f87c5dcdedd6fd11d77c53d10e4c9d01465507ff50e1e18d325636ff6f114b78

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
31-10-2024 13:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
Size

65KB
MD5

8327db221adfbce5ad764b38406eb18d
SHA1

43feb642e53be99b8f957a49228ac49b4587e8f3
SHA256

f87c5dcdedd6fd11d77c53d10e4c9d01465507ff50e1e18d325636ff6f114b78
SHA512

e1ea2c6957032d32e1ed4ba206a3de01a128b5df720f48e9d80bb2bbb2b247a82186a124aa6e41fede659d79a4a418dbe79b265922970c1ee0fa1458f71c6576
SSDEEP

768:40FmBkpKjJH40pCJ8/n6U0SWvqLRjD/HIzZA74joVKQPF51a0RktftI0NQtomqTc:4OD0B/68WveXHIlMkGFvSKsQSf5FXi

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2214) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\v70HZ1c088loop8.exe"	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_join.help.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\XPSViewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmisdn.inf_amd64_neutral_061c61abd3904560\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\imekr8\applets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\System32\LogFiles\SQM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_properties.help.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_regular_expressions.help.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ClickDownNormal.gif	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\brmfcmdm.inf_amd64_neutral_af49d2f3ffa12116\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_neutral_9d0740f32ce81d24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtx64.inf_amd64_neutral_410e89ed86071c9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgen.inf_amd64_neutral_7a967d06d569b1e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr006.inf_amd64_neutral_f156853def526447\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\angel64.inf_amd64_neutral_6bed16c93db1ccf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\lv-LV\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_do.help.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions.help.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Throw.help.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cxraptor_philipstuv1236d_ibv64.inf_amd64_neutral_b6a3e57df5bad299\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\001e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_transactions.help.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Assignment_Operators.help.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_For.help.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_neutral_0383c5de75359695\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnokia.inf_amd64_neutral_a8e9a41983d33a0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnsv002.inf_amd64_neutral_6ca80563d6148ee5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Assignment_Operators.help.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Comment_Based_Help.help.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\averfx2swtv_x64.inf_amd64_neutral_24a71cdaabc7f783\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep002.inf_amd64_neutral_efc4a7485b172c07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc00b.inf_amd64_neutral_3338d41663aad5fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote.help.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Ref.help.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl003.inf_amd64_neutral_4c78da9e48068043\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr009.inf_amd64_neutral_fd2ac5b9c40bd465\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr00a.inf_amd64_neutral_e7f3f91e6832ef5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Special_Characters.help.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msdv.inf_amd64_neutral_571f87a277565224\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_CommonParameters.help.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsun1.inf_amd64_neutral_6184912bd8e5b438\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_arrays.help.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmot64.inf_amd64_neutral_1abbad2f29c8fa08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_jobs.help.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Arithmetic_Operators.help.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0816\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Switch.help.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-COM-DTC-Setup-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TapiSetup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hhmgjmobeegjloob.bmp"	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

Processes:

