922fc59597bf515d542b5f928fceb674d3aba5c071d8408ce008c9eb56b3c411

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
03-10-2024 04:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
Size

12KB
MD5

0dfd45af14c6abff59e905ade61a4b75
SHA1

6ad311da73780d44b3a9010743729dfd3bbbc24f
SHA256

922fc59597bf515d542b5f928fceb674d3aba5c071d8408ce008c9eb56b3c411
SHA512

6815237299cfc8b36a8e6c1f1652a59ffa2a55b8d4cf83a00ab3372f910ee73738607b08cc7b2c88ece3857d1ae074d641ab492d0dd3f51f29c0688cdbf09781
SSDEEP

192:x/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjaGpsHcxUw4h+lfPtRM3W8r:xebFNw4Pk1itKkpAjjJs6B40W3W8r

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2205) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\UVF4G43eJVcNx5Z.exe"	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\umbus.inf_amd64_neutral_2d4257afa2e35253\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Line_Editing.help.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Core_Commands.help.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_For.help.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netirda.inf_amd64_neutral_93a886f96cea2847\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_neutral_7499a4fac85b39fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_type_operators.help.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00a.inf_amd64_neutral_d64d696193e69d7b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc002.inf_amd64_neutral_fdb6f2e252435905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\icsxml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_PSSnapins.help.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_split.help.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0804\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Documents.gif	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\001d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsupr3.inf_amd64_neutral_8416bd6e64a8e858\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_History.help.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_hash_tables.help.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00y.inf_amd64_neutral_64560c72e81f6ad7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_History.help.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_jobs.help.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Quoting_Rules.help.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Ref.help.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_c86d6d5c3810fc04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph3xibc8.inf_amd64_neutral_c93e7023ef90e637\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-shmig-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Command_Syntax.help.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtdkj3.inf_amd64_neutral_7e1053ab483310f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc002.inf_amd64_neutral_fdb6f2e252435905\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\hr-HR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Ref.help.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\com\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmntt1.inf_amd64_neutral_ecf5cff2236b273a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph3xibc0.inf_amd64_neutral_c24bcc939e6dfc23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Foreach.help.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_neutral_59c2a018fe2cf0b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prngt004.inf_amd64_neutral_f5bf8a7ba9dfff55\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Msdtc\Trace\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_providers.help.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_parameters.help.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky304.inf_amd64_ja-jp_1b1a158086a263a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_scopes.help.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Switch.help.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_wildcards.help.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdm3com.inf_amd64_neutral_11abcf129a29fb9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netxfx64.inf_amd64_neutral_3336ecb2950fdc45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_neutral_d834e48846616289\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced.help.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Assignment_Operators.help.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

Processes:

0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_OliveGreen.gif	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\slideShow.html	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Program Files\Windows Portable Devices\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\info.png	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR42F.GIF	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_hail.png	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous_partly-cloudy.png	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_snow.png	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Program Files\Windows Defender\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierUpArrow.jpg	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_dot.png	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_lg.gif	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01304G.GIF	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR39F.GIF	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Country.gif	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0314068.JPG	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14579_.GIF	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR8B.GIF	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\drag.png	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0386120.JPG	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsHomePage.html	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Empty.png	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\PREVIEW.GIF	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101856.BMP	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01838_.GIF	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\settings.html	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\Whistling.wav	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\DataListIconImages.jpg	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehvid.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0afe05b330213df6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1bb7ca9a06090211\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-where.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b00593198fcde668\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wialx004.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_fee99e746c6754b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\7111bf18edb7bf9d986782131f797acb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data14bed3a9#\d0c8be245fc6926e7a71200dc2b288af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft.windows.s..ation.badcomponents_31bf3856ad364e35_6.1.7600.16385_none_3868158f24725705\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..m-starter.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_31d69fd49a565d8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-webio.resources_31bf3856ad364e35_6.1.7601.17514_de-de_b4aec85c606baef5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\9c17882ea083259c36cfd691f7c0835b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-onlineidcpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d8f8c7814185ef16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_caspol.resources_b03f5f7f11d50a3a_6.1.7600.16385_es-es_8249688aa2ba4484\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.windows.presentation.resources_b77a5c561934e089_6.1.7600.16385_ja-jp_f9695734a1f3cec8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sxs.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_942a56fdda1ae10d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\SQL\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-artui3.resources_31bf3856ad364e35_6.1.7600.16385_es-es_82583fd218068515\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\inf\SMSvcHost 4.0.0.0\0019\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\Speech\Engines\Lexicon\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..i-asyncui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_923819df815cdc46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnbr006.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3f38b728fd621829\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..st-common.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d0db429429b01e85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-desk.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_89388c75972c65bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\system.servicemodel.resources\3.0.0.0_es_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Vb0a86591#\3b0716755fe4e8ba470d7efdc72647d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ifsutilx_31bf3856ad364e35_6.1.7600.16385_none_732019dc55140879\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..minsnapin.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_36dc5da3b60ee79c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\38.png	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..xe-common.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_004cc06334496a17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_nb-no_5d6c66c9a0867a80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-inetres-adm_31bf3856ad364e35_8.0.7601.17514_none_676fa6ff2574fdfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_c8b8ba7bcb4e2c66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-e..atibility.resources_31bf3856ad364e35_6.1.7600.16385_it-it_129f6fadafe6b543\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..ntconsole.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8de57552324e4cf7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_functions_cmdletbindingattribute.help.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rasctrs.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1c236de0f7c0fc1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_smdiagnostics.resources_b77a5c561934e089_6.1.7601.17514_es-es_4968f0b13f1b1858\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-runas.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_542c3061536b37f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..rotection.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_61f71b17e44e8a82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dxptasks-ringtone_31bf3856ad364e35_6.1.7601.17514_none_0cb2f60328a1fa24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.1.7601.17514_none_2cea21bae0074c77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_averhbh826_noaverir_x64.inf_31bf3856ad364e35_6.1.7600.16385_none_627d53d0cd5664c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-live-services_31bf3856ad364e35_6.1.7600.16385_none_d581da42ed22b22e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..onitoring.resources_31bf3856ad364e35_6.1.7600.16385_de-de_554d490e2e88fc1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-takeown.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5891762b453a25ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-azman.resources_31bf3856ad364e35_6.1.7600.16385_it-it_fa5544fa4e40e5c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\novelty.png	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Design\d42a48a3e73b472a80d0d44038af89b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_04846decebf43c4c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..anagement.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d84e6279f543e58d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-directshow-core_31bf3856ad364e35_6.1.7601.17514_none_04963d500485b5cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-sos_dll_b03f5f7f11d50a3a_6.1.7601.17514_none_e84c1ae4b77c1765\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Festival\Windows Hardware Insert.wav	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-atbroker.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c2f95836482e8625\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..emotepage.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4398b5665d43d05b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Wind412bbddf#\dac48ed7852587d900eb9e2eb8fdf32b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_de-de_61da96604705f464\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnky009.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_73fa25b8d4de1e75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-msxml60.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3bdcee47d56ca31c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..-netlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2f99db0d8023bf41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-g..howgadget-ondesktop_31bf3856ad364e35_6.1.7600.16385_none_0790637f4328e8f9\slideshow_glass_frame.png	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bPrev.png	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-international-els-core_31bf3856ad364e35_6.1.7600.16385_none_87ed535795db6e8e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\1041\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-class_ss.resources_31bf3856ad364e35_6.1.7600.16385_en-us_402475c83c3d6193\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TRDYXRSTSKKVKGM	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TRDYXRSTSKKVKGM\DefaultIcon	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TRDYXRSTSKKVKGM\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\UVF4G43eJVcNx5Z.exe,0"	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TRDYXRSTSKKVKGM\shell\open\command	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TRDYXRSTSKKVKGM\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\UVF4G43eJVcNx5Z.exe"	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.DrWeb\ = "TRDYXRSTSKKVKGM"	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TRDYXRSTSKKVKGM\ = "CRYPTED!"	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TRDYXRSTSKKVKGM\shell	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TRDYXRSTSKKVKGM\shell\open	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.DrWeb	0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0dfd45af14c6abff59e905ade61a4b75_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
369B

