fd49e6fdfa73836aec606daa864204bd6af1227af7d51a326be17c871c6c8dd3

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-10-2024 18:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
Size

12KB
MD5

237fc303a9a0e0597c37879d8f88b88f
SHA1

64afc6aa30a86b91408a098381d19b9391475a66
SHA256

fd49e6fdfa73836aec606daa864204bd6af1227af7d51a326be17c871c6c8dd3
SHA512

a7f7bcbd3dada653459d3ac9164da43e98e1d8d884826a60596c75a36128dcd62bb37b428599043b8c40dd470c601f1851b267b05c16977368fbd902116073e6
SSDEEP

192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMCzU:eebFNw4Pk1itKkpAjjI2YpdmC

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2206) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\9PI2vy374Yx6j6S.exe"	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\bthspp.inf_amd64_neutral_1b15060bdfbd09e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr006.inf_amd64_neutral_f156853def526447\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-msmq-messagingcoreservice\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsMail.bmp	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Language_Keywords.help.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnkm004.inf_amd64_neutral_d2aee42dc9c393ea\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wialx003.inf_amd64_neutral_db618863f9347f9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_types.ps1xml.help.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ar-SA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_try_catch_finally.help.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky007.inf_amd64_neutral_e637699044f367f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote.help.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\averfx2swtv_x64.inf_amd64_neutral_24a71cdaabc7f783\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_neutral_d834e48846616289\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiacn001.inf_amd64_neutral_b7a0b2f53d745b5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\pcmcia.inf_amd64_neutral_1678e66e0cbb04b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx007.inf_amd64_neutral_0b796ee4978458e2\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_eventlogs.help.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc003.inf_amd64_neutral_47e09b7cc0d9e993\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsMovieMaker.bmp	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_execution_policies.help.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Signing.help.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_jobs.help.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iirsp.inf_amd64_neutral_25c14d33af7f54f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnts003.inf_amd64_neutral_33a68664c7e7ae4b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiaca00a.inf_amd64_neutral_163313056d8f34ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnne30a.inf_amd64_ja-jp_b2245ba886355a9f\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnsh002.inf_amd64_neutral_42b7a64f45c7554c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph3xibc10.inf_amd64_neutral_2c5d0c618dbfaf2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_scripts.help.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scopes.help.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdgitn.inf_amd64_neutral_09132735f1063a47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx003.inf_amd64_neutral_d1510a8315a2ea0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx008.inf_amd64_neutral_75545721835fd863\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttme.inf_amd64_neutral_ece4b1cc5aee6a38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Line_Editing.help.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pipelines.help.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_logical_operators.help.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_execution_policies.help.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_providers.help.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_providers.help.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_wildcards.help.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep00d.inf_amd64_neutral_dd61103f3a2743d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_neutral_a7f5d9f34b621dca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

Processes:

237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactHighMask.bmp	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)notConnectedStateIcon.png	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\9.png	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\ManagedObjects\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\8.png	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21296_.GIF	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0287641.JPG	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341499.JPG	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01241_.GIF	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02097_.GIF	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\HICCUP.WAV	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\flyout.html	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\THMBNAIL.PNG	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_over.png	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\3.png	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_Casual.gif	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\logo.png	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.GIF	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0321179.JPG	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR00.GIF	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\RSSFeeds.html	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0387895.JPG	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR39F.GIF	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_dot.png	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.bmp	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_rainy.png	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02759J.JPG	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\BriefcaseIcon.jpg	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\CLICK.WAV	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\tab_off.gif	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_settings.png	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_same_reviewers.gif	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\HEADER.GIF	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00760L.GIF	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\cpu.html	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Program Files\Windows NT\Accessories\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..core-fonts-kor-boot_31bf3856ad364e35_6.1.7600.16385_none_b6bc71f2aed192c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..plus-admin-comadmin_31bf3856ad364e35_6.1.7600.16385_none_8d5620dbd8b24529\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_functions_cmdletbindingattribute.help.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-programs-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_31dd540fb439b405\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-at_31bf3856ad364e35_6.1.7600.16385_none_4cd7fa8ce5381b26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_6.1.7601.17514_none_88e35d5cb2d54359\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..ity-netlogon-netapi_31bf3856ad364e35_6.1.7601.17514_none_d53d54cbb43c056c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mdmvv.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ef3ad939fe178dbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-autoconv.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b9cde5d1c5d5daaa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..favorites.resources_31bf3856ad364e35_8.0.7600.16385_en-us_07ac7898f54f1ff2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..mentation.resources_31bf3856ad364e35_8.0.7600.16385_es-es_8ecb40c7ea83231e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-e..gine-isam.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9a802c5593c58745\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..ds-ce-rll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0dba992e82d697f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_digitalmediadevice.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8c830372a86675a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..ce-common.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8e8339c195243c22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-shmig.resources_31bf3856ad364e35_6.1.7600.16385_es-es_db9cd0f421593a31\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ncdprop.resources_31bf3856ad364e35_6.1.7600.16385_de-de_de29ca0f09dd6ebf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmiperf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5705fc855fcffdc5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_rawsilo.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d5c276ad141427d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-security-ntlm-mof_31bf3856ad364e35_6.1.7600.16385_none_8aa0c2aae4765631\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..re-client.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0b9d9dd325071bc0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-desk_31bf3856ad364e35_6.1.7601.17514_none_0aa8deb62f9d0152\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..dthemes-calligraphy_31bf3856ad364e35_6.1.7600.16385_none_c1407bc73caf8dfc\Windows Critical Stop.wav	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_8.0.7601.17514_none_d72e0000a2e94e57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-htmlhelp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1143384e9ab8e550\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..l-chinese-migration_31bf3856ad364e35_6.1.7600.16385_none_d701c6600ec6b7e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_45286e597214a485\403-2.htm	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmi-krnlprov-provider_31bf3856ad364e35_6.1.7600.16385_none_3fa5b5a70ec7f461\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-r..lelevated.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_70a2ee76fd7676ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..ineclient.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a3a02c2e4f8f8699\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..snonwinpe.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_41f7174efb723425\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_mmcfxcommon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_551cbf74c93dca64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_Signing.help.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_0dfaaaec65b0831b\bg-desk.png	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_e5966adda19f72b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..ce_iassdo.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9b9a464363bedd28\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..onal-codepage-20866_31bf3856ad364e35_6.1.7600.16385_none_53e1c8c7465becbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..essionale.resources_31bf3856ad364e35_6.1.7601.17514_es-es_6cc813a7e1906cc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7cfa76ce49850c44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\1031\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-charmap.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4333e611117e6214\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000045b_31bf3856ad364e35_6.1.7600.16385_none_58f183d86ff11e2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d10_31bf3856ad364e35_6.1.7600.16385_none_4bad5745e75d0468\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-imapiv2-base_31bf3856ad364e35_6.1.7601.17514_none_21307555294142ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.io.log_b03f5f7f11d50a3a_6.1.7600.16385_none_59845d50dc8f5a77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ncrypt-dll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_669551a13072e8cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-mobctr.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c0c7d754a6dc5046\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..oler-core.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b29c99e3d86cbe2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-photoviewer.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1dd6888842f48185\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sideshow-adm_31bf3856ad364e35_6.1.7600.16385_none_6428ec4fa9609b9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_ql2300.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_54d003ea204bbf0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_8.0.7601.17514_ja-jp_6e1c9eb17ab633f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..on-common.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9b239ff27d91974c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..mcomputer.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_fd8034aa86b1c41a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..ingconfig.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_698a4a0ff29b819e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement.resources\3.5.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\74c8f5e75ec10458436bb476c2cfd9fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..-ehjpnime.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a9d639153b108386\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_scripts.help.txt	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "KQTFNKNDNDOSNQU"	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\ = "CRYPTED!"	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\9PI2vy374Yx6j6S.exe,0"	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\shell\open\command	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\9PI2vy374Yx6j6S.exe"	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\DefaultIcon	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\shell	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\shell\open	237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
d05929a258b2ca4336f4b2471e2c4f7d

