Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
07-12-2024 00:13
Behavioral task
behavioral1
Sample
cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe
-
Size
7KB
-
MD5
cfbc736d5a16198f13e7bf360e5004be
-
SHA1
4aea5ace463590c5c2bd1cc571851e5e630d9331
-
SHA256
397009cf4ffa0f080835f9f2a43e50fbd91bd57763851a280a75aff029a7034c
-
SHA512
59a51ab1bcc070ae20e385e56ba2d0afe9e4ee6088cfe06e1de9c0d33cb4afe6ca55a92f6d137209b0cbf4a19eb2601ea4085e40e0a5d1e224e1993350d604ab
-
SSDEEP
192:Gzdrr1FG1WDCgmjPZPx2ds9ct1X0utLRMUA:Gprr1gkDCgSCd6ct+gFMB
Malware Config
Signatures
-
Detected Xorist Ransomware 6 IoCs
resource yara_rule behavioral1/memory/2328-3-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2328-8811-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2328-8810-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2328-9099-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2328-9100-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2328-9101-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Xorist family
-
Renames multiple (2169) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0OBBDSsH5F8mq7J.exe" cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_command_precedence.help.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\SysWOW64\IME\IMETC10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\rawsilo.inf_amd64_neutral_8eb7e6403ddbb7a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_neutral_b4e8ccc6ba210e97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\eval\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_trap.help.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmct.inf_amd64_neutral_15bb3ed734fbbeb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmc288.inf_amd64_neutral_c4a901dab689ad79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\tdibth.inf_amd64_neutral_6ad685957123daf1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\brmfcmdm.inf_amd64_neutral_af49d2f3ffa12116\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pipelines.help.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Comment_Based_Help.help.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Line_Editing.help.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_neutral_82f4c743c8996d67\amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_While.help.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_job_details.help.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions_cmdletbindingattribute.help.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pssession_details.help.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_For.help.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_If.help.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\adpu320.inf_amd64_neutral_4ea3d42a9839982a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_output.help.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\synth3dvsc.inf_amd64_neutral_bccbc5fb46a05558\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_scopes.help.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_script_blocks.help.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnrc303.inf_amd64_ja-jp_b0dcc6693f67451a\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_jobs.help.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Foreach.help.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_arrays.help.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd2.inf_amd64_neutral_9dcd97ab7a913b7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\61883.inf_amd64_neutral_a64d66bac757464c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_neutral_7f08406e40c6ede2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnok002.inf_amd64_neutral_616c1e9b7df7d5a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_eventlogs.help.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\SysWOW64\winrm\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\SysWOW64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wiaxx002.inf_amd64_neutral_fbe080a7dd77c4a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_locations.help.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Comparison_Operators.help.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_pssession_details.help.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\SysWOW64\com\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_scopes.help.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_troubleshooting.help.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnttp2.inf_amd64_neutral_d218c42ac8635704\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky309.inf_amd64_ja-jp_afbb421e3dc1cb6b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ClickDownNormal.gif cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmarch.inf_amd64_neutral_4261401e3170ebfb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00h.inf_amd64_neutral_96a8e38189e54d71\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky305.inf_amd64_ja-jp_4d77cc4802b17ec3\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\Engines\SR\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_If.help.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmsun1.inf_amd64_neutral_6184912bd8e5b438\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe -
