Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
27-11-2024 06:40
Behavioral task
behavioral1
Sample
a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe
-
Size
13KB
-
MD5
a6705bc754bbb1c3c3600d6e4d297e6e
-
SHA1
d5818abb0278a33fd1256396793868686bc48ef7
-
SHA256
fa515d064b0ffbea92bfb205f08d942b634146051d58403ef67911ede3192f36
-
SHA512
e00ae3d4e7125e4919b375f66f9e42af783ad62970dce452bd67d786ddfe5717dcdbb95cd9c9a52534b7b417ec9788e8bcadbd9d5525ac96f75ff4dce25933ae
-
SSDEEP
192:q/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMMBSZCpxrX:qebFNw4Pk1itKkpAjjI2YpdmMBS8xrX
Malware Config
Signatures
-
Renames multiple (2161) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\c9SZc694s77NPdL.exe" a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\mdmlucnt.inf_amd64_neutral_642a5ab3f2a1ae20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Command_Syntax.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00x.inf_amd64_neutral_808baf4e08594a59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wialx003.inf_amd64_neutral_db618863f9347f9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_script_blocks.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Switch.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\eaphost.inf_amd64_neutral_4506dea11740c089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00d.inf_amd64_neutral_ce7a0b4e23e432ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_requirements.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Core_Commands.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Sxs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\Dism\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netl1c64.inf_amd64_neutral_30b0b06f47cab8cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_History.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pipelines.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Quoting_Rules.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_split.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_parameters.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_scripts.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_providers.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_try_catch_finally.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx008.inf_amd64_neutral_75545721835fd863\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\WSMT\rras\replacementmanifests\Microsoft-Windows-RasServer-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_command_precedence.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\WSMT\rras\replacementmanifests\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Path_Syntax.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\sisraid4.inf_amd64_neutral_65ab84e9830f6f4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Windows_PowerShell_ISE.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_eventlogs.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_For.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\System32\catroot2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_neutral_d834e48846616289\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\IME\imekr8\dicts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Arithmetic_Operators.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_objects.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Signing.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_neutral_c239ab5d36a3b3e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ricoh.inf_amd64_neutral_66b4504d1fb1c857\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_wildcards.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmcpq.inf_amd64_neutral_fbc4a14a6a13d0c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_debuggers.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmdgitn.inf_amd64_neutral_09132735f1063a47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnttp2.inf_amd64_neutral_d218c42ac8635704\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_neutral_ae5de2e1bf2793c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Program Files\Windows NT\Accessories\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02736U.BMP a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\skins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Program Files\Windows Journal\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\1033\QuickStyles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR22F.GIF a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR46B.GIF a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\GRIP.JPG a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid_over.gif a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_ring_docked.png a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pmd.cer a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_over.png a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01179J.JPG a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_right.png a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14982_.GIF a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Program Files\Common Files\System\ado\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana\TAB_OFF.GIF a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14752_.GIF a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15156_.GIF a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR2B.GIF a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR19F.GIF