MD5
f06157607e9f35e84c72b244e23f40d0

SHA1
aaf3649f545258c3decd10023e8a4079c9ebaabd

SHA256
965e4effecb101010753ce545aad427a9a18312b14294269b742c4fa188c7e28

SHA512
d67e9f949f16b034ac9290f2e4b44eeda13a0331c5c8e3921f80af0df6d496d7dadc12572aac9aa7496788d834df420e9d371850a5a958b4b812209d72bb20e8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
502291ce9986226972d3f4e2fa979ada

SHA1
165c42dc269b198ce4af3c94cfab0fc2f0f63e85

SHA256
c1dee6010998f4b303d73f52c59cb73e91bdaabe4cd6a16f49d8f55c9d4220bb

SHA512
60442c7ff4a2230c4cdfd01dcea5da1307cc3139342fcd8c881e23b3ef4506fcd46ae87a1e835b59dcd9cbacba76456f09c5e0c6ee709776b382d32c0361817e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
6a53551231cc3361855793e6b9ca19c2

SHA1
01c4d809bfe64f7a4770485a34e03a16c8a4281f

SHA256
7f33cea15a05f5ef4e756477f7ab84d5ea47c111ed884f8ef11585bbe28d782f

SHA512
fa64bde4da08a95a529a2b3fa9ff6e79d3300f6f6b5d8e1795404ee3874076d101c34524537d4afad3e195bee17453a0c443ae799865311cb51fa4372755af72

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
c5b7c08e3fdee99f7028f39819883a4d

SHA1
76f7a1eabe62e7a4929559798c9d6198a46911b1

SHA256
e304738902e50d1bee3075f1c1e29e6299a210af00913714cb67db4b1f93c85f

SHA512
157427a08b07a5e4544cb0631b34ffeb04aa9c5869b7fd49e92c1ea491b539974774e682135d122ca82bb0a8b3ebbe43893c1f14b90b0ae4a908e076184e965b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
9ef6822645ec57ed18bc7c1a7d7e9944

SHA1
6e3da447106e0a36a0534634653b295a6346fe88

SHA256
62ccd1f785d41fac2e4530ef497165c8a28fffb9702f9cfeeff709f57c856daa

SHA512
b6c8736ba5aaca0fe3108f7242103030f771f9b733a27a287dba558967d220994090bd54aba1c8c9d4f319cd9384bfbe610c32ef634d80f463cee2b2f2466956

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
e150fb29d3e37bf0c6bf585288bfaeb9

SHA1
1a32f2fc65f3b5d656fb7b80701db3913204859e

SHA256
42903e5a72e50134fb1a28c7a359c16e0d9c3679a60f52996c811654e83f348f

SHA512
ec2f34d2808e1fb3bb41cc4d92bf7b44559498605c6576c31ca75e06688ca52e421725ed580c6c2c1713eeae86cda226d85ebd7bf101aec01bbb5b8dfaebbf10

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
ff8644af61ad520e4ab05a47605fdf8e

SHA1
d8d8ee11455e3b41252ada6dcc26f36ed62e7c4c

SHA256
47e5ff528d727875382779932f667f00385b0f180fcb21c0592889a747320587

SHA512
1bc97c6ddcf93c28ce1a7d9391945ff3fc747d94705e4f1fef36714c8c6ebb83c3d82a20fda65d67a6c14ce5bd8b6e1fa2298d80c5e19a156aff5d43235533e2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
efe41ed4b9171c33f145145ecdc9d79f

SHA1
d4d38e695137bfbae1e611945a7d70d68d0aa494

SHA256
dfb01113ecd121acd4e5ed5f6d0f23b53ff94cb48f06c6c8f26a0aac543daa66

SHA512
3b2f7e7a28c7f2467452fc08cfe4265919a2538fdecbf991a5f985fab321e12fd5c0cebb149df2bd8f640fd22cb2fe1d44642321c007cfe5e271c34a71f67346

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
59a635eb45e292b4395bd6782d88b783

SHA1
e3c177f385bf8f24a0bcebd6cb07437ef6ae25ad

SHA256
abf596df40e63801867364a7ac466edec42ff7629e152c6c52c5dc787957c761

SHA512
1947af5dff43cc8655a527c8d3438632858886a00d400c11e813b610c5dbe6e4e432b9e898d52edaa88d4cac61c7872ea463d248e2da5a5e1510057769fd4889

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
410e77b62f1f27292146b1df44d98c3c

