7373393f8dfa7f01ac42b42c92b33683489e99605bd2db2339aee7daa57924f6

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-10-2024 10:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
Size

231KB
MD5

2113f6ec5f174e363c20508ba20fe96a
SHA1

6d548a53f9dcc79919e4fe492c540334ab814625
SHA256

7373393f8dfa7f01ac42b42c92b33683489e99605bd2db2339aee7daa57924f6
SHA512

929fb4855829499db5fd3ccd43458933a6a128cb37c6bfaa78adfcedf4e8e89e608252339385ff75f8d784bd33fbdd6cc722631854a13570aad28e2ce7ddf52e
SSDEEP

6144:IJFW+7G1EjB6vPrsEjp13J1y4HArcy8e9:U6yE333r38

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2548) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yj81lIX63k4iGGn.exe"	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\prnkm003.inf_amd64_neutral_48652cda3bb15180\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_neutral_14f9249844f1cf17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Return.help.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tpm.inf_amd64_neutral_d5bb6575cf91cd73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\prnport.vbs	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmts.inf_amd64_neutral_b7f0a8d5f67c19e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtron.inf_amd64_neutral_1121c7f92e9e3001\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Continue.help.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\com\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl004.inf_amd64_neutral_1874f16002601f78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\pl-PL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\th-TH\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmusrgl.inf_amd64_neutral_d42522943de68905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph3xibc9.inf_amd64_neutral_ff3a566e4b6ba035\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cxraptor_philipstuv1236d_ibv64.inf_amd64_neutral_b6a3e57df5bad299\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\lt-LT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DriverStore\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0024\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\WSMT\rras\replacementmanifests\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\msiexec.exe	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky305.inf_amd64_ja-jp_4d77cc4802b17ec3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky306.inf_amd64_ja-jp_97f0de39317f6837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scrawpdo.inf_amd64_neutral_4c228493af8567bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\fontview.exe	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_hash_tables.help.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\digitalmediadevice.inf_amd64_neutral_6fd673519d66ab20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_script_internationalization.help.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmarch.inf_amd64_neutral_4261401e3170ebfb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Sxs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph3xibc0.inf_amd64_neutral_c24bcc939e6dfc23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0014\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\OptionalFeatures.exe	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\prnqctl.vbs	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky002.inf_amd64_neutral_525d9740c77e325f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_jobs.help.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_split.help.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsonyu.inf_amd64_neutral_45152a8a9362fb82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr005.inf_amd64_neutral_9e4cc05e0d4bcb33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\powercfg.exe	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions_cmdletbindingattribute.help.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx003.inf_amd64_neutral_d1510a8315a2ea0d\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnok002.inf_amd64_neutral_616c1e9b7df7d5a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph3xibc12.inf_amd64_neutral_ff7295ba5a46d63f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rdvgwddm.inf_amd64_neutral_dd691eae66f3032d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtdkj4.inf_amd64_neutral_c150a510c4b85ce7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00v.inf_amd64_neutral_86ff307c66080d00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\calc.exe	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_neutral_4b99fffee061ff26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fillnaddfikknafi.bmp"	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

Processes:

2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\settings.html	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\40.png	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099156.JPG	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\bin\servertool.exe	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Purble Place\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\PREVIEW.GIF	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)grayStateIcon.png	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent.png	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Services\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01749_.GIF	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_up.png	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_few-showers.png	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\MarkupIconImagesMask.bmp	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_left.gif	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\slideShow.html	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\bg_sidebar.png	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_windy.png	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115863.GIF	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\PicturesToolIconImages.jpg	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ViewHeaderPreview.jpg	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\glow.png	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02746U.BMP	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\Whistling.wav	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341551.JPG	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_underline.gif	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Media Player\setup_wm.exe	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01265U.BMP	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR31B.GIF	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_partly-cloudy.png	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\gui\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\47.png	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02097_.GIF	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIconImagesMask.bmp	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\SplashScreen.bmp	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\settings.html	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03380I.JPG	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_Premium.gif	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Peacock.htm	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\DATETIME.JPG	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..crosoftjhengheibold_31bf3856ad364e35_6.1.7600.16385_none_baa58b03c657ca8d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-backup-cpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2a340cc01c83b04c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netb57va.inf_31bf3856ad364e35_6.1.7600.16385_none_581eb8ede4375d14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_server-help-chm.qos.resources_31bf3856ad364e35_6.1.7600.16385_it-it_12b64ad00099674d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wdmaudio.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e730945d85cdff3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..txvideoacceleration_31bf3856ad364e35_6.1.7600.16385_none_6bab08b1a3868589\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-dot3gpclient.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_478d5a6fc8dd61ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_en-us_492959f9bd028207\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-icacls_31bf3856ad364e35_6.1.7600.16385_none_328af534074dc6cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..engineres.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6cac38d52f2b60ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-photoacquire_31bf3856ad364e35_6.1.7601.17514_none_925c6a062361e055\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..duled-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b6984cb6532681ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..tivexcore.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_746a89639016e5ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..k-service.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0dbd47353d530cdb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-qos-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e5c19cac5324e6a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-security-ntlm-mof_31bf3856ad364e35_6.1.7600.16385_none_8aa0c2aae4765631\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-msports.resources_31bf3856ad364e35_6.1.7600.16385_es-es_daa4901a41856a79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\08d77067bceade0839fda4c78a304038\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-timeout.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c310ce2807b49cc5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-dvdburn.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d7c039199f71e906\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-azman_31bf3856ad364e35_6.1.7601.17514_none_b47d1ea4c958e6da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-duser.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_fff5b280f9c70559\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..eservices.resources_31bf3856ad364e35_6.1.7601.17514_es-es_3748f6b1d0ec8a32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_en-us_1039fd7fa6efbe65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..onal-codepage-10001_31bf3856ad364e35_6.1.7600.16385_none_24048e9b29f89885\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-j..buggeride.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_5d4eefa8314d0c94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..ents-mdac-oledb-rll_31bf3856ad364e35_6.1.7600.16385_none_f83672e25a90465b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Data.Linq.resources\3.5.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..ype-microsoftuighur_31bf3856ad364e35_6.1.7600.16385_none_1312b5e22558207e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-mscoree_tlb_b03f5f7f11d50a3a_6.1.7600.16385_none_70416df523130950\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.visualbasic.resources_b03f5f7f11d50a3a_6.1.7600.16385_fr-fr_f8e3e86473672c4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..ngconsole.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7acae5d4b206f7bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\33.png	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_6.1.7601.17514_none_12d42225a9a7aef7\nfsadmin.exe	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1ad085cc2ebeeada\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.1.7600.16385_zh-hk_7d8982db6f41dca8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-e..nt-client.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_14941c232d3c4d43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..plication.resources_31bf3856ad364e35_8.0.7600.16385_es-es_6fb966f8e8095070\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-v..cprovider.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b865ecfb8d571496\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx35linq-system.web.dynamicdata_31bf3856ad364e35_6.1.7601.17514_none_0ddf9afd5455510c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-r..y-service.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_718581684fad800d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7601.17514_en-us_9c23fd3941bcc44e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnep002.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_11ad1328609df59e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..n-playapi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c46639fc29f5072\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_iirsp2.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_7bb4c6b8c1b28384\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..xtensions.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4d2228ceb3c7b24a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-credwiz_31bf3856ad364e35_6.1.7600.16385_none_fbcfa2528586252f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_job_details.help.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-garden_31bf3856ad364e35_6.1.7600.16385_none_f7a4bf1e15863e21\Windows Ding.wav	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_6fb51b358e21d75f\boxed-delete.avi	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-x..achviewer.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_83e1ef13fa56314d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnep00g.inf_31bf3856ad364e35_6.1.7600.16385_none_afdac3e7463477e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\Help\mui\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-performance.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f9b78bc742954cc7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-stickynotes.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ad8e988c6b87813d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-korean-cacpad_31bf3856ad364e35_6.1.7600.16385_none_7057fb5fe3c0ed2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..er-office.resources_31bf3856ad364e35_7.0.7600.16385_de-de_5b5a6afc3f413c1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-ratings.resources_31bf3856ad364e35_11.2.9600.16428_en-us_3c143fa39ed4f150\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_scopes.help.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnod002.inf_31bf3856ad364e35_6.1.7600.16385_none_ae12c1cb94acf497\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AFZBCNZEIHUPOAG\DefaultIcon	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AFZBCNZEIHUPOAG\shell\open\command	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AFZBCNZEIHUPOAG\shell	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AFZBCNZEIHUPOAG\shell\open	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AFZBCNZEIHUPOAG\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yj81lIX63k4iGGn.exe"	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.porno	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.porno\ = "AFZBCNZEIHUPOAG"	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AFZBCNZEIHUPOAG\ = "CRYPTED!"	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AFZBCNZEIHUPOAG	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AFZBCNZEIHUPOAG\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yj81lIX63k4iGGn.exe,0"	2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2113f6ec5f174e363c20508ba20fe96a_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
230B