8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe

description	ioc	process
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\rtf_italic.gif	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\cpu.html	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_h.png	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_windy.png	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\settings.html	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_sun.png	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_LightSpirit.gif	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\CALENDAR.GIF	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\weather.html	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIconImagesMask.bmp	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\navBack.png	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\grayStateIcon.png	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21398_.GIF	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1px.gif	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_rainy.png	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_hail.png	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15155_.GIF	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\0.png	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\flyout.html	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_windy.png	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\BUTTON.GIF	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\background.gif	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_m.png	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\EmbeddedView.jpg	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AssemblyInfoInternal.zip	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115866.GIF	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\HORN.WAV	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.PPT	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_settings.png	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\icon.png	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR11F.GIF	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02198_.GIF	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\REFINED\THMBNAIL.PNG	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Mail\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\4b5adb098f8ce2890826195454a777b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-adm_31bf3856ad364e35_6.1.7600.16385_none_423ff0e3a3f91a83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-downlevelapisets-shell_31bf3856ad364e35_7.1.7601.16492_none_2b20f882c1c0eaca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..-ehjpnime.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0753663248177b7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\46.png	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_Signing.help.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-directshow-dvdupgrd_31bf3856ad364e35_6.1.7600.16385_none_7d9cbcec3df8da86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\napinit\a64d6cb9f99621449821066eca9291e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_33a4aa1394215dcb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.grouppoli..reporting.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_19f21e3d96133617\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..monnoia64.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b10571bddd69c23e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..ifffilter.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0e4a2344f4503595\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-rasctrs.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_55486069e967bd79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-secinit.resources_31bf3856ad364e35_6.1.7600.16385_it-it_094c1438c11bb4c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\ehiWUapi\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_a370be9aa0513adf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..dthemes-calligraphy_31bf3856ad364e35_6.1.7600.16385_none_c1407bc73caf8dfc\Windows Ding.wav	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-ratings.resources_31bf3856ad364e35_11.2.9600.16428_en-us_3c143fa39ed4f150\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.1.7600.16385_none_e20dd69e928c491a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnca00c.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c15e27e5445ce1df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Windows.Presentation.resources\3.5.0.0_es_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-blutooth.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1c5b4d92dd8b9c23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-photoviewer_31bf3856ad364e35_6.1.7601.17514_none_de45f5282dfa523b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-v..re-codecs.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5705ef4539ff3bb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-msimtf_31bf3856ad364e35_6.1.7600.16385_none_2d7a7604044d57d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-v..eocontrol.resources_31bf3856ad364e35_6.1.7600.16385_es-es_286cc39e0155cd8e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.17514_none_d4a4d90d5db128bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-osk.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_52edf0dbcb84b296\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehglid.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2c2dccf6394aa74b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msports.resources_31bf3856ad364e35_6.1.7600.16385_es-es_36c32b9df9e2dbaf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-netpacerinf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f318701f5c84e52c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..k-softkbd.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0c2c1960f08a68b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\inf\MSDTC Bridge 4.0.0.0\000C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bPrev-hot.png	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\system.workflow.activities.resources\3.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..layer-mls.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7a90bc3c8cc66aba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e464bff149f7a5d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-snmp-evntcmd_31bf3856ad364e35_6.1.7600.16385_none_b8db1dc46558b805\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.web.mobile.resources_b03f5f7f11d50a3a_6.1.7600.16385_fr-fr_c287b3bb90035815\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..ehprivjob.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_955baf9439a9939b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-r..-postboot.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f14cf0761833324b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..on0viewer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5633a8dd8910dedf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-system.deployment_b03f5f7f11d50a3a_6.1.7601.17514_none_7713e5b653f9c0ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\trad.png	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..filercore.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_ace9374689c7e25d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-csharpcompilermsg_b03f5f7f11d50a3a_6.1.7600.16385_none_455b78e8a7236294\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-calc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2dc135ff1189ee72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..ndprintui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d2c8fba0badc8a46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..pp-client.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c5cb371e0d8c117f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.Resources\1.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\diagnostics\system\Device\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-a..ore-other.resources_31bf3856ad364e35_6.1.7600.16385_en-us_eb3ee165f49968b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_monitor.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aaa90b277347cedd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\inf\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-heritage_31bf3856ad364e35_6.1.7600.16385_none_5872c0830d0c4747\Windows Critical Stop.wav	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..howgadget-insidebar_31bf3856ad364e35_6.1.7600.16385_none_a8d08d1343d8b261\slideshow_glass_frame.png	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\37.png	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VACZAKSPYMVNUNW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\v70HZ1c088loop8.exe"	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VACZAKSPYMVNUNW\DefaultIcon	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VACZAKSPYMVNUNW\shell\open\command	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VACZAKSPYMVNUNW\shell	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VACZAKSPYMVNUNW\ = "CRYPTED!"	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VACZAKSPYMVNUNW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\v70HZ1c088loop8.exe,0"	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VACZAKSPYMVNUNW\shell\open	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.777	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.777\ = "VACZAKSPYMVNUNW"	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VACZAKSPYMVNUNW	8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8327db221adfbce5ad764b38406eb18d_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
498B

