e566579c89af9f90d139c687c881559b7ab5eb23279944d72c7be108cb2e7290

Resubmissions

29-10-2024 05:57

241029-gnx2tswfje 10

28-10-2024 06:37

241028-hdjxwszqbp 10

Analysis

max time kernel
113s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
28-10-2024 06:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
Size

12KB
MD5

78333fb57f5787544e1086ec1afa7e2a
SHA1

ed97ce47e2d513ea809d910603885130a0020ab2
SHA256

e566579c89af9f90d139c687c881559b7ab5eb23279944d72c7be108cb2e7290
SHA512

d40797abcd95a14fca363447ad0d6eeb09259e7f39e8f8a5330e0c429d85ba7e73d22a783356684431fc6cc7b9d54c9f288d951ac6a45f49e50fbca4d6a195cc
SSDEEP

192:u/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRM/EYev4:uebFNw4Pk1itKkpAjjI2Ypdm/8v

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2500) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NQT4Y7r7VZ3jI59.exe"	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsMovieMaker.bmp	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\RmClient.exe	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsun2.inf_amd64_neutral_242c76ad2e288fb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnfx002.inf_amd64_neutral_b6dd354531184f64\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mshta.exe	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_join.help.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_try_catch_finally.help.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_prompts.help.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_cmdletbindingattribute.help.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\000e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Variables.help.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_format.ps1xml.help.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DriverStore\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ricoh.inf_amd64_neutral_66b4504d1fb1c857\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMESC5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\srdelayed.exe	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_output.help.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_neutral_c70e85b87ee4ece9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcpq.inf_amd64_neutral_fbc4a14a6a13d0c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Switch.help.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr005.inf_amd64_neutral_d140721f97061bba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_neutral_aed2e7a487803437\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_join.help.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_neutral_86bb50f34c49ae71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\sdchange.exe	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\setupugc.exe	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_execution_policies.help.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net1qx64.inf_amd64_neutral_85d10fa4c777b7be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\WSMT\rras\replacementmanifests\Microsoft-Windows-RasApi-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Break.help.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ipmidrv.inf_amd64_neutral_1cb648411f252d13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx009.inf_amd64_neutral_d4b76afd08f308fb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\icsxml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnhp004.inf_amd64_neutral_53f688945cfc24cc\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Continue.help.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_neutral_c48d421ad2c1e3e3\amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_jobs.help.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_jobs.help.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx007.inf_amd64_neutral_0b796ee4978458e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiabr005.inf_amd64_neutral_e14a0514f37611d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0010\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_command_precedence.help.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmarn.inf_amd64_neutral_fa693d8797766f49\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdsi.inf_amd64_neutral_e77f438012239042\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\monitor.inf_amd64_neutral_ab477c4d805d044f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nettun.inf_amd64_neutral_bd24fb174fabec97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\attrib.exe	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

Processes:

78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\44.png	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\logo.png	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\logo.png	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Program Files\Windows NT\Accessories\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR50B.GIF	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099187.JPG	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Chess\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\PicturesToolIconImagesMask.bmp	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STRTEDGE\PREVIEW.GIF	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01046J.JPG	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21324_.GIF	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_down.png	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full_partly-cloudy.png	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\UnregisterPublish.exe	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-desk.png	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\2.png	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101860.BMP	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01268_.GIF	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.EXE	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPreviewTemplate.html	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\index.html	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_thunderstorm.png	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_foggy.png	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Mail\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0321179.JPG	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15155_.GIF	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\THMBNAIL.PNG	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21323_.GIF	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\QuickStyles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent.png	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\36ca2928b2191011831ab673861c6ac6\WsatConfig.ni.exe	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Speech Off.wav	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-halftone-ui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c5f1f7115d16e65d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-scripting.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_89a46599641db54a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.powershel..agnostics.resources_31bf3856ad364e35_6.1.7600.16385_de-de_073b172ce5e69584\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..timezones.resources_31bf3856ad364e35_6.1.7601.17514_de-de_dc8be5fcf12a92e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sort.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_14507056e60fab76\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\ac74a0642981011a441823a762bfb3d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1\blank.png	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..input-cpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1ad1c6efae966f2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..icecommon.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e4c443a3b6e52412\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_server-help-h1s.mis..reference.resources_31bf3856ad364e35_6.1.7600.16385_it-it_7b8bbfc57c1754b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-print.resources_31bf3856ad364e35_6.1.7600.16385_de-de_92b78d695f668ca4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cryptdlg-dll_31bf3856ad364e35_6.1.7600.16385_none_7e7d4ec931c71641\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000042e_31bf3856ad364e35_6.1.7600.16385_none_5a465dba6f15dedf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_8c235f42afcafdda\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..yer-wmasf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e5b75a510b080a6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd\bear_formatted_matte2.wmv	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netxfx64.inf_31bf3856ad364e35_6.1.7600.16385_none_a32b19d7e784cfa1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..ionengine.resources_31bf3856ad364e35_6.1.7600.16385_de-de_742d08dfba1598d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regsql.exe	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..-ux-sppcc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_aef7b65c5dcbb178\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..mdac-odbc-jet-exl32_31bf3856ad364e35_6.1.7600.16385_none_96080debd81157d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-artui3.resources_31bf3856ad364e35_6.1.7600.16385_en-us_828ce2ee17df9370\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\401-2.htm	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\Dxpserver.exe	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-security-spp-ux_31bf3856ad364e35_6.1.7601.17514_none_b9e7a42ab571bbb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-a..on-authui.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_3006d43cee449c00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..input-cpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_15f6f88f0734008a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-msmpeg2enc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_71d09321c2335ebc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-opengl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2bc8a05a00587334\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..-netnwifi.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b8add4671223e158\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_hdaudio.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6c6441fe030f60d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-bootvid_31bf3856ad364e35_6.1.7600.16385_none_946e6d209fe56342\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_zh-cn_7fa235f41a25ecb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-r..rtmanager.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8836b2d4f2350b58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.transactions.resources_b77a5c561934e089_6.1.7600.16385_it-it_c482e2455c387994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-hbaapi.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_32f774aeb8785762\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..i-asyncui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_364e2177c8d8796b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_fdphost.resources_31bf3856ad364e35_6.1.7600.16385_es-es_64b9ff406bba8e7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-smartcardksp.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_37ec3f625715e1bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c1a9704a99ddb9a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-secinit.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1f241df1e9e9cf42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e6d6265644c81c72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..ccore-api.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a33b12d762363917\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_lsi_fc.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2027b86856e610bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mssign32-dll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_70fb624d1eb400d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.1.7600.16385_it-it_16702848f9dea1d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..rityzones.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_140232b52f7266ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-legapp2.resources_31bf3856ad364e35_6.1.7600.16385_it-it_39c1a15fe5d380f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-ripbsyn.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3eae274bc8057a96\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_msmouse.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_cfe7796da2c1c516\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wiabr00a.inf_31bf3856ad364e35_6.1.7600.16385_none_1ff46c750309ff30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..dlinetool.resources_31bf3856ad364e35_6.1.7600.16385_en-us_05d3a95ed7a184ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-medexptv.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6e68945ee5b198b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..eady_eula.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c4a3b307f7533c7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-notepad.resources_31bf3856ad364e35_6.1.7600.16385_en-us_79dac9b8e8ab2637\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_escape_characters.help.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-displayswitch_31bf3856ad364e35_6.1.7600.16385_none_ec98071c85cf09eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_faxca003.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_90be8826dc0f35ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\404-12.htm	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-netplwiz-exe.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_88dfc8e3ebf6e4d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..erbox-isv.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2df6dc6086407de4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..e-utility.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5b5217dfdb002ee5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UIAKDSQQPLXISEE\ = "CRYPTED!"	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UIAKDSQQPLXISEE\DefaultIcon	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UIAKDSQQPLXISEE\shell	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UIAKDSQQPLXISEE\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NQT4Y7r7VZ3jI59.exe"	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "UIAKDSQQPLXISEE"	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UIAKDSQQPLXISEE	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UIAKDSQQPLXISEE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NQT4Y7r7VZ3jI59.exe,0"	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UIAKDSQQPLXISEE\shell\open\command	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UIAKDSQQPLXISEE\shell\open	78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\78333fb57f5787544e1086ec1afa7e2a_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
436B