MD5
ac69af47df8ef098d5686092ce8f9f10

SHA1
2e60d0057f0bc197f792bf855fb38ac07448a5fc

SHA256
bb7675abf95f706b88fac088a56f5194db57415e7ff8433097ed96edae7af086

SHA512
dceb24df89f0855d439d3ed461cac17d56216b4c0b7348c6623d8d92c32f65515713089021ee621f7c7de5ba6437889e1e6d4bc041b6b2c61907ae5e1fd991fc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
12c278e2d2e57af1948c9c6657620b05

SHA1
54a51ff5688d9887c06323ba6d1472aa549a7ef4

SHA256
50278fe1d30d74d53c397830b309727fda1144914d0a2d5cbcf8e9f0130f96a0

SHA512
d23706349b9c17795709c333bc1e3d79f92c321d18981942467129523ce708cb5e58816e74a38d7c3613d5477faf7d070a9058fb03e3c921506c508cd0e47552

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
1cf4e1a31fe16abc17a1b3649e3ba602

SHA1
d5a798466e2c5faaaf09e64cb67251c0bbafcbfe

SHA256
8989afc3cabd9c40696f0d335c4ec139d49fc535d1d4d35f7321e88671048538

SHA512
48b8fb57a869736d557248b887a25080f2b33f56e6f1729f18c00f47d3fd49249099a43d9f49d334f817fc5feeea007449d4b6e96229357b496d39d5903d2218

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
013c02aae9b1985a0318e2b6c9aaeac1

SHA1
eaa0d3ca556fa6639a631e9b302dc5e0393de455

SHA256
dffd10a231da6143e8271cc3dc412aa654f5af66b485bdc661fec3c292bdda55

SHA512
ee1082698a5e6ecc8b7d67e011e80fb69b7956037cc926aeb6a0b1f671c32cd330cce4b02dc10e5191933b079ab8702107f9a60385ee9a0b0843fc91a6bdeda1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
61e8a3febc72e3f27b809078a06050ee

SHA1
9cda4bf0be8ef03074a3f47432cd4cf787338d1c

SHA256
6ecf84f9d3e734a74eb5f289b6324461344246e3d9a7d426efef69045cd0e034

SHA512
1d7c8942d144bc763d5160eece91cb9b9f0bd0b9fc5edd437550941491ed5e7ffe20baf884b10c828aa97588cba82c1df0ac423ec58f12692ddaa735435a0bfb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
a61d7ecede5df25f349ca93613f79009

SHA1
96bda045ecff6859c59cab4d41b914ce1d0ec90b

SHA256
7e38499958e6cebe35e59594f8a5cc4399bdd3166b25b80d29b17c06aad1021b

SHA512
ca5f2ea484e8244367cde86baf73ec59dfe4936fc7fb3057eb9d20a735766139a8ed69fd7df6b84cea68a7e37edec653a4bb1e4271d890c5c58f9ef0e3e9bf1a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
83f060cfccd6e11408eaf88a3c40ee10

SHA1
f59628387d25dbc502f7e21fab224f29f4c4db01

SHA256
67b0abb80b947468284ef6f6d63bb1e74dbb41d8bcc55e03a1c291831363c0d0

SHA512
1fa7c519f727c771db5582700828562d688e142efad0d83e7dd0f3be2ee70e42e3cd3267ad05aa6ea67bc0ceccebefb57d486f7aff9010206401547a1b5de7ef

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
09fa7d1a86c0ad4e374c0b2bce9424f4