SHA1
d387d366e34d6adbb069a7191839793616666a9c

SHA256
1272699b2631727ce09ac5a0bc099316ef85d94b55bb1bff85946ac959efba10

SHA512
6ce10f617865f4a86f90abec503c8f5bb8b3f7115837ee40d2ba9394b6b712382578bdd08dde2e9108fe4de53c1c9604cd510acfd88434eafdad5de7ad9a0aec

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
ecbf2e378cdb181dc0f2728f1b864938

SHA1
90761213aee747199ceb3145a481e464234dc72d

SHA256
b32f5bbf3f408c65be76222524430a20b47c5a10433043a9d9b7e705e3984a2d

SHA512
507e028a8e612c8476539e1fb143c968c2d8cc5cb14a5a8e4beb1c752022f1c6c24db2e2f5d5c0698c6c68ae712687e5eedc878508ebdf3c4b5268a9f01650fa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
69f7f09c04101d17e320d7276b1735be

SHA1
982fa43bdee8016c6206dbded33e1224e162ad72

SHA256
88b3ef9d10b1670b874b28cba79b7d9bd1a4755e8c3a783a76342e53d06331b4

SHA512
edabec45299a32aa19d2aabe6005141fcaad644bf063fa759bf265ce68420ea22ab3558fde4d515cb214bddd9fcc9f3cdf241a4588595d189f312abb6cba871c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
7115783711757e195a8310e283c04f05

SHA1
be2c45695542986bdece8a5909e8cef5b836cb71

SHA256
4134c5c06104c90398bd91e6daba302e9992aabd6ed1316b6602fe5a21b1ec14

SHA512
ac282a2966e110a608f6c133d046873de570961eae8ae6fc122aa6c02b09a520cc76e5fa93b2d05f5c015c87498e4dab2a3d84185cd4fe75b24f11e80385ab46

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
7ff95d26954e1fb0ef5059a41c634efd

SHA1
66f2d2d739adc8b8cde87c07b027a61c0696c328

SHA256
036037ad2687eaa037707d8dcda280887fcba10c68fd4fe98ed831cc70be16f9

SHA512
3f8c31994aba0ded9e45c6e13769bd8e9e5bdf044ff1bd62020dff0227077b063c81e28678636d18f41237502912045f97d45e8496e3abc2c8350395a2fb99e6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
10fe6d5fa70128541da50e45a5bfce6f

SHA1
e497eaca9c3ed714998bd9fd659d9b7637d4a0a6

SHA256
80d0ae71f02c62e0698b1000e508d49fcfaebe5b333f6629c86d731d7ac56f81

SHA512
ca3fa8c6454b5ec6ae34e342190391d88937bd8a9fbfe72f8d84d2b79277916d91db2a973f5798413d463b9aa9052ff53d36681b744bc5a0fa8f1a382ec0bd50

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
dff0fa9742e8f803ed8058ac85cc80b7

SHA1
21c112da063d7efd9783f9fe886517d70145d9dd

SHA256
5840e3edf4379b2050d13e3b6171689dbc73dca20c737f57b304ca28fbda4a9a

SHA512
1b1c17c55febc4ee9dc130b2b82cdaa96b0147c02af3f84ff5a84e6cfa58694a3b09e9de39cf6e2549f02b53a1374ec64afda48b031ba2005f4e3978d29ce052

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
de1953c5143344167335ec1f4d689fd1

SHA1
0a035a37763248682d993e636f72014d6720f3c7

SHA256
af8d2f9d8367c7833f4c9f0af6c627d721c50399221d018d8947b53a2ebf0012

SHA512
1e36f6b24966c7e578101834f40a04ece73ce57ee0d8e8780697bcfdfd0562b8795dcbf96b93649e52f10d852d668220d74a10875bc83748c793b7fc198e720b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
b3044086736e79ccb05b5bd4ad10aa02

SHA1
abf59e62ae37c28c8e912070879253b4d103fd17

SHA256
48027b5ec2de77725e41a844ee1cd22123190c353171c212ff71b1aae75e9026

SHA512
3f803b3b25c4b41786291fa4b9ee70c4b64a90da824ddb1649f9c1cb2003b1a5b42de47a6bbf5b02f7be7381e4d85cc10b32bbf0c5ca2c8d715e03c971c82e1b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
2aa9ed7131301fe11aa5d641b74937ff

SHA1
9b6e9090fa5f8b862449720d2f5fc7c0fb17c445

SHA256
addbc8760947e3f535549dce2393c8a96af4663ed58365a26fe2f650fa94f916

SHA512
f1d9d074cbca2a5501bf6d9f2c44e376bc0209149f3318edd0d5a296f8c6b0b9e49b23af4aec4b3c3c48c787cc930d0f4dbf3902f38469bb630b5b2b73b57ba2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
25b7c9ce35c21cfb283a9dbaa388e2b0

SHA1
8f5817ed2beebf8eacf4003b3ccbc9334e815ba7

SHA256
1b67dac6ab7246c9b2ad40fa1fc0b9e693577e36c63cc4155ef5e4bd4eccc267

SHA512
36c9fcccc41305f2c998cb2fea8c42a4683975234e23c85a7d8b4a5541f0b3cb8206805ef40e81f921c903a0b33abdb2c12c129f9c783160a0c1d2b5d4528bae

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
8a6bd8c59ee21dec9f7970d23f4ac4f1

SHA1
1ea0f30b1d5d221e26636fa95da6c2b3822025b0

SHA256
a60b51cbfa33a610ab5abfa2b9fc27ae04d7d158876a9d33a2900580753157fa

SHA512
b4a8688c3f70d22efe68de9f911e96830eae1dad5204711251df6d2d80639f5e3d9091f0cd0dc3aac5e467f59e771a0bb0f3afef90e10625ccc00fa3b9802d13

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
ae43e18f0c0f74bd080ddbee83f93ae6

SHA1
dd9c9cd525c431444188bc1ee55b09547d68c0df

SHA256
bc9fb98903ebb8ba44e556923aecba2914f1d5b89ebee482d3af1d02f550cfcf

SHA512
6bd49aa550b7f835a1eb9cc40ba553e3d364959002fef7d030a620caac00b8418e110976080fa6eca346d1821c57dfa807b086f63c30567f64b90fcdfdff2e91

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
236eaa812baaba3d26c86754ff1ba2aa