a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0178459.JPG a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15171_.GIF a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsViewAttachmentIcons.jpg a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\slideShow.html a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter.png a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\FreeCell\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new_partly-cloudy.png a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099189.JPG a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10263_.GIF a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Program Files (x86)\Windows NT\TableTextService\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_m.png a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_settings.png a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01749_.GIF a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR4F.GIF a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21413_.GIF a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsFormTemplateRTL.html a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_hov.png a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Program Files\Common Files\System\Ole DB\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\x86_microsoft-windows-a..istant-ui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_646ed7a9f28f1f8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..terprisen.resources_31bf3856ad364e35_6.1.7601.17514_es-es_9c867a3a571c6936\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..tools-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3a6a90e273d7c75e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..-core-dll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e0184e3b8b1d379f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Kalimba.mp3 a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..e-utility.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e7fce109a52b1c6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_6.1.7601.17514_none_c1fead4e4bf85947\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.1.7600.16385_none_b5bfb0b8ee629431\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_right_mousedown.png a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_a958e61749c0d36e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0301cbcb983c9a65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\msil_microsoft.grouppoli..reporting.resources_31bf3856ad364e35_6.1.7601.17514_en-us_eb21d606d8cd36b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-f..client-applications_31bf3856ad364e35_6.1.7600.16385_none_df43486076782d83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_679a6ba79b07a3c0\row_over.png a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrenderingmedia_31bf3856ad364e35_11.2.9600.16428_none_a0d7be346e5a380e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-u..files-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0aae56edb37bcfd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-c..mplus-msc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c7aa47ded79f2d68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8c7a6d53e29d5de1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_acpi.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0f732d54e2bcfd1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-devicecenter.resources_31bf3856ad364e35_6.1.7600.16385_it-it_428520bbe4515f36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_hdaudio.inf_31bf3856ad364e35_6.1.7601.17514_none_73863b3e7e0f937c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\msil_msbuild.resources_b03f5f7f11d50a3a_3.5.7601.17514_it-it_b87b6f93c6e6c058\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-wininit-mof.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_96cee39171a8e795\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.SyncServices\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\Speech\Common\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ie-behaviors.resources_31bf3856ad364e35_8.0.7600.16385_fr-fr_40a91f862f646cf4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-rasdlg.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_40d36bfc1ef9d3c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..tcpip-pro.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1254aa008171f7aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\default.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-syncui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bb90b56bfe68b3a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\inf\TAPISRV\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-sync.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b1a1605efb96353c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_server-help-chm.authm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_846f04e072966f68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\inf\SMSvcHost 4.0.0.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_1394.inf_31bf3856ad364e35_6.1.7601.17514_none_59555c0e1c877c53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..alization.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b3af76a53e79592a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-shell-wallpaper-scenes_31bf3856ad364e35_6.1.7600.16385_none_a4393b1a254aeaee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_ql2300.