SHA1
053fe885ed1e7a1738b47872af77f7fd3850a4a0

SHA256
9311df6c8344dad2a1c9a5f83e4175f8c5511d37fa215e7a675d55c52c47074d

SHA512
5966463619395f7b496354cdddc6d56410e1ec679df63e90522145f188876efad4f69d20fdf437321ade0f9c3108e5af4295ff4e83d4a64b8c8257c7fe20fa61

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
062071e8c0e1a64f4c043843a981fc82

SHA1
ec43fd8bddad3287361231fde2024c09ea6ac7d3

SHA256
43bdfd82ddbb5d29c09789dbcb721d2c2e492557de91a545297725d7ee5d54b2

SHA512
ab7c887a49a1a459a6d819d125cd1e117e35e7578c9c0f3e08bdd6d158b49b64f9f6ed6f3c55d250dd70fe971a2281abc3c9835abff865e8995fa15937fe2e11

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
227ebdaabcf690c3b52ba240530421d9

SHA1
5ee0a26228c429cedd8e304ddc4d061bb83482c1

SHA256
31218880c08bb2dcf40d650d7715c9a59adec536bf6a1f48474e3086b0e10138

SHA512
38d44497af90e987fb93b6807991aea3d8471b71cf7d8c85e9ee6ef9413b39c843e410a47e6aa861419dbbb0eb442454cdccbb0e9975bb6221d0cdcd93dab115

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
bc84034df8a808dae9ddbf3d3c2b06e7

SHA1
a57c4b1395d502329191ef15a9aa0762c22c119f

SHA256
831844cfda7a205deb4bab21a7317748d705bfc652434a20bca787cf3454aace

SHA512
a3962e2265ef7e367d4c951af624e1626a3324de8b2531e6f8dd3443e504c47f8b78347443df1dbf1d76104a98686c9093a71ebbfc324b63d0d7360d21873d31

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
734b72e08496564c60c0b1c592750bed

SHA1
db2e1576daabe9c1e363bd5964ccaeb61d354906

SHA256
7f7204f5b11d434a720bd029880083bea22a538f0bc4b7cb12c44635b2eec76c

SHA512
85eb0c5b2ab69f24d06e6aa390e6a2fd4c5c514a5b3ec5ee8c3a2a04ba397a57d560a34dc6d406823f96fb9e32ca3da44f9420fea7ca6194090f6ec5536677c1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
acc9f88a360523cd7109f3f42ac30331

SHA1
7113ab4ce74dbded57ffc68b4f1cad90524f4c70

SHA256
ce260915ee673257d5af335b2d38098a93c0e98e5128026380c09fd03a3cea95

SHA512
86fa2d2e3e7ef59803605546167cf9980c8b81e21afb26b08c71b334dcb3096e7a215588a040f04672b284439eba3cb46583c6692c511a36b265859b867e3db6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
e623b95f3acd474e28f4cc1cd4cd57f8

SHA1
3877b31eb10fd4f9ed173af17d1a0ebd9a128704

SHA256
b566e5a065a95fe692e40d4b7a41342714139a6aa972e73ded6f98996bd00d7f

SHA512
fbe21bb6a2112ef5a1df94b559a457ba85d4231a11da3816a142e0a5efb04cae8545c3de7d6c6f935795eb9bd190cc25c9e13a2ad74a4f1971df00a69b923494

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
6e691b5cb06bf679c9b46b72eb22fbde

SHA1
c185149f52d0aad4938f7c614a528f4db46272e3

SHA256
e86f1d8df8c3d76de50e8d678f93c6fd7c82caf45d1e0728757bf2e215760645

SHA512
4a833a59dc4f5c5325c3a0627129909ecbbded4adb558e1618e7c513539dd9c45f74c603e5d0ab5e2785ab36d3a96780571ef288f85f93f777d9d37ad24b7d55

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
8bb0487565463f15b978d323e4701304

SHA1
8bc9bb4256604ae6edda596fa86e3f535ea3f62c

SHA256
d37b2f847b41c356e1c4e3840c5a0f52e62fa6d3ffc6b33ed54b5204651d158d

SHA512
18dedb335b67a888e82a3a61a4b20c4349c257ac3ca22b52bebfa74c6e5778188f3102ff8ddd28685f27dec6f4b308cf4eb0dde72a8beda2bccfe57aa8152b30

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
bb3bc0d29ac6f27340a51fc4ffffd006

SHA1
f599fbd80e8c0df6b733051b5d39b5e5451f3c2a

SHA256
b7294b858afc0716e6bba0e4fea76edcd87924f689c67dda90e62d35dfb85aea

SHA512
f09be8ba83db56f3e1642ab16eb524a3d716f274aa2cacaf1293ea53085ab32407ae7ae755373a9ce03430280d0ad033c2f1ee71a4228caade7cee7553620923

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
708a9d9ba078605ca76ae15d728048ad

SHA1
367bf5751651fee344f66f3672aa8ff8dba584e4

SHA256
6ced8695bd3ca36a6aba40978658c2bf5e8fa0ba6f729bd63fbd48d7ffd59d4b

SHA512
34e3f2fb1c05ed00f9c3165155ed787613af1f55954b94e510e55fd2f1e991baeaddb7e97e4c584abcd104475302573db5b3b56d6802550cfe6d0939d7f8651f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
c1ce034b73261e11a1f687c74670d071

SHA1
74d9f7441d48210f1ee95acdcc27e4cb7ee46898

SHA256
c631fd9ab09a908c15cebec9098dd35e1c3430dff5eb2d8c39a69bf2ad8a38c0

SHA512
f9920d65194666026340d1a121d52ce0c9aa045ea388cba36bf4ee13880306564a6641c63b649cf75a6aa5cbbc46d1fe701c8db86184b7afbdbc67c75d53b5a6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
b6c1e12b25ce4ab60931461094ce3598

SHA1
111f83c388804e6c37e75e30a56db0bd886657fc

SHA256
be07c15bd618304d8f7c644f2a7b10756d68f524c6723be01a3583c1291df88f

SHA512
b5c3cfcf492022724b700b030051b965c13a7a1436ee5a65219aae8a02b799b14409e91c0664a66e67b221d285fb8ea7f73d613b19d9c353b831a74c21e4a303

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
6abb2768ee621c444833c6202b0a6ba7