resource yara_rule behavioral1/memory/2328-3-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2328-8811-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2328-8810-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2328-9099-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2328-9100-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2328-9101-0x0000000000400000-0x000000000040C000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\view.html cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECHO\PREVIEW.GIF cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\DataSet.zip cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Program Files\DVD Maker\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15170_.GIF cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Solitaire\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02738U.BMP cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\bn.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Stationery\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\TAB_ON.GIF cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21527_.GIF cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\QuestionIconMask.bmp cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099156.JPG cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\PREVIEW.GIF cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0146142.JPG cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR11F.GIF cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\logo.png cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\THMBNAIL.PNG cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR40F.GIF cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABON.JPG cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\MessageBoxIconImagesMask.bmp cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\HICCUP.WAV cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\47.png cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\settings.html cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\System\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR22F.GIF cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR48F.GIF cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\settings.html cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15073_.GIF cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_SlateBlue.gif cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR50B.GIF cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Hearts\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\ar.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01749_.GIF cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_black_moon-last-quarter_partly-cloudy.png cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-cbsapi_31bf3856ad364e35_6.1.7600.16385_none_aa56c4bd0a17fd9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..stics-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_cbb096d1a8d6d240\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4ac4c2430fab9a99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnlx008.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9e27b1ff9581e77d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_sdbus.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_135b0911c2c37406\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.PowerPoint\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..enter-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7d6887ab7b136bcd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_64\napcrypt\d95f343677c556b67e99818cc02f4214\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_fr-fr_a1412f0fc401018b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-wpd-status_31bf3856ad364e35_6.1.7601.17514_none_0e6a9cf837b64185\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-langreg.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2c40e6785093a2ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..spp-tools.resources_31bf3856ad364e35_6.1.7600.16385_de-de_dbec3ce8a9af0e4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_ar-sa_585df4a7092d7807\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-webdavredir-helper_31bf3856ad364e35_6.1.7600.16385_none_347509385fc225bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-eventlog-api.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0c765b843b5f5fca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-n..e_runtime.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4f0f793e87a75079\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-security-spp_31bf3856ad364e35_6.1.7601.17514_none_78875ce737927d27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-timedate.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ae89bd92f904d10b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..-usermode.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6959b1ef4a72a285\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b0da3081ae06889f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7fddcd6a1ab604da\settings.html cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-i..favorites.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_da5e254bfa37ae1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\inf\TAPISRV\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-forfiles.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8bb2e5af1503f717\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\activity16v.png cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..ytools-ex.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61a93666a0ac0769\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-themeui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_50f84099988201bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\Roses.htm cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..p-cleanup.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00d364258c12a004\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_hidserv.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0ed8bff32965e92c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-speech.