53fdaf0866002bab5dfef76b3edc45a5f8de91d15c14ef4a9d2f9549275872ae

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-10-2024 23:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
Size

12KB
MD5

59d0cac75ecec1bf3b268ad7d0cdc34a
SHA1

db8c8571dcb12d4ae096816e2be7e690554877be
SHA256

53fdaf0866002bab5dfef76b3edc45a5f8de91d15c14ef4a9d2f9549275872ae
SHA512

c815c63b6c5c2426cf6f232b631e1a6b776449447e3aa8051a7297972512e6d4beb06e35a650a0393c6fad488ed79589f7c584c7ba14c597caf2c132baaf7f30
SSDEEP

192:J/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjaGpsHcxUw4h+lfPtRMyg1Rtz7b:JebFNw4Pk1itKkpAjjJs6B40WyKt7

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2523) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\BWiDB4lemwP6Kbm.exe"	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe

description	ioc	Process
File created	C:\Windows\SysWOW64\slmgr\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky003.inf_amd64_neutral_fe7ea176f20ab839\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sv-SE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\bootcfg.exe	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmti.inf_amd64_neutral_4443b423d18c3ffc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net1kx64.inf_amd64_neutral_1f62482fbb9e52a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00a.inf_amd64_neutral_d64d696193e69d7b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx009.inf_amd64_neutral_d4b76afd08f308fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-ndis\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\com\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_properties.help.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmetech.inf_amd64_neutral_230358eeb58f0b3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbc664.inf_amd64_neutral_673d3dfb961e9b17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_neutral_24c807694f614911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\perfhost.exe	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DriverStore\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_format.ps1xml.help.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cxraptor_philipstuv1236d_ibv64.inf_amd64_neutral_b6a3e57df5bad299\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\winusb.inf_amd64_neutral_6cb50ae9f480775b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mmc.exe	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\XPSViewer\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtdk.inf_amd64_neutral_e567adb271831b5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsii64.inf_amd64_neutral_d7409fccc5ef4078\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtdkj3.inf_amd64_neutral_7e1053ab483310f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\IME\IMEJP10\IMJPUEX.EXE	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_data_sections.help.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_pssession_details.help.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-audio-mmecore-other\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep004.inf_amd64_neutral_63b22bfb6b93eaba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_internationalization.help.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsusbhub.inf_amd64_neutral_c67606b3f53ae4d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\newdev.exe	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\PATHPING.EXE	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\winrs.exe	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\IME\IMEJP10\IMJPDSVR.EXE	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\wowreg32.exe	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\fc.exe	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\wbem\WMIADAP.exe	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_FAQ.help.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Automatic_Variables.help.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_escape_characters.help.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\dfrgui.exe	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmhay2.inf_amd64_neutral_ff250f861d941dd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\msra.exe	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\pl-PL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_execution_policies.help.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr002.inf_amd64_neutral_ce2134188ab21f59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tr-TR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_pipelines.help.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ks.inf_amd64_neutral_2b583ce4a6a029a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdm3com.inf_amd64_neutral_11abcf129a29fb9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prngt003.inf_amd64_neutral_8c9aae54a5673a35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

Processes:

59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\setup_wm.exe	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECHO\THMBNAIL.PNG	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382942.JPG	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1250.TXT	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceYi.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\RSSFeeds.html	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382926.JPG	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15020_.GIF	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14539_.GIF	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR13F.GIF	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR36F.GIF	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\settings.html	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\35.png	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{FC37790F-E395-416A-A1A1-53BC987E89B4}\chrome_installer.exe	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0164153.JPG	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0313896.JPG	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_rest.png	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR19F.GIF	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR7B.GIF	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\WhiteboxMask.bmp	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Hearts\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_browser.gif	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10263_.GIF	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\spacebackupicons.jpg	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21325_.GIF	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_decreaseindent.gif	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_dot.png	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\46.png	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Journal\PDIALOG.exe	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\flyout.html	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD10972_.GIF	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0227558.JPG	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Services\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\settings.html	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\HEADER.GIF	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_right.gif	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)grayStateIcon.png	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.XLS	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe