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e1af702fea4fbaef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\Help\Help\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-david_31bf3856ad364e35_6.1.7600.16385_none_b50b10afa0728978\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..layer-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_cb5a83a40124a6ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-f..ruetype-aharonibold_31bf3856ad364e35_6.1.7600.16385_none_df8bf8e079b63081\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-heritage_31bf3856ad364e35_6.1.7600.16385_none_5872c0830d0c4747\Windows User Account Control.wav a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_server-help-chm.scanmanagement.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_ea7984279f42f697\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_WMI_Cmdlets.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1256_31bf3856ad364e35_6.1.7600.16385_none_7fd6dd5722d91be9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wmilib_31bf3856ad364e35_6.1.7600.16385_none_b549ebfe1dddb7f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1aa69d3508a7d1eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-p..centercpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_30d3c1be51f47fb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-sonata_31bf3856ad364e35_6.1.7600.16385_none_201752c112c5078c\Windows Logoff Sound.wav a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_locations.help.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..vault-cpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9750551119babb5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wininit-mof.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c3e893c26ce74b10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f3df4dca246f6746\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_es-es_d3664f410831b76f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..ols-klist.resources_31bf3856ad364e35_6.1.7600.16385_es-es_890e4971f10372e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-e..-ehchsime.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a8b99aa3ef341fae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-0000082c_31bf3856ad364e35_6.1.7600.16385_none_63bbfad8a404fd28\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-csrss.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3685fcbdfb21a5ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-journal.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f1074a3a8da1c5b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-k..-plug-ins.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_48d77787a16fe240\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-live-services_31bf3856ad364e35_6.1.7600.16385_none_31a075c6a5802364\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\Stars.htm a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections.NonGeneric\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "PEAQJXWDQGDNISU" a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PEAQJXWDQGDNISU a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PEAQJXWDQGDNISU\shell\open\command a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PEAQJXWDQGDNISU\shell a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PEAQJXWDQGDNISU\ = "CRYPTED!" a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PEAQJXWDQGDNISU\DefaultIcon a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PEAQJXWDQGDNISU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\c9SZc694s77NPdL.exe,0" a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PEAQJXWDQGDNISU\shell\open a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PEAQJXWDQGDNISU\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\c9SZc694s77NPdL.exe" a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2680
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
316B
MD52c8b6a90f1754cc90d8aebe64d702ab8
SHA11f6fbf21ac777614a0d94cf08046f412e24b65b4
SHA256da83c9f23168330f1818abf1f4c4142aa193a4294392bef3b5cc0c8086804f72
SHA51204d01969fdb7a2cedd92c4bb727c565053d440ed34b2b175f6d8fed5d444bac210f319508b54e47a3b92fa4b9585822b8af58000369bb0c1daf0e539f1fa5fa4
-
Filesize
341B
MD5be4017047a25fd81f2195b11776a33b1
SHA15d74a8628706635df4bd464a5c8b97ce7884cb69
SHA256a4dc3ea9342b3bd349bec925b2e0ee9d98a7f049b6db53529eaff7db0a8ba6c3
SHA512f21ee6329112fa99be57b87760fafcdc9c019a8b99f63df6b248db569491c254817ec6aad64b771fad56111482f306437eaaf4e180b755bc9a036882957b589d
-
Filesize
222B
MD5b7f0478ac0f5a98bf6f6d78454bf33a0
SHA1335b438b80bf69e27c26c5cf686cc29b796c1160
SHA256aa76c7a689fdab6d896276888e009d954af995c6276ed9e907fba2300714c4ca
SHA5123e3a7d48699d9150845cd7d97a6b551367b2e83f4be247abb6015f9c356f9d995dad1099b2de013480e1716fc37f24ffe50f7a28f85e0a4cd1453182d90c6e99
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD58fb41dcef08568399210c466c2afeced
SHA15de553957387267fd5aba5ce87b247fbee6f0c4a
SHA25673e2a435434a044100a18a0256f8f6ae83742de88f86cbcce378d226a57195a4
SHA512ea6791de84475f809c7974f116c433240b130e36ce00324356358d2f57d87a0bb4732fcfe619595d4c6e4d03ec3757ff6356a69b88a023f54a2b73405da1a1e6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD52f3842a912460c5bdb90218b12a1a6e2
SHA1c4df1908b18d32e2f33782c7cbb935c887e497c1
SHA25647ee0e9a3f15fca3af412bcf49b98c70e3b20b66e6b8eec5678795f79293dec0
SHA512c8ffd8981558d6cb5dfe9d3a392c772551eafaf7c052537537a07d917739bd39ad0455738a19c8379296d98a021fa7a746616e3ef9944cd03585cf18e473db39