SHA1
020f1511395117577ee15aa05dcb9212a449c9cc

SHA256
360e1ac096af3eca731c9170100b164db55c1bf27e70ba6a7655fbc5fadc095b

SHA512
a7b688d60247dd5812715d3e2a1e0ab29dcdedc5bc6e1968e5f83f60251d76be6ced361cc81728e57ac7b708bdfbaf34f3c27b1aafeb0ea89f26c6e0a3a6dd3b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
6e0cd8e990332e89400b89a9c1f859f3

SHA1
0a9367709aa2026f4843e7e6fc67c5978361aaf7

SHA256
62858a44c9990d034e489ecec350d00ec371c4bdb70b6d546ba18fb7427ad139

SHA512
0f38c7c923b7252cafbce98e1e7180047c0b567e76680ac79ed32b497e049cd6316ffbc8c2966b8d3996a2d1e545aaca9cd2639863fad8166c55c0cea0a65290

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
4ee2349e98fd0f02412c0e3b71b59a3d

SHA1
e6f2844353687aa457ad3223af5c8b5fd5300365

SHA256
82727d55ac36f5abf6cd3f4effedac4b363541986b8b78b98cdf9445d02bc793

SHA512
b725b66019dc663d399500bb60d9b49771d8ee9f2c59a3fac26cf87f40d2d443acc763aff89f8fc1216a7d7f662c0f3ddd8e38ca51e8455eb98edb25259cddee

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
6795bb0235751a13a43c2fbfe6f7f431

SHA1
0ed62ff4d1d12fa02541144b7c41a0c2a59e92b9

SHA256
c62deee134f3c6b5e0eed82f2ce0eaf3d45c591832f5335d758462fdf0dd32e3

SHA512
aeb7383a7ef3c45aae55c0169fe5b221d3378d64a2e93ddbab0a637585327ab8d9605f8cd24b6bf80d2152522eb53818a43bf649bca4de950b55cab5aa6696ea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
52cf2f632dcae0b0964b3611b06a4f3e

SHA1
0cde1f43745ff49465c91efc0ff7dadfc6ae7bae

SHA256
1e99f50e08a713b021b14e9673fc7b009748620c4dcb3e9cffa94cc1f83646f9

SHA512
c1666c1461ce81ecd61939ae2b12e2cee6dfe11ac6df629d70cea5c8f3880ec63e1083674152240eab83571c85bd5da874c74e28bd33a6e54eec6a2b9f65efc3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
3c8eb29ec9c995a56ad43eb31026f90b

SHA1
5c038a5565c5856325f8b31f3619644903e137a0

SHA256
0063920b781c82be96c1f42493e73ac14a2b8d423f5c31f17e25b9bc1d5d7c75

SHA512
dc86922f1e6d64700473c7a6f59903d8011cdd3e67d1ea9b38567d502f6b732db7e2d461c5c6d341e5d827be79a5bad9206c4640b881f52fcb6ecf842c472343

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
3b8481f12298282a08b6b9e7bb00cf11

SHA1
d5f1719d5905ac910e56f0655033a0a53a9fb217

SHA256
4915f7637792398ad842af1293e8d0c6dcbbf43461e01a337d195196f145a81d

SHA512
62df67a39cf5725ef88579a306e3d04dfa82e45a452e7a23002ed427e5716193f05f810083b0953f80d8b258fe8e2793b26991ce5b396ee2fd4d83af9dac820a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
2e2c32b280e0e2f7c39fad1ae4276ab3

SHA1
7cb04acb77cb2099cdd52a7da42187fc43968e2b

SHA256
dd8c641e9a35c4307737bde06cf738bc010fe19d57275c88d5351787dab49728

SHA512
2a4a1f2407694608128d6485ff74e906f682cf561504ed1080bffd0034bdde890c32002d565a43585681315dcae50999fbd2f3dfe9e27bedd2a6143d61921630

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
a0686181f52f4f7ee10f73f0fde3dff1

SHA1
d8af3c3de9ffff35622f5dcb52d4bc50af0942ed

SHA256
887e68a52dc217d32fad8fb18c0aa1a779f70a972eb43e8e73e44bbb7add468d

SHA512
36a762cb2af8947a82ba9ae52fc72a4019631f5ad7f594d4717aeed25724a458f95755a9fbf5507fb98ea4d842191936b21fd91f57e51e9b6e18c62456c04567

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
fdffca58f4ec7104521e25a84312880a

SHA1
86efd074239d14ae7da2a3f5c71f1bf42dafd97c

SHA256
0d2efa6e89713c1ebfc76da99b4d7e243443498e79d2770a2f9356e161e2661f

SHA512
3d55745d0cd10125bd095098b90dc10a1c65969a481b4f9350e207e97c38af301a3575cb9bf9fec2d2de484ea71792d4949bb40376c69018805faf3d988b0031

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
9c4aa195e75777fbaff89a7abca1d390

SHA1
eb568df6f0f0d996d883bd6e2742ee86256fef35

SHA256
ca44d675a26bc3f12149e9de40677848267fa3ec3f13f78a97582bb9b39232e2

SHA512
6b9564a69c3c977d2cd1440e9616159ea89c252aa1e0775400841d05c6a4b9e1286370c541fd5b04ab64a4733d783f49b5e3438982c8c9f4b00cec6aecceb6ec

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
07b2a1c545df94814ae217de69d57153

SHA1
d314464d7d09f5a6888a7c8121a66b5d11668d5e

SHA256
b7ab52436d114b8d2d25afcdc2f0c86c4650d7b8e2916f013359d215e304a271

SHA512
1803277d93c8acf562315d8a2416f222da6b678eaba28e9fd80facb876f1547ea7c869cc677ad9a771970f08f18183ddd46e430aaa2793e2540cb6e77c727655

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
907e61ba3b8d0188ddf9aca6aab38e9f

SHA1
222dd9b9f81023ae9b7e52786a5e2159ed60160d

SHA256
7a37c49568f53871b48be193f001d0000a9451f36028e11e4c05808461156d1f

SHA512
6718ad3e19206ed6e71369d55e65c26f435c67af490abb78858b2c6e649d3614c5c7d25efdebacccc92f4eef8b27d9b2fb106bfa7d2afea87899cdda19baed4a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
edad14c19c9d8013796f3f1d8d59509a