MD5
40ddd4aa2da1380a355d0959da892895

SHA1
a5ca6e445d0983feb6580dec3ca377a1e53bfd6c

SHA256
8ed0cc377c8b7d1cb41d65f5cd7eb254523ef7d78f43b8e592469dd9f759d225

SHA512
4e3185b7127f9e94d3036902ff58baeac074e0923cc4e90e746cdd5c62fff13f0e6c640634389aad12f785d40a210b96fb652030fdd47d216ac6219222481d8d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
e2c9630f018da53d32072315306a89eb

SHA1
576da4bc2aeb8268142c329a38b4f64d5dc180d2

SHA256
58cb18dbfa4090ccbdd772ef2acef06e52b155798845d0e404e2d85f1a9de2b3

SHA512
4cb467cc5def81accb30d76cbf178aa450186ac1422f7247ff9b0d1a07ccb22b9faaaddcd3b050dfd0dcbfbc8c34d945c9fe075781eea3c3c32cd23dff9c60cb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
66a7ce3701a25f93dddc06e5e6dff0fb

SHA1
b4918d9191187a4e87e262ecab4e5b91dc5ad610

SHA256
c9583b843c865ce7bba632362da724e39ad3425fd5517c1c3b07338033aa7927

SHA512
0527f460b71093042dbed25a0a875222c687ef0761b0439f149699df1f2b302ed1763172adfc5572e0591fbcb16787c55902298fc592cbb4785099c1c55e6017

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
68ca84b1a0d2fc9a433650f75bd9a49b

SHA1
9e565a6e723c9a9bce9c3920cdd4a7ee463623e1

SHA256
7197d0ca07c9acf7f99ea3b5e2451d3c364d18b5a1f5ceb6220f7622fb3568fa

SHA512
c41184e61597c29c4198f977fdd8add62c5197a306f84a4ed616607dc38920e684a3f886337708ca49e259614101aa40d29d838b86fe25586885b5eefba729f0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
b7ce4b29cf1b0405d861d51d080e6a0a

SHA1
93bb2fe4de9a4076cfe08e1fc0eec54b1ecc22a0

SHA256
8e733f0501063ff727337971b1e8aac577d672e951b938887a63529d89228297

SHA512
e6442217b8da67f9f90f6ae7304627785e91d3fc5ac8322e47a7d8aea5621f3ff072536b1b66bfd99a0ee23de58cd8d6dff6e147a635e594ed79a856d10adc65

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
71d0a7e04f9bf446d2b8e497ebc4e7a5

SHA1
422c2668d236737dc8f2ebef09fd22ff10f9859e

SHA256
d47e285c69d53cd55090f980c3a61d279d652fd20d7d21fd4f950a9e613614ae

SHA512
2149549cb267bd01b5a3913f3feb9826ab60258961dc87b7b83b40ce3e63f9a029800e1d721d1bfba13e6f72711a78aed20fb41578420df3aa9f616f0169a79c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
2c7b775f2f93f12bb3469f573b67ad12

SHA1
4c96d1e289844702708631aa614d34661d1547e4

SHA256
9e5bcd7b78164c4a885e7c0ea3ffde1694fe436f00a5ace2f2d671e77c79e964

SHA512
093eeb626cd70105b1474cf02084bf851b3bb3c9dcf32c397ba546ec0093c8ea6c17efd79da6bf461d727ab561ad56b98286ea0096b92ce04cc21a93ab398a7d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
e73e03434d043b43112e69db9afc46a2

SHA1
e4d79db6fe0b3a74b50765dd8b4ffb0ccd2205bd

SHA256
232d0d7123ae1296763a854dc4d48ef6817dcb2d9603bab2779381aa3bc95772

SHA512
b3d7ddcb42481c37301c15d6bf8973e524a9bef6d590b322519fb8637ac4c492d2a98387fdbdd8be5688d700463736f3883f2f5ffe6cc6edba5588c73e8f2327

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
67248967b44a3c85f581ba1f58db636b

SHA1
d243c6b1a82ba206f80890e2e064c608bc365d0d

SHA256
374a3bfc817a46d390a15833fa34d629d83b475c1c3a4cdde495c6a68e7a446f

SHA512
ccf71a80aebfc632ad70eab48727587e07a45bdb575bf8de7f881727a178940a757125e9b67eb1fc9edc4ca52ad172d37487f98dac86489fa501325a141a606a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
8628374f9d257e76929091ec6ba8bd79

