1bbb5709755dea9fa41ddb5c9c809c9d4bfdbc5a1d8227ffb8638b96bcae5733

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 12:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
Size

12KB
MD5

0a984388f755cedbef29773a1cf9a233
SHA1

ed5407f8c89976172b67d68ac7bd7c55c2917068
SHA256

1bbb5709755dea9fa41ddb5c9c809c9d4bfdbc5a1d8227ffb8638b96bcae5733
SHA512

0881e6086e73c8b204ecd476a60cfb427939a2781019f2b3c7230e13c01ef46477d0ef49f8b6cbad3aebff21a2c2c193384618ae7b0e785914190fc53d6430eb
SSDEEP

192:59/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjaGpsHcxUw4h+lfPtRM6H/1D:59ebFNw4Pk1itKkpAjjJs6B40W6Hh

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2161) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\N8J9qTLsbhhP7RS.exe"	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmcom.inf_amd64_neutral_716a306ec3899e04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnso002.inf_amd64_neutral_c3b7ce4e6f71641f\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00z.inf_amd64_neutral_aea50acf04a2db1d\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Reserved_Words.help.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_do.help.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\gameport.inf_amd64_neutral_fe5c4f29488f121e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00g.inf_amd64_neutral_6f76b14b2912fa55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_methods.help.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\brmfcsto.inf_amd64_neutral_2d7208355536945e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00c.inf_amd64_neutral_79ebe29715d2fa47\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Arithmetic_Operators.help.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_try_catch_finally.help.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Windows_PowerShell_ISE.help.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep00g.inf_amd64_neutral_2926840e245f88f6\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_neutral_cfffa4143b3c4592\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prngt003.inf_amd64_neutral_8c9aae54a5673a35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_neutral_3500779911f7f3ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions.help.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ipmidrv.inf_amd64_neutral_1cb648411f252d13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\xcbdav.inf_amd64_neutral_cf80e4da1c95e6e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Arithmetic_Operators.help.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_neutral_8693053514b10ee9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-COM-DTC-Setup-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_While.help.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_objects.help.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-LicenseServer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnok002.inf_amd64_neutral_616c1e9b7df7d5a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_FAQ.help.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Throw.help.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsusbhub.inf_amd64_neutral_c67606b3f53ae4d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_do.help.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ehstorpwddrv.inf_amd64_neutral_ecd233d7cabbdebf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wudfusbcciddriver.inf_amd64_neutral_adc3e4acb1046b4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-COM-ComPlus-Setup-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_arrays.help.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Variables.help.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prngt002.inf_amd64_neutral_df2060d80de9ff13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0007\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Throw.help.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\avmx64c.inf_amd64_neutral_8ebb15bf548db022\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_profiles.help.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmaiwa4.inf_amd64_neutral_6e97842bb8d9e6a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Comparison_Operators.help.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-StorageMigration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pipelines.help.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr005.inf_amd64_neutral_d140721f97061bba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_logical_operators.help.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

Processes:

0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Mahjong\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_initiator.gif	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR34F.GIF	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\row_over.png	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\PREVIEW.GIF	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactLowMask.bmp	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01299_.GIF	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21366_.GIF	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_m.png	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\17.png	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\System\ado\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR33B.GIF	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_left.png	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\flyout.html	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new_partly-cloudy.png	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\deploy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115866.GIF	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\TAB_ON.GIF	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Places\TOOT.WAV	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\settings.html	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR45B.GIF	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\InformationIcon.jpg	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\TEXTVIEW.JPG	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\AUTHORS.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099145.JPG	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.png	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STUDIO\THMBNAIL.PNG	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\winsxs\x86_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_it-it_fa282a13eee96e21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000042b_31bf3856ad364e35_6.1.7600.16385_none_58f1c8306ff0d14a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-870_31bf3856ad364e35_6.1.7600.16385_none_2adf2efab4e0d9c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-e..extension.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5a191303e7ea2e7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..truetype-arialblack_31bf3856ad364e35_6.1.7600.16385_none_4540bd0a80a4a192\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-offline.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0b487f12b9eb512c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..packerror.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5f9c57ba8807ce47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..l-message.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9c2c816edcf094ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-v..cprovider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7201b59c52bb7dc5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wsdprint.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_14ffeb698228c132\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-appid.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9c3f81e0fb137f10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-e..portingui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e60e08dd366bf58d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wlangpclient.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2e287ed3d1e0ec75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..rectinput.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3809a7b28728711b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-deskmon.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_14203ba108d8b770\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..-ehjpnime.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0753663248177b7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..ragelayer.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8ae0c4a3630e5839\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.workflow.runtime.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f292b941fa7197a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7601.17514_es-es_2447dc63f323a66a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-quirky_31bf3856ad364e35_6.1.7600.16385_none_e55404efe49bb9cb\Windows Balloon.wav	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-capisp-dll_31bf3856ad364e35_6.1.7600.16385_none_2dfd318e56f71628\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.printing.resources_31bf3856ad364e35_6.1.7600.16385_es-es_90f754daa0d640f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_bf692d6d471e02c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-behaviors.resources_31bf3856ad364e35_8.0.7600.16385_en-us_4207b11f840df3b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.1.7600.16385_none_73837d07d5ce032a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..ents-main.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2a84ffed6cf35d53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-getmac.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_43d0539173bc454d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-appman.resources_31bf3856ad364e35_6.1.7600.16385_en-us_49a224ccd23196d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..onmanager.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_9d4aeebe4ef0ad3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mdmvv.inf_31bf3856ad364e35_6.1.7600.16385_none_a3737237579b3ac6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..deviceapi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_51feff1b2baefab5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ldap-client.resources_31bf3856ad364e35_6.1.7600.16385_de-de_32516987997ca2b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..t-console.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4de2e348d7b2501d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-u..anagement.resources_31bf3856ad364e35_6.1.7600.16385_es-es_04e4a89d8be64bf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_it-it_47e4744f4d07677b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c48c8af135e074d7\settings.html	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_64\napcrypt\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ftp.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c522dfbbcabd6055\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msconfig-exe.resources_31bf3856ad364e35_6.1.7600.16385_it-it_60c037f1366449f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_hu-hu_e8b1af57a860d0a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..utoenroll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6e3ba8f78468edc8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7c3aeb36c5f98c70\cpu.html	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mprmsg.resources_31bf3856ad364e35_6.1.7600.16385_de-de_dbc557144037871f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\a7bc3b42b60c8eaa28b5b62900c9027f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_Comment_Based_Help.help.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..extension.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_79fb0aa47a85cf5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_mcstore_31bf3856ad364e35_6.1.7601.17514_none_c7a00a3b9c15f4ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\Boot\PCAT\fi-FI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..-provider.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_80ac76c21164a1e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..-platform.resources_31bf3856ad364e35_11.2.9600.16428_en-us_adec71edafb3cadb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_3ea6d01c34b5cc55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msinfo32-exe.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b27b0a643b545c81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..terprisee.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_5764e47870c6b972\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..atibility.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f8811f2658b6d944\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..libraries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_08f5a3ad3ab2a987\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-adminmmc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ae5c030b6fdeca2f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7601.17514_it-it_1e4d6c8ff7baeac6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_devicepairingproxy_31bf3856ad364e35_6.1.7600.16385_none_8c6303bb2f83ca68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..opeerbase.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d73871b59294ac44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7601.17514_de-de_f3e6bfd5cdaa5f0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ULYNKUVBFRKPFON"	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ULYNKUVBFRKPFON	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ULYNKUVBFRKPFON\DefaultIcon	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ULYNKUVBFRKPFON\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\N8J9qTLsbhhP7RS.exe,0"	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ULYNKUVBFRKPFON\ = "CRYPTED!"	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ULYNKUVBFRKPFON\shell\open\command	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ULYNKUVBFRKPFON\shell	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ULYNKUVBFRKPFON\shell\open	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ULYNKUVBFRKPFON\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\N8J9qTLsbhhP7RS.exe"	0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0a984388f755cedbef29773a1cf9a233_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
b771653f5f13cf1dd83f1f720a2a6b2b

