15783432882849722953fc7630cdcfc4259d1caf76ec59f2c1489e7c20b3c0f5

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-10-2024 12:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
Size

12KB
MD5

576e1420a3799486b3a3d9303a81fc27
SHA1

7f55e29abea48dfef713a9d82dfe17d01dd4493f
SHA256

15783432882849722953fc7630cdcfc4259d1caf76ec59f2c1489e7c20b3c0f5
SHA512

6c7874e843e276c9f61812c1c7c41f3f15355ca84bffb1f3d542bd7bf2572bcdaf38d48347c163103aae6308bf7753432603b5aa427405236ec0b1d350edd8b0
SSDEEP

192:m/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMlSjt+:mebFNw4Pk1itKkpAjjI2YpdmlJ

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2865) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\55KxBjoUfA16ngr.exe"	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote.help.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_output.help.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pipelines.help.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_FAQ.help.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\it-IT\about_BITS_Cmdlets.help.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmx5560.inf_amd64_neutral_e853cea0022c059a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_transactions.help.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cs-CZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tr-TR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_try_catch_finally.help.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_If.help.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_For.help.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_troubleshooting.help.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc002.inf_amd64_neutral_fdb6f2e252435905\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_PSSnapins.help.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmot64.inf_amd64_neutral_1abbad2f29c8fa08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnis1u.inf_amd64_neutral_15011483bd8465c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr005.inf_amd64_neutral_9e4cc05e0d4bcb33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64\HPO3300T.XML	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_logical_operators.help.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsupr3.inf_amd64_neutral_8416bd6e64a8e858\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcomp.inf_amd64_neutral_e5ca2f01ca47bddb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc003.inf_amd64_neutral_47e09b7cc0d9e993\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_environment_variables.help.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Automatic_Variables.help.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnhp005.inf_amd64_neutral_914d6c300207814f\Amd64\hp6500nt.xml	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\040c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_format.ps1xml.help.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\amdsbs.inf_amd64_neutral_5cae6933bef20aa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netxfx64.inf_amd64_neutral_3336ecb2950fdc45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00d.inf_amd64_neutral_0600b2ba575729f4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_For.help.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_script_blocks.help.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep00l.inf_amd64_neutral_f1fa021d2221e2c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnhp004.inf_amd64_neutral_53f688945cfc24cc\Amd64\hpc5300t.xml	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ClickDownExpanded.gif	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\dot4prt.inf_amd64_neutral_e7d3f62d0d4411db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnrc00c.inf_amd64_neutral_53a58f4fd7d88575\Amd64\RICFG7.XML	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmeiger.inf_amd64_neutral_492d4e047d14bde9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Programs.gif	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Signing.help.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\Microsoft.PowerShell.Commands.Utility.dll-Help.xml	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky008.inf_amd64_neutral_9f6abc54cbf095f2\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-ADFS-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Automatic_Variables.help.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_escape_characters.help.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgsm.inf_amd64_neutral_dd3fbd8c64c7c87d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0014\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

Processes:

576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe

description	ioc	process
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR14F.GIF	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\VIEWBY.GIF	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\TAB_OFF.GIF	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Stationery\1033\JUDGESCH.HTM	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGMN011.XML	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Stationery\1033\DADSHIRT.HTM	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\picturePuzzle.html	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14985_.GIF	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_settings.png	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_s.png	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_hov.png	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0216153.JPG	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_m.png	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down_BIDI.png	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\More Games\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.bmp	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01241_.GIF	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR36F.GIF	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\DataListIconImagesMask.bmp	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsOutgoingImageMaskSmall.bmp	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files\EnableRevoke.zip	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\glow.png	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multitabs.xml	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01265U.BMP	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)redStateIcon.png	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0337280.JPG	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\month.png	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\glow.png	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21434_.GIF	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsHomePage.html	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..ehprivjob.resources_31bf3856ad364e35_6.1.7601.17514_es-es_f4d54d5d43c600d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..ender-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_89b109bd2d1b0952\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-00030408_31bf3856ad364e35_6.1.7600.16385_none_3a013ea187fdf988\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-a..ce-useractionrecord_31bf3856ad364e35_6.1.7600.16385_none_32c4b0bc55387f75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-com-dtc-oraclesupport_31bf3856ad364e35_6.1.7600.16385_none_ed468092c9bf2870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Windows.Presentation.resources\3.5.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\45ec12795950a7d54691591c615a9e3c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mdmaiwa4.inf_31bf3856ad364e35_6.1.7600.16385_none_0a4c2d2390747c7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-netplwiz.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2f34fe131c8e7fa5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef\ipschs.xml	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.1.7600.16385_none_8c4294ee286200ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Speech\fc1f3019656958a501eb5e410c498d1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_de-de_157ffa61e9b18780\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..itmap-ms_sans_serif_31bf3856ad364e35_6.1.7600.16385_none_ac9f9e10add68c8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnep00c.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b0b4c99b3ecd14fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-autochk.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7834a5f910284a79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_hal.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_262a614c9173f860\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\AppInstalled.gif	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_6.1.7601.17514_none_2fd7b56967fc5c76\base_rtl.xml	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..yle-specialoccasion_31bf3856ad364e35_6.1.7600.16385_none_01242a21ddccaf3b\SpecialNavigationLeft_ButtonGraphic.png	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wininit-mof.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f2ed7f152a0658cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-e..extension.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4441094abf1c13fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-behaviors.resources_31bf3856ad364e35_11.2.9600.16428_en-us_adaf8b4f08692639\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.1.7601.17514_none_8706005e79c34246\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..ger-utils.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2402d8cf91f2e24f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..stics-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b5d88d188008b7be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_msdri.inf_31bf3856ad364e35_6.1.7600.16385_none_816bc9a0f88677bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.printing.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e83b21fdb1d14389\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_Language_Keywords.help.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-findstr.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ac95f58a2a8581c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sendmail.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7a37fd18594651b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8a5b315523d5b814\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..geadapter.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_103eb300532c9edb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-x..lugin-mui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_08d34914ef2563e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.powershel..ommands.diagnostics_31bf3856ad364e35_6.1.7601.17514_none_35339da6e2cf3848\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_ar-sa_29d12cdb138d0965\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-filetracefilter_31bf3856ad364e35_6.1.7600.16385_none_56b9458986cedf38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-t..lservices-workspace_31bf3856ad364e35_6.1.7601.17514_none_3969b02ba51f168e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\ehiUserXp\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-power-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c4ca151a686554f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..k-softkbd.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d6907a3e37816f6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wdi-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f019487827a47072\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-ratings.resources_31bf3856ad364e35_8.0.7600.16385_fr-fr_16d09cd35515559f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mdmeric.inf_31bf3856ad364e35_6.1.7600.16385_none_4c0e5acbb09d2ea1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehentt.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fec5fb9f6c0789d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..peeradmin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c8ad1a5f1853d2f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0522ecd1ea2fa29e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\Media\Savanna\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..ionengine.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9c4c47a945609340\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.workflow.runtime.resources_31bf3856ad364e35_6.1.7601.17514_es-es_67e460c42d5c1f63\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..verytools.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0e99b3a8d388f7f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..ibinaries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e9b09ab2cde70374\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-wmi-core-wbemcomn-dll_31bf3856ad364e35_6.1.7601.17514_none_6bf5ddbe6e32b8d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.transactions.bridge.dtc_b03f5f7f11d50a3a_6.1.7601.17514_none_7bd3e97f3b0f2f9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-f..ger-utils.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1ef36752eab76554\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ipnat.resources_31bf3856ad364e35_6.1.7600.16385_de-de_974c889fb6e5e1fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_Parsing.help.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..ssmanager.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3674b74f68cf81e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_blbdrive.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_aaec62abe07cf649\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ETUFMQVMTXXLOPY\shell\open	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ETUFMQVMTXXLOPY\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\55KxBjoUfA16ngr.exe"	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.PoNk\ = "ETUFMQVMTXXLOPY"	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ETUFMQVMTXXLOPY\ = "CRYPTED!"	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ETUFMQVMTXXLOPY\DefaultIcon	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ETUFMQVMTXXLOPY\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\55KxBjoUfA16ngr.exe,0"	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ETUFMQVMTXXLOPY\shell	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.PoNk	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ETUFMQVMTXXLOPY	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ETUFMQVMTXXLOPY\shell\open\command	576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\576e1420a3799486b3a3d9303a81fc27_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
333B