SHA1
e8d651e210f3d15811be3a3dab6c96a3839bb696

SHA256
ff1501b5da09b5f0ce64a56fb402bcaea1f1faf548d8b09481df9b897524c47d

SHA512
f70be6b1ccbf4f5eb1c1f232411c2e7d503ec882adfe7c1d04fe2513c9d14f2c760454afd08b81b43b9065958224eb28d150490d11492163f35ac4919e7b4769

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
0e1d96c0ffafce86028f12b415eed7f3

SHA1
c48b4b80bf821199a1dcbb9d533856dde0d81c12

SHA256
df01a7895b51407a91c282087ce3580c9a1d007415d9fcca8135262f993b3c73

SHA512
7f33ed6242193c40cb095442db8f128849b76dce0dcc3f643670f124091e93b53a4d6367c86c7a178c97c7836ad37725877d1b01aacad83da78258d5334aeaaf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
f1b6a91af6cd343663af90bf8fd9290b

SHA1
698c348cb0066a203b29ce5ac1b4c866a7c6898c

SHA256
d12ba45871bf2d86dd6fadca7d9d1a42a37d825f69721b76623e72a8b7f9ac66

SHA512
1ff6dbef129594ba223d3027596530ddc2eb96aab620e3211bf03ca15a81f30f9d8fe2d849efc22acf260816d6109d3a256f27228fccef2c213799579957911a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
41ed644946790d84e3f9a1444a3bfae7

SHA1
0f2dab6e5cf2a701c3c28f4978bf965b8807aaea

SHA256
4348b051fff40be488b26e06b5a5dcc500de25a5f9105c62b54bb9c1d587bf3e

SHA512
86fe55f672bb2376b511ec301ea76317e07c3e849083d4c423a006fac9c379349bb58ed430c7c164835067d34d690f295c7272977d63bfabd4ee60aa62d47ff1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
83b257fb6c4a41c1cc4fb5116b2cd8fb

SHA1
a31df99c8c22e60ecf3264f957c101e6b86b9d69

SHA256
ce72a066cb49429086faa5216b3452af0c9cd03b233c9eff3486140f8961fb7b

SHA512
da2f590c6684abc5d54bd5be7c0e1ea9e20af02b47060e2ab782df9c78ff9ae5e4d0a08a6488f7f390f5b65a452e253ad37505e8c0cb123dd59f8448e2241f72

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
ae8154c1b87dc316dcebdfe4c1c84497

SHA1
42074065086cf7f44a476a3225cde97cabdd3de2

SHA256
def0c889d7d8ea87424e51fa6aa2dc99e469df2e82180fffed190e9060c53cc5

SHA512
6d2d207208b1debb026f8aa78690375bbac3b0c6dba9f59355b90cd5f6e66130a3bbdf9175e37fcf3fb904940b0affeb79c63f422b97f043f51424d0c1254fe8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
f760303559c5093dfd934a0178074260

SHA1
c1f3c6c1e48548862e2cec872ccf54406d560658

SHA256
6d307f534b53f39c5f7f41d2a6728337bb0c7496f1814835091d20888a18e9ea

SHA512
da8cab29f913c48596cf07733b18708400c552bc4875881bd431121ddd6e4e17c9dc5f953029e4813639f0d8411648eee5170654edcc98e2b2cefb155bcb42a6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
53a4d48535dd0a8dc948a1b2511465ee

SHA1
de61f4db1282f8976afea30489e4e0f7dcf027a4

SHA256
8b6264325de8eb05e22aa1f769f53a744a6d0bc8529a91c51844ace7af061d2f

SHA512
6aa609ea0ec6ba3dc369394e3006023a74e0fd56e29935489bd407724922bd203d0a27b5a3056f81a3d53d94afb20ff41dc2b61a9194d5091aee2d97e4e0c2b5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
9357f44a9ef3c040e4f6185b7338ab39

