Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
03-12-2024 09:45
Behavioral task
behavioral1
Sample
bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe
-
Size
12KB
-
MD5
bccf3b5b099987275fc6d0e3f28df1e4
-
SHA1
d9ab8bf322b41318d22bbc0abe39816396f097f1
-
SHA256
9b2f35d6d410e85bdb216d401be95fdf1b1e949120858921e8b4a4f06603a25f
-
SHA512
c1af0cee17d34d72d43a2daf3eb204be697075fa858ca6702fe079a88f3bd13c59cf6e441f337640595dc884e359290bc105b288abfab00b2ee9e6093a9d76d4
-
SSDEEP
192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMd7d:eebFNw4Pk1itKkpAjjI2Ypdmd7
Malware Config
Signatures
-
Renames multiple (2219) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\W2K2m3v3gt46wif.exe" bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\wiahp001.inf_amd64_neutral_aee49cdf3b352e58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\bthspp.inf_amd64_neutral_1b15060bdfbd09e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mpio.inf_amd64_neutral_0c74c0f95001b61c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wpdcomp.inf_amd64_neutral_11bbf54c8508434e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Return.help.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\bthprint.inf_amd64_neutral_3c11362fa327f5a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_jobs.help.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmboca.inf_amd64_neutral_cc532ed7b3b5b5a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky008.inf_amd64_neutral_9f6abc54cbf095f2\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_requirements.help.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_split.help.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep00g.inf_amd64_neutral_2926840e245f88f6\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnhp004.inf_amd64_neutral_53f688945cfc24cc\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\BITSExtensions-Server\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_WS-Management_Cmdlets.help.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky309.inf_amd64_ja-jp_afbb421e3dc1cb6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx002.inf_amd64_neutral_12563574abbc36eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_neutral_0383c5de75359695\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnbr005.inf_amd64_neutral_9e4cc05e0d4bcb33\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_neutral_cb8fa151a7b7cb80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_neutral_9b64397618841a19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions.help.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc4.inf_amd64_neutral_310871d800afa82a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Ref.help.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Quoting_Rules.help.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Core_Commands.help.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_neutral_82f4c743c8996d67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_scopes.help.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky305.inf_amd64_ja-jp_4d77cc4802b17ec3\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_output.help.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_amd64_neutral_d2425e60845d17d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions_advanced_methods.help.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_arrays.help.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hcw85c64.inf_amd64_neutral_96b71557b416d04a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_cmdletbindingattribute.help.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Signing.help.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmusrsp.inf_amd64_neutral_a44611db70783ded\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Break.help.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_regular_expressions.help.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\SysWOW64\AdvancedInstallers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmdsi.inf_amd64_neutral_e77f438012239042\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_locations.help.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0804\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_For.help.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Arithmetic_Operators.help.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky303.inf_amd64_ja-jp_b054bb0d59e0a3ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wiabr005.inf_amd64_neutral_e14a0514f37611d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_CommonParameters.help.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_pssessions.help.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky305.inf_amd64_ja-jp_4d77cc4802b17ec3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wpdmtp.inf_amd64_neutral_28f06ca2e38e8979\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky306.inf_amd64_ja-jp_97f0de39317f6837\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Unimodem-Config\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_arrays.help.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsMacroTemplate.html bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\settings.html bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21298_.GIF bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Welcome Tool\IconImages.jpg bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_docked.png bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Photo Viewer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\BUTTON.GIF bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPrintTemplateRTL.html bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099199.GIF bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.PPT bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\34.png bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\System\msadc\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_120.png bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_right.png bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_initiator.gif bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Groove.