description	ioc	Process
File created	C:\Windows\winsxs\x86_microsoft-windows-m..ado15-rll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5c7d56b7eb0bc64f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_wsdapi.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_49e05f0884041925\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..extension.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e2d6a9df4aea6351\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-absthr_2_31bf3856ad364e35_6.1.7600.16385_none_ebc58bd310d87143\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-t..etpc-mathrecognizer_31bf3856ad364e35_6.1.7600.16385_none_1e96139b9db5c6c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\7a9c26f21641112fcacd6f087b42133a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_display.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e2c8381067c21eeb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_el-gr_be1627f4d8c6f00e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bbae52d373f3168e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_Ref.help.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\system.management.resources\2.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-euphemia_31bf3856ad364e35_6.1.7600.16385_none_14191eff72a98c54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gettingstarted_31bf3856ad364e35_6.1.7600.16385_none_dc7256ed0ded6c12\GettingStarted.exe	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ribbons.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fb0c1bcbe8b06646\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7601.17514_none_720e868d9b0b6a44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_type_operators.help.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7601.17514_none_61acd141e5332baf\wmpnetwk.exe	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_presentationcore_31bf3856ad364e35_6.1.7601.17514_none_0a5717aea693d3bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.servicemodel.resources_b77a5c561934e089_6.1.7601.17514_fr-fr_53906293d493357d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_e06da86617ab812c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_ru-ru_ab734c8b71371db6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\0fde44651bdf14a3988b955dd94aa318\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-efs-service_31bf3856ad364e35_6.1.7600.16385_none_b239b5ae3e6d5dc3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..-security.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d8fb03bf1b8a8d53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-buttons.resources_31bf3856ad364e35_6.1.7600.16385_it-it_34555904e34defa0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6561e1ed74823913\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6e64e1c333d9a87d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..river-wmi.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_010d6d81a6daa074\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_pssessions.help.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-nshhttp.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b658c4e8aa02b454\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-browser.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_cb90e0b38be9a9e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-devtools.resources_31bf3856ad364e35_8.0.7600.16385_de-de_293ebbc04bd06445\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sonic-rtstreamsink_31bf3856ad364e35_6.1.7601.17514_none_647657ee9ac95ff1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wpd-busenumservice_31bf3856ad364e35_6.1.7601.17514_none_d62435c4e2a1ee5b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wpd-status.resources_31bf3856ad364e35_6.1.7600.16385_es-es_64386099db69448f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_ehexthost32_31bf3856ad364e35_6.1.7600.16385_none_2a78e65a954611a5\ehexthost32.exe	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_3f5a68b1af8172d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-taskmgr.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d67dc559c08dab90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-kernelceip_31bf3856ad364e35_6.1.7600.16385_none_8332b3fcce26a811\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..plication.resources_31bf3856ad364e35_8.0.7600.16385_fr-fr_1270dcf7dadb66d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.Resources\1.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-appwiz.resources_31bf3856ad364e35_6.1.7600.16385_es-es_302e68ca7021e39c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-fsutil.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_97d05fa8ed72c0ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-fstexp.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_3a49eaf49a804b29\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-photoviewer.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_aa23fddc0d4178de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-previousversions-adm_31bf3856ad364e35_6.1.7600.16385_none_41d785d4f443b620\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tvencdec.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a5c8984d6e73ba35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dskquoui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_34962e8e9d568710\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..rectinput.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad1ac3f811850085\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\timer_up.png	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-f12tools.resources_31bf3856ad364e35_11.2.9600.16428_en-us_30e15db611a1d98c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\sysglobl\8abe9d895b3e9efe741b9162cb9206fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd\bear_formatted_rgb6.wmv	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wave.inf_31bf3856ad364e35_6.1.7600.16385_none_ce26495db580519d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\inf\BITS\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_es-es_746bd347e3322d24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_methods.help.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sensors-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5b8b798c24ba2772\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HSQYOVIRZTLMNTF\shell\open\command	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HSQYOVIRZTLMNTF\shell	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\HSQYOVIRZTLMNTF\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\BWiDB4lemwP6Kbm.exe"	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "HSQYOVIRZTLMNTF"	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HSQYOVIRZTLMNTF	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\HSQYOVIRZTLMNTF\ = "CRYPTED!"	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HSQYOVIRZTLMNTF\DefaultIcon	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\HSQYOVIRZTLMNTF\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\BWiDB4lemwP6Kbm.exe,0"	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HSQYOVIRZTLMNTF\shell\open	59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\59d0cac75ecec1bf3b268ad7d0cdc34a_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
473B

MD5
cf227889173f1a1502b25e3412f4fa6f

SHA1
22388402700c1e3e9f3fb1671161939d121617e0

SHA256
434aae0caac7d43268fcc46274362a589921e3dc4681d17529e3054b640a1af8

SHA512
5cafef02dfa30bb9eb13fe65613ff11971316fcfc7f430ab3281312bc558df45806ac9609ea746758afe402ff52c10f2643429d4722c16e3e4f4dce2376d824b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
d088cf285b6da434b82e3395e57a0ea8

SHA1
5d1f17143e0c8ecd1d39c3f662cd77ad280a47e0

SHA256
c198b987b4cc4ecd5432f8e02cdc2fea708c1eb798be4211bb953a6b02204466

SHA512
5884a6a6069ae9f512acb8c1422b774ef3a52775b9d262f93b5956956a20bb9b70161a988848e543ab4d9bd2491ccf9c2e63188434f41a0ac1a4df3d9107e69d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
c8d625f2bae59a3c567869ea1d20d5af

SHA1
5d648c6eabe5f4cf451ea769ad8532f821eb273f

SHA256
b7766d6a03d57dfd3808cfa9a2a6ef8df0e3b99cb3faf7f52c7595822c7f8435

SHA512
a7c0e61e16ba6da0bc2c1c307d264bea5061a512f81bfe4f1a6295ec6a1c216277203f46e6195d059ede0829c7f1c97e3c26c763c573c46a86ba81989f747fb1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
c0535bb96712625e5e70eb3dbd3d3a33

SHA1
af026125639bb3f91784335b4ccbdab889b5176e

SHA256
dd54098eafa7d3489873dedbf095e43371cb3e912709e5ee595df3bebffd5e66

SHA512
55af3d26e2dbcaa493ac0ad6be82fd7ec87899bb04875068eeec114e1b7d6ee8716c40480d3ae001ba76f16ffa6e92e4ae6042145acf0665cd1f1892a592ea06

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
e307f96ea37a6f2d8921c139e8b69121

SHA1
3f05536bf12ea4658bde39950da43aa4c6424817

SHA256
736955970d3b277bff92a8f4e2a09a04110b3ff894e1de5c10f9cf86eec2efcb

SHA512
84af79d3a82b70a81985ce5a22b6a35232de7de105304d2fde935084df39107ac09f7b19c658cd68a709b623edb12708fc177d0d1e02c487b564d998a49ff666

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
5fcaa991bddc94c632c58327fefda62e

SHA1
006322427ac53a51e11bd1e0d872d8415f5e01ee

SHA256
ce556971bcaba521d5715ed4995140c8e1a2f0db1bfccff5e27fcdc170dbb10a

SHA512
8ce2c203b08ecf8c1c173993b2898a07754db5cd3e42561bfec9f4afd1b4c9cdf125e89a380a20f090e276ec6f59b980e4758ee5db1d1abf96256fa0a5ea4e58

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
c317b82c000d4456caa32132580d4add

SHA1
659a465aec725ffb706ae1a49ca96984272d3439

SHA256
d4576ce49799fb741133ab43f2774781d87626a5427995132ab64b9782b1f7a7

SHA512
c81e0c61600fa1ff338b19c6c367b6b5b6a27c5b5501ac8eb6b0adb9df56b3d68d958ceae8dcc79e1e483a4a4610c3db4324495d22c0578cbb9cc0b6e49345e5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
a645d0a99b02a3e89a8cedfef381f0fd