SHA1
9a00f0a410e9d0f3f11c22af8576213d2f66dc4e

SHA256
f5d771e49e5415e2f41f1d2b2abc9a38d076cc55ce7a11959ee64b83908005f1

SHA512
51708368cee85da6e5fb08ffec0730fbdab0dc592cfe70def3493f9cc4d06bf3b70d6553d5a33e0ca58781ab06d0d6f8b65d426c884759915f083a63ebc99f39

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
9b1dac77ab888e55da86f22066cb7a91

SHA1
bd6f030b4c1e5583617e2e9dec91a801d70ebcb5

SHA256
bbaab22944681a1e11b2b74a5f336ac9fe26b220a11be04be0ba6a99b13e948e

SHA512
ebdd0ddde47cbc3247453e868416fbf51476275f4db923aa3555faf85fa773a8ba732282368b0b7cba92d3dc5a0712f397f025e6ca341132a8e075c6a73b8f01

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
361f6f8f11466066c80351018fe342b9

SHA1
72786db8c449ca0ca38fe815d45c49953239ce26

SHA256
6694d54a4958cd4d9e27c2113328a6facdfef5333d3be4bff38fce583d2bcf96

SHA512
fde52b536f89e9e28200b31314e9ef8c95c0e7a54d61300f0016a4f7b8bed1efd2e135b4a066d830b478928fcfa10b9dcd211157dbf90bcd61f28fcda10cfbde

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
81eb0d628574407978de1c34261ad3ff

SHA1
d21f4b45c768d40d1b315c3980f52af3c2a82cb6

SHA256
892e1eb52fae96400a1ba2b208a5203d6b375fd8d7643e01771e974507099dcd

SHA512
d41b6182ea1eb44c000b86b95bec5e50af28670701f1d56989526784dbd5a972272c94405aec6efaa73109d6be628405392a61d203b9365452b3f00c2da30a33

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
1b2eeee496e1cfb9ee3d263bdfc39640

SHA1
cd4b73b9059c2c1db586375592f52e7654b6a0e7

SHA256
8d7e5b7739bd1359fbe3766d82a9c5f6f97f672b94e6cf9f6feaae6df6d6a0ad

SHA512
60a0618fc7bdd5c3256aa60ffdc2d200b5fe48b3b2ff2bd44ad5aec4acf4af93a04ca3ad343ccbbb0e09de0aad6101885cff9cc91ade831db4764d0b6e9a880d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
55d99b2a0c94fd555711c2986da3aa4e

SHA1
411e8e0bc64f6460475abe4c8f76f5a34e92749f

SHA256
3de6981918be6bb50e5755fbcd7c2c903a56742ed16d6b5576ac156e807876e1

SHA512
13bc54cbe3d54f4ffaeebad1e415d2eb83c3b0f931fbb95ad3554633d6cac0d0b7020d371368163723e71ea6a79bbbc0bfb10bd3c242697e12f70aa4e9da2102

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
c3b737ff4af2ff8e56165c726edfa9d6

SHA1
791092dbddc1b309899b850d3e65e2dbccafc356

SHA256
d232ee0ba92bb4b93935ad99e33a472c63d283e6ca65f67abfdb740bb01c4406

SHA512
848e87d6b09cc0b34a641de29a8c7e9494924ba6a8326a9246bec9517d80fc9ffd22390ae0243fa7c3a1cfdadc4acc94b36de9cdfe703a7d10d9cac07a9f609b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
a23b7dd1ca37d3c6afe2eec5b8364040

SHA1
47f029330853dbbfa68e6a40d945d6530bfdbd6b

SHA256
c2aa900893771bcd1441f4d3071f14af0fde9b491b002029fe87ace3b90df728

SHA512
ebc36af36912ef804ed04ad49259eb5f1f5e3a4f16d66453017f662a7033bb70406e0c4ec5ec1b5c94d15aeb2e4be733f79e56a47c8686d3015d71aa30f2cd24

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
973c5682343933c20597f4fbfd67c596

SHA1
2063360009907d3652c064f1bd390568a18c6cee

SHA256
970ca92b392030437d9b8f05f714fc3862eb4620e46107d8c49c2a20a56012de

SHA512
b45a2900c325a82979d441c1c9617a69d7c59e141ce7ea7a70fb4d79acd31546460d6f3918600694152df508aade039ddc7b788277b81b58d4bc3429a036bff8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
b4400a2edac28f23f74a64a91fbf3272

