39b5d4d200efa5ebe02aa8ee794daecdbfc63fc1f426afff3aabdc05bd8d43a1

Resubmissions

04-10-2024 05:22

241004-f2te5awfpq 10

03-10-2024 16:50

241003-vcgglazakd 10

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-10-2024 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
Size

653KB
MD5

0fb5388925220accdbb465afa9cf7a36
SHA1

fffd80615af5d5941d1babdbfc10c3c3b094e38e
SHA256

39b5d4d200efa5ebe02aa8ee794daecdbfc63fc1f426afff3aabdc05bd8d43a1
SHA512

de4555089d4b9b8160e0368bf205b59e4a13b1e358561f2c94f57cc43c0164d2652b51da69f81cdfa6a1a65000776a89e1b0266de3be47d7922a91a9f1715ea4
SSDEEP

1536:YOhHHKaFO1was6dsSrwLX7Zf4BCUrGwLW3382iYN2Mxx8aO2B8:pnUr0X7Zf4BCUKwLg3ViG2Mxx8aX

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2188) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\381LRUa33AV89T2.exe"	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Users.gif	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_scopes.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\angelu64.inf_amd64_neutral_3d6079dd78127f5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_operators.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\gameport.inf_amd64_neutral_fe5c4f29488f121e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\imekr8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Assignment_Operators.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced_methods.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_objects.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_pssession_details.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtdkj2.inf_amd64_neutral_0cf7696e2236ca4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\memory.inf_amd64_neutral_c2d2c213c3138487\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_logical_operators.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_CommonParameters.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_trap.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep002.inf_amd64_neutral_efc4a7485b172c07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ko-KR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtron.inf_amd64_neutral_1121c7f92e9e3001\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\dot4.inf_amd64_neutral_b89cfac15ccb2fba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Line_Editing.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_job_details.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_FAQ.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_try_catch_finally.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpsion.inf_amd64_neutral_6e65ea91a16f922a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prngt004.inf_amd64_neutral_f5bf8a7ba9dfff55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_amd64_neutral_9b214cd9b78760aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmotou.inf_amd64_neutral_eb1d978f38f35bca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_methods.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_scopes.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_neutral_9d0740f32ce81d24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc004.inf_amd64_neutral_bbd3435eeaf576ee\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiabr008.inf_amd64_neutral_27d1c9a28eac4eed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_do.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Signing.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_neutral_f77725472d91b1d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_requires.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_split.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep00d.inf_amd64_neutral_dd61103f3a2743d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Break.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions_advanced_methods.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_For.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_profiles.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_pssession_details.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ipmidrv.inf_amd64_neutral_1cb648411f252d13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_types.ps1xml.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnova.inf_amd64_neutral_b52d8db82d8c3be9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pipelines.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00e.inf_amd64_neutral_651eeed98428be5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lafinacfinpcfknp.bmp"	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

Processes:

0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe

description	ioc	process
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATERMAR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\gradient.png	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssLogo.gif	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\10.png	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099160.JPG	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Program Files\Windows NT\TableTextService\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01221K.JPG	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01838_.GIF	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14753_.GIF	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02736G.GIF	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\PUSH.WAV	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_m.png	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\CAN.WAV	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double.png	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\BG_ADOBE.GIF	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\TAB_ON.GIF	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_extractor\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_distributed.gif	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_issue.gif	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_decreaseindent.gif	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new_partly-cloudy.png	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01300_.GIF	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.jpg	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over_BIDI.png	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Thawte Root Certificate.cer	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\PREVIEW.GIF	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STUDIO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Computers\computericonMask.bmp	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent_partly-cloudy.png	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\drag.png	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR22F.GIF	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen\TAB_ON.GIF	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\background.gif	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_Off.png	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\calendar.html	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\month.png	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Program Files\Windows Defender\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\logo.png	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01749_.GIF	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02746U.BMP	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\lua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382930.JPG	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\EmbeddedView.jpg	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl-hot.png	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_FileOffMask.bmp	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..structure.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e665c683bff7ef12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-fdeploy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_698f5a1955de1d89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..gtool-app.resources_31bf3856ad364e35_6.1.7600.16385_en-us_059b965799e73c9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_remote_jobs.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_acpi.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b22aa353d58f137c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-skins_31bf3856ad364e35_6.1.7601.17514_none_07872798f0125495\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..ompositeclassdriver_31bf3856ad364e35_6.1.7600.16385_none_5d5d32a7d4c7eb92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_sr-..-cs_412dfc7d44b0f7b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_msdv.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3e8167ce82d62997\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_server-help-chm.mmc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_47a312d7a4753a0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-clip.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e2084ac9be7b7541\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-c..dlinehelp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d09b2989a09ea61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-festival_31bf3856ad364e35_6.1.7600.16385_none_121f20b55f0bde68\Windows Default.wav	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_rndiscmp.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_755867afe2a608d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..o5-codecs.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8bd4797b4dbcc883\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.Services\4c68ebf1c5c63ebf75ad81a9ca3e3fd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-shfusion__chm_b03f5f7f11d50a3a_6.1.7600.16385_none_bf2e6c09e1c6e4c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..rvice_mof.resources_31bf3856ad364e35_6.1.7600.16385_es-es_24d3552052fff863\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_es-es_85e455db744936f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..ingengine.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_53d1d4a8db7e7aae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-photo-image-codec_31bf3856ad364e35_6.1.7601.17514_none_a1411820a400ef84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..r-setup-thunking-32_31bf3856ad364e35_6.1.7600.16385_none_731cb4d9e6d30038\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.1.7600.16385_none_39dd2292c22c1d9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-shell-soundthemes-raga_31bf3856ad364e35_6.1.7600.16385_none_2fe300bf8e73cdbd\Windows Feed Discovered.wav	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-write_31bf3856ad364e35_6.1.7600.16385_none_bb77c3d6f6c8e3f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_server-help-chm.qos.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_288e5489296781cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.data.datasetextensions.resources_b77a5c561934e089_6.1.7600.16385_de-de_39c60e26b50a96e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.1.7600.16385_none_0bfb8f2b539d4d43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_4c5086c9a2727fc3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b5a6a5ce3cd3d4dd2b151315c612aeff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-media-mp3acm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_29aebc219d987247\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-themefile-aero_31bf3856ad364e35_6.1.7600.16385_none_d5e81742635a7176\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-directx-dxgi_31bf3856ad364e35_6.1.7601.17514_none_3c85e23e7cced2d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..on-authui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1641d14c740080f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-pt_bcd447c1f0c30137\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wdma_usb.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_05c98edd6b3cace0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_jobs.help.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..edirector.resources_31bf3856ad364e35_6.1.7600.16385_es-es_29e3c66b028b48e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..layer-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e1328d5d29f2c130\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wpdmtphw.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b711a0ce8e97618\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..e-utility.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ff337c5c22a2bdaf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..epremiume.resources_31bf3856ad364e35_6.1.7601.17514_de-de_70320daf7f8730be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-a..leshooter.resources_31bf3856ad364e35_6.1.7600.16385_de-de_618f61fff85951a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-rpc-local.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9b91f4c11edec673\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\0fde44651bdf14a3988b955dd94aa318\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-imagingengine_31bf3856ad364e35_6.1.7601.17514_none_8a0f014c44ba8e25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_b8d26fe3a7b3fbfe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_tpm.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5cc40134931b2b32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-cpxl-dll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_260f4e164060042b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-msf.resources_31bf3856ad364e35_6.1.7601.17514_de-de_7bfca3e330da6f01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-browser.resources_31bf3856ad364e35_6.1.7601.17514_es-es_28d96ab499179381\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..epremiume.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4e689473e1365487\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_05c5e84e9f9316bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-fusion_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_8fab7b70b26a3690\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..oundation.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8e7f6f6e1d3df98d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File opened for modification	C:\Windows\ehome\en-US\epgtos.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-khmerui_31bf3856ad364e35_6.1.7600.16385_none_a4fa82598434113b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-httperrorsbinaries_31bf3856ad364e35_6.1.7600.16385_none_5a0871c8f08bc5a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..japanese-customizer_31bf3856ad364e35_6.1.7600.16385_none_62bf7575b8541128\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..ration-ui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ef9ce53fb7566fcb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\inf\SMSvcHost 4.0.0.0\0404\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-diskpart_31bf3856ad364e35_6.1.7601.17514_none_c6fe6ac9ac8c7105\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..interface.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1973e8a0f0bdbae8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sqlliteqp_31bf3856ad364e35_6.1.7600.16385_none_150ca4ff7cfab552\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "GYYYMXEBVVANMWG"	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\ = "CRYPTED!"	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\shell\open\command	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\shell	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\shell\open	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\DefaultIcon	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\381LRUa33AV89T2.exe,0"	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\381LRUa33AV89T2.exe"	0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0fb5388925220accdbb465afa9cf7a36_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
31B