MD5
6bb043a09a8669c5c44d542d5b3caff9

SHA1
fcfb7c9dee9f532b44c0b5359796e71f63d49404

SHA256
c21690656273040bda831c49aa565831f13e586630d49a8eb1962f2169516b4b

SHA512
bb3716654e2a4239acba0132208b6e69b4a7d7d51f049f003e62ec7a774dff68c8610860c28708047accab079f0fe866c5680e14d93d64c3d7d33228f36104c9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
77e9c891bbcd76af901acd3b079ddc5f

SHA1
43fe170ec11ad0013dda683053c305337f010c12

SHA256
01ace6f3950ad9999ceb1943acaa43b30e459cef4659004128b5cdb65d929de6

SHA512
d7e00910e4417ce67ea69e85ff26f12db843ca856022ab44e131b6c3c4db071ee7270efa9df04d115301cd8ce1c1222a74123323b40c394f1b4d4b2c14e95898

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
19a1256a299e0b52746a9bbc18bddc0d

SHA1
23995421b16b4d48e920eca35c7a01ac25f445d0

SHA256
d56ae1fc122c8bc46065f615fcc624e9764258dc3d368fc108dbc3907fe54f56

SHA512
ad432c401f2993a1c9c05e9f1a568015963a6111f30a8940517b58be398dea85e637391358b839be77381d442e34d35c484a8c6dd7c18b36f1145b640f1669f6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
ea82fb6b180e21583807c4f341991263

SHA1
e54d9943dd765395409b39154ca3523b0027c474

SHA256
73a5db51e9124d1e0f8532c9fb8a27cf87ad8e54bc34ded9e6fcf8cfd380aa69

SHA512
ced6f028766e77d211b8fab12a443a16fdd2681270fd7bec04b73eab615811589f96d9accc7aeead84ad2e4125975f7930aafe9ed641e4fa68a2fa52f36e90d1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
dabb9001c81f5af9dc24eace810a7254

SHA1
0118e918a22d3903ca711b4fa6866649b4e167c1

SHA256
c5ebb8cc3c80fc0fb15b245c63174b021afe95595f0f33d132dcfe93376959d6

SHA512
53f4cced70b443fd76e66c85ba0ca7f5c5bc7a7a3c4463414133cd3b5f2f986ec6c64f25db406dd81896537c2df704867789b822820c8931fc84b1212758b453

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
529528aa35313a8aef8d1b55082a6ceb

SHA1
4016baa82ec607ece5e306d936260e79a8673060

SHA256
6c27634198f82ee127557f7f80582a813058eab67598829a987c4bee9e7c711c

SHA512
f5299dff53aea6322e07c6602113e3c1be7a5f3524f7dce08ae8fcd38ea5ea3afd712084f568dc451e082cc4829ebd1baa9ba5d7129c6d03c81469cf6c51f464

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
00511fb95f622bed450c7a7f20c915ab

SHA1
a156014be797768179c1af860ec6af66863007b6

SHA256
0ed0b77fb69d6aa4a0201c539625bac6ec8469889520105b3d92707ae37c5360

SHA512
8692600aaf5a349df214f542d928a6b260db0b83e33a6c0e13498b213061aaaef47528bcee2ef4116fd7f4a6d234e31cddbae06050850b9f6cdb69da94ce6139

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
374579c02af61205d524f1936e11a489

SHA1
610a01cebc6aa3d879c28262f250b7ac3e7f661a

SHA256
6e4ce5e23625d205af983567b538b1d59c008f4c864aefbaf17b95f7832d56b7

SHA512
83403378724a688f7edef9df4d7100897f42e39dee4ab94b0e31daaab4a47b08911a4e9f049a05bb20851c6d879292f83c6e9d3bb9ec7197a34010e4376c5f78

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
366e27f173908eba2fa52296f3f3cbfe

SHA1
bfd6b4b961f4b6623b7945f4a0ccfe35da017154

SHA256
1361abaa452fa3253865f7d37fe2b46b7593f8d044c3708bccb015f92fdc28bf

SHA512
26e492d35300d5094686cc50e1e9b2189ecde4ec412a21d39a427cf3a94e68aa908486f82f1fd2b14c81c812571d14aeba327e37e94a2589a76faf5e00ed309d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
87e2809d219122d4935025d55a296fab