SHA1
102baf0c25311fba71c11fc9f9a6a1a1d1eec96c

SHA256
93394a3c2f0e262151dfb85e2d4aca30f5fe82afcaba9ab7e8582acb2252bd37

SHA512
02490abe254944a12595f56411d693491f5fc8458ebec0ef6b74893b8075bd9dc76dea785d3ba2b1516e4b6f6c551c728fcc2abd01a7a8daf504a84a93870589

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
649132fa3049c1adcdc65eaf1babf7f6

SHA1
c9c430f5e9026c2ec76557e2e577cb6e6ed4eaf8

SHA256
a6bb06d339ea1b8ed06eaafd5297cf78ece02e489291b601e288c4d22630101d

SHA512
aa790d102d6db63be4f4acee3cd12e7aa12c65271851809582f019ef0d72fdbdf9d95e100560e74674e542689e84a95cc2e499fdc5cd72af188030740cdf5dc8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
a26e7405c6a45bf7578d061fefc86289

SHA1
60c88178a489bebc8210e38244335f8e6bf137f6

SHA256
ab84b3181964b116d1906bb5b092b31b9646ec6e44cdd3d070202900a8e9ab55

SHA512
ac8e12c0640adda544713c4aec7f0c522ffa037c8a0b74cba4d827de40ef663ded06f204ed0a82598c1208d2e0f45ad77ec489f69d1870f019194e9d6f2002f5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
347d84b0c0f2b4bdf2a4af6979fac160

SHA1
e2d0b0a2902b7c179334bad9e16700b7175fc091

SHA256
c9ede1d231fa7d01fcdb26a677315f7a03e1bad800f658bcfc7957728c8101de

SHA512
263b59418f91c159cefcad96bac39a25f25d1e1959ed17a668517fa1e6d62eeb726854d0d3e82ac9f80115245ef0ce4f3f27b671274ef491e02f9fcefa06a1a7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
1a9c484d7be41c61df5f141041b6a753

SHA1
db022c78dc4ccb136dd0a30f104281145a3e05b9

SHA256
8189d2f067116eecac349d66c2f9f2d3b3354331777651584715e19bbf81c750

SHA512
09b9bf181b588042a42cb2b91d9c73bdd583f9ce59a9c3de74d7751d6ba4783f0bc55da0a07fa4f8486f5e94ee62810cbec47c3a6c0c57b849fba5cc41532ae0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
a339d8a287e9d32030863b17d5932a05

SHA1
8ef5bccaf9fea75867129582cd16f9280f78b837

SHA256
556c6b79875990e1e63c5dfd1cd2f2e54e6e3b0a8ca3c0cf575ed67a759599f1

SHA512
d58bb047e292d830caaa140090c2e09e163114a646b9708bd643b4909f3c53fe10761f8b198e03298556b6017639d88c5988ba7c42af102ceff777c9ea3ccd60

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
8f7cf3972a90608cf75b1fa4f65aefcc

SHA1
71f00f4b4117d0e9dcf94488f8abedd863bdefde

SHA256
2fa7ed6bc251936e9ddb934b4024d39499034d5677bbfbe31cb93cdf10fb1340

SHA512
8034f2013744d2c9bf10f9c9f4aa1de8d81cd6e2aa67693ba6afb3de193e8bb2d2680265b8ec1e4142f062b67eb1a0689c83e260f27ca6bca5287ee574b7430b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
d5fc76472055dccccb13b6190c5926c8

SHA1
8eb1b631aaaa6de0cfbff75934114b86d8761ccd

SHA256
0ddcd9a66f3d2e477b45d05dc57fd8efbdc4a8e48d674ba2bcdfe5f337b966a9

SHA512
33f93d646d235c366987724d13c3e8e5384f68a9b28ef3669f2e1e60f57bb65cf58d1338a1355c8799ccf460ca5dabb3cd6dd8902d149443f6f95244beae28b4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
039b130d5d70badac5136e2b0d89366a

SHA1
27c4aac78b0de8ec293d04189e286667927b2b77

SHA256
33e14e3397a5c2d07fdebe3ff81a88ef22aee037e1ad71c948e3c8dafc611102

SHA512
30c7d05d678ddc822d2b2fbac6108bf4e8aed44f9030a699ac05205e542254caaad7c67223c0f5bba16f670dac1b0b4333204dd708802668a46470949f0fbce4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
7bb8636e0122913172b58240d9b00af4

SHA1
536db7d17105569eaedb513350af22f4654370d9

SHA256
d9505046315ae4cbfe92767a6c11f96d2c5cb9caf1f7b62d8fe99a73744ccf5e

SHA512
294b20268b9926287f0caeb3dc8c09a4463debcb0186178a6e5dc4dd1277602d39c547334bbce3e0b774821597ff1b5dd72b9b786b33e22af4c6fb18c5c9c6d7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
89eb52a0155c7092f967299cd700ccf0

SHA1
8520f084c90c26822910c7c1ebcc43330adf01f0

SHA256
8629045dfac47fdc7b1d98ef249c0adaec6f83b2a4f53edb1bcadada554adb65

SHA512
c87131a15f4a556c371b6d6d54365abb17feff25f242a1c8914b90865c0060d4dc846066183a8ac0784d2a57c06903fcab3eabf78cc771d4103bd0315b5f27d9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
edcb47cd4e7365af18892c6638f419c7

SHA1
72506b489b44d7cfbed59f67a251f21b8462acaa

SHA256
2d6317c8d654eb711c1533934ac83b0cbacb2d6438282e2def5555c9845b2be8

SHA512
d122b03177f4237f33337301ef1db43aade187f3eaebe8f92cfb6a66b2168dc24ec9d28215c8f68905cada4472ed54c120a76b56a3778993cfeca945801aa041

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
2467bcf16a8804a477a966544d0860e5

SHA1
34302721fec97a97900c6f224f5dd610012041da

SHA256
1b81ed7cfb047bcbeb1be29b1625da96c2353bd9521f53213a7ee70d6bcca28a

SHA512
d999a3e650e8cc42e287ea7863140d85f71820609a50e40f92cfcaeddf5e22ff511b847b207261ce516db05402d08c4591835f6b9082833c7d4cfa0a6d7b000d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
d4a4812de5e37d45a1de38d4fc37b731