MD5
53ab1155ee17c965303843fa35bee9d8

SHA1
ffc1185054da9a8f5dc183cc997468293c708a9c

SHA256
a60da67cac3ed9bcd51dbab3db031c4136b47201af04b5f88132cbab5b39bbad

SHA512
2e80ccacd84c0febaeddc1ddea83f551a98e273818b6b24e1eba4a505382de9fea81b0ea245f95942b8c33020b5de99db02e94456afea6cf00d7c0a561cbe7e1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
419a9276962fa386ce63080c47f312e9

SHA1
7e01b8121e4150653c98ba675f113ad18ffa68bd

SHA256
b27a15b6d2d35cb74dba0a82d4cda99d9f074299ce2a8621e50e445db95d965f

SHA512
516e1770edf8fba1551c10a26991bee3d443a3a9d8ed541a519a83699732b3b8e72dd2626745a1af27d6a83e5662d2a7efdc964992a662e6f370bfb1507b9979

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
c8ef3847af6788f3f537f2663d8ac580

SHA1
4f8df9ef842a2fde60ac655a7c8c85d6ce7d9132

SHA256
dae6695bef99ebb8082af7ba2e4c3adab674571b59f452253e705dafb0ef6f6e

SHA512
5445d4ff40307e8293805d06dcfde63f11a170dccfb7ea7cd84efd392cabb6ecbc9733761562bff4bc920bec3a93273974a72d363fb4db940678fb095cec7b15

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
bcef0819ff5f17cc84a62d94a45b67e1

SHA1
ba29008044a14edbde45671a8ecd83ba8078e3f8

SHA256
0453b88f3d2694c9c57db6ab0251aebb6c54d33831e1f9a5bc2fc66220800ad9

SHA512
9e681055d5fd181d85eb608114b3f15867d706fb9805b6d9f269b81884f7168434a244de5da958ca124c6277dbc92195731975d3b063454bef39623c1ac4813a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
585946117cf6782f58ba81a1ce583e14

SHA1
e51e994f3c79fca955c96cc53f7df7901d258d35

SHA256
24d10c4dfc859f1437dbd211bc3df3e717abcb92b55a655a1fe41d32fcbfb2c9

SHA512
d9b1c974f2804a68e35542e56c87e58459d0845663858142271e3b3f7ec1b56c0b5c9f2a29b339bafabbbdcbdaf8a76f98a0d0d65b92ccfb4cbc9569945c1d3a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
224fdc1a40d2412e80de24b34dabb676

SHA1
951bd4a7119c3f047c9aeb4094e8c2a4cd4ca53b

SHA256
1b2e0024a6084b9ee11bb9d2fb334c07f88a3d58bf359dbf72f1b4f3f5ab237e

SHA512
5ec0103c0946e021fd8b1cb778927d6a11ad45cd5b5317ab30f5c90d1da14fc526dc87e0d57915630b68e4dc4040493e8a06bf4417adfbe828423817e90d8d87

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
bc069ff4b2f017459b957ae048453c17

SHA1
aba3d79fdf6103e37793030c5e9cc628942def0a

SHA256
f7b5a2397d1de16aa3abee251b81d0a57590a6ee1f298db24fb5d484b35a060e

SHA512
680e45ea8d5a8ce3da544db14f13130a9a150ccdccb62dd6ac15b21e23748209c49f4a7339905244d8da0c0c736f56e5867ae092906a7fa23bca78bb2e1f5b74

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
dc17671c73a478697d5a09f17ed31333

SHA1
4e6f32f2408306cffdd188e9f677a5ea2a5be960

SHA256
88dad7e28ba50004f5078e39e1011080b00df881d63047a0c166683ea6a17e27

SHA512
41dae78eadb37650cfd6328a5e86254b94a06293b1488214b1ab035fb385c31a6db259119f41c32cdaef48600d31bd1f53b543fb60f2f9f77b6e741c9a593145