MD5
bbf8ed91be0e18f222cf55d9cd9127aa

SHA1
6bda96c64ac95bb693d81ea75b2ee16501bfdfcd

SHA256
27ef715b6bb915cf94ae427115bfe67b2ba4f160ea2c1f84fec69b7063425f4f

SHA512
98d8a2b2cb86e442631d5e05b4e3d94d8f3909f2e290d609f1a7dafc0d4ad55c49283965dcdd0c04616484cf982359092f5f3f23baeb2d8c84f5240f69efef5d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
77ac8042c7b3c1df6e0d610fe452b3a7

SHA1
f49cfe58d9e831553aeabee2d2e257c145b4bab2

SHA256
8db038a427b7028465df67130b416d44be53a33bc8129d75b2d96c06c6c5d3a0

SHA512
a4be85450691a1a116a88a50d23a743701d63b85ef3101e91bfd363cb6b1436f15d15f7a3fc89d57d3255c8ec245d9f78b613c0e66f9c5bb0d5a2f07b8e20dcd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
700140f0b57b4225281aa41d2f8cd725

SHA1
135ec56221e6b953e0e918cd6bae8539684b1ddd

SHA256
1101ad6e4fe7a312ab9b9b5192749db5133c69f33dd43ea3e21de421e7d3e2a4

SHA512
e1f8dc219e42621cb0f42152b0f4c5ec6978da1e4eea164b564d9cdb8597431f339e64ff6834cdf34fba7bea000dc9a11e6f953ac28211d26e52773307fc0086

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
c1c200e5c5ec1360787813509dcd2df1

SHA1
560abdd967dd0c980904febc23ca9998f6a2bf9c

SHA256
504605512bff51076776e7156e387567017a2dca2fad9f85dd1354f3ca089918

SHA512
d0b5aa8f8f52300982ceb527c36b078df99bab533c0c7ffa1ce682d8ce8712a6748191bf16c07cbd94cdc76b1500d92a6b018e46a25c6c2b3c78048b7f373ff9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
6d97001b3d66c3d4fd062ec4fe5ed059

SHA1
3d04456749af4ff2ce71233152a9815c9bad894c

SHA256
2cd4dd1434ffe7ac9fa044bf01c1b85ba5f299cc7870ba4e65bdd4c2b34935d9

SHA512
b99a383c9d512fb58d1c00cf2fb58816d81fc14c98c28e41894c4d75c559f751bc28802ed4f814431bac6f31c52c37430dc6c824ad57ff5c75b1e816b70902ca

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
dde4fa9170eab372944f3ce7145efe70

SHA1
75e8898516950cb82b4004419f7979657a4a7ed7

SHA256
58308cbe779d47af46c06e19ed57e75a206e2bc78c986a02da60d586c1c30956

SHA512
6ea4c3252bf08a89f9f37da33c938ab0d48d645142600bc6587df6a77bfddb94f322ebcbb5ca7eef241431017de3320c63b4b5e446572192321d77257670ae7d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
a51f5e969848e3ea1ed11714cb69af4c

SHA1
c43dbd9f121deb672ede2b6a801db2f9fdb4cd7a

SHA256
6da3502cb691ea0583de173f1f041e3bd8323585657aa6faf66d34b2e3c09473

SHA512
2329d4bdb13bfb0396a18436717c7b758957d2e1406875c3ec765250849b99c3738a69d1579d38726648e0a331db4aab9649606ebe5c9b79ea711767c08a17c8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
cd82d78761f5cccaba61b9dbd37c4022

SHA1
bea38b581e465bb3924cae79c81276a0310cf01b

SHA256
83f5f313ce9449e09424dd06b2663502b867ebd38f5cf0945944289a5a872111

SHA512
7a5cd395604944a70a12771d7b7764b9d5f22be1e08ce20b6b0058070fb87db5d458ef832d409534c2cafd9ddf0cb09f194c9104b6aaaa65be2c3730c880afd4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
9da7c60b6609a965c8d37b27e788541e