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\settings.html bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\22.png bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\FreeCell\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\ActiveTabImage.jpg bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099191.JPG bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02758U.BMP bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\picturePuzzle.html bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\System\msadc\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Program Files\Windows NT\TableTextService\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21399_.GIF bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR28B.GIF bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\HORN.WAV bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\ast.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Flyout_Thumbnail_Shadow.png bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\18.png bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePage.gif bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-desk.png bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\ehshellLogo.png bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\THMBNAIL.PNG bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent_partly-cloudy.png bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_OliveGreen.gif bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Program Files\Common Files\System\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1250.TXT bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\PREVIEW.GIF bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_over.png bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\PREVIEW.GIF bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\amd64_microsoft-windows-help-medctr.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ea00975d53d7502c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-soundthemes-raga_31bf3856ad364e35_6.1.7600.16385_none_2fe300bf8e73cdbd\Windows Hardware Fail.wav bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\2bd538d545e15452202ef3b41080e2ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-b..t-strings.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d0d92124ed9213d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_black_few-showers.png bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-trkwks.resources_31bf3856ad364e35_6.1.7600.16385_en-us_41942cf49c3060e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-c..-migregdb.resources_31bf3856ad364e35_6.1.7600.16385_de-de_17979c52942a9094\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-g..licy-admin-scrptadm_31bf3856ad364e35_6.1.7601.17514_none_d370f9aac313993d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\Web\Wallpaper\Scenes\img26.jpg bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..providers.resources_31bf3856ad364e35_6.1.7600.16385_de-de_834abd744e95dd25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-printing-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7d56d2d00c3f7e96\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-shell32.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_5a529eebe274363c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..etpc-mathrecognizer_31bf3856ad364e35_6.1.7600.16385_none_14416949695504c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\x86_msbuild_b03f5f7f11d50a3a_6.1.7601.17514_none_558f74866ddb8017\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..-multimon.resources_31bf3856ad364e35_6.1.7600.16385_it-it_845000fd0a08b2dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_es-es_847b31e13926c41b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\msil_sysglobl.resources_b03f5f7f11d50a3a_6.1.7601.17514_de-de_0b0b62211ca2f6f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..temclient.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d214d43964ec3fe5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-w..edtracing.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bf58a6bff93197e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-b..core-fonts-cht-boot_31bf3856ad364e35_6.1.7600.16385_none_1a0b146e42cd86a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-soundrec-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c66b3d818988d0f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_usbvideo.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ff02be6f0eea6bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wow64.resources_31bf3856ad364e35_6.1.7600.16385_de-de_30cb1fb758eb2270\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\inf\Windows Workflow Foundation 4.0.0.0\0011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-upnpssdp.resources_31bf3856ad364e35_6.1.7600.16385_de-de_52db6a1d49fd646a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_server-help-chm.nap.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b7b934071b8ce21b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-p..i-printui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_06daed9332b65307\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnhp003.