SHA1
496e039acf1dbe6dcbe0d5ed4ac513aa374c1f4e

SHA256
1ec7d71c2636eb96980582ade57a4bd7865f74a4acac36dc08e7eda1ae6580df

SHA512
aa41921d8a3cfe955005db441fff74b81ecfca4bedf69261b666cafcade2e61cf29359afbb6d3ebaba7158bc4c34bf46258e56cae781c1c02abffafac0a7aaaa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
6aedabbdcffceab3a15292aa6b4252e1

SHA1
ea3a94c18bd17af90d3a2d9299c11e569e55e341

SHA256
fc764a7f4959b8d4cef9c4eb90a52aa54e5019a6a61b5e3061222ff2acd13a0d

SHA512
9190936530d6ec63702e59ce65790b3d5f23c5eba9b2277b96fa05f893ebf32aa6fe01253060c6df4e772da4a4f00f59a9d5ab4d006b132ee347f1f5545f8152

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
c048f85dee6b03a2540a7d21cd4944c4

SHA1
961343ab3cf32e49cf5cefa7c3b8900fc2eaf31c

SHA256
4950ce8f61e02a7fed0bb9f17a3d6f24016b2247d941a87756ba3d1d58a9025d

SHA512
04330be2c598fc8498d19bdcc9ea136600171d338d783025fe35d6e7219b20580307bd6aa15161cd240f0a748fd4047058be832e429a7c6d584a2a8b79417343

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
00dd098d2fc8de0da9b856858d22ddb6

SHA1
87dc21cdb76d16d206afc7806692f8fb63c1a8b5

SHA256
0cb0f4df575ceb9ce0fd2cc9141b5ce88845be6038510e5b27bafd3d0341cd48

SHA512
6beb4c8d43d8cf98b00386e6131e193a53b11618d2fca8b4645362b42dcda1781fd4bafd8e1846f7c1edc0b7e73f2342a510baa03b68d6a5ae6becaa9ea96ac8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
fd6f08cc51b5d0087932b5200acf5ca9

SHA1
33a42e89ce79864aed98ba145b7ca08264158be1

SHA256
c3bb08a2c105ff52bcb8cb4f9c5084899433fc1cf48e93d8f4e15190c23dca40

SHA512
b56c71d44068553740d2648f089da23cae29b7e94708528b97a61f4d470a4edddf49165310e49bb3491feb1824174721bc2b19873976fd9b7099a170a9a5410c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
ffa52a1964892333b359d9109ed5d487

SHA1
f4fe23a50476e8f072dccb487e5a0e226b4dfb1d

SHA256
782b2b8fb543c244f812a25caa9b309ddc5a669a5db74300da81cee673b6b52e

SHA512
4448ba432cc3d7add47c3ef9607960d4847861924b7fff8a4c008a94d75d767f2227a5f7f6d34ce6bd37c5d93a46a9f98df05d6bca8f04d46da678a5065a3c61

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
770ab1b388ccf379152353f128041fde

SHA1
a2f88eea067cb5ce375a6b001f2cd45b4c983e59

SHA256
fa095c164ccc75b0efc4d122dd4f41803a2ee73cb902ce0a3c19cc836ebb1fc8

SHA512
e22d2e6fdb0316517af11991dc0de45a557a7e66e09c991f181aeabae6c05da8435efb2f20e4f835745fb4a9f0777f9733fe9db968034f4721945127591fd9f6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
95773cdcb0c2658d3b5d96f8a694b58a

SHA1
2c27840e8cfa4e3900b61706e1108b8d38b30b02

SHA256
30089d7a7e2176d8d1c66950840af1bc10d3cda74eab5ff47e235d620a6c7618

SHA512
785bcc66afa3724e3a5ecfb1600cc63588cdf2124b0adefc638602c24147e9a1d6c5bc58bc689bfcd241bea4b4523c220de7bf93e67fc107438950d96f4bdb8f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
4eda3d7da40d309dd2f745a3743ad6bc

SHA1
d67f48d27270854838fb0d8489d596d88654b655

SHA256
cb7766530f7b4ab87ce0836f1eec2defeb8ca000bc94cd9b168e5763eea7359a

SHA512
776a868a6127d04426014e408ce22e23001598c168588b18267a2b9d090238ee2299ab4d99136a374f063e6fa1c76abee3c26ee939d846f8e012844b9bddf279

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
ff6fe816c34d1e4edebccb8430f688cc

SHA1
26663a94782cffcc68522b2ba6e767515dab153a

SHA256
9a9286ca9cf8f8bb8f742c41985ab3b02682590d3c2b5d640c21ca1b8e231dbb

SHA512
c0106d432bd09eb4da2501ce68602d0b20a1c62b100b70b38e7a2dc12c438e939f9715ac15eaac83df37cc3357d9d04c4273a320cce055b9c7f29aeadf946524

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
2a5a66a0a6fb1eac28df2eeed24ae522

SHA1
6cd4aee0d844d8df05f536721ed3316ef5d6a31c

SHA256
4306d416485bae646c5bb0bfc1194eaa151d2f8661927e62e7d004127ce75424

SHA512
e0ed5e32c3291528289aa32f3b36c15d31c257e87ef3ec17c4b7d7e9b381f18b641928ba8293426fb7a5fd3d5353259d78ab73b3bb977374f2e0268ad8c1eda7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
19f39fd7c11bb18b3c65e8ee27835301

SHA1
818ec9155d041dfce0afff6b38d63b16f02521c8

SHA256
c38dc89e3091ba76308476fdc6e6546ba70154fc1bb7688e7c424634ba819453

SHA512
9f9feeb1317851431cb02967b427c552e8d2138e80018f0195c5f99562e5705774938fad17bd54c8d34703418f8fce09cc6f97ef2da5e9d20266fc9898b88d40

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
54531f5c010251c572c639b1cb92e379

SHA1
f433ba2b7aae344134183d166871a31b42b19e76

SHA256
885a8de78ce3c134191017e9f8e1923a9109cd1114426e00026f4b9820f04373

SHA512
76a17e94f7c671da3be2bde44b19eaeb916becd335ddb2e3e99be3ba184e595adb94af38ac405eab7bab677421a8ab53e1ee284965aae8f5d0abc32849f72d23

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
21b354f0b50d64a016ba8d67a39cbd8b