SHA1
0f308ba6ca527211a261538f128e65cb9021973e

SHA256
b08a3390e01fb67e99925a02524ee0f6d8d39a947771710509f3b41f337d17be

SHA512
c543480c0f764d3d34227c6ed4ba0547fee7d785b308eba95246e6dc47a5bc09ab1b3702fabb3404f732be3c64aa79a24d8b0ca087d489ff5d2982a3c4ecfef4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
f84467e2b763afd39bb83644dfb9de02

SHA1
46933c4e477463554ed28c262b054b0c9ae7edb8

SHA256
b94ed596480499659098671dbad89db45bb3894041412a6372fdbe53188ba987

SHA512
862735903d647bf03471bd29661837df0b7e28f10e5e4b1f8840eca098ef966149206ef607b10267129dca50eb5a01e81a47b0dbf37358d296de8144b96ffbc9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
15b3d32e58e6ced8dcc07eb848aaec2c

SHA1
b61e00257219a39787b202523e961feeed2ca808

SHA256
889a457edbd071eaa3c93518eb5e60d3b022bdd9f64f5f9e7b4c16e48f6079ff

SHA512
2680fd8661ffdbb9ec604eeed228b0b5f2a9137411f6c67376e3c645240894e96e65d1cce2f2ad55febea16c012717058da14db64e365dc6221559756a7ec7b8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
49683d5e481c89489dcb731ee3554565

SHA1
691a0079832032078364515ead9f243e8718ec40

SHA256
bf15c961c132155dce67cd81c13e607bfecc190db77be72a38dc36a3c8b3a072

SHA512
2a6043e691d20b6bc94df304bee0712c5c7e31bda49f7d1270b6bc66f8ece147f3f3a952fed333593dff74c36ca49c2f0fc61dd6d687b8fc038156da666f8b16

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
2ea10439bf4710f95a56b21d1902c625

SHA1
c2d187314c6dc6206442e4fe0242f839ebb51dd3

SHA256
1e31a7cc4b38a0d7b9518edac045ddb414c3d900f125d251931525674dffc1e1

SHA512
d155fc2899e4a2997ed0242a7dc1838e3412fa6663d8e8345be769de82149595cbc2a3c2975ccdcbd634a233bd8479710d8a282c64924534881551f812701955

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
1cd1e3a617eca1dba03babeab2145562

SHA1
8f4d2fa60370767a5c0b614dd852d1e973733a91

SHA256
bc6d62ac89ac759959d5ff322b8f67b2c1843155324b83fe703c931bc9a3d12c

SHA512
028200a2f5968ef440e091985b29bd0bece1e05a5cb74bb52a3343edbeb605c810e2a2e14f9d01f29acb786887da63b400a88fba124707aaed595a6793bec092

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
e69f0d3034a1b9798d36b6925c33de96

SHA1
e13a1c6d67a89d234fc41d91f173dc5a86db44d2

SHA256
23db7185c4c900e104ebdd558affd5a668412ccf31cff3a92ebb3d96de4b0cbc

SHA512
3a04b2492f0f5ef00cefc86fd35db395c051942e210578098b6b81aa9a69430d590b8bf68a4bd647babfd9016e901aeb1838929b896d20e613cfe0f59944c4b1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
734fb087e848a795078fcb3325acb899

SHA1
e381c03a882594ec1132c517a43730fc6c266ed2

SHA256
9fbaaa51fd26da473d29c18700cac0bd2d978983ae505e6c377b3cea235d6b09

SHA512
a4bdc2c00546bf45f62fd2b691391fb258f1a95d6937b238a8aac90217caff7e2a9b05302024f119d2ed6851a56c927b38feea97fff35499ec1a19649750ac4f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
66b0fec8151a87ac6e90956be599f7de

SHA1
967a4796dc044d6cf6ab5c262145b4cfe159a354

SHA256
a52a0ff9e4a6e6e09f01f6946d7199100b5fd37c49bf712b5b733b5eedb7d643

SHA512
2aac5213842b8cf4cfab4c59a04f892df19e7c9ac2cfbf63a29f1e9e1970f710fca56b8d5dfc57cc49c49b55d7d1de17bfee05f2f83eaf24e9e35fa77078eee7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
e8d7a3476666e5ae300bb935ebc7b0cc

SHA1
ee06750c597252ae0c4abd066cdf39d76c4042bd

SHA256
fd1c40f351acf2162bed789f43349b64e0843f6eab54fe0def49e63101fbe4f9

SHA512
58e51c3c8bd49288f94552dd8f6d2c5aa7a87441077442ad6fb4e73a4bc5ebb988528f271678368b794f5f6f6a7aef40295ff90ca32bb80518ea766884154482

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
910682b6b335e87ed8e6de10f32300fa

SHA1
b27f0dea387307084c090dcb2d84748d4532b27b

SHA256
d3b9c02835c3cb27d69c0524b3ebdbeb3932d44794fd8472f8d09a885449e170

SHA512
255410ac128b05d836130e76e37a4ec08c57b5aedc7110282824545ad32fbb6295dfe97c5e05139659ba039bfe8d8d3ab700e50bdfad92d625d1bffe4b3410c4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
4a9341830b098a6a4d3f93e6130939b3

SHA1
f2f1b19d3b80d038e21eac14a8baddcf9050cf10

SHA256
18708b7a880d8cc4bf10be3c87c05c350b5d0c249224d00265ef2772f2ba9d2f

SHA512
9f471c54203c2b857807bb5eb0e985371d881351909551c3c52b405a811a93082a09273df1cd9ea4ea27479f2788e5e1151e2064e7ae9a569539a521cacad356

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
f5bebd7c44efe8f58b1e736ce5dd2b4a

SHA1
efbd9e6a192fcaee158d681212b085ed5c9f4bcb

SHA256
c5a671606defd954aca0ecf5fc3b39eebf9e4f3ad64adec69b677dcdaaea620f

SHA512
9c44fb2ee8ca36cbf1f5ff62578a314e609b2ea7c88bfdf6a158ce4cc33d1fad712bcb9478843fa430564dd3611809811842ceffa0f2517441de0f7ccb968fbb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
e182891e384513e45bad52d5163a6e67