SHA1
5142d6732ea24623e98591f2547a130b6c7890ae

SHA256
95778594c4901bc19c73a75dd6fc11e98d96a0d36d6f46a7d5ee74a9838354ea

SHA512
3912d39d36cbd251400224d4bcd18395c72b9b34117eeb566c15f71dbf98d0d5c5cb725eb269e61ed1bdc07f25fe06e101126499fc27967fac79ba181b387518

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
ba1218e473c3483bf450ba0fc10efa2b

SHA1
510a4e62f57e3e3df8bc85dfc713ac10d43ea90a

SHA256
6e85b983876370a7344334a73451d2fbd5a652ba0065a8842665ac46936208f8

SHA512
de2e9ac8b28c1f3d8163d5db4ba125ca7778c3b0871d52411243d5d5773761aa5d225fc2d85957320af639a9f6fdceff3c95a6bdf755947c0db07a2d86d1e9f5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
7b2691ffde871011aebd5ff6ceefd416

SHA1
670f1d73906bb1a7a4d46c99d440b397de4db25c

SHA256
55316f88a83b9d2024c88128fb284d9fc9e73034571b666444d170a457414eb6

SHA512
0ef3e2c07dc4a318cb03c2609d483a6600183666938be590a2973c94bcb75c599247d3e4edea82a1512cbf538cebe3e6f36f1b2ae94f97ffa4168feab90f159b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
8a830a8e4bf33e4fd7c89417fbc17cdb

SHA1
7886a6d4af21ec420086f0d0febe2b68528bea15

SHA256
63d209fa2dc2d74933659f2aa73768ea14cf1e0b3a9a65a73fd0f0ded9848ab0

SHA512
726b29df0d73d3615f100abfddde46a4ecf5b434fb412fc2859784a480efc7345e2b4a369205869bb698b5d25d77faabcdf01ce53f7403154d88b4fba80e9d77

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
38fae3c09cc9ff7bf7775e70b7bd04d3

SHA1
a0a09705572332be78a8c07d5b2912310662c86d

SHA256
d9f83834856ded1416f3c3af18a97e96353318f96c01ccb1c0ab9d8c23e4e8e3

SHA512
72a5ab181f01d896bf1378e0fffeb8a42140b918a43a65f3812039a43862ae80ed6e2f7bb7f7e7e85e866132b22f30df98ee1e32a418c13c69c445a6ee0a3a40

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
871baaa74a51f05786269761189153cf

SHA1
b6e0ae52b1d06270747155ecac60291f53eaeea1

SHA256
0d14d70b561d04569a3ae1f2e3bf17752b23d2ad2ab35816bcc04541e62b14e1

SHA512
1e92c167f5be557b5c36fc446f866ef2e841b54ffa3f01db9d7e23ff7901ba6cea8298bc0ff93ac7c7f03e78433bf3beddadfa45bb2df27e88ce136e3527793f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
8eac1e5eff4cf6994d9b2c737c07dc95

SHA1
ac29aea3e840694d55d247ac835e7f8fae02857f

SHA256
08179353ab9ee19c3308eddb5a2e0975c49561bbf0af378c0f093fbd9034794b

SHA512
5a04193aa6e4627af6994b330e7b4a57fbd10b7c501f7a62386d5efb08d29f099ca740d5cd5b7fe8c05c3fc92c486064d78f9be13452151601fc39ede5a43503

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
5c4450caa7efd530052a478c36e62fb3

SHA1
37ae856f824524861ebbaa8f2af4a7b18e8b645d

SHA256
5ae162598f0baa51942070b4e35c5e4f98546056cb09e4fc43d75b3cf42711bf

SHA512
6bbd909b872f00de605dc5c46e8dc6852c273905889a347afc808a31f8ca0f8f0108694bda53a4f652547436c512588e6f14886c59457d5dd5d08d8de137dfee

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
bbe8d04386c43d97a4cb6346e90f4b8d

SHA1
dee4c260f5f710ace47089a534d4df5d342eff57

SHA256
f0adc94a90628d35e8e916637ae9f010ab4126d4046c35e65d511911773b32c7

SHA512
69dc7c9e81c61818e30028ec857bf8acb5976eede5ba89e81a13772661abc3487b5fd0ac130edd1789d6a7f02ac4f54e44bdfe189db8e54e8ae245012d5d9546