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_62b47e898b8361ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-onex.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b882362c5b4d001b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..layer-vis.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a255c10c68f0574d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft.grouppoli..mpleditor.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e3b8de06a878e9a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-a..stant-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5da72caa8751718b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netfx35linq-microso..ild.conversion.v3.5_31bf3856ad364e35_6.1.7600.16385_none_959ae100dcdb03d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..terprisen.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ee45d5239172d495\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-video-tvvideocontrol_31bf3856ad364e35_6.1.7601.17514_none_4cd64fce99b89311\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netfx-system.directoryservices_b03f5f7f11d50a3a_6.1.7601.17514_none_16b6c895a094210d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Globalization.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..utilities.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_83f81bfd004e80b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-r..tymanager.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_337a628028a370ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..ylistener.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c401cf8aff11c950\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..rity-ntlm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f4961da797e6988b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\settings_left_rest.png cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-n..35wpfcomp.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c05a92d8f56fdb00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_mf.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_bf4923898eae9dae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-leakdiagnostic-adm_31bf3856ad364e35_6.1.7600.16385_none_8bb4664fd3820c5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..layer-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6d8002b0f43fb889\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-iis-metabase.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4605833b8a8b7ad8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.1.7600.16385_it-it_16702848f9dea1d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_ru-ru_5a242821606218c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_ql40xx2.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0c3b4751804fd072\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\msil_aspnet_regbrowsers.resources_b03f5f7f11d50a3a_6.1.7600.16385_es-es_dcd34fffc0f31ac1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Data.Services.Design.resources\3.5.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..update-authenticamd_31bf3856ad364e35_6.1.7600.16385_none_599889656b4ace55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-n..kexplorer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e393513a419397ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-setupapi_31bf3856ad364e35_6.1.7601.17514_none_931b5f1fdcdd6496\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..erver-adm.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_9c9ba97831d15b85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\msil_system.data.linq.resources_b77a5c561934e089_6.1.7600.16385_de-de_4b5d7fbf7a2edfb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\system_dot.png cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-activexproxy_31bf3856ad364e35_6.1.7601.17514_none_14159d5b488c6fa1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.hfi\ = "IOQPRVJIYYXVXAQ" cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IOQPRVJIYYXVXAQ cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IOQPRVJIYYXVXAQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0OBBDSsH5F8mq7J.exe,0" cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IOQPRVJIYYXVXAQ\shell\open\command cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IOQPRVJIYYXVXAQ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0OBBDSsH5F8mq7J.exe" cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.hfi cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IOQPRVJIYYXVXAQ\DefaultIcon cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IOQPRVJIYYXVXAQ\shell cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IOQPRVJIYYXVXAQ\shell\open cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IOQPRVJIYYXVXAQ\ = "CRYPTED!" cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2328
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
282B
MD5af5a2a58a49793554f291a2939ede100
SHA1637eb13f507da0c87433cff0990ae0b3238d070d
SHA256b952cf8cb5c00487de38ed2f9f657f135200f61bb01173d2010cc61f15c43d02
SHA5121168043a186b73c1ea43cd1228c530033728d68e34824b91018cc88bf8d56102367f2b1535ab3b23c90177d7b9bf03f3ff11135301f4bb5f05401ab0661668ca
-
Filesize
341B
MD5eb4d38fe5ef6fdbce00fef8dd551faf6
SHA1e5ba98ea68040db0b539419aacca40bcedd556a1
SHA2561b0040d53cbb313e62b52bb52251fe8ab9055e80e1b0f94ea2f0083a05123d60
SHA51257509c64b7a38a9ad1dc463f176d0a9434913d313959c83f8b4f517116dd5f80cc67564f28db4e7f81dd184d13727d3e05160bff24ddfed4b942365a06caae96
-
Filesize
222B
MD59cae961d89a2a023779548ad510cf1d0
SHA16a9c021dde4fef75572e202968a0ca83aa5d78cb
SHA256a358254fde337d513295979892acb4fb73608f219b7864e7dcf408261ef39277