SHA1
38e9b506a56f09df25410699001f1f6a11f1cb34

SHA256
800902269576110a38135c3e75f94a9c33fc188591218f6993348a4dd8c6a6e2

SHA512
bc2959b81465868b9a20e466ad9e068c124a81f3f22f258f4699a76170fefdb856be74f5d5d4d8b309b2100f70bfc49a324c822cb13efea2144b61196739d82f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
2006ee36baa0d073d94add723982c398

SHA1
2ff67b5578dd73d22758a5b6538601fd513bacab

SHA256
31037ec04b70dc17e992972e6d6d0e1f97dececa791002ebb175a721d73a0a3a

SHA512
dae32b2ea30e2db3d5c0fea9175586325f8094675e61505e4145c87d7dc7f23f1aa61252c903c388ac1ecaa1cc0d04150f15a825789cec1f3085cf2484dbf3cf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
47901c0d9a0f75511ee91a4944e20b40

SHA1
054fc2f28b2d72b8abffc532677fe6070d950d2a

SHA256
4c1d79b3f34191709e5ccdeb1856f1bbbf23c8b62c413ca6ac9b82814c313694

SHA512
5d4216838240d9a34971823a0b430044189d489a7dcd807f9e8586ec432c275ad5d4c0f61561e415fbb2c021cb24fded24523dc223fe2a394b3958539cc9ae58

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
033394668b2b10e6552f6fceefb540ab

SHA1
a97c0cbe2d9a715bfece0ff93c7e58dda789e39d

SHA256
94b0ec21966d854e23948eb2abc219d628abfa2019f195584072f2127ba7fd53

SHA512
a7e3c29a5bcecc672be3e3fc4ddae26f93fa43cb256201455d9bf8f1b4952267a5c94be8912ff72cc0d69a89e300e50762c76084ae28169700a6082c8de5bd4a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
76ab2b350fa649634d99dbcccff3de8e

SHA1
e1f7a7a389cca106cb9b2aa8353e610037603f60

SHA256
ea719c42232b997641b8f3078b79f0bf0fc5cf0f465a79260ce2b03f85933ba5

SHA512
e4ce70bcfeafe959d9701680bb986c55404d610d2482906a42fe3a30a9fae0f096d88aa63e6d66a24d6a2057f16569774136ffc0e4c9a35e0e6dc82f9cb51c7a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
b62e5084e5730d0a1fd4ea46ad7b6cb2

SHA1
8f411c796f31a84f3cf77f1d1de0c1436e3cccba

SHA256
8ca8500e353dc293fbf7b60a3ff73607f6b82db0009dd8ec0ba15a123e483876

SHA512
d159a52506838baa5b861a22ed772b2e3aa6aeed22e38f93458cddc1203cdb4619c38a2c8c6725f2488e386ba48382660270fbf3fa2d3f15c46b70e4e1fbfa46

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
682eef148582aa09ca1eca0673f548bb

SHA1
234f6595fa9af647b205bcdba969257f6d7b2928

SHA256
b908278a48f3f143b78a3ef43502bb3469d95b962a4a238221624e48dc855207

SHA512
2735780dc11e78ee044f8b8625fdc18a2429c8f7473f32ef744e0ee6a6c869fc731479df1de12987a81b8a7381d23247744d4f4daf1f76429223f219f121db9c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
b45eb0db03060618b887b33bc6932f6b

SHA1
906f6e6fec79e1afa140769d9c0ec455fd50f3b8

SHA256
0308472bd8723ecea69f3448b9c57f044310655012ad8866b08b08250e30a761

SHA512
47ec0a79db8acd29d602747b15151c1efe661892089bfa2d01cdc92b48f62204a7500d01a523c14871927969b49141b284a30f9197dcafcce8ccc521487e369a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
6ee420178539f257d494ce397d4ddb81

SHA1
a73577519a4583956f69fc0e8a9369164d5c1dc8

SHA256
f9183eb27de36a51ab604a27cc71be1fd9ceab34f219242ba94143501d1b8c77

SHA512
7500105331d5da322f339b69aa821b0b9d235939e9c1acfe6d5eb59a4d635fd58ef47cf9aff6268c9ddcb771c45d9d8bfeceed19f7498f81bd9c5acce17c2c77

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
159c629067bba92f101c251618f86009

SHA1
7dc9d75ce543db99c6a20e201e26c16d1692d1a9

SHA256
9a3c3cd0434769e4e66712553b79528fc2c3e9b75639054dd17e994b8ee0cc60

SHA512
e8251212e2b7a13a3fd7c57e0db21423589bcedf61c85ab84fff926b9138f9efe31b2e5651165ad3727caa23af32dd5a78dc5e5eba063730b0b57beb5701e244

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
43749bd8c14426a603b9b28f7c791070

SHA1
8fb8873caec05153669041b06a7564691bf32949

SHA256
c775bb89b31bb8be4714ffdfac60e37e889cc29b086c9ff3031bccb058e02cfc

SHA512
663b6a6c49aec9c92a3a0728b93246864f7781a03b8554fa9db987e16b6e5d1bc28a95babc69c558fdbe8bbaad5062c4538aed8257acd763cba2d5cf40705212

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
496b2594251dd12c9d53ec3dd695224f

SHA1
aa6012d4f0b3c14759206e7582351b08250eeef8

SHA256
449d0f5733b12d23d39f77976e587044a5e9e04e2946836001d1add93c94e625

SHA512
73756999f2806fbeede960e90f50c4ef5d248bc9414c5f4302c538d824b1e5bbee1e172c147cd4db34d1653b134863e01f31aea6c2282a3ac37f0a970950a97f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
602a29c9920aa27ce877d3523f20fac6

SHA1
b07d97fd449df611c1c63e9dff158e651ec9ff3b

SHA256
3441766116f632c71fde4c4768f9365b1a732968fa7e1a9acc683402ba714d97

SHA512
e536c1daf1daa2349c5fb6afc39f277d36468fa359d07d1512bad7f3b3a81ff92703ff91267eff23ff62ceb8f65ed90ed8d868de8923e42276a40fef54a6e6b1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
51ff55f4f1a4d5bd19a11c68ffaf2179

