c92d64719fa71188cc8a774cfa71f5a5c4526b279b588a4668fc6be2ae2e42d8

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
16-10-2024 17:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
Size

12KB
MD5

4e061044f7012bf4b7f5059f110bf5c9
SHA1

b205d7efe6aa7cb12453b43a06821e886d1659da
SHA256

c92d64719fa71188cc8a774cfa71f5a5c4526b279b588a4668fc6be2ae2e42d8
SHA512

839c936b275d6f114871157cfcf69ef4ee93ab04f8665fc8e89abc4f399a90e09665e2add0e28fc8885ae3a437a9fd32987166ad0aea3cb512b1f72c52e2080c
SSDEEP

192:G/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMNP3ciaff:GebFNw4Pk1itKkpAjjI2YpdmNPsi

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2526) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\R78nHBIG4K4s32f.exe"	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\prnky004.inf_amd64_neutral_5db759db19acd3ae\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Switch.help.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmusrk1.inf_amd64_neutral_19cdebd3e1182874\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wpdmtp.inf_amd64_neutral_28f06ca2e38e8979\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-OfflineFiles-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\netiougc.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_escape_characters.help.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_FAQ.help.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00v.inf_amd64_neutral_86ff307c66080d00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00i.inf_amd64_neutral_09ff5ee0a0cf0233\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Recovery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wdi\perftrack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Arithmetic_Operators.help.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmaiwa5.inf_amd64_neutral_ea8128ac5da37eb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Programs.gif	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_scopes.help.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\LogFiles\WMI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_neutral_9d0740f32ce81d24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\oobe\background.bmp	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_format.ps1xml.help.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_neutral_8887242a56ee027e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_amd64_neutral_407146dba80d1566\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nulhpopr.inf_amd64_neutral_e078ec466987bb3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc004.inf_amd64_neutral_bbd3435eeaf576ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\en-US\erofflps.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\000e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_neutral_ea1c8215e52777a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_History.help.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0021\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Language_Keywords.help.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\sdbinst.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_neutral_4b99fffee061ff26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prngt004.inf_amd64_neutral_f5bf8a7ba9dfff55\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ts_wpdmtp.inf_amd64_neutral_daa64ca27846aa23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wstorvsc.inf_amd64_neutral_d7bf942e99bb1d41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\IME\IMEJP10\imjppdmg.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesComputerName.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\at.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl009.inf_amd64_neutral_bed6224f27f5c478\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmrock5.inf_amd64_neutral_cadd97421d121ebb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sisraid2.inf_amd64_neutral_845e008c32615283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\synth3dvsc.inf_amd64_neutral_bccbc5fb46a05558\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0416\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\logagent.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\lsi_scsi.inf_amd64_neutral_cfbbf0b0b66ba280\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\PostMigRes\data\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr008.inf_amd64_neutral_2cedaac353c381da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph3xibc7.inf_amd64_neutral_348f512722c79525\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-DirectoryServices-ADAM-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Comment_Based_Help.help.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\compact.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_PSSnapins.help.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_CommonParameters.help.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

Processes:

4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Journal\Journal.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_dot.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_left.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\v1.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\UpdateReceive.docx	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Response.gif	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR8B.GIF	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_48.jpg	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_dot.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_up.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\bin\unpack200.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_rainy.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\System\ado\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR10F.GIF	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\settings.html	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Half.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01242_.GIF	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\Form_StatusImage.jpg	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\calendar.html	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_h.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15133_.GIF	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21503_.GIF	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15072_.GIF	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\6.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\10.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mousedown.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInTray.gif	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21433_.GIF	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Chess\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01236U.BMP	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\SectionHeading.jpg	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\winsxs\x86_microsoft-windows-photosamples.resources_31bf3856ad364e35_6.1.7600.16385_en-us_86325df4062acda5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..-credentialprovider_31bf3856ad364e35_6.1.7600.16385_none_e2ed533e1c868930\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-vb_compiler_ui_b03f5f7f11d50a3a_6.1.7600.16385_none_6fc7df5866d27668\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-huecycle_31bf3856ad364e35_6.1.7600.16385_none_810df6f57d9f2a73\title_stripe.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections.Concurrent\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-compact.resources_31bf3856ad364e35_6.1.7600.16385_de-de_80c70232a6123b2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\403-5.htm	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..t-tracker.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_246c7d546e465d35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_server-help-chm.ipsecmonitor.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_49e59961e96733d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wialx004.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_fee99e746c6754b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..solitaire.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3836ee0f90682243\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..tebox-isv.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7552c9eb9f8b13e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_msclmd.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_59532de4986fb6f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wiasa002.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d64677dcec2aa396\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_profiles.help.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..opini-accessibility_31bf3856ad364e35_6.1.7600.16385_none_36604ea896f9a97d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c6574dd3f66966e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..ionrecord.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c6200be3ecb6b813\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ui-pmcppc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_394e4511a97d3bb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-takeown.resources_31bf3856ad364e35_6.1.7600.16385_en-us_122d3ecc0a9e8edd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnsv003.inf_31bf3856ad364e35_6.1.7600.16385_none_61a2cdbcd95e2a4a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..e_iassvcs.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0a058c6f3de3a7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2213a9604c5157e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-stknote.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1202d69b76948367\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.16428_none_f246234dd65241b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.1.7601.17514_none_7bb89455b6cebd74\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..topeerdrt.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7cd521c6b418666e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mdmgl004.inf_31bf3856ad364e35_6.1.7600.16385_none_ce52ef657b189093\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..bilitycpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5c1525af827c4b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-directx-warp10_31bf3856ad364e35_6.1.7601.17514_none_4889a9536d4be8c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-t..tional-chinese-dayi_31bf3856ad364e35_6.1.7600.16385_none_bc71031cff4c1a63\TableTextServiceDaYi.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_dbd4d2796675bc72\SearchFilterHost.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-whhelper.resources_31bf3856ad364e35_6.1.7600.16385_de-de_992787fdf80a08dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..iveengine.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d1ca2c07a7211c86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..onverters.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3f2ea5426753ad44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..t-tracker.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c84de1d0b5e8ebff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mdmzyp.inf_31bf3856ad364e35_6.1.7600.16385_none_a9dc75825db86521\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..nmove-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8bf917da73b68266\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ef4a1f2f37cbc435\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-time-tool_31bf3856ad364e35_6.1.7600.16385_none_48fe0cfd559f80ad\w32tm.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnlx00z.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_136c2f0a4591118f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-clip.resources_31bf3856ad364e35_6.1.7600.16385_de-de_504e10234d150ac1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..migration.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ea9b641cd815fb5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..cywmdmapi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7b56043345014286\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.FileSystem.DriveInfo\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..vdsupport.resources_31bf3856ad364e35_6.1.7600.16385_en-us_468a90d35879b654\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-timeout.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c2dc2b0c07db8e6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-msbuild_rsp_b03f5f7f11d50a3a_6.1.7600.16385_none_6574692377991da1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-m..icecommon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9809c3eeda23f1d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..nttoolapi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_15ab65f466bcec71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..owmanager.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_34be759892c77101\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\Tulip.jpg	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..mepremium.resources_31bf3856ad364e35_6.1.7601.17514_de-de_ab1cf971d3ad90ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..vices-configbackend_31bf3856ad364e35_6.1.7600.16385_none_3289e93f0b48fde4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..t-starter.resources_31bf3856ad364e35_6.1.7601.17514_de-de_65636ae46df69f6c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..demanager.resources_31bf3856ad364e35_6.1.7600.16385_en-us_654d1ee18bca2e08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-btpanui-mui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e74d36e73690a62a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..datastore.resources_31bf3856ad364e35_6.1.7600.16385_it-it_13b3c853601364d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sud.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ac91535ed7d90e6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\e88db1688b08fbb889b0b9d4b1a51493\SMSvcHost.ni.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..itycenter.resources_31bf3856ad364e35_6.1.7600.16385_de-de_26b1890b3258ea6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\DefaultIcon	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\R78nHBIG4K4s32f.exe,0"	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\shell\open\command	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\ = "CRYPTED!"	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\shell	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\shell\open	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\R78nHBIG4K4s32f.exe"	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "DCCLLRDBEFTGZNR"	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
352B