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
4091df1d4094bad91a447a9ac4c8d4ef

SHA1
5a0a7e0b393b4875ee6efbc7f054b9f8a4dbbe4c

SHA256
4b62efc2d0c0a87e948a35072246235e3f05737402fc94fec25abaae170fe02d

SHA512
1e71a18a5e863f4f803bc561962f9c43a27d847d3d93c33598601066a593f5d784a9dd7e6556aad94c544729eb0395c911b61a6e04cef24ac778343d20f97dd6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
1ee46d4fdc84b4fd8a77853fcbc03677

SHA1
bd97d07f881cbd15c5273e3f444c79499650f909

SHA256
295fd7bbffca76e95f65a9352844cd3064b91d19afa3a64beb61b706aa4fb8c9

SHA512
80c97f5ce3937bdcc2f9da052d7afb2fa966e2293a74757eb16a74c20250a5065f774479ac2e159bb06be6c14fe6b38c3515d6814f1dd29f3250df8796fead56

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg.777

Filesize
2KB

MD5
ff95551cfbc52de3233835ee93a11d62

SHA1
3d9369b1a9d8fec615c9704551788411bc7724db

SHA256
b82b23a21bbed24ec9da61d3c9aed96edd7a6b4143d48cc898b11b2f4afd7645

SHA512
bf2673da3e958b4cf951b49f706106452945bbdf63a0f9e46c09056a8dd4770b3827a48ba2895761851f3908cefacc28446da2da360081b885e8f3ee112eb51b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
1cc9d26fd46518df2aff2fe821641f87

SHA1
5987971111cf6f226b82bb68352fad6b3d9c4d98

SHA256
01447c6f493d035bb04b9bb279b85696cbe983b838df64ffa113d93817417465

SHA512
57b0e8cf1933c5cb5077f6c7d8309033d1eed66d6761c68ba0bd787642eb5d757bdb87013babe91dc823539b4c82c135ac78a04a4d0b523d8c2baf6bdd8e135f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
5e80101f8547f8c5f7d059653cd2b968

SHA1
2e09d6c442f3cbd3ce0fee8951e2b97654d35da4

SHA256
c2735b774e3d93bf94d7c632ca9a6009aebf5c1381c744d9a07b5b01cf55a596

SHA512
5d419ba35937f225fb7d904c849b470e6105c6b6e4fed3a6465f10ecdc7fd75bf64e719d0c93225b95162386b58fe96d2e7f7a83f30ca2ffbce176d8a7bdbd0b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
751c2511c46dd54fdc00c94207d071f9

SHA1
7e795bf574d68cdf02bc28f4947e79f4887006dd

SHA256
8e3cd15a7c9df2e8cf6b2dcfb1d6b627209e772e9c5921bc9cbedf12b5614cfc

SHA512
dc9912e0fbd7bf22bcceee6c57150c8d5c44d5928a5558c62bbba8bd2572590b9017211a6985409be6afeccea974ef3dac3b2c1ec6e4b37f66a2aec88c12e2c7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
c90023d17b6e631cc1186e429b37892e

SHA1
1d20a6bc84b15d94bce280dd8e8efa2e0cfaa357

SHA256
0b94139a392858b76428fadd138f22263da3cbdf259d8a95cdd9c09b17e5aeb5

SHA512
eee6c595c6b11b09aae2131af1d69d366f9ccac0e8008a5a5d997cdaa493ecb08710d9ce601bf56717409a89a8c189636cf7c420e277dae7b7d6a3444286c270

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
370d8645bcbeeced98f1953366ef1b55

SHA1
33594072933cee3bf3ccc4ea8db813aef37ef6f4

SHA256
94d933bd8f22c99c4279c99dd7d76066a08ce3176e94e2ca05dc01434034810d

SHA512
d9c42b734256f37aca49f0e9326f5abaaa18a5e78112a80ebc531616a0ccba74754196a2cd1d1d67349586551541497ac6366729641777e8cb068f40a7880f3a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
91febd6dd780afc23137a89a4c9e7561