SHA1
3650c134e052febea69bd3ffa704bee1136fed2f

SHA256
9bff3ab17004e5701e7ba24ea9184d2b1734a52bf80aecd7e395b11a7a8dd6a8

SHA512
a96f1c2ac8b0ebbd763681b5a5f25dc2f7b7b57d775a41d6d5db06a7c15c082b3ca4b0977e4638e7701e71f710c5183785f9b2823bbff188732717be813ddfd9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
27874a2dd0282ab305ae2d18479ac1cb

SHA1
a7addcf63ab9897037e49799737d211896497dce

SHA256
1fe18a9039d88bc1c87910e0350b160f285a9c2d59f3c0a1ceda1cfbacd28562

SHA512
cf1a0a9bfd9a989dd96679cd9e1eaf84345aa5e25b5d39b4d99b880433a663c36212221eb5731c89a82df55b3c4eabeb95807e086eae02e64d0ace48c84cef59

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
345384f9283b6a7d814335857086d1ff

SHA1
78eb16e4a97f8ed8d54b85a628300b66323b79cb

SHA256
86706940b897273e23c2ea5fc34f92d1b3cd2ca66eff6ebfbe212c8312801923

SHA512
3877461ba4e3fdaee4ab5e5fc2edbf526db7392aeb1f21249050095c2490615d89c9b8febc8daae086fc51acc064d91ba0c3a29fe98b918340b0d2b632f866fd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
9ef5e7ece7e9bd843736bd7187b0e662

SHA1
84c2ba2623ffee8f5a4f3ae129bc93d3d69acb04

SHA256
1edcd37c8350e457d3b702bc5ff3b65bd0d7b5c6fd7f909da5f08b4876fdb03b

SHA512
1500d11fe24a3f09acbc6b58d3b31828f46cc5629830856e121d8a92d3dbb57a99cfd9890bb72a2413057f8747a2a1a9db32917b96d57593097282b3e6b8eb27

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
25e4ae676316a03bdfe0f90ed29bce0e

SHA1
04bf6d93f3f4a051f847a16311f0f410d349245f

SHA256
e0cbb4bffbb506b045a31a9864b3d40445e633b30d2cd99e40d18d9646685bec

SHA512
03350053e4363a6be6e8431d37ea8806e47cc8a878cee6a449968b5fe031027544704c4a431205bc461c6dc1295f7832fcae48fb96ebc613d113a775dfb8286d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
b079a56f5406a10d4e18f9ac7d807494

SHA1
346e83034490dea4e4580e26090b3bfb55fda0f0

SHA256
ce7b0b33a527384e3d47cfc562a28650f17d8008bd523c418c4d762aab15bd93

SHA512
bd2bd0df8736fef954341b4d66482ee8ab22395ac953fd3a57cf0bce24e4674057eec489e6b689bc4ed94b2d60d939e2baa8f21e46fae3ee7258bc9d91850be3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
731a263823e09ebcf331fb0bd2e9ea60

SHA1
3134b78d05edfd656ca02bd5fd32dca273e2f9de

SHA256
5aa8648a1ed56384dff038844e60f24b82257d482709d4034bb3d245195a1434

SHA512
20105858a0f6ae535b9a391303e1c477a11cc0a38776e2edccf033df17d6f3406a5e5595122e7f4a14bc3d0f89483ed4c5654ba21e239b5969df988acd0d211e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
e8f95df527e90161ce8b979eb9b368ff

SHA1
969600b1e0e948e89495c244634d3ae7322607ab

SHA256
379fd7da0dba618ee349339f86c7bc1e13fd601bb5143c2d7dce5f4e28efe43a

SHA512
90fc8741f048a6e5f265dfc7d4411e4cdc862114513c49c393ed4e2cb0f67d1cc33234b18b3e3a1cde03de37753b3bad7e631467db09b0a258e10ddc579b9692

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
2508a48fc0528b509a93347c41073b9a

SHA1
57e9b90847071c4011683a4a3f713135fe52e136

SHA256
a28ba0a9137e3d9808229c3335c04a36d1c23c088fda8b2c625b1986a2f284f8

SHA512
8b6b051e7dd97bb3e1633d64a03b6f83b62f523e9d4a0d7303157740ab3f3240c6f5376d59cfd1825e1d26afff912f622e5ef803e980a94a32dc0b7d2fba776e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
7cc0ff87f25e8e45bb4a03a01989a073

SHA1
44ec351afd5b15daf275bd1c496dc606d218d548

SHA256
3ecdb63143caa67e2a5f2a16b39a252f2b4ae6315193e9f52d0662a19da2a8d6

SHA512
b8b0762e1d495f63e8c087546786805468a9b495f71f0c0f663fcb865a1084a65e12420fa9ab0fabb1e6e660258cefdce883bdbb7e87266dd1ec4e043b1ca766

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
1658d4d096e9d3ad9714d3d3269e2832

SHA1
3dbaaa600da623cf85c52c70c74e4585754cc2f0

SHA256
5e93ca18f8114c569008005a3cbe3635ea9eb67777cc971324a8f37a2b67f309

SHA512
59690bdfcceeef31a1ef0c1522b2c43b625e9bc47d76e326d3356605c6fc05c809c5d4f315a146e8d5b351e250e2fdae11d6f577424ec5cf3782b2d938aaf305

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
8909697bbd28c7219a395edb62f49117

SHA1
fdb9c979a24e41c67678d4db2c327df6db9a289d

SHA256
724c8fc167701dd8b6ad5f658b4b8b180fe36b184359d64a3307e65e2be524b5

SHA512
e9239d8a066dfd4ce22b84e8824d678a088b5ce60fc90948b898167e7145a0ab225a96dca813038de1630f711d3509902b5ce624cb70fb7c680bda5ea8c6e45d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
37fc2028570a929d5d6921986d92a225