SHA1
61b3169ff5034b67fbb085d098dcca20fe6cfb41

SHA256
5de686268ac8f66f11057976bc546e1059a4e3975a704559c781261ab9743472

SHA512
f775d4e2f9ce97247f1942ff50f160629fc3f294578c27b2e54b49a72806cfc5e805c09ffaf39688cdca8c176199da40763083747e1bd8e437d5339e4c884de0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
044920369e2483e15dc408417cb33b39

SHA1
f918449c1ec00189e386afbba52031b17a13a097

SHA256
5f4865721600933000a54cf3105b829134be921485494f299e21866376856188

SHA512
815e03cc4dd79166496090bc05d2f9daf959460a742ba3767f08a2e53f6ee10607d38d10ac20b4abe0f218a775d12476ee2b30cca1d6bbb4da1772381f0c4590

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
d50d1ac2e199c6b77213e291fb026925

SHA1
7e7a351ca32d47321feab7da34fcde4a9f2f6c99

SHA256
d9817ff516959ae5f6eb7e48212a098a71b1d037866ee635ac722b7006cb6eff

SHA512
376bb899839457fadb1a9cee1c7b10a444fea8b0cb84f0b5209524181469bbfad55787cdb3e577fbe848f9fcdc9bc5ba8f577a80f2236e8f1d913144bbdba129

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
d8573dfc3b0a2b31ada17d3c4c14074e

SHA1
d2bd82650689c4443b5d58640d13848ec8104877

SHA256
f00dd7bcf7e0736c46251531e4ca174386554c6aada3cecf3f7134dc8ec388b7

SHA512
bac82b2c6194d65427dddaab90cd4ab57b19e2b8b40b8d10cb84d17779fec3a57714c0edda7a1e81374b6ed22f93a13110433811998228ec9cbd11ac9b86a879

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
75bb731e40864d4afbc811c9b4ce9c7c

SHA1
f45dd2c5ee97b37c07ef8c7c414e57ef3f591999

SHA256
0eb08ad82b909824b1654168278b545ab1c17f8c566e8a090c495093bbd0dc88

SHA512
caa77ad58f7d846cf7aa1c2bcb36c766eca3b05a0673097b947754163ec32609223e2a478e361651c6008fdc2d739680e59a70652df817b1ae18edd6a0e25e63

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
17c562549f204f61cc71029f9a0a3ce2

SHA1
5a724a10b0eb2e76606198c7fa20e75591888380

SHA256
c7d27d0f51c4fcdd45e4e924474e5d6c0240188fc10ebbcb22f3fa97848b523c

SHA512
58b47c874e0153057b3ecd8326c7a68c900aa13a895a9b0e04430f358eb06f392e6a4f200c345dd6cf506dacf5134564137e1ae5033c0435847dd5c85375ce16

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
c16e93659221413a8588689c8c6b12bb

SHA1
b43b4c96c6b8fedd5d8935fbbeb1e747209e267c

SHA256
e610e332a0b3b6b95533915aa5d559c3508d24c88fe0248c95147d50cd17ce51

SHA512
9f2cd3725d52385bdbb9817aaa53d31737beaa9ad498031180e51f0dfbe3a38b7471d4c888c2db7128238a3d09d69ebdca929212a761654ed41be7d5ca879479

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
407f9c381d688e0147a5ac10ce8b2de2

SHA1
6304c8c3eb0bbd94ebd6c7ab008d3f7aadbc0cef

SHA256
29503eb423c37ebba51563aaf0740b06a4da43e337097fdcdacba358f0b52eb2

SHA512
3a1a9b035f3fb9e2339dfcbd6c260e87a40f9c5de4fdc3f9a0204343028c858c0a6df73920858ab756bf8c90d325655d7dbbf4e9cdde8654d708e129c1f4e220

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
217149fb5dbeba42e84d8ce2152c1013

SHA1
bfe997c0af81938625a085e582507290a2a5c52a

SHA256
6984a88624d7e5689843a3058dfff852b2616fe6e188263a5acbd11490b306e5

SHA512
5ea17d3b0c789a7e60171715d18b08432bc95b5b11713394555be4e5fcc8e94ef869887a470f851e847fedc02f282a7dfda58bcd27f0a854a045f8b5b75f4937

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
c19a887442a9ff6f09a214a599d5088d

SHA1
77c5fe43054adb6690131225916dd20dac1a638a

SHA256
a02267ca69f8657fedd4413e6223406698ef01305f18ce3abb2064daaef2b862

SHA512
a60be2f790f5be5d3ff59c268d4e59696ce582e8729bafb45b910b4d0302e06469b44da9bbf2f615f3d7fa9bfbc13cfed707b80704197496ca4c81c8dff82ae2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
eeea339f1d1052d9f76c3bb70ecbcf20

SHA1
4987a181c8c78d7dd81cc2a521821f1509947fd0

SHA256
39b789b79ad3cedf0f17bf92fcc321f665b5721d8e4ee72287edb8bf00e3846b

SHA512
86d2714268bd074b26bd0ebade675cd2fec4818272b794df2d4a8702a211270293e6cdcc8668048a0fb65559c3b56d1f53e020271b063f3e51a06de0521da27a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg.EnCiPhErEd

Filesize
2KB

MD5
c5ef238748863a0e1090d93415475e27

SHA1
4e2e8bfc596a7da33246cd0722bbb6556b993543

SHA256
88ef06ee4b8bfaedbbb09cf50b4bfeceec5da802ea22446f7ac33dc3c9a4e94e

SHA512
4869fbd4861f4d970dfd2f5f5c614b1185cd7247c516573da29316b647a70024fbe279fe3c08a632f604a0030c107d134bae09340c82e3fb600b3b9d4f519b75

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
c224dca7454822c7ca4e3b646aa4c39b

SHA1
ddb366411aa6c2ef15b77f63253ea8952fdace8d

SHA256
ee4394f91d2b943910dffae6ba9c2f2ab01c15824395632f8fa0299811480b44

SHA512
58f3da1beaeb1d8279777437a178812a2f07e6c831206e932915b4536f8e7b4f219939f6f70e6c4f8d0e016fdb9af50903a1b8cd848889226293555a379592aa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
551d6b218f907a323f4ea28d590cf30f

SHA1
622f384d00cb923191ef6944ff18731b405d436c

SHA256
1fda89e74dc61d232f2ddd75de156cd29709fca8726802efc269062d7b27cb3a

SHA512
6866f07f452e47b78a86308d3d5abb0786b444d28466258314e684ef8d662d6a07e75f2393fba288717fc8363fd7102bfec7721ac491bd1bfc28448d841b0681