MD5
fbc86c51a58818ff9a54644adfaa8c11

SHA1
3099ebf5bb532245b2f029a7472d03ac26c213b7

SHA256
4429117b202b2572c30ffd614e410f67d6d4dada8b73bf7905c11ee6eb276b09

SHA512
8b142a3247627ea75f4048f43a22c97ac39dc25b5e56182eab0f7827c96cafbe65656ebbee9b02c41eb5fb8f4ad5ca8c49f989ac95140e5153d3e9378171d5b9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
c027a572121a681842d0c4131c5e68f5

SHA1
2200938f5ce9b1106de7ca6a050d9241036784dd

SHA256
fde147c81f30d201dd0a1baeb2cbed0f547173f1b9c9ad8ca560c96fe711b1d1

SHA512
81451d797a89711ef086e08c3ce65f338a41193c2b2a50ec613ad3c0d69f781e0e35eefaaf27b9e340b6998e7afb1e1a70578f135f6f03d78e099ee72674d6b9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
96504c33faf2ffa93d161a5d6a267939

SHA1
d628425be499c38476cab5b8c5bb4cc50e9ec22a

SHA256
f15cb347c08303893ed8089496c41400592d4385a109e4b83e19f5d2d29a0864

SHA512
de35aa11ee30112cdaf362f9dc7664f47251aa98a12b997428661854fd8c530cbaea2d8dde62974726ecd51925acb77aeea03deb83be5e7fb25864b450735454

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
d3a19cea560b52b89298dece858d93bd

SHA1
fc14dbf6232311383eb34e1fe47f64501c8c47f4

SHA256
06354bd368561f8005f0dcbb7d26f54c4569426a0cb17c46b7144c33bed89fcc

SHA512
26bd354db099ceb9c86ad18e9d4f4b04294a5924a8fb4ebcf57362c64427b51be140c9799ed29db5f14422fd7a1c0c181583006acebab1e2753334ac3cea9fb3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
34ce36e712f710ed3b6988918a370456

SHA1
51bbc8248148453f8b3774d81ccb7740872a8d61

SHA256
fb642e4b724276281e7835fd8ffeb81c103d07eb693bd3983dc460c9c893fc94

SHA512
ff7ed8b37e2a6624c66e4f8144ea9f5c4b7071315abc59ea8b0e98fdbb1165f5b6351d7e1710fa555a39c2943d6216eb59c1b0951581f02061df65be2df4977e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
6eb3f85e0f1a45956ff2c08611eb5821

SHA1
f6aac83c0d1d1949a40459eebe639725f256f2ff

SHA256
3f39b10f6009ed022565d90fd16f871c98e81905b6b694ce8136b05a2146ca4a

SHA512
2fdcd128a6e74cac165eacf09c78ce0736f8616161b40fbcbb0544447c812f10a70ca29b1aafbef7809a84c9b14603fe428dcabd0adb09e00b319d2af3e39c98

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
35e9f91a7582377f6a09cc17752cfd41

SHA1
b6d14c11f36d0dfc9005e14cfc0106bdc8c8dbac

SHA256
0fd102b160e905292acbdfb225e485ca9c697deb38636e30d264965b2e76bce0

SHA512
dad3fd9681422b896245a1073fa0c45f530b5847b16f7dd99890e1bb1a70d764f1a904b14cd6a17808a939a739477e78536e279c80c1425c52d964d17b58c662

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
29c33a3d35e3bd58d665cf4bb700652c

SHA1
a020f862fd05348122fc949ea14469218181c3ab

SHA256
eb73532f5c8133149e4039315b74919894ea1a42f6385eb6825e4224c8ab7809

SHA512
100c410d2d216fc49d38f1ded3ef7b32c44f54d01c1c4735508e3e928f09430f1a28725f4e55b833d2ef7912bad4e31170ff500a5b2475acce9a81c8fe72e9dd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
e64c6ff5c02512328aacc8dc98a68140

SHA1
cfa89d83cf0377950616ba2de194baffe1e5c7c4

SHA256
75c0052c95aed106a3bd360ac0564896c4b24276aa0c22f2890136f448484265

SHA512
de75a023ec7f5f2e250b027d1944643151e8aba3e51af5be717f710b70a2c9d28886189e9b87ba795334bc67759077013c34044a3ad15d074f5f929acfdfa7ef

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
cbdacc44a5f59b208260e709d93041ee