SHA1
7d5ca31b5c9435c85a0181e6ecbc014326a1addc

SHA256
d22dcb219df0639015d4e428fe89575bc5d9e4119e5f6d11bca3f20a68c40a35

SHA512
0d3fd0d9f4547238584d6dfc9815ad283151bb74225bc424750e2a0cf56208525a51c1f9debaa0a8f9a889fd55e9a0e7b58f23bc73573e588291c5f144ebc0fa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
450782d93a2a3bee35a9bcc7844270ca

SHA1
9084781664645a71d04357b8078bdd67b62fb0ca

SHA256
cac862e626bdd0ea0c79e6b251047ca46b33f5272e6e491f47022e884446b755

SHA512
ed90c50a25762ccc3748ba554ac6493873a14ff0fc1a493286e6beadcab8b39a85ff0bc1654e97d8ee4644983e3c4032ba28fe8a3c2ceb684435db3b4eddd643

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
f62adffe2aaba4edc36f36558d825046

SHA1
f7079b4d338dfdc6fc460fb0d7835a4a0093e371

SHA256
92d73837c4d16127cbfa1d40b458f9c5a304ff0b77406689ae3083444e35e0aa

SHA512
91aefcda079eb0b4148d502b07a6a04dfff0158f2760973f85ac25fc7eb5e9ab9d65c4ee91281859a00d670972fe6613a272ea5f55c400db675c3f5cfc9c833a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
36bfb5e83db78847ed1cb223ac19e277

SHA1
111a31df4dcc92a2533aa06836f3ec15eb8998ad

SHA256
831f1009c55a71d756d0d423b0d9cdb45b02f9c23be002d15bb76dc7d604d322

SHA512
a72d190095b0239805207b0be5cb91a149f1a25f8aa87fe570428c82eb2ad8dfefacf2d4f5b1820f45f6d5e886140301258f3754bea0563bc3de38837c004867

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
665a547082c8b730a53b2ca26b0c7773

SHA1
40d1fe6ae323264dd1f8eb5361d355e1fedfd917

SHA256
6652ad36a629efd009611e105e8e872f86d95e263ef2aebcc81d9e9a01055ce4

SHA512
66a8ee674af04989d90c2b960531cccf9086deeca4a0990201077cfcd94e391596b791909097fb3a3a7e2c448f2480a27fe11fc666c56ee11ecf427e41f5c830

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
d8e2dbf819116e0d00706ada4042926e

SHA1
811a68a1419581c2d37825a37de5e4c12a82545a

SHA256
8114308891f86acbe8fb6c2791c476bf16bd4cfc565424610dc296805839c72e

SHA512
dd38a73cc1b7a29d4653734ef20745f38a4a2cf6fbb8bcc30adc5b07cbcbdc36fc085dd6a70bc835ceba59cc615bc09002ca9d0f996f323e9c81b102a749265e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
b2e68bd6c6b2449faa2f6228cf8a80d0

SHA1
037c385b024b69139dfd8840cedec96644c5d2ce

SHA256
e0e6446b32bb3cc015dd3fd44ae4d66d3da8c348f6442bebe0d0b857fe4ebed4

SHA512
7c35cb96f1c0c7fca1d72360860271c431bbdc87e55580ab361faac9c30213b8d31465bec38d8a8de1a48dc62153f1c9aa46a5c9b3fcf7b083812d479b7e8b5b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
1f54e5c65fd6ff4ae8be7ea63367a99e

SHA1
9777f63816d6e5c327a8f7f033f8c9b3b77dc6ad

SHA256
26a1e98216aca8f805127c988794a468a06debcc35219cd6c1509bd02e5b449e

SHA512
b7e279cf169742e0a7cc280aa28ada29fddab1e802d846121acea7327e3d183d3a7d940b7a75abf6f344c2e463660bf9ffd54d7a509460a476aa92472e7e6d3f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
afec9c484cb92c2b48bd947301718439

SHA1
15a16a233e9fb1606e4245407ae62b27d4d6155e

SHA256
4785956b881d9711a5552f29b43d3075c2df37bd7aa629caad7a74fbdf8b3ace

SHA512
207c57952b05a0cafbd6e74ef8e08e719212fd80a9b01e4f31b494cac10148f5d4188e470adc39c875bddc4f87fd81bda498bc6f8eb4b684ccfa5f60d34440b4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
1c60c27b3926a402798b464aa3981be1

SHA1
b913e37aab7b9baa5c54e445e363a82389854a33

SHA256
f6f814108c74c65b650c8497730634c004c637cb4b7e2ff29957dc15caeea805

SHA512
dcda0267939ed8e7750f55c5d7a0d1277c558216d2fec9d9716235d8161098396b7a42c6b64fc24b4ba9dc843557fec8008e271cc5f07056a46e7a8dd0ab71aa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
84a32153749f6855784056fbc713cecf

SHA1
d1748ff828c44149a61bec3702a24790151ffe51

SHA256
09c727aef6458ab5857bf72082ffa6de4e66dcd86283754474759a362bd59ffc

SHA512
38f8818020126dc873139d6cb000630716f8e54bb16136d834dd44efad63d5d87bcf03d947040029270c4d03cca5121bd074f1a365387d07d1a07d6dec8b5b0c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
669c94338715e13a4bb9fad0c9510377

SHA1
0417d8f90cd71e782c95aa1e45434ab7cfc58e45

SHA256
6a651589f14111589febed054f6fc4b1e0ab6baed981b871319048e137fba615

SHA512
2de2b8745440e7ebb367b0f334a2e72b060cd2edd94ca24fefa79f256ecb437fedaec9c161fc7aebf9d94a7d60eefd9b23edf618eb745befff97d1da44d19b1a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
4588dcdbca99c0a48c6047ce18950c28

SHA1
f2e052b308117b116c916ea38182ecd1311cc675

SHA256
b2bb952f382b1545d16489801589e00221e08e79e0df617a0d2c9c2d01582c37

SHA512
1c95bf8971e28a99fa5938aaf161cd3783db9f187ee960e4798ca43484671aebcf9f3fce1eb688abf6d300776dd550464daeb885e34182c49e99859a576a20c1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
a5d8978a3440c60bf794433571df72cc