SHA1
39413e860bdee67ba525957bad7ea811a897e44d

SHA256
e7e6eb20fdb323e813f59f90b663ec04ba06008d09d98c457257e4ebf95ece42

SHA512
ab7b9de6cb681d9d4db98522d447c6aa79134228ae4510530bd2b0000924190c2a421f99c653618d71ca46c3622962597dac0b7b1c5827764b84d7a7ffaff205

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
f40a16a1a38f546224f3b96ac3034603

SHA1
fa10ef5df6c0fc6536d4be4cc20ae948d910ad0e

SHA256
3285ed7d95e160203e03c9382f7f9ab2bf0adfc7de8b45b09b0842b3d906b45a

SHA512
c18f26e0273a5de439b7591c574472cf8868edbf574f5b355f3d19b3b1a468a125b70cd1dfb21b7031b56776f813ab8d7f958224ca59145f6073f2328b11d3f7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
ea2bc234a6e730b4c68f1a07c6e714e6

SHA1
e06043ac87251c9b247def7612a203b9f95494f8

SHA256
57d87d8590d725e00e7d8aadb534e32c58ece0bde51599d286d29f247cc49ac9

SHA512
54bc9b4822c699ac90d408f92aba445729c2f834a085d6fb9dbf1107ee4b6f27ebd355ca955324adb8180a926d5e8771b8e28dbd4bd3dcc3e65e03acc29cb6b2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
3ef03193776eaf2447e27246dc6b098c

SHA1
04a1a484ff7ce1bb04bec073787c99b6a6172633

SHA256
02887fcb5711ae715cdc29f30957068eca3ea5d868f3dec81e8a97f8e1c08fd0

SHA512
a636fe56a811058d23e171020634a12a4958433eec7aceb8cc1e4e8c0ebfe168b2542b0dbf5b29688ff36719c30e651ba1a45d6b639dc42be8692aa01a3910bd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
6d9da4fa2c37beddd5985c3c17ea85c0

SHA1
f8ffc5960b05fc8d4832455e5c6f5109ded075ef

SHA256
932c2696ee8c9ce96b7d2b382a99bdabae58c0415b5a3d8b3743a115eb5343be

SHA512
a8f20bb08892795a613521ecb11ce3548be341cb92b59a5113f15be683f13e4d4cdfa25ffb38e6dfeb5c283eca04c68d272aea0ecb9c2fc887e97b8a2a07b1ec

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
80022a12698913cf0114923f5cd67a0c

SHA1
7972c03c05e6469b2d1e6a37a84c3b06eaf5177c

SHA256
2b8f62c7dd673c5fd0a0d740c10637074db0ad2f2b476a12c75f6b0d156c6522

SHA512
51cecc6af72e5baaf7ab5305657f5cd5385d0b57190f9fa5282255f769a1dc91470c3adef3e4d54241cfacfa5b64f5e7cc2261eb67d28b58a37b8122a4920b3b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
345709ff0c95794f781a765aee2d5c0e

SHA1
005a511209ebff896cbe7a16928a6439693c59e6

SHA256
dc2446e70db2f1ae595b5b3829567f5c704ae2c879874ea9211e028e35849fa8

SHA512
2158629463d248423cd69131421b240ee055cd462ff38230fe33d13c0304982198d6a5fb49009c8957ed05b4a4ade72c07431f3c9cfe9c3f402aa956f5a44a81

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
991aca8ee4e176dcaff9f37a7309eed0

SHA1
1c3246c45ceccd7bf5c1b00c06304a01ea73a955

SHA256
f2dd459fb4283bf244c8ca173d6b3db84630b731fcd0e403197b08b5237c71b9

SHA512
5142061e7b38b6b75371f9840ed5c2d83acdf7b15459604758cf209f5e126868a1acd5014813c3a7f0feb0d8aeb11675ef712d5c4bbf5a51e9bed4f5d0a71b79

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
eb5fe5f3cdbbfc4fbbbfe53f5ab0d1ec

SHA1
df43f282ceb29f978700cb9d8d87d94e56cea129

SHA256
af9d5554e3e5cb4e792c1f11d0a3811d9c31efcb46752c15692e19ccf77eb884

SHA512
8d715f98f7694d099507c30db4f05aff59cd0a37c176bc18460fa53500edd3bf4c66aab27398af7a10464ffe521f0e22eb7cf656e40e4907bcf89dd34ea5195e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
92ff7c9e2898cfa5cd7c6200010dadcf

SHA1
3fa267817bfdcf466afb173c569131fe6ac88b62

SHA256
8c54bf130fb5d6280b2f8fa0d770345db05b814755110722f6de3c4e78d002ec

SHA512
7f94140bed6bafa15cd8448b1614363a4a2ac67ce3053e1c83e4a5b1c7469ea3a1d359e181dc3079eb95ff98cd3f49b849c17ae9d21d000a51735a1041629f0b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
263acba9c9e7612f8051137012ad6991

SHA1
783aae0d1dbc99f90de96386f1d25eb210568249

SHA256
516996b53bd1c743a1ed0f1f8b761f71dc5aea9e57a1104ab5cdecc20b2816a6

SHA512
e8de61abd4d5c59fc64ac209b648418e83d573ad3892807bb8eca38ea4b00a1e78e2980db54db374f4460446490dc36cb666809fd108b9acdb40a37ecf641c61

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
790cb25b14eb8043b29701d9137d4960

SHA1
a245a7ee1fea89e16330de30fae63676c1351c85

SHA256
39835b65a48e741c802f9dd0a8c7820fe039c07558e6a53ad30eb27a33f8376a

SHA512
4ef27bca6a14e4c9ff483859000448d32686fcd24afc0f796517ebfa747742cf13a71d05622bf92cd06648c16ba0d1d2b668ad10de7bc209d6bf6554a842c306

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
ff79140654125f147a788328c85fc689

SHA1
f38a93fa5858a351e3f16f5261aa905e7ac7327d

SHA256
157744a3625afe23be74b63912843909e3d639eaca8af9ddd546c1bb5b6969f1

SHA512
80aad2ab2730399ef3d0ce854feb86d999f65200004c1b75bee16349bfaedf1b1b5c674705bc98ff3560112ad2463219dd88f47a5c3da77780abd0b43fc7f72f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
cbfcb413b06a9d9e492a3ab49035e62b