SHA1
30efb8e02be2d6b8c48ba039ff15d3487cdd2422

SHA256
46f874294a40b16ab237c505815019e9a901d76b5c4a278b3f26533aa98539f6

SHA512
7007e319d5161a92301cc33ee237faf6dc445b32b2e728c80fc00fa73bfc3c0bcc6fe588f53b19300bb5e88b024bdd06cafc2d1e6ca095a029799bf802e84e0f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
65026856925260d381c88e24329d8197

SHA1
2722bb99acdb76cdba45417c70af6fb4454a60ff

SHA256
08348dcc519b49493346c1dede009fe1d6b76a95658c407d2a0624532982bf22

SHA512
4817a12fff0c8999cdddf47b52b0a9fdd4ee83713381026fe9d4fda8b82de6c89e887fa72ac20ca77e5f009463c88e57506e30a384a2be21c54fd22cd278f3d8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
0427351f8324e5726033e13692b36ce7

SHA1
33a5a19e12de9aee44c2a3e0397464f57ad61921

SHA256
4491fea04948db2008c420f11add6685d40512a5bed29b3573956c46e0112afd

SHA512
3167479fd8112fd4f51790c4af8f78a448ce7977ab5f9f8092400db993624ddaa414c60e68594226e5dc9617867d94b70cef32b76a63f8516c3e83d36c7a0b13

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
8097334e3ab0942256699b373f9eedfe

SHA1
63e306a823a12e32c1917d4ce7658e70ac092f91

SHA256
58fb937b251d34e03da475ffae6dfa8f75d6f4e5822cb92192f7eccf3ef2d316

SHA512
438d5ad494885eb4d42ef77d80a768ab1dabe6c4905362814400a49b2adf589d9f68d34ecc3ee41ca11a9451b003ed052804dcb41f2c693b77549b7f6dc09c33

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
1bc89843818268cdc7f5a944a50b7b50

SHA1
85060fe83bf59cd3d18583e468a752ae59029ac9

SHA256
81ef634e12738506cf5613d1dd2529ba181ae86fa550a9f16237eaaa54d25bf0

SHA512
cc00d01830bbed5b9c4ba30484fbf55b984d6e22fb921036f9757e1912ee29d9311aa86bac0e73a7c7c095b36f5500fb6d04325bc415dcabce7d50777efd6798

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
0e85480c50dedbd8e6d1d2ab96ede5b6

SHA1
7eab8310819d2255570991508be0ba7f812a95f0

SHA256
c1cfeec2a99c6e1a2e39c761c5b3572fadbd837da6d1ae1150db30644f9df32d

SHA512
15427b65685509b11af179b7756cf38d5eeeaf972cf0b7a861a08a3d6c767d1c277927bb40faf48012c8c3b180db8169f65918c8b38f447d34e335eb362621ed

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
f038e3c8698a7a9b06c42ec6fca94ffa

SHA1
dba8302636b6e4f1dda6d55f2ab349761ad8b5a5

SHA256
7f42a7c83ce384921e051201c14790ea5fb9d2ccb570e4fe8a2e0910166bb201

SHA512
ac8ec947f9f7576c20a82e5395318452685c59f9d1fd0e0299d0185c72d4292cdc7b53ccd14d60d6217f194e76876727538884832d0d897db6fb80e030b80867

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
62530b8f051b169116bc9dca5a47ef0c

SHA1
910a2a8b587c1dd806680f3d2491f8deb8e35b11

SHA256
3a3cc37e159650f82b5c17509aefa510f2bf3a2eb22ddc5c2b995226f91d228a

SHA512
e21f408e8b601d72eec2e9ada8f0afb53371e61adf4d9de2717b9b71a4e5351ea68e32c9d355715bcbe4520b6fba55f09372f058dc33236e7ddce6a1f0763ad7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
bea4359aea42a40e6d6102acd1b50787

SHA1
84a8bce78ba239565365a1e933c3a17e15501b01

SHA256
618a2b631eed8458af404ae8e4533efb9519c608138130818946a956599736e0

SHA512
9011ca1e4827634207933feb21385ff8851bdf86731cbd3f129ac8bfd936c36b77a488921fb0286189fea3e07ba629f14025e9db6fb9ec452d615d730c6a9e11

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
60c06351648d4c0eb86935b92b1abbd1

SHA1
344ace4e426ef2506ebed5e7478d73c842a08b02

SHA256
ece7f48427e02f341d2069ba61fd1f0a62cf841f96bd1a7cfa1e1d727d27c49a

SHA512
92f25f652b0e66fd51240c791770f462be3afde63fefaa5bf5b4ae94ddf22ff9b38ad7fe339903bf4e52cbda65f9f6f253a89380ca451fa6cef0b54149900853

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
761d2a8e95b7237e97e076ec24f477c8

SHA1
f9ffe1c4eacb7d314a4a200c25e054659ce79134

SHA256
0dbd5187b58f0b28657f1772a623c35b8559adda4dd86abd37282237ce888852

SHA512
c60aa5769bc29b0f5e1e04b1cd2de239bc9348e8742f2f33782287ece6f7614949ebbb2e3908545b53638172fb185835830196921ae299604318b1b4d65f014b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
9065e4b0e378141c65f9a9582ab3252d

SHA1
95b812729b86ccb75562abb6e51d1d40ad64d865

SHA256
b795c77ac385178bef8b679a85e8672f986988c74d7f8f8c10b05b1a5690615c

SHA512
0d251880a4a8e0da855d021e21886c02c82e97711b22789457a6bb67c31c90487f9fbb0e2ba83b5c0ce5cd857b1cedbc2efe0cd3134a3d184e2a3b80623aa031

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
3f7d26d808cb967cf4d501ce7f07cc0f

SHA1
4bccb55aad03f2e9fcbb879bac45475128ecb88f

SHA256
5140f828ad4f98c19425c8f84a2770a7015be860d6f28ebb76fb9955aef33e62

SHA512
5db3b56f75b38ae716a3674d9f80cad1278d7f54ee9500034a30832bf10eae688d0112b6f8d3a1aa9c7b9de8b580f8f3648f30f2e568659c4d75df287bf7cdb0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
fc182b4ca52e1b7cd9927791df7ed4c8