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
e4167fda0dc3a0dcf51da00759b339dd

SHA1
ee81a2cbdc9a07c0d6502a0c0eea2d32d87ca56f

SHA256
1469ed70824f315383edfa5f8bb7dc48a8feabeee3cbe6fde4cdf72c052a2eab

SHA512
f418d8e3d688dc1ea5ea5c906c1f17fe1279588ef2da296516f2b32abb2bca75efa0b7b8bca6f39ee56d0996139dc6bafad79d241a361d89707fd96970341513

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
d4e566258fa256ad23ce955d82dc2ccc

SHA1
4ce2455e3b0c300943e593bda66dc8f2a3cd6c9c

SHA256
7d707850c7216d990aa74a3b48861b9c031e91f071ff14723d3a30c3a675c9cf

SHA512
29ca65eb9c9eff377b886e2fb7cd20b4b7e1cec7247a950838798c79373908b1d54c74d2bfbe27b6f5e1eb48cf8e71756712125e3993b17e8c20aa8e6daf8ec1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
20db5ca88d80e9d0135422a4287824ff

SHA1
5e8effa76789143ad9317fca4887913383820ecf

SHA256
d3bbf94296dbf179c77064ee4d3f41ee1dba435e2aed0c165603d1dc4b26410a

SHA512
741b76aea1f8a3f7e79b5e58aa6349d489ceda4c91caabf6e2fe0d89082edb25f52f3e61d0a22b95d597abab62ba29e765fecebefd823d915d451d429d9f5e7d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
1ce939f4a6d34f5f3bc307200a1d4736

SHA1
7e6cf951cb4b6dbbb31cb91245e5ec81d8756eae

SHA256
edd5ace7e07f3e3759ece8ea5a3097e892a21592823ca2db2efd230c7d98913f

SHA512
d37c2abb85f58d7efc4140bdfe751c13a053470eca09e2847f517aa5f5056ff3ddd2542e30de72d4cfe1c43be55d7fd15740f93e14d24e5f4a090cc6d26c177a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
32a3503cd9d345f5c069cc3d006302b6

SHA1
783d27cd0009f51fdcf81eee9b12b0f4d3be89af

SHA256
5e7481e5d1cdb60f65ef62aa7290c5a8383a62b9d2edbaf1e9e063b3bfe131b3

SHA512
7c21c9418d9ba554b676b4540ea97fb45ecfdc2ac2a5af7be5e90588d075c285f6c3a6bdb677f74e332609f264092a1791f7738e6e2e58601e425d0c96973839

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
17b2a8d7947616b4c84e03a618948227

SHA1
2933334be0635fa7095d1a0619ae6c56cfabb73e

SHA256
aa9706fbf1478d85f081a84bbc73aa84ea30f83babc069046fee5d66a8100d9c

SHA512
3c806633401364743136f53b531bf23ea41b4e7c49f2ad9f85015daa475e7a545ed44e93366ec0b62a661374901ab438aaeda86536a0483439732586dd81a0b3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
83a35579349b1231f1c4819f6c76c1cc

SHA1
39f7936e817c0542444b3341faa50f8489ec64d9

SHA256
dc038073ee7adfa65c7cc57c33ee5800571da812d1cd7ceb7e2343eeac583906

SHA512
2d109a2a9d1c0acd9be618a09f37ae5c7374bbfb4e1cf4002138d98bac1a0d135b71067723700ca39e1d968b9e3fa64a8f17d89afbf166e6c37f4d9e716d9780

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif.PoNk

Filesize
15KB

MD5
33e01c5821b56019d9a1136b714c7b3a

SHA1
05cd28b0042f99f40b0154a6174311e932440af2

SHA256
b4acd306126b55aae8dbd48cc0234cfd5f2056b3c458011655e1a3c89eea18e1

SHA512
cb2a793e559b0bcff669d6f48552f48b0b07adce4efa7635f2c5f49e8ffc011ca4e6d30c5444c77058aec7b608a57b640d1a0cad8548c0283b591320adb3ae87

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
15b353ed8f83ef8a12610d2c1c96d72d

SHA1
a5c9b92b2f6f4e10333468277a5c7bbd96c23ffa

SHA256
d12d367b51ce1e645bff9fa5f3dc80884dbceb89d20aa0ce0a7a2657a0284e6d

SHA512
2e9e7ed70ba2895b225a243b43cb16d55ee4f745dc691ec0f7dbbee572c3d21393f3c9596d05c3f290889df0bf6be4018b9b4754232da254f48de8d198952bfa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
5c547f4bd1d717f373f2059749fb3cbd

SHA1
32f847dc3b50be983e41f9883a124f2c5ce31295

SHA256
ccbf4650261b365de56d91d6d925a742c7fc8787e7b6146188a2a6108b0324b4

SHA512
75f3575ef08af5da246f721820a40e4670cd5aaa1b196a3de943dccb4f6812029348e850ee5ce4e717529c9ef345d9eddfef35f655efb75bb872806bad492425

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
f614349277016b73e8c2d914631f80de

SHA1
6358f04c45f43285f190cae1d89e7a8cd6d97045

SHA256
f73b3ec7641450c9349f666f715ab63e8f1a12f16c6d7ad79cb717fc784620d8

SHA512
682d1ee9dcc73303ecaaf3e4ee53d2e048b302cc9277c5fd8cf444d658e312ebd1a55f9b1660955d8692b1bd3d03c78589f8ba0a66da45d1a422f62411e4b537

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
9a7efad2d58298a92d7b94c865aff089

SHA1
952b842adb12b8b01b6c10176ca40b95a1a2c78d

SHA256
2ab414c258a940513ca319127808c4c31d9c431d21fa8f6ea885ae981b9243ce

SHA512
5f2009cf32d08374a91516571e869fe2cfd34b820d894eba7a15e6cc637c3b84ba63e140dba1c333fcfdd7316140a9149a332da5ff53f8a5ba52258d497dc296

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
c60a16a2aa1cefb63b91eb0c1e9d6bd1

