c75d96a99157f9544e46fb1cd5b86fc43c2016e90057896b4f102dab1a3693ac46f820a7586349aad08fd315ff1a43b3bf9614e74dc5284e2ca8ef7f5
-
Filesize
873B
MD51ea7a4aa93b6864b37af29b575d95b99
SHA1e89ad561471a0e8319a24622274708f71b538547
SHA256facf43a817ce265f48f707ff8355a7a2c822f00b884937d72ebc0ce04a795c99
SHA512c43dd96d68f374c1e4c9b0ea35cd246ccf42e004e659f026d0c77ecb8f6a887441c1ae3805b21db87155c94468780546140cbd42fbfd65512d0c070ee0cb0514
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD5b05472c5f534f379b6dabae2f4b7824a
SHA100fab94d6a4f877fb0fba49290a30aa7d07fbdf4
SHA2560b069fd20af9580f3e2a701245f387f9af177fe2659355bd9bd3d98bd4163117
SHA5129950a4a45a3a9ca8cc1f13d2565c3e1b833f1e6a35049a2ca7f6d28ff096506594ef2e24a7ae0fb4c8ff075b2b03e79aac770df0a63fc3129699823698d3caea
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD56b83d89f456274cf14aad2ff542e3665
SHA186f35f217b40ea9e9983901fa01ff633856225aa
SHA256aec4e22c0e27a41726d757e736a4e8239e1ae63bad1021e347f3cf072c2df21d
SHA51224e01e3077102fee3661ae60ee7e64330576c566e1580d7d8ed43edc3fb1d6afad6647098d732173b8f581b86bc67dba856cf0c1b59521300c4f0fadbdf9b03b
-
Filesize
615B
MD54e4bee40169bf2af3c2e5a3a67c1dd5c
SHA19cc8a6153adf0303e8e487d5affe0420b51bc9be
SHA256efc97d9cda8d3f851eeb1c843daf9e3bab04ea3b59b3e5ea42178ef65f78007f
SHA512896a81ec4d3530327f884d08e5a3b26801ef2e98c084dc9ee0ff9e24c5d9239b20d733e2be348269bbae36a79de9965fe5623d21a6d5a2511c721e83938ab2a9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD58c4489ddcada399bbc0c226303591f05
SHA102943998de3b050f9d68135e60e29c996ffcdaef
SHA25616895a2ae7e14025e9ebe2724e379e0196f73a4269a8d69adb617708bfd410b1
SHA51272d06548e746d0c95314cb21c24e3caa32cb71ef6665ea938d17b7ab1c5a43a7c0b3c1c8e509343f410ec69811b83846401beb7c50c5a8cd9650f3e659780efb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD5583badc85112629ea8e12ab75d58b7fe
SHA11b91bd0580c3f49c9aaffb4b7fe908839d153370
SHA256dc4ff5bf03da476dac7125417b7a558b094a0e58702d226aa1f540719885eaed
SHA5123c66ee5ef477e751c958a4894c8dd0c8fe182d6994cf1ee64156e890bd120d295a36920ef5eee3d68da0a7d293d02b592647ca820b5ec8001c9541d48592140b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD5df187480febe32248c652e5af29c0a79
SHA19cb4c5b241e47b712b4f3b417deb056e930b52d6
SHA256d3007d6f1d3e258662a11f05ce43469fb16c432bf12802899a0d110bdf8e3729
SHA5129fb49f62e90fd9bee54b461cbfd7ad8d5109cb8b31c50bba54be0a10f6984af8b0aeebc0eb4f60af7e4c15a82d49764692b8af62c84a7c3f8de9a5e1c1e87166
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD5cfbf8b69b7f13f84ea9f20f423c73e3d
SHA1824970befb0146ff33d4d18a6bbf19e1e87e542e
SHA2566b29cb49461b64a31e39af9c3adfc74dbaf9c1a4fb86ed81e2bc4b4d3ecaaed1
SHA51273e608570cfab3736c8468cf214cefeae951933d04010c2ec1a6e5aa6d7eb3fbec459a8c3b1c075b5f1e6fc865409759aa33c220ee73dc7ae292a9bf87c1c829
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD52237dec3c5cb554b7a803a8b087f1d29
SHA182a31075133de4b923d59ebcf5dd415152670a9a
SHA2566233947c552c0c09ed9a50207baf5a719f55378507743d1c430ed50bbb4f6784
SHA512bea3557bae28991ca9ddc0489e00009353ebf57ff7049d36f5dc25284c44f8e3a576a15bcc644b4862dc45e9bab1dd4d4bee76a490a8d7a79fce4875f058fc01