SHA1
678c6e827f38c4c96157b5a377e2234ac237cecf

SHA256
0ae751b69da8811083f4cc0c2d4dd7c66446d41cdc4b227a31f854473934c85e

SHA512
e2257d6fb81678e7e3c7908233726b22e555f20c931612e167b287f21e2eed4aa48223e0ead3386e15c7bf1df8c5e498fb835d3a5d1c11e353e0e26bde2ddd03

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
2f12c2bf783d73c50b5182c2e271ec89

SHA1
f9e2631c5e36a7e8760f1327341a2e33fac8fc8d

SHA256
1f5b28b0c7e18fabaf576b4372043942218e76b998538dec129229c83dfc23f6

SHA512
4aa1f9f631180e4ec5db933e1bb0e3e4021807ab28bbafd3f8692993f181326ecd27c87b558536f05a2b7655dc8d46d166edaa0093a0eec8acc3330d6d06c1c9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
29abccff2a07d673312679f30f66dd3c

SHA1
6a04a8d3bf1020123ad5549c410186eee27c24d0

SHA256
e89ab33c7a1dd5af383db72b0b6c408e3a4a88c9f4bdee007f2b1ea61b51b07f

SHA512
52d1add707475182733b621b17ef3cf2d68c05eaec281b12d0890f87c96e2eae3a821e40fd360b6cda4b1cbd33f9f2d0f9501358a60f85629325e9b56a99cba0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
35377b791b66ea25f283d652dba8ad64

SHA1
8decb0055430a8fa5905341589358611b4456ed7

SHA256
d268e95911199c3b01cd22ea0b768516b2c43a7b7922b5d99a726f5a07be8836

SHA512
779da43c07cdcc7ab870a9691807d7232412ac23ca05700b303cd8e829e93d3e7db06895e29a500a720fbdf32878ba5358054d6ebcb8327ee28f1c214c67ba76

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
c4c5c5356bcd76ddb5b83303ad517001

SHA1
6db2244630b1c809c696e391ca988244238c8c9a

SHA256
7785cc2af3faa83c6569d72730bed8468f5edfddd6532338eb0a41d4cde87c1e

SHA512
a3d439aaf4fd1e7db4c807ffd911a8f50d95cfccbbf608a267e2381f65ea616e1ef2751d7fbf00ac6dbf075aac52b5184084fe06dbfd5c1c8ca5daa128ea01a7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
f4fcf63c04fdcf9a5cb0f67a3d7abb97

SHA1
169b687191670bebedd50d33766c422475690a2a

SHA256
28e802f6949534ff6aec2fb8468fc09efbaa5f7543f0c3207d01cb128bc5aede

SHA512
f2a70d078c4fea643c9a667d6a723fcee4addd7bc45bc79fca8ddc04fa11ca33b7f9d5e529a1cb7a0c2b19825e00877c4818deeaf0096ff75721a06be02e33eb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
977e54b518d4d495a9947f3c5359d81b

SHA1
89322827d5120829ffa3c2e1ca18279ab67f7c8a

SHA256
72d0daa874627daadf708c4a0176f205e1193ddfce63a629e20ec1936e7f00a4

SHA512
72cc534e234eb46381640f1dbfd0ad46d1eb4cf41acb9b2f6e4c88b3dea6f7ec31218dc4e71e865de12bb15f7bad50199f26a83f71c3e8699a72d1367fb584ab

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
849dd57bb944744c8b9b1342923f8681

SHA1
2e802f3c055264211f12ab0d5910358bfbcd35b6

SHA256
3eda396b27ecd4a73c9db50ce038917c4129c104b982b98084bf9ff862445c35

SHA512
5b4db54637e672e24aba863af9a018edef327f75ad929f18bd32ec668ef63f8d5599369d47d143f3cb2aa0a23230dcaa1da96eb3a6108e2f042c33e61bc18595

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
fac59177d015d1507df708dc4ffdfd32

SHA1
3b0e53c3d0fe46184718a2c923c6e92f06db28e2

SHA256
887ddc75cb2e399356f267de4ae317619cdd82511ff9e23b14616b7ed1d06188

SHA512
095c1dfa7d2c1585d39c8cbd620bf4065db92807500cc82a510f14fa9633cf2d2cfe067a1f211b18fe44b5bb1f81a2525f4826d0d389e09b20e9d68af0820914

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
78d6f2dbe5f26f593bf05b12cddb2f3f

SHA1
6b5f64b1e98221df0a5878e6b8b894c926468b5f

SHA256
736e313fbf7a74946dceb480e258c7746cc0c66e16a9e9cdd7116035e8e90a43

SHA512
9913427bc57347b6fafa9e05b781f0c35ebe1b3bff4ece7bc2ac96477f918f78088138cadc1683d738975c406981207ee9a5e657ceea4c1f291f9c05a01e84da

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
5b334be42f4fa61ce2080e75ac42734b

SHA1
a5801246461032d53be04cd84511eae175c5715a

SHA256
4ae073fa4f6e78abe803bd45da723b90b4a144d3d8d0786b60cf2c9dd4d74808

SHA512
e734a89e73876413efa912482302d59fef573d185aae7e0245943fb1345ec90390e88f4b403fd943ad4967752d889b9a4b771393b962e74e95156fa7823e6bb3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
0e70f0751901901960ee9f0e1720e554

SHA1
3356eb19feffba7aaea967b0a47c659f3dfc2568

SHA256
0c869c3dc37afc46d78661045580e2064d3aaa8a9b52858e70358fc3df01805b

SHA512
632d0390b8f35cef4c7c655ef2f508d5e7b8cbd7901e0917231af12bc74e0484416211aa6f23c5ed08cc9f8b44c6d67eabb24a289d5de403b8b38aeb83fc1771

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
b3674668d2eb6a9fd7f83a8a0bc4af46