SHA1
f049406f6f75e7fbf8ed589bf155e3bc73da3bdc

SHA256
caa11f99fb80aa9371361f5c927abe1f7f04752abb2e1850cca459e115531826

SHA512
cf9e761e8a9650d53e09557623374c42cdf652386a6e375f66d9d1d2e30a53f8c33f850b59347bac87bfa60b47119f41923624f9b07c0feeffdaef422f79a001

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
59697a3bc51f547aa917ddb516e67453

SHA1
314792e6daebc2eb49540fe5181dbfacd48dcf32

SHA256
cb23c774876b7cbb53affb4eab6bd49a767fa6cd7b34955957960a8fe5dc22ef

SHA512
c10adf1bd454c9ff98d4943dc614a18ed64cc9f9d44c40531e185d90bb17bdb5a83e2ec5306a8cee9c0f5ce89628953548ca6f3d914cd21ff56fdfab2e6d508c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
dfe32f971b1bf3b775ceb1d222b7bcde

SHA1
b92ac3957d1b22a0fe2822472e960f4eb32f5ed3

SHA256
c87bfe2b8de8d57e8d4a768cf26eb614df66a32c32291ef0be315587110f8835

SHA512
e8afbf0a9121fd9f2527b38a02e85bb35fecadb84a236b3d3647dc3603e4cec2586928233df49154c132a6867b2516bf618a1e86113ce6b4187bbe6fab7ff2b1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
2852aec250dece3fa391288128464ae1

SHA1
a172f738fcdf7a28890f43bc5771331207052592

SHA256
82a7211183a510f38612d406e94ed6c1a093b19ad10e23a93e2be9e5de0e480f

SHA512
e2370deca89d6af37209965c41e19ceed817724b707cf366f6df1df78dfeb035165cb60bec46b543c5a0368b02b9670187275b37292b5113ddd8a76533035123

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
64d0eee1bd45c1e0218523783f566a43

SHA1
d11a9b110ea6c58eb06fe41f38e9007826b7b600

SHA256
7410f47e74d4cd9953399480c58cf174303cdde86398599a2c37563a4cfaa24e

SHA512
987723d57c2f8357c977814641836062ed708f4d95b6e899298fb809115145eb74468a338205817ade506ad05f568a5ef5ed4abe42bed23233f017ecd9e84592

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
6414a9065cca7823de5d74706d4d986c

SHA1
7267a0269e0d207c790187091132960a76b04972

SHA256
d9028022f3c38700e2aa3fc58cdfbb3ab2146a27b0bcc3a31fc2b5a746e85f06

SHA512
1a6b81b3e5454bd0ebeee374618053bfcfe6e77e7828cabb59ec4d1aa722f1dd970314885aba6374726d79bf39efbbe4c60ac3255203f0762ced6f8c183e3850

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
bd7710b829a6f673a78cc2f4be5a6dfd

SHA1
d50a7fd94f981edc45eb7fb75adf17d720aaf40a

SHA256
7f3d08dc24bfe85aa8590ce818b3e18ee657d07fc8b207280601d1ba35db9076

SHA512
b28d05c099d880b41a3cdb47fc97807b4fc1ad264da5bb6e06c7b1d79bbe298adede1d0544f929a850ca39a6062657eea63abb3325135168244135e1124fde86

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
8c49786472dca663d3af3f07bccb55f6

SHA1
b50e72cd21ad54cdd524d296adbf831f2d5da740

SHA256
97157dff1f1bdf9c5b097da75fab4ef92ca5a0f27fbb742cb4b68035b79e5356

SHA512
d2bd6409141aecf73e4f3b322e8631bb3df6f01aba29a68b08f24fe8dae6ffff08e89fd0d7a97b120f3895a35d6caac1be959f1ed419a5cb6acbe07532b75907

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
adee9998b5b47a7049d4c96110468bf5

SHA1
696132a073a6a4a36ede9299ca3fba12fe45310d

SHA256
eceeba1be6f91a875bf15f7f37203d740914243b23db16bb934d2fe7fbdb148d

SHA512
001cbd722e79300a959cace25eacd39c3e3e97bb45502bb7347631d80ba72ed113121bfbb9d9898c7948849a10820df78ce6fe93d663b0464bc1273db8f07054

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
2d42bf137a6adc4d5b1256a0db386184

SHA1
29ee966fa5bf76f207af0dba230c7a3fab272a0c

SHA256
f8f3ac40e6f9a8f3b7dd9266a6f41a9e809a590397afcddc7b2c1b752876608a

SHA512
1a55c7e1358d1e8fa9dda8967d79dc97f8dc89cc9d8e93c1617e3f6da3d93c0a1671debb403e88d925699cd07ed82ed2d8f1424de99915872deb1c6d17e4a700

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
f111694d7d2ba85577388c843cf0194f

SHA1
82f6440b6b12613ee404d1517702cbce602b775c

SHA256
116f94b66c905968cb6b93284bb5336d321aa5070e3fe7bd90e65ac8a2734b92

SHA512
342d97e1ade7c37e227db357a7b81a8f27876f63819111859104fa8c47b22a31efce7889a3184f14cedf70f6dbbd8bb1de00bcde49ac330a98cd7d69a2bfb6cd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
cfd704604ebfddd787054a9bbd9751b0

SHA1
c6b75615790f0a780dc41a01b47f12ebc88e299e

SHA256
49a7c1a7428f8ea4d3b2bf615b50845959d4f7bb7b8352d72bf2e82aac2c468b

SHA512
349ba8e1bce125f9aa147db3666b3f9e27c085fe34ed3109b8706d80c2bb7e078239e9dfdc6af0a5fe60ac992581af9d2e133ad5e73528a680eea59874d7bcbf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
c4b902785a332597d78defc5b3e61622

SHA1
4e22fa3a056ec6946e966e987efeaa4ced8f6946

SHA256
3d021a370849aac36f8a1f5577e5f9bc29a1ec483ba5b9b602742d2787baf351

SHA512
8c26c96c7895654b3e835f8ebe421b06aa29348736df1b42e4d420531d5772ef4b1c6b0648df2ae529233e50b7b1d0b2b6508d72d46961148cf33b74ae5a351f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
ef7d9a56ebffe496ac31560b046831d5

SHA1
92e0df3421bb8779baf19eaa8e0bf1f6395cd89d

SHA256
c80b0dd099363ff9904711e3cfb4e14480cf257da8dee47e5daed1031d60b6e8

SHA512
c400732d85f27ce1a7a696bab85f050764a46fe0b3ad146ab0bb442ff1cc1451e5ec3c4bc9bef538cc136b89a4d60160267ae1710612bcc662dc71d693e1247c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
a10f2b2b38af5fa3cd456f74fc260a09