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
1f96e22bb1e0a813b34e9c040e053ee2

SHA1
0b39e853b96328f913a9052454568ad357dafa17

SHA256
a3615438ad0dd97876e5d2c495b4aa620dbb75cff722a4b462aee38bb5c5f693

SHA512
d2e3d4d95407cc8cba7b3361e8dad50f963c9df1a64a19b8343fd9bc3e8613149e37430223494dd33baa47b2ecb7df6d15f5d196c1431eac786f97d4bad4fae7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif.EnCiPhErEd

Filesize
323B

MD5
d6334d29199c7df5532cd24664934f6c

SHA1
d0f9abf7710df473f7b08809b24dffc1a1d004df

SHA256
e848c1ccba32d0b5a0554911000f825c139d19af7bc6b431d2fbdf20880ffdc5

SHA512
99012d118af808c5b233ce4fe912f77bc883d8ac28e12c434c749c76a547c9e484221aa10764ad3cf61ab0df75fdbc320888622a36c8e6cc4528db14abdff67d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
3242b2d74e4865a6c933accd0e5bf741

SHA1
1728a7c3796a652bcbf3b586e52da6cb64dca10b

SHA256
00928ce743e706b1dc4377bdf9ca022f49129bdec813d93c0d55235bf2a916ad

SHA512
c5846fb86754fcf038a8654a7aa9670c978fd8220b37589e63ecd641ac96eec8415a61bad7c806f20ddb2eba18da418d396f7042521fac29d21b9c34a7aaf1e6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
618a9fda3431c45c9786aacaed757849

SHA1
db66a35c23ea470c6bbe639c91074a9ab6fdbf8d

SHA256
04504308f6b870604edd597eb37f112e740a8b3b74d15b13a76193caf14336bc

SHA512
4ac574017faf8a03cce2ab67d1b0dbb67ba703435e32299cf7fbe8a8c73de18973c1ec829ab5bbdcc4953360b05eed2f155acf5e6b53c010baadf03905d81bc8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
8f2d5274b86deff6333efc6f69d3c3a5

SHA1
a386d7481b640aa211799d98c6d558d6ad81b32d

SHA256
ef1f7b1b6420fdc55cb475bf27a7de82e32f28cfaff4d629a13d3df5dcc96ed9

SHA512
dce9450c39b5aeb2bc35421334133276297a50177adaaed370ef3168b0cf6d08478e46c70c9f3c77a7b11c06d57ab5a826233ff3ba0d93d110a611db751cece9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
5c621e8fc75684427abaa36ea0e27127

SHA1
806ec9e6435bc3eb904738abaf7a4c97d3753a24

SHA256
168949a32e1f502d175e389e365f2d1b1a27d9fc92956cd3d481e3cc7097e057

SHA512
fa84f4aab346efeb81e696d4c2b0ff5580ac0a9444102d867a008d18395b6bacb242c612f2fbf95b2d531902f8c672496e142751553adffa182cb776bf783b7f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
44fe730d165ec4bf79e6661149218d3f

SHA1
ce32ea8fd2dbbd43b989f0ddf1fedfb94237ef3a

SHA256
8f8ea066018e4b09f63f35a2e05c1e1b2438befc760a436e303f5347a24f5b88

SHA512
54ec24fffa012b2bbda2f219f1888e3fc12fdca4af92f29eedd919e4f2b823b11426c8ab9b78f51f2736f0a4c2c1315624f4ae2b688626dc4888e1f67125f82b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
1ca41e212feb32e93506675038bba90d

SHA1
b350ae934d9d7bf0eb6ccf94a0fe2a21e8bea5d4

SHA256
e7437d60f516352d7a3d625407cae25378b70177f9f64494862cd227d83a732e

SHA512
82b380857572b3314d5f25e0883bb4976357143e2f9c7ec9016770846c4298b6d74ff43e4f602a35c38feefffce1f3b64ecc036124aa121c0b9bc05dc1f17c57

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
14ae0af53c23cf68615f657a2487d258

SHA1
127c17953b51bde661635b8e3438496307218e0b

SHA256
e758b694fbcd947b7d7a8187319bf200808fddec42fafa84fa8d3ab30ffe4807

SHA512
234cf01e1a5c333477848eacda749d37ba6cb0796e9139ea714a019fe5bff536afe772fcb44cff78334635768150d2e2d9bc833deed79daeac91fbd359828bc1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
eba1b361e5b669908cd84cb9b660f34d

SHA1
b0a216ce42f041605b52ad2dcfb10ef285aff30f

SHA256
efab893995707dc05e3d7e4d5d3cab55ef67d60644975d2267a1b9f71a85d53c

SHA512
a96e3664ecee1759269aa8b42aa5655a793e341a9d22f061ef7c9810b989af43383f06cdac0b80d32520a733ab7d6e73395f2c0648e1867019595c0741856d42

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
78e73ddd3072c4b8c4ae24b1ad9a96de

SHA1
b57a66cad38c36eaabc8bff7a628b8698efda4a5

SHA256
5cfa482da1f5015b4c5a0cad465085124c08ab9596354dad2d94b041cecba650

SHA512
917e3ca71ae8737cddb938739fdb98271fe0442c7ee56254b70a810e2d92d05399b0b0fbfa8009fc71a95b922877c225fdb1c892635df879320d4d42a448ed20

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
d94c02853908be1a923127ffe11b1292

SHA1
097653c50028ec324edf50ed8efaa8b3dbf94f50

SHA256
9b3e96a5ddf3b65b71a7f08e4607fdfca8ae2e4bee1fccbfdac04c61050bf824

SHA512
cd80e3bebfffa12265c2c9843bc7c7700de025175ad7ea0aa359da0c7e1de142bce2c467c31af8009c3205afec277bcad1256abcf278c26c3435833783bb7a34

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
e14fb1c144388a147b712a6bf7493de5

SHA1
2c188d77b8f0decc2b14d6b4e298a18312078705

SHA256
7fec609c519bfdbbdacfd5d6c3e2a63f2501425165fbe73f7f14411f960bb22a

SHA512
e4b4131ee36f0414a572926a25b791938574be1c8ef87e0c06063762e7c2766bd003356f8ad5f79756ecb2643a5dea3b4faa637f0b80f09594e2c170f96ac594

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
4660c17bd387dca73616fb0837b0bf2e