SHA1
d741de0a51dd1fbab8bd9ebebeb862649569a611

SHA256
31bfe456295005c7aff4494e656a7de66db4b1c10458d3d161c800d00ce0f88f

SHA512
0c84e4e502cc5f3b8cdac326caf27990fc3fd0af2fdaf44120ac5c98c637e630f6dd87e28b0f51c7438687deb2601436f79b534ae9eb6f3b9b8736d4794226f1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
48b2b0bbd4ab3372d1c1bdf723431f27

SHA1
b5f1e006fc0d151587bebb9b056a7fb4b720a0ec

SHA256
f316955f04de0e467a87662bfeedc6ca86a9d96c643033e6ab7c58312c84d0cb

SHA512
7ef67590c5ebe12f0eccc52524145744cc613368cd0e0ce4ca73afcdd20961c0de85b397547e656c0742290eaa0c115e133ab67c94f16c3830bd96c448b6b380

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
70e25d2a0d9fd5df7e26a42a2da8926f

SHA1
b738207b35b3797d559a5914b3141ba19107a613

SHA256
24106269ef04f670812c5c204e1af93fe9615abccad8ca4870b71571b527e325

SHA512
cc58a89ad0e8b83bb913e98bea919dbd89d1919f19b7ae83527ead394e863e83bd877aac5d3314e9aab86447a35b59e23794729071e7a8fdde15df4da24642e6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
4baa553370762d367392c75d2151d2ba

SHA1
77297e5b765ff996f8fa5096ebd33e5db373d74c

SHA256
085dc2d72ed90ee26892981f791a5a5aa10e2c70359d182985a1c5da911d4d67

SHA512
18baa3cc097fe3cdf6790c9ce8f1b7b243746861fe9885afed5a422ff53c5d6a2e6bb01057f1bf977cf1ae6002cdcb9469047706c1d7a9ae595ee7b2c61a744c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
f49f084b3218c804aed8e2700d76bbcc

SHA1
ab5f764a128755e7bcf78d99e36e0df4cddba56a

SHA256
2786af896af8d62d765907b3e1097fab1e666d263c8b11b4a5c9cae41916dc33

SHA512
7b9c0b7d38156b0ddb30d70e7d44285d3fe62fff0405b3a4d229ab72f0f79516c903c3ca4684358060a484d73e456999a03272c5da7971a537794e7066cf54c4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
679acef24bbc769cc13035d66e01b39c

SHA1
e95881b78bb3de55dab3e01928932d758f2bade0

SHA256
e506e310df99f26fd8f85269531ed3c17005be5f8d3ad6b44f804bf2cc5ea325

SHA512
36516b4ba78d97a930a6047d56c0220547348dc0add18355e9dcf753481d271bb83af86ac65b37d1a1e3a9b635311d6fc84a73ae31103b62987bcb305440c3e6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
a3723639905dea352ebeebada0b58a72

SHA1
673efe66bf1444e363dbd63e9d4cad1216ea876c

SHA256
7d5174965b8734060712f76d5db4f8ff2a65c33e2973a55deb1df5ae222359eb

SHA512
03685a6e3c71a1055ebc7dbef6a818398006d40a1208b7ddd7b5d9f5e6b043640c1c149c364c74a656dd0ffb92f561074aee23f9a162f6ed5a4e77658eb33524

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
b2b1941f2f4759aa9f851d3a8c422c68

SHA1
5b4ffb265c855cd8430be440205f0b092c87813b

SHA256
f219f4a4743ef2e2a14c4477c8131b9892ec178ab2dfc5c183667a3deefec558

SHA512
61788f97c9c2d8964d8e1b19d5d334113b448b89268e3928827764570978c7a608986d14abcad7f0d08c323ad3ff4419122c0ded314a9e00dad20b951aff07e1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
9e52446f2d81b8314ac29d54cece416d

SHA1
6a8cdcb92ecd1bd07b85b11f4304ff6c1fd3c714

SHA256
a4a1cd3d5541a0b73afe99b0e708277117bb8c06d6bd57e8f020473f0402a937

SHA512
d19526ca7c57b7b358894d6b4dcae1c1c6753fc5e8e3c47b90eb46bededa194510e783e363cde0f29749ca5f2eac62ae12bd84254130bc49896eeb79431fd079

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
6102249390a6bbcc41cdbb902acd88aa

SHA1
da209762eba543fffe4bd297223db6f8969239a0

SHA256
b3778308c5881bc10660e0c74b467b26b3f7d93d0a9f826e3f0eb2352941c233

SHA512
d4d7713e3afc5732643abc1b27ae0480f23dc18009e7624403978db73ff0aff10917b965aac7730d73c044d78815b38e79064b0b75e2ff02317aef5947695d65

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
ab59e20a084a307e881d3b596d2102f7

SHA1
4252297c1b985609e9ca77c62aa5b04e3df96aaa

SHA256
ca8c331881aab48c8b440a753bafe47769d61e8974aad902a86bfa65f72c574a

SHA512
747a99b14b9e508894ebccbda16d314abc54575c8570302c7b1dbfcded94047a4b03a77cbf6686658e37d33d6cc0ab144a6599be8e6fd489349db7143b3a1a03

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
2aa9e781a2c002a45b9ecebfea3b8e38

SHA1
442b1f8748f191540b965754cbc101308ab7e3a1

SHA256
f727c8c4d578b9df269506c0bb542a6684ae9f4558959d9ffb069f8de93cc8d0

SHA512
df97e60983fe3dcf96e510fafe4c5406b9325ee291d4a9f8d2e43d7c5b8ba2d3bbb866acaf7eccf84381831f44c0e948b826de4a14af32fd4cefd9e3e0247927

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
497e896dbd779e0d4c385c56b8c545c5