SHA1
8f9efe18a8eb1efb1a301ec12b8f783ccb35fe9a

SHA256
5b7215868ba61e0fd312e14556ecbb7001e48a1884a14c2a12ec8c24a8469eee

SHA512
93614299fdf685ec98e5c7c39f0f52307bf533db60b808e5c64054a92de41f7e0639b4ea09b4478a88183bb2e98287abebc1958dd0dced934e2d6ffbdb54ecb8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
cf0c8784a0030e65075c03692f62686f

SHA1
19adcb9c13e456e79a11e9a63d20ca048f5f0431

SHA256
dc8f6a203725031fe6c6abad4a33edc4d80b72e2680006dc4d4d2f1f32e6c14a

SHA512
972cf6b4ecd56b54f2ff86ac17c8ffc9c1e3ca22b2cff4fff63258a271cf8c30e9c3af4736c331fab2ecfaec714085466ed4eb3813076732e04dcfef0d04e74b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
0147975fa957dc545d5ad760aecb8694

SHA1
c08470f50ec30b9d2dfa40dd1bc02a9788ff9448

SHA256
7c9b236cc5371c04e29e80138aefedf6405669e7ed5f802ddc983129d745b01e

SHA512
9fdd07963ca9aac2489d275eeae0a9fd457b98f2c77bf8362170606d5331aa60234e9868b035fde863e57e6e0ef01025affd765cb4dd24c769e76ac9316dc74b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
1e0fae94bb05457ae9eb20cc81c6f205

SHA1
5dd163ce00b380af943b350761d572af187017c0

SHA256
7b8a36f7bd77c6b9c0e64cad2bd10884e36ce890832ee4c63b63db6e25134c0c

SHA512
c1fdaa641ff59233a6979278e2110266f8d367ef46e76c9f6032c921b8ce921ee667226a27139d323d9dfa1f922be6c7875a4cc02828ffa937b7cc47daf26251

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
378cca82461f4435b41272ffa55c9a11

SHA1
ebce7c4cdc486438b80d685fb117a882170d2f0e

SHA256
d5968ab872e851cc1c593ee0dab1d5d40dd1e5acf75b62c7bc8cf7ccdbff1d7f

SHA512
2bbf5f27231c1e209290c728dd475783e357304c0498555dd225ab86159bb03824f54d1f31174e2f2bfdab0cc9efccbff0b86f6aebeb30061929fa3cb03d7d30

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
664c109771a40b94b4426ecc58418502

SHA1
ed7294b47e8bc8753ab199adf071454871ed834b

SHA256
e014c930ebc6f1492119479b03d9e51b044c04e4dd4471331be896508864ce0c

SHA512
a5c2a4797c00f8e681ba8b31516de8c8496f70499b32ff981dd9213fd211fd816fedeea04bd4fede188a0596dd75e3ae6a283ce8f3a53eab0f19d77053b292d6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
2644461293e25eb617f2d5511c2125e2

SHA1
491718e3806cdf1e5354ee1d9772fc5e2d1ba279

SHA256
5b5ea23381050cdd113f30589e5edad5acbc2f75d732b6ac349ef3fc72be606a

SHA512
e2d0b94315850183a94f544bd6191617069755e4215b1b6c2567676f28c0b8b4a2c6d144fe86f90ffa6fb53d1683826781ce1921de8649ff88c934f0d70c593b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
dcd7ed3bff933b328a12617e8139f313

SHA1
cdfbe805b4efa965ccf710bda68069764853bce1

SHA256
fa226621b30c88101c547793d7ad3f833e4bb94207c1a39a2153dde17ecc2481

SHA512
a8faa42571ee9520255b0e74ef92bb8526fc4e51984b4c4377977f28c4bfe34aa45bda1d6fadbdb38ea27d5ba79a210deeb77b2575edb041cb6779883230f28c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
9dcd39ae8f5b964dad19be3190597e16

SHA1
1e3494b373fbf7eafafcbc449012600f858f8534

SHA256
e94b160c02f5f88e095d0c7ee9de1b48d8ac577f4e6f45cfefa75afc6ab50f85

SHA512
0e47a8289b3ab09d2badfaf34b0000cc363c264050c715ee8c3c3309cce51d0f18556ecf5787b5906be3a291986a2d85b6c99a0ad4a322024fcd6848dac8e788

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
70fdb616326cae5b4b4216bd1d79af3f

SHA1
99cebb7af8ac5205ef5ac22757d0f897bd2a4b38

SHA256
b53a788888186e7dd3c6c77330dc7712f038bbec4bc97ad6a0e2fedffce466ef

SHA512
101dbb2bea97e2128d962b2ee709da31bd4280e2a5e82e14db671b0d9e1ab1b69243fafc20fa7ace6be4827c1338bba60be7d816f3821cf49bbb21846dd2ee05

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
05f1864f1369d6e3ecc8d6e9c4e2b9bf

SHA1
a22969491a274abe74cd8b1ec3699a533c55c1e8

SHA256
f1fb08c93fc0e61a60e10a06f51fe758538bc991091f2d423a1531f9bca2caba

SHA512
afce9f4b222020a35bda2e6c3dff008c476af9bf06f6b40236cedb16dc01174f6f5aa775dc34e895239ea814e1dc7cafbf3292fc41e8fd2a726a5e4faec3a704

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
73545174c7204b02f18110d392f52a4c

SHA1
97b69bd8766fff17a8d6db7d1a21f3f35d3ad6a4

SHA256
feea1b50dc01af37e75829724d3facc17263a654d6d1dc6b07fce77abed3f65f

SHA512
20bd561651db6a3973174fe4340b4d4f85e63dc257f6cc08e4f745c4b8f8db98a7a1d1669348052204bafee8d2e922a81f911a50da9134c96207aeb235ec66ce

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
ee41ee6a6d6395f86b22468655cde572