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD57fda01f418afe62148cbc95ebbd1a416
SHA19cc1cf6931c481cef23eeb0f68a4b55c202aaa99
SHA256a939ef070753b01240265e727df07647960196c3cc27ca96442feede6aac2e8b
SHA5121f48c3f0afde7d0462510238bdc6549288d96678c4e7f5b7909fcf3ea099db32e4c5865c823256ea9067948f55123a768da9f56356c2805ad3496d2e9066a5e4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5a02b4daee60e92644829fe5e307b4874
SHA19898e6b7b60538978dae43266593fe20b9cf723c
SHA256c9452d39dc1405d5f9a0197bec58b83b6e7cefa27a50cdd50bd3eb1f6db69fb3
SHA5122f9ebd7a4ad4df27f892c61b34a454030ca3213669d44057c6046f2b5a40eefe8b06e9307982d811f5c96bfb10c08580ef936c23c4f0433b845c690b7af56a57
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD5ca6de090664e23cb686fd188ba95cf10
SHA1ed0d5760bde401261a4022ceaaabb6a8f81ec10b
SHA2568565aad78884d8c3c0c33de317d617ee926dd6b0baadc8dc9e5df3476229866a
SHA5126c306ad49e30b779bb613b90c02a405a53dcee5dbf38fa77ad07a95f6b2efd93ab1732a9e400774f13f89bb2a45a6a767220f226a5643248f16107a2951433bc
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD561f3916432e3ec852757819a6f55d4c0
SHA1c754199a9bedcb9ce55fc8c477a16e1f046a68d7
SHA2560ef56c643fdb6d7b0176115a37c10f493531c1ddc26df495383453dfa248767c
SHA512cbf4fb5b5057445cb5d4ef58153d8b1fbd4b5d6277aaeda51969e84ea0a419a1144ad06ca94ee08fe1c275742d2b70fbb97afcbdae3afe11882ad2d1cb63ee94
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD5e19421fc1f033423291f35668dfd574e
SHA1d1e81245ef7bf0a1e4b505c2dd37dfb0ddb96544
SHA256eac4081d2cfbe5cd0f1cb1cb6ea00b83855279d2f12aae0ae11a9aefc461e952
SHA5125100c64b7442c81eeae5a665d40fa26b3783c83f5ed4566fdcfde111f2bc8bdf5c06d62afb2c62fe56850a9ad0b9e75712ac01e0c8e4ebc960b9f0c2f03c4263
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD51e8a1587c4e93a1b3ec714f3fb5e75d9
SHA10ad10e039b9feb44a4eba31d88e7590fe601eddb
SHA256969268b587cf0228872d379fe0fe0dc69e3261fdb4e4093bfb4c0960deea8059
SHA512d483f9eeacbbcf6511aaaed9f25ddd10b6e60c998452664ea14db6cfbb17b2920ebff95b6cdebf9df168477dafd60379983570b5f0ebce0b7aedd58d4b395a00
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD542f6194ee9ffc5a3824b01177f07e381
SHA15ba7d2d8c3cefb8f1fe8f739c59a9a6ede775eb5
SHA256e2b3d7107de8a13f79beb37691aa79592fa0cc81491e93de8bd81d161789e3f1
SHA512ad618dc36d47f4adcf8a6dc24be48a80d8e4dcc6e85335f12844f85bcbca86a3ee7b66fb5f57e415f6bd556009df5cc9ac2f4a7eca156c0342830bdfa968efec
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD5001973a2f848b2012585c37e57adb22c
SHA1cf9ab08e80ebf52b0f69b22dc3a8bda9db77f737
SHA2564a413034d32e5798202bb52566fcdf53cf6678dd0646068cba678d1ab05997e8
SHA51289bc188a857e914e2d8a58a34b66898c4a78e4c48918f8bdc552030a7af608a4b8c0d032e39adce25d96da3e30757abf890ea7fd043ddf69157b9b388f206123
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD5ecbe00efcd44498b87bd49d1e0b5218a
SHA1e2ed26233930f5034d22f3ecb019688b977f1666
SHA256a30b427eb752e72d7213e16e641658d4036662b588e45368bf8f87ab17ea9960
SHA512be06c307dcb697fc5ac0032d479882442b9799293bbd703615825432429b4dcd636568f3a917c1d2b85a30d65cf7674686be5403d646711aa22147b21dba5837
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD5ce943fcc53915bcd2c7c6cb370a951b3
SHA1d88109313221d9f2b9ed9c3a628f78e691f3b167
SHA2562e821a60797f7822afe619e21e38f799da28718c79b960a706abc028152004af
SHA5123e2158114b915bb805c6ce168d768681ddb0ab8cd9516b31b6e619f97cc3ad5c7a99836348d8bf29f93483ef77d7554b4ff733d5a131e4a13ede2ece8a59bf46
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD51ef5feef2c09d76566f078975718235e
SHA1b3199eafc48c7e8c5c9dde5d64596bcf35e02ef7
SHA256cbe0d6cab2c5bbccd62af69b06eb2336355e459cb3f7ead55c0c0c6b85f11c66
SHA5120673ef37c72556b7aaec6a3ff54dd0710c54de3f3ab38b74d2f8c093d6b61d377e1c1e2498612bb9420f8a386547b3067973ba0c39e5b49c095598de16bbe564
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD5de2d63ea173c5c26faac928ea0b9222b
SHA169b978f3a2306861a761568456b71becfe8d7d8a
SHA256bb4251ee6ecab2f685218fc38decd5eba77dbea336f6783f6297f039ed0a5f02
SHA512f427618d4465205897dd29dd12b1ee2eb4d3c7f8f731a00f678e560bfa52a0216c6db43b432e3dc2e1801a5eae79a0195b170821fe5d13af110c4cd4104c324c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD5e3774626f17a805d5c2849a59e9e0775
SHA12e2b32aa54a7bc52bf53b4fd4776d6117468dfc7
SHA256e75dd99996cdf1d84abfc306efac12db943ea5819580aa0a00b52b1bf67d1fe2
SHA512143dbbc1c3b37f99fdb342737a1bde1df77606f1004fb41f6b42ff7e5ee951e199fab1f4677b0953c054a3a2c2131b3f36b3c0f2b96123a7a7c5d09974fde705
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD51cafe41ed28f59ff00795af60984ba21
SHA1c0e3f0a74c2af1fba45ccdefa846cc6d9a09dce3
SHA2568763dc02dc84e77423bbf14c5dba78d66574ece78448b0f413c69d66e8e1f0f0
SHA5126faaadf18f19882aede75729614936ae22442903a398743aa43a0f851576d4b549425ffc9fc2981d58b4aa4c783309f2b72d63a5b31021846a4c4a25568228b4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD55f678b29a002fe852ca6461b0987fcb8
SHA1b40ab93c0b99eeec7d9635d4b9fd3aadbc9957cc
SHA2567db504e02521c34d19d033e7c07066f481c9b005982febf0f04e2616a23f1be2
SHA51298dc0d9172638b98fe0522780f78cc6ceeca7dceb9012e20a5b4871f6382f1d7ad2a4e69c559f60fd3c9f1f0e48b3daf5ce654c83e2f26e01a4e0750391a68a8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD549dde932b7998a93e6b06bf29df5da39
SHA1fc8d152988b52804f1e619138dbc9dcfb51aa745
SHA256bb676583069e03f8ccf494fd8cd3c339e549f65ebb9052b7d2b9d6b2fd1b9ba5
SHA5126461d64a269e3b07cbaa2acd8ef7d39afce939ebb1a8a2cbfe13f4b7d5ff11395d248fb0e200d424b74cab8210700b8dd5dd6b094dd55b6097d33d3772292256