SHA1
54ba9e20596894a4b5eb85f7976db8df238cc7e6

SHA256
f0d66f215634be4c4cb0b7a89f03f6c524dafd351ea43ba16ffe26d68b813be7

SHA512
4f09f54159bd48e559e4713c7f6daefee89e8694472eea9c4f7377f9456b5c16c725d95a6dcbe8af2ea4fdc96df241f1800190d6923c1f7ff518015a1fb86550

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
7eb666ca7c9dd59fbdb5bdfd9131a6b2

SHA1
622d111c302eaca90c254410cdfa48fc7b03c902

SHA256
8754135a6d5a4c8605983616f267ea3a9f30fe2d656216621d274b6d013042e0

SHA512
36c8f7be3b4b22e762b48ab80909295610c5246db80f90371092aa510ea165c64d167fdc84de45270c28b61933797ce5afd5b80b9396fe749035cb7d1024e0bf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
bff6f5b4f5069eb4323df5c3dfd20549

SHA1
2f2683c1d7db7b3b34eee35b7434a0980eef8d12

SHA256
3600b5731576b8ec96c1264c9344da1d666ead9c00e4691e48c29155265c4a84

SHA512
efe118bc783c764637211e76ea5ad9ac8d7aeea8b6d524ded10fac589dd6a679a28cf6a90c6946b63acb9d6785cdfcba9336f65fd40e7d2580f69fbf0371abf5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
4198a646e0f096052c9ce7912a5108aa

SHA1
0faa09c28298936fcf7c8590019fd07ab025e26b

SHA256
b78ecb370316c8cb7ebe5e4e39914b165997571560ea8ee3c0b28f3387847283

SHA512
528e66d2e53b655a473ec5fde32dd802d17a74d5d026319736caa6211a61ab3c58b8bb7e6a2349794adf103d983502ebf2b7e999dd3612b8550067a1064458db

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
b70ace710a86f521f8b74348deeb8b9e

SHA1
0438f8bce21f413821be6c9399bc68c22a4beea8

SHA256
5bdb3730e281b4ab9b0d2d739cf2e31cc5533da004d106dbaf17ca318be3c493

SHA512
0b687869b82fc05592fea77568d991b0dc5b228576e2948ba1771e1fc72f830f5032601cedbdcb078aec0e69e6a47f95543c00d523867432acb9f7986ab8cd0a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
cd51cc8985422d57df2cd5b343cc7103

SHA1
45e3dc6745d9668f6f808ac2c3aa98bcb3fd831e

SHA256
dc758bb34869f53c2ceefe1e68f637a4795a4cc3d316c58e722e214e2a30bd69

SHA512
bb90d38c35cde757a8beb31615c7d95bdf740b0d889a26e81e52a8541fbbf5f86e4b5347e8d9835513e6ab1e9cec21d0258ad0616d713d8384c0a8c8d4aeb8cc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
d7bc023b2398a7eae54b04aed4fc2c7a

SHA1
c32f880a2b2513635cd7025c4541bc2f2ad63a5f

SHA256
0c4ff4e8167430b54eda4424d62e7880354457c6ba2bdd4656b851621e7a6b3e

SHA512
2113343af21a05ee29a0e1d8e88266700b4c8cf6061527eae8764a13c3c5be8527ddf88f63aa05ab467d164f21b9675ea8bfed520cbb737fcc642f90dd78887e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
20ed7c83b16f052b9badc64c5a4af347

SHA1
df4b8c83e4166a96adbee6c6fa070250a5808344

SHA256
3027ae1f671b4a19abb88169d5f4e182c5ab7db9367130fac2717c9e0a0a5924

SHA512
86bc091b40890eeb0f0f395a4bc72634db42ecc8422f45863c30365e1eab05a126a3fef4e7ce356cb3717e34510e5aef31644afb3baba736fa85744b5904c28b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
8c12297bbeb378e3844c8e3b46587248

SHA1
df5dc35527105d1e21f6a271e43fa169ba9cccab

SHA256
510f14192a2bf5c325a5aee0cee2afcf1bff25e6f2cfec36928d00edf7115871

SHA512
19a9f6fe6780df3ef274cfaaa3c44d2a2f27e5fd42df70dec68cdf7d7b51021ea85906796cc817e04f03edc3bc16614ae1350365ff1cfa21fc2de13b40969b8c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
db8c13de7bdcc2429fa8af44e2c6f275

SHA1
d82adb8e7e207ddd77d5b3f0f6fb549d78ed0d51

SHA256
496c7818adfdbf5e67ac12c5e603587c94ef80ccf0353345dd98e9014f3c0e88

SHA512
e63776960acbef6edad7197bbc0b3cdf699886f5645a26dfed255a22f5aa964190b341ccf245389f5479a06c98b1793a0464a09c29ae40d9f81c443a3c2f1ec8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF.PoNk

Filesize
2KB

MD5
51437f4d4cd53276442e1d4e28cb170c

SHA1
91567be77ceb46899364945716915bcc65a96859

SHA256
fb6adfa577948adda4f450635b1803cb4e68511551e1038e1decb8dbeb02b924

SHA512
bb97b95dc93db8b520834a7abedfa96a87cc128bd565ca092abb508ad264f9526ffdae51db7f4da2aec222bda38a6cbf08ed1935317fa0ff31ab1c0ea497a88f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
da4f93870a5457ec76f346db9bdf237b

SHA1
44294ee75e407e7bac6ff7765126e789577ed803

SHA256
927f98890c3ef0b9034eb3f75441ee848eab0f21c423a6178bc460e3d94d0b14

SHA512
a3178b20d9d0f1840f5c456647d32806f7a994da4e75a4c04db1b0d418c75ecface17ff71d2a9e5fc54903db080a294bdb56d4b9223e2f768710fadb19fc6705

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
7b269c016630ad6c32862e44b0bd5e80

SHA1
413f435c27fcde918ee32487f41b10cfd7789959

SHA256
c676f7cac6585ce92c529dca33a3cc1c7caaa58670bdffb1a00361ef54216431

SHA512
d810f7fc4b8fc23a9bcbbc919009f7880ac5d19d5be2b4260654910d895803e299347f86776832c38e129624581310569132cae4a738d8ea47ce56cf30744696