SHA1
7d3a3307bc303ac1fc69e828cfa20975de5f7761

SHA256
c9936e3186118d92e21de46ecd71847c7b37873aa7b041b0334308e075893724

SHA512
ea0bffac400cfc54b9535a08a0cb880149baf971f761b50db86990877381cf00b7e60596d74553fdbcd5a50f1678e43be3034374ed5b97aaace19bab83a70961

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
a444afa8632a1bdaec33dd9aa4fbd50a

SHA1
c34081bf3a081123f5e656bb901534c4bcd759e8

SHA256
d189328d024a7c0656fd715545f5e54923bca048017e5e3ed6e18883d4f2da0e

SHA512
80cdca8e07f1f9a5f65f72a8b49d3f1312df2505fbe4814917c3114902e6167f3a21b753b2199551bc220a210470aeaf8d5c91a38fc5f1698a554f0739cd720d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
099b395c205f4536afd3aa29f0c27cfb

SHA1
e3747a55d538c5eae957098f09e62c6b1ba6ce27

SHA256
5ef2202069ff476cc730fa16c54a42e0b4c7600634c9ab58d56325485a43ebc6

SHA512
9b351b96000115bd5bc885d7e78152b3603270d17e3dbaa0704d13594631e39c1e93d8e56e94b17b05e8ea330514490577c5ceaf65757d827eee318ec7d68914

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
0b1dddb8f49be9d7a0230c9665e73988

SHA1
6ee7b5c5bc3c4c6a759f4e326517e65ac7dbf27c

SHA256
663c3b878785ff4050015bc8a1c4c406e04830580b926fc76e785e0f8e0fc22c

SHA512
f831674a33b4e5e4ec5f68a33696eb3fc58b869bf5d425884a26a5bc5c74d5c25de1aede348c0e95e1aa1d414205e92d42c3b49dc42e2918996f94dc97405c33

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
fffd7927654143cd56d252eb5400708f

SHA1
8956c8c9e1e0b25a3e7d076f771fb525170a1a65

SHA256
f89eafda1268a240a907aafaa0cc5bad7d490b9b872f5a114112b7a1970be5a6

SHA512
a28bc855aec544e2426179a61c3e5d7ed7ef5a7297e2192dc7a1a263250cd43ff22da226792e7ec5313842349d3246086a597a80661653d8490572b9e05133bc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
b0170e486f29055ab96ab6e4e9fd85bc

SHA1
ef6d2b47635a37675ee1a6262fa1dbdbe6face6c

SHA256
ba41a83c6d868ab1660bb82d949b700c8e6bff59c73d1a1834ff47f8d3fce725

SHA512
420abac84805aaaaa2cb5a16f174e45a3d44f81ce1ad242c6c0defe031590bf232d961f22921ab0ee9e212310bed77fd7d12c3a319120237eda9bacfe696ea4c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
3961c3c50a6388dfa9c9c22e7b7dc55c

SHA1
010a7a788490781123ca73361838302b60011047

SHA256
7d0ddea5e72be8cb6ca8fe2b74727403b488a723142ab4199736fb10fc99ba39

SHA512
2b298c72cb6865665900fa20a23752b03a5af327a745a28a1089d238eb1c777c8cd0c4d134116dcd79dbe48ea5ff146c69763994f628abe04219b8bcbe18a9de

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
2399a20a1fd38849f880239b29701347

SHA1
20f7b2d4c79f593a9a59049c5d3f71ca06b14617

SHA256
2c25678148c8a16f6294033142e541ea2198cf60ba849789022881f44c9264cf

SHA512
cb15d27ba33fbaf29f8c31aef1dedef72acc2e6e6352de6a8636f0bca4844ad7473533e7ff02c8c83820a7aa6995113fc56f3c3ee7db3b7e6f4abc86beeab42c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
6d4a23e71862d577e3d1891f3486a7d6

SHA1
a87f917061ad7b02644b1e612f0c3f6614d2f427

SHA256
63e542dea5814e0bb0af2fb1fb0449cb353ba5e79c5129d143f8ba96a7ce8dd8

SHA512
2aa0ed65d694986143989752adce6e90a2d0220e0d7755d02c1d6e4386d4e40b0cb35e5c6834b8164d90ec7289a1de66154900087906672d099865de3cc405be

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
4d10f77334472d7b3fc73c27142851aa

SHA1
47b538b9a8a7cae8747c453f4fecd190c0eff20e

SHA256
e8893153baea86964f0c47d8159b7a6fec76d5dc752190504428151f60760c7d

SHA512
13997034aa0cb27ff2d01f3d37bcb38a857c5cb2fd6740761ae855e125681793300a68e5abbd55cbc985188b6069e3f2078a019723269904f52a23552ab60e9e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
9610f64febe6a671e790783334657de8

SHA1
99942de1a526bd742a3070fe459cde5d73038816

SHA256
7eb8c35fbd7b2038648fc751c147766d698e42bc7d78fe7916495a5b06d46a14

SHA512
a4d265c0b2ef3b15cac3b60d1c29ab3b2fdee1f394681c4efcc20cff2e0230d0ce1337ee6925bdb6d56a87408c4958cc2855485f54f6c59ffb463249d0391155

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
696db452116f26b30151a1ea78b09b44

SHA1
712654b1ffaf2bc5f56fdb7745ec3a22a7d6dcfc

SHA256
59faa70938fb70555e6431a68ba25bc3e509fc44f5a49bd86e18317c3fb42783

SHA512
cbbb5b489d34a29f68eb900e2b5d6e87a51ae03d8934ae52dae9f4636eadd1a3cf87cc0e1c20c739c2b30ff430b4d121d2464cc982c20d25536e6740c490f4a5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
4ae5d237bec07759c47f6d0486b4bbd5