SHA1
cacc388e1b6df2bd65f9608226a8f536f84eed0f

SHA256
f9efa5c1cddf521c37d0b9342d7719169863712db5fe5ff5c080cc1a839a91ac

SHA512
22975ab8797fb356062ffef73c5ed392617fbbfe6a8d9773ddbf56a8bd20b45f983e088861d854d0b767e5d293ce6ef63892498783e0ede5d28b461bb8426cd6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
0ada3a4df3a07236a18e167b703def97

SHA1
34ebc623ef898131a551e06ab3bad6081bc3c4f5

SHA256
eae2bbc37ebef5ad9fc89d17ffafb7d1a5f21eb92e7c4a89cfc5f02da45ade5c

SHA512
c326a1d154f18592c23497e7459d9956f769d9c4355d7e65fa519bccaf6347cfcee0156b0f6479f6bdadc5011692011799330918bfee7f520c87afc0e2bd45cf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
7bf9247603e03d59da87d96e97175bb5

SHA1
9f615143f29bc75d4e5abc1874d36bbedc6941c8

SHA256
1905fe2df19ae678b5691fe8ad960beb3457e4b88241ae62a0c7d826a476f57a

SHA512
41cf3bee800beb05e956f8affe203a413b8dcf945b723371aafb68815a0676e29f3550ea689354fbaf47e1798f07d4a7aff826b2c65011454c5d87463f704595

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
92626946205204e1b7147a965197320c

SHA1
21374e8533266af5c8c1f4bbde7a1e4529defb44

SHA256
c4a8dd1f0e96b3a52004549ba379fb0b73c39c0904516695cad062de94965341

SHA512
87359228938b73312a8debba4a4c92bb725c120aa5a54371116e259cd87c60b49e8a33d4331a07c0b410d646f138a8d26de09594b072ffb85fad115f8dfea676

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
31d40382199fbcb2c8f14549b49148e3

SHA1
c3edbc07822de8d79c7b27b67b83091cd6e31245

SHA256
6e74f60099413a24949574e0feeba8c831eac152c8aa427c803e328bebb8123b

SHA512
7afeec4251ee1810724cab753a445ed7d0b5edf9575e6133b71f6d7f3f91fc5038042c5f6c5cb5a1b01ecb4ea5579dbf3d634f20050b851d359481df335d7ed7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
253dc889466ae6b647bbb68c35337ed7

SHA1
befa8786e2155d0ed65e321e7f2394dce202ce61

SHA256
1ae0a3f60ade0401d687b4f9c262b28947ae88f0c85fce4e7d30a5925acf18a7

SHA512
b0a3b5c3ef43b86fef545e353345d8b7d2bd1a3f3b2a21a12207b7df20e53b17ec7509d54132b096ec5d47420fd1499b38f277f57fb2e8f71e873ec9d9ca1c2b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
78dba0ad4de78ce03d042033fe570561

SHA1
42cff2c50be17404f9e77229bef2bb89ff31c88b

SHA256
e69eff32bb41ccba625c05ab8d985d5948ce78fbb55bcfaa73434a272ad61f85

SHA512
0b91ab2777a340bc6ff4f486c6adb76af13b95d4113568213a8d7e4d5b129725a7b0056cac22024082316f4047106ce1ebf906c7a184792ca31ba733afb598f0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
c3630ec6bff023b07370a3011ebe6953

SHA1
1c4cf0671f573da94b711912c6a2b921e4ea7f7f

SHA256
4f64cb3025e074dd7706d377fed325b37a71a8f304b295d552c2afa0bcfa0892

SHA512
6113fc08bd633f7c78853cc940212bd778813315819004d7580a16dee8e979788a3d63bc8b87194d18e922d95701460ca0c42269e3e10f5d15adc467270e4309

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
d698440320b9d6f62c3dbde5cb7249b8

SHA1
f588654dcde35a3230220cf2048791ad1fa3f0b1

SHA256
988a71ce568ed325c2172703581ac6ac801229fa93ee7ba3cb19d17ca651aa58

SHA512
c0bc571ebfbfa4007bf90e9adfc6abf6d1ed79f689eee304a4e4198e75bdfbcc5c647df6bde0394c25fda69a72890a813f5e45e0217687468f516b13280c7bc5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
4ce595b90c9337a047bc3313eef85f26

SHA1
3e11a5ff89502afb15df48d5683494bbacf0fa10

SHA256
fe287dfaa904e44a874f295e19e36e23bcaf2f1810e711c134bc9ca33e97be74

SHA512
04ae580b241cd9967eb5235a45ae12677b6315d0d460d2a5d8e5f536f4b2eb6576b43ea998a2dcfde7aa72f8e23ba4cdd7aa72aeb778715035d6ae84db10d2eb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
c8084ef60b1e3d2aa71baf26329dc452

SHA1
b3df3491f1a4b971282b6750bcb5d815129b1dde

SHA256
d01de6148e605b0b3e8efd11380a34317b0173f097108fd610d512411347cc24

SHA512
7c2e23ec7104c320c5505bea2e2d70983121f9c7eeb0b6b2194637741c68df5cc2780b90ef0b7add275a7431cac234ad2ef0249247eda3f47e4f49ce4753c4dc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
368e414321411766562eb287dcf2b3cf

SHA1
e40cf8074ada2babc4c7315f0558deca27e92804

SHA256
95befebf1c0f9dd29467b1c282e540d4dd48659775d031279f08f1da4b5f2841

SHA512
f6bd44bc0b33f026cc3212932a2162fc52e9d14471cc5144fee2e3f78f102469e4a1c7fed5a181c978c0fe50d172c8b3d4d59325ed3fd56956f0c936d0d86e2e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF.DrWeb

Filesize
873B

MD5
6668aa7f696a6ee5a296d4dcdbd91cff

SHA1
eef5bcf012d72042352c5a62025cf6ec949427f5

SHA256
0a2d2ccd61995689b93fd081140624180825f7f2d20aa466e87254ceead1c9af

SHA512
93f88860c5402050e91a68e9e9934a9f32c10804cf70d1e9b9044ddc09fbc441f2531c5f13ae8755f173e0a777af07bb8a48226b164b1477b66f463df046e465

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
2f6ba8cea2b24d0278e4226968d26c76