SHA1
60eb6ca9f55283198097086285b060d3da0b5e99

SHA256
49523fb56d8185c0c24de67faac97dee514564213156e6e06b3e071f3955d4f7

SHA512
92207943bf99774d92277630dd803e168c1d32ccb6249bb7893517a24236872e7b5c3a4a03f1f41a2131e3446347dae61b0f1e643dd65f7d99ced96cd3abf308

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
ef104d4314677ff434746fd326e6ab7a

SHA1
81b046b903ad828a091f4db7729fd0fe67888d4f

SHA256
456a8c1ae752eeb25c40f942304a9b5c6f2726161c427e0a94a92111663be557

SHA512
2287bb6e2484360f059fd24a6f9e622a5150c482affed731f321e23cde1b7645565fab25b2c593b5545fc57651c1e750edf01b4e023a1d4728fe9d8aca80b70c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
0b7d75c166db3baee82376a775112c52

SHA1
3670661560b8492d80fe015a24ab46fe9d54a196

SHA256
0eb216684891f226e81d4fc6512cb7541702bbbdccfe317b7baf308e9a18a783

SHA512
3e8eb5491c88d64ce685ee3ec58ddf16a84d3ea1a3c54dcd7ca4368568ef942a4ddb0ff56a81a795bf277bc06c1e35aa1768330ed46af7c4a90b7fc1381e9994

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF.777

Filesize
267B

MD5
bcd9312f2425abe95a8b9c46da243d37

SHA1
75d480dd858d52bc37a2dff3193dc38a509eeb8e

SHA256
c8aa6c6f8c20082e8bcee13e6ab54c0f653146905bca93d6d189e6d4e9c40bd8

SHA512
c0a35d630291825d6a7046131f0e1707a0576a41faa20f1c2287f8a5927df2c1d18c2e8806e33906d92c9a6ac3ccb0f67eb7b11a8a8e2adf969e74ac4ab7269c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
a877b287b72f1fed4e40dae671c54419

SHA1
5ffcb9f10b23cdd6e798b5e1f011408a5687b766

SHA256
c2a29ddd2c9c2d62878ea01b80673d06d355930d84d9d37beb11cfc9536c5bfb

SHA512
abf33cce544210f6fd58830e38c1ea16749629464213dc84ad638b052fe8437a722f39f9263841879d46a891651f001d5ac4bfc224dcdacfac1b6a5e0921e8d5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
41bc2aebd1bd413beeb4a5f39169688b

SHA1
cabfcbddc9a893e3aa1ae08f8f4391deb62614a5

SHA256
9a1799cde5b83106b76b81b560fd88dfc691c13f828fa5b9662782da72df3cec

SHA512
1ec9bc60fdd0b55653cc3ed49c966f33f32f8a431f7c10cc57538177aa30f986f5a9151ccdb02a31a2437f4e2769e172f3fd657843d3852cc9d463feee71150f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
71985bb76f329d7b0c32cfad8b970aed

SHA1
4586be5ea1a8452f9bfb4868d9e8d6ddf2079526

SHA256
3b7b62e0fa0ff5ca0bb401e0e26b27fac78ed4d50a1fa4129eeee529aaf78344

SHA512
2bed29ce387060f458620796ca42aa65b8ffba2e4d04bda7956ab9800e7d6a559dab622e1a04432a5ff7e0f8d610210a074f8d4acc22f8b44eda1a9e76ac111c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
d2282560d892d28e93dd82e07d8fdfdf

SHA1
f5e87f2f8a7e157d412002ef49b760b456ba6aea

SHA256
a9e684a0d82430709dea4064e7921e1cab0da4e5f09b998bf9b381923a62660f

SHA512
4933e0a83202f9dc1cee4ea166bf13e51e83fa29f08409b8d222a69cd25b2ab8f8237b7a3f8b878d4e61ab873d67ed718963821788eca96921c3a47d2c800e31

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
705598af02ae3c57538dae2eda4a2820

SHA1
e9e7daa8fd4b5e9650310b680ba753fb409cd215

SHA256
6ddc543c8485f5179b65edbfbe87ff8fa597dd0759fb384f5556b83eb939bf3c

SHA512
4b0cb608e9bc1bb8186e1407bd11019c6ea629b7e43fa7a501f4f18fbaac0b5bd7dc148f33204cbd286a5b5152cec12fe0dcfa11dcf636d20f6ea0b03192e04e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
cf9bfab834f5f8cc56150f246be35ef6