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD5d583e3afdb78aa5fc0ec5ae5606fbef0
SHA1e5201678262e805f38b71805ea27352229a2f15d
SHA256118a3f8dd2789a088046a94acea7c5df22f9f3db8caf05f62c6fe0c2bab5de6f
SHA51216ca8e911c92097cb51480db9f13a2d4ece84f410ce4298b759c387df0c6142ba5ce14dbb643b797988013068c3f36db55b271a15d4a928aa3d4ee221c5f2e01
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD58ae5a785f81e898063206e5f4e1c1856
SHA12855dcc0c997f364ee9d697b7207754f3f7f6d53
SHA256b5d77afb512db99bf9c2b5eeb9b65e8c2bb67481782ae52f4e8ecaf93a48c9d7
SHA51220d51e84e01551fef31632cbbabd1fc0b0d18b44d11dd88525dc4708d469483a4913f41cd0c1359ce862b011e50e8cba18afbc3e01e103c32f2ba523928acd7f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD53ecb6213429aec145776b4cda1c51f2e
SHA1ad4056528744d480218afe1c75e88d24f9847d3a
SHA2564af5f8e55d1f9e470d7345c070387a361527481785e8834b7d831dbeffea125a
SHA51221a1d3a7845a2388e292e7f88f27c322f5988aa9785a126c1fc73ae903ac1dca0ef6b709d38c8d5114add4d02cd942c38bb58bac83ba64dafe3b3583378afcd5
-
Filesize
153B
MD50cc01bf7c0763dccc55ed33cfc5d89f3
SHA12a34db5912f21bc5a3f66f9b267e75427bb29a17
SHA256fd4ff0e8c462dbfd7d5dd714dad7619b7908e8cac8dd7305d451a2da6b67b71f
SHA512a0cd8aab7857126e18bc361f30f799e9ffb478cf1e8b72a6df99894023c30a3a149a81b0bf62b2e85d2775e9e6d2889c538ee1bcdb4b5e095dd55a0903d68121
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD5afdb33f91149e43b4ed602b54913afc9
SHA18818ae6ebcf2c67b7b751feac2d37624ea564f7f
SHA2566132d37569433cc1375a2fa19f59290cd7768e4e59287319c9711687bb87e47b
SHA512e9178f477ce31fe31332e89e37cd3e5a1cf57d993f8a655771bee6f20f683210932eb230b16a5a5ac56171858dd500ae3004587f3668e6e5584e038f40b7557a
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD5f84cc5e6caa797783c57e579e27ce122
SHA108832871e7cbf9f5598b70f4ad72d720341c6d37
SHA256bd9645a90c2fda2f8c010887587797997096479ddf1a3447faeb38651e0bf365
SHA512063e9eb05bff32be507ab2f6f2f4c62e55e8247a85d693c049f1c6b427601bb3d370e33337043cc94fa0abe7ca7f89a82f0ad41b70bedcd7d28107cc4883561d
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD5cca181e9f98fdc4a7b7ef610b139885d
SHA1da06d2a4fe0eb0495a20f9c69cad62409a73e9ef
SHA256a5b55a3d91e2366f5de79aee3d34c300d91557ac26e06dff6601c825a8a6c2b3
SHA51220752090adc27e25f1da2a3211c7257c40d1da97a88a78ef22ad10a582641584fea1c4287468871f61ee55fb8ff5a1449cbc2acd5d391840aa341262cfcf680d
-
Filesize
109KB
MD5480226b487ecf45f73b4793be87cce45
SHA1027b9b8a0932422fe5f972648bea36875cc7f71a
SHA256383e7d60611ae49dfe32052617bd38af9ea6a5df4903675e28c6cc8e6cc2b0f4
SHA512511baff0d01d16e400c34cff65a46aac643c78a0f7c715849249a4cbb84bece169866af174a737531e7f73f23fdcdd54b8e21f4ed534df77560bfcff225d1945
-
Filesize
172KB
MD5044682d86c145ebaafe1b8bb73f6bb51
SHA1e4ec61d472c6bb50fad6331fe9b87ae7ab88ce47
SHA2566a32947998018debe5f8784c6c608b14c2b17f2e48b0d1c77a43fa4f2d72708d
SHA5123b610c86e1dfe7ce4ddd5bafea2f27fbf1389bec77a840857f14f5513e6417741baa8ca2bedce4c18ac0c6c8cd5890f9f9a57caac29b587d418f62f0b0954e06