SHA5128280aff1b2b50e0311f00886074181a6f790090a34abd869237367369c98a88a51b16195abc8c4e59ef183e86ff178161418e34e0ba4f74c3cc3073a55a781eb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD5e45bfc01a79ad9df36badc717d866f0b
SHA1fe6be3a2cfbe87b22f77a555af3e1ca05df1ec17
SHA256b2e10d3490367d9ce309f0c8831d225d997ddfeb708712a3b95c6ddc5e3bd367
SHA512e053774f37ced4406c66c61a8ca9c370986e885401f64066e32a69f9326dd6b71e682ce21d86741a89690a61faa6f9322e70a1bd81f2c2c440e3c8dadf0732ea
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD59a3579bdc02031cf1fc104ab59a87839
SHA1a2af58fe8386fe6e2fd3eb575eca55276a54372b
SHA2561e07b1958a1eb01a2cf2d35ad82a169a18ece7ea8dd78d28436634cb1e852461
SHA512a5f088ad1456c3478789dc157a08c79373a6116c14685cd26f3a03feec6565bd546829d05f89646ccf7fadc2a47b637af4ff5490380c3df3cd3989316220f505
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD50704e68687099eb65518b236c0bf5169
SHA1069b149d0bc071b7cf4c0d1970d8228eef55ff85
SHA25679ae45bc419bffaabf1c2d52536d36fcd25e02cbfccd72bd0eb826f93a78f470
SHA5126593deacf77a36773045a1d6c86950274dc35cfb75e08aa38dcea3a5a2c4b1881a69f158b080445df943856813b13c90465a03cdcc3ee75f71e653d901464a7d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD505c9c7a73bd8860b84207d9f91917416
SHA178a939296376d4945a9251463c9390a359986ca8
SHA256fae031d093fda3f07c2eebc72505f3b6fee8431bbdc734a2844dcea6e8befa64
SHA512c01184477f7a9a17881661a0eacadfc36eb16acf5c75f1dcdc38cbacbca856dde5ca5f61e4029850aed6aff6dd14024c27bf526e005ed34ab977a511b695d29c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD526a8be0aaae7c1659fe441e212f17412
SHA1256adfd26874e76d9d18f76d4b5e488ee1f2ec13
SHA25634573ba1eaaff272d74e57f0f3ab005ebb85a869cb3d830d9265b608c05a608e
SHA5129f884ea589c3f1aba68b933be6734f8b05005c4fb8db7c0855db375877ef011595b7ebd28237aaf7f2cc632ca986bc040304af77fb9b03a66a46373189f12336
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD50feb8979ed975d929c332601a195c229
SHA18f44295f4226fb8eb93a9a4d34d522232915ee82
SHA256dd957ac0afa2629a24e0f9c9f69e8aac08f34c4dd229c5419e77086dd88f4626
SHA512bec3299dc9f01c3d70ef69dfe9ea4f752ebc114d8529785f6400c430cff19e4462715c28b6e144cd6c7eb9d7dd1c1d24db26f1bcc7f5c13abdf0927cec0c27bf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD58201806f3500aaab2b266f1b9a25c818
SHA18ff57e9ead1bd65ba82df34c00998a08835ccd93
SHA256b336262f7165101180040f67b1bac41f2d79d60f248711390d6d214846c2990e
SHA512e28b9e92db778f473b5c1883d8f2fedb5c9c0bf3a4d8ed985aff6e0a210c70d212bdc432a103b7738484f82c821cf732b2e1c1575b628845a2c4572e1fd7df65
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD5a1becb1c5f0f13829ba332fbaa8609c6
SHA1b5a75e7c6a2f7729893832d47e8a63f1c646b79d
SHA25658050062be4e0b15a41630a1208b5917e0b500e5220e8f9cf646a3e22ad33be7
SHA512b00fe13ca54602cd66cafaa04dddd65f36bb0ac9955747937ac0aa52a3af42f91689d1ffa4a2100062050d7dea9d0e7aa97ccbd56313d5f00895b08438cfbec7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD5e5e2ed18aae9e168cb353cbc1017f2ed
SHA19a32a158fa28625910ec6e484a92f61606c810d6
SHA256b94e94a018bbbf7a5de97303a0f106f91cf564699a3f9ffa6aafae395b766da7
SHA5120abcfcac53099e25caf2835e50cbcf09daa5cc6ed5d77cd6e60825e504454d24b5cd2f7cc992cfb5b8975ce2c1e16f56600eb43f30f7dd14c857bb55627599f9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD511d1b34b17c27e52cb05e719f6e89dd8
SHA1abd9fdc2677c381eb9de47eb54b03413a101e48b
SHA256e222f4d69d5c706ece18fa4a5742b61403f0b3e7724b68a7c444f5f208a3bdd8
SHA512a3b705ab4533e22961f439e49136dfee89b973675d955a8b4831e32484c9f16de8e3e449cd02f165c787293b77933f30324518fddb119595fe96d578dd283c96
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD5bfac141cb64beb51a5ec851dea306b0b
SHA15edc5002a02a1d8574a58d7aef08ea76829d5af5
SHA256f0a21a733e893f049059c2cd17378080ce08baa142cd15d61ff0031d6829fd1b
SHA51283d79d2aad38baa0f16ba69c8c9e60d497fb2e7e1a656041c84d6da884715cc76784fcf7a26fd09fe09a6f00fdb4b0c15f5d2ee565d10bf64cd9912d37e795b2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD5453c83becfdbd382b4120ea2f2285433
SHA11d904f67a5ffee631657fb656ae195e069dca440
SHA2566c8b7c42b2894f605f174b6e6afc98a3b0abac44e5db90b9e8dd332340f43761
SHA512f0e63a8cb3c4360f60fed8bae202f135ab259fe342cb95c45655cb2d8a7c5d66b5701305f3a6e8411abcfe89e8343efd76c5902fa1a2bb6b6b6a9b83d5a4320a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD5b96e54996ef32807f57cf37db549963c
SHA1e2b3bcecf7bca9b3f692af9b4e704b570d4a9962
SHA2562ea2f052efff860e1971f72a4f9dc2dac08ea8c10a706f28f9345b61f12ad723
SHA5121cac9999285a8dcc00349ca07f4f98997197fccc4cc1dae0a66ede629bcd79940d08acfaef0bba222b294521cb29c1a0632425828609d089e61754839bebb1e0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD53192035376766cd9574d3aecb8db0e48
SHA1bff6a4d5328f7a658ba76cbf32c3e16e65cad0d0
SHA256b950e8500b341fb5118c0b13f6109ab21ddc226d1205638de08520fa25bf9543
SHA5125175610463260a37bcc2906e11e53555bdb32fc15fc47b336ab28919c145596e540ade226037687b8e825d34bf6cf096715741ccf56819e2fc8745995075e270
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD5470e8bef643973365ae125263b70f6be
SHA1009166e9a24f036d74fdfaa234c0f1b6819b6486
SHA2566a90df120523569b4f47fb0ecdc48061aff15910c989b1bd312ea99cd64c4fc3
SHA51214cf8f4f6ca58906e479bed0441abc4ca5676580ffa9a5e48c646c1ee975621dfda4a4b0efbdb7e84521b703f8db22850f3e4ea740f4ce1bce7f1d7da88edc19
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD52a843980352543d545e74c3daa9e9566
SHA15f8beecd6592cd7166b6645c35a9e1198e26a6b7
SHA25608bf51d72fcd00cc96280a85815ef5a81642847407cdc10a02454231eed4def8
SHA5122a16a0ef962499a2ccbc9d382195156fbbe7ab9b9eefe2a5c6238b36b59254b1fd579dcc34d7da4404e62d4b36340f81dd9974628d0f4421ddd47d6ac9f49137
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD554217decedd0582fb54ba7c6ff536951
SHA1ebd007bd28c34f13559fa9c8fef5d6018474d5dd
SHA256d266ecc646b2c8850520670411d8f8fe8396c5c938130ed22aa4981094802f19
SHA51215426ab2d61c34e1f494cf4cac709456cf2fd610c70d0e4e6ea5af9aa957c25a3924275e72bb2157cb9e6bcc50b944eb7022e62db15e82070e61448e352e3830