SHA1
b9f2561632ea9d97a4058fb69e3cc3355e7f2ef4

SHA256
0cee404e7bdb77cea8218b0b44a2d2fc378d6ca85c54d18a8343643499f995a5

SHA512
b059d370327f9831e28bcc9bd6c3a8c1309ae2dc24d67b1ea05fd9073d2ccb42337683cb12c218649858ff34f7540f7e9a9072e354b6d04b3a68d7382562bad3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
ca79fa1872d37a64db8e3459558f586c

SHA1
54f64cc9b571ae6d0b6fb928cb87ee9349efab26

SHA256
8073002bc77d6d59e6aa94d374c3035aa970d6d16786e3102f7f9c96066b4049

SHA512
89d864ca99e1853ab97b8b01edce6b632427e545591f9493370dbee237876325f9076810459f54cf9651291ac9cd71d4219b06b8b5ec6a45ed35415fb9c6b3ed

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
37fb0b900e721158c216d418b2baa7bd

SHA1
64a533023bf734884a838c4c009970676f0326e5

SHA256
3827eeb276964fe26a28f11902010a96e0a7585dcb35aa36fceddc440e0f0e9b

SHA512
13e8b22755ddbe8ade8adf908a10f3c17f9bf56faad890eddb85c984dc9bb225fde60dcd1629940d4b1393f556e9dcf38799e243d45b946fd71da60e1e1d7952

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
71ff7bc088dabca35b1f573565a62a13

SHA1
b6a9b71240d4d0b0c99a0d1daa14e7e7b9421196

SHA256
067ba18bb38c3e1d563d7b9f05beeed1bf9bb263914571e7fb42b5de2ac2bf22

SHA512
d34ba45172106304213d9b942d4853cc05512a97164e287f6240f190ebe51ef9e53b12ef28f9cdd34b28ce01d17627b36c80318d2e9401d308d3974a2a291374

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
5c75d9ca462b3f08573d8e531baef5f3

SHA1
3bae3273ef3b60379608a369250cb74e482bd5e1

SHA256
f82f69ce0e50d762edb58d0b6f99db47eddbcc147622de2e0c37bd8b7cbd19cf

SHA512
c4fb78046261158b47a45d8014c50012e04c2d036eb369c7b4e9cdd9c6377e8a74817799c26112987bf9ed2aa53246d6352481405469e63ca31cd4d2eef6b27d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
5c1b230faaea2e8fa68323b1046364b7

SHA1
db1d7dcb490072bc8e33668dbd100ca2d7b23bda

SHA256
c74ebbec0c10e3de34c62064363a60472debd3378b50ff1a6d4e7eb2f3f15525

SHA512
b2227d8b8b75a3d2d6c457fd468fc9952cc08618083901dafefd3d2de980de8885bb3a239ea62446c7f2e1f497693897bf1cf92744dddc4cc4dcd5fefdd33a31

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
79a7eb1d60600e1920dd021684014cc6

SHA1
053d220e9f139059e3442aaaf68f87dbd2fdc6e5

SHA256
32eb75bad0e3acfa21863f137fef21f490b43a3eeb9fcda2f39cda4fad604acc

SHA512
3c6136385618b96b044d83161163ad3836ad5fcc44aa08862aa106909db02b67b6cb3c0d978c2204e52fbed033ef612533d5cc95ffc6a2912b804f867e4701c8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
2733a58cb268074f390a402958da2994

SHA1
3712e13ae2ea4561d15c1004858644ebb5e79982

SHA256
5b8d46db85bc76a9e477042d9750ac6cdf8fced18fb1541fbbca67bd4af4062d

SHA512
7ccaed372bb3bde3187d305181512e41bc8a535b832843b41a568dfa824dd4e770f5c63b94fd598cbeddbf89575e3ad68f1bb51da0c9fc1ab5eb1b83543a995f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
b00ae125728cd90c999242f95779ebce

SHA1
bf96b5c92ee0ab73220c29e5d7c54fa244542ccb

SHA256
35d99dad0fae27720da94acbd200f54c7e15979714db1d75a71216ad3ef34254

SHA512
f6ee970ff3d1d9675ca6e5bb5b03b4a3565b24d7c41b46634229124ac5aec6f2355503b884dc514efe98e14d63c8714b02f9afb40c72a9044d97e665a60aa523

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
a159586a2f7a9c58ae35eb3635770cec

SHA1
a254252c45eeaeb39d7f8ee7a7350569bfb2cf6b

SHA256
5c61ea1a96260f6ff4da1d75690ede1954faa04bb860524a9899ce7a53958d12

SHA512
5c95c2eb5c2a7baf0e8e8cdc71c3720a7f9a9e61724c6859b357f5c1104677b3d59e34dbf0b93be0a2bed6159f7b2e21a5f2091789649c2d14643d71f590af3e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
a7a2bf3b920f0c2e1585ea013e6c0cee

SHA1
a039c00fa1183c969a80585191f4c1779e1a3c7c

SHA256
ed48cea77b92fe94048e0455670939cf1a765933af3a0f295ef9e5db531789b5

SHA512
2ee1fa027a9d9aeb06d2e86d34cc0e7282240b48b3529aebb5d3a71d9c7a1e1f34f8905ea2e899f7c540267dcc0ee781430b8a36cec6586158bf7c1e7d195fad

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
37a2b72ac9729996a850f77bb1ad0245

SHA1
3d8ec8f1d8f78b44ba480db8a12b47856121f302

SHA256
91a2e0ccc097845c89f8dc2fbdad0017dde9dc584d1c1e15cd2f9f7d3c37cef2

SHA512
a4a83780dfb4a7cf1f45281ed22c1a26e6cb16a3b092984b0602eab617a41107908205a676514eb0a904d1ba5d7425c577b4c87183b0b9634969801b617ec66e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
743f3ea11bdf81113538f9f43096e6d5

SHA1
65c64f73c5831819c72581f1d6872d3f0bf58943

SHA256
abfa618aec3222fd221043b5c13fe74a750fbb047522651e963791264be7496a

SHA512
f344624e80524d864849a91bd26969a5a85748baf42b72be8dfcf551c41bc0d5b9f959252be7369f4bd1ed15ca8e9bd8135289518e38919c879a8ddf91e81a07