SHA1
9bfe520e59210cb055f94d3eabf0b105235b5bbc

SHA256
66b96a6553bbeabd211e81f571336a3d65178b44d7a639ed10e8e323bae727d3

SHA512
522ee0a23dc84c4f742dd4d6f47e2d03c7cda33c478765239d8f577e32499adc21c478a8ee97240cd32808e394e44915af67914d0aab717afa95dbd38fbc874e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
775105630411496986e290558404746d

SHA1
ea8fcf138b40c63cf31974c841e627d40b13b819

SHA256
48dc31165f34bb85c6b77698c41a753c95033f1d70e1a03693570e557ce742f0

SHA512
cd5ee5c884e4a4689885c7929e55a8b174f441f2cefd625ceb9e0bebaebebf65d70a35842f40cece61a9d0b583a3cd544ba8ef439821d0bde66bc84a01e7bdd6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
be997fbfd89a401793da6fb69b8541df

SHA1
bf8a48830a671ddb049b204d689c101ef775bc80

SHA256
636622aa67d4c1676182d033b87ac134b34544b2dce7ca64df03cb420fafb052

SHA512
d58504852cdaa809d54730e70f966cf3de004f99a5f2970d308c9cfe791d8622608b5f03847120b5dff1958dc265b27f7a75721a2d615d1eb38323134bd206d0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
4f5daae0de03be86c7e0506fc4564068

SHA1
5d3fd32e20fd6706ab7207bc2f4d8745a0420d81

SHA256
95f1a06e49485b9de79f638fe68fe1e33c418a3ac575f29a2f272bb3792cacad

SHA512
bc3bf78cff659f8d9d7a8f409494289ab300cc2b5b9607d7882c1f37ffade748ef1438469aca9eab53972193a4faef1a59d51e78c6f2dbe5d70982bd0285ab47

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
00e43165d5e81f5bfb22f771639ea0cb

SHA1
106c0296b90c6b57f5be9415e6e8bf2a0e168450

SHA256
dfaa0f77c767a2500eeaf7c671de2d30c8ba18ff19efecd2c396fab8b58ce03a

SHA512
c55f16be31520c081eb4a5ccf06ada7a1ea7c3fe8aee7fe3e9c787a87669213ce7b32f6e24bdad0e97f1842119cb3da30c5f2dd37f9d85ab3b7c18de977a8df6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
b187f29581ca86b1c0543a71e81cd604

SHA1
d05d6fa3c5798e013c5f2080ae2e2eeeda8bdddd

SHA256
e83489112768abfb2643b5a4d5e150ad6c41e7988e2ec22a20c9bfa72ebeb9a4

SHA512
d2e84b608d5f497555681f1eb16c17e5198cd5584006dc3e63ebd77e5b88c77cb993815a216d922fb69778d07d62491e26c0a76fbf7a39366994422784a11e59

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
2aef06fd03a96994158f1b4c39a34af7

SHA1
4e597db961d54c65f7305029f2db9a5eea00d178

SHA256
68347bd09dcd40414b0726e208e1296fcb6fd618f032789d1af01da75f685bb5

SHA512
0510706aed8606380ad9afdeaa25d61f97918a32d8551f87a88f622f7cc719cd1edc91ff4f1206f8fc41cd2bf94f57b12c6833ec8ce0c752647970cbc09db836

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
7de6a8108fe30569f3e6db5d4bb145fd

SHA1
57a5e8c06b672ec3cffb96c69145975cecf9d191

SHA256
c7091a7765f78adc1a5c8e46e2fba93005e7cce7ffc111807f71e6393b6a110f

SHA512
43f364c19e99d8649f09679e02c3686a4e606b80f5e2bdef808cbb20edaebd78fa5ca1812c745b7a26ad98baa4c9670554746eb02be42f8966fd5c503784e364

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
3066ef6ab208b0c65b68f6506568d715

SHA1
1a171308f1d6bba4b30775d35cac8e908664a286

SHA256
9c856f61701f6d92eaecab907ceda8bb08b08a1e9e4bf75fe80a06288213abdf

SHA512
3993ad1a09322c6a4d68cec46b4370488b60561b56056a14aafd968d12726742054f464970ff650d57f6b5a6dd757c72d72368f455354ec39dfdf2ab863f7a86

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
13b071e68db5e8abbc19afcfbf69542d

SHA1
17d45e150b1801cccd99369f9e2d9effa3a4b5f3

SHA256
51d0baac995d8b54f39679a2bdb88861255e623ffd9a1b129cf1d409e98d99cf

SHA512
453c5a2cd5bdce16b9a0a28275d09680b7fd395b1435d97420da2cf4aaa0a0014afaf41c66b27bb9ea49177bf554a7e48f6f94e4e61fee9cc70e8632d45d5d5b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
f2186452161860d2fbe84132dbb8bc21

SHA1
63869f7b2352110c0a69390b23d76e82ec316944

SHA256
b6d6813a1f757b86fd4e6552b8513ae30c0374b8e7a73eef0e97c679fcc83182

SHA512
f6bb22eb130ce8d996e8fe4bba09dfd3437d97fde2e140a222172ad99b82a7cc37d36163607049504c2b8478732580b6fd6df123ae657da5e729388b3918e784

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
7e1f4754e14995d92a7d82e1359b33bb

SHA1
39c89ef6d3857bcf3e8662aeae26174407395d7b

SHA256
112c43366fb94c03f901cc74b5a132bce20900571a45d1ee58e8f98d1e5c6b15

SHA512
322795751e9dd3adf1a2ce67c5d94abbb81c3363ab3344c9b9c50758690fc52f7ad8c54b5fb96c8fb467ea2719a3e6a0e12d3abc24225a8863fe8cba8fc2e81e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
8c0cab2f720fa5afa51b0a02f2f06b50

SHA1
66bf74069108ddac87f58a5556f993b84c93340f

SHA256
8bff631fb96ee33c285fc8337bc9d0f3f7a85e114d98f672e69f221bc7fd255d

SHA512
2fc472d8deee9e5501b6b27bcde789e2606085edc814c256763612ae39be7705e0546176a579dd426fee97444f3b4d9df5d16301c0a620b031423ea248256fe8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
c839baa47b0b5cee7d19ae9410834843