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5185d1a85b7964227813e0f6c4852a2ee
SHA1ccf0a1c718fa4b6f40a4e86211bc4ba5baef8e0e
SHA256115f0103c618ecca3b3257377b75a83680ab9406ed8a78d2832b94001e15a722
SHA512edc0fa0b3228e2b3821584e6021631eb444f13b9bad768e48f87057f0bc11a70e083b9f454e1e9d19276bb70fcdc3362b7e33505ca2db7ee7c0737b9aa91ef99
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD5424b59e79af0359e297cbf72bc67422b
SHA1fd9936cbe0760f16fa3f96c7cfe7aea28dc4827b
SHA256737ab2ac59852683d9f612a80265391c31f626c250f2b29c76c53f6320e377b7
SHA512ae6d2c08522927aeaa5f302063d4c500c963c9e573e44dfa82e72f0ff7f3ff20be0a80ed3978dd5c0936cecfb532a445f10a5d892418ae9819d20f0b036db80d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD544c863af1ed8b1fe19729f392877529b
SHA1c1abbb90212f13bc1629023a9dc2b96450280f40
SHA2567f21fddb6f93d049d7e0168835e1ac20477902e21bf79106dbf9a1878e06bde1
SHA5121bd09b438edda47028756e97acc0b50b57de3b3dd73db22e743e33d5accd3b6a41270bd33a1c6089a955cab97ffac0cddd707fa8abb822ee9c0e7aad6190d342
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD57b221d656468bf09d9f4ade923a8af93
SHA10bda463c3838e093ca679625fb9c12ff5f7028c0
SHA256d7d85412f86909549cc5275e4c5984a2543d9265c5c002aad7bd800b0ca57b1a
SHA512d8ab32ed4703a0f41bd4fd82e876b77e601d81bc62d7a944184eb166a492d23edba87a90ef6cf716176bdf67c0765cbbac253b51a85cd60b6dac9b20375efbd9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD5b3cdc2b0dddc49fcd877c059566310e8
SHA1992022828d9c6b6536ea354562728e891a17b821
SHA2564226e9439ae70e53546c3acfdb9817a4b43f507b43c6386adee14b3b00b68764
SHA512b7881cde68987ac660434ccf2d0c5056e8875ad60991b88411850993d0a1c2b58dc284d509f991412a5fb45338ccaa39e50a38950391509534c5e8ae283414a7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD555c919935f8464aade96fc778d2059a3
SHA1c7cbabc5e951f62e9de3428bdbea3f5e3b6a7d13
SHA256a78c9cf124c8b62ce9e57905dc687729c49386e16aed50c877b2addbfe4fa1b3
SHA5126fbef174cd51a37edbbbeab2777c7892710966427194dfd0713397615bf27f505a827a388b85ad1627b7ac83ee2bdd7ae2c7457aaddba169e1434d03aa870925
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD5d1d620c494f8649b36cfdcab6c9e1551
SHA12fd3cc5b5be55757b47ad31d5342924f2f47792f
SHA2562aea5ba21cd276cc2edf2b9a81db7c809e8e46f8c4f351d9ba370227b329d3a3
SHA51274c14a4aebe4c7131b5d8fd0ce92ab365e4f3707545e9f3371a044f204c39508decedb76e4d45a33e20349c04b0c8742ddb2df25c1238d1a759e901fe34109c3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD5985320ebd138f76d3b7f23b30e012238
SHA1a71532b07829bb39aebe59a09fa7c1eb3effbd3a
SHA25657896fb1085c903a02d46a3699adea7a5d80b747d7d9dc1153ac2ad98fba0e43
SHA5128b215faa028640996c13dff8499fbad1f2cfc6c032179ebcd77b2d037680b24366c7010892f4e76a9f7d2820cd9f389510c41efb67012272d8faf190d27815de
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD56a9d9d3b18abbff5245f034e2932c62f
SHA1e4f8159286b07b3e4bd669513eb8b81b4342f241
SHA256dc4778a5f7b5883401a1cab9f2e0f4daa65ac33e683628ecebaa782c475837ec
SHA51297acab905d73891955de1bd3c0b0549d53f9547a87e0c40f4ffbcabcc3f0a32b3cdcaa9d7b805bcd29dd0f5245e2f0eb2181988aee85ed2822c9bea64a8c4a08
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF
Filesize3KB
MD5569cbce1cc5d61ed68f1e605e1a9c6d4
SHA1df97ea21b3185e4cdd3acb2030af56f35fda1816
SHA256653212b7f8a5b0b4fe725d96513b048cb6fc233e1695fe123ce60979d79a94ae
SHA512bc45e0c4bed7cf5e1a14931185d591aa00bee776537682a12d5bbd2f887ddf567d5beeeb64b6dc3eb2dc9c3b1fc11738a84997b6d8914e9354186070ac57e073
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF
Filesize462B
MD569c39ed1c5ae9472bc27015b200d0f98
SHA1ff4626d8a9849856fd85a48b651e7ed8de185ce0
SHA2563ba02c595dee094868271db310da6e1059db6b23682a03da0026dc3118f8876f
SHA5125c32db05cfe7e914d61cee17b068282a6a467a2f510f60f4a75d2fe323df433ebac0465c677ad8c088d9ea7fc2f625190a0a08b582163b0612db3f6bd67be91d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF
Filesize264B
MD53715f2956d67e8e823996daf6fcdc075
SHA1fcd7ec0170128b8de452ccd2da51fc0bb2d6acbd
SHA256f6088afb019e6c0087cc589f87910a5217a2390470aff6b6505cc447d7f03385
SHA512aa0e3555bb96ae0d52bba897304ee92628a364a86031b5b32eddf573c4ecc19f788c4decf4fb34602eeeef0d94552e8fb48e50323e2a9330d1e49f735b241364
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD58fe43b0bfa934e15bb990f3b13dacea0
SHA1e93d7f29c8a9a7cb8c406c5db5adcb90b6b93b2e
SHA256dc0a392a2c8abc080d3500332f97d71819243208fae1aa667e13e1b675b8b145
SHA5122f6a90b2ab1754bd2d7b315545de13fc0282231f582c2b6a4aadf628cdaab630e549ac799eaba633602abba6623b9395cdd4ddb50d242d40acac70f6acf8e338
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD58c1a9f2c309ed5dbb32f8f8e1a387417
SHA1472a886ce1e5d988aadf7cfdd105726b7101b73a
SHA256c94d7fc4a12fd47fd76777550dafbdf75b7a59646dfbaf86395ab062b1f24295
SHA5126709843a1c0057c6ad82016f5741d7261d9cdf7bd27e701dff0ba2c070079f924cdcda07319451f5ac15e70749a732fab1f3f5f7b02534ff1c7cf9444dc609c5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD5ac9e0929733f712558cc895bf36535b7
SHA12fcdb590fe186f8ba369c146c5578f82035b844d
SHA256d8d1c4d1dc56adb81272e4cafdf9dc1112bc007431f034a36ef166dc1bacc7af
SHA512e19564c8a76e38e317f1407a0d646f17382410d06e4814f7c847f855a20323966d1b0d2c9ab120db7888a53167c067048c46e4b7189c5bff682cf666b6335033
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD524e5585f5d35a2cd0020c25d3aa50365
SHA1a43c1dc2c087a656980a95473828cfbd8522a250
SHA2565cb0089f2b4d4b430ffe19594451801a1a3fb59f3bf98346898e81545447d8b0
SHA51265dedd853946ce8fc2501785632aa5995b2f75eb0b21ee2278773b36f94a9a976e16345f9a9fcf23907aa5953d7deaf2868c0108ec415a8abf51e140d1680e7b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD5392f807f29c86e0a1522b09c7b344c9c
SHA15c61f4ccdaf4ed02dd36c07a023842e84b6d31b2
SHA256a211aa186fc9fea37868892d9f5a3bdb7097339edfd1e8cee8541cbf5c43fc36