SHA1
513378e60d68deeb20c5c6ec4ebc09745e77839b

SHA256
31d9d9d9929c6c25f5e3d3de935fc72894d795e1756650648c1fdd56d5ffd84e

SHA512
b51debd11be031e31b69e105ac7b0edf8a89aa6a77301c9ade67dca4a3f35f4963e26155d0a987c8f0a4e4319ddbbf329ab7a2028e1012fa5d0f65e16290c050

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
4a94531e5b3215f6bb957a6daf0f5729

SHA1
d06c352d725056917cce0e7808436998478ead09

SHA256
4e9500afa818f51e7229ac573162c1f1eb6c642e5889849ac04877851b61f7bd

SHA512
3978990144d2bd0cde85cbf848ca0f69024f4f12b9135935905a0eae00bc7ac38534d764dd8abd2cb8d5a0e091323e5a748fb7ca5d4483518959042cb58a3c5b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
7700abcb0145bf10128e17ef76b13a28

SHA1
7c91475ce48b2f39540f79a43b4a64dcb308b088

SHA256
89a811adb2251720297c6f4b250aa9f69dac65c8bc9755d95b7b23d569931ddd

SHA512
fafc4ac3c44dfebd01cc919897bed8546f642bd3929704bcd921fb479e630cf965335cf430a13002b6d72ae713d261b8c82a809e2d79e6da06981218b6ab770c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
f24cee74db2e4102fc1e0292c763615d

SHA1
066bedb3e9c63c3f0ce3064b219a4e5132e7630e

SHA256
a85e97271db67678da6437dd7e18e440d1fd2ea640c42a7f816dcc7911465c05

SHA512
77b3ff444fdf551308c5a9a2d3e44613daafebbe165dd84f731a01cd16880f90791c91721a1b98d307ad26544821e9f7fb2fe1e7736d92d6cd2cd4ff2b82aeed

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
3500906e3e972e05e858d42cde00cffd

SHA1
bbd73fd927d22d5602933c68863ca5c850752b1d

SHA256
9bb04d1f7c133af493606736295d3aae8370bedcecc9ba29797c4dd8921a2cf5

SHA512
b1545ae70e254e5abdb091d08f4799a6facc2dc2e8583d5a51eacbe90025cf1f9fb965c08ef13323595c609570dff4836f554e2a5e1a04fe49702eb013fe108e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
d1c7c049c819ccffc801c56128e39caa

SHA1
0d27e8be51c104dd0135071b1d377e06aaf53d5e

SHA256
2b3ef87c01312b8e310c304ec42c814ff62363357b21faa82397195803154a78

SHA512
4d4e8f12f70bbe5699cda0e94bef84b5eaf4a38c7a7236253344e66e6356950b216eac73e8202284f036a4703eedeb45cc8768122720e64658186f1e1ef9f77b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
f14699b901e540d981d8d8704a5a6f90

SHA1
87e6f58733bd77152ce7620671f2babd33f095fe

SHA256
0c8ac40758a4b61f75618b1bd5828eb78db0c0d69c9c5f4bc913b3e12a8e6bcc

SHA512
0ab0fbd4251164dd45dae7b5a178f1fe3997ee1257f00fd1050dce4a521ea28befcd6e6f064077c6c6eb8d70c173b471d0e9f7ef5530b6541c00912e7d47d2fb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
2aca6dc08c1e267b78bfd219162679d8

SHA1
841e46fc75333ef8fa0420279a16e631ee7f13e4

SHA256
5648bf6f1cae2d038a0f94e3d25e03104357bc8fdd325a56c6f18395cea64083

SHA512
08f905dc1b6f947a8898fae06a35ff343f713acdf02f70a92f62e901e4d4e6a0b36399414a96a2d3042bb0101ea0a09d81ea5ca2e6d95d6e9450d6d6c70b58e1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
3dc6555a8c67f3c406a5f6210d7d753d

SHA1
d31ac02bd57770b91d1ad4c5c3c10cd4640ddc62

SHA256
15a18308c1e346d82f8909ae55a734bdd97958dcc08b8033f2446a39967a585b

SHA512
4a30c52012d288c0ac139777b0d3c0b6d4a7ec3ea2e616c9fa1ae88224d52e392acf51ad2b36df000d590ade0cce9035749edda2a45b66f246861fb5868d5a68

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
2f15b89e3ddc9e828d33119b47897e17

SHA1
d675c48963d54b9fcb0c3eb754a1ac5b2d32f971

SHA256
197998661272ac907ee223bf85416387ca7590e4e5e330905e0f3d205a0b9749

SHA512
5950df5d63fa51d057591eff057e4afd417c7972603c5eebd0fb12394f2bd5376712447cde745d3038dd2a03ef28a05afa7c7f8d7fcbcef7bea552fc88bb919b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
36dc9cf907e873f84a7ed4e4011140a0

SHA1
6d6773c18d5bdc0284533b1500f26c65500166a6

SHA256
c9d3d86f62a2cbe29cd45e8c4664c72c4b3269b2921851cfed5a01e7c69f6cb0

SHA512
5c89588a0fa14e7f1ac698433a8a038b04c4e13b81e2d6cd9ca07d5b9f736fedf0d45e9518eef198bd059fcc0815cc48d4b595ff57c3a9cde65bc7732c5c7826

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
e35f7bacfcaf282228dc13e5b9526ebb

SHA1
c934bc30a9fa6465d081faa7ee51417ace0b426e

SHA256
c702c319e84aa07a688f0e2955a8295e4174493f6d724e82cbbfe8411676afcc

SHA512
347f39cafbe490feab892a18e11e900da873b6af80273432edc6cec4d4365de5ee0c55957ecbe69a4eec4990038ec95b2b99a94a5cca17ef9de92e0206e17970

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
c33a6a6fe2c61914292ebdfb9203b43a

SHA1
d08d7dc0b5b3091b297555d229f636f3aa696933

SHA256
4836f015857d6551a1bf44c1fa16797036ac635ed8da06417eea73ff560163a5

SHA512
f53196f914ab8e30d93d123143ef645d9ac2563099f72f35b65bcfda44ed30c84c3bb3c09983103b33611a539e0ca0c763ef0458c49ce73e576793ea7f3458da

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
c56ddce61ca828365343223120a789b7