SHA1
0e3fd9b28ae51b1450c109a61cf5b813fb9e7f6c

SHA256
950d7e14d1c4d42a09ff48c2b8502b6a5be1c19d0ef915f43a3915d8c6df8f0c

SHA512
48e20cbf628a31bc00edfe5e62ae872c8cd92d134bd820dba5b2e0f3bd974df981929744fe0b723f3ab3cbf8757602a1b13d95f678fcc17c65ac83edc069c9b3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
eabfc43db8955c1275daba91888b44fb

SHA1
fa40e002cf42c8e7ee0e603b31565bebedcc5791

SHA256
958769c5219160c4e1fd32d214ae38c23c78aeebca15d522cee67bf09397ee89

SHA512
2d35fd5319b15ff40c83e2755731cc35c1fcc50a89ef102c7bbba669170b9f52822708a3763851260622079cca7d8d34fd4bd330eef1c6c31981fe155d7961cb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
41801f68dac610a5a81d873d90844b74

SHA1
b8c538fbe6f443cb0646edfb547e13b31bd39d0e

SHA256
bcb47db22eafebc729daee442f3ea293f521b99757bef42e7c2782d02519bab7

SHA512
77f3d98a057a03b47876296d0ce7b1b5b5aeed978ca9d3598095225e53969cca6881df951bc674a482e412be4ea79ebdaaa2d9f66017f8ccf35e02f3abf5478f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
a42b8788f07a0c2b1fc42adccee4197f

SHA1
28de98bc51f4259dad3aaee1586fb718a1a9cc9b

SHA256
33e58662b0771497658feb31c606f7fd03e12b5db07a75ff5357e535b4f6864c

SHA512
cbef945de976c24406f74741f61ae1e9a1c17bb32a0d0e85c7ce186707d189d39fd136066402662cc5b6e8342593dfc6b499ddcdd6be162e55877b222c6cea8f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
365d87102a381f0a0cf471cd874fcc47

SHA1
9ed40816fb8c9ff8f7ab3cfebb0556572aca77f2

SHA256
efc6a1067b996193c7784c89aeda6d830835a89bb9c37695ebf547a71b5b2497

SHA512
5340d0818c57794b9881dcae54ac606f1a4b4252061b6064695a66d1a36b6f53478990ef9be3fbea5177f43c570ae5df6ba167c2d6b2e9f1b48489353593da85

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
e1ff456ff54b08526639b5f06a02a1cf

SHA1
05ebc62dd9d43468ab6c7fd252ab9a98db10692d

SHA256
bd09e665b9232a1fb1a4e255579417574f7781f709244e7e4dab6d8cec309729

SHA512
ba3e4ae3143a15344e62cce832d749c3c0d872f89c0ad1b8ac290532d58b0f63dfdf3a2bd66322dd00f7bd6f2e71891a018b70c7ef68cc463b8b2e7dbe294acf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
6de198fe8b461ee5b9658cb8db7f0fd8

SHA1
da9ed47560a340df8a42198b5c7cee9e413893c0

SHA256
f0c6e4617f965b137f23964de1d3c4c9f2e0cc07d55909c5a47a6b3bb05c1d84

SHA512
be305279fa95c91cea582c8e6698de916b93f8f6a81eb87a7151d95d6df88ae5293ea8770e47e121d50b273abb09e1a90d717067c2e4a4a49642c1ca8bc04783

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
008cd08b1c52e439df5f56eefb8cd54d

SHA1
0fb74a8ab8ee81dc12d51c00fd72ec566374e52c

SHA256
ae37267d9f606d672e31ae49b9ec10aaef38cba19a91f2a460e6b719a789dc22

SHA512
f7a54708f712efa81b9ef64a9acfca399a346dfcce8d0330887c0d1727b67ab60bcf4be43bf51a79f4911c19aa060f5499d510281bb83161d1021549c90ac6fd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif.EnCiPhErEd

Filesize
850B

MD5
63602304f9e024e93b7146b22f2053f2

SHA1
550895fb8b9f7a05ff06efcf501189dcb1c836a9

SHA256
a2488b373c65844ca444fab1fc6cded951169a6e3b3956b648221a4182bd6460

SHA512
2955c9f2b57bac58cef4883b0a66fb11a30dee16c908b13279dfc20a9d99241be69121544c8f962b6027be4eeec7874e9421654e305b96588c6879adde3acabe

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
c0ed989f9a0ca0657ecfe07591a54230

SHA1
25c9c1ac9e6be0d07ed56c99b8ede28874bf580b

SHA256
de01b3a1bee232a073d44ab3efa5740221da80b12501870ead26d1ff38a794f0

SHA512
b320366584a4ab9f4a451fe3a5dee739a06dd95448a320a989b3f74e81fc6a2e3b0f12db38476d4f28a43cd38b6200d39e3420218dc1b54c4eeabbd442db7538

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
880b4511e2af1f6c0e8d80f8bb19569f

SHA1
7838c729fb01916aa12e26a0ff90e3f143eb4e0f

SHA256
a20b9c21d24e6f54b26ce185e6e9690171cabe63d618ceb811a49f952566bb74

SHA512
91be3a77b82cba342abe9d1b88823d5a130fd35f5775129bc1a8aa059292963779b2d15ac3b634801055ae5aeb2b9af0c07e450441b6556d60c4a4db411c50e2

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
11bbbdcb47710681ff46b747fcc012d4

SHA1
b4d3786c1b0f08c6782b53ff08cc1913425885ee

SHA256
3cf817de1582cac0f2f4cf288b8ffd33cb3b9b87308b4748459eef62e424e2e9

SHA512
9345959b838cad2dc764e067afc79b3bfeb09af5d8f183692ddb5b972aabe7b4aafa06fea5a7b8d770f8473f7cae2a6eb56102719b792909929715b4ff6d8b62

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
032412a402100e78165955cafe73fdb6

SHA1
f4edfc00bed161302f63d77c914a082736c95308

SHA256
310085971bf2df6973e5dfad0e1fa591aeaa782c926daa9ea72f4c86a4818f16

SHA512
c9adf0d0070834dfe2bdaeca1ef0e28728ef3d85ef09c88a7b89ac33139aeaa0d1b6f766bfe4514d8f89f9c78f49900b975189dda8c9dc6e49475f86b2fbc2f4

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
595d156e21350a8500257ce62130e62f