SHA1
0165d6e0bed521a81632714821215dc4cbea2b9f

SHA256
9ae095362974ce999b31edde932be2e6498e1d669e15ac76f9b3b983e9e7cd70

SHA512
7bf7bfeead92bad38b103484fd86b877f78a2c01dfdd61540c57a702547ee7eba532104baf855e15ad9084fb93a6abfa7f3ef3c1c8ff1c0a65c5e51f1a0b0cd9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
3b375640bc10875ea7504140cad0932c

SHA1
84bcdfc0cfeedcc6e306c04284557aed41c7b6f0

SHA256
8a06d9cd12b96704686747360b5191391d9db668e44b75b121965d9c709b375a

SHA512
b8625e9c3c8f17186fa95a890e1baacda01a3ae34852b6bb5debb45e6f8734dd86f13621457588b97340354f8c3b8ab424bfc4c39e2b677d9a19fa6bfb285187

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
52e06f3a11cc4d0a9400c53819756f0f

SHA1
a298ce6edd7b63773a10da40e52e3f9274707937

SHA256
15af3746107ad8d5f3bc4fe7a7760430b7076231c50410f54727ba60be047dc8

SHA512
bf0516b00ab863482de71a708a700abc3b5eef8db432efb06ec54fa59cba834e2c2d6833e07bf15ebbc38cadd9383acddc0dc7be98e7894b79f3abd8ac38787f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
12dd9126aa552508902dd14c789df47d

SHA1
a009f37c3f2df2c362c2141b1906265e90f022e5

SHA256
4c0d14dd9b0e69c1ad0daaee074884f0e48ce76fc5b6944aa1ca6d32f8772dce

SHA512
f651c5e93a7850653cf95bfc10b02c34dc17e6fabfe21605bed7aa68dd9bf8220f98994cfb9f422ad44f6e6c6bfeeacda91da551694774203a063100784c6cf6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
75c802c4524395f606cc799eccc05d37

SHA1
b7ab5ba7bce64e0d307ca20f55bc37d028af3103

SHA256
390e8d071c75b96156edf6e00ff9f60d5f43b6d8615b1acf6dfe8965c071a6f1

SHA512
24c610652a242c3dd2a37fb55a8f84e93957dca50a4ee532ac771815026264ae6ba55b569fdcca8251b3b299137846acbad2c8b528dc5cd1cd7cf3dd30a3cd06

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
3f1dc13fd28957134c8c3a421014123c

SHA1
3a4265f516e6d399973e41e28839d5e19c3efda4

SHA256
e48fa746c8eb0d026b7b6ce3b1b63576b1e52611fff8baeafc0c559fa65b1c03

SHA512
1e828554e24e0ffeff3256c332d99188df45d58c6467ef4254857a1dd4131c200902183823b01fa564ec7b6681f6fb3a1f011b34f3493a06d68e6c6731039c7f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
360063ede7295a26707ed8a68ad53967

SHA1
7fa045cdb818a0f26946a3b7e373c907944ef280

SHA256
840c407fc349ff7400008595bdff750f338a18ccf824b30a04d7789f6abd6a7a

SHA512
ea224b05782e9b0141f7b73c4f1bbc482ef856cdf66ba26122a0d5104b6e9f782484923c28a3fcf42da710db2d39271f9e1544da33a5ed8ba06ef5cbc601b576

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
d5632869bc43b5e424f2527a5013d4ee

SHA1
5c95021bc1e09b7acf046400a94d55b612b1cfd6

SHA256
1ea9a284e0ec06ed2a02099e456e88f92a723e9c93612ccb33112c6f67db2a60

SHA512
27bc48bd8976169022c654abeb8e8c042fcb0a136acfa670c956d521f3efa5bafeb5081e0626543412b94a25a147f191e2416154aaaab89417f2dc4f275e1314

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
4240cfd912e5e62631db5e422f6b2185

SHA1
ac00fd1a8b335b827131d0582abe71e87c298495

SHA256
57717c2f01dcc7ef5455d846dd65ea54b862cffc2c4629326e4276559f9d4f09

SHA512
5876e5b32dc012d25d58f7797676768ffd2db9b18da99fc8f30d56ef3ca00a525148e4c93cbfe617851e1346a44d3ca40a8fde2508159b170f15dd27a2ab7b7c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
d830a409dd28542a57d55988a23ed555