SHA1
362183be72245399751199ab46f3cfdd278e0da8

SHA256
57c6aac0102d04dd75af8164f52b5cdbd496492a3bdc4ab11c55743227fb8599

SHA512
1dbab3ce5fa8669ff04fcc16bef12f8c9b3f9e2cc4af9fc2896556611415209974ce22621a4eeb2108a72cf1c1657170398c4d28790fa78e39b7fe2caf62957d

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
59b539db3290e4a1872a94135aba1170

SHA1
b5c07334c755fdf8f824a511c453cc8e53d93716

SHA256
f485addb4ee3085d895bd81e24ae2f3c166e0b0e717be525de4166d2bca62226

SHA512
5499371d87d93ffc4862ef4cd00003ddaf079e5438d44ea1840e953896cace600ec6dd78e1e0d32e29146ea01ad23724130cc231ec8c7150723cabca5ddcd767

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
8e87fb54d1f77c47fd6913ae27eb59e6

SHA1
d661899ae708d932990e682cb7189fa1522bc791

SHA256
30250fdb8f8b397123e6f59c598b61921c60796a5e9e28ea79a88e7b85af2a2f

SHA512
60477c9c39ca0b71cb1226b1c7cb77465fa4a0d00e84a30179de88f9e34e15ceca6aa8ac9ad2fba996c666bad73415f5e6b05879cdd828a63b1ab084bbd66905

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
4d0869bbe7fc2b5cc0be4b3d4210805c

SHA1
523889046affcc6f3de70d6a76496faeaa3f6659

SHA256
9e7e348efa35b3c5dc5813ed0c18954f8a188c90762efddf334156fdc6c3938f

SHA512
368d46a5377a775012d264460fa9d11c5be8d7b3a17ff3f6bca6c8b84f97ef6118d3a8fb10dafad6711d4b18b1450953b2e723c9a71e8258373558608122bfbf

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
02304209cc69c5d9a37f10861f5f5097

SHA1
fbee3c678b08b12ec1e1bd4871751ff63b753aa4

SHA256
589f2432e13af6f58bd93814944947d31e975d13bda89a19209119ad85c383f3

SHA512
e29fd034177325cf4d2f34efb3aee817c6b0a343065fb76ca39824c275438cf79624fb65ad82769e6eb6235d8461de0b046dd63bebc21d3c0523267e782e14fe

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
892119ba838d0c39ab8c2e1fa7a79e0d

SHA1
d55cbaecce82ba33007b0455d0163bb487d583f4

SHA256
299e993395568348c0078da40f251f39e99ca16bae2aa7fcafa02ca4038d95f0

SHA512
dcc8c774b183824f7015039d5edd7f92b4ab39a723d51b4f175e8855525a113c5b4be87f83c6fa311702406fd585ba3d6d95efe7892542b5ad5e57d5158aa228

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
63ca30610678a1d8211b63fe60833956

SHA1
89facbe6839c13000b91cd03e186ab572fd69df8

SHA256
4ed573b3f445e14a913633a7f1d5ae67def769187747d346580bf248d053a65c

SHA512
0bd5b55cb6e377a588f8db0c31de8a77702d129d4ccc0460678b888a88357254eeda3ae230d44fd4bb35c94adcd2f85a951ab8f12e03a4fefb2d452f53e052e7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
6f9811d170898bbadbfc8b40da09a6d0

SHA1
e157fb813b7b72ee3591266a1d53f02735de4dc0

SHA256
58c479f548aa24696964225857da34ca8d409aa96760bd5ef9a1ff53f0951d60

SHA512
20547237f960cefa293dc903ecbab0ca0fca24cda3a57a876a00e1698eac4bad61704bd010ccbfc885b0d766e301dae5655838ff5c4bddd313b5a0a1e0a5834f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
4ecf64230190af3e9c06cb7fd649ce6a

SHA1
f238b356f1eeb5ca081ea326c46800f0d5c73b47

SHA256
5ba01a91b227a1349027e9c9af218e76beaa0c19a300b0acfecf1f5020e5da5d

SHA512
9723ec76b60c724ec17a7b7f66205bb00abf36372f6b2f50f85c05ff0647af45f283389ebdd95405751db63dabc5c0506b5d253253666528669595e600057bed

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
5b4fe41b29be7b04ef8ae925c9ac6028

SHA1
cd158f20e72623b568620861b8edab9e0891509a

SHA256
7b9aecd4b236f1e20db34d64ee6ff14bcc5d2e64a185d0bf155a0f83b44a13d9

SHA512
ae116f084f5203e22df07fd2942cf49cd5d5d4746eb24e1f2ac3e00a7e50dd2691b5ab9f22e67b77080a01c9c5e2f75fb73cee04b234aed2db40fdd605a2de3d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
6938c949a35625693ab85e418607ed05

SHA1
d29049a3719ae791deb0111c5a8a14ee1a34f97b

SHA256
09bdb98484770725f18dac7e3561179af3cf337846d90ef2f925479baa7cf087

SHA512
79825f4289107141b9fabbe18771562f8113fc68dc6a152f7e60d92ea136a0fdc177146ab1e397be2e5091831ce93fe3fb70d6bd9af40f8e0f69caca30017db1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
a3941790f16fa2feff5eae649e4f0be0

SHA1
8504f2e49edc860497b532f97edb2b345dfbfcdf

SHA256
21969866ce61a314b88028dbc54127b012077b0eba5abe3433e2c03d3f8e08de

SHA512
2289ebd2f5f94b3c8c9020060505867b80dd900ddf278967740aafb25c8a0898b4157315f94e564872929d7ef5a627a51b3af3780b7100b3ed5c0a8eb9076abf

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
d621fe645e857a8c7937a86870bc3803

SHA1
259e847bc112965c62d9ee6b37ceccc07a5d31d3

SHA256
d972e6084526dbd742b49e1ee8243202210705e6dd1641a87f634fe220b5fe97

SHA512
84bdea72b92366305466cc44d64fdfc7da9a89a441ccf3f5c2eeab348185ad98bfde5d51f719cb045f957c5a9fd4c1062174b0632f8eea6c98c762dd9d0bddd2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif.DrWeb

Filesize
914B

MD5
5aec2e632c0fa40bd0d9868d84bd65da

SHA1
7022eece02bb94193b429962e3568341bf986beb

SHA256
4a88e970ba513dfcdbc17d5f76e6d832d9ed4774941c0fec3f6dbed7981d2346

SHA512
72b9aceffd41cbbd1086f3c7c3be4df86b7b627a394cda261d8b3fd2226ff988f84663bac1ee7d5d18563368f88b467850b4eebe55c6cf4bcba31b3afca70040