SHA1
fbca88e583b464778d44bef98f479f1a7de19684

SHA256
436b7fb254fea1a6266d8a85db19733fc9391de6e7c25f050232ab3c9e1e6fc8

SHA512
1fd4f5f4905c7b2d649846e7ca4e3cbb28c8e91ca7cacae9e65a8957aff21535ed2c151e89f0636274de2b275e022de7e387280e5e2b7a9ec53eabbfa525755d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
2d3a9d7706c972dafadd2def7f3aef35

SHA1
c7a310335e04a055d060f8b829acba35555a98d8

SHA256
dcfc2054fc8a1b38986d9c06ca59701301cbffdcc2c50e976b294882316d4ce0

SHA512
52af3f38d24778d1974d0ae0cdce2fb19d352d43e04f0fc3bb9ab139ba4c6fa10602e01cc5e22c5c624e145b8534b6c15b7990843f45e92397ce29cc994579c6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
61709ba818dc090e176c7d25ba212a50

SHA1
e9ef2c1e267e9403544a51323a1aadd78e861b56

SHA256
7623814287244158dd3872da7734f24654da21f7f8c8bd30bb06b3dd684f4053

SHA512
67f8d4b10305475f9d841138f8b9fac587500eb8a11574d96a85b0b4d244b6aef24e460f27a3b3d782df2d2edfbd6efbea16b87822624a99b62d488f18332c75

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
092098e724b820b539dc7416b3e0a65e

SHA1
cf1ed4a28a0362da98305e7c38b2464af3f35df1

SHA256
3090f332584fa1e5bdcca9617732b3a9b4d2b4f6f5753eb589afb4ca40011b22

SHA512
f0b361b4f7607f44090a5b65be266924a90c01b5af8ea18addab447b5269985919fb8f0f67c556eb1aacb8b42cda06be4aaf7828e330371637e99ece46e18f07

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
2aabbb9e12973431300bd53fe2fa975d

SHA1
6cd2dca709a357ed41935c831da6e87bdc670dd7

SHA256
a8cfcdb76d2f625e0724e84564f5c3a6d627863a0dc7f819f3732ad74174a67a

SHA512
e4bae6bd1e2bd5b3fc114aed12f065511faf4944f2f1fa09c92ead2a881d2b592231c4b98fd038f9f8d538cc41b3b3919bc4296bff8472a061a8177272db6f76

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
26438cf43b66b3e0858999af550d3d14

SHA1
5b3972278c46909cce8f740715ee2465b6c119d0

SHA256
473ef31a763ee211f54a9970ad9f8ca0dcec66eee63dc46d61ff03996cb907ae

SHA512
b7871896067323ccc0ea0329649265662096cfca8c0780597eece4e5cea0d7f98c22ad5d2b618ada596a93d316c6438e349e1e3290bda0a362bd5b974a96d39a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
63b2aef0433a8cf893f75478be9d9b02

SHA1
5f37788675dcb6b46b44988e378f4dd41225965f

SHA256
edd1c30494b8f61b962a1c0d4d2b728f770d364cb2dcd1059df1575cf42d7707

SHA512
a3ed627286088ec9b3e45817554ed837c0618be589e150dbea77b143a457e958bc0f06f9a86db36c50bf53f239abff5174061d5b0defa39aa0d69019f8fc68eb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
c78ec68738f3c3486b7850d036fbe2f0

SHA1
b815442e74817ef9b2ac5834dcc57af2dfd21340

SHA256
8a5de1dc488eb41776dc08a98b5a8a598e89ee7d58ae917db57c64a37321f036

SHA512
4882d15b02d19a8e0a9f8198dde704ee2667320ec1804c75cee322505307f92c86e74b941263ff22d4b52059bd16b0cc7b8895ee2a9cffa3e1b1b01bc6c26093

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
6138e614742641471641120d2e661773

SHA1
fdead241e3c19ac8c6c43b8a0b5de8e7fc938f7c

SHA256
13cdfe6390957511ae2b62081a9b5ccd83484cfd01589a884b945908700ac72c

SHA512
c336db06b42cc6cfcdb8036f7aab6a2a9e42808cffb83a6756e6aebb288be205415232ce730fd6c4ebf9197f597693b6e9c82866cbc5ca87ac67754a2ee02f90

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
dba42ed7a3cff3c382535681a16bb003

SHA1
8ae1ef6a67764d0b7126d91735d5f94025b5df87

SHA256
1edd8ad0c470ccf76e45be2239793649d5f567df4c222e14a3101f4f02e71f78

SHA512
3971eb446cad8f5272030d2f5f908c3cc8d2e0f6464022ab391ab41c123b260634a9f174fc9eb7aaa1d778625908a8b24d284b732cf0af07957ea1a793d28c8f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
9127f504425c6a5321655b89e3212dfd

SHA1
4ea5149436137c7a9349210f31e80b00a148c861

SHA256
5818d76e46d74d1ff05f150e127a0d58e36cec1ab083a13be22de76da4879741

SHA512
991bfb8959eb82d44b8f7ec0783dcc74f10078db9818a37146eca51f3a21eeedc7afff590d213b0375e6491adca50689cae0a81aa4ddfbeeab904c23e5963fb7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
488679b9ddf4ee30a1e2e4a593146a3d

SHA1
8454a1b2ef920779f4297f4e3efb6301a0b61149

SHA256
665a0b77dd2d61784d838bda346b77a75e46284b82189e38e1e181975f6e4c3a

SHA512
220eeddf9670e99a288ba6f8c9b309cbf4151a7e005de7a53086bf90f023785c35a2fc856f081a4c05dfb9e6d276c399e497f1b9d5444c9a69a4fc9d5c51b174

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
ba265a74f4ac7f9d33c111bc078e70e6

SHA1
a4005a030a221c6dbaf986aa905c4eae7ef722b0

SHA256
0fd1be41cab430f0fd74a8154b990e1a8188e86b4a8c3f60a9f4c05c318adf15

SHA512
e18d072c6c15b8e695858e4aec0b35bd58b211ee39ef8e27900d05df3378ed3b53a2ac71567fccf8618b973e21f899ec06daf99d14cdbf35b3ebcc7279196b86