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
0e6d3f9e753eb3895d2bcdcad7ab322c

SHA1
7405199f491017abe95f408ed033f838c70c35f0

SHA256
b6ef1ce8373cab95bedadca1a13d43050ceb07cdee6ca3b656385c96597ce42c

SHA512
888c434f8bd9328d6b3f37b1dfd37142ad549f6006e7552346c60e186a702ff391a41b22cf48ff1f442130a6f53da8610bdba0f681e980eaa95cfb801b1648eb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
0ca7b3db57a12b7353ac02cb80884aed

SHA1
4325414b016484734cd9d5b46f8fb50a572d8a9e

SHA256
31deb5e79448968f665857b932fff5a3b3431f32f7568bb2128bb9d61112c2be

SHA512
45d65935f53d69d9998a94edc7f284aacdf74b86d819de205bbda21e74fc9320c44baeaf76744848c5d637c5e8bea5ddab502c33d0cba9e53fa69a0a34eb79bd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
ed4336b1a06aaeda3a857c2f7f9ec695

SHA1
421b7005e00432230fc67b73e43836aeab49fa21

SHA256
77e1ba6cb14971cb0ad1ff9a5ddae41087a6a1fb610b7faec27446b564ba727c

SHA512
fc87f139ef34bf7205fb0944a4396020c9179a24c863f12185e5bb25e71dca9cc229bc66815d3aae3bf2821e69863d79524a4abb864c1a52f0b89880054f5121

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
251952254d185cb293cb2eebff5febdf

SHA1
6b0523e7ea1c38e2889ff4c0322539685f77927d

SHA256
04ee11f24998e3dcdcf7f2b0dc499a5a6d37cf417e040c29072107c81b2f42fd

SHA512
63afd7ba1879b45c13e948c9763ac2af2011eb54492b90c48d77b8b9052a6e951709d6a7e4b5381cd57503069d17f8480a80ef0839def52081ebe2fcb7b6be22

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
3dbaea8d3aab6d24b8f1ce37e37dc845

SHA1
d685866f718d8571fdc78ea8a98fd40766b380f7

SHA256
1b33ae754ba81f1796496c2ceffcdea28add6d2580e7e53a9163eda619f50ca7

SHA512
1f6a3e496afce5530dbcb0d513a7244887cb082b028035c4b1d937161d326ecda9d29df6a07f01daa38e68e94fd7ff45d2324067741bbbaa3f0b0fad27d65d59

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
6686eacd2a58c5ef8939dabf5a98b2bc

SHA1
3fcb657f656d82be666ab87212d1869f622248e2

SHA256
771a67d968c696f3e3287c743362e8146df5acbc482730c090b9a157e6e92435

SHA512
0e57729ca6715cba73301a2c14e8bd7a20e06323c21eeccaf9612ec4579fa38fecb9c094fa40b2ae218d582d401ac24b14130bd03850588142c1e4a514ac4bee

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
8a6bea07e2e1fc41661c3f3fc3ce1d23

SHA1
8048d2fcc3d8e0078f2db904a0b769f395fe075b

SHA256
1515ebe98d23b1b634af9f5ec9f47c98bb2c041ad0e1fdb0500aedb84ccab786

SHA512
e248f8933175474012f0620e8fc056ef1a2450e55c2bf811478ec31a523a56ad4962c890f532d5f5280b99012d4f764bea176d6e3f6e45c5e7ddeff296387fc8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
2f9c81f0d7c3237ca4a4751608507e2e

SHA1
182d8b7905afc3bf8b6bb50462b1fafcf22c211e

SHA256
3d2e596c04e1616b8226f77388caa126d262d8c0eecd06aa91b284a8e084da6d

SHA512
d1eab384daf88a523a5951d9ddfeb1da8b58652182d60d686b46c30065a02cf5acbd482a0181e184c1da9c46dae8970981c4ec9ec9d245a4720f04b9fac32eef

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
dee540ffaaca02d15814fa98227825ec

SHA1
19418fd30354b94e4e6cd24d8197d612f500da6f

SHA256
a8c9f3cb83af9769315802b1354bc8709ac6dd72dd606e2cf0452f4d006d6a87

SHA512
2b7e88c6761d317618fb18e96408329561e521b8c84b9ff0229ffea8e6512ced2442d901efd3ac4912b9445c84ecf9243b7af78aa0ca14210383c5c5b6cce632

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
c851bbabd72efb301a482d1f00be1ef4

SHA1
58a5f702c36c7c46e45e7cbe806c8162917ca93d

SHA256
6a8905bdf5d38c491d3b05be37a73eafcefc93401ed70498cdb68da526ef2b95

SHA512
bbfb32f74c97f406b8fd8825c4fd1942a7e619a823a928b17bd500e96365882c10ddb9beb8a8b217fa9093bed70920c71adf9a07b8d92b39b0053e6914c4344d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
445956b3ae3ec8391a7bae546a3a8325

SHA1
ae1f205c90d56087821a048e251167ffdc92c5cb

SHA256
5bb34e40644fb7244c85bf4f8726b54d9c317af91bfa9194d2adbed33e0b1d33

SHA512
9f359f8f647ed8f22bbc2082a02ab0315c016e062d525349302c58405081202ed80579ccfb1d85914c83c1090479a7543bc00d9c906f69c7c32ee5cbaaaa5ca4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
ed3df327c8a394b6c9b3250f30b6abff

SHA1
e11ba6ed6bdb24769fe5c086c4c96b9f2f88e098

SHA256
d51c71b86c2ebcf4c2422d8f37f605c55df24bcb8611062bb278a094beea3257

SHA512
e624628ea06079259d79ed46b34607d0e30be91ea8ec3aed594ce638beb0517829a3486a30a1e7cf7b50ee8767d58c27a3a0c2e4991ebcc04702eb1ef20e7a6d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
077ae9a6ac07a245357de06cb2465d3a