SHA1
5252677024048fa9c2317206a7ebda3127ba5d28

SHA256
c8fa01cb89228600fdc13f0666f7901845801cb8789b6e8d2fc08c120ccaa1c1

SHA512
761686f2260b29baceb6cade0cb12cc576bf86158de49ee6140f020bbcfee195c70f811d7420bd4a4188ce5ea447ccfb55b6983897d21445d34bd42799b4b9e3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
0c0d9f989ff4ceb2e1a2843afd71f462

SHA1
4e69e34bce8eeeb792f06d652c4ee8e6574a49a4

SHA256
53a7810614e78c4f28f13bab310609e32ff16e2bd99e1106bc8e5c66c79e057a

SHA512
fab9226572c5db157402a039acb7732ad9d1027db6755ab846b53af27856ba167407862db4c85acf928e8d0c57258b6583809fd026dc058f9c5fe8fe7dba3cc6

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
3b7964ef2b45f8395414c2fa59222f9a

SHA1
cc6e0643941151489c628736745111d94aedc3b5

SHA256
766ab2cb7548a38ec9bf88a2f6205de4b328c26457d0ae4087de75b812ab0bd7

SHA512
cb68c8687286cb9056a18ba1cd0df85a72d40b12a4f26c945f24503641a8d18d26906403a758e903498c94c61b86bd0a22220de46722297ef8db3216513caf13

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
6a7c410bcee41f2d1a137885ec064539

SHA1
f537bfb1539fe9ee7afb476e2e5ad63ae4bdc65d

SHA256
787c8586e9d0fe194aec3ffb55fbff007398f3f1e2d3b384a2b16374b26287b4

SHA512
e06ef355f9bf91e7b195e4fc10ba7519c987bafd67f2e3e38be79f0ed62ae2f2a14611b7f1f8ffafa2cffe3637441da40542485f595e83f3dfc5506d509c53d1

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
2ec723d26d99105c433554efb2908702

SHA1
dd9eeed14fff5573a74e812d1de6f746bea8abef

SHA256
6b8eade6e81f9b5289ce1be96a083034b6d5168e6f8140d5124476a6ab7ca19a

SHA512
117cf20a6fd21c05051b251db2bdb38e5c69edfd3a021949d84d666e5415b1d4d4e01e1cd474703a39ce7a5d748aff29e57518a6fac804bea4f7b36b67e2e2e5

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
6c34ab96474f4cde66b6aa22c033828c

SHA1
96051fbf886a8098902853cef542368094e2aefd

SHA256
42124048dff3ba52946c0bc7e4c1b80863ba20668156f41029bbada147d1df77

SHA512
a8c43163aa2b82e2c6a0b362c6c2d67de1797306fdd94a192320d27a2ee451f00a3fa7f76aac3ab0f53139348da9c7ec105332fe303b31845160d8cf965f562c

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
ff7da02d4d439cd52d8acb4e244e05e9

SHA1
7da466639da938997999962716345a34f2a4a65e

SHA256
f6d939f2d494b34921a1c9a26df382e10c00e90fc345090516c990feb69fd223

SHA512
3e072e552d8e5b52a438f5e28b273f0a11b68bdb87dd1f60c6c2ab09becbdbcc930d8764b205e187de57ee8f50db07a0b8979cef1ea0e91336ba7b3dca115b1b

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
7f1bc67da8c46e4828bb526813b8fd8e

SHA1
a2cbc3e0b8f85656b6c02268ce32d72d313b81e7

SHA256
4fba37865141c70485a0cb9994975e52ec7d81433c56db9ec57483c9a568ac3b

SHA512
2b8d68789642e9ce5f17f10faa19db1ed2d5759be59c5a13986da5588537ac129c46ed7d60d1869ac98155dce85022a49b2a6df2b1b9db57720954d4f9f30ba8

Download Submit
C:\Users\Admin\Documents\CloseDismount.xlsx

Filesize
12KB

MD5
3e78a47b2f59b99cdebffb6afab69e0d

SHA1
9aa3973728de98ebf21a79832a4d892c7df819fe

SHA256
0336e4c945034a2def5e3e0b39d265ebb3dcbc8cac0a5cdce1f0beac8ff6899d

SHA512
50a434c748bdf9be48996498d736ee3bf031705efd601b0a521024de098dcff01a564e3ff4fa85bb9c3f21dd59ba2061ba5b93168521b7120d8e0062bf53239e

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
13763d800418918e9231c849c2a13121

SHA1
d008a838c03a28dacc430f828afb8e79182e6fa4

SHA256
d4e9aa5f2c8841061bc5625988c53fc18d62a793d9459a115a789f4e10f8ccb9

SHA512
8e9bef2f8a760ac473b93a900ba732abcf64699ce8f49755079bd87a73de17e992fc144cd34f642b82cc6c1ed319f33a092edf4664639a509153f809146f69f1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
436ef0027fe99d218503f02909972f04

SHA1
0d8f993c07847561f0e199484012ae26cb20d795

SHA256
8db9ccd2678f0c1f8ae6c0e8ead2c9c8c197b6802838c78569bf997838ab6564

SHA512
bfc506d251ce35954e9d22d9cb51da3295acc02a08e41d672991b9b8539030c6efb103d1966ccae9f449e6f3c1b02c6000d2e509e0d8d807a664d8ad79bb89c4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
ab28d703d53092ca99ccbf0bf040329d

SHA1
1d4c48a1f8643111d1ca5d114fa0c1b1cb11faf5

SHA256
44748a2f5834239183de81a8b85ee0288e2a87bb09de499b4b7ba1e0532b85df

SHA512
646179f598ff74ef764e935e542369eb312a589b48e25fb9bb7695af31918648d436b1e45983b823ab8c50cb6e6df6ecd72aa5db11e79507dbf5c5ecf04d5251

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
03e6395fbbb5e2d92b2c8ab7335686ff

SHA1
81c17b1147f738c0baf3f646e8e8aa2df6709370

SHA256
9bf4e7e4c79e2da24e4d9e77b7a6b694771d97ef8466bad8be5536f21071fdf3

SHA512
ce842b3584518b5ac315a9f77773aa38615403f8fd9667a9b9dd0630d0c92196aab7b17dff29e500eddd807bcce00f2b9e1922afd1cb854c93b21afcce1ea0ca