SHA1
538d26dd186363b233409ccf5d46645c58928a8a

SHA256
92a10fcb631f7534f0332250c4b0b2b87ff7819b96d231b80745d06c1c649e49

SHA512
1e8a39fe18bd743d3b2ae20ab4ecd74a496f4c4141210de2fff67ecd774f7abd39f263cf5ef6fef75a478709271ac055948a4d73a94385590f61c9da48412460

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
4acbc556683f31e5bd9759d362a4ffae

SHA1
04425dca506f6c8380b426d4d12fbecdd39ec686

SHA256
d471eec4e6c3fa01f1e82696bab7182298ea94a1ebe5d89a2a81900cacf5f79b

SHA512
953956d1d6b31f307f4cccf28e9299bec8b6427d51c0d82fa63ad7b753dcbbea32bab887d0edfdf652ea2dba1f6f201fc40be6e9b8246962bbf33a0018954fa1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
18ce4cc3217ff4f5287ceb24ea6c09e1

SHA1
7764c8680344643961a6f6e4d22ae1e83c75d9ef

SHA256
d5d38629de74f31d13e70be5fd10f5476f213fe87c019ca3f3930da37d559ef9

SHA512
3bb46277bf080989e906eca1d245a99fdb26113c09421d8e02b43b12ce9f3c56f38330181cd55247cc609d5c5bac8248ebbc0d0358cf9e4210a8757c6a07776d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
cbf5589b1c3d3972886bbce9f21fc158

SHA1
ea61552265612455ddb90fc31dc299f6cd5435f3

SHA256
b960867212e040534c1007d00f8e9c8e421929aff9a3402c978e524169081374

SHA512
c64ed1cc313630363c6d89500cc45ba7f0e8fe7d9c958481666be294e52528b956d369fa11c1dc24f139251a7abc659d02d0661eb870dc0b43a17280e0135ec3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
96e039cf52ad3eca240ff993c9429a7a

SHA1
c7100a2eb83434d1f6de327a1eb4a6de72ba922f

SHA256
baab4ca40ed927a11d9b680a45714c01f39b43fb0aa61bfe09e0cb218c0a09b6

SHA512
0851da78a0f4d5aeee37da8001435f4b6fea126c29f5736c48390fd4007652bbce040001260aa624d3b10055aae619f6f663d05508f9b9be9c075918ce8d8994

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
c4a825ffe58386f11af6a774e82b718c

SHA1
7ea764772aa31a845fc24631560a4cd27eb78b1c

SHA256
512d66b223cbbd4fdd5839d1fe754d888b9c9c07692f14f093f00773ec986412

SHA512
353b871737c60528931a2d44d2950acc8e07764ec65cf862c296f745255cd48cc574a2222b001275221744274eca776faf175890547d5bd6a3299439ca92335c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
b370f0f47978472acda925afeb3fad8a

SHA1
60da5517bd07423bf19943a2bbc01f3336b0a8ad

SHA256
f5699b66c7f4408dfd53023e6bebafca2036a5954e4a7b2e78adff8817585262

SHA512
d43880c5aecc54e0deddd4582eb9db14c0375744d42bf2a2f17491e349b5b852de7ac76d32e92e573fc1c501161c84811847d853e6abd57e714a37c65c39bb59

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
61bdb411a58f026da4eb6ac4d369ca2e

SHA1
a12d670803c189f21adc1f60e167a477caf6b19a

SHA256
456b95fb565f3ad47fdb908b87450f6d7cc1f2e22d4fae6cd904b9149d1af7f8

SHA512
6e2372a1fc9747b9e2642c629c18ff4ce4630650224fa8f55dcc7f61b88dc868c48151ec2bebcf2f8e9bda56ecde99bb5a72836421cf4dfb3aa03ae284b37c4e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
5ea599b88685921a35f29a59c8b8c57d

SHA1
535b6e30297dad72e9b6a5f0383f10cc7694aed2

SHA256
70aaa318aa124b5b9b105d0d47f1416cbec8b155c05248943b5aff7bbadc3e4c

SHA512
9dfe76c240b44f94ab930739ec92acfb3eb8e3ac60fa3a3af0447990477b5fa69f5ce60c49ba22ea9149f5a609c8231ab93f4eb7f951d8cf620658fd0ffbc14c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
e953e70e0789353e4daef50728efdc8a

SHA1
8fdc206cb675eab81e890c5dc0e2099b9e2a4196

SHA256
88f7311ff98e607af2746b8bad490b251a447cd331f9dc726fb83d423ab35550

SHA512
c601f8a0e0faa9263a17a90f0adafb86b8265576ada3daad8dfce417a75fa63e4bd69dcc1a828a0a2ee69f3e77dd3f8cba8ef45f5b4bbf400f8fa3aec72e7ffe

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
36bf038b12a29d7f86a97779c9724b58

SHA1
4b4d27a6ffc111901382060a4ac74b17806f95e8

SHA256
f2fb6b89b104c1a4bc5e529321f00b8a9432d0482583aef6230c1353b8738035

SHA512
6fd1759b6ce4d888e2eff48007e20df512f9259e222105fa3ab21132b4d546346f2bd396ce95af6e8b0d9349231ae9fec118ed322fec85008d4216cea02bc66d

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
e07e45200d4e1422506d78924dc9bd6d

SHA1
f29bce53b1a597e31a75135d80c2f2f4c523e4b0

SHA256
0949dd833cde917096986af47a1e93feb3ab9663651c280095aaa3c2a35e408e

SHA512
6c2f85f4a02bbd2617783e92c3bb6bbaa92b8059d5b3beefdd62d2948077c7d7f8e9e0f03fd9dc880e59eed599a11eaf3ba65afcbe015e848d3abf684ff2d0ae

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
e14ee14b48163003d36e93a1932c8151

SHA1
6e469275f7240a3bf2b52bb4b314134a3d718e68

SHA256
3cb4a8e2ab6e6730b7dc14eaec6e6832ee07468353eb34882c685be79116fdd2

SHA512
e942d5040c6157853d438248e5ba25e2c4b01e13592d6b48c078be8454af511bc4f5218e75fa2e73bcd0ad079ab34510d140515e10f191ac10f5a7576c3ee6be

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
b8cc2785a4cfbae7a420ab2b856b1132