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5961d25fece1b48c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-00000442_31bf3856ad364e35_6.1.7601.17514_none_502e001aaeef70d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-capisp-dll_31bf3856ad364e35_6.1.7600.16385_none_d1de960a9e99a4f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..epremiume.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_bba5b68b615e448a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\msil_microsoft.web.manag..davclient.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_dbbea82761cb5289\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_remote_requirements.help.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_black_moon-waxing-gibbous_partly-cloudy.png bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\ehome\fr-FR\playready_eula.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Services\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-w..ment-core.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1b2289506fb42dd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-azman.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b40eb32fbeb18f10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_83e158203bcda198\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-transactionmanagerapi_31bf3856ad364e35_6.1.7600.16385_none_b2cc41b2eda92244\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\x86_netfx-csharp_compiler_csc_b03f5f7f11d50a3a_6.1.7600.16385_none_d2fff1dae966863c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-dgloss.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_46a839074281b21a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..track-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_63c02bc724d1a0c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-tzutil.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d3a9f1bfa3579532\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-e..atibility.resources_31bf3856ad364e35_6.1.7600.16385_en-us_85f4a683e5bbc7be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_044aad0bab1eb146\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_msdri.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b60ca1af7c58aa75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_net1qx64.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_683cd0fa683ff904\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..tore-main.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_22c85ad69032d3f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-w..e-utility.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ff337c5c22a2bdaf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-g..tallation.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9ea5d52f2f6e355c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f4c280f4fcec33c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wwansvc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_829b3b2377ce705b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\inf\SMSvcHost 4.0.0.0\0416\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-c..splay-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_27284493e4df7d0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-fde.resources_31bf3856ad364e35_6.1.7600.16385_it-it_772736a4dca871e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_6.1.7600.16385_none_db04d3f548508fd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\play_down.png bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\msil_eventviewer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c9ce1478174b4dd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_desktop_shell-gettingstarted.resources_31bf3856ad364e35_6.1.7601.17514_de-de_f19bc8fa019ae1ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnca00y.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_06d231950a14f88c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_6.1.7600.16385_es-es_02b53e1d98470ee8\erofflps.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-i..converter.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_946f709feeaef639\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCABMLGRUFNROPY\shell bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FCABMLGRUFNROPY\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\W2K2m3v3gt46wif.exe" bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCABMLGRUFNROPY bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FCABMLGRUFNROPY\ = "CRYPTED!" bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FCABMLGRUFNROPY\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\W2K2m3v3gt46wif.exe,0" bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCABMLGRUFNROPY\shell\open\command bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.Skaype agu1237 bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.Skaype agu1237\ = "FCABMLGRUFNROPY" bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCABMLGRUFNROPY\DefaultIcon bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCABMLGRUFNROPY\shell\open bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\bccf3b5b099987275fc6d0e3f28df1e4_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2500
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
287B
MD5131bdd9bf2adb03023bd15badd3a6d60
SHA1a6836578ada43633ab42012b0591c35bafbf3b1a
SHA256976b2f53a7111775e6a78f0e29e2fa9eba7c1bb1397088f25fd007ad4611dae8
SHA512b85460620a61753f8d8a9a94e4ab29a1e6ba88a12cfe9d965a707e7604802ebd5819790b48c2ee0c42d98fb49e3c74cbbce1a6a800214487ac7572ccc16e8fee
-
Filesize
341B
MD5573d31af707dc2d2ec1c9e0d3b73aa8b
SHA1d09c8eb6cf9c392d3f3e97484923fc1a8ce51880
SHA2568b2376869b91357d500f544387d803e67e4f86830a58effc82e0166f50453bb1