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
7e4ea9a4e495f1247326e2557d8d1ef3

SHA1
c0296423e449813565cf806e1ee22d4920dbbaa8

SHA256
888d964cfd15a39eda09adeccffb3ec85a0e4452e640e6a9c9c4059973abbddc

SHA512
5ea741b98bf2e25bc1298adf3e6013b1553c1b6e7a102095f4220c00ef2f10ad4d6cf957ddb148301bfc59621a056f09d6d257732563768c646682538bd19e12

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
e233ddb8c9429f74525499c6f6f5da71

SHA1
a4b33d774d739b1a60f9ba1000c1c2c1e1b003c8

SHA256
21627dce47347190bc70019736f11d4d0c15c73745ddfccfa72f353da02ab5f3

SHA512
73be0ed56f20a3b40029f971a2081da7c1645c7d7ce11356379e99fc61e0af0d9e9fb07bb9b20e08dc068c853170d22f6f6f642017812d1e5e05d5acbc0bb037

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
41ba16768a11307f78535be5de396ac0

SHA1
30fcd6ea0e574dba6194c588e03fb76e484c628a

SHA256
7b9c2f8931cccad4a562fea57ed23ecff571cf508e9c9f6f3092c7f138442d55

SHA512
51038b2947a3cf3bb35a9094df77fbd4329eaf5989b545c6545b7152969fdf915eb853e26226b6f60d2b3efde88ca1a0baec5a3b80669b313c9476967c3ab79e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
9601d1e45271831601f5b53f6e4c4ff1

SHA1
fa90d006fb7695e006760c519c1bb7802fb48520

SHA256
cc5d7011a3edf440592da4ed853aa61f058218398fba4f7f4b59b507190e03c8

SHA512
31616487bf232466327f411e5091939c7383d7c9cd39d9b76c802743834587a3e0117b9948656d5541cc70fc9039f361814977b9e7c7081d9825a2b607652630

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
d519d7880cd9c549be1c8eaf8cbdefa2

SHA1
ce544538314b24b5a6f7c057f6b4e1bea2c52ee2

SHA256
ad133d4200d1b1316168083ca3d9fb385799ebd1366991b2558fb9692577a0e0

SHA512
979dccf8b79082b85d50c61b63c9df26034db76df84ccdb8c0d5df3e63e7882acffc6ce3635dc4cb0f73fe4a4385fcb1d4e609a12000324bcdf95b865aeba77c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
fdff8dcb227425b1da576eeb2c95b9f1

SHA1
785bcc8a616772676475d779b912dedaf3659362

SHA256
793293e5303d12c199e6fa70cde0fd6b5dc33fb882eba6e1d56a7b95b970e277

SHA512
63c820554c1f816b92288985c36b41ba148538028010675ea2017bade0f5fbdffc3902c16102d0b17ff66fccac8410a3a891468c6b21ffb08404ba26aaa16826

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
c71f6bfb0a31ac78abc20a42799d63a0

SHA1
a132f48b95145a088ff3e2862e58b4a986c06a7b

SHA256
006e843cdb2686839f831ff1e3dff453373a94bfb70582471faab4fec6f94927

SHA512
04b1307c86c358c56b83f32f2e7202a03fd604f785ce36ceeb6ca5ca926e9ab8aeb2f893c6876bece7d47272dbe16cd78544dcd6ffce78dcdc764f843d254e6f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
d9f4374c1c657f76927ffd9c09014e82

SHA1
aa47d1e868dcaf202c9202b95c2e38b74fc20d20

SHA256
1eda285971fad532e6a93ea8e735a210d33f58ef8bb2db7ee515d912a3a93344

SHA512
396c99e578c7277f4a0e074f468193690b884d292529e7fb5dea7d772690fe7906fb29300fea064464ba13595613e468841d5b649a1745c9dde74c348ecdc14b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
210fcf198b9e87435b2ec68464339e0f

SHA1
0dba9eddef693c84156fa4c7a5b0d097b52c9092

SHA256
a27a746dbe86834636801d12adbabb6c38cbb5abf1294aa333c05ff1d85d61a7

SHA512
04c8d805e343a95c8356fa68fa2f2659e2333661548b7802c840c563a0e09f3e5a4551fc50b7b62a63b7f8ddb57c4dbbcec040b6da033fdc2ed8cea8e2f9b994

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
8e00075e15e67e2c73a28fae842a4714

SHA1
48f5027abfd74ecb6b7b1851b11561e168d42a90

SHA256
342c92b99bf06f0e436742208687edad25bcb800675317d7d3f619519d69fdb4

SHA512
cf163c38e9b13b9f3f0660206f8c8b3434d37a246cc6fd3fac3cb37e804cce930a56b9f5a15950c6f4b3630fe9d71c86a95f8b29e649e4df784001f4e512f0e7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
bed7e8b1e10342860e6f6224c464bf2c

SHA1
592bbc84f087854feac62ee1322d0a842474798e

SHA256
8581d8624fbeb3cba8c2ef5b51d05b6b3a2c2b190b6e63557f3788cf7b0653de

SHA512
85fe6cd12ce58cbb4f757724ccfc21e06aef372d5f00676862d34dfbb76b7042270d2c2655559da8388af3c2f3c4a75b4dee434faa90648e40d37e7897a185bd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF.EnCiPhErEd

Filesize
899B

MD5
1e02a50c3a1c53308f238b9c4087a03b

SHA1
43773d8fe1055d54a5e3460b0b76b16ed1f67e41

SHA256
3979e841f724f1695deb9ee66c5cf8c44fabbf19882db501ad2a37342c5450e8

SHA512
e1b28e0c35a4251e6ffbb1b6f6c379207fcd3dbb11e3babad1570b9b4ab0f492723adabd803ce3242e6a19bc1e953221886271dee9dc460bfe1213834a1adcd5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
c3dc7d1a665d111407c964f9b3872641

SHA1
301ed6c87001d0591fd3e0852b5ee3c7f737bd99

SHA256
0a10ca1b0fdbade32877ffe04b29df15072441fc9185b793f5b9833f9cb540b0

SHA512
27a9c7f6e4ece4b3afac0799faa47f03cf4a2142c98e06756b7ce190380a59ebc66c30bc90263db577a72a57c08e1e98d1e33574690def8a8a132e0a0037f16b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
fbc0ed6a464910790df8eddc71eb53ae