SHA1
3262b2e8807563703203a01444bac8d4c3e931ab

SHA256
590e73030ed57666a509135b8da2fb6359702143865f892f17d157b46e618516

SHA512
47e0bfeb61ef769be68ad9ab4145fca9609c37009cb88a92737067e643b43370118ff09b5bb1247254e046dd14e84c318e18fce3586de8a607cf37e19d67c7e9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
6035f9af4269122e33922e5c2208b4e4

SHA1
3d054a8797f280f52415102fbe90ceed15a40f1a

SHA256
5c9e57739abcb2496e625f1b4ae012cc20d3f9f2f2b64210a742f0b870fdce22

SHA512
a87268aa677063fdcade3a07194b375afb531da5bbb66accb588fe7948bc35f01aaf342ffe65f0cfa8e20786a7ab62d3090f300e6e00523bbb84fa2083da6034

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
5cca478227707bd268b3a8d19e73b043

SHA1
5106e020aaf8a1dc5ce9d1b6d08bbb55b54471fc

SHA256
9aa16b38e1b325aec1935f3a32aae17df050182c5db0ddc0ac6559a75098ed62

SHA512
740835fab92395b85097a547cb2cf0ea36e77d3108ca0df3f804922817d8fb1f7f541bd5b8e07b4e30644dbfd989378084c61ca452bf9e2136ee402ff5ff2543

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
581e22ea54f30f2c8009ac62615ff134

SHA1
07a8eadf62b738ecaf6595d0b84ae6447514f68d

SHA256
749a69459074d53ac0b71e3077304380f4be893dec05063ce40d4e85ad253b9a

SHA512
0c11098ca04b9f600e8e64dafc449f3dc9efc8f4ad018d899d8c8c8dac7c1566a784b0265886eb8ca6f06e63fcdc6b1248b7b4e4a2ba09a230bce94da27aabfd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
2daca834b364cd8ada4b992d8bfd9ed6

SHA1
c7df86938ceae8abe140a553f3f4cf270a70c880

SHA256
cbe8b73f44b46f195775ce2140ba8d75003a7399faae9c285ecc9dbb0be7889d

SHA512
1c473854036efadf608d7a5158eef08520493536f6b50c9be80bde4357ed148b0cd9fcb66bf0324e588bef185223a73a89dd92ba0b7d958e27713405ed3d7fc5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
b1fca341a1519f78b5c9ca9e3f897526

SHA1
8d3b391c6298a212dea03ee319dafba712c25ac6

SHA256
8d2553d04bf999a35e294b3cd1d6b178e3c367639696b6f2f44c14e56f9b6dbc

SHA512
632716fa5b00340af981d830a9dddfc8d7375cbdad6ded2a4a92e37d2bc1d1bfc89bf72a054b0d0e505b3ecd16ac37567c9cdc707afd7b4d1ec008322ea1bfe1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
2eb0a6a527d1975f781ced479d23c115

SHA1
e4b8cb4df2c4d2925d0b258dba227f54b14149a2

SHA256
e296c2443858d8b11271c3098352eeba7e1dcc660a2d225e00474da0c64a6f73

SHA512
455331f389349ac66f7274e6fc065682b755a805ae0db4ff488c55eb507536706513db1fd287c040dae16d8daf568bdbefe98ab4ed4959ed190a9902cc5abaed

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
659689c0acad16e86966147b9563c308

SHA1
a558d1d05f6fb2e2549791244be71052339b8bbd

SHA256
b94dc1b7706b0845a2e3c1ae5b1fd855fc27883110baa85e7fbb65e77a9571b8

SHA512
9e94a02de4d862f2f551fa12ce076cc856398b40e49a78ae7d638bcc5fea620d0420f03329a28f8ee839d9f62201fe2a6a3008f62a516d0f4f7124c4377c222a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
b1b6ced07882ed4e9665a5e25cf12262

SHA1
c552cb8442a791e939ea30f9c6e586aa47d5312a

SHA256
2faf637375dfe3b2293f5686169455bfe69568ca0093da2b3a56a444956678e9

SHA512
ffec4fd043733260c37171d1c1c19563a619b50a5add8e0e6acbd8f0b0a3cf26b49c3e2c0f75bbca7018d10eb9816f9c233972f7e0a9a343de744022997e5a5a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
101ee1d06be7ed885c2123cefd15848b

SHA1
55914d611915e833c4f1da8579b9421704a1944f

SHA256
b5b688c29981aa943d1fcc0ca4b31cdeade442021242f9e23b7ef8f4ac20a939

SHA512
a62189d9bcaa04a65b46d7a288d0378fc0443dfa15d7990f5fcb8121bded7ea3dd5db9cd04404c3ed33a2b021c4f9e5a4f81fef75f3ae8d8c75c75a9431be14b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
c70b9b7e8a369cb959a4cb354dd8feb0

SHA1
e80137675bd9a799b1676d768b418df6da56aeaf

SHA256
fa094de541086bea8251eed02ab36ac05b634cfa77948a5c79b1fc294ad3cbac

SHA512
c56e9c9a9469ac84f989c143aa26fa2fc7be1ceeea9c3edc411975a716ff5b640f8e2f39e3e41b913319c67ff00d9fb8735738dd692ecd2cfce24cba0064f941

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
f3c5361829a03efa50ab261f85471342

SHA1
61a4d6b5d61c26dac97588a0c9da777d6fbd69f2

SHA256
2c46f1e847d91fb48d5146f7bd4507b097d6366c557ad128a7418582d5583d20

SHA512
9b63d1d6365db5fb1da64cebad947a92aaab31824f5351551997e78b6d95a637c21bab13c7f555d07c48ce9b0cccde0f965fa1b0a15c4e9361b084325b7c1352

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
9d730f336070a0a9bb03a7c2369e7e31

SHA1
6b31445353dc0a88ac75fa76f345bd5eb8cc37b5

SHA256
d5f36d7adc61fe024532de541a910f30d63167e497504f65e6d7196b4bdce755

SHA512
dc121f12f05083edf4c12d2efa534e1d9504771d0cd86ebd47c14eb897dad7f8ce6cc9ac0b30a60bd11825c823092ebdc1271f398c5a47ec8c91690c967e845d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
c8fc541c41bcc7b69bee3847904029a5