SHA512268c9a5d76a61fd2761f9226211195a6b446175bda04563d204efbc564f4539fd815ba0866766b6c629d7fc8df13c34d441d15f5f86a909df5c95393d5ea1bd0
-
Filesize
222B
MD5a5451432717f72dc4f2c49ee4c5489a2
SHA145553857d98bc2c7f1ee9a26a7e524cbf1c52282
SHA25671b04e5ab531eb587ed4586d1b8f6c878784bfe8eb5a1385007c0c3f461c4db8
SHA512d94fee0d5e8cb5713cd2a0753488147a6e85f47e396d22d4d5001e4853e64879f04d72fe054fb026fe6ee927f844aeae98979079f66a52c4b12b931a90efdfab
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD50208a18fb28e65286452aca669e6e1f1
SHA177838a4ac22624eb2d171f9f95581968a364ce87
SHA2569f101914967f188c92eb32631d49a0389d24e42dd7fd6d85d2dd57fea922d0db
SHA512a8268e66a7558c7f6d309288409105976505f0bdf944af8f4b206bde0b634486bf211fef0e03acd8275fcc1a76c23795b5de14167c73bfca160222058c8cd299
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD51e611a7c8168f1b0c1727d5cf41439b9
SHA1975c74cbb2bb6e22aa5036a384d4f90ea7f057f8
SHA256199943f19c551810c4f5b4f1cde2908b88ec6e21b531e491209628caca99d1d5
SHA512072e696f8cd1ec672319ac79331b0ae705e891458b348e33ecc78b1ce392ad6eab79b0f1792f22fb754d66c8ff4ac5b101a7719dcab2cdf7aabf6e1f3bd44f65
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD50478648ec9f4ea5bf2449eb3ac670637
SHA14b6955e73ba1d13c53a9cee753bff20e5f3f46ee
SHA256321c0c107709d62b76be82316939999ab169c9868a4bc88c52b6b3a8d4988e43
SHA512aa0cf769d81d47c411f419a59b75fac0cae8ee70c4a57bb70f30ff4432302da182df7f59edd26bbccfc5d8ee25a5ca813e51e9cdbedebc0f150aab73f8050d3d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD57cceefff2b3c16aaae9b304fdb76971b
SHA19e49a63f5188efee7f8105db72e85ad329451ad6
SHA2561a1ad96a082191543dbc9916d51fee63ca0bdd52595964ca2559df02149a3c11
SHA512e96c6c5d1b7c62dee7be384a07b2a8de0d2d16a680cbbd727f4092d3b9b4e162e866481614fd11a5a0d7386950c02771b601b223d881a4d97decbfcd7f0469e9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD51733c8e0fb1e5f2ecfac3bdbf33f9763
SHA1d720100e926f5f48f7cdc0c4fc994009f22ae72f
SHA2567800d1b174cd31bc69c63ac58cf9fe3e5f58762c440aca40b6a449712e1e6a50
SHA512fc764163480de72dc8caf7e192187e911d341a76c46598a980486e87af1800497dbb9382a621cf0b6ca356a76903cbcc20aa2e2d2f562223a02cbac26069f928
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD50aa764c70e68c36cde91a310156cc15d
SHA1b81f99331290895ca6da06166d18f4fb7703326c
SHA2569cc50cd3efe45265032c23f8504ca1ab4933d23c74a75a428370b7842f16e488
SHA512cc6f2ed767129465122d2e74b684f4773a3844a4a42db25553c60e91a5c445cfa51b76b70e975f1e120ca5d06d12f6909f8a7864cba388e8ed74fb5cfc50eafb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD5af331843bbb1076bfab1048d250be6b3
SHA15b326570277b87eade9dce21b4cc1b76dcb40339
SHA25687952178ce8e903a3337f1f4f77365c843eedcc30cbe501751cff720993ef354
SHA5121755fe998dfbaa8497ead1ccfcd288ba9cf8d8f18415915ecf7529e1466218b8141daaeb102a8696cae78a6ec97b77140f184b4c4fd34b5b86773e6395fb2bd2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD50674ba8b3f4e7352f8f09ad746981060
SHA12752eb37c2e60fdfa21f3afabd3115ed6c47ce34
SHA25637529fd5a04d97a49dec76cbd1156d77aef707a323d36208fedd9d53da1f8476
SHA51239f6414a702993d891624e79f079fa657f161be47aa59ab7b06d5102f8ef98e3639847b05ebd9c6e1bc79eaa25c18b27db8ab6b42983f7d905077c9d8602cdf1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD5f02b4482d130f27d79061e3b59a5f8af
SHA15017c3416f7d2acda0c7470d511a55d4de366cb5
SHA256e2c1692aa408e0f8bc2d594404deb3a796d4dc31ab45af2d245750068cb7deea
SHA512f3140bac0b0913e232bff2cf97832130a1d8fab74e2ff123f1f4309cf47164b4457990ef9411ccf530533e717ae995e8627072bba3c6248c29c0006561cfe8c5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD5209af850e6dc9a366d6d8f0b5be6616b
SHA15f921e396b427ca3cc3137363a592a18c657917a
SHA2567ccb08ebbb28640d356df4c1b4564dc038b79210668d9c850d16e4f1957b76bb
SHA51282290e296317c1c5ca771feecd29281b693cadbc6c32c53445c460e65c1acad4c496d942ea3373da99611211d64c962a689c594dead648bf629f2a10f2fe0e64
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD54d2a5a846ff3787d9b0a44d40e16bbbf
SHA157d52ab5118c65eff3671a02df91583a2e2501a9
SHA256b912f81e2b272604ae7cac9c37429e6e5617b120704f0bd7f21a3251c49ae1aa
SHA512e73510aed936f24d18afec05dcf41216141f5455df078c6cb4bfd3e330b9f6e2cccd4b7906bacc0fa10cbd42c8a55e4cb62fa83e8a691af551fbcf99358e1135
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD51e89185a23e53c2e3f56e8c3c2b985c6
SHA1cdd9b05a3028877556ac75c2f46fecfefc95b723
SHA2561ffd69277e54e6a4f78a217c8afe89f36cd29bcf9c0f010c7afb3e532d856196
SHA5124e76a9e9881066f43c8cf9a7478bdd7db382a3efffa78746cfde7ccac822eefa2d76d5f505be916c0a219627bddcda12bfcde21a68b87098fcc90cc1e76bb195
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD57bfdf2c8c46af19d855a1cabf413fb2b
SHA1880dc74d3b9b76302782a1596f7c0f5c39077f58
SHA25611de3421fb6d8fe25bd12e0458fdc2dedc0e71d3312dc3152167afd65dca0e2f
SHA5122efa35a2b2d4a3b154e18e95623c0d1a3f1656de44f80f69129a2a3e0506234475a71691ebad18359303c7772df0f1d7949756085a1a7b7dd99457af8f9bda03
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD577c53bee9f89411c8f102649abf6fff5
SHA1accf9ac0d5c20b0524fc9a167e2155ec2139c769
SHA2568b2e5aa8b971dbc127d1db21b951ceff8db702a15fce0853885629448d0e94c4
SHA512c4d19aeb470059d19cae29d9ce55c4bc6161a0253e12ad89fb2972f196ce3a6256accad073daf4b015c324f78e5c5e8273ce62906744f0d3103aa5231e9348dd
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD5e7cd78e4bd2d75f18a5bc05460483fd5
SHA1484d4c047eb4b918dc8046e2173c58955b60e37a
SHA2568b4bb3e906a8567bb0ca668fe38da6bd708548eff810b2e87a982ce6d0154c6c
SHA512c2d760f3c44ebe3e0a96802e68ccb8dd412fc8633c6819ed82246412e661ef261ae8e90e30783e9438c96f192388f50e9750d94153d5dbacf2e0b1c603f53c76
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD55f9180eed1a0c7376d5b952dab45c615
SHA1a0929230dad3406e0aa2de7dc26fefe735c25c67