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD58fe104610d2648c21b61568320d79a05
SHA103c0f428cb445c186cac3f644c5e4e51d52cf3e6
SHA2568ed3b842619605fd94b8c19e2f7dec835075000c9abaa3ba946d671836b193ba
SHA5120710b2a4c68d1ea963a32680fea394140d12e72a0c1e658cc45884a87293d1dd9426b336a1aa4243bf5fd9c3b6a330910d9c5ca2ad265bf1ca6b611ca9140196
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5a7d3479fe86bfd28e5eb53f8af9658ee
SHA1832450921fa566abf2c3c465f99ab94f3b05e88a
SHA256500c49fd4e65e4960d4fc8e4f9fc372b645f1ac6608879b24a56262cd9f539df
SHA51249a8f3616300ed298934ca2e16da43fed08d0f6a452cd3be619f4f0ea2211fd19cbbaef108f1666f7d47339111572e9791f64595bab42c0d5e38d24df08fb04b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD50ff2491f37dd32d0b1b8976cf72ca285
SHA1dcb3107f2ed31737e5c0eac2f2981728d2daea32
SHA256f57e5fe9cdf93508e02e52bd16f6b9800597f991182f26e7b29efb943e4ce283
SHA512bc62078a21855bdefa96e98540b0a0fb4c8cd60a605323e8352b54ab24ec46c545991de9429f08f22f5a738483ee701ad74876a0917bc5c9e371ef61b4c6f7c5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD5a1b251d37f510651eb46e4161ba13042
SHA1791f76e5ddac37d6e94285d9b3baf882ba99d836
SHA256a92be1ce1eed65a9fffd3f4f67829bf92d4f3ca801f71877601689376fd015f9
SHA51243f0615864af6e891211a29bd906b4899c662b56d75b52f02a3b67503de975698fb93a8acaa1d214dbba3068c8525ea0e57c9a7ec3bd0ee3ebe8750b3c3d9677
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD516254ba432edb48367eba2927eee0b43
SHA11b31d7b7237b356fdf2aa94e04a0c9e1a04d1052
SHA2561e014bd6812e023a9df9c801fe2ad3150440c975582fd7961230169477a66981
SHA512a3beb39b58235f5ff533f3bafab80f56ec87ba3c5848a3d56adec24de63ab38738a86fc97a908877fca27b1439fc8bc0b5ce3bd228238fe8aabe1589b1be4054
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD552932a584acecb1c36f2f20af6f65054
SHA135ba43b63a26dba31429ea379bf43765d742858a
SHA2560723a0d600b1d8a3bd48096897e7548974367966b2c68c870dabe1830a5e0a4c
SHA512736a46e4b3a40351effc9105e88a6b22045fe901b2952471745a996262cce7bbbeb3c0571ea6cb7f0cdfb0a0b23ebfdfb6b5e9f660facd94712814ea4189a9be
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD5931f94d29161aad951b27fbce999963b
SHA103cafa44751462d37432853a13e671764861580b
SHA256fdf34a1c57f98f28f151f88212384211827acc5ed0848ef8858415484b2d9a83
SHA512da989b96a639a566612dfb1082762ef4acc8abfb9d36540734b476ddb194df04a420d26d5dd23e740d5a3639e6bad0392542ae78e66bb0e99cc6cb3457598a13
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD5cb60968387b70af6784df49868bc7ba5
SHA1edc2d8c349fec3f5d7c0f32f8e3824df01ac3b2e
SHA2569a1d3d1f1e1464a67fbe09746b0b34dccfeeecdaed02aa0d3efdc6dd4327ed69
SHA512d40408deb5e79b5e0184d955a7a745146077d175b421c4dc926f0b318c55641ba42ecb2ed4b71fcd3f0c872b0e23722b22b3949a2405a3e323b7fec424555d9d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD522861e2a37f21795f4db795a595135ab
SHA1a2ceab2dd120f1b39ac4cf9592d8adf2e823c789
SHA256411a363b3cdd7b4c31125f28d9f07a9d3403c326d38533d30e6f448d371d8e8f
SHA5129e2e3d08b206b2e1d0179f45b70b9321ba707ab4ebc26df89f518f5c5ac48f2ab1608d34e65e820cc4d462ae804ac229a5451326ca27166d03e7322ada0b7f16
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD5a887ab091fef71cd1ba82745063c71d3
SHA15dde49dfeae963ab3f6f39397f5c33a7d74f5095
SHA2567b8c2a735ad6799f87327390e103392294fffecb8e18bf42d36168eb82c80688
SHA512449d5c1e312beac5a70e3d8e5d7c228206715d019551ce18d1276715f3f04624d80272f6b7a59eaf0c577ff735cb860f240151c33afc031ed32200bf5f9b2ca6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD5f3c8183e3a338e274aa41d9aebaaadd3
SHA1c02e3af72662a9d071301916bec98addf116bb6d
SHA2560fa68b60f76867b669f7287dddbca15ee6d1e5f0148467634fa622013b8c9ca6
SHA512e46772f52585e84236232cd9b4774cd070c84c683a8d6c8434c6e29201742b1d49cc69f5f50145c50546f12677469697efe764dae7e2717a07a78980b3aa35ca
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD585dba95f53da0e20d1f51ed045bdb1a6
SHA1aa3f93442e726621635a5c9e5e20c60e87bbba7b
SHA256741ef8c8b5afdb36298dca7217c64b98cb15e3516c083d66ad7321827122bbdb
SHA512734626aa4342407b564322617f336074aa020dddf757e57f7d1c9d97e438333db2aa4e244fa6895412439a105d4b3f200373271e3f8bf34ebbe0fb8b9d3a66ae
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD570573f266d525718332165f8caa13108
SHA1808fb5db0830775ebc40e89ab97347e9774bffe5
SHA256044a151c158c8ab2dfde3d02ee8bebaaa81728afc6bb8bd076f94fab9c458238
SHA51247180b436746fb98b97f18b4310c30b2e0ff2ed5f5473f3d640e67aace3f904b39a6517ea9ef07b417984f50eca6ad6102991d3d9a7778eef4215d6af9d80589
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD5b096dd5351be0ef7878b428de93a05e4
SHA1408e9ea5d3fa597864108f27b1bb08e89a37a3d3
SHA256e3607639f476330ae9c8ca691efd08a966e1317cc627e904f57f49ccbe45f2af
SHA5126a1e9a4f7b21375d7ef2b5eb21bfcdf7f7f744eef38dd21223af8790aa8bdef2f55c77afb255e5222da875203fab11d6217723b112bc3dfc1e9982aaffd53a84
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD5d12300c381984c25d7d59be7339f0120
SHA17c8731cb69b76e30e5b65087fa1c1d1cc7549fe9
SHA256fd9b96a201b565744156db66515dbb1df36e48a8b3e5da0ea3cdfd9ede4d4b68
SHA5124aa823ba2b0e71b1878d72f19431e69e1f1d524cbeafdda90d8800561110e77ad41aa9d1cf2546490d1deaeb472d2b7839bb27ec6a50b99dae853a232d8bfa6a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD57af79df42f132b01aead6ca59dd5438b
SHA1d6ac7f4f3dbaa8e3c39ed3b11b385af2479f5fd3
SHA256066acd4308f7f935f9751217eadca884dca1d9a63de4acd16bd9bc8dd1e04af9
SHA5124cbfde3a89d331c51a3a5c5c53aff60670d3d8708f201bfc2b5c765914d76422740fc20c3a128e1fbab54d06aae49d9668a9e72074dbbf832054928939ab1526