SHA1
76c1b87c0f91619f2bc9fdfe5f8807803e54cff8

SHA256
6c01bc3bc83545f1632dbccd3867a2865cfae516b7a673614864f9cfa1d82b22

SHA512
94b56c31ab9eb00fa71dd08b1c50ff752b8e17bae9df643fce2ab94c350375c780dce8cdabfb2829d765a6773c19b42b2bac2eb442a48ddc805b5d2c8a77024b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
664706c07c01163cbe0c12e4a23c94ca

SHA1
e7b6660aa74e4f38f1e0973ce4c1cddcc5a1f47a

SHA256
8e7540022f4822c1080423d934fc5257982fda05b754e34beea1acd01e8b9553

SHA512
e011d8c1ec02ddf2172f69cca6d7f46e90335e1ede706c48dfb025e6da854f1837d9f14323e1030aca85f9f0e208aba9c2301b2fa61989a2cac8a1611f4f5d0e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
a488b5a64803a6ac1c45467b775c6922

SHA1
7194f0ea216820f58321f2908dea2c0d2564ab9a

SHA256
87f0a366e1ba80f00baff4abaaa737e4d5aa8ceaf6af352cfd1f962885279980

SHA512
33e579383360060742f11b2009ab36cfcb6018ba53bf4faf1d126f5f6c9fbd7fad23a0a689c90a58e0917afdda8136cd82dda11e02962bea27713ae39dcae853

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
6e65ebad4de5bd2e2c6cf3bd435bf09f

SHA1
5ca41501cbb86219d7812a7f6c0ea31ddd8d2499

SHA256
475b3d3aa5ba36f38ad8efacb6cd4a1429c902ca14e9a12b9d428760097ee0cb

SHA512
53e0e96f9070222c80f6c65072212b438eb55447c11ae90a4d8fa4139a214fcca643e90243e58083bcb54c8514c9b5a0181c9ba32b2aed0c49fb6b2837e46674

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
3c4aa7cc2f76ceb7548ac83dd61114fc

SHA1
7b4b82a2682d8e2574ff88d02a24fc8b96f9c94e

SHA256
241bf07f82df196a57de1411f60799a4bfe06a9a3f7a810257777aaa4e8c8aad

SHA512
02f347058f18b453ee44ef743b888acccf982fb1ad9d1d80b4e142d7959c2335fcedf983d7a3f69c18a94df2d0f532dda533e54038585b7ba1a2216e8fb1f818

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
dbe4c28b6649eb04bd7e21e3e1bf28c1

SHA1
f5bd6ea3004cb39f00103a3df81fdc61863dca00

SHA256
72ff0bede1267f88a72e9ebcb876872c9ebee0616c605e5effee8d176ee9bad0

SHA512
357a785c5d720795669ab008ad8119afd4b71584fcd8883df925240f635bf9803af8acec3ae36615b324b438d87c454331d24c80cab84577899bfaf240c0f6f0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
06d5a4bd878df7e02491fe716f5c1603

SHA1
4bc5dfcbc1b9fbfc81873d7552189bb0bb76780e

SHA256
3cd1a21f1111b3bedf84f52d03b83bf0fce74163822ba3741bb2d6c4593127b4

SHA512
d04b9530397c58cc932d2942dfeef11b3a46e888296613ca9305237c9127c5ea3b5c42d1137ac79d3519026d615a51923a1f008778a804ea65bb6453be1d85fb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
cddbef87417d86ba87bc722e00db96c7

SHA1
b6bff4845a7673e5f3048321f59a0d68227ea076

SHA256
68de36778c8e0e1f9c323deff3b4edb26ecd7a5c3e1ed8532eab49da6b88bc3a

SHA512
24651a858e0353b613fbdc32967ff4c59020737644b069bbe7c71773d1e4985e026bbad8da05a7bed4337c2b65c40f7f6f848aff020ce1972bb51d495f5f0d6f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
8f397dd9b77fb510e25f4edc2a2f21e7

SHA1
b664e8f9a72bba9ae5a0f5de66a30d9987ebc506

SHA256
1fe6c50321c56535ff2ff46d446c6a25b24487f6a3731c08b559109b090a7fe6

SHA512
b175ac5da0625112850ee00b675404f0460cde0fabdca9eaa6ed684c848bdbef06cba450f8bb5b30f132afa75a0ad0d3e5690f8baed0cdd13e0e8b4d6983be43

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
5a27c6baf3073a7ed65c47a6367fa235

SHA1
d11955684714fe1ebaada9df1b9249bf2df733a9

SHA256
7e35dc787114814d5c844cfd2fd2caf40cb4e2fa5de4236e267641a55b057f91

SHA512
099df5c84ae49945293c8e74cc6f23903cfdf1572e0e48d51781b94b2345a3afe5218147effd0e4dfea51c1c47e3c1f0696c4927cda289c9703301eeacc0bed7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
20c222e5ff8f89e523d2f1f501c70f7c

SHA1
4d5dce6e4986879442e68a6c26462615351649c4

SHA256
2d64829b54e983c9789a939b6a24791e990aba6978b3f93b6f5798260a81a004

SHA512
2a133f31dcf98f7aceeedff8cf7c9449ab7feb0856ec9a30b19af21e6b156b79ff34962c63331cd2eff5edb9d80a70a0317bbf900c6224f0df500be4219b1ffd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
2923e434c4de191d77ac2437d1133de4

SHA1
9208cce7e1d0539e8db4fdfdbe74e8af9b513051

SHA256
c243e323348535a64108e3996118c70831b0c221ca33a31cebaf81f89a3b09a1

SHA512
644b8286916947c38b4fba91f417c908e66004755dcaf9a8520f89687d3f42745f55c467b32497c277cabf0a61c1cc56f7758f7241fa9760e2d28c4e63f12cad

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
6cf8f9dba972ad6ee2299dea2774ae90

SHA1
32418a820051e0f124f66146e007084437fdf0ca

SHA256
fc89c83d3f32dd83704ae04a46699dd541c804bc235242fa6339236c87a8f660

SHA512
240679f81c3914eebe26330bb7c6e055adaf42a4827f6a9f1ae19653a52b5c24b23d9c1f49ffdf026f6639c81dfa385a367c12e3e7580aade2a8451c86daac46

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
3f087b5171c8bfbc19e0deed8076dfe1