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
0a0c6eaa303a7db9469a61d69fc3d667

SHA1
5b5f3e80eefb82006da1473453e8b14b3b103116

SHA256
e3b8338c18b647c5d609c3c1d42c4a77d8c9126c91b9ee82c894829f27a5ab95

SHA512
5fcbe6525b3768f9e5e2fa6200269f7ccbc9e61164f33bbb8428117d0f5b543139eb9296edb5eb0ede911552461a2d6f0c50e53d0081b1c05aef6becc2207684

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
8adbd7558e0acbb1f1efbe78b4d6bda3

SHA1
bca529b4631034d4bf0dc0358e31c86ac6289152

SHA256
2cc1cc4b0e837bc45ecaa5ddc8e20ad390adf5a3b5b580600056982dbad7f6d1

SHA512
311aa0ae84d4acf89c29691ddc960da20a9d6c2c005997eafbad5753d5fea04199abf86f5b0f062f640b680c88379aa288e361d0f7aa63ee1174311c20a46782

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
064c655457be57b39b8d70b61155d589

SHA1
71205bdfa98a345356c6099bc0fb4e52ac3ef2a9

SHA256
6aa1307a1f7fd6ca335119ce90d4d9cf6d2212115813bcf99704541809e596b6

SHA512
4e87c489556b87034c658ed1ecb7a267be933c06dd75d86849174b0f82990166dcc223996de29d076a4cd6d44293d6f80662796be3605c7944b4c0453d37948e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
49f2c9937e8c4e0d762861c8cbc693ef

SHA1
12939374c37cb4acf849d0688d5e6e06079448b1

SHA256
74f20663dbc14fbc63c9e1b96cbd121e2342905b24e42a55006807c400611ba2

SHA512
3cde10778429772af1b9d1b9d77e6c684aa891b9ca9a70c6d0447e8f49d34878e36a077dee0a3cdd65c38b410aeff43600d5a49933d883c3125fc46923c766d2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
afd38a09546dcb768409fa6455f4958b

SHA1
0eaf7eb05e02ece4fcd161bb0f387b3ce86269e9

SHA256
dc29d5f1074a9a23608e6a5568eeb6c6c0363131aa36dd9f17501d50081a5ecc

SHA512
b0228438efdefbdd5f8d03561b48b20b3bc6a533c8760e9ff500a12108864967cbe2d69512896750bba43fb4b00529f00d507769ddb37423976a85e059409cc6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
9cd2f17dce53a2ff95975b9add7917b9

SHA1
669de2f0b30a2e8efe338d87b873c6a4fd9491b6

SHA256
0c56401dbe90ae86caadfd01237291c76eff4ea3cd98aaff7e9f4c15d0cd5a54

SHA512
0c549ee735f0c5c15c38ac93e5719f47befe513ce516588c3f624f4f42f3e39d024575836f5644f1599540426f86ad781f8704db83d539adfa9c8d67f3dc6f58

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
7cda78593e8e8fde84677b5b8294a896

SHA1
1910718e5536ea0167f34a182275695497ae7635

SHA256
42662ba6d8dd444f5566ec8a87962f5ee5eac1f553defe8ba8b5eff663ca4175

SHA512
9c3ab2e3e1d8d027b990649fae057816fba93e36d652121c9a5710b501cb7f7757f5c7a6095e8d1fe4f590eda969c2e4aba97a6c8eeb69f6560326e9b4e8a85d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
4893fecec9d4424b72f5a6be8f93673a

SHA1
e23fad96d0492df335227b3faee78a8ab7e36dc3

SHA256
ee084a03ae1695ed32e1561c646a7029043a960b82aa1d7bc8e211ea3cadc712

SHA512
4f41d369a6fdd35c9514d2cdeac58a6eb726ee9bda5ba4753552a95248b682587ccbb61d8e41e7dda720d0ca782bb4cadca9a2aee6b457aa56b51cc0563e5b3b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
6d8e46f9a5cd630a6d71b8cdcdd0f520

SHA1
9a030d9321b49d99a6e55c3bafbee23e4c30a2eb

SHA256
6f7efba39799a048d67ca5d803b81ab72d90401c1175eefb9f82c1676e860298

SHA512
c50e906cc97a8e72cb65de09c3b4a21c0b1bb53c3b2b194b2f3bc62d68a7ab8d288b509390d1f06022b16dde07203e14c1e263de7655c16779c76216c9c0e6da

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
6f0b81fd6d0f2cbcbd0bd26da9cb58e7

SHA1
9bdb35f3d708799dcd282597f7328209a74064e8

SHA256
af71f8e272c9b3a58fbff5c63beb156e48c89736ded1e39dea684fe1a8464646

SHA512
f1b0a844a89ffc76bdb823a5da0b8afe285194eca4765c45709c1ae1d670e3c5bcf41edceee4277b586ed4171cfbdcb11cd120ce64b41af9d9192f133a53ed77

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
486e07cef0d8af203c1abe07f7e56311

SHA1
ab24903768cbd804c5863570af29ee01734cfbe9

SHA256
f5ebfb24d1a7c735a1b9be059021a6f0a73f63ee1013d1444e6749eb3e77c5d8

SHA512
21e2cb770d975f946989412a4cff1703622ed9066dc4c21a0c4a35fc7a2f979f9062f9a4cabb4b20df214debc8bda779205af6646e96a627eabf48a97faec43f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
2d62f1c23efaa5b6da0933692bd62799

SHA1
69ce427ef60bff2cf65e2a9e3d8d9fa46a2c315a

SHA256
101736dd017f026a1be54478153ccfde76a461d5c403d7f91e6bb6a466331229

SHA512
0551b8e46536855c94aa96622b075e5330628047fcd4aad684aa8739f2a72ac0ceb163019a574ac51707fde1143b18345480c03434cbd9460609ad2d45bf310e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
2a9f1e2c78f4e8c16fb12f24139834a2

SHA1
46b90cfc53aa30b7fabebcab78c22cf39358e71f

SHA256
416a6aeac948b2b85a59a4deb436bbaecbc35274ba57c5a1402ffbf764fcf354

SHA512
4b03eb87b50efc177a6f35dcf8b66bbccb1c23b4a88eb56e935506a969de71ffc62cb8553342c52d4ccaa38c48b40183c76ac31cd199f3c4c7416bc19936ce39

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
de487c0c4af9ad7eaa0aea6cc9ce2ba2