SHA1
a824e6abaad599e3cb5d95114c29516123a0393e

SHA256
e404f12cd404dd83b2e3268691b51722558812f5a6de07f3c12c6d4d33c344e3

SHA512
6c585b173398e7662a818ee08fc31273339f75524eb6b5b874c83333d9560c25c2e43f4bd69ca51efcd8c911aaa6722773d7e4f9ca91be34d67ddaa0f562c5ed

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
d96cd69f00816daae412b4cbbf325b03

SHA1
25201686510b14aa2597719bff5e7d366b3df5ec

SHA256
a1482ecf88cca9edfffbbb269052859e1bbec378b43f07cf9d2276ac203d23de

SHA512
f3588cb125639acbfb021575f9005c4f2e993e45a85c76c3011411a56d7808c387c67bc4c6f1dddc12bf0a43ee52cde1adbf5298e0046eccf9d5587c6bf8f5d8

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
adcee114cc2493b49e81e056045d3b5d

SHA1
e1e05f219b76a5c9e9db3f2b081a70f265eefe2f

SHA256
613d962141a86d29b737665aa640a87288e7aaf818bc3bfe75eeb67b00d1547e

SHA512
0ff3b9d6594ee06548d44d0ac6881a3b5855ac431cd08b48cf63a9f83adb0f6588390d35e22278a59264ff05740bf7e262f1d725a345566935a1757be0073082

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
f5674c3cd43ace1d795f4c3cd2b65145

SHA1
96fbbe36a7f1d308eae9d9b4d2fae980d1e144cd

SHA256
dc21fcd611714c60a6afd81503309a9643ee09aa5959c691e414df19bf2c2b44

SHA512
1f387b24dcfaebaed0d50c33f418416694a0539d9d39be758c1be7f8f8d6272fa130a65dc3e0a21790784d81a46cbbc76d0e49b6ed79bb04e9cc25dede314afd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif

Filesize
49B

MD5
2fb408fa4e066829075e6dfb2619464f

SHA1
70c0f86d13275c907454c37bac1299f3034d7bd0

SHA256
18d2e0ca13e6b8d7ba690d203b3cd2fce231301b59388de6da59cf697c331450

SHA512
e95a3ba73a2a432e51364dd4dbac30f568ce8b39022c120012ae7fefb94e0a922a39897c8b7861b8cd5ebcb5274ddfaeb1d18ad9c67b7eed8721b28417388a04

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
2e944285ec323d9f65efb8cab5e7edbd

SHA1
60735f87eb93f0c3771947f9a715bf5e2ac800ea

SHA256
8a0d3c01487bec9e1080ac6e2b7b9239f0164a373eaea1810ccd66ad14b62c94

SHA512
128bce706e583df12fb9cfbdf44d9470c05e25faef9169fd64f3c723bd206298bb5568d86cae5d27aab5282d129ad54a4b75634a60f3687d41314870de1ab243

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
5c3f6ccfe25da62ac17f45c69a1075b3

SHA1
9f277ee2cd3909d2cab6f825f1faef798f52878d

SHA256
7f0f92212bbe3d3337b1a949f30e0004252029279232eec8d4a11673d5c1c352

SHA512
aad64f4d66547a1921f3034d40544fd01c0c64af885d8067ad7c8c8d6fc1fd8347d177edc1109e0ce3e69bb77687e40da528efff9ededeb33ce85030a758ca58

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
99619c422c975201c7cd43a8e0a013d4

SHA1
4fa6e288efd53547787ec29979921ceca5577faa

SHA256
b41d5736473cf79e8824f4b69b829827f3ca0da418d493bdd11b65db18e73148

SHA512
7020e3addf9acf65dc7d154c6dce5b63cbe7f28eaec0cc03f5e7d8e1fc6fd95b530e1858d0ac7b69663df494a0d6ea0dda15d608705ce95d5188753dc55bc9b8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
2a618aee250420e63005e7cbe50cfc17

SHA1
0ef0c84266eb23945141cfe02e54eab358a46c39

SHA256
6ffc5e556c1d0ccc7dbba4dd02d22955942fb5a3391489aa8cb6216d74837bae

SHA512
c6cabb98fd551345cf625bd79d7e2a1e691892b4ef937ab35326e02b4cd9bc7746322faf15409612046cdededa5997b6604565b7ec7a1892b46ebb98dd0d828b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
c7ba9291ae66425a8f6c1090c88b55a3

SHA1
97198d797c17795a88c19ee312af79531e5fbe5a

SHA256
84ac479761f6dbc122d227ec04bdbcf11756377de65a100a0c85ea3f3f960bb6

SHA512
32d89f4f6e13114214604ec39a2f63531180ee6baf4f9431dac1f727a8b6c02e840c536514b8da21e17d64f37ac42f57e71e0388b2306878d2cd5171009ad880

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
fc4be620482159007d894a1c26703836

SHA1
289ea8a8e2e25a0495f0e466801ea96cb7b961c8

SHA256
576f86c79b82a04f8a834047e9159cce012f9d238a4362fea99e9e7bd66b69ae

SHA512
4ecc4c17c0436c81c235f1c9d5b0ae14dabc7aefa0d2a93c2ecefc2dcf32b5faf338519fc69d20d94205acbe1f62d3e1b2731dcfbfe1f1c28e27438ca5dbaf58

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
1f97be4f96d2426e13758bd07083c958

SHA1
9877d575f9ef8dfd9229c0ce91a1748bcd5e819e

SHA256
18fd69915ff0cb31b5501c4d6c494ef18dfdcc77cd5859737287151182225af0

SHA512
1115ce3fe225128f222f115d40e51bfeb7464f9f9f3e316d214f89a18cd99cadbdd271197af5cc7ed097548c683ac3bbe12fc24f0e205bacec8b03e43f9f2b96

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
f382140e505f7bd65de5d5df8e37be1f

SHA1
dd1de6098103fdd248123de7b9fe41cb30e79cb1

SHA256
62d3df20c3bfbc12f1615a1eaae78a615d6cf18344902d4c2b5883e9bed3f0bd

SHA512
dde6ff645c7762804b66acd4247ad2894f6ab2e106bdf668e1233010b12ce1b76c0e18f3352e3ceb4c677bd2d8f7b2505263414fef66c8144fd3224d2f02c6e2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
741472b65d1b1166bd0bf64c9ef2115b