SHA1
6b8aadfdebfec90a923c06394d3cd87d46193d1b

SHA256
85f1e85c4d8eb96255c69483a5a774aa5b25847bf4422af0a9de076e2a9abb9f

SHA512
d68b58113eb9266205effb7f43986fd586328473e38a9ea3bc25405b05140cd783462c2af89d94a07bace076ff049d5475c6a8b3540eb94e289c1a89d41fd096

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
91b7fcb05db3c96d51320eadf4f39938

SHA1
ac3a0ff5cc0c13944c1b3dd6d8e955fe1484d999

SHA256
3dc5b7c0001e2337ff5c718e96d08c9e4a592f9ffaf0a2cf78e8d6de0ac4daf0

SHA512
1ad7c44ce8ab5bb01140101e025c2bf6bdd1ca6457bcd8c01944843e0b33987ffd5e20757645ada0e74f0e97ae4875140b1b329c09b50cb347d143909322c9ea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
6a3f3e152af1bd0918fc0494dcd164cb

SHA1
6b536eb2e7cafe8a106092a77a527f35fec40276

SHA256
7a675db70914e3c5248934ce3fddfdf67ee73d77a518a5432d1eeafb70c31e44

SHA512
593eadce78902557c8d73c89aadaec100829f0711bde9597473346790253edb8f54ac8e84bbd72728359bf6bd7bf0fe3af53676ab1caf536fd746aab42d5d8e2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
298d16af004b8268dfc494df8f7976b6

SHA1
2686441e2cdb7cb74debdea3bda40d4197dc8532

SHA256
dd7ba52c84410bad1cde313a8ba3c2c895fad206ee68a0cdbad39514fa2ca29b

SHA512
447b0cb0d50b393f330602370eefc8056657df7d89a195a452cbb921e2088cfd8f44ac76b4e421287c12bc90afd6d5a0a4ad17956ef06caa108594d98af8275e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
21195eb3f3223ee85b3511d8f1581ba5

SHA1
c8d1c54d14f16ee83482ab312f9241decc56a4c4

SHA256
f101ce7aaa5b488a70776983e4a76d2b439073001b9602de98657cee434e1378

SHA512
3b7fd8e5e432c042f48e4f956eb4ad2ebf5427ba2d6d6b91c35059abbea2ab4535bbb6416043cf18aff6afe4c0d3d0ac8d59cbd5d48e87e166e5867cbc850244

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
151302c9f65eb16be2b1c725f178bf5c

SHA1
b930ca95c23b48dd6f6424d4fd6c26326cd7c992

SHA256
952b0aad47fd63a64e82daa0a8e3342a4bf3867d5dea4a1be3a7d18ad50712f9

SHA512
8029624b083ecd0717a4dee3d87345401183faa69a0909ee2091da0b8d81ad9685cbfb70905e3f68f8784556dbc310173c63b0ef6c498a1e0e006da0fcf121a0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
e33fbfdc650da50294ff67b7fda84c68

SHA1
dbdf93925ca331bf8ece8854ecd7176254ec56e1

SHA256
6b796349b71ce15971afba1a37c0a5f4596cf48567c093cf2bf7b60815b34771

SHA512
a4ea9a042b3300946362931b6e7faed3c02bc8053dda7db58dc77ba68c81bd763bfa40596471a3d4e03ea6f6b81676459fbc262b79f6e9c6928a5ea897369ab2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
c043b3b21368079c3d21dcb8d16c6794

SHA1
fe4dee224e1261588b9e04847da2b709a7cff31a

SHA256
dc66d12331492cd2d673ef8135f1564323cfce3c525b3b562fe823726e7e5af4

SHA512
a87640544538d679152a600a1b1b4a6be6e8a2f40067e0f979034e78cb05154f05ebad1e694eefbefaad836d6bf254b5d24939e8c0c1db4797033e0f22c12960

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
71f005b17c40593d39e17156e0b1fd78

SHA1
04114c7a2560992b9de95a3cfe2390a670e6b228

SHA256
cb01ac569e33bca0e5ec1d96ad4524a556a4b4bf55fc522ad4fea34799b23338

SHA512
ad90147917499d3cf24d9c6c230ff9a1964d2959f588e36e239d3e478ee87750e51f9b14e97e796cbc8b8dc18b68993a4582f64c66a9cee4809a67252e0a88aa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
c76fdc12cdb9884a5891b9d8547a02a2

SHA1
ee76e611c2766ff5403c140e0fb546e46f493d79

SHA256
2ea58a26a9d58f9d890fd15a3cbcb67b8580f577313bf6580c3c0a365ec01bbd

SHA512
ea66cd229aa262ee762a49482202bba51e76aa39df5eabcb0243253ac4cf573ebb20b09183ed4cc247dcb6aabbcfd43d734796189150ae00d96427954376784b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
dc230498e3d51712e9aed7a5b48cf9dd

SHA1
a846895ea47e03deace4e651a6e484134d6b5ddf

SHA256
3eae2a044c55adab2235a2ae8e60320ef87f7c516affd6d6dd693b130056de11

SHA512
7d3ac63a2394bafeb5f85fac96bfdd8e8696471f90cabea501f88d8e0e22b947f7de5be49fdcb3bc4f182794b382e7e1f23a7c5f3d3a0d1fff9aeee140d72864

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
ea173cabf71df1ab4c55c237d05d6470

SHA1
e8f4b5e81ad89fe367a3c654dccb297e49a02192

SHA256
e9884dc48a5b6d696b21b2fe2130c461939045b0937a3e6e99c0df557ef3bada

SHA512
1c19da3bbeeb39ed35eb4e5b3a12307fbbc2395acbac8ff6ed6a1f0d110932287123057b347f1381df43eddadbd4c497b9886756dde8eab53f35fe28e839e467