SHA1
7084964a6966e8bdd51d8d29ce700b78f4859dd1

SHA256
b69ea8865054fe7218e5c772ad9f48a1cf40566a06b9019b3295cc8ac3241dec

SHA512
0c11ae2513bceac96c9deb44e3426498631304a4de6911cd079e872796327ff249f2db54d3539c75ce82b9a935cbf1896224cda5fc734c5051fca7f0dc899930

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
df15b4235fc7b2b6271064eb2d66cc15

SHA1
821143501da1480befb8a1cbfe8af564882c5a9f

SHA256
067943b17ac031e83fc642c46df0a0de25b8a759c302ba2962d1a8fe0a36266a

SHA512
61454022a409e4cef87e0f6342c8b52d54032617f59495920205f99194e48f01bcd1566cf2c3749c03c166907f5d11994563afce6da2d557b1d382588d0f08d9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
aa7fa60a08c84cb1f37dbcb5a94ef9a0

SHA1
b02719791a35d828a977cbdb237961fde8c5cbc7

SHA256
1d942d6189cbf95d4698547c1e8692074cdc6e0891ce32d2051d7b8157ac6489

SHA512
2fb8723c905fad229b7a56a2362084d3b69c88f20a026191d16ca1c6f6e0ff2455d780be792c2dc2b1900f1ae39de0d9433aa4691732dc54d1a73cdc40a21987

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
c1e52e4ba2cf586835ee8293fa5df77e

SHA1
ff8eeed69e71193dd1af10277fb0f63427b74037

SHA256
274e63c262d24b1940421dcfced8f1eed085264edb304621b9bdea4609d979fe

SHA512
a909041dbb4924456a41721b77a2d0ba6f4ec1be5e521adf8351ba91e89066198c758cc13defc020837a98e9ccbe8241e18658c10ab3344a658162f4bd31af69

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
0926798aeddcbf4e67ca726adf1c2d2f

SHA1
f55091dedf3b82ad2f1bc6f376722197f9347093

SHA256
51ff74a9b57bd859b9c0c73d5dd5c292da81e1240532c39ec782bb53e8d7bfb0

SHA512
d53e863574e50bf93712072e293b95e272d4f14f0523624dde3d965ea3d0de80ed39e5c93573ff6be3d30f03f3391858c3c93a79a4a3ac53e7b778199caef894

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
3b2053cc6c2255627ee8ecbf24b7fb70

SHA1
9ce1083978dc10c76ae8d39c04365129b803ddc9

SHA256
b1b2113e5cd4dc852c55d760118521bf85d241b75b37f11603b9b761838fcbd7

SHA512
f0e75fefb8e1f9da4372171da23356ee066fff9731d41bd77c5fb167d492feb640e294582bede1962fce71f80c535efba3838b033ba306694f1575fc14f932cb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
52205bf63bc8afa1fc35e265072eb964

SHA1
de9592ae8ed9e15869ccb9ae35b2cffcc2d13e32

SHA256
5b65dbae07988a9eac264c6028e0d7a9666dc4ee9da45ba872ed2af68417b971

SHA512
fbbf3651d4adbf04f74818f486d195496ca08584976c454b3ae6409557b78b6dec489ae507a6c5f20c759b12e2b8a86825ef1652b9f0c803bf4ead9a40bb3ac2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
562197011ef953aea062f935ec1a3d6b

SHA1
94494311c0a2d2178c0789954984a0f2ed06a465

SHA256
63fa50a7bd9f841e864c6eeffd74bc0d3c5c509504a548df703d8233213bab9e

SHA512
5de257a051e9f378c3fecdb638c8ebfa18a28ee5c1fc57ab80c9f4dda17fd54bab00ef73f2f4ac68d49a6a78458034ccd27ccd4bfbf9cee8e6057976a7615772

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
9d8bc2fa928d6857b8bcce126c04c6c7

SHA1
611c618842178d46e0379b9051f6bf5f6fbc1856

SHA256
3750f15238561ab6fd2614074c7e7fbef42d7f205ce57593d76681090e45b21f

SHA512
ad63fb005dc9ae54ba2853142bec9e43b2439f15066624e4840b60abdd9f8bc273d9d652408e6245a46b1a89193a6f9d712538af232b76d08934ee59aa21eb6e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
869e901655a6b424c6e91f1790db49af

SHA1
eb7905a91f236aeaaf45f74b12c2f19cfcb88341

SHA256
4de02a61ed6fab869463c1902a32ce0577b2278ce28aebe8021a7c20efd97778

SHA512
228f8bf77eace3161dc84de839472db2a1284869192ef33cbafa1950d0d145a7257af05ef7d6427534a0d4a1cfe935bc719f76d8940f71b44b422fefbdb4a038

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
6d33f1270b6321c58a87d7dcb68be732

SHA1
fe8776da16bf9a27a1546551e969306da52c2b56

SHA256
b45255218e0ee870c41e265d064d66abae70adff4e1d25447dfd702e88178ea7

SHA512
91ca80043ebec9755f1b9241b85e82c9684083da1122a05c8a39c56c00361f6c810c5380dfd3445b89a01181361081ec88d4ea0f6cb93c9fd63107b825bd0b48

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
8065c4d5ec680ecff78db620e565248d

SHA1
384985486f5116e9d43817d73854e4ec371537d3

SHA256
c7c20199086fd44484b5c7e63680472958353bda388cae6fffde664265d7a420

SHA512
d6cc64201e5e8f265071aaf9dfa28547d5e7cb5941b6761b6c6848ca41c2de1f6666e425b5cc288f329326463d79482c81e2f2725d0ff188b3ad5b1388d13f0a

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
0da978661a81afc8a380dbdb36450488

SHA1
c4ff8c4744e6c1fde0f405bcaa48a148d3ad8508

SHA256
2d570f7907ee6c9b5c90f7d9eb5721e3ac4a98a889d3b696866da6bdcc9b1d74

SHA512
bae58b5a3d492ebab34b44058d106aa8dfc33aeb058dd53e23416d6a1e40b394613d3bdcc4b1525ffa8d5ee2f66079a78e67c38849f7f011efe35cb1b3136594

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
40024f2a19eb41af5fb6c2dce7cf5b11