SHA1
a50b5be46f57b55d482f56dc70f0e305ad907003

SHA256
bcc500d0a2aade709b4e6d84d36713629c13c2fe2b948065e3dba76cd1bd266b

SHA512
886f46e61404f925c760f15f789e19a39f065aa85288637bcae79443f4a2f4030d72a1b80b7f5472699b26d9374efcf4a4a059b5ec180f9971ab10cd08fdadbb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
8434e03d66760aa374cb99148e587b36

SHA1
232b88f68d3100366eaf776408888a6687534d6e

SHA256
836de7a3a630eb767e8e528bf789777dbf9a014aa18692003867b6a27ca1fdc5

SHA512
a245a1c5e9ffd342e10e2f41bc6cc489c7df2d1e884e6dacb882f30dc087cc475a55d97514decfc70d2f76f90d7c4dfcdcedb5365e604dc7d1870d00a6eae7f9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
5a03357b3b486bfe83a5bd80fb0dd8ae

SHA1
eb66a2e3a4582de71dd1b5cd57f45d5f915d74cf

SHA256
ae4aa65b078d97e881877f9b21410b0f1dd0abd3e73cf82b954b9bc389529138

SHA512
ed94d863ca09252dd233935f9a192a8f81d1796921d475d01594281306f344ca3dbd9671355bd3e3ea20b6c27a2078937a0f424996b77916af435e7be6dde1b9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
0ab33b6116318601d11b747bc994e03d

SHA1
cd0e3f0eb9786fc43c1c51db12a20ab0db869c9a

SHA256
65da9114601030d656454778278c917fd4b00de342449c46fcc8bf021316c434

SHA512
3f6372d64f188021d01d600cdf246013c515ba47575b88557f081cb2d929080e47daeb63c2b1a2d006c4f013ae6e451d291c8dae4dff7b3ec264e6f7ba80f6dd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
2de4afe16ce37ee2ef6b250517ad4705

SHA1
62ba3c2f38d79c72eb53ffb97f8421c259e7b3bb

SHA256
d1f8769ad930f0bb6767849b83f66df73a3552e1f42758ec3fe7fd0feb65ca27

SHA512
8d5a14bfc1bae83f6e1f78e61f5cbcdbc539e8212a74b065ea4fad92644c4d9fa7f1151f842c2c7599048e4b71551776924b68ed610cf63ab472733f41fbf83c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
5159cff220ababaf722bdeba3673fda7

SHA1
2f76fc268e083abefbbc9dc41051b83d0745b783

SHA256
994d1f9d6f37a522fb0ca43efaac33670142d7ab6cf5dca501b9cba85b118a0c

SHA512
2896dc14509479eb4b5acbfdef0f14d9754b41bf96a308f07fd801f6a6e361fbf3337d05f2d6a23cab76a9e83b9ff383bf40a5c8e7fb17b9a53f0cfbb7261da3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
23e8a5b031421316b859ac4403fb278d

SHA1
2f106a9f063e094bf07aec6fca86883d3dea256b

SHA256
db3199a216557878f9b8db3bd4c4e0b3353055f3a3f5ff87f53963fe25d8480d

SHA512
392a97587c903ad267105882111a7a649b1db23698039630ad0f9c7256261afe992a96fbe8fbda904a3d236c7525fc4aaed3551084abc18c0cfec8e4a53ab682

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
8aa0604f8dd1aa762784bcd0f2e1996e

SHA1
895e5cf998f4b4dd99166bb8c0531a492200a0eb

SHA256
530809ecfd4fc457dedd006edb16478f199dd3ca9084373ce3641c6c4114ac90

SHA512
65b35fc2021aa4ed2f912024470ea7cf4b0c9b02099506c6d45a2193f5573db0ccca53635ffff618e265401b6135a541fa104b87266b18ea21e67eded2757c30

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
dbdf64efcf487ed81358a590e7beea6b

SHA1
213085f72ac10a9a493ab75209248a6355bb9151

SHA256
8061675aca7d5b3fb93ca5231431ea087f4e6bf597525cadc733ecbe9324c281

SHA512
1ed292f349a93bfa25806b703b41d23bf53d939b1cbc680a78fac5638ad76aa40ad68fb87e6409b6c44ef584a8b252bb7c18fe576d276953ed08de0fddfc33b3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
994d7c14a54624eac789f6be76cf1038

SHA1
0336327272b8bf6775ca953c49354ba1a435a4e1

SHA256
2146d2f51b14fc438790ef3bd3878a62f4bc0b6a3c78c41b8ff01d70645ae187

SHA512
ef7dcf6439a7644fc5ef3ca4c37910e03b838d78e9bf4b7fb9c764ada6c5351435e430f8b31e2f3e0f24aefa02ddc9027ce36029659a58498892f4875249101e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
9c94766329803c1294a2a3f6b517e68b

SHA1
44873f41357ada8caccae434cad9eecc458bc9ca

SHA256
f83eea0b9638f89ea1ebb3e9c18bb2a9315345c70ff4f89299016212d6609c8c

SHA512
906b963969269f305e68f275988df7f15cb9e37bf5a0ccfa58f502c208c535e0a7d45d0fd9f8e1f867e34ce63d10d5772c469ae3b3cf4c5ad66043dde171c34d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
a201b5771476720f7984549810ee88dd

SHA1
1afa66ca40d7a76f4cfa0328226c8c9b53734c7f

SHA256
fd152d9e0a7982f1605e966ba044e73b871ce6069e8ce45c672fed4125a07e5f

SHA512
8767816835ff7f4861a42db786be6fea7402453d99d93a4d295149080c05b31d3c08ff53cf4b17a06cdcf061ca3ebb5a28a2d63b833e909fe38a7e31b200f305

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
3dd3d08e6cb8a3ffd2578462a614cd82

SHA1
de1b9eeffc3a7d15d959fa05ff0b6cd4f3625c7f

SHA256
47210306e0a595a6892bd7193735647de7664a8cb12eea574bf2dc4112d5c393

SHA512
750d8c5b9e9f27b8800bcd765345b6e1f55a5143b5dd3d286f23a9d6008d6163da49292d99e1d0ee91a6f6a66926bc09f83a99e1c570d9b1ddc7e1d62402b1ff

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
fdc4ad8a327776894a38106dce2dcd2b