SHA512549f7fa8295736f6e60ac6f60849b3796a77bfa4470d653f78c8968f94d8b7689a76b5aea5693686d723288a74c0d04532e9c075bb7817edcbb04981b2a6b3c1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF
Filesize26KB
MD5a0fe948d58dc7991e53c927d5f88cce8
SHA10c0c82dc2472c5c128e51013bf8e8765a4e2ea21
SHA256c1927a87ae72cd9cbe9c8d0e52a662fa9e5868fb2558d75ad3913c86c5ba600d
SHA512d4d66408dd52f2f810d3b43fdf44086def73d2f64ee872ffa5db1c09bfa32f8684c8090065bb7f668547c91a04485f12fd6f0d725763aa2d37db5f40d260c341
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD5c4dbb7de07b95eea25c2f7dc582699c8
SHA11f164ec662ea78084951a4a5f2c7da9f1c6b300f
SHA256692303f8388b72d44970a525003244c86df239e2c501bcddcdfe3be48eeaa84d
SHA512b899523ba10291cbc5a8b744c3f2e074b8ee05718420ff0b863a45c24f626ac63e3f35c4650dfbadf3eeaa1e7865eae11a09549ac15ab2a654bea9fdace2405a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD55d1a6a15c00136e94acf9bab084af6a8
SHA127bae22a590884a3c2560661619e67c52250ef0b
SHA25659364e4132809191a7bc8c7213d57c73f06c501e2107753806d58ab723175f7f
SHA512823d4604290b2dec888480f93e1eac7588c4a2cbb8efaaa6a5ff5c53a7cf6ab266b779a3237281e58a77dea5811adb023755c915febcf0087db5f1d2d967082e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD506e07678f32de924b9c48f9c847787e4
SHA140d677cb61d79b83ded782e73feb1e43880a0ab4
SHA2566d9dd622ea25672dacdf01891f9e7183a4997b579f110f905823d1f23eaa2b75
SHA512bad8b9244d6520a97234d3ee05df1178a6f8cd861f938e70f616918a55e57c0017a8b13061227f9cdc519b644d9beee73585df07e0d3419d5ff6b33e1179dfe2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD59edbe0bbebfbb457a8cb0bcc18aa183d
SHA131666b43b4a73453dadbbe14dd864d041b4fe018
SHA2567b0737a9928ce4223128d6cb711fdf01e273a5fd59c019fa4532cd4b5a78e0cd
SHA51257084fcefe2794aa569588e73972a71ac3389c3eb527cfb7a1d8531c8f21bdc38b31e7cca68d62a455c725656d9b86dd816821b250f5f97243cb9bfd5f4dd023
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD58e096ee51b8450e2fc7ba8517054cca0
SHA13d14902515d8c062b811ba1011c6409c52d0aba1
SHA256914d747cd6a21529f08856c92acfc0d198b812934bc54f981610680402c4f061
SHA51287720e6773a2705a43ffd115f252369f3f0182d753a3f8d8d1d035344f1582517e6ff77ee9fcabf0897e0b57bba2e1242371b0962975294987acce1b61ce4cde
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD5c39f8fb515cdd8713d47f0ecb73c80ec
SHA19e4da9e73af39a5d24490a3b9574250378a1c631
SHA2562555256de6ebacb1d69f2db109b5b249a1ca50afb4188c3b60ebf5f5ec90bd6e
SHA512f5e3b3ce9e7262e4564bc7f233aaf22f372de3197f42c3dc3bbfc90521036e8a511b8f8b30f4d8f8a284b929b7fbced23bb9f94718ccf3915f6d47501d879d00
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD56c2b70fc830044e5421f852d9e8b5d5a
SHA1343accc79d604c1f6ae8f9f1c4750561d67f7e6d
SHA2561efcb89eaafd08a68e7ed46d6cac27ea2a5c9453a85daa14a07b86ac0d1ec884
SHA5120116aa5a5c2e9b249d0cf6ae08d6a15fadcd80a5b8fc91e7b3a116c928a85f4c2a320de9f6ec5b4c6986cd94c213d06444afa3fc17c6bb74eb5ba5d0ce7605d0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD5dfba4fbbe6ae65845cd2b4129277724c
SHA13c3ac9e889c9bd7ad801d0c424b828883135e295
SHA2563bb769b3d786c8c035e9a44187c7263c33c7452de27e0f5e6e395d9e2c02c51f
SHA512658e42034f48fa419fdf1b1c9272c58bd9979bb7a8dec781e22f5e8ee228bda12887208b259e98c407acb465bb7a486e6879aed7e61fe18803c22f98dbbd7c81
-
Filesize
580B
MD5bb577134c7b9c4d6bc3486ddae0637aa
SHA17d29423796765ac87697b33587b152b1c853ffd0
SHA2563e642ab72c83534b24cbf2bc5a6a0331a7847801c90c02bda43c96b7f4145e8d
SHA5128349001543290bf4da6b01362f915ce1748d9a4c92bd2ecbb412ea67ddf751b73af692dc0ea2b472e8a8cfbd1eea244ac606aa193124eab174c016ec41837d02
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD5599d5e4499b770b51d860c4239251bf1
SHA1d2e107d00f21ed55f94815fcd9e93946922169b1
SHA256e4d2dcc4f5bf609546ef84cae4d9d25479f87096326d36c60416382c59e594f5
SHA512d62b57c8749b0c98df2387017c9037abf2a03e06ff8a18c321f0ca81b8174546239bf2b8bbc81500087ecc2a21762972f1dbe535f8b40b4d8b1624fcddd80421
-
Filesize
625B
MD572c3759de3c90dba8679bf80505255a1
SHA164da68169d9b1fd7d382342a861a521ae8b28d3f
SHA256c22b21f296bd45c7afdbdff625af43d9808200a69ddb2ef29fd17bc94f97ac25
SHA51220fdaa5e9e0a09713d0082268c342037d2ceef919422cd08f68a4063a249954dfad2faf23bd47a8a78fec52dc92ca16c42ca03c070355bc65acee41ca34e4be5
-
Filesize
873B
MD599cb793ff324d66ea0ca7eeb3f25a525
SHA1dac16924903554d4799281a7b5c9bea1e01b463b
SHA256e291221a9c616ac41df59bb968c20e9a2352676a906f370ddb8555111b2fa91d
SHA512b371d81bdc81ec18515c38ac9159075797c02a9d372507077c393f406990c8b1ee06d3f5567d2b38219affc34405ee9956db7bc6bf31c7847a1508021e414269
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD594685e2fe6424aef8cd220d63fa60238
SHA1139f6ac6de78932e013ab2fd1468cfecfed21e05
SHA25612ea48b074a7127f843b4d59ca2a7282bd5ec2b3aec631bb673212cebc9df700
SHA512f26f972e235fe8f0c523a29d17f849c307514757073da6b9dfb7aa90aad05926d00137c99772f8cc57223f78d9cadb3cd14304e686b81db592fd2f5f3e9d362d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD5f3f038694a49da64b82ecec4b9c179f0
SHA1238ba01dead02b8ed5292e48a0f853e345ef15af
SHA256f429d31c64949b1d9dfb7af0d7f2e8933248a46bfaa6c5fb2f393256f3c00204
SHA5128489e6957aff41647758ad64edfdf36aab9560d21cd8438312744885d6e280566314e68164275e4c8fedbd9cebe85b15ffee597238b45308fb97e6cb32547b0f
-
Filesize
615B
MD5bdf2285785d8a10e8e30430805c6ba53
SHA15c0df09aa8b7fc5939e2b2e7bb89189070f10e6b
SHA25625809a6a843a769e7cf27659cd5418d1c6ef60099cd2f20a4c9ffef765fd5658
SHA512dd532dcf60c0c2c8f8d606ade416cae75083ca39993f88625b2fd3895116059367cc8491b9e48f0bbed5f9ce4571241743b7edaab235b6a9632400510b07613b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD55f89f6f61e9f216ba078cc0b113a0cf7
SHA16fd18b9371e350d2ee45343c1ae2667aa2c8ac72
SHA2560d9ad3b38129817f7efad8ed26ab6e837299b3d2eb5ee1daa83564e811a93671