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
3681983d2292e993aec9941010d6e920

SHA1
24f75295ca0fa73c1e4f8c9017b40bd8664483ea

SHA256
ada0345ec1ebb5ac96db097a432eb636ac89c5a840f36ae04c22ab5dc3ecc620

SHA512
26a518d926a7b838b96161eea17801deccbe34f498cfa2af891ccdf9019348ee55108aeef23df066a22f68458b7d4b80df8c7b0d482ccace0fa195525f029c0d

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
58221d3d113f68db73dd3ef8be50c89b

SHA1
d176d2d980455b0f3979887c367e46aece3ac630

SHA256
6bc78001ed96e327800c88dacac9c2ba1bd0656963339ed0b05d3ee79237a141

SHA512
478b7d3fbe7e99991c7fea9c9a39e30f6fd06816c1b53b33504dffc276ccee6c18478ec113807f88bdd920546a4fcfb22f91ea1b6d70283d6157fd4dc6bbeafd

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
26cbd43370bd938ca450352b1f3e629c

SHA1
52d8c114b1d155826b7aa139a16bdf03f0a3f99f

SHA256
380d01b82395c24ac583aa812eba9ceef8f74e03f23b5d7635874844e778d248

SHA512
15db57ea61ae160e07fd903cf2365e280c5bc6a5b86b03756be66dddf90e9264c9802c2f81dd3a9b60555d87bd60b8770793647ba7b00ad9aeea8dc89555b22d

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
37462b9fb36ccd84749044d55d1c3a86

SHA1
195fdb3f9a847396100ea38a8804de9eb0843cf6

SHA256
2c8417e421caee85de89a24ca1963655068b1507fcaabf96ebe70994c19f09f3

SHA512
bd92d5d0114a0671dd48b79874bf529946ecb660aeaa0c6d1f44d801b3933bfbdb8479115890ebafd5f4f9840c3868f0cc78d3f785488a2e1f61266ab55d4ece

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
f9931502e4c98fb07f7f7de43f95ae87

SHA1
b711c534af106f170aadc4d711942643e34b2b0d

SHA256
144e519f1365b39d441451b3ec48da6c33e98b7e0bec0d61688a2d0ce0524896

SHA512
a4dd16f79a06d567d59a3a60b37d1873cf2e02cdad781c9e135753405d1040ef6767a2f7f1c32ca877e24314aba172622f6078331837aa59ac6acd7e02281616

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
0d7e3688a86dc26feab19b08a3656c62

SHA1
7ba6266ba612362621bc108366d6c6541d90f791

SHA256
7af5f826ff0bc8aa66bf3618a27b31d4371fcc3a7a3b05daa10751f077fec758

SHA512
0f1b27cea3f5b190000bcf2a695aa19d3a3a6b966b0928e2635d68a1b77bfa6440f029e5b388529f4cf5d878510d769352093069283343bd793651aac9e4f882

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
e9ba603e5a5a0daa2c6a356cceead773

SHA1
e98972a3a4ffe18d943ea2585e7c673b8d1cce26

SHA256
f94523e0aef4690b7c433cf7478dd3008cd2addcd8a21146e8863d078e0e4e8c

SHA512
c28bbdabe281d8cebaf2cf69451eb73a5ec7c50bbd9ea3eafd1e3a657c67eaecf84b3380409cdfe9d040592553bd54c7cc68581888b2311341c18356854d6308

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
a61d4de716c9d3f5abef18fbe84f55b2

SHA1
9c18cb00bf5bf8ee0e270fb89c0fcdb22d3fcb8f

SHA256
5bb5ac0d570bb43448ff7e76f0a888edd1aa24754f98bbc4768c5457aab11b22

SHA512
ef5769cc7ad4aa3cc3ea060d2388923bcbc59f1cc614553df46fda34fc0ba8f264d6bacfbc979b8b6ae1c3d3aee3a5d8893f56536541370d1f43a8d8a4003b90

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
16948287696bd83c728117bc9d368d88

SHA1
13d7d587257495dbe88f4cde05bbd4eb4f4307cd

SHA256
c22382209c6180de8e8142d77550393248c6ea3c04e36293fc833dacf096b258

SHA512
f19e35c5ce6c74269e6891e83aaf7dacf9645ad8e841c932596b51f1cfd6406aa69f3800018602c7f88c32f5546b9d7609be7abea9a37e297ea13078e5a2a299

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
1121a016fa828fdb1e7b3c5b35dc1554

SHA1
d61c65ddfb56e73c1e0566d0e5d7c95061726cd7

SHA256
9dc8e3285906cf3d8a9795bf3089b2a8d5e40fdd3228a32650ac3bcc55dfcdcb

SHA512
f129ed57151f9920486054ec2729748ae6b7423094a2fbf72f3c8c984cb7145d296240a859f8b0f25104e4dc07507538b0c96149859933128a7b6670a397f7a6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
3b43d41fcab5736f10e26735f6bbf494

SHA1
f03a6d7c69d87468f3102c992b4e341bde6fc6bd

SHA256
2cd80b9ba3be52f66ea6b2a071bb37012be2fc2a5d3cb2aae3ffbb6272c2fdad

SHA512
5e75b0454d71ab6216bb3e2ad27e04d329cf364885fc7c50f85fb6240a3d833d0630eb2f244e485cd095928b38fe22ea60cc7864bc2ced6d4fe9d779c28f3950

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
4d1185abd85958c143819e0c25b67952

SHA1
ff2b136e06f09e3436545a12fe4224e8ad6a4a40

SHA256
476dc7d58c2d2ead5293364a44ef9e07637139b78249014b464c1f4dcde39f5b

SHA512
cdfc859ecb57a96327f702294e9d475371bd606c23a5327d159f2a7555ee73624378ded36d5a8260e2d798d3196c9a327e3ee9f019c867c1c475c88b19b616d5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
e0e517055c8b9ba9ebd2e75fad8cfc32