SHA1
8459b41d1f2b8ed426fc775cfe0cc78900f85f9b

SHA256
71c9fadd761a5cb3111d6676245f6f2628ab5246aff3160c1b5d9381c8bd90cc

SHA512
8fe15f09c3dd2f82459ef9fa32c3bea2c899120d90d015e5422f893386e067388ff7571367ca554aa941a6acebfec43312aa88958fcc54949958a746b6a163cd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
a3c80e5dd302420ce5f6154394d8e133

SHA1
10da8d02d0dd103ffb011f8af1ded95636eee8e2

SHA256
47f9e39641ab5c29889fd335e6ee8204cb7b54a621b4797ab5e148390294201f

SHA512
b75a6856f1129167a480a2d75bfaf0fa50654a93f824836c23fdca6d227061c69b7947723309bf374a053118e0c9542ba919e8c0486729d3204d00e1eacb8652

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
80bf83ff25c3e301817c21126bcaafa0

SHA1
e1709780ad589c1480fe5c57564b749f57b1e1c6

SHA256
c3cf0be46e6dbb46adfc0e84fb5a550dadd1fc468dfc17d1c685eb581f7de5d9

SHA512
c541c59656c76a62b6716723613084cc41680dbf2cd836faa49177e457f5cfc0e5dd9f26d247d0db8b4ba7886db530cd1a56b29d49f2d786533d52c68f1709cd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
64e5a95a23ccf894ce40e4558bbf91d1

SHA1
5d0b6eb84f48233e5ba46ed661398c8b1c875305

SHA256
17017266cfdd41c7246b989f0cf16a8aa6bd22fdd5d32714542caa639d7fe3c0

SHA512
d3c36b21b204f6ceea7099cf10eabbe02784de131147e7fd6c6a079282be74cee9db0a7d7e0a09047e74b6374a33e12f2c0b37edd91886254df5ce5220c40f7f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
03836442fe509c4c1a55265ab9eb4d45

SHA1
6086ce3bb8528a89bc494980dbfcb1aea7298fa2

SHA256
99a9cc643ea7b1ddf53e96fb67041ea717417965b60c9f1118073bbcd2f48d1e

SHA512
12791d733a9bd96d73e9b4a6f97d90721e51ae8b757bee3bb0a9527c98dd8a53d923a25f488aff2f4b2e97641485bf25aa3843b5eb3c3e4c4171059d4e04f577

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
74ab58396a10f855ff69a7d6269eedff

SHA1
b037914f09600b7378e715bfad37a04ae0d50694

SHA256
fc51f8c2a12a1a9cd27d7fddc40737a3368d194e823f1d1956b05a911af1a30c

SHA512
ab8b083ef5cb21743df0eeff6bc5686fd09ac4064e83b8c7c9887532d580cbbb0cd91b61a4418f39e1ad800c49f0e48eba121e7d317bae21a3d4ec1d3351b70d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
4359d4ae1eafc2e8b9fca58676e0860c

SHA1
9349366bd6aa4efc3bca655f2633bf26f700e8a3

SHA256
2b5a526457729863982859190663a981e8151f5be2b1f004f0d2e0b931502799

SHA512
19479b8e2f75319c0bbfe8ab6fdbe2c78b77f75495e2adf01acdebdbff9117cecc4728dee00a79b70e303bdaee8c0ff816ebcceb1a27ef6998eadd3f40df3dcc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
da04d72674998bd3b83e8cc2679e9c62

SHA1
e2e2a7f387d10d4078b698101981d28961562d5e

SHA256
6fa434eb3f5a4cf74d5895c090dbd3617189071a06703665d417b94163220a69

SHA512
be3d81bf6962ccdc4c3711b5570db6d22be320f61c97e7d9894006b93a0d77f4066fd289e6258c7c78cd557acde2c086f46bca59ccd3b113f35a40ff896ebdf4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
271f31de89cffec920a373695ab1f40c

SHA1
cac68ea66e65d5aa7e2c3294b81a5868a3128176

SHA256
a62fd915b61f44956465e59792db43c88a96f9e8c41e6ffb266f08158988b652

SHA512
61204c96f3194f17e649dc127acaff20cf8d7b284b856d8dd2e25dc70be28cb0607e9805d0c26e89b823a1d973e86bbc239f5ddedca9d638cec2261fa4b3f71c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
e943494dba6d1033e4840adc1c98f633

SHA1
680238d93d3bcd7a759a8b1068e5c28c784b9ddf

SHA256
25e684a60a39434e2acb484e9e27d33cfbe4ff80fac8fbcb4161a95b17b97383

SHA512
192f62bebab7ca5b05d6283f699d736cba45d55a15b30f28121b714593bc5568b42ad99eac1661d22c996cae67d8de4c5ebf2ed1798161e2e9e0cb937b382224

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
ae2b00694617c985abc1cf1826f8f218

SHA1
0db5c4acf4663f7190b11fbbf05127bd071c7085

SHA256
c850d38b422ac31e156d6c760726637716adb8d9c8318ccfb4a8f6123ffdcbaf

SHA512
32a378f67db3be381e9685dad5d7118a8bc021e9fd40cdac30f5680eb44de5dd2ef048b99414468920a6309e6ac8117843fcaf3b603de234210646679f7acf3b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
e3c6ffeab40248f23a3a7567e9ad335b

SHA1
0ee4326ce4f05e596c52b450b04526c1fc10077b

SHA256
34f80775212ba9d2a360bbaec7783f36d872af3baea7f6b0e3554437937731f8

SHA512
9e4ab5ff3523f04fdc414e86ad4a3d7e8a86adfbc57f9df7856d1ccfd8eaa7bfc7556af9ab186b983e24649a9f26cb68879cb17cd813c60e03300ddbc8279faf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
e3c21c95d24f1eaecada3252ff34e164

SHA1
5072c8549562fcba8afbe831c326b22b542815a3

SHA256
c5e9d7c294cebb7f8b3ac418ecbc4d4a4dcab30bf51408584058e9906eaf0fb4

SHA512
c29e80dbcd826e3bdd89b5cbde4c0c72425a584dc9b277bd876f2fa65a3dc4f2ddc03e0cedfb6c3db4f26fcb387892c04834a1cc6f9225632577ba20af74fdb7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
a2810027f4c4b82dd2aaa3bcfb6655e6