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD5ad2ea8401ecc9423548ed142a2bf6f98
SHA1802a2f5030884212d9b12a71ba0a55a03359d29a
SHA2561bbb19ab01a32fada8d72ae4c019f3eb977e74cfce8aab0eccd68c0ddc1943b5
SHA5122fa5cb80df5ea571a49233a9e3a03fe9c4672598d7587e9fc55ea2c9ea52c42ee5277dd33f674b3b145304491bca2049ab789b853450fe0600f4657b0354297a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD51930c9b6943ca423e33e09302b91e30b
SHA14963107098a2298d0b4612654f67ff7b2bad0259
SHA256af4991da135e6899804d705327ac8e46f3f2acd99f85e245c26e1bbf15294b78
SHA512833f36e7777739284bcf0a0d588c9af60d191a9069dfa9a6438cfacd0a5fa890cf593e37b47dba17046b19c74328bfe62993743da53e5563e73882e7e095ad5e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD5a0ab2475f156bf121a0afce46d700619
SHA1dd011cc03e2562212213ab7460d69cedf9c45a78
SHA2560ba4dcb8303812f5e6f5927a1b1b1ccde15b08ff32f8a3d6b37cedf98cb37b69
SHA512d362de6532edb6f9c8ffb21a9a1ad5b3471170255e3040b9f2987529bb115ca13570b868acb10c79f519dd251cc1eacd2046d91b51b94ef761babf7e19950763
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD579414761c2327b5267414cda0832b89d
SHA11f73dbd8d553431bbb3007ebe7a1cc0b5023ebda
SHA256df6e3878cc4f31e5dcf3d2174d8324a76f6ff2dbff460ba5a61c8b09cd000140
SHA512401bc14260cf9a46a7f746510668b48dbe999ef52889f8fb1f7a088de73ab72062c3071d411671878f2d63fb3407c2725f1a47df37f777796346ac42ca9a198d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD5a476a2450502fbd2081e40df0eafdab0
SHA13b71052abf110d13d0871fe415ee2696ad961868
SHA256fb2e8d34b6fd4023d838895a995d7543771ae05eb5e86611dff8929107a1664a
SHA512c196b634b62666e5d5ddb3e6553ad850428107d0fe504cdb22f435c206de11b8a180f8755f838f8f3536d458e33606922e6e84606327697414dea91b2aadb7e7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD5fa5a0779ff3cca48a4b2206a216cc5c6
SHA10a1ab0c4f2dbd74a406cc090581a24f2c330a592
SHA256304c90ca78d04da8c39e44b4fb11d6de0d7185e9421aec4f97956db6b2f55c4c
SHA512a6f15a8135cf045c133bf05166a24b099a581dfe8ecdd38c8e5f81a7e9f92f4c07519769f9cd9f19c2201c5331eefabff596a47aed3fee2d3c499e00c063c94c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD5d8f8c03f2675d41f176bacc4000bc42f
SHA1264079f137553306214edd047dee76cfd1c83957
SHA2567b8636379392cad6d8f1637496910079ba753368feec6990bccfb908408733fc
SHA512231e0dac7288acb403607c900d5a398840f4ac222943cef5594ce4e1fdc1102a407389944c5a6929ab6f627357534c2ce40acff0b2c1dfc6ad34398b72aea685
-
Filesize
580B
MD5aefd1d8d157b8d9b5e5378a13639b804
SHA1afebf9716441e3380c004fed7075d076f6155313
SHA256e6035175129518b40da5e979fd852e13fb08833afd401da13a7ed4c1737e6d14
SHA5122448ee706c1a4c3b116a0c9c8d13ec3acade1675424419075b1a0aa1a17d4089b32c5806b80a530c7ba6bebe0b3b76632a329fc75fff5f3c7380da5717ee9ef3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD5675493cf9b4c708ec7ae52b233badec4
SHA13f2c69bc08e6abaf70f6098c27eac7695f701233
SHA256c20f458625abffd34ec259989dc56f9a08bf81314b233f30ce207d14995ad024
SHA512150ccbefadb61861443260f8412f075aff26276308c783532f2266a7606d9e59a8e811a322f63f115c1e42510e18e501461ae2debac1504bd033945e412138cc
-
Filesize
625B
MD5223f772b11b2a26fe7b700f12a2bf943
SHA16b7d8df3f79cb678df747e6c56a7eee2b3b3c5fb
SHA25694852db5e46018738ae6efcad366d395cdceed67983a4ad60d1de2a37f6fd266
SHA512cf62e26486d76dec42fc272680eb4ecdbc86c0c70770cd943a80510d2acd83880df507ab817cf558b2bc6d641e192e9c39c58fb1394ca6812e7587d5f9c214e0
-
Filesize
873B
MD5570496a07b5daa4c3337c68c555b1c43
SHA156cff0a11415f3408acbe02ed15c137fd6918ead
SHA25671348f74b92283d3667eafb9903b0b34fd25bba7270086ed0800800bc6705eba
SHA5120ef8f1b60ae0cb12213cd96c220011cc14887b0a012dc38b9754aa7ae1ed6f8b0bc5f5730dc87ab12be5d945817f5b56ea96d1a5898796c2c73fee6952d41d0e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD5784c34cf40460325d4d4655ce724183f
SHA1532cd626e7e510d296edb6fff1c0671900349617
SHA256ceca6eea61637aa417d8e4bc52447a8475467f996e31e485b64683fe050751dd
SHA51252f8153a705d6ced1c88f62c04073e25344e452a29fd12558304dbe882615f7d879702c59cfa2018d7248e491b9a5da75526b5aec1c12d91fa2036f65c3335f3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD5aff444da8b0315e6abb595b69bc90022
SHA1346c237e184dd061e09895fe54d37215cb37eb85
SHA256273441c026b2f30375be8bd9f5d6a2c8fe88216709f38ae5e8b609362466268f
SHA512d1807efb0367faf92e234356eab700f43fb486486d2fe5734067a7980bcb9d6a528ab7644956d97919f8a7266b0a9d983c1a9a0f00d71b1c28973273922487da
-
Filesize
615B
MD572ca4c0e98207c3d0f1fb538a38257a5
SHA14bced283507f966295b8391608b7b5fd02cee3a6
SHA2566505db5db15d82b67d536e8866a98d81992438ad0a68594c38c97cd9983c1da9
SHA51280ddc1e4df389b27afbbf44de1c5290e6e47e29ffd45f27b6abb808d5097f4d59bb6de7f431ce49a27784709e3b4537c170eb7ef32b4ef1693374d4d1e9e7485
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD53421e344eaa613067773cf000dc16f46
SHA1da87702c7093027e57a48b0d3b953a7e7f3d37ce
SHA256b3c2e9de2d1300cead63023e1d2cd6326ba6af1647537bbd0f3ef9b4661b6a1e
SHA512ead972fc891ec7493ee1a0e8e1abf7a73f3b3f3d127ffb4ccc6127ab1a3927039732331914d380b22a70aa9d13fa59e75c562ba2af6b7f59dc7ff75eb248bffa
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD51069f98d4f1910abb015eddf801e0941
SHA1bd04d1bf6436b90503da3173328bae13185dbcab
SHA256ce711b16a2b2a12703dfa365d32953ab4ad66207be7f5d464b1a970dbe9e3a06
SHA512813fb818506ca2c8189301dd276ff5d476c771c2cf10cefc921d51bdf01c13756a91e48cfdb255b829f04c614711b774e28843c074a0f6d26c83d9254bfa64b0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD5c24f3145ebe8c411b62737a52af66178
SHA17b147f9ec22c03da8d4cfbd3b641a32606402cbe
SHA256b58e4f7d1e50bb76a3cb1f06d740dbb6f7d90d2b1c794a8453ea63ee847bd6e8