SHA1
725f9ad578d46a43cdb6a8fae2ebc53ac72400ea

SHA256
c370948998a9f55f5015506bc957843534de58a3a7361be5add55b136c19e21e

SHA512
99a4ef81257a6202af543216bada82e741b48ace7dfd493871dc5d41f8a8d3d0236c85eb258c93b04772c8cd7138356da365acea4123514bb002ea8a6e235703

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
52472307e20f6d2da14d9aad21f064de

SHA1
3b7cea3028d93ff53c9cad3b3cb0f147ef3825d3

SHA256
e8e533225fff301b03101053450a1158ef5048750b1e4eb154135b8ff54e4592

SHA512
41fd972201339962c2d689fca93b9b30689077b82c282642107daebb19331529ddd14db62c842809947af100e6d1058bdfdfed02fc7f48e6361593b23c09c499

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
6c700b1b514649be6eaa66bdfcf7406d

SHA1
aa3d09680c77280ebbe146877811558d6b791c4b

SHA256
ef3c66adecc3bb03bc1da1da730b087e23322a7846303197aeb74be406d1cfe7

SHA512
3bd017823fe2c6927b266ec197e63bb31842ffbd1ce386e406d050d065b44dc4d3878ddfeeb8bf6e831a40e05fddd60b4964cfc46f6f41782606bb81dc42ebaa

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
3cb2b6776ab9b5989fada625e04b879d

SHA1
d1cd71517ffc2aa855929951c051b028e492bdeb

SHA256
ac6eca520b9205efa3f0faa14dec35814f91633c0a12c7dcab091e580f3ffd44

SHA512
5eff46667b5c3e3e80d3cf6ebb97fad1cb2a3644ac553658e710ec39e35b698f659269daa0120a21a1400a4a8e1687d7d9d7c2e5ac103fbeeb2b9fb715315ffa

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
27acc2e6cb6d0b011d5af6241fd3bbb7

SHA1
b3d1b0a001b1e57bd7ad1d270ae6dc290675f9b3

SHA256
b5bd44f70e08027d5d3b4c7abf9242977414b62b8ba66f86317ccfb78bf32980

SHA512
d13ba712a7a9c8e02e7ab49116dd2be96b2ba8ff9873a06220d8d605474f1c5419a0f84b4172d9836d6b9670680e9c420c07e9ad8f4eaad30d782b5fadfc5637

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
e20209e8853a021f8ec127d497bdd691

SHA1
8a382179e8ae0c9f9045cea6f0efa1a5af8c84c8

SHA256
224afb30cea15171bf6528f3b8f0572547868c32e9dbc02628b0f4185c6e1644

SHA512
1e72d676efc77f15f6302a35cb17723e644276ce336d714b534337abee5d88d58427656ad4cb8c8c62cb243ac63b2411b4a7fe2207bf4df4f234cc1d4cf6c93f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
f1deb536b6b877ee2f236dfe91febc42

SHA1
0f2da22adc2cae7fcb8aaace1f72caf6cbe1652a

SHA256
1bbfd901eca2750a1b21de021bd40802b04a47f05130b69f957a046609b13ce1

SHA512
3484c5241d8cdd807ba3c971a0dfc7b0d006e3747c02467525e686c8d75d1b7e2bdb08c44e025373e44adfac1ef7f514aa5c7b6ecff5b32dee6726398f337b68

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
05efa571f8209bb3365e8fffebaf8552

SHA1
2248259131e6c6a155be76cc1c02d98a67175cc4

SHA256
2942b94b0ed1663ffa4d83e3833a31a7513e03005cef82437f4449e5390e1698

SHA512
77a87779e66a7add74b93491039df6e7127713b57f5973056edf186b5ec85b36af4cc72ff3b4572d6503cca31a9ffeda6769be8db7109727f66257cde6bc0272

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
90e674f8fb0622765af7662d16977577

SHA1
7a985846c84209f67436f656f81c40f621fd628c

SHA256
0ebba4888c3dd12356d7632dfddf6bc94a04f6d7304b600f9b891c1d07b7fcb9

SHA512
9d64cd99b4fa1d3c774dbb82ca19b803d59f3fadbcf136ecec65f13b220da8938b90bc422481ca3778b1d137cbe3e744b5cfa5c6e1ba037271ec7e7d25ee14fb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
5e8804cc7c1b2dff15a8db923e39a4af

SHA1
fe2080602af1543bf97c75d5050e2f24fee224e8

SHA256
e4049155c0f92ebbc8cd27b9e322ecd58fd3d498bcf4eb7df03a0ab4f3190c3c

SHA512
7007efdc0e1dedd648048a8177bbd60b8d17ba4ce47a4d2586b0bdb9988c662cb8b5c76a46fd6d542402f04e703641978f407c5e5bc76b472f2a6d595d6a4e5d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
40c73a5486413ecbdb9e4c681f6b7b77

SHA1
2950d2822f261a987150065b835a3181959f1820

SHA256
ea71a9f60b1b95a1028b18c36f6b66e8670d12061228659672fc3c74bf9c805b

SHA512
2e55e4be55e9baa68e04cbd2dc3c54bf2ef3194c49e15bb0a259b54ebc9da0d6f882d54ebceaa8723e7e0554a4c3df937876949678546e036c918c72041bb2e4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
9c3198e6af8a8d858d8b103a4bfb57da

SHA1
18cd5a0850b0d5ea7aa311c03acce491cfca8bff

SHA256
e3acb14dc395ea24539af4ee6f1113fc97293610d1469b5d6642edb0f11c4527

SHA512
d1fa34bfe6297b70e35c79742c7583e0349cfbfc07be92e52b8203f85d095fafd41ec1945181d4e23e573cd6e65a9965465eed36f46acebc18de78a5eba4e89c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
54716e0c481842d18b04eb7a37fdb042

SHA1
643440bfc604254c1dc4cb661f47579b11bd8f84

SHA256
69aaa359e7c96677c2807c49fdb06c46240952c50b79a2b5b7afaf320e39742b

SHA512
231307d842bb31ecf7a8dec566364c27c29d61b3632514cc54710e71adb346766246857bb91046bae86c1eed54524f17a74768153b3710fcf35bfa92b4f3d00b

Download Submit