SHA256b4bcd946d5c5e6641e43eab52c78d6d9611709cf73a672059a52f3aaed9b3f6e
SHA512849f68f7a6fd66dc685c9485899b2aa018c5bef637275358752eb7435c68a353030442b3c01129e2fa9fe23781d4aa293722b59784455b4dfaecae22964248a0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD5d279156e8adc35277461f281625dcb61
SHA1661ba07d1355c0bb32fc958ddb149761f7089d94
SHA256efd23f069d71d331c06b93d43360347d42c0f9d589a34972878c46e6623e44fe
SHA51239d648af5011d762c12afa0d828dc07ebdb01fae5410991c394288cec79ce635298d6118293154799be9c2c9c280c61aa30e05711a87009991d582863806883a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD54a6c673a796dbeed46e56a7c530d8b89
SHA1e710c8a54e68fd0eff60be2ccdac98dc04f7bf97
SHA25610f32d43fde06cb10d90d638cd7523d836ace5fe15726e3338d7c207c96d4be0
SHA5123160e5f474a092f526bcf9a3e5ea593a9ea54aa468da0eca1e3a636640ce80b16c2bfea11fdf05ceab6c9aeb9cb7350cc8c23670cef46ae0fc4e488c1d37993d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD5442b5e3d2293a54e7a09730cbcc42a8f
SHA15e78aaed2f70bd66286f2900de4eebc4745c05e6
SHA2567f56718f5fbf9c7b7c6683cf0e82560d655eaf4946dfcc6822b1138018d0064d
SHA51271a8c30883b15bd11429acc76508b50a6a950f64d5d06cd76ebc2885a519fa913500601428d9a14702951a163d5b4ab5eaffd848f7062a3eb6cd9ee67071b41c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD573e03e5aeb7216a0a65ce962bf684880
SHA1cb8817968c5284ff91b306f911f32bf0fa9aec6e
SHA25688800137051b15b0508ce551501c9b7a8632ebe0b020ea36e859cde80e9985cf
SHA512cf838f214debdf4c3e5e3720b202dad8e96d4233b15a256e90f62ba1ec6ba1481e1e84ae3a09e44e9b09c2c58b24d9b1ecb5b47b372dab76bf6da70dce4147be
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD5a771de222bf270190d4ab12e62fc3330
SHA1eac376b1f1952c1fbf8c9bd29b21c07de01511b3
SHA256a9c02a2a60d91fc6a087d0f8b2fab4762a37b5342ad01dbaf3d0929099209d8a
SHA5125941c87d0f0901c671d22a4397b0d625b5dd995ee69c3d2912e4ce8097327b1aed6144bb354e33cd3fecaa6f60dd5a88ba71de56718b708a4cb703607f68bb36
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD5f879580ceaf08dc2b4fc2fee636a3df3
SHA1f9bb576ca98973e616e66bce59b4201d89c6959c
SHA256b506be09f50d4df484357c6649e482e5da4e4bc731a17f7f31d7295266a2657a
SHA5128daa4136d24e7706f9cca1a65a5188fb120ca3628ba9253ef18736a234730435fa6b36df7f0729321e214194ac225d66b8f901c1a21e831260d7b136268a6f41
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD511249e460550660b1be70d62eaa55455
SHA17894c222ae9779d31697e45b08af2e8a20f2b421
SHA25685555d397872eb6f2d36d057792219ae71a15c805c3f30679d5bcd0cfe642abc
SHA5127d434b36a5b978244ea717b218910fbb5e18d4bd7f35ada51d01e57f19cf19e273a97898199fb0aa94f5bcd5a35c0e0f27d9bbe8718a80c1dc85b53c71824ae3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD5af089db26d403105f53bdd8a20baa3c4
SHA15fcbc2d7b20e6c4d1ac3e4247e65473b3b96905a
SHA256ca3c3f2e945c60edb599d685798de3badcc279ab0421461f252d81ff19d72471
SHA5123908900b3118344f4443981d6c5b62f841639bd4638d36103cd7c6ae9ff8d07ef349c8ae0ea12d6695a6893dc292c38ff7fa5305525a12b11577ba725e51fa8b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD514d503a23ccdb32cdad03e52cc33e36e
SHA13407f9bf13d3e7ee5bcdc28aca4d18e300ca5bee
SHA25674d0aba432bb970036851b54313c5f63375b2d3590c5e680f7083530029cfdd6
SHA5123cc2588b5f6fff6cf39b73c5a332075ace8e5e02fa626469986d9fbb0853794d351511614ecb63219a81fb3b28e89d35a048fb192493c0b8a1de968d29499971
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD5e8c4facd394e69fe248919d6d9501793
SHA15ea513cf2bd1feff5eadb1486abdce740d56a28b
SHA256a63890675d975e9e55f1f85aeabf7ea7572251f912cc2beb79eb6aa04bc97a5d
SHA512f7680f889defe043b4d1f49987461ea8fd38d9799eefac7f5643cd8196d563b3abd23fc8afa1d83d7e7a64aca832674dda0c269b2c3743801e4a1db0453bdb56
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD54a3d3fec2dfc67085c03dcf15b42e2f8
SHA1bf879089df8f0c83b3b3a9205f88d28b319d10dd
SHA2564ce4c0b4a9aec6b7997e60a33e5a540ba3d77d17d053bf827e690709a886c867
SHA5129a7b80b1a30320ac809eee48ebaa104deb8b07093de5aadae7e166846b4a311c235f80d66b71b8d0b56ca2c7a8e33a0faef483e0a710bbc98302f043b593e4f1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD5acb83bf2c7f37a85c97cf3d4b9ec116c
SHA1a112398983cf1d4826c5f9726441b2f2edd39575
SHA256aa51e87d18ad78098e75b3d0a4854f43d65be539512e1ca53d54d7af0ea2aeea
SHA5126c9738e57e25b90befcdec7da92951facff3842031175267ec0050f9775710100453c70a4ab26c2b138be62ab16625cc75f79dadb87d96c36c5269b4c15a6971
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD5363619b042c809c00fb12ad0f953d177
SHA11145eafef7ca11ac12cd222fd6c48bf0f1f14ca9
SHA256313389b3d9ac52a7ef054dbb4e39318b88d9e551164b63140c773079a508e4ba
SHA5126b9603f1c6878305b65f761779fc431877e39307a513c7993931f57e213fe0efac008ca6aa478017e9ab5cc75f38e85f51cd81bafbaa7744ff1223f1d2cef770
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD51cfa166d79ade4d30001196645fe6c3c
SHA186612820b932f763b3ec7c8bbb668d8794275c9b
SHA256a2981bf4f7dcd8543ee31b03c01dd9b40d28ab9ea100969abaa550bf420b380c
SHA5120242e1f14152c164af113ff64222af360911ee44f4febc51e47bc7a3b8642a5c2f9ea1144510aedd77ed5d35d0b1dcb718f376dd75a3552982d2ab5b2098656a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD53c783d5aa35d2914bdc52f8b22abf21d
SHA15648896d0b843c4211053e67c50cb252d6a7a47d
SHA2565e7acb903ac3047a18c5fc1413164fb74d49eadedf007c8f347c40b184b4e1ea
SHA5124693aeabc684a9e58682385c089f3fa6d216e7e1ab636e6152c74c684239b74e8bb1b77d9f41e310e1a66be3a1d833e3db79ee4fee6aa7abe62def201ec203f9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD50930578c556428fd59596d7bedc84626
SHA1b22044ef38d5d527c785737af8c5fdb8ce0b63ea
SHA256f64625e9a574185fc9816b4113ad6ecf5234f4c767e20573dee7d074a3e3e28e
SHA512baaa7150cf4793e299ef42fa43b87c0a42220346637e3c05ad965882ec5bfe1dd143466215d26b4876eacfc3272572136abd9c208aaa135e52aa27822ceffa0a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD555004f7e16ebbd1c95f2a3ced312282f