SHA1
8d26e5e83f1bf6f7a0d5872274b95e0d3a089828

SHA256
37b46da984282d2eea4ce8b0681f1560527f19376182cf467d71b4d713f1f6c8

SHA512
101d1a697f4bd96f3b595ba239f79418bea9be10f011f897dd4a66d4ab693f225a30bc2057776f972d3730c18a9f662fb9eaad62d482ba900ca8993fb345031e

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
fa15aaf3d503b1003db79e3b0954322e

SHA1
64df1de6dbb09caa09b53b96a58eaff979205658

SHA256
91d33ee47c9ef7e240f5921c7cda73f1fd328ac0683dad7bb9fcc7585e41ce9f

SHA512
fda2a4fd1c611e1f4ff0b80f424c17c271ad5b59db8fb95d7b5765a0fb94d735c9fc86dc4cb0426a6b8aad9818b8f5d290aa9f86a4566c2b384cc8bda6efdd43

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
0b8f2f6bc2a3b978eabef0da2f45935e

SHA1
32cdb29ff39a0d328c62624daddcc1b76bd8cfe8

SHA256
fa4e9232fe479e2fc2637fd3fe2936fffb77e37b0ae2598efbfabd2fb1e610d2

SHA512
410d8963145d09c1f3ee978145e6e6da5a17678834c554e56f0a1adbc07f4b5f8be451bfe9453e130370080176fd770cacfe163be441f58ba78c0fefc6ab2b2c

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
27eccfa2105b25a9c114a19150ed0251

SHA1
f566bd0a7816f3fe53a445382359fb8417bb4b9b

SHA256
a7ba2c4a7fbea98af604d67a5f8cbd39f3982571ed92134f83d6411dfd395129

SHA512
1721f3a605c4640cd377f1e32a532b9c73957ca1961dfe036426230646de4b76745cec5da53b481557c1874d21d76398ba4ee56dfd0628d855d06ee37ef4bf12

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
c54620d42d12b9b1716ea9b103b283dd

SHA1
d82504054bd8ff9b317c2dbd8b7e02a238d15b13

SHA256
994b6a7922ecc32a5eb2814c4ef83e0952025c97a7c66540f864ffb830347529

SHA512
5da223eaa7cb5b4620a5ccce323bb5ba6747f7d220434ac76c60a6be00e86c310b7b2c34ba235c90994a7c8fd2ff0badabc6ecc8450d90c2053e538048927ecb

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
595ba3ca7e3bbea0d2fd13a13d76e5a6

SHA1
282e280233724bf9d5a666b193ed721ea7c5f240

SHA256
a02d36d968365e0fff148a7a1b932fdb76f53c458fa8e52d9fd4ea80719c54d0

SHA512
7e3212f02bb7274241c99337d503472335b6da05f66d52210d267c6f9d839b0f9ea3bad1418dae9ab612bf0505d144234fbea7e49bed93e2606eaefcdeb0e448

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
3f475827a5383da87f5712bd5524216f

SHA1
616636e4eeb36a1f952c83ccf1da09aad2637abf

SHA256
11a12f0f426aa3b023fdfd03c998f169561e590152877ddaf231d0979beaeb8c

SHA512
c9575a6ffe3c52d15c4e810b6bdc41025998375bab68b461a232158f276bc74f07ddb04db619663ead010d754d3d6a3ae30a338095b1ae98d7346af04aabc3a0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
3d8b27fb4e12e7878e7bb9ab2ed4f7e6

SHA1
75a940c6da18642bcb8c7b73b07fcf3ded97b9ae

SHA256
2f35ba9320074c19d98fa9f7666f944d01873a2f5f73d92f653a51a49b62bc1e

SHA512
59710a7ad8c2688623b8318a30d8941f159269b1fa4e54a3ef50a7124613e9008cfe9b7782c95dfbad4ca6fd5502749d72f06cb339cd093135fd22b57c9f9cb8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
5d5c30f7059e67030f6b1e248e751859

SHA1
93e578dd67dc3934551abfbd18677798f13c4032

SHA256
0883f02c70f4e8ee502c030c54b14a89c1595291bbd092747f29028e3fe8fe14

SHA512
92e7503693f6385ee345cbc443930e932ce495fdc4f6f75d94d3c5d9cd823956329d1ac99ebde7f7c84aa22c8fce509c56e9df006543c89d04e5212d5d556377

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
4f8ada6f7f5e3fa6baed6fd1579aa2fe

SHA1
d4752834d3a5d2f972c180b4f1822d6d4a0c9892

SHA256
6277bdc05626dda5be6695886c3cdca57da94224c3025efe37543c3b516a0b3e

SHA512
8e062fde0079b416a0f7c17b18c1e6f89d80b386852ed5ef933a272c3faa3473123c2bf62129f1c9264dc892e6f9cee9b3d35dab9e973e5e625b7e60cbebd698

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
852bd8639c968ccc7f0524db8cbf7619

SHA1
1d3aec234921bb220159e7f0e3a572506352d6fa

SHA256
513bcd138da52db6a6be1520789dbb7e024919650d5ae86abeaa0acb53eb9bad

SHA512
cb779ce81674397feb169a263da9348ee3e93466e2a6cd0667c70bfcfae3302c45abcd012eb90e0838308df8c09b92bf2a30b408f75b1b8b949707d4e07ad8c8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
7ecc6b66544ed8d85fbfa77e870f9904

SHA1
38e1a4b55b41f59c4dcc009e4a0e2876fa39c4d7

SHA256
be83eb4822f1fb3a2a2d34e7fdfe91c9fa157eb3c172d3c9cca7139a376c0525

SHA512
f5d6921fa72477555761b0af58a26af17a0cb5221ed4d111a79ab0ac5a50904bedd9426d4496163a3ff8a61c794c090aaeafad655b7ef272e614186c19803fb7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
72046d9ce2b319185af8e439624582f6

SHA1
46fbb2926f66469ae85f39082fb46dc868dbedfb

SHA256
fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd

SHA512
17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
ab199c81944646ae730543cbab69a12f

SHA1
67af2e806277b2483063f33498e72a034597050d

SHA256
14a58b044147bec4cfb2cae4660313e7f27fdeb249f8efe29bd390bfc30e862b

SHA512
75f71c3ffbe422dc18a5519db4f0d7221be514630425154ea798212cd99830ae97fc2bc3e4e6c5e2257bfe52fae17b7e3dfc07e0848b9d69c30cebccd5812654