SHA512ac839466306201e246d8089b3252a039360a503453d1533c72cabb8ab61987cadee3b5bd55ccba9c3ee88613c5e1c4a4f5425fee9598ee927809145e5ccee59d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD539efa2d22450d6f5a06d818a0e219e00
SHA1bb0b30e0bbd35f4a13de7af4fac7f3d58c92b6b9
SHA256fc65ef3661a4ed5f50fcbd881865e39cc7fb9cd325e32a3f408f488e7701e637
SHA512cbcfd190325937cc944ae429812559397a93499354a99e8671a7584cd59716ea2a6df64e5f6de5f6953cdf2f18f841d8fbc29b506750f764a9e902a7fb10cb49
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD5b70f0df51241a9c4b793c182b9fbc632
SHA13087609472a34e190bd0d6daa2931daf9e882ea5
SHA256d837321e5596090d1560a449a8499c7321e2f947df35ed9eeeab986df6e07f0b
SHA512ac33a51deb8d9a1c52fe36b8578ed0d612d2b3bd634968d2f346034bd8bff5e241999d45219b0d162845ec1d7d632e8b5e1b4395054de85ba2989d2eabdfd376
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD5f15e93a7d99288f81deedac65bda5ed0
SHA1c61f674a4319429feb3952432d5dfc1576077101
SHA256870e7cbbd1ff2d9c4129da5ac70887e0632907ab6b4fc92635595d4b1a5689e3
SHA512db8665d3e33cc5b115b94a3fc01fc4e228b1404904e7b2a46e51f971057bf22d3579ea942023eecc9121e3b908718ff4b990b19d3416606597f80bb3a87aba9e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD563f578f3ad5991071535d37cd9c482b3
SHA1c8ecc42e81887a4535e414d9d425441aeaf95b2f
SHA25614cc9f3c7bedfad7ec5ad558152289c5d7c26f50561dfcd1909c42c20325130f
SHA512c29ed055c59122ebe444ab64be78d960c484d14507968faf385defec2f63219cbc9f6c6c588e6c6d9fb09ec75c319c8de5e0e27d5bd0acb420b326ce232e32b8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD54a5eca7b6a76006adacf82490b40fffd
SHA1eade844c508c54cae1f9ce836ca713fc542f139d
SHA25646dd0a0a69e480d151e377faad846489192ed2df2b272282e79d4c3e047559d9
SHA5124afb72e557f8af68f70cc52f1b8b97fd60d692060fe8c654aef1fdc79d865c38e320cff1c4fa1774234ce0477a2dbe15089caa42c03aa0f75cae2309a6cf2b08
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD55d580ece99c03efde0c3f0cfc5b837b8
SHA10339db7dbea888751820b8a0bf8e03a3485cec2f
SHA25696a4dc0d10d16a8c636679a4a18f33a9ee74f117333e6b12cbe2816db2ad711e
SHA5122f6f05c0bd30f63eb4a6cc2940f7373efb343bdbe3b5ac21191329e0f12cea0017781255be151c7c479c859fffb2a20d8fe840ccdb4f2b5338c150f42798470e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD55b9a0bd0700d57e5dec5754e21bd76c7
SHA171b0d6ddf4a268dfd7319de66368e4f39b4f70b8
SHA2561cc14cbb216e79f8a5fe12069ef9763c4ef84afa1ae5c5dfed61e67add7c830a
SHA51271d120ef03daac73f4b08d34d970110219787cc030b4ae86da16a1d83cc71b1fb898ff8f23110a45ebf1571dab48ff1148a55a8576fa06112cf653d220275bbe
-
Filesize
153B
MD59e9f7efbf93167744a255fbe155cd518
SHA1ebfd7a5069904df07821203c5ba3a27842672c5c
SHA25624a46d586c5c9170d46fc63527c02ef81361b92889378f1b7c24fdb898c1b8e1
SHA5127f05bf2eade7eecadf8096ffb98df9e1d3d8f4bda8dc39d66a68545621a77e53e4fda4ac34e3fe63981110acfdc98f781e079844e38c195f0f30f205b439f407
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD58ca61072dda7a52331b52528d4e842f0
SHA121bb577abd5f035bd163ff5f5c35bb4fa24019a5
SHA25696c5b00cec94fff21abca658df17a006e9af81c15fe8be9680b36a3620370d07
SHA512d1120bd22547c288d40a572d3e08dc038c72ecec153e7129af23b7a9417de1d995fbd2a8f1b599bf1811812d4ed74a0ca457d76c287234b93d97ffaedf2c0344
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD59510200cfdcfcde2d416bf762653d922
SHA12717d994205d2242e0030a06dc03cde09e492dcc
SHA25610d79cf91de1aa38da71970f7a8844548f80fb4e2670cc9d8173aa525e3f1314
SHA51272c0503776fe4e7341bf6e1d891fa91cd7e75f29c9b9494fe0c52065800abf58a9617b48395e1a9254d6d748347997111fa7adf6e67deb09220a0e532d6c8cc2
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD5effb415bdb37f30239e3b0a641164bda
SHA1f2548edb8cdac1afc5db98e61810fc7ec0328a22
SHA256c7b7cb52234111c7581f013dff8aae9d38b2d932a74238281cc08426bc9367dd
SHA512dfc8df05e404f558e766b2b23466fcfa6032dcc40413176a25b945d53d243e1e339156eff495fa65cb884a60cfb1c410d7d69c903ed52ef837838b7aa9f9f51b
-
Filesize
109KB
MD5cdcf678f9bb4efc814d6f56e70b8c0e9
SHA1110bc013b7766dc9aef6bf6284416e308e067efc
SHA25681db1a31d1453c7ec9cd89dfc67d8379ab283ddab604028d6e486ca0a124ec18
SHA512c446a3a612a174364ca7ab0099f6d9489b22a75839a42f6195047e9725b9d7e59719e5be9b47e5c27dd81c333c663a0404a68153275dfabd64c505aa62fd703c
-
Filesize
172KB
MD5d5b9da9217cdeb19b67ec5fb20a44825
SHA1847e763ce7fe75444f6638d90423fe076b1a78bd
SHA2560de976e0b84389edaeead1ac07dd4c3b45e0bcb4c6b5879b7523fb68b3a144a7
SHA5129ad89291d55d7cf72cb774dfa23ef0807c3d5217e2b423711b9a43b6740010def1966bae7c304dc636440e1698f24efda5906cbdb5c1200013bc64371e27017e
-
Filesize
10KB
MD5b3d905c9b347049d6b268b0bd2d33bd5
SHA10b589e7b75b6beaa1787a9c81b0074786ba4f6ab
SHA256f6187e425be246ef5da49a6a9f1443744dd764b7a86341baddb6e7b5710f7c7c
SHA5126435487b7e821c454fe8bf32d78391b0496ae188dd96b1cdfb3c88c10c76c5c94bc197af619af7a85f759610b74b6925f2e14aa2573950c655b3b1a1d33d8353
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD5e2a3d1b738363e36593be7b3f75f907d
SHA1635020d481fc2833a9a62c48b68d22cde7d49396
SHA2566b77be9b8aee6d5d6172cf2c0891c6b75f15f12d82129c89caaf98114b62f8ff
SHA512bd6e814b7d4287c5175fc5bf0c0c2d90df7ee1c5852b08ab398312f66ec324cf8c935314d22807f9b9ce467f4c92313614ae3867c12694e909d7e6c178b853e7
-
Filesize
49B
MD55e322b53a8b9c575501abb4b6967f006
SHA19bc8adb015397cf4dc2127c129feebea0eace0b1
SHA256156dfaae4f44beb6aea474ecd02d9897e97c10c6ad55cc58286f50347bd2bc02
SHA512e4797029a965caa162b0312a2346ee8be172fbc97efa296c6eb4e0e22d475ab1a522b9ec7378cf2f5836790d5cd9b2cc3c4887686607ad1890df3866e47f8b98
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD57839fbdead8663d56461e3c706f6cfb5
SHA1be08d84badf119b0bc0af045023d1a71b299305e
SHA25607f6cf97fff4b2611bad3673ea623de39801c115839c951259fb967b2e1e9662
SHA512087316e60eb73f2105d0ed90948726ce4f2c6de4c582f1496013199d63b4c2d294d5c3fb4f9fec4e5fecc80d5c237e5ea8c18b6d8b83fcd43f28f2c324e510d0
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD55e14b149c6cdce31f959c5cf7adcb2c5