SHA110dadfe9590be0775518c0599d5ae5dfab23d6eb
SHA256f9b0c55a9163be879a2a027ad0b9ec996295246fca67d66d2bef1b9329a88ae0
SHA5126a485ee90030473490913dda5a09601dff5f8b7cdceefe5175e67097c4cf00b3a7b567cb7327af77d346d1220c77c083fcc3c540f0c01ab6e81031e6d3388ef7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD5026e0bd5c5385462d0c64bb71252b8db
SHA1502705d4d52c7384932e76618b18e097aa7b7bd6
SHA2562cd8a01056289c47afc23bc044353845e375e6b68a1fff525f911ec0bdb96093
SHA51221226258b67067925b5348592fa54a166e408e3cc56c89dcb89a730214824d1bfbcb175df35a8bd21e56c007d2f16b8a0226faf17925f65c870e23188927f901
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD5e5c133562d9bb26017210ea7548c2e90
SHA10a8cdfd6457b47ad7a50ec78fa614feef5b7a62c
SHA256e578f3be8dd5ecd620c1143b6add379ea9d2c27f403feaeb834c5676dd8dc160
SHA5129ec3e3a13f0ac5d58fd18d355ecc953eb5e32a3bf5667ca6eced3239aeeca0bf11e232f0683bfba854ad4e3713a1ab0062157c5952e93b299754036030de2afd
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD525a366cc1eca05a4c0f134e61d165ac4
SHA100ee287adb494c9c5ebcccc86be5c225cc88bb0a
SHA2560e663ef405ddee39ce7810288ff5cb37a42b1121bf7f81867dc7c12cefda02fa
SHA5122486254095e7f4768b44ccc8a26bc4ed7941b38b3141bcd08f1ff50cff13ecb8c96a2ae86c4b0b97b8e587ced0535c82ae9a58768d6a49d187614fa46ae4ffe9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD56049b8d104f8ee0e2a9d09a66b926eec
SHA182b3d8a02c6e52c3339bbad663821164dd3b46ee
SHA256cfe3dd238dda26ec819f51ca476638f0b1860e6d5251b12284fea57ad7a6caa9
SHA5124094d584ad8008c5fd8af2c1438d213fe03e5e19d796c40609f1917a7f2d7ebc9e4c079f1e7dbe0afef7b76fc6571d227a12fed8546b4d2f6331888e7731040c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD5b1bd2d3df2c5506f431240f1580cc9e9
SHA184fe73e232e5ee30049316b73d8b10fdc09969de
SHA2568ca307887465fcbcdc3d34de4f226c0bac7818102a1ee617e919474bec6abb5b
SHA5121e1fef571d8c96de68fd7edf27a40fd8a8e4fb7deaa2314eb836bbd4a97da4d6eb9a39316666571a43c9ab64ab7cd493715f8be0c353f2637d501f96b26889b5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD53db45212cf55a3a236edd5f09764211e
SHA18090f79dac271bbe45953468fcc0f48518167638
SHA256d9f975f08b4817f0c64e95347f5c10a14da2d9715a7138746db7cf2a5011b2d6
SHA5123a0d83f658fda8512c6411be805127745f9fab64b3ea5be0dced725819b38f1cceb5cef48a6aa42f8a1c0db2afaf5c8c64464bfe6b6fee3e5273e1f05e9c47f9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD59b33cbfa0d2c8cf5ad0e8711ff2613fb
SHA104b5b50557d252b4a158adf2c9eef08ab2a9ddea
SHA25686282dbc21dc75cb8920f51a98b38a87bc18eb5fbcb05a5405d5dde10f9ad3c1
SHA51248e2177085561db829658e15784ebf3674ababe895799a75ec12039d488919be075358b7c35cb0e861c0c299cba13ee4c11d82d7214afd3ea952b7189c5c1f6a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD58b7ae166a5ef8abb0df2ef39a801e26a
SHA1e0e840c893683a2dd2aec7f90292f3194cd4eefd
SHA256630a0ebe51b6e3424414a01cbe48c754247a90a417b202103e419c51a31def5e
SHA5126faaa8d41d7e778d8c78e9b1f973198a226b2b1fef84b7a391743aa9a3d8dbc84de3d4c9836f082e561c0c3fb3a7dca6b9cf2f39ec8b5122e072fe73ac160667
-
Filesize
580B
MD5d691651bca8fb32acfc917b161df51b6
SHA12a90710933778b3e0a4539b801a94e32c1321686
SHA2566c9f48a2ca1a298a20001dcd0ff8a6ba2179a9781a59bf9519c5dadc50124ce5
SHA51263cee837bc8b8408bc9bcb0147b171b45b2cabc32f5a97837ee1d1a28d0ed9f08417e9defa992e71387818fe77592ff34fb2458f44a4e3d346bf9bf7023d7ae6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD5658aaeb46d5a423590e4c93756dfe9e3
SHA1e2cfc38b9af987551bc4037b2b379d5f03c41781
SHA256f0532bb2f655e206c52b256d17ab04115a7a1aacf27b09edb562bc51b012d634
SHA5129da42af28015cdc33f51b68759c9a40015b3485da42c1328aded3d2f446f1e04851a515b04b75525e8d920090ecd3692cbb780cb6fd8cc322f8ccef4d3c33706
-
Filesize
625B
MD5821f4b9010252516529cd73d77ac77a8
SHA117961fe3efba9d16fb640d9297d1431c44cb5c4e
SHA256a6364c139b9e1fac69412cea924bb59e6a0c993551fcd88946ff3df06351e18f
SHA512a891040ca670e08c30340b798d5440ed14177cc9936d6c188a85aabd6cab988fb98038f148445625645b59bb473b799f32f8ad1d7ed207a6e2e247ff7d6f3cd1
-
Filesize
873B
MD525c914a3e281c84c5ec1ff37819c69d1
SHA12faf0e476c7d1873024d5e1d49dfd4502618134d
SHA256dee91820012ec7794faf98890f61baac8dbcdb7735a7cd0cf7413f65dbc28835
SHA51261a4fdc923be2ca0cf6ce4e0507f876ea4916a1686a4602aef656c90007b62ffa3cf891438f46f4324e5fdbf7e5a1c7cde84a67270221bcf7bcb567432ffee18
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD5e01d6a1e1f54502f2a10a4df60b0c264
SHA1a1f7994906cdc2ee7d1cb9a0c7e74773bd465a05
SHA25622159b35a814f67f80a5a099aa40c315a970c3aa403265a36c2fc08d5772b25e
SHA512bfe4dbfa83cfbc572a6c80abd1c12ee8f398544715b5c360784e0ac1473a1d9be4ee9e5186960241b2820d18c7682f2f00dd7a5c14c2512dfa3572ab87012d4d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD548dc42ed05eeb660310eb3c53d66986c
SHA13051c16c259e9a20f2a118efc2f08d37380589bb
SHA2566575623dbdf7204ad66afae5c0ca3f6daf652ac1ea24bb6cdf249659be991d16
SHA512b6c0dd6a3c8a2e3641efcf34a1441b831afe643d315d7ae4ba750f5bc7c9260b0312c9f286cddb179d86d95b159745e4b7f532991751013caace45e564c42db5
-
Filesize
615B
MD52d692a1b963a20119628e6114cd90ace
SHA11549b2ca64c9e5f7e49b4c5ae27a6e02786699eb
SHA256d5a7784d78f3b0d69402d7ba9a3c76ac029609ca173cf9d0d389ec1ce4261024
SHA5127120497864998f592ae11307dd7b104028ef99f871ec94a4bba01c6ca3f46edb3c3a17b6a8f09a1f80fa51c430c239ab42afe2ca46953d32447fbe82c64c3353
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD54d59e8e7982b8bdcb457f05b1e0a1a3b
SHA139ef85064c00254f3dbd2a0caacea422b60e1c9e
SHA25637a39e89ae7ca92a46310b70a0b8790804588331724a16844975875bf19e356a
SHA5127751940ba67b4f58dfe78f38e2ab5eb95c348b89602c9463cfd5b64ce741662693d93d6d54a6348ecf09ea0e7d17876136c27eead5911575a5a24db237b1e2b2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD5247815c1fd7c47edee58224991426111