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD5473e0eb80002b3ee524c9b10b160ed43
SHA1b945ebd1eb9ea89507b434979fb8e370ec959152
SHA2569a9dde10ed8caef322c33b5100bb7fdb795d2358e09d1d5280e139ea4fe87750
SHA512091477266c55f8446d3403dc206e232d2c77b173f6d15377de50d76dfa56105e4b83e7fd28655feb657769c9fdc868fad7197e78e0edb35253b823dbedabcbbb
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD5cd43f10f293437ed98b69feed71d30ef
SHA116c84001f49586daab1eb7042bf2c74755c77183
SHA2569c41c70255e2eb65dd4f0f1d7452da3b621b856bd49aa56f6fe0b0a4ea80fe91
SHA512fef0c266717c493c5132e97976d276b3b101000cc0e1a241045e833c5db1ae99fe4b03c3336873d28e18d378efe3c047c27b0d8ddbb9b536bf9725be4343d1e7
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD50bb6bc70fefb5d6ef27e28664b39b1dd
SHA1511f31e41e564f6220b8a332654010bc96c4d5eb
SHA256d244035662ba0c12d001fbf619bdf30ec4569c264b99e9804e02339942a13ebf
SHA51225362f4a6a0fd36aaaa4e779c8fee68b2c114c96e593f2cf2657531de39362d63730c43678582be05cf3d41b0e6901fe6bb23fce52735f66655f0b1c84ce02df
-
Filesize
21KB
MD5ec17c5805533d60ae26302a7ca4472dc
SHA1672d49cf7f8a8d17bab2c7bb3843b61cf3ab3914
SHA2567846039372c668fc8e5d17e0d87a59be001a49e1101a195e85f0f09793dc6f0e
SHA5127efa6e1bfdfa5b8ef80d4d25fc35eb63ec094194f5c467b21f7099f1962ec4f0d445be94c2ea87fa65b5daeced04f46b841f5088230ea52f1accf7ffd32ac7e7
-
Filesize
1KB
MD50fa9a4d0bc085144f9a88eb224d068ca
SHA16d43d7af25f915da2742d28e1bf2f66f77bbed81
SHA256dd4b8ef0e91032cea5910c95933ba15e6e6a27a62228b8e541bdaeb8fc48d929
SHA5120d7965949fe4778ceadd8ff2904a91f7e9fedfb939c65a68182f4d3e4a0a12a267f5011ef08b2c9e7b121d05d5edf0a51b286fc3163ef5538761cfc74dc8e3b6
-
Filesize
952B
MD57067c71ee6a5501050b4a8beba55ea85
SHA1f983c29bb7da592e8c1e45bd2a32ffccf8057046
SHA25681911719ea5af10a51f8e4635c97b855b376932471694ad9c72945e99d0b4319
SHA512d4f839c37995c6858234fbe8527dc774b096253acccf559af3fea213639437282def4e1ef919d578685f4c9b27d08f37b80b300050aa9672f066b0ba31ca5beb
-
Filesize
121B
MD5bc34737c11c980521c442d1bd40285cc
SHA12635cd64b7089badb9056f635ad4c4d0450b2b83
SHA256b66c35da313d816e01749d3ed100d834d91382b13aa7bc7344cd37e8f1bb1bdc
SHA512485395e73e612cef7561e45d8d5ec5795a18fee904907ac83abab8d961cf4a278675066e109870bc7582143811c8aefd703ee1eb65aab8930aec6a8fec9a38ff
-
Filesize
1KB
MD5eba0930a8f01bc8051b2cc1d95f2faf1
SHA1c0193b484275204b345ef8dff6d08596bba5b3dd
SHA2562231a4c31daf09d8e7da67e31ed065bf219809377ae405ed30c5ca2c3899d0d7
SHA51255be2b72a3dd9d21ff9297260c2b164e68b42ea6b9c5d20e3a66cd613d1919d41e60ebe843b13e023431e4c3d3be7ef0feeff57f68535ade5275b1541b653ee7
-
Filesize
8KB
MD53fa2e3d70411a9429e7c53a7a2c7888c
SHA1d737582acee9e9728cd12f06c873de5b22535abb
SHA2562ad55aa69cd32e6d23b7245eb03d099dd1cd9cbb7a0a519a9b2ad8f324c930fc
SHA51292885d4d77f50d05977aaaf357585baf8ef46677fc8b4f5f99677dbe7c2c28a356a7b3d3dea9fef03a45f69256bb7469d91de950f229dbd1f152e82e28403c2e
-
Filesize
61B
MD572046d9ce2b319185af8e439624582f6
SHA146fbb2926f66469ae85f39082fb46dc868dbedfb
SHA256fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd
SHA51217724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d