SHA5121feb4d5bcdba97719e36eea767e027723a008b9fc185ec6b449fb92303d9a6f638fc455c60f6f94af48d83b96a293a86bcc4895b68c4f813e3908220e023063b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD5201519bcef45dbf88875a1c9419cf74f
SHA15ad36c8ad34a013b5029a576dbc3b5828260a889
SHA256e9415d103cbe59ee99d2a34dd91936492cb2ffed1a957db7dacd75477ae71078
SHA5123a3558350e29bf36959228c90f6c6a96da756eb355deda9f6e80d8223a7cfb5998004e660d8e087b433ca60e3251763ad089ba375bad4cfe768246a4993ecbe8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD56d38ba2e6d61f2fe69da2eb12beed83a
SHA1bbae9f243757bbfd8626379158aa7395f51d488d
SHA256af90da03480533bfa87e41e24fea6f16a1502381b4af079f700752a319fc7449
SHA512b78ea71d85bcb0d45caedc5ffc3d6d66defb3818d38653cd8401e33083fdb77803f625f9b51a1cc7b45b61dc80cf17b3ef900a375922474abd5a20433907b6ed
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD5215f9ccbca8a4a209443b4c8f67b72de
SHA185e347863ba65d011dd19f5d65504f519457932a
SHA25668b0ddfe376de52c59277a5ece1ba9c0ba4d911c48fd3ba437e3a21e1f0b7356
SHA5121cbda8e98c4ac4003d6edcaa2c03a9ee61bbc82fb02ad13bf81a34463f5dc000232d8b68bed64f7e4862da28262010714e9ce17bf55a022af73bb95417fe9633
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD5c2b12904cea4dae0f03b6a05dbec71cf
SHA193e877edb9f382bef25584f6b3e35d8ab65ac74c
SHA256393f0c0bc2d743cb82105889619452157708c9c31484eca14c2b5be07e320bb5
SHA5121e24561cc6e9659ab4e2842ce2e9450698e2ac858d9d8bb1ccfd347ec2f97b422163535404c02a17f1e08f96238881c646d518a4c741bf2709d5303dd8f1624a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD5341b6edcb24ad4ef06762b3d64a121fd
SHA18f9310dcaca58c95330edee9aaa4e9dc82e4585d
SHA2564e4ca3c944a0584eb15b717f19e71c95b82fd9324bd0040f317cbcc440440ea0
SHA51284dffab3e27742ec511928931d6c5d2e618b81a73cdd011bd73c4837e2463bf6a7840b45a91299db084ab5330c501ca3256f1bf906a63c0aa5e827af6283d86b
-
Filesize
153B
MD546db4b6d8cd499d54ae597547b1dba9c
SHA101a61ca8f8a6f1ff65c9013f7738332b3b772d02
SHA256821f6f72e6ff8d8288b7d4cebf6d02ed7a7c5a18114d3e8e809e7c46e18292a8
SHA5123196d16118b2c2894bb8467b2a7b237076d31943b1c5a6b659347a1b4d9d6163221fa4ff7fbcef56e2e5c0ca478b5665d94b542d72fa841bc5f7241483baba50
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD5b7b19b4d532f89eea639fb8d97793c08
SHA1f143664dfe20c69156ef4e6cda396f69a63a2192
SHA2564677ba6dc7b8e8d71c6a683ac92b81187ed7ddd395cbdb2eff4562b1bc79779c
SHA512b33811af5265c8d75885af9dd2ba6523dc5cbe85ac9227c6919e8b7baf07e36f75c2c388850b15e292568bef88cccab4e0b117193f6ea8f089bffae7d2e2ccf8
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD5719bfaa736c141f647900f2741ac3385
SHA1005d0572d18a3479b7e1e1ba72f04ec8e2985fd4
SHA256ce27df36def3a350e2f0f09f2e91fcf9dc4e89f789f7c590233e8321218f8a0a
SHA5125c1c5c97412b2599ee31ad87a35bca91a0280447d78ff2de636d028f35769594a7f9064d7a38ec30a0429aee584255eb76c56c09c1152246037c47ee550c03aa
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD551eed9f6a9eaf7865d4a55d58d8fe04b
SHA16a7cd8d2e2b601693e4d3349f312340615e860df
SHA25693d1abbd6818941bb2abe119b8cc6b207600b7b5ed5b4015ca6e5caaede8a437
SHA5120211a896f7842ab5b60af02df5cea9e10331e9ee6f64b3e57f9c8625d4e6097d2d1ff1351fd1da544c476894f2eb8003078abab71f0539f130836ec83a6aee42
-
Filesize
109KB
MD59a63b790fd2924e904cbd4c9db616d48
SHA107dec666bafcdf4ec5b6070583578a5aebf33fb6
SHA2569b1942d68fd6ee9d2cd0b4e18e9140ef2d58c8cba39f1984b8dcd4725a74ac83
SHA512cde8437d1783d9e1bd6d07f22e63a29a5c0cbcd4ffa35fd647de4ea84115dc2de33dddee6cfe99e4348407c4416261173364f5ca7f8da336179072dc7bfcd2b0
-
Filesize
172KB
MD5a3e8973961446f148cefc26c27018637
SHA17f05812f1e2d405905c2d7b8f0d039a3d30ebb40
SHA256a820b3bfd0f600520420e3e050c8119bb1b6ce34e6bccaa3621ae68386230851
SHA51259843e7225b0eb57319e40de94bacd89da923ec463996fca308981e67f62078420304a004b54bd052f3dc904c6a47daf3aa4ba7ec75e84a874bba3f199f54587
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD54e0679cd2f8286c0211f058d8621ea47
SHA136fa0acb7fb8ede50f733d0182e9b2405697191e
SHA25640a800e95ee792c9ed8a3693a4f9aa2cceccafa5d2cec5dd72b42d3795b506d2
SHA51282a972b992760939e0c7ed4b6e780cbe92bcfda3e11b5106dd6becea61a6491a4d2b0c8e6427cfffb6a3142238f14771f43e834c6fe3ff476b5dc6f069394f3a
-
Filesize
49B
MD53334c887eec453788a70d1526b0320c4
SHA115bbfde6b99df5f6727ccd3d3199b74e4a8f062f
SHA256104e5f135819326b4221fe2661b4d0bd8cf90c919c890e8502174cbb173c6f79
SHA5122148f5bd1cbcd500bc66ccfd3578eddb6c2fa4295bb68459d6f9b4699fc7cb18e9dc98d585f8dabdd607570ccd1973af7e52b1348ee479689e87c43a2c0a6721
-
Filesize
21KB
MD5e4b8fca78ea7dfacc755c4449647393f
SHA16d4feac6a3d15b59f88f94f7e7382500dfca430c
SHA2569fb474c02d895474db86cf07810f2b4a87c701728206260b1beb26cdd96bd813
SHA512e6091a68fef4a57212598b0ab306bce7584fa309e918e5f53b1ef52e9cc4b4be84875d2647d627c2bf0d0495a8f503eff043bddaea498262fc51b580794ccaa4
-
Filesize
1KB
MD528535f883ef82e1a86906ecd2345b5d4
SHA14f12dd40f622d12dc53ae378ee4c1d6ebcd1f403
SHA256c830cf76c5ea05b04e8e5b213fc237cbd2b4ec0f4de2b65024af7bf71ed30288
SHA5122f8fc7042a5b79871d4b3e4c394da9a3b7efb165d8ffe65c06b49da56970956cab958f6c455dee91313c66f1c74b217f7321172201048e8d11863e65c02655fa
-
Filesize
952B
MD5661865435afa86f74dc99f2573de63b9
SHA1b418b0af37f0b6a8a1b5d6d81a1979964dc8584c
SHA25619da828d9e32d5cafd1091cdff45f1af5f9738dee75b0dc968b81bd07725a3de
SHA512d45deb5af59aea1ec0e4d2dbc55aefbefcd35c746b6190039e61432b2e661e7e650d9c6e99f73cb195fe618d90dd141a86a2e6bfad809e5cce6b7b6ee67fb1b1
-
Filesize
121B
MD5c98e3fe32468327627f3ebd32b4cfca6
SHA11e96b371fdf6085b97dcfe8360749476d7e4b3c9
SHA256ca4400499a6324ce4575145a482054f14e4a3e339f51579ba2981a9bed81dcf6