SHA170d3e590fdb3f06bc1462ae8e553323da869b600
SHA25649a7e25accbc953dac9947c2d0a212bff24c9ed1a51d3d17663095c179cabed1
SHA5127445808f63bcbed8ca42e4a392960873b686beeed569724f45343b65b9b2f3a4f4bae05b5df0a8a36c84aa6f466440cd814c960b1d9b715cb0eb56c4ff831b5f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD58395ab659a053f4c0d03559178f7c29e
SHA126db3622b12e8ce4f2598d01ee9fe82863e0660a
SHA25658eb995f0d513e8ac75eef756db57b10671e3a7edd79970778752c8783eb64d5
SHA512446f7508aa7633b1172c85e24192fc7b425d9d48ab8f80154624ae4515f5c99acd5dcb4e8df43e971bd664ecf212790c6a3c28c0cf3bc45a9a930df3de14f57d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD52be1d0d0151b784c29c050af559c02cd
SHA19469b326aff7457e9888e6cb28e7ca308e407d4e
SHA256c2e94d4feb687c4e359f6476d1ccde8ade0645bca335c4cb9f2449d143b7459b
SHA512d5d092740b8e030bfed9f6fabd2138d94ffc80db6e6916bb5ab591cfac5a58b0c802f1f3c9177564e2c89e67fb53eb07a34444eb455088cafc52bf7a21896c20
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD5fdd9ef348e966d86139b47911b145575
SHA11e3d35f6a8a0925184603a97ba9b6d898e476b6f
SHA256aed7f9a4c0df9678c2fe1076c5cd596f3e0a2028dee7903970069386f399fdcf
SHA5125bc4c56565234c631a57c8848f9febdc67ebdfbb7895b2b68fcaffc4bb4f86752dd7e070b7c1325b00a222df66484918b7df524e34dac91c3600fa2f58e6a677
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD5b86730a60d5b4de44d3bbc895c3c7e0e
SHA1bbe8671cb66e06f4fc2af6f2c0ba383b17a95439
SHA2563bbd074a44cc0c4b028c24fef24e720c3b1e5b9f45bcc257b62fd1f6ddc04451
SHA51253c5759b408af57b09ee4785bef760639c2821b8f465887193155f63f999f87b4e74a4194505fbb6cc9bd39b800083b6e2f0676ca36bdf51c8b452c65df76e35
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD5b0c4bdd5d31cd5744157f3606dd7be93
SHA1e547b79e1dbcf12abcf044cff41a408629c1924e
SHA256a9a26792afb99376f1b1292ddcd6c5aeb2edb98e2ff7d94ee37d083bb648e1b3
SHA51291cb0b4796bfac04dda939e912f72b0a3e629b797594d502d330ef57d815d96eae590c157c7c91caee4c2446107969cae8e4bdae36d2e77ac7bb709894b1f9a1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD528954f7a1e9e92c324955f9535eb32d7
SHA19ec420d3abedfeacdbc13caa55d6f0229153b2c5
SHA2566f2094ffbb718c7c19a2c62e70b1e535bd1d7be9502c1b84f25cb9fd141c6af4
SHA512b6c2227200ddfcc0d2b914d4fa3db6b0acd805b76f79d69c10731f2281b8e59c3d60a89f377350bf0753e47d5c9c61108d171d4635b0e04c52043e0fb8d86e67
-
Filesize
153B
MD5c0672786ee200ea0dec5a3e4d0abcc2c
SHA179f21c480a9abe51f1d3a487d149d058935e628f
SHA256f17b31d54ae42fbcb2f0b62f59e1b9c6a3d0f2b211ac860f9a1dae643642f04c
SHA5121746463c4869191ad16b97d1f88ebb3c27b71ceaa945e8f14e08e7e1eb288796545afa15c4bf9cf0ea4debd7614f73251de1df1153fe59c9364f5b8b142a79d6
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD5b8f27504b94a0d5543081f84a3db14de
SHA1c669771a68f490d09ab6cdeaf69a9fbd441c1201
SHA25627f715a9b05d1107c2dd34b0035724fb4014e8fad78f08169b4406efdaed1053
SHA512b314e663305c8a67af47b8d6d0c99b8cb6647ee82cf7ff9ec95b6f43160128d09e02a673c252683fe6de5faa44ada1b963ff46c8cd9451cfe68237082de71798
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD51e38fbf43c8cb806213599c7a5b4b878
SHA17e1148f4ad19da73356145f1b97904d3f08db286
SHA25674f8edce2b7c73f463b2d5236d8e1f642afa785d77e6787608a08dd5dc69ba35
SHA5124a2856a7de72be94c753810edea404d002f22327c92c18d7eebf75e55e75fbefaba0f57c3dd90bdb9f3768c800e0ea734a88f438aa0891e2d9a3bb027e2e6485
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD5dea1565d4f7b6cc0422770eabfa1ca9c
SHA1ef1221f5707305f4ee978f8645c72678c810a93c
SHA25697e5853672be4a0f3c551e6b80333742b6f2ecb76da4b9c099819ab36323c592
SHA5126ea2830a45a1320d79bd1407e45f4137bf39a7b5b2519d5e4543b9f38d7b7b25f120c133323b3bc7946b31d1bd89803442c890a5ed28d68836af7115712bd743
-
Filesize
109KB
MD56cf9b2951a2f20bd2d8a531a44179aa3
SHA1d348b37f64a2c65b21f4a89a5bddefbe823beb66
SHA2567e5b7e93a59d8ba1f684c3616c6f49ce3a1a44afe1534b376c1b4a0da49e1e4a
SHA5123bca57cd4d5b67b6e563f9cbe7b12a4ac0b6882a9eb51fc01f872a45b48ef8bb0ded0791c0bbf9efeb3cf5dcdb2c6bc9ae9ede62d19f2d7f8a7298fe9505c37d
-
Filesize
172KB
MD54f7ba073120bda942d97a01b492ee7b8
SHA1783b37a116660df76b3c238aa8cc5a997c7fad61
SHA2562277e66dd77b840041a053ecb4b46010aa9d3cfbe93883368457a2feb20a88c7
SHA512334acf82ca7aa9e1d8531cbfe4f4cf51aae479f9eca0b05f49f14969be8550e4c402a637bd88e6cb61b6dc7ee6062dfbda696eee149330e0bdcacaf8461edca8
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD5d37cf4cc8eaad660ea1dbf4e2cf9ff7a
SHA13c5eabfaf918bd9e4fce484fab2441ed1a23e7d1
SHA25658fad501d029330fdec561d8218565068f69ac32da41b15b1b52f906dc0aec66
SHA5126cf421997bbefdd0a6fe90c216f95147f3f998f3a3e6ae3797bd78d4c1a230ec1fe366145977436c091378971d40989025b7774da68feb0f1d432de6664492fb
-
Filesize
49B
MD52c7dc85e37d73979e29ae27234e0de9d
SHA1b392b8bd03b130055492247148e561bcae9ff044
SHA25634c975e64b69a0472304a6fa8c77e57ece76e7fdff4c7cf6327e8698c4bbefe4
SHA51298489b68fbfd5413d84eb08657ef0441c0af827d649ba59560e0da47abc145934b35a3a012ffae8741490706f4992287445dba1d7485fc2e6c6fbed47d5d671c
-
Filesize
21KB
MD5d9ec43fe20279aebebfc21c9d5621ec2
SHA12112f36e184d87451543b911fdb7123a7c009ec2
SHA256a0933c7342029ccf4e6ea9a43541e9b5a8e58b4749d5bec2885d64fa6f98fd4a
SHA512f36e5ae07ab7eab105f116269a1053259344c0c7c6444f90e5c2080c674a09b192d4498a8e88cd94cd94b8d6b3da066f7833203bbf5170584294545a10e1c674
-
Filesize
1KB
MD56eb80eb1e4b9679855d5347d8651abd7
SHA17b8a2a6bc3385ba31776921abce00352020a4443
SHA2567cf2de988d1fa5b3f0cff103b1ef7e538fd6814aee477073e7542b8580b57ef3
SHA51224f75cf9a5991ace5c4c039af9a97b69a2528d1a589d7724cc4b7de09a3f5f5150e1f3712f607874c14fac890b4e76fbc02e5836513b25396e2bd8edbbf872bb
-
Filesize
952B
MD5ec635dbb0fd8d3d6ade95065d834d130
SHA105ac5323c07c9e0bb5fb2b06de6c83f86452d8fc
SHA2563ba18f053d9853585ce742a0d70a8c32a08f650b76065da0ddee1e76c09256cc