SHA1
66563a6236e84bcf883f14b58d299202690ea109

SHA256
f9c5effa786da41eda4620a404b0130ec0ecde0e90812255cfaf95790e5cc686

SHA512
1002a2a2efad6ac22bf3155d29a2a34aabdaa3b480ad42ba4e08e9d0f7757b27e95dcfcf35bcab5accbca0988c6b2b1d2462d2d7d35c3991fb2c1b854acffcaa

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
45bc042c2591e358537301916e025c41

SHA1
3544c8a77e0e215b5de3ba962f7a2e5c76de98eb

SHA256
bc7dabf30f0833b3209dc5298bc7dfe35a7ce99832c3c8b1bbeac06c3e06292c

SHA512
26a63a8dc64b9db11b72fbefc74a96f8ae239792461e41335973038e69f563da1cb6c8e43c6985f42487a6cb42a139b4dbd909da16a314ffb0ef7bea91b680e6

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
34d332c585428758b8b75569393d7630

SHA1
0f2d0f27a3709b8e5e1dcc01ccf130759fcbc3f0

SHA256
3b2626420be7d00a65f060e5cae342c78700cee48786de710abb9bf022d69f58

SHA512
1da72ae42f3a6a518dd8ff79888135d375ab6b82066e7995718ed6ed55ab1fbfd34c572ce477a5b8fac8c43de512a5c2c065e071e6420f16b794c0f2b56e43e4

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
1fa5c20fdab95fe96657764e77ecd576

SHA1
6dd588eaffb15b2ae4687b8d7920f665b4d880ca

SHA256
a68761dca3ac200425352c6615b2c396bb237eab9d507984c25447b073ac120f

SHA512
7fc29924550499a76d51a3c41e0547453c44e0c056ed042c8b6f6af22aee362dd0450596467df37e64aab5f02e31a182229ffceb15f5c209b2cb8ca98e84c70d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
679ac571ad10f44d1596903f99e2da78

SHA1
fd23e45208e3f42a517cb4665f5f51cb7b2b3f39

SHA256
7b17f4eddd3103c3272d259eb44dfbfb5e14185c52bde92d9562c3e4dc4dbfff

SHA512
6973f9c277599681937e320b205df6f319d47c821968a07ae99adf5de8d7170c2ccfb24ccce8c999c875ca360e927fb4549cb18954d8872100eb9ea0abf3712d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
4e55f8204570dbf4da2d473fdc46a7c6

SHA1
0e38aa669be1b277c48a8c11e13342d624d11112

SHA256
cb15279573140a204cf4beff8ce54e42d40d407361fde618a0ce36907135e141

SHA512
9990a9cbd0c71cde22be219353dec2ce5257f19fb5011e9f8a5bd6c6cf8cf6bf09939adaf1aef054c5d6a6c1b6570bfdadec57c6487f74b8036f58383d61b472

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
74ec63d3ada8eb15ffd92d0a3105be81

SHA1
cdee8ff6bbd56da7e05c8ae719e7438481ac83e5

SHA256
8bd75e5f26a3bf7e37ee51e1e2bf7efa68ed060292847a0350c648a0bea21f5a

SHA512
0c5f8e576cf58f6354d81e2ef9b3432f594a77acdb34395a39d3c4ed685eeec0892c1189587491945cb277cd9d79ddd339e5de8c42388d0141580c4cf5511472

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
024ce5830f4a61944c7da2798daf33d7

SHA1
9a13dd996e5d8f773db84357fcfeaa7a99286d49

SHA256
fae139d5a6310e443784bc8141f3168c266193c9d091027e7cf728f617a2c0c3

SHA512
360d7bd7532f7a20f368bafdcea9c4a8e6fd15960b7fbb444f77966d710afdad30d8948aac510f6f0ed5adcf7297599329c00fce21ee84d8aecae37c67efc77a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
2a5fa5c31ff6de966ea9a93e1af4342b

SHA1
b09a2310fbc1c9f8a8c86a645e30b06cc79d43cf

SHA256
d353c0bb29df1e7ecb957ada706c3a1608927a63e8dee38d8f2106e24c330cb1

SHA512
1bdb7a9864441e4d10b18fcca944e0becf8da6865ea885bd9099561c5f8a06d556c9d82c59a95461a0785d6de572afe7f51e2d00cd34c46399f5570b8d0e7d3d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
103383a9c7afa2d7067cbe08b79bacbb

SHA1
e38c2a10515b35818d1d7a0da366e8a50416616f

SHA256
447e448608530848dffa8319608881e13a1a5d6f6f98f3c9a263e36a6f78d9ca

SHA512
13a5d2ea329afb492f127d19cdd8157885ea5e4208f216fcc3b838856203117eda7e41438509470ace48015067203ff5106ba893254e986ab3ca26cbaa0d8c24

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
4bbb1fa3783bb4a3ea4618b4fd2f4c26

SHA1
9b9bc01cba6f9a9be1d2f66092cc6072a22c702c

SHA256
b324f22dc032ba0b8e7ed53956a7f729beb6b2d80e2910cd487f1e7a9399a457

SHA512
11a039fe2a87d1b18dbd919d69dd24fbb918cb8666af26ed9786023501d91d834344e548a990656a3dba31a6e715e93e1f94dc0ca7022c02b58c10238165a8d4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
e46721de334f54cd6c5fec188e5dea30

SHA1
d4177564cc58495ad9e4616a43cf20e215e8519a

SHA256
3bb4540109becab54cb14b1dba4f10471857ca34f5cfcfc44e6b082252fe25c3

SHA512
32c963872eeb8132845169d498a866679538904f6a6d709f56160c8f8af4474a581b8dfab68a7e07234fea1567e027053547f78f3f3176b1315be2d64fd3b362

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
b1cdcfe3c7b66b2537ec7c6755f2c114

SHA1
de1d2aa3df52c99227dffc28f80d0004b9fa8263

SHA256
80f59671e2d02714ee8065137a36d23c022ea0f123084f97d08c2c8e99f7c11d

SHA512
515aeb7ba8bb46de0621e7da879f5d13dda0e7b9281f694dedf80c116d13dc6ce021d39fd97c2bd47072df1d000e7ce467c804e576dfea68c2533dc0bd68c59b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif.EnCiPhErEd

Filesize
90B

MD5
fe807b17ba2794415ae2b8aefe29762e

SHA1
fdc0812d93eb99a1c1fa93a604c1b6401fb53122

SHA256
933b2f8e9832d4fd7e530d30f1777273704717fd4ad9eaff59f36f3a43635399

SHA512
90548c7a354c1c55f3f8ac9ecd6afb7c3ef8edd696aef6eb94463ccdbb6a5294ac0868133966cd256db4ee11492db038fa7353e233334217bf826c84a2275e86