SHA512817f3b916b7c01c2aa06c5a139c18a749661863522cd1fb3c26725cdda7e7fae722fb97e10c5af852215283194f187647a08265420853fbbc6c7d450671570da
-
Filesize
1KB
MD5108af5c4b139d6914c0687becdeeae82
SHA18f2e15166b641e48fb0aaa5cecbe8c8d82619852
SHA2569082901e28533219c57a1021ab85aa504bc20dfb001609ae27bebd434b5039f0
SHA512a477709c7d87a533d12ee0743f255088ec102d3c56e0328631ce98fbd40e52da5d909491d0e85318bf89b633f6981dea81041584b903fe2562735d0a83c14e0d
-
Filesize
8KB
MD530667dac8165cdc85b894bbcc6f1dfdb
SHA133e360510c07a7fe84e6a331176de9534a1c20ad
SHA2567eab3697eba70fd8d8af7e715e3302ac0561f908a90ecdb1cbb62948cd96fed4
SHA51230ec21064907a79eb722908f105d8ad4e1ff3a8503b421b29fd6fbdf7e63c03cdee1a58009690d6dbd646cdaf449071bd28505ff9dfe17e024e7f2cdb7343257
-
Filesize
61B
MD549d99b0acecc371144b8fe0825ba3856
SHA1fb8f2f000ae686f9d72dabbaa485990695180113
SHA2562edbb6a6bb9bb513177be89a9e70e24110cee4fda1c2dfdb5f868c9512bc5051
SHA512ff434a62f7b704ea2ae8ad5799354d5f1f19360d33a4ea0aab61cb853d9ee3391259ef5749b2d34ea41fa7384281bbb8347c1f92c1b0504bd2d1463ea245e87d
-
Filesize
914B
MD59c9ef2280a7ff850be6798358762ff31
SHA1cdd78ad9ee9bd33f923dae73decfb137ee06c434
SHA256d77a8b3888a3402a7de17e4daf07c6b515c7dfc0e8eec8842cf665e6044e5d4f
SHA51202fb6732b14e4f06261b806ff8ae9732a301008c2d1e9541fc5a337ddc022d563af1bda10b3c5f4f1b499d17c277c75962a8d5d7037ecd43b623768cc2a17aeb
-
Filesize
90B
MD59ba71d555651026d387e450458ae5e70
SHA181b3825a151bcd988394ecfde6f37ffc6a8a947a
SHA256c62caa74b661573abde5ad026d9829d354863b302642714a86cd329419e12daa
SHA5129d4ddab3d56b20e3278179f435d47e7c710c1f2c1313c2f2502d012c9d2a0285b6fc030fda7d57ed8c355437b32e195b6d0e8c2ecb9b8ac9fba67debb2e56a3d
-
Filesize
90B
MD506003cf3be421fd9c68bb61265a6cefb
SHA1b28c9394a4c15fcebaf3691e9478ce7e2a8ce5eb
SHA2568ef94cd9d9ca63bb4fbe97dd716d5680905c9a5d79b1f2bf094257b6cfd57800
SHA5126a1b4acec6fd604db56d6fa421685c8cc8f013ba80f9c4e394eafe57be63f973a8e1d52cfca19f0f99a1c34615a8f92e9321ff929189df98bfcfe789c04aeb98
-
Filesize
328B
MD5d85be10b59158d76247b171115f50a77
SHA1ef42d2cb6ed7254d9aee66e638c71cf5feec8922
SHA256f21563ee15251bb56c536def8e0eace027d4bf13d49286dd29000a8397137823
SHA5129e418b8e2383156399fb2ee329b6873293e5f8fe48482a889a1be57e8e3e90076fa1e3b70f233d4ebd4c52967ecc1b10d533145dab072d8bed690a2ec44f1d72
-
Filesize
1KB
MD5b78b049f9cafd995f84ed27f5017c416
SHA1d4df735257686520c3b93889996f4366e38128d0
SHA25685c5bfa90e480a5dced0f44d1477ec1a324131dd40d2b7cda67d9ac4a92e9bac
SHA512153cd0ff62c6c72234d6183311a3cb4edac251b5e9bee201c5eb9403375d43c80ccdce76772ed5708f486220a0867803b0b7d483a224cac838a7b728ce995ef3
-
Filesize
162B
MD544062d3b54ef112d32075b499748d764
SHA186e889cbe8c9e0cd0def2c6cfa381ed1f33905bc
SHA256021076e492b282ea78d9a1224eaba079b6ff83426de2b49498f38592758dbbed
SHA512fbdb2a07587a180c21cf0957aa1d59dfedfc09314e0613907b380522d84e4c77350dfb42762142647a24f5520a53f8f2c94d121441223027c84ff953ccd83847
-
Filesize
586B
MD5dee4babd2cd35bfa4f07fae529b88930
SHA1c0bd0e4ab190b7584f37626bc30323a830bfbcd9
SHA256ddb5945a7665d7c307ce84b66fd0bee8ebe7588c441ccdcc7fdcd9c733934850
SHA512048214b53bb8ef6376323c7e9a899220cf7df12c61886ab29a803a6dde0bb3ad342bd56078a39171d993843cfbc41782c64b13bcb14f0211e5d5a97c48f3b159
-
Filesize
124B
MD52123c01bf4458de0b092f705324b20fd
SHA18c2dff16495ac0ddd43ee6eaa53079eb78ad3123
SHA256c01f6fb674ea2f43d83ea6f98baaa7502a25082cc93025fad4ad0fd9ae22cc02
SHA5125ec8725a7929be8c7131d93a9f784c7bdcd26f29d1c87c6603603d6d34fe6276068d97517aac71fd1e9cb0279d99d1b14a03e4b61095befc6f86cb04a2f2b60a
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD59b36ad691644cf7165a1563d8a98579a
SHA1e2827d5f29aa3968e86013146d37f878b8275dca
SHA256a069f5935f36d6097a0190416364becfa6b12afabe016d9f5a8f924c83340173
SHA5127af5ce4be1072dc722ee760e1a5f02e67ad651b7e84ca100820a97f79636f068f568cec0b8a09b7c850d7b972055b4e0eba8cf28de8825317768d82e433895d6
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD5ff1d8dd2649695a04ec74ef65ed16dbb
SHA146f3913c15ccc096735cc63d73262d67fde98676
SHA2566259944ddd6ba298f7a2b82bbdfab79a91cdcafda0507b7a3ad91afc160d8641
SHA512d304573300cfd4ebc353336c5f7a6e9de9e853f3ef3be0b110eb7663db0b04620958793e03e1d93299d7787589c1468007e0e32b41058489a8ad1d8d9813a542
-
Filesize
8KB
MD5df62bf62d33e33eb31ed797b4d0b53a3
SHA11a0e5667cb167bf36e395ada1fc924f23c82c1fe
SHA256de708f370ed352cf02ae311412d51c4c8ce34f76db02d6fc8533d05fdf17edea
SHA51222287c5b2b19244bad835c246e01c97c8ea22049bf5699c1f6ff1061c16088a777a8e773200d9a5434fc16889ba7a3cfa3e229f97a5c0ce9339883511c1820e7
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD5ca48099904cdfd6307015bcfe779745a
SHA15e0bfb10068a06e023291cc76d8b8efba6bb6b91
SHA2563f9767bb6401cdc3fde0207ef97b8a283e599172f94289bf4fa848b666ff6dfb
SHA5126567ac6bce8f7a0e6a650357182c3bbe067c47ec1696454477d66ce75aa1459d595d0c2610ad54d04ec3ce15ef1991b3f15088edca7819cc6915378105b2a400
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD5d9f5d498d9be91074e2f0c8b48c25a11
SHA113f4160ab0673285580f2c81bbcea7030c03d6b4
SHA2566d59d0cc4a7e445f500e7339a1d9b3645e8b408ef1416fcc26e567a00394a5ea
SHA5129c8c8c07f468907ed817a342f0b30d12e5ad8f8a544f0164fbc7d820f443ffd50feebcdf949fd10cb5dfafd915de775f6604ae5a43851faf34da5756aa93941d
-
Filesize
880B
MD5ac4315e05aaa8da695f76cd9ca59b36b
SHA1092d92aed9518d4b4108fd598d274454ca952eb3
SHA2563447a839f0aafd23e3cbdb8157ef3de06aaada330c87f91b0f205e11a1eb5e85
SHA512596f282ea247be40b49b9fcb7e95c1f9cf30bb1400968d53ffb4f1a0ead24714d8329f782d7dc3441d6ac6f9ff0360fc91c23a8377fd995137ebc434cf79cdf0