SHA51279d244145d8ffaff8950b761d747ef64742740cf8af07755bc0b327eaaad61fb7e0433cff178be50d93a998e7b156e652a69f3bdc9b498682e941ea3ccac01cb
-
Filesize
121B
MD55f01260b280ba7659523cdcc12ec9aff
SHA1192a1fa005e9ed2ecb666936ab38e9b44dc45ef3
SHA2569e91074220b348877e62fba91ebb161df90306dcd56a497d93603ce20a8fbf20
SHA512d35fce8d3492ffacc64bc7655bf5f6496056b31da799919b222fc3f1496173a0c40189899770ed39b33c4b78b282e254b9785a66fe722152d8503e4a73cdc250
-
Filesize
1KB
MD5520f2d2d926ec74d331ff4c7f011a94c
SHA1c807cba9006b8d1a88ff61c5026c7f31f8e239d3
SHA256f09497d18011b06d43475f2801afe44079e148cb74a4e01049be2544d93888dd
SHA512a4ac09f1339847d6b5b693cedbc601555448162c867b17bcbb369c879f4e5f3b64bcda75cb21f58426fd2d5d77473e6b051f1692448a94e01bf38ab6e83227d0
-
Filesize
8KB
MD5872a604748510631b042c35894895695
SHA122c5f6af1446866b1aef21184aa72ff7a9df283d
SHA2563c7826a367e8903b72e7540376c02579217373e04140177acd398ebd3f781b7f
SHA512992bc112c5dc3b31253849e6de468e8c0b26a5f984d0c5be6976cce33220ce3f32fbd9142b733f31791f0c76c09a089c01930231d62de6a2b857ea2e36458ef1
-
Filesize
61B
MD54a8d89053dcd507eb56c9a041d66e09b
SHA1238d0e8722fcaf2d512d2ddca3ffbe393a146ec2
SHA25662b632d8781f069c51dae1c69b54f45353285b6107819a2f2978ccc366d8b37b
SHA5128f7dfcbf57729ea876e6442aed467e34d04b48cd3ee5d8f9de7a69b899bf5673c36059872e116156c3dd5751724330b47dadbf9ffa24712d15cdf03ebf4b1505
-
Filesize
914B
MD583f6f37e6b02de5fb09bcf90998da41a
SHA1ac56341bc955e1c98df5ee1069010fa0831b6e4a
SHA256966090e1975c2b0c330f19f2adf82f8e1f53b2f5d1f0f1d741af458aabf3b9ed
SHA512b31caff03a2083dbdbb9b8367d8edb0dc585f6d6440b5a3719eb83741ccadbe1da3d76ea2b657a0c651c7dd21a109252c774ebbe466f291d693bc34ff8cd530a
-
Filesize
90B
MD5afb9fe47a181dc91f0c25b6fb63e90bd
SHA1972ca99e6fd2b384018f9ec8f7d834da737248e3
SHA2563e59c4d6cff7103df74c13659483098495bb12f75ae2fa1eb0505dd1cb48c97b
SHA51231e9497dfca67bf7c2efaa02d1e76d0b24bc14da89ed82036e461edb2c7a0e04077a30acd8e2c9b1fbd51358e1d7d2c8bd7caf29a2a4df791999b4d1862cae36
-
Filesize
90B
MD5adf2418009770dc423fed51075543f13
SHA14ca42add33bab1170c03898a269cb5db1f44ddc8
SHA256078734d08c627e6b1b889a821e0d1ac2bd0b4c361f4a4dcc50ccfeccc9054909
SHA5128f6ff182ac62a655206a479e0c23f4046adafb1d8662abf393249773f440526978660012d20099bdd2c145f323c292eaa56ff033e0cca1975ea510897136858e
-
Filesize
328B
MD5b75be34f04154dab6ccd7600fd908aa2
SHA146a9d664798ff821d7afcb1fc47e69bab5b68885
SHA256fcafe6e15dd60695acb60a4fe51cd59e5073c017b9b6de506b080957554d809c
SHA512c71a49878e31bada355c412da1c9091f0484f5f771ecf17f6486f64b07aac47e5d64593baa79511a9506bc64adeb77501d45166d9241550cdebacdedaa6804fd
-
Filesize
1KB
MD5bbc9ac2550e2318d36cb6a2b1441c59e
SHA1a143f91cc06692d03135117eb21c4348ce120270
SHA2563d232ce7169053964c2837a6684b1d167197084c97d10f404175361a7c6cca93
SHA5123a93cb43f95c403b8767b784ae1f57f1409a6577e29cc79ac5af2635b3c4f416be5c9bac5c2d7ea27e2d33ff1ab77de46a25f89806ff1800305e169a6a513593
-
Filesize
162B
MD53e14d5721b51bdf0f8f2e23c655d30b6
SHA178ed06332f8ad7e4ae5fc0552ef1f1140feb65d6
SHA2563d0809b5733a06d1840f4e68b6f861b217da70e3196d95701a4da38ce7a47b9b
SHA5122d5bbd788c4b08965b796c0de42e042479ece34a3f062b4cfd3480acac3c197ae3975d1144dc548fcce74fa881e81cee2c13087ca9876f6d7992309ef5e5cb7f
-
Filesize
586B
MD515c112735f4e7bab22fdc215155891de
SHA1313f15245dc70afee3d3d332079c969810e9ee27
SHA256b5ae520da48e7e3459cd27cd2002fe5f9ae3a8a83c301932e2f0d0877bca8b1f
SHA51252661ce689af03a272f63256d42f4bb5ff5fc568d933b85333141e7c0237d69535776b66ca55ed6b51de9ea22300e6a87a2d57406348fce3c21a553e18dc3301
-
Filesize
124B
MD5063a736fe9cdd915193f56431afe379b
SHA1f271680627aec9460fe21687225386da35873ad9
SHA2560b90ae10f5f9738d088d20be24bcfce9095fe9a036fe0e1cf807e4a1c31570a5
SHA51264b942a27bfd1d7ad971cc796b8339b63a1f480fd1a1bc58d85aa124b510003611efae92f4284d6af951536f92a7184af7ed5b09be64e7232bd8904a2b487a50
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD573d75f7cefdc50581433de59ab6f47a8
SHA1b1c28ce6ad1ed11c08c190fc7dff4f6c9c9eaaa0
SHA256b3500b69298cff885a0ffbb34f3e7bfbf7b68126f3a6c36a9a884fdc96f449d9
SHA5125dfd1e16ea621634eaa765a03e519cc09a6305f65af186ae9fa6b7f15e3af784c4966b8773972bf1d2f24bd42fa801962e7a9792d8f19fa8b14990ac06c62d62
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD5f1153ae91d6665c9e79f4fec698947f0
SHA1ec541c74b3673b46809bab88a834c429c23abe7a
SHA256d45403d053019fb3c931a8711cf3af6dd2a8fa76c0ef9f9b95f8a22bba9778b0
SHA512c7157725f06d8e824d1cc2da4a9e73b46fc4c351c2e4a7affdda521bcaef0eca50d348428888dbff595830b46783fa77e037e3fcd72ae7afbeb0953205ed062c
-
Filesize
8KB
MD54ecd94794b45f853e23b983e656ea1c8
SHA1270ac0623007403d2b4cbd59207546a8762660bc
SHA256cea08e837102ad0ae13df2b47c2b42f5525effad0b72cf33a8cb2fa03bed0a5f
SHA51202eb2a6f040a1b1010dd2971c30bda09398225717d4bab57fa40f9c5cedcbc65fbb9a8b862217dfb207ef45defb716f60af7be4842e4f57d80c61e936e628eb7
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD57377dcdfc494ebd786a1ed924088d744
SHA1735952baf671fd68ff5e281a2543550a2456c860
SHA256eca55d6afd19ae9d79b70f867e919a08e94c47838ace4155c5b4ba5ff8bc2eaf
SHA51243b25a57557e847921017703128e2696fc1dd7022fc004fd74aee2780360e3084719d8318f95c55c46b5468843825a1f149f1c002d1722a3782411ee7ea3a262
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD52e9c2f254c652887d2ad1508d7c13c4a
SHA18bf61da75f1ef9dab9613554d40943b4d50b074d
SHA25677dfc48d3a3635a273f8ef6b30e5b6b58106fdcee10f33f6443341e559b02da8
SHA51296287c6e8c8604e461cce25caf37e74cf144cf82901858b26f3590c0f62aba186c2ad58debed2069852983afeceb1efbc7e3b823a1c080d9eb8905114b5e1c38
-
Filesize
880B
MD5890bf8b1f32dbaf27f65bb4c38b1d560
SHA10ab42fc2d922a11d897ecc8b91f7cb5ce5993ffe
SHA25621b9c5a073c88fb548fae19a459cf45e1d9fb70a0c4643916f8655ea0918be4d
SHA5124ed3a6b9453609363fb2b752d87ae2714e39018f74a7daef89c9008c3437fe5c42adc63ed1b816a3c0fc53783f51233d1bd901e2d66ce4f6c5ca161901996fff