-
Filesize
914B
MD5a8c1468f5a6bc9ab128007647c088f49
SHA187a90d7b02e03c6aecce4602365c2e18128e126d
SHA2564f7510ebad30854bfa25ee8e1ea87549a38308c3684dea8f6b694482c9092a18
SHA5127d3e097babc64767e4945d48e67da400ed4f974f4cb475868f5b115e135ce8d231574fc125bff7a3ccf96022d9f30bdbb41a679ac7f7dd9990e4f345b33d76b0
-
Filesize
90B
MD50ab469236e16a2686b632da3f6d1d98a
SHA16456221c8435cbf609eb4ec13a7937f03d5c9f85
SHA25605f667dfaac396ae6cf8819120d05b1934cf1cfa2b616129bd677623616beae8
SHA5124c21a4c87d93187717d49f1d5a6050dcfb1a750f3204fd1130fa1f52bd643aa5c646f66d8a435fefe4397363f0199783ebfde77d0d05db399b54c44bd82e0b18
-
Filesize
90B
MD5723f8bba2ac33fa7b76fb84f68ec10f7
SHA14b9fccb04eaacaeb006485bd1533c4f609612495
SHA256848bb3191fbaf767959f7b5085d58b5a192e509a7b6af1e224d6f57e61495387
SHA51222ee5219e510b316c24a805e4dea1e45f37faf876b628a5234b702a6b821735b3f9d59fd758345ea7f7a90b3f5cb2d12f6fa616487a0249286d9dbb73890789e
-
Filesize
328B
MD594c6255fab4b37c3b3e0e515f02ca848
SHA12f05c00c9d80cfcd214ec9443a3b3b02e715b3ba
SHA256e0e9f46798dd1faa70cc21bfd54a21c3afefa2df6aab1370046eef0bc8c6847a
SHA512f004094b9d16d8ba55967c159b60087a81f5594a4a2c254e421043dffaa2d0f4e844033a8807df7184a7874cfc02fddf55efaeeacf231eb0c1f781a98d117c4b
-
Filesize
1KB
MD5a5a4816d7929ee2041b907861bf52dd6
SHA1e76a2b5b6efeaaff3d7bebe572698b48eb1f4468
SHA256f29318574b974e8ea535fc4dc0e52ed9ecbf2ea824f6eb4b1d5a378260c459b7
SHA512f495734e11cf2e03abc9a97906d3b5f6c108030b0b78d924a74323bd0e3d34d59d6ac62ef383f3d00a5b14a1d38b2ce59bebfc60064aa8fa4f2b6534cd1960d3
-
Filesize
162B
MD513dd0b58761be35411e1aede1e47b2e3
SHA12c14d7a9bd549a2b4e18731fd777fb98dd84a8f7
SHA256124fe7c1bbbfbc274fe6585216a2581a6731a7566f2edbda4482292d74a57108
SHA512e5bc59a6825c50554094921f15ef94d39e6d5f2f837942e8d38be739648b55874971948d0c93cd52f06d055cef74dc97f98dce7d8313c000459fac4c4c547e3f
-
Filesize
586B
MD52c33356c3db49a43b9b840d9f9f649a3
SHA1da9aadd4baeb0fcf4d230360045c4c5162804c65
SHA256282a26aa6c184d1cb4d3a09e7ceaac7845a400f4cf2507181d4e90f02f5aa057
SHA5129802b6835b81b64f357286dd2a4febc3921c1d563c5f027436d06e8b4c0bdc0bb3526f46c501fbd2b610d02c8b4611b7f47eccb229616e251275e618c67d3177
-
Filesize
124B
MD59ee0ade9d098e982ca318e636cfb7b19
SHA156ca43c2708908cee6262e8b22bdfab695cd5800
SHA256164dbf12dc2a66041f9cc87ab882f18d4de17c8e6bb6fc7cdd24dc8f941e04d9
SHA512390ca382ada2492b795281421ba096d6ddf773aa0f1bf754dabfd8757c1fa1b96e7426f55d9994a221565e13315008e3ad36c26077411e0960b011f4379ce5f5
-
Filesize
8KB
MD5a4f0d68922aff01bea1c3865451020dd
SHA1fd50a6d403fed0cbfe2878440af4e3d431e95b1e
SHA256561bd5b4c2c9879c4c05d99ea9f0c41fc42c120b08e879a1871d0da778376147
SHA51277f865ce4221b4a37439002c8a133c0a4c2e739d8b3cd5a374926bc4e03a85d7951e05ae2222f1e9d39a7c799dc8817f962060cb14ca11033b547dbca26b8178
-
Filesize
880B
MD5060c2540f71845811b1ec8bfa68bad0b
SHA1ffaaf75b9f945b7f682801c47bc395d1d3dff3c4
SHA256a6122f2f0c39d42fd77d0e3214d2327af11d81b4c7ac3d76716e20b6b7d59d0e
SHA512000da66eeb900cdedb417261e1b7fc5f300be7a4dc35141e3f470d03696c8416078de67538be71c88b2735cb41f4b72c5ab6a3dc1fd906267e4ff2957fbf4358