SHA1
bd33d3b2be110fac8a22a16e1898a5d765d7bd31

SHA256
b4d2b326a2ea3f62ef00fe2d8642b2e30728ff98299703a37214f349059ee673

SHA512
9bbfa2087fbbee60e7ab1202d2eb5926b4e660d10b207e0889aa4ee87eec7fb2b9998b7f62ac18be980d388565473908c38d9be7ace9229125261eba55169d7f

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
e8f7882374fc0542ec6fa4a6f5cad887

SHA1
9749474e4ab54c1bbbc746a8c1676ae3a3bf2889

SHA256
1ecd7ba7b2c1712310cbe26dde8755e4ac18e2b3affde3c4d8402289a4441038

SHA512
5affb2722c1a3255b4d8e7b3526f63c082f3c382edbda4afed31564ca05800b34818d1616aeafe116eb90902db2c69292cf818284cdf12e2b67cecf7ecbadb5e

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
ece2edc6aee66e3ebdf955696c4d151c

SHA1
f76ce081298f4c99ebf97be85d120b4f66d8b8b1

SHA256
96cf3afeca0248c8dff1cd490780ea3439c4bfa4d67f677ff1800afb5f422f54

SHA512
f376a2ef385b6216a62798197160b029f2670924c44709ffd535e2865d74f868a5d442d201d1a7d73829bbe602e3d5eab3f4b0cf381e1736a47f2b2bf9ca5f40

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
6a379359bc8801b1639d9b38cc21e6a7

SHA1
e52f5e894906d1cbf6ca79987a813a4f606362ed

SHA256
292f5995602b1b6dfdb660b8401eb49e89ca43b9bb8f7e2553fbdcd0cdb2e0d2

SHA512
fe4198f0ee3c778da4354343895abdf79475a7baa26daf965a3fda03e89acdad0725aec580802f75d26dfe858ffa3a3a1232fe41cd4820e6e6997571350ddb64

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
8c0e971e93fc2b51564049f9812bfd05

SHA1
9d4db8389c65d0b8582f7c00c599984133c000f5

SHA256
a77842d1f2ce39d61b84f3e9a5a209a0240bd9a98fd68235f383bb5f33741bef

SHA512
1c469e81cfffebe2e136525dc10ff4dba10f2bf70e18f80da2b4fa17d35797169b8577f842eca9c9e59efe21c5d00dae42ddfdcbe645653614e4155c144cf8a2

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
2edcafffefe4f1d35c668e7bf050e36f

SHA1
d1df758eadcd4d68c2d9e2c34cc2dd65cee5bc2d

SHA256
2da45f723bb2b5c959bd3822b7a0ec8182c10c969af66e3bf3d3542095d4e859

SHA512
fd54d4b64b596951894bd7d0694fcda5ecc013aea168b52f4fd2b51a6792c7bbde1757d2b0ac29614f7bc0ef76fc7583f6354e6386a7a796fd60f6c0b35e8511

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
2bc757e39f87cd5f7be519954459961e

SHA1
69d2ad8a9119f118ae17d18df2426104929cedd6

SHA256
39516d4a8f17893789c3d22e597465bbe16ac0ba7971b415733cffdd94e2eedf

SHA512
558478e82800e274cb7e0f0938551d767f2338c39af1a5b5a9936d0fa65bb8335decf8dff088e54624b6dd149a7406a02295b986cbd36cb70dab991105bd8be3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
cd43f10f293437ed98b69feed71d30ef

SHA1
16c84001f49586daab1eb7042bf2c74755c77183

SHA256
9c41c70255e2eb65dd4f0f1d7452da3b621b856bd49aa56f6fe0b0a4ea80fe91

SHA512
fef0c266717c493c5132e97976d276b3b101000cc0e1a241045e833c5db1ae99fe4b03c3336873d28e18d378efe3c047c27b0d8ddbb9b536bf9725be4343d1e7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
0bb6bc70fefb5d6ef27e28664b39b1dd

SHA1
511f31e41e564f6220b8a332654010bc96c4d5eb

SHA256
d244035662ba0c12d001fbf619bdf30ec4569c264b99e9804e02339942a13ebf

SHA512
25362f4a6a0fd36aaaa4e779c8fee68b2c114c96e593f2cf2657531de39362d63730c43678582be05cf3d41b0e6901fe6bb23fce52735f66655f0b1c84ce02df

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
af8d882a99afae5eca7ef6735feaf64e

SHA1
0c9eed2ffbcdaf3f0fed6f940fe64eb6895408a4

SHA256
c4ea52a669fe12444917ede5a1e21e6eb70a191a5bfdcc495ff2d943f16bfa33

SHA512
3adff34ed64853360b616cf5d671404a7ffc983c9545740eefa5d01b6a1dfeb44151710a5377fa60511bcbddcc3007cc91dfd1ca4818ad745f5d9b17793643cd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
7b4ac7fd4fee562df4c02dc5152e1dd2

SHA1
2e82538747444d1bafba4cf039ca3917e690828a

SHA256
78ccad2aeeec180629bdf97aede7895a1455f1cbd4f4a4d41b2d9e682c585591

SHA512
76c726426c0432bf1a552c6d5a22f5a3401f0a1dfe197fed681ed47a0e5afc2041b1741e123844777e3fa1a5aae80467f8765ae8d6e2df7e00d1494e321ce176

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
52a4e3bbe2160a0aa8b12ccd12e8e679

SHA1
800cb044c67ab867f932496a1232b0bcf02d401f

SHA256
e8771c4c1f497ee7a4856512faac7ddcd263c30a7515306e29a500f45a5bd79f

SHA512
fb6e8b191abfcac23487fe472cc983a93820604087995d0c75fa8ef0fb47e3c772d840279dfd2195f24baf32af28a203c72ad2dc1ac043a696c27461b6475133

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
b5a221105d3df67386f7e70b7446da4f

SHA1
0276519d02e1fd906b2210f847ae238d7eadb125

SHA256
b773fade044902cafb97a044c7d21d6ecb6ec6ba8a63196bfcc4b744a552972a

SHA512
50f236fcac3c57de909518886df97a09d3f8186492c561fe6842e21efb3ff9c1a95942d35a88465ee38e63f7ea9f3852e426133bb4f942ab7e87850dcb9ac448

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
2e9b16ffefb1c8c3968e7fe355fa293a