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
4a4610961cf7054371846ddf9b698acb

SHA1
08abab0cdc925f15276b34f9057b2b4374d75e91

SHA256
145ceb87c2822254de51686dc10cd6ce518c8a7fd55f91ff52b55a2c7d261ff2

SHA512
fa8184e2045b3d6c3256d8b2a15dc20db8f3bf84a9c2afc99a1f80185cce88f92a6844fe5e927d1b70c47890e3cb9324114d562d6296ef15b92674ea2f1fd639

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
24221ff193a96e67b0490200700b1cd8

SHA1
e77cc1837ae99cf81f05954a36deceb3933d0e7b

SHA256
8bb94a1038d36af4cf65ef6a5ad67073adaf42b04e1010e1216a3f15b644d3f1

SHA512
389332024a651339d2004bfaf830d4c0152f0e6cc3ee856402b0aeb3616e2aafb32446263db013cd5c4237d9770a2509b88d3c44852a3abd934960834e221385

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
2efad0814d060cc57e7d7a03593d8823

SHA1
338b5b72293f2c6443f990d15b2b1d92470defa7

SHA256
68892b57f32c7ccb80abd47e6e3d0a8d49e218f6b25755d3469ccf8a9ff61d4f

SHA512
407c378ef20fc4c804ffe8d154f4d0ca710f75598ee071400f5f76f8481214cf9935deb10c3018e5b7c9c1746c796a1715f080cf3272fa68e41807f28e50ec7d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
dda41d2092ac8a180be4056793940be2

SHA1
0430766dc4ac9d423822c9a89e8d162c83a77452

SHA256
c4a07cbef162e51ea7bfc13aba0935b28f1c3be891284efcee4e733b455fc015

SHA512
247997497b6eb694f9facc78432b1e3b33b5b2c86799e191e8440b4a38e00067eda3cf866208f209af213766f5db34d4770ea1834d71714c7de4e8a27d48de3e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
fc8627e001777509a38eee77f13e8fc2

SHA1
eb6c9f9f07235841584e9c346d6576c61b1263bd

SHA256
4d2bce0df9a137a5b261d9e0cdb27895c7f55642ac3e970ff54a3d2968d98087

SHA512
13edab65a6b1d89e90ab14b2219112e8603d1c80ef23b7a040308c0c71f83ac421919b25a3af60836ce2bbe5666eccc1bd1169787c84f144ac79f21a72942dc0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
45285d9821eb4ad4093dae9644b1633d

SHA1
0f34a3b50ca8e9aa1f973560edb73259e717274e

SHA256
d566a21d70bc53b0f6700d438eb82669f92fe787d98bc6c705e0f2d40a6d3659

SHA512
b52eb375f62ada9a9b43c2ee5e1a39f6d217217cf03e68bfafddc4c26ba51dde957560e810589521791fa995b3d26765174adadbb67e55863f02791e50edd786

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
b91d73904bdf49006efcc77f0971cb99

SHA1
ca53c3372c5a56e68a00f92fdcb3f90bcffb7ea8

SHA256
c9048b5d26d1621d233f7795ae7c7f7247783e72517cac3bd052174848e22450

SHA512
7e4d494d4d6fabb2c98ea71df2ee6ccac0dfb6ee0aa1656456eacceea3f8967ced8803199d5ef2a76d300fca5bee616e387c5af12d73136f7178745d6b31a5fa

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
6cf7c54d826672507b99cff168aafdea

SHA1
f40210bff0e80cb04698db8ac839165369beb990

SHA256
646f7a9939bfe9fdcf450555e417ebe1922b3f04f49cd81c33ff483d3463fa88

SHA512
dd38cfd549657c77b5e08db40ea8aef779e2aa61b830b4960ecb0ec5b537b4e99a272b3200914a67d1e303858cf05296a2d34ea178905165d57c93f7c1be5e65

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
823e2bc44febb5d62036a4237551830a

SHA1
93a5af1f1f91db1378863be13959521644a01635

SHA256
603d48fc9626f8f697027263de449a09b179cb722d9548432c53093918595c76

SHA512
ac0be7acafb7d9c1d9911ad67894e9c45b009cd10ee76310fd4d076cbdda7b35cf2a3c1c2b5e866d877df90f3792acf6b6808076ba6130bc5d6a4afdf8b817f7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
afb8d984f7e88b031e3ef2f90ebe4551

SHA1
121b2d08b40be1ba80a68c24163c01a235245889

SHA256
e64ec4b3b384efcc2a246f92a3f5dfb01602f55574ed48dae013eace9b772493

SHA512
edcfe941084260f82bfad9ab73d6338db892cc7dc6c571f61b4361fd9288849f0dec5f48f5c63733bfbd35687f109aec81bdc7f49717d0f2a5f17892a5b68841

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
24bfcbd49097e329fd9efe09dd67869b

SHA1
e15d6cdb9519c5a8c021f1553716536bbfb409cb

SHA256
1c859827051acd3eefef668e6c57d93d7a9c8764f5d413e03ce963d0e79543c7

SHA512
3d76dcc65c8beab222331e750b47f095396a1d9e69022a741cd5050c48e64baab35030baeff872c4d84211e3b020b4eadc3b6254aafca7fdd2f406ca7e894ffd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
4089c14771b117cb8016b6e2160b1423

SHA1
b9110dfd0ff76400e9f327a218b4a152ba530e23

SHA256
5aa7b11c44f3ad1f9e9a81635f5db1153b34519c6bb8e211750933ffa8d546f1

SHA512
92c245f490339550666c43e92dd77774d211a6568bd671cd0cdef52363aab7ab846f325e2b093663dfadf36cc24240456e5cc3c67c15cb192af02b97f96aa689

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
cf324e8701f39e753dcdff8246091887

SHA1
bc7e429bddfcfc56f7e807361160ad545029df30

SHA256
95edbaaaf3673faa654a75d207def6167057174ca2a604e5960f7e100d480c31

SHA512
2cce12d7ae3c6883eafe96b0212430369fc5f8095a022ae2f7ae90589204c91c669ad9525ca89eda22baddbd2f05bf7cf79088554dd2a2ce4f31e082112bfbc3

Download Submit