SHA1
f77fa5d377867ecff2e029128c21b4a9f16a5c06

SHA256
164c574f5c638087059537fed1a5dc48200a0998ccfae58cdd13763d00d4c707

SHA512
a97294b5cc5af95206f736fec2817b5b847d15591c831e5a1e7f84b8c245ee95c5e9face75c559fff8e6c6c33dc82f59dd33b85422c9c196536ae8b9aabf16c6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
93d2c229a6e4cbde2c5ac89661ca6bf8

SHA1
941d8ab81652912d895ac35221b1849afd438732

SHA256
204626a0d8a123848f2dc552d3172669b3879ab1ffffa1a32cc69507c92cc33c

SHA512
9886a7367719856ab2ba979dc6b4c222f7df1219048e196bf1c931a03b68c198dc8ae4485cca692f3f5365d9a0226e553d13180f2afd684e5e33a221973a32e0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
c6c7ae36428ac2115da58029311ad0c0

SHA1
eaebd7e709f1654a8b3b63af0c8d13dc3d08a61f

SHA256
ca378e95e30046cf7bce84ede0bf19137dea8d70ffb3463881805b298b2d520c

SHA512
a1268e9c04e1eea1bf1c0fb4414e7b8e4d53b63ba71dca8c5d936f3198e8a1ca4150a690b5d2b41a5a2d02bfe49a3ff63d2bbe1f4ed7c241d3e8db88e0bea963

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
1fdcff365a3d380aa5cde4fdb62652c0

SHA1
d6a68c67ef185e2cb90f7c65386bb97405fb2ac6

SHA256
5c056ff618bc35b5a6a074502107958ba2229120679c79e6e4c453b84acc207a

SHA512
34308f479f279114e684f26d88f5f5e17b47fc605a83e30d8c17ed52fcbde43013058f6e6f405fad942650f38402f88e0c6ea873fd45123a228bd4725f4ed6e1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
587d81874565f88e90514a8072c47813

SHA1
e4e0a9ceee3de48c588afd14643d0c05c3e72111

SHA256
65eab9bd7f513c62e751b6d984a7be18442d7d58623bf01fafc03407971e2b68

SHA512
1c887a6f61aa3bca28766bc045ca1671023a10be4d6e024bc782be64c2d42fab1b56789d70dd6722401c55f56a7ee98ef9caba794dc23e699bb37f39037d1922

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
2636f672a35f63e77073dc4d3a6c985a

SHA1
690e5e320fcb6b476a7c66dc527988b1e546991d

SHA256
9835832f637f8533ef4db7f49d0ae881e86f69e134106a9bf48a4f7f9d935eb5

SHA512
68276265ff09eb63a53acdaa25edbb6a15e07e76993f6393a0c677d1125d3254dd158aff7d0e43d924a5d5692c9f166e4461b86be540885de997f06850b17cbd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
c3756582932bb16157b4910d4fcdb7aa

SHA1
01f94ab557b643f3fb79db10cdbefebae4d5eca2

SHA256
c596ee9cd91b557602ade0f537d091918e87192fecb1871b9fb860191556f604

SHA512
23491db7e6644199db800a2274615584a6171edda73e9d18480c335c3208a5ba8a3c2dc20f748a7e21972a41661d359d7e400414f56257fcfa2fa1b85be3a1cf

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
09af5e19ce3e054d23b4a22dab0333c0

SHA1
62be0cb08d48e8c1f547fc1b5c6f01c30a2c6ab5

SHA256
016d9b76cb5dd977f8bce8e990ca281179ab4452b239e07ab1fd09e76c78ce38

SHA512
079000655fc98d28cea3ca47ee4f2c78f0bd46c584199b9b4a469555c822d4068e5dc98c7f4eeac3229c243669e7de1153bba67a772a07b0eba9377c64b96c79

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
491e120b7e3d43f0490ded73c3595cf7

SHA1
54f717fb3ead5234999d5012055a280c4b67564f

SHA256
b4c6283dac0c0748867d89ef54fa543d6063b0deaa1c1760d2d15fc39f206a2a

SHA512
ea295a69acf3b90a87f8b2a67a5c4b5e900cee87c672135d1aaeaee5898dd10cbfab6cc8cedccf60a325f6eeea6322694a7952508aabae6abcefd5de688d1e66

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
8b6e92f319c58ff46663c9fafb275423

SHA1
2714ac844cbc7e7229acfe34f9693c2dd5206696

SHA256
7afacc8582f3bf2cf6186e8aa7bfa29c147047b4c1f3677d9dc10b67707aaa4d

SHA512
d31f9eddf61ebd4c21fc934c34810676bfc79bd33d624ef7cd2afb0046e7b00b0fada38209747bc2ec3c656d74aae0020291a1797abde557fd77d11fc608fb2d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
80a60f1abcc95946b6a1c9ff7b9b19f9

SHA1
e60ef8d370a0c9cdc97b801bec3cbc6fcac66066

SHA256
3940e340ce8b21ef912cdcb5b63b358e5901aac1cd9ba25a191869f982f96bf8

SHA512
7969368486c7bde6d81903b264827e462c06b8894d14636b2e0ce38ed55e0d89ef1a43200855c879f2d06fee5a7f8494517e11a3cc9a497fe9405a0a7a1c67a9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
bb433ab049483e4dfd3597be7b8fbc26

SHA1
b896f521c41b9dc9b0c7df85f46b30e86f03c4df

SHA256
a96d33a6daa105c759a0053a4da20e993aaad7d8942bfa4ea16f97fd1f2ad29d

SHA512
005b34b39c55ec5880b6edc3243acb9f058715130ae344550ab0019d027acb1c6950587937ec13dd7bcf67c2bef401a8b537b7833becdf6c79d9b316d0ea6db1

Download Submit