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
4f7666e36f44ff8612ff1f64e4c44bad

SHA1
89ea0ee6f1d3aba101b69d13c3d406b572e14219

SHA256
7a1d94263ff7ee53e71c84b553c54af5f1163441b5669faa1b53167a587897c7

SHA512
430b249d96c2b24a42f202bbc6ca3a908921ce8ea35921cd88e6fc7c669a1050f664de19521c77bf03ab30cc1002c4a4fed4fa4700a7ff38b3f1893dca449415

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
1ff9d44251498afc4d2b5c5c883e92b9

SHA1
29f32f720ede9e1fb3ff091b363518089d27eae5

SHA256
32a3bd278724a59b4d57dd4f428249d096222f68270e1abd71c0b70192e3d510

SHA512
f9405398e5f896d0781fe1f0575b81aabad5714a43ae8f875d274cd125b4b2390f6a649352981310067669039ee57624a73f54751acef9ad528fd9a3b312e5f9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
106d914cf67e0d0b6f788553912321c1

SHA1
e4bbeb80a3e6052bf2a8f22d8e42cb579da0ecad

SHA256
c81a8379739e96991ced785720a3076a21b241c41f47c387ab5dbe54861e9826

SHA512
a2acc08f72e126a6f7f6d91ebb96f3ef303a20b2db06f04a421e493a1d9e2c3bd51eec6d875639d4fe6e1ca1593a97093a49cf8b2f4671fee58c6636d2393740

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
a4b04e3e34ece3a6e6b72fb829b1ced3

SHA1
571d8434c712f67134f16e9fb5ef4762715aded8

SHA256
9d7efb96e2f5fb41510d928e196dfc5bd0c0a616bb4cddb7f7584fd5547d6195

SHA512
002349cc02a8c6aaec513065bdbe239073182c6cfef44c7f37e9d47d9876bcaa14f679b2d26db99ffc4dd9f9245505fcb6ac2230d154fb4b550c635229f5b840

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
d29837d958c02cc11a75fb9464172feb

SHA1
ed8da428c63e1d8d5e2818afe98065e6c8d0d8b1

SHA256
6ee063b87ab765cc79cf4fca758d5fc84340d626e4013bb443cc0aeebaed95d8

SHA512
fa4593a6bc3e90d3cc4ed409808e0c05018811c7e65113ea5aff5c124c6ebb7bb3abd61749751db809ee49ee09bdba723ccea1249c0a6da7585299c38760f8fe

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
8a186cff614fca4a8ce915a171d1e0d7

SHA1
f49f68124cd16addcf2f593b53b981e3315ad571

SHA256
6eedbc9f12d2104162c92c42cf4d84c8084c3fb75005e3b0eb1263c43629a3aa

SHA512
a2e067ba344949a4258094a3ba3247244b19797f69091e32e28e613a1ff6ae2ff4d075874c5b3ad9bcc79c2c83385fdd2a972f9dd28097958a97a6a170abe9f1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
f6e361f8deab0cecb73502bfd7af99d8

SHA1
1ac4ace109aeaeb3d0027c4baccf843726674597

SHA256
764ab15401fdc2eaee751819a833cba3bfea3afd0a6de10979cab4d584568b7a

SHA512
7b9befabd9304a8564773b76c7ad6dbaa83f06a1b1c891cfe9271e146aed81801e7e36a64c6d8670e268dd96537563de478d0c1df6852f3dcfd165390b19400b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
5ca227d06627bf30c4606f2d41eb9aa7

SHA1
a5905949d610dfb471a4fe37901ed3671c750371

SHA256
e6072891ac803d1a82c0145ef59ec81ad2770b4ef97b801393aa67788a91f60f

SHA512
725b7b8b8695555ed3cb8de6a9604c762b0e2b87e27c0da6e5a16fee6b5d52c4e63064218283da940d925a2391d03b83795da056e298fcfa456cac3128094f66

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
0bfe69a3a78f22ca25865986ecdd40c4

SHA1
a8cef0de9a9ddf624e9ec742accc9c53aeda8a27

SHA256
d063c5fc297d399bfac20b3fc3a97e295888e898c7d5c3abd72c376612e0e026

SHA512
d16d513a094254897cfc69bb1d89b0bdfac920f32db74cb6387dc9e3905298f435bdef24c023e5cfc1ae8714b04810298dc2bde95459d602d43dcb687a85ba0a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
563161ba1016ffda2fed87f37cc928de

SHA1
35ff52ef2fdf51c6e2e94900b4f12ae7a04522e9

SHA256
128a284919967ad44682a5fa917d168c190fe9cb0586442517f17849a470fadb

SHA512
4d9d64961b1259acb7db65af2923375621effa8a01d8539fc84ecd87470432a81b74fbf4254abac14d0aceb3f72da668e99874bac1da2225b18c55c6b0af093e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
5b7788f3953c6849af5a651818d63134

SHA1
d95e61f0e7bd94062b66f0704a5a6fd4fe686b28

SHA256
81517e5ef430dcba8973eb57b4d6d594cf7be83efedbb10977625fb8a5bc4740

SHA512
f090355b4f7cf897b07a40b94f6ba4af2eb50cb76c817ec532f77ed3a2d00fee0aed631c1de0cb886dda79ed7c9e61f40e7ef62791dc508eb99cc05e538df66c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe

Filesize
32KB

MD5
313636b275dc8abe6a16d000f692c559

SHA1
ac48c553772868e24ea194da0f950016eba18c6f

SHA256
6991f157119efa03789265f37d83a08b78a07b9972f8af7f70cc94fd3619f62a

SHA512
091c4dc4535fa030a1f00a8531238f55c7ede35ed407337ab87da71b51b79325e8f2b6a368cc740520ad28b3a401b2883eeaad1b767859c7569c6cd9401c0373

Download Submit