SHA12c89df3022317829009cc82da53b3d7212c2885f
SHA256d2f53a0baeb2035ff50efcb5e23bdc86828b7053132425336f896e6f7bdaa6f6
SHA512547b294e9477201df7779b05079afff398c1c29a66d56e27873deacd93ecf563de4925a9ead1672d44d4d39b818f14ef4e6f508ecf654ef800a49d191fb0b08a
-
Filesize
21KB
MD5d25df18a7af3f0ead48c9f3f1834894f
SHA1dfcf02030105532681234936a75108d3bcd1f8ef
SHA256a7f5090e64d89ee9de8e11c81b8364c6be43f6a8f51284cf8446ad7916139c53
SHA51259a29fa7638fdd03d6a1f1ec35da338505ba28d9361d6dc6631fe7c781b1a5e1213e52b37320fae4c6e8b2f334691bd3bcb0a1da1c8ab7a09d7db2a52309e171
-
Filesize
1KB
MD5f0c7df353876c597f9a17d68444d998b
SHA17669d74fd49e2a1ab87fcc27b6a4507aebd5cab8
SHA256d2f3d573fe2e144e627dcc395daa3878a97d8e11e392e078cfb6338eae3b8c24
SHA512172d0822d96f1e1f7f13aa8723bac3cca55a5d1794c9bcdcf37249ce979abff7fb631e14a153a2d8133366842b017347f5d0cb0a010f140f13a98eaae2b4e7ce
-
Filesize
952B
MD5fbc941160d74136a823ec92ffda1ed95
SHA1987bafa3dbd788a09fc9479610b67022316a5e67
SHA2560b2b1471385637ef2f877a6165eabfdd4472998acb5972ce086983943c99ea6e
SHA5126c034933d0302cb68204817514ec00a79bcb24efcc5e08b562df23baaf0499572538f031149639f6752aea77587a47a42f98a9b9061b1ead814a7b4b70684398
-
Filesize
121B
MD5e7de7f7e6ef687c7d381d5ca1ffb32b9
SHA1f5bb25b19991378aab6f4b6970c3d8ddee9d4f9c
SHA2567a2310b5a3f55c443585ba15ec7dba0288ba1ab39df4ffa504c7205818f12af9
SHA512d3dacb8b30fceb8a149d547f06ab7ae13ddf3df5b2a5c0ccc7073c4abb7c58bf2767d6f29c8b245ff5ff2c1aa588aecde763a30b1f34f1967650806f5d56f47f
-
Filesize
1KB
MD5acad3e5fa9a1ce0039efd8acedd278cd
SHA13902f7d7439325eceee818cfb5ceeb2efdcf78d8
SHA2562d2a7b60a31c665dfbaf6333a01f16c5926c9be91b9fbd95ca7c0ce7df760b6d
SHA512e65daca78f8108c6a57fbdf7fed14d833ee219b4f013ba2d220d41a1ea07f000dbb5b9a88e7f869e3fd33b00932aad7ff127122e5fea185d4fedc9da2eae86d3
-
Filesize
8KB
MD5ba88bf7a9d6785fa71889a57dcb64016
SHA193a85ec4d353de6eae9f96ba30817107a520f750
SHA2563e5c69d5e0afc31e53cce60833ca80319216c9c264b76ecaf45e9c7b0563222b
SHA5123d53b4148d1e1b63e5a096f5ebe8fd3d7e9271284124628c3d6a82a5d06e57c0678b792d9f51214a453a240070e680eb36fdf745ae814380f1ae41e6512c407f
-
Filesize
61B
MD592b3bf8c42f09e3235b34356381df8d5
SHA12ff324d59349a2f58e463e6e0e0b5381052f2070
SHA25663ab651e5c4b4a0fcb4e8babb79c1343d72396a8835c133a9f82fc789d7be372
SHA512dcda29be995430689532e67343f9844b05b170e2d427c2894730a90115ce6bd91435bf79484abffbe74638c7f1cf22f401312015e10af23e562a0f19cb72dcfb
-
Filesize
914B
MD5a769f7054ba5615b2ab0d37df49950b3
SHA197a18d06cc64183e7c22888ef1a5808610a2b14f
SHA256a06c06b71aa4f3b7aed2fb81f89767c1bfed36dffa274f6d7735d680d866307c
SHA5128a88c3122b4b492e245ff88d3245f3cd4a44ac8af4ac414205c7a08d2ac18ceafaad08761711150ac058f158956c343a744c08f4c27201edb3f8531a2c471eec
-
Filesize
90B
MD51cd5b8df2030f763dcafe61798d43a8f
SHA17362eb15b3963109fef3330cbae2a0d22ae3e99c
SHA25626300cbaa06b01d74a73490487c4bd23937cc569329a14d40a99041e17a6b013
SHA51269e88154f7751def41750921b6bbdfe59c84aee97aed46bd89a7c590a63145235b3e55e3bbfc1e35a4b286678e3619c193e2b39f2e031a15ad9c6c58d6cd1993
-
Filesize
90B
MD597c64eb75e1fd0581917afaec633ae53
SHA11214b041868ddd81c34284b02688040ba6bf6fbf
SHA25625b5162ed3b8dc60fc115c9e3f714f9253f27b42cdb08bccb590b02d076a0ded
SHA51207d22100080536694974e986c7e55054713e6f964af2d8a15348975fef819f8d3c85f3542231081a4948ffdb92bb044f9f691e5e2d7b7ec21009adabbd38f60f
-
Filesize
328B
MD536c38aa4429e3447d4dd48f167075184
SHA13096d9f8ce4c67cdcd05921d1c255b71b1a038ca
SHA256dcf3e23bab171e8f4ecd1ca7704516df5d404a3046fc8c8705fdf1e5120969f2
SHA5129f53d3800ef7e55a57276ed05611715decfe3e9d4f4e4d58bf2d1eb46eecc10bd87b962249c1d90d03e1de20c2450dc20e4027652bb44ee01baf6cc7b8d67f38
-
Filesize
1KB
MD592011617f1712b1e62335c6962794d33
SHA192a5d2b396d56c57718ef0239fe92583dddcc64e
SHA256a62b32572a55050a4f51606f0ac13ea6315ca32959a9acc5048b3789e595aee9
SHA512d2436cb08ce93f8556de785d9a106aa3e36439727b881d964597c4cb8e0bec4975b41921fa2bc4fdde1f2b43e8aab65e8dbddab065c675566ad68ec6ceaa9a6e
-
Filesize
162B
MD580763720a68ae876a8426f14717651ee
SHA1af6cd7f97cc265fa9842974098f59f25cdf4da56
SHA256bdcd72e9e0f2c1930ae94e77145b2825022686edb42dd2a4d828a7fef0ae6a48
SHA5122d1ba00d7b0c0437565f4760c97491bbadac37966b2591857a71ef3361d35537cd958d7bb255b0aa14add5b702ce5104a97f945ae4588032f93457f7cd9579c9
-
Filesize
586B
MD5ccf370973143e9c0fecc45410af659c1
SHA1df33c9b3f50e7856488156c2ad165560ba4216fc
SHA256cc693e7009d11c24943e7a3d2e932088e698055142f608daca5ade73160be7cb
SHA512893bc919cc33694ae9bc2fadaa513e4c00fc6d697b8e52d2d0ed619678b15eb896d13680f018cd11274e6d1255d6c212bbf44642cc55a8e1027b8dad67b2cc0e
-
Filesize
124B
MD5bd9447c60f16271319bd1e250a5dda8c
SHA17ea42467b0028f561779ea3fea110d91bb46448e
SHA2564c017c3ead55f17bb605438576f11380257db9aa8f7958594ca66e3cf8d10fa5
SHA51244e95fa70de79d1a0f2f32522c4ac7b98ea189ecae5b9e5727bfdc673c685963c782bba75fef69cabbe4f3179072c9c24b7111c36a07c95ad20ae96a2be316d4
-
Filesize
8KB
MD59fd7a7e94ea3916c418b69c2b7842733
SHA188e021ebfbcd9f7e72b878569990e7fb508ab250
SHA2567e5ade2dcc8fe688efa468b5efe8294dfe9a89287b7cd90cd09003dd306673ba
SHA512e9c44f74895b31761a9f537082814de3b811b98ee5a23aa4510187dc580a155af14bd2cc9aab9a949f8e7caf4f071ddb2a405b4c89e8e80f9c20ee41cd3725a5
-
Filesize
880B
MD5539c34597f57bbc1749dcdb6b916f8eb
SHA1768c27cb5f000f7af25a1d9ee20ee84cbead2017
SHA25621c6b2b85b06059ae8d8e802a1e5d09f792eac0254375b8bc283ca2b966df2bf
SHA51295073c340e6a0ec208f70deb5638355383ffa1bca5239a7657c1419b8ca4a22811edf93365cba2dd9fc2fd079bc830d26f2c4110fb9100e9a4843a852494cef4
-
Filesize
81KB
MD545d204bc8dd5512299e568c7a944e336
SHA10b0608645609b2569d2e16194ab71fee3e997a75
SHA25658412ac6ddf115e7b61567b69879830bb70734c6d697b83a1438518b8ec19172
SHA5121a5126fd530ecfc93acfa00795923d1555fbf35b4876d98df907ebf9406e7dea2a1614ba1533691fe0f3975e40271869034384c507d9417658a61ac2da64c7a9