SHA1
91310d2df4b82b2e8535dfddb6f338f73688dcda

SHA256
673ee5b301d6264c136c38f6a4dbc17bccb2c4723bcad43c337d8bbd923955e7

SHA512
a4eaa74eaacf15bf0c04f5cfa9966658a54b2364285991ae38acead8bdad77bfc7f17370057e62e623ff0408608dcc398d77bed10fc3a3aab594b47923329c16

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml

Filesize
247KB

MD5
d80833487bb8438c630a0dded7de9a1d

SHA1
56e871823e896959267711e4016581ee2681b450

SHA256
4f6b0118026f5ecb43ef4dec9bb8ee80581ade65088d12626ffe0688a9696789

SHA512
1591d567d7d91e9313dc6e186e976d562a8bfc207a861e196b28eccc63062fff87291c8783afc43ac34e9c3e5cb63ffd61be6034dc3363481578c5fa79837875

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.XML

Filesize
806B

MD5
af28ceb0dbd129a3a37a8204e483fb25

SHA1
85a9284a68c768cb6c8c993f3fa80bccb9ff44b6

SHA256
62ba9c1f647ce41d588dfb13445c173d00287783bcc67efa59259fb1b2de709b

SHA512
7095486d51ff6a0af05fd660ebdd430d7d9199680e4e707081eaddd9a30225cf266c461b7d67e24fa14c19a9a694ad28b442fee48f585ac498b8a220735bd65e

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
240765432c5b9a0e07f21e2ac72d5951

SHA1
caf898574ed49e896c3ad6f97ec20e5359cf71a2

SHA256
b323b5c40bfcb92cf959bedc1aa7f2d9efb633ed81904014bd6c5ac49c8886e4

SHA512
c42e4910fa7ed1071e8348da31725bf4b79ced9ea09616578f0efeea8fbc58bca5c48bd34228def452baf44d7be3ee3f7df622d4873c2dccd1bc81844b58ce6a

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
faa5305d10a1c3917759506bc49d2245

SHA1
9d6e084a1e8716c5080a0b6645217d8b317ad4cd

SHA256
a20955380b0cafe73d05581624ec6d5f477abd3b0484f41cd75776deccaa5215

SHA512
0e7be923786138f89380cfd4f7460a7a7bf377e32756898bb6a17ec8702e52bb8dd3f73fab51e4f8f9f1632972b4120fd3527d8a9abea5fc28e5283605feb6f0

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
038911d8676efb16f41c1589710fae3f

SHA1
524e28ca46d9d90fc14255b6e93b36c6a9628b78

SHA256
45cd1ae5d1d0b2b12255e779b9f8be535484dda7293dfe336455be1ebcfc4273

SHA512
692997a2f7504b48607abf6e569fe5d11a49f10d8f3924655be2d78744e98006f4a9fbfb1d2aca46a798c2634738a8225d43cf85901e401c85257add8c3c4c4e

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
ad5c28525d56854f6944ad66b4461707

SHA1
1062b117278528d4c3809e76b5dbbdc1b055852b

SHA256
dbd26a18dcfd10338e8ef9bbb32b58840075a6a16a42c7a26ad4dbe888f5256c

SHA512
0f4a13a3f345955384eb48569a6646aae735a75d0dae09ff7c66cfea2800c88a3591183ea907d08de16bc016054affa25cad442a01cbdac4de71c9ce917ba2b1

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
09ec4312b50d4c42fb28361b1942ef0b

SHA1
87dc75779671381c667b683823772b6cdec6d457

SHA256
5e3957f1eb2417cbc11e40589ad67b13677642abfbe6479c5e95e5df04b9d19c

SHA512
9240d1ca06d9efda9d863329d69d6ca5cbc7bff3e5a74c7537703a74dd056eecfa7bdff84a081b3014a1da41f885e0c8d4d3c980b6478286ea0bb5c779932662

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
08cb57e3d7077b93fb9e560d73cfeff7

SHA1
785af3722fea0bd3650394fb8b807249465ef932

SHA256
ce1f9fd2072f3cd6dd2f1ad79270ceb41c62ee70703d8e5a0867e13d9a71195c

SHA512
967db58647027e701dcd41c31771374ff02c97b24260eefa1bcd19dfdf18cc992a1e2de0eecedb94348b68c8b2279bdab603277035f00b8132abd438368658f4

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
6b3b41f2632f2c3c544159bfd12837ec

SHA1
3d928abf146c6732f7bec2d30b61505a72b997f3

SHA256
e718e85d0e1f02359dee1c5dd0a62a63a0613d9e74b848ecc3b4b0ec08120de2

SHA512
cabaee29a154350abb04dd8e42283452f1b13ea5d26fee0121d9488a978a4af46f58128b0ef49779f85d55467c225bb0615e3a79dfd0a87dd42fefafaa178561

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Data\GroupedProviders.xml

Filesize
317B

MD5
c317253e598b0d005f3d6d7307595a13

SHA1
a748fb5a5acf48afa6836d4662f9c02a93f685e4

SHA256
76df7a91617600c264e397ab60b52653b3aae5a64a8b9b75680763a6e1a4508b

SHA512
885d1991cab787580d2365d7e3b60f809c45d73ec7c81d44c2fc4ddaf2347c05c5dbb87f8ae8fcfc77ae464d07bbd8ad2c9a62121ce4c3a45f8a937116aafc94

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
f47c80b48d5ef45c065fdfe70d0487bd

SHA1
193dbaf7acd34d4ea8db3e7bd0978b804ca1722e

SHA256
2eab292e2027ecc9d18f1493372869a8c026851f90198d370edee0ff5f6c0623

SHA512
8c71bdcdd1b70f641481be245bc837ac4b4be05009419a37ae4edaa4b2c85fddb3f6e31e4fab9eabcec6c8bf70446b44a9f4bdad54be34eb496ff54ab44196ef

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
a18785561bee3caf370ca64dea61f96e