SHA1
0cfbb1702da381483a42bef24549584a5de3e393

SHA256
10d89ccf9feb3a6691b1cbf3104887325bde1f85c14cca993e29b25147eedc34

SHA512
4aa3cedf7465e930fa6c0e1abc5d99ef2535223ea3075c5c14a114e19c1343db06b1b6180d168ef8dfcabc7e89524bf8ea2b2f1d1f066b75aab32427b55c889b

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
0075168547860fcb9518452d2d49413c

SHA1
8ec97327970a6fedfc1b30c792d662144a72a0d3

SHA256
fdd8942ac8fc687a9649174b622b71744e1ff4e6734fcb546d076804d3984aba

SHA512
50cf07fd3a1a41e7e59d6e8fd747c30467bd1523f04322bed84a1350217df6d38d06061ed3c9c1d3fd0a13ac88e84ed7b14f68f473b76debd16189130a67b4f4

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
98d5e153a81a574c2dd18a256758bfe9

SHA1
d155f5829346a70084e8c20a8515658a49932a2d

SHA256
76f2197cc6541d5f27b6747271ac5723faea55ca0d93c7581992c3bc7c13b303

SHA512
be962847371c23725b9287ee3c7eadd9faf87996ed6e0af6f53b30d301b5a5727515bc7c3c1b0a0c6cb55df771dd5953d5250c00f6aca1099a1612b82bf1bac8

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
b3db7458c8fa53d6301ff0ee60fd613f

SHA1
d280b8732159c4d020a7bec581961aff0b751007

SHA256
463edea8d14dafe10e44c25dd74bf4679838c82815b8a7d26ba3990087b5d63e

SHA512
136daf930ebba101a4ddf04a70237d023716fea6979204d4364291b8aca4eaf70d49a8812c29e244876acbb48e1d052ed27e93deaa55fd0503a3c4404e60c249

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
ba10301081b1b463db2f0b0e4bf34d48

SHA1
85ab04091b58ffb57eee1706db7dc97321bd3658

SHA256
0c6f9b7c2b0a8183f1f916bd3220b815410be280922a79c317573c3a6aece77e

SHA512
18b24bad7b4e417b90e37cb410011dc264c358779b4819f060c3e1ca7de5e4cbad20998c708757c57b6f0fcb2499190a106fab8f0cb2a92fa24fb022fc19f235

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
66150bb21e80d75b28ae8879e98d4bbb

SHA1
ed96c42a366ace44254895dc34616af0efa0c4ee

SHA256
c0d4cdd2437b92c88f1768f2fe0a2deb3719ba08b76fedb7bb33fdf6e102c122

SHA512
a31d7da703340ccbee21a4b7761f25457300d867703e80551f9d9d41b0e34df433a72a8efe78189171bdfe1ecaa97792ca40f6f52c8d87548518f4638ebe5857

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
47d0a92f6c740269e49b4edaffa35394

SHA1
4fd75499b81b2baa79b37b508608f1ee4f84ed10

SHA256
2a844cbc6cae0c0f02fbd3b94717284eab90fa19048733678450fae1f050cc6e

SHA512
12dcc79fdb777ffe10170943d69b15acc4fc161f5f00ffdc1eae4194b3660608061b2bb0f4818762b5b23f40f45cd1c46fb598476cdc2c24becad2a64a19bb0b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
9adddfe021e9f711ef5fd442622770fd

SHA1
9bb62055de517f9324af33043f043d85c137892a

SHA256
64002f6c9c55ba587632221e1ccd5f9ace1a1522e776cd218e5a7e0bd5904c8a

SHA512
6b52b4dbbd48f44c614da24624434d2f0c3a774ca576b92acb6bed162bb25a23590df59a3b98904426a86b5c92a22f8687645c744070743858c941199db5f4d8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
9364ff1f8347369c8dfd2c0c1a665cf9

SHA1
5f9764f2c8976406bb79c3df398cc260a1373909

SHA256
bc36602fe2baa4129d38e366ec8b15e77d4db17331b96f6f8de9ba138e9a6ec2

SHA512
4b986b20730f2cc1536289cc1f28fe6e89b48a360ec1bd7ce41b7224de60bc9c824d357dde006c1fd93247979d0be56d981f70993b6eecf11aafb816adb7dd6b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
16438ad57f5cdb9fda39783c35398cb1

SHA1
b5fa856be63753a0d4e00c42a60d1137ee144911

SHA256
144b528325e73a38cfd84c09ee84af548a3765ac3065584ca59f43a0adecee24

SHA512
d6d671564373cf0e2f7f333e53501d911f32dd88dfe2cd493f0c3b52ef151916492ba10bfd94475808df2a06c0d96bb51ba5add6f4cbf86ab21b0080e32086a6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
e6f5edb1e561e91fe8a7a61820a095b5

SHA1
65e8d9078ca8664ce8dda1577558a8cc00d0741b

SHA256
3645ff3c2110111fbbf19b6dad00e162560bbc142320448a5f11c04b4fe3a32f

SHA512
a6d8c15adbca2dc3e901d324edffe3c0e7539936f093e836f36a0f33e43411173199fd8fb57880bd8873051838eeded0896ff1f3eee7cb2d7a60460b89f97617

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
f464247642bef47580f0b0f7725e59a2

SHA1
2b65e9b825c6cb05283481ac5a951ff6d06d5a97

SHA256
c6783d65f2b6011e4fc69598cc87f2af740ac810296cfdab2ad8af719d714dfe

SHA512
b6e93f0c4eaf684ec12cd5bc47de1e7c0fa8153fffbeb3f0267bd595a94a389a7d2fc97304c81af3f384cb553d7f1e3de72806c6fbd222f3df386c7d54f37d07

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
9b5017537815ddcd0b3be6103324cd89

SHA1
b8921e06529f401677c44ff641aa159b11dc44be

SHA256
38371a0c11817d75a49b733b1e9e5b466a4ffce47b7680f68ba4f024050cd376

SHA512
d106e0fe3837a4c5307e84d02771a955c3e255fcb7901419c69631962a3c9872c9052dcd8dd23881d300ce08d787edda226dd9257415549110ba74104edb78d6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
2c971ee7ecfac08b948d20019911ca24

SHA1
bea64c982e78c37cd4df17dbe2222943a0958f3a

SHA256
41e273fe465e0708ae15d65fdadb55c39988a43ecda34a5f1c759f24db32a882

SHA512
f66ca248175eee97aaead7852d6ca70e76e5d2d3a5b9cec14da9f2869d5eb0b737bab192a4988baba7b62a13e1b0cab25f97f38fbb7b7969900b9f2938432113