SHA1
a369a5f33bf662cd5f8ffc07887e8d34c441082c

SHA256
a329e4d0103263ddc12c1d3fd93ada6421e6105003d79167059936c11a0d40df

SHA512
8ddeb31d19b498f91a7ea064901bf93c7f6c33012770db44e5bca21026b8ab27e610ba4009b06e18c8c5f4cc5813692310d6c692686662792fe1c8cc389a03ec

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
5faca8159028ac4836654c636c9c79f2

SHA1
0e1fdaccf8667e5967d5327320cd002d7d604e12

SHA256
456cdc2046e09ab597a94579832b2884fa2993efc451a7609ad1f68015238b4f

SHA512
ad723f46d4d9142a110e071d4e2aaeeb09661122549876f99ed888522c0a84f629958d30e710968bf8bdc405cca4afd5c561e9a15fc67730d71ad3c6bb52107b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
72046d9ce2b319185af8e439624582f6

SHA1
46fbb2926f66469ae85f39082fb46dc868dbedfb

SHA256
fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd

SHA512
17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
5422aadba7876d847e335a6eda668699

SHA1
c9b80ff7ff8a8d61f9df15dfd1cb47eaea2b0a6b

SHA256
362fc007bde371124a9ba08473447426d2235dd06fafd146e42d08b753dca67d

SHA512
1628f61a5c40debbf659f2abc3fc8ebf5bf713bf54f027946deaa83de04e26bcb0a131951797183db7de6243cd50aeb73926a642e2518888053173b637272f33

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
7d940da3823726278e772a3ae64b2d58

SHA1
46a6ce845231a68b42fd0735224c9e96225c8020

SHA256
ec2459f48c9773c509565bad9a30c493b7262902aac6fd757d49ad91abc68a8a

SHA512
02b615ac343e4bff2bbf0700c03168ca931dd45f48675cf9691b345d1b44816d6539d67aeaa27cfa8e70429478d47da9592de9eb1d4a2e9f1df68bb4100177e9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
5db483d4fd109aab73d9760a43c9abf7

SHA1
50f274b7671660b1749989f7d8d331ed2ebcd824

SHA256
67cf7595af9929ef87eb22d8fdfb82a725ed946c13958d47db12251730e23dd1

SHA512
190f14bcefd4462e60ae28ee8df421a6b5d3124b87903f801479a298d1b2d2abd318907ef132c020c662048cddd6e181487635aa701f649bc2d1d5b1f32ac1a9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
158156dbceffd0b971b55fa7e84e2351

SHA1
e5c3f6bfa703bd6926009d58de63a260af240005

SHA256
c4d1b08183f2d06925240dc37ee54e57b27d572ee65349e55a68da39121b2c60

SHA512
7c0d11acff4398032fda677a0e98e2bf7d4f3afa8fda656bc941941e17e0e74fa5ab8a725514e9506cfc1ba8592dd50ad4de9e6fcd2ea389de45613c27464253

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
38d91d70b6af1387fd251762a5099de2

SHA1
4df70ce20abe6e2eff62ec70403d3047585779da

SHA256
7072940b5d76d2bae2b5c6ff6e156ae9c6145ae453a13100da0627d4fb75d790

SHA512
c8464d31e5fb63a1e8f87524c8cc65ebcf6e9f89a7663d85937e8927a1871e7b87feb51452bf999f899728c3abb8e2de2404de2b98cbc4fbc747cca80d2d690c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
51720d2b6bc848fa1ab8ea4be99080fd

SHA1
6672c015e9f95d28eaf4e235d5607ad694846da5

SHA256
12eee2e0439287dcf8cfdc35d922d512e35abaabecfd9f5044e3799a6f96eb37

SHA512
89f8fe929dcd0d43e666445f7694818cff559d5027ca7d5e9a0abef14d76fd6da73450698e6ed4b26ebf28266e2f5bc19b3d185e0693fdd32835810f156df37e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
43e0457a8180d7dea551fe50670c29b9

SHA1
2b78ecb2a328fd502e87418724a8623a3a8da6a3

SHA256
cfabcc78d654639412b904aa10484e6ca3f5888fbf9924be922c345bcf05c887

SHA512
30b851a113348cc86b3dff87a9759cd57c40b349fa30b2eee63333e12575b228c2f83625bc6b7b0ab931abffa12861ccd7082f0e78607b3497072a2fc6e7b20a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
913515b81711db96edd0ef5ad4c7c9eb

SHA1
ce81e070c17a81071b529751acaada0ce59276c1

SHA256
31ab08e1989de0122bc1ba014d288a68fc1212798eca99a0a4738a9d0b13dc13

SHA512
f338a88c70e126e4619503898856a7ace07ffa9466729c8c7a3ae20b5ccf70388e106a42e95f7c0fca9b94b14c5b4fb552f408ca12175761d5d5a04dd047a8db

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
3d1678cb420208ade9f78414dec92199

SHA1
547a4296d4fd70c75bbaefd63aaa57682425ab4f

SHA256
7515b8d4df81d0b9686f354ffdfe9f4d5205354c7e92a6e0320f167ba00b28d2

SHA512
19f13836934410d0dc4b43867fb0954112b31bcf7317def2c3cc281bfd58c147443811ce692a7d6200e7404e80569c1970c49a027debf32123973f2e3d85ba2e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
b765120006816f8ca29c34c97ad563e3

SHA1
b369d6e3b6a48e030cc39935bff6c12c4c5f4f3d

SHA256
7a682def87593a1f16d23b5465f24748e09b7334defb2549db60e95784faa376

SHA512
c5890084a877f6bd379fcbd8919be2d23f09b46b0364a5e8f283d7d75dac06df72ee79d34980098c2d0e39f41b10c523cc0e9cd51c7229631202fd2209b81c7b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe

Filesize
32KB

MD5
9641e44099e3ae5d056345af5503fea6

SHA1
03339350b6aa74fa671d23d6de576e01063b330e

SHA256
8f513f48374cb3ca4d81c221bea12470e9a03e55b9c928c8c5776198a7c9fb3f

SHA512
21a34f8d4786e05b7dde67a1c94af20315f3536a02c31364554072c330ce4f356f18cb5491fbdaa89e39af68231a7c8500b1ec48c71e40d27efebdcb3751594f

Download Submit