SHA1
c523b132829b5bbe3e96200470ceae0ec6d5df83

SHA256
6c48df508cab7383fef0ba50565cb695260b7d6a155c8c3c7c108c8b52948e97

SHA512
98452f25607bb82817b1d0f53736542c0e4e270133a468c81d5eec27e760a3b86290fb4ff5fa291006bf995b5c5d1339702ef4b4375d84873aeef49945013e01

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
11b97dfad37306d95aee989fdf243548

SHA1
f3e48c9e5be0d5b9b337f7291a8ec8d17bac5f79

SHA256
24520e44d40f02391d2981b0eeb22c8dd60694ade4673e2101c4487e6d121eb0

SHA512
711a8014c3553b73970441090002b23a3599dba82677e6b8f64df758f265ba5b44098f40a1799bc7d17c8812823edb8776355057c968210d9416b79543c03b0a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
b75ad7199cef26cd9d4035b2453906a4

SHA1
04940cbd0d42f97f474c42126bad5609a80bf249

SHA256
59666773ec412ed5afeee2445de7b7a39b4955bb74956e3fc0c0bbcda3f2adc1

SHA512
38e7886f67e513a1ec9325da6c0b112e01050350c6d80ca59a33b232f71e333412cb018c929f0ff8873fa81de2ab858e1517ff4532c5b55c821f8b066e920201

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
3011bf83c022ef7bdec057c79ea4fa28

SHA1
56ddedd60f5278029ec2b26c1e29c6e46e1a145c

SHA256
7506a4b1dd6ada353b08452e6c0d97663b92284445951ae78c8ee94b9518b882

SHA512
4c8e347e1fa8ca4ecc66b4b16a0dd8671e7a31bd98301a4f15e8c27811143ab888b1a0dcf3618ead03402ccb1792fe4953e6f4c8a55be3db038a9f788a4a4acd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
1c5042e1773fe7bd4ec514ce284ba233

SHA1
756ec3ae195d482e97f3d202b68720c36a6dc37a

SHA256
6f5fae34c294224533cbb0dabd5757762b848e69954c82c5508535f3f51c137d

SHA512
712d263404d8d2ef41238c85a292e50308cc2e8574a32df47ec0949eb22dc341c7d68106f4ff1afe9f32e752435588c302e63084429e30ec46983630d1bb5946

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
cecb5fbbdd6bd0db6fb0a6474a900187

SHA1
ac98efcf73344edcd6cc22107e1706887c5ccd97

SHA256
95ff9e0d6f8966425e258733a63ad73d04a2d45fa319778a2008dd2a0f2526c5

SHA512
8ece25d5eebf37d0f2bab7d40c923f08f38cd740ac74e1031c24ed74558d63a36e8f2dad84ec1179cea1f3597ebc23bea3d7e8c8e1d8e02660d06670f1dff39a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
6d2069946bf97817f2afe8c90814e081

SHA1
2057abe4f6c234cf91e24d95ccbf1fa9eae9d1cb

SHA256
3825e7c18dd29bd0a52c04d275f4a01cfe1228f1283881416b6479de1d4d4574

SHA512
c4e2ad21dd55437fc36d40075ca05519f40f273903b032db9cbf447baece92535bf10a2ebc555522e1ece8fe0e869619a373549aa9113f84cfb33ba737483bf2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
5bb464148f82eaefeda7a623954128fa

SHA1
8ac09f49de51584b152af75535996b36690d9891

SHA256
8fac12e4148a811e00126acb97229bf452f6ac5715ecc81e82c28bfeb3587d75

SHA512
4fecc255197b858c2ee706ff9a241f4af19ce6cfdf2da0c6dffeb2d57c2268e9c3213e9f81bf54c5e22d98a2eee8f5cc4241ffa1c5f17c2dab8ab0adcfcf32b2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
cd4f12df71ee3570f778bfc1f320181b

SHA1
50249fc7e6fb23a3c3088fa26e3d67866e0077ea

SHA256
0bd998bdb9c16b972da4b5a0b20df44927664439be0964402f59fbfbbcc7c03c

SHA512
1b2656e46ab4f6d29c0a956acc77dc6c113e76be049c33f8e9ae66a4d66d484264be692c9fe2158c6b1c9af5feab21894de533b9120d68dad5d108ea3d547a88

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
f3c988673e2e01ba4866e8a6f490546f

SHA1
ccef2a287d15ee3d28e892dbbd31c23203aeb8b6

SHA256
ed5411587aff2f07b374724bd1ea81895f00ff97c73d5dede312edcf8b8b4a38

SHA512
b902b7d4389a70b7b32b063b0625be44709178721035f851a8d3624b460b30809d77cbb15606b235ff8a401331bec41af9e6376fba659659b743864b2b4fa6b2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
d9fe536cef37e5f8cd8e58b144acbb75

SHA1
ad473607b087118ad77cfb6996b6e80d97df5502

SHA256
e45c200653856f6f33f9757293a36a4d775257c813fd3728e9d6add1c5c57f51

SHA512
c30d993288428e4702f55f14ac18f8d106f59f6de2ee1feef325665c9ccd70d0fde4c23687e67d0d77d824087b4885d7eb0444265c60feb4686692c18f8750b0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
80e556f8d887620958b700a2ac05db6c

SHA1
eab7a48736894a7df8a56d8cf107fa7978fbfc6a

SHA256
94ee1d07e9e956d309e3d3c03af58d1748e92e907caf792d30b8e977128944ee

SHA512
5c3e5b98cf77b666b30b58df26c7fc609f84030015fb5ac68fc701d7c6fece8831950d6aac1d781e6a0e20761e2cbafc990cb2512a56f8b5b23736c074854117

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
15973775275364a7cf28172aa1eae7aa

SHA1
f3e14fef3b1e9a86b9cf10fa59a2b71020941c55

SHA256
046d73f9a6dadfa6cac1ebf1b2aa7568e3dde5911463618a5a8c2cd5178bb390

SHA512
f5525a35226703d3f3b1c6c62cb10c0bb8e11985ab9541493a8485a98e2a359e783af2ea846df2409472c5d1d6c73d9e26167163e9dd2f889f269eee0b38039c

Download Submit