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
a6853c30abef18286e4802c543edc315

SHA1
992c2eaa630709480ec9edadf5daa2da736da554

SHA256
5e216ea566d608d08b971dd1ed63b48633b40ffe407d51238c7cc7588042c03b

SHA512
b949a9e20e725badf87903b3b18636f37fe0659d81d9c76bf9e53362ca96184c6b8b9b4d771316e545c1babf07bbcc9854100cd81160a52898dd0c90273442a5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
209da4fda1f5823bcab181a8de82895c

SHA1
64788a9625929d9ff2941452c6b7492f00416b2a

SHA256
33642040d64a3740ac761618ec8d2f37c671da0f684a637dacb8a81ab470df23

SHA512
68fdbe15519bb95b66dfab7db42f535182a6d915e742f75432c8f8ceef50b3ac8fbf0b10c62cc1c885bfdd6b3c110f3b2d6c7147371a46f5fba01efa75ed4467

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
b72636fe7164caff3c25f984f8c47eb8

SHA1
3ac2e1a7de60e380cac73801e7f91ee57a7eaa66

SHA256
e7f3143e8590b49df338ccbbe314dc67bfe98d2f8004dd20c172c6e0a23d5dd4

SHA512
89dfaa98ec777639bd6af7c107752829492b72c9c2d3c7629c96360ad6fcb655e887e5f4a8242aebc466bc5bb2d17835682cab1d053379f45a343386a312137c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
81e4f2b7ec2f750a703cea9e3433e694

SHA1
9ed7e250dd8f275c91ee27db0fb6439d2b463b4e

SHA256
9c507343d8db5d161bb3b820a9846fabc727d664b66eca8d666ef61cc8898aba

SHA512
19c5ee40523eab3eec63eaf799153ac7c1ca808e4d7fabd6db12bdc600ddc04ff7d2aa485f7186007b1f87923e84dfcf15976ed0adb5c78e7e8ceeaac4d576ae

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
2c04705c210258979274b866c93b9de7

SHA1
f91d95ab3e23c55dbeb58554c14bae48a5c2b969

SHA256
65fd2d1c23fc82b0e6122874d74d733eebe55683d5377502f7ceb4561a148dc2

SHA512
76b4e9fd4156ff6e5e15a8313319d3d3a061433f39e9684f9f7b394a44f308c481c2512fe2757917bd80cd22ffb336f85d446ca9ca9c5e69b40318398d704908

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
5a048c6e758f84805511c2a78139eacc

SHA1
36407b4cbfa320f649416eb9c49002831cd47937

SHA256
0cc1b84b07467707e0fa03933892b5bdce5858a6af60b3af631219e4437168aa

SHA512
87efbed215fcbf13862129c26e05f3cb9328f93e1bcabccfeb057153422d7ffebed4be01dead215ad405cfbdba7e851911021a3f69dd07a94859d54c44dca4ed

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
02f2e0bd33e119e5b8eec0cab98c4c23

SHA1
004fe61df69009e122d9a879b430c1c3f2de7bc2

SHA256
e4d37e8c94171018dfcb88d7a21f25597bea395a5b1f801e049c178d836478e3

SHA512
e09b480f56c9091c441ee73f92f7a9a02fc07cccfda17273512ec2fe40a71b5543a33dd763af1268fcb140583cf0b1817a942de66a9bcbeb23a8a026c5b3ba78

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
76aa27b810e10705e5c51fc0df447525

SHA1
a7b2e220e131ca059f50cf7938ac69081a556340

SHA256
b72055754696cfe781f9b3ca5125a94619a3b97b8718ce4f51407440e07045a5

SHA512
e1a67eaa8812f1b31e5e3ebdcde3942731eeb4e5842510f802a7456eeae78a8a3c4cb1c753199d2ba28f38f7d96ef9626d49e3c831974af7958a8b951337ee9b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
9d92acf14a9638a2cada2aec21d5a452

SHA1
09f9a202a8a35cb7f138a781077ede75333d9ca9

SHA256
6a63c0e3c2198b5528cd6f157e9718f5e902241a8687688d43cec7e5bfd40c25

SHA512
28021c31269af16802e8db367a0a05bdb545dbbc619630ab9471e2f31de542b57fd13dacaf31abb72a8d1a3ca715a70717d29552e4c2820fe1e259b5934681da

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
2828fbda72760c8282c0ff7e99fc3a3f

SHA1
0696cdd724c807331f2531314b0df5cce5fc1dd6

SHA256
0cb0d5f98ebd2a401fddf1bde390d17881e8f907ab446d9a12e424e9dbde3bd5

SHA512
f0107334f8cde7b3ed2ec2f30bd7ba8946b9d3ce0a7c91cc23166bb35b6870bc58a5fa32ffff609756992ef2f10eeae71847467213e2e448c83737b1be3c0deb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
b171891bcf8af64f858b7428379601d8

SHA1
c9f41091b973e8e5f19a028663b7fd172c21d377

SHA256
a13fcb988cc157ada04186a41633ffc5d012cff63a8cc270d2c3d7d2ca8be7ef

SHA512
4967fc22dfbca055d9f25b3accba62332d8e78b77d528a65ca16a64aa0e158e3263ffcf3dc5674ce672607bac89c4c4c37ff6267f13be9ba48da73d34649e8ce

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
6a019fa63ca0acc5475fb12b5f1a2a76

SHA1
e7877795e95382f93d911a8b604d0c9cc811e940

SHA256
4eecdb268c1b93667768f5e649da746fb356e50b81275eec131c7caa1779f6b8

SHA512
da75b5d0bc1a412f6b80722cf07a493e5a2f3ebbea732f5018dee2006fe00b28bdcb52f77e5e16580ccdc1cfde4486d96091b5bf601e9c8779495d4952d00073

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe

Filesize
32KB

MD5
b842439a592c0ea791c7766a012b8351

SHA1
f5b23d5c0d0d08590c7db49077ada14de8e3f700

SHA256
a96122e6b2218e8872714c71a3c748e7d8a2a075885e0ae8af56065a20dffa87

SHA512
473222744cecfc6fd5b8409c6bd97818df1e79279acbe03200a8015c5e10e45402182b709f859ffa701346733ef064185f69e9d4a6d8a594734745644ba05849

Download Submit