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
9c856d054c04d4bd9d79bb9171798c25

SHA1
a6ab636736fe520427e94b4e6a90ce3094ca17eb

SHA256
d8038d0085772201af31c7de0f78035dfce661334703a6809d77e63da828ea43

SHA512
834832fae846be910a191540d735d7fb8dd1476033ce69fe9cd43ed386ee560792a0612af55afb1fb3fb33838f0fd834b5b9edcaf7dd217e91c6ce9b35d0a1c9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
f3f349b1eb19bb240b10cb6276414844

SHA1
285a848b121fae460970d0caa43c95f32e64eff6

SHA256
ddd3c5b0087c8360f574dfd9d62967339f34784034f7e28274fd9b40d92954c8

SHA512
d7a5b1a506394ba8ca0adf861ee570c98e4578d40a1ca36b2eec85559ed3274370730f7d364a964ff8dd47be88c0f65f13edc69d017bbe43f28f877acf95e480

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
14417c11dafd345bb8c65a72867acac5

SHA1
eeef7ccafcbea52fd03dd58f5ea6c1b55ac320ba

SHA256
2c07ef59a87679205a13bb9501ebad13d1d4b228159e509ddafaf8f10dd4bfbd

SHA512
1579ffa76abf1abd52d386c722915845f1f1aceeac467ed76303bf5d17d4bd585d18b5e04afc50a1e85da63af2b8cb7827d8c99648a9b1564c12d6c512f8003e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
51499f9c7b689688c352f21fda608429

SHA1
c8177ef89682f7743663bd1fac83093256af7f81

SHA256
dad026e2bb150790d4b97d25a71492d7ed671a6e1cceda8317cf84e22169fde7

SHA512
27acb945dda817d3acf449468780369a3544af02e8567400c96a6e4caec974277ac29dd54448ed8b2a5b7a5c5b06b63bc1b3fe7bf8155ce91ef4f15a523f2573

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
4d127f281e07ca25521c7a5b0cab8208

SHA1
f0f39de118bd7dc0b732e5946cb354cdf88d1d86

SHA256
41546e0a9fe87c504fe4b03ba62171e33a28a44ace4626f722fd1f05ce214140

SHA512
5764ab798b38352ae7f4d411f9a40cf20caafb9d04739f3e3f0d21f6b0589f617ef51402b6994776c87449947037673e91f4bed6111f1e0e579034412bfe7fc5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
5f6c9bf16e5621d9638e483a9e4739d7

SHA1
013b812c0f351b6b3177134e7664b41a38e4993b

SHA256
3b7fa5acc8cb984b85af671e84db362a1adb0cfec80c96cb06ea08c96b75f90d

SHA512
9661f7011967b5bf2d5f3c362d7e4a3562c70cf90f8db947334d5168fc69de7dc06937ebf0785216e9b4b7cc9fec27976ad9b4074075657ed5dad8e7e9da66fe

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
c25801cbb9d9573438ec8617ddf79a62

SHA1
f43a1bf0113f9386b31d5d6a194d4215c9646d68

SHA256
84b5e8fc5cfe84e1fcb29dd5fc3d7e66cc58f1a10f921c33f47af557f7919824

SHA512
dfafb94dca0ddb4692f7edb8da9beb03bf1cf706ad9829125f7419b87acadbf3c67d8992ed67c23e1d472a113717644ad45d0369f9296ad713e27c55d4c1e2cc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
5326f8ba9749b2acc3f7072d0abac5ce

SHA1
598ebebafae1ad2b65b88ed26efedf1891bcbd5e

SHA256
b1a410b37ff94b0d3111345f605963d2a72eedb99e287cb7726d7cdb7d919f02

SHA512
ee38c44f696ce3b022c82e93512f2d45e9b512089e5b97fdb259e94975ab828a2881dc689b481fe1c431dea3bf08bca098ac92fe393b7f80988f0a498eb4d8e9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
37e40dd0b3b65b6adb5ba591fd4e715f

SHA1
8fcf4feec00ef78747814d4ebc20e3bdccc9af2c

SHA256
a9ba23734d4a6563cdf9c99f353453db672bb8b826cc58668caedb4b92942ab3

SHA512
6d8d382d9bb77c21c28b6f812d3e33db4950f0bbc0cc4a4047b39bd87e9fabcc5a742ed3b4b3f086035297d493e5e4f7956e98b3ce0be2b979ef819b1371ce7e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
5fbdd7b04c58986dfde532a57e2320ac

SHA1
5c76be3034687afdd325812832d4a68723b02b04

SHA256
92b25dcb00f179a5e913cbf489c2a909b3380a22062d343cc60260e798cc8263

SHA512
89a001c6755a089d042ced7f8a65d731d94abebb01de25e8b363cdfecad688d6d9f33b1816d00a376b7e874dc1114ae492eeb4a5a71abbcfdc5b73ba742a27f2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
3f67d9836bb19a988836399a787d2baf

SHA1
253263b375827644e2e6c0ffe1dce7811f391c54

SHA256
47aab47c410a78d162e491381aa314c254945becd28b8402e60d2d60c6c310c3

SHA512
0a7d318cdc3ca9b2af5a4c393ce5a9aa67ec8d5379d72eaad98985c00179c27f4634ca2c997d511d10a1e9ad0a14a0c20bd785611d9e37a2effca5befbc8b172

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
2ababd422e08a1136266513e534dbc45

SHA1
116357e5cd56585962d60a6b497361503b48b344

SHA256
d55d058a92b7226b004752f39462eabd0a779010da9356e464917d4754e653fd

SHA512
e68c446c4ba9edc91c98efa170a4c316a0995c8d7f471a070c787a5d0a5e2a0aa6351209795df178abbb2833ad3539810c9d2cf64bb6ce5814f6a7938c8910e6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe

Filesize
32KB

MD5
abf19be9fed2c2afbf92ad4f323790dc

SHA1
ef08b900e35a1619d15e1f4fb7e917475815ae88

SHA256
954c5a1f985b6df964ae860b22021809abb1b49fc0cb5c8ff7ab4ac3bd480f38

SHA512
cba0a55e1bac6a5d37164c19d990800513df9d4e394bef32dc4d0ed99610f4d91423b8f6ee29c3278d5caaa518dfe4a153599ddceefc3ee5c9399d83b5cee571

Download Submit