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
f91c09c724586d4008a981bda81040b3

SHA1
1a0fc8efbd77580bada232a58d3a7e8aca7fe923

SHA256
9cf0e67ac81adb4fe0e5a9c07e0c37862e926c485204697db968b73f9dc3cd59

SHA512
01cedee6a81bb7686eb81d2ceb784e2eaaded8c29c43d896484da19c395c720c90e5a58d003dd6cb8e288be16c5a96d11101feb5577c5862dab568d14b43647e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
657842ab0aa82bc83740feaa7c881fac

SHA1
5add54f5973de366ee3b458b46a56f9ae4a7c567

SHA256
a9582bae86b74842b0c0605fec16ceafe4d522d3548ea97a996f96d3dfba3342

SHA512
9479d36e1dc93d6b28215e305dbaf9e5d28c1992ac1e2426d79e00459c336a94553024562e448570deb88a29b9802b9ce6bb50ff9e64b34c51b597d23c3bbe8d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
e7004c934099b53682fb0a47c54fa675

SHA1
7a81249e477f0f7ae6cae12fe86e15dbc69a5152

SHA256
d6c02301fa697f2e9f089999afbb993096c33a3482457055dbdeeeb825fb49d8

SHA512
ea61a6c9fe816122a94c15662c2afc2b75f04846abd4597791ce41c8ffc012b74f26011812b8cc5770f6b3fe7ce7579200abbfd191ed46b2508faa768e86950a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
2ec8bbe9e42d18a03c35d06a34d82472

SHA1
84264225c975a32995afefda9fc2de9c9bea14de

SHA256
f0e107b9ecc88328c92eada498f2cb05c07958d37db94789523c167d425c4047

SHA512
6dd14b6d34f346c07c1e6b5450aff3cdf48ca1e1f79d29a47e2d2c9f1b8bd34183e5a322707559bf07574d68b5216be50553763495274c9c13aefb585f7e85e8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
44fd6868a8abda6ed237e949b76a272c

SHA1
3f22c4a7ae76b8260851d2d87473f69ecc158ac7

SHA256
159cf66b90e43addbabe07248b14a8263328bdc39df6aa52d09f3dc6e2ceff34

SHA512
7f9afc6af1650ea972092210d7a9b0f7e9e083d57b036ab24335f48b39c5621e6e4660d1eb964e3454ea402f97969ed631341ecf100840daf1f0ef43d5b8a6a2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
26a0d0a9a6e3bde95f00677ea00807b4

SHA1
9e7123ac216049fb3f1f2f6daacdd4254d5cd72a

SHA256
bde15b532a4e4912c00ef266451124e3945ea082630df884edf8b57c79c5aae5

SHA512
3f31d7b05afadcd32ea3114cbbabc869b132e852adde29a05d2e0377a8706269acb1bb79fb2370a5cffa663a31d49d07f085968490abf69e15eb9cb8b0a45f82

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
bf192e2ba96f207ee77a101b4ac23532

SHA1
83938557ca28ddeb8b22fab5d8913f25df1ce08c

SHA256
e56ef30f183cc6fea016af8d29f53e302aa1ff61c62666689b647f1a2fce215a

SHA512
87d412c1d3f7823816f5cf30883651e421db310cb8957f129601c86afce274102ca4e67c70ff0a38bcefe855fd7557594e87e7508cb915b46ffe5f8f43fcdaed

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
c7a95a6915cd1ca2978296aac9ac2e9d

SHA1
03bd27fe2add13a4c343f7b62e12708f4ff71b3e

SHA256
7a093e21b2574cd31674ceecf9a2e3c9681dba2b79f0df59e340fea9c71448ba

SHA512
f4e450d16bb493e279d12eff794b2a6ad28bb29d6224ce9816204fdd9235ce33c8773ffdde0d0782f563c4aa5ef47e4ddccfd0c667631e600534beaa968df7af

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
83c64691888a7111304f05205b1a73d7

SHA1
eb4aceccbc0833ccb92fe69530b20b2b12c0b0be

SHA256
66bb35f67aac3844bf01ea5126f3c2e45e95f808614a13e67f58cf796e6714ec

SHA512
fef0344f765e625430ab0a4d67cef2d971d514ef6a3b970a80c7460920fa71eb8ec41b2343ef3a197125ce94d060766445a550631298f01534788694f0e7621e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
32c59d972597b07defde0884c25b7724

SHA1
c5e56accaf5c719031b58f6b47aebb77f206f324

SHA256
0afe3d5b48d5dc7638755b29808ff3eec1827cfdb83a9e97e3390a4ce1115cd2

SHA512
e529d6ad9d7a11b9f6d8e89d82817be69bbec36e0e1214236460f7f7804cbff50c27d68de24f6d6be0d41709540fe3daa1d3381ad5d715cf2dcf634c5a58d6dc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
9553b91a6f1892b296ecd62db993bf44

SHA1
180cacfe7d39e19174efedcb8348dc0815d4cda5

SHA256
d7d1254694d3519061420033714edae30d43ae6c41c9037584587300d60db034

SHA512
5cfcda1fc41a83f6ee586fc23636c610635829b9bf1739da627a60830d9c4d80fe280eadf5115e97dd002690baa7cba8345d1c0df7d0e22221b25b8a367e2b55

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
c06770b00e694c1e952b2ff0d6419595

SHA1
1b0f6aa962c07e1f21154b1a6de8b1cac12d446a

SHA256
32f43776756608aaa16117c8af45e6f4bf7ddf22bcc9d44ddd5282f36845e6de

SHA512
3be0c59e6aaebad20752eca28150b2de8f56dca7f434ffefbac7f5c5cc659542b0b0e1781fe0b0654f60af61a4bdd15e534dbe022725fac83744692dbe879c62

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
f8d17d909f0d291e57eb54ebaa796790

SHA1
47c8dfcdca8b7d9fefa0fda2d349070d84d348a6

SHA256
285d660fb8828c09024afe9af81b076ae74b49c14c6bb4b257a7bff4b8818428

SHA512
277f4cab899b090f81104b40572874c89f25f8c7250f9fc4b24bba800bb1fab709132cab4998efd61d47995349e6794305adcdb1d0a8381beecaca00c4471050

Download Submit