SHA1
b4d093e6f32e912357ca0de0a704bfd105fe1e80

SHA256
4812a41f5a1af307736f3889792a965c91a9d36c44e0be11bc8c7f9935418393

SHA512
9fc7f3a1e3d59b3ecc031a8eed9e81c7f3694554836bb575545771bf6b08bdd5aa52ce43a28e6cfd2f26debf2bd6fff4fbb09e26df3c1fbb29ef657c8597f381

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
76fabd10a202546552547c75c396087e

SHA1
8f36c99723f7e902e5722638f3115899f41618c1

SHA256
4d090bf542b3f4712e775bb77c81a2975e1ea3ca0314332370eeeffc59b76526

SHA512
2c3d78560cc1ba9a8e7604d79c388045752cc5e2001c78151bd02c29595173fdc931d7bdd49ddd87a71acce1237a70dd3c392cb97a1a9240542b9ea5f2f604be

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
d764f1990aad8cf151601165e7ff2074

SHA1
af1a80b9d2fd61aacd3a27e0aa461ce715390cb1

SHA256
e544a1b047349b73e2787df7b37e217e2a7e9d3d5a7ddfdcc5b6e436d75a30fb

SHA512
ed963a5655602cb69804bf9e227481d6e042795ea308e9a2162c0fd0485c4ac8a28b148687c1a76008fdf1518066ef56f111b4faa599ebe73216dda5f9598a8f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
36c9f143cde32c3fe805502e7a10ffae

SHA1
4d3bfa74de723953c1f00fdf06e64725052b30de

SHA256
54c138493bd3d0e31d31d2bdc1eaf34d11edd25942e4a308faf0acd8cf73a201

SHA512
f23454d204a727bb885adf2502e3ae708c8bf64bad2c1649c463fd97d54f0d11474a2c8d0ab8620c910e9a0a1de4ab70913436dfc29d2e281c13ce11b295b1ee

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
0f4ae29c404ce46d794efce16eb44c15

SHA1
477825e203da8d23c19508683346001673493e6c

SHA256
e03d0adb07c3ff7f8bcf554e95d9d4796ac12dcb5f346a70d6a7e098b138b412

SHA512
2e6d4b910c52b0e28eebc0934fb5c8e89f5af5b0247e92ebcfe36ab5d23e491d9a2625d59f1b357c52aaeb89902382b031ffbd214088ae6795b8a1b1dd8174cd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
3d4c2d15ed245ec290b8be90ebcd69af

SHA1
3a60cb5c9ed8961ad5f1dedf722015dc8835d5d7

SHA256
fc474b0e8ed86697dd631620c5195ebd62ee039d1949d76e5f23da4c96d2f653

SHA512
5ba5a61a0bc556a565384ab1c90518b9c410b7ca37f9a3289c19082a7d3931813916ebc58c9432ddfa27d87555d94dfbb4be88a770caad98ad8ab14a5cbe2482

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
993731f42c524b9c9f636fcc3ffa99c4

SHA1
afce52947b03a648e05fe832ecd6ccd0437d68ac

SHA256
1c464f1bd02c3c9bd7b24e331a023ff4baac606e542e0ad6a320cb999929477e

SHA512
2e476eda0aae8b7612d24b4ce77de6e2c926966b41f3f865dbfc18cb34cf23f0cb64398529c519f07967ea30a90f0d2c744ecd5dc147be4ac8f090855aaa5db1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
5e0199f0a2d4f1c78d7959af55c61b76

SHA1
558a5fe9c382cd6d0a53f4f5c0b41b295a1890e4

SHA256
7f63c818d2491cf6da4fe2850002dcff2006eb94a6cd1136f7a1715ec9184672

SHA512
c9d336f04891a2924b29507a05742ddf2bd094b9216abf82b2b802debee154e7cef1c819620e9d91573d1e1533af2be07f8d5e90fd9e555df2c592cc4b3f24e7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
594726811d2092852d78798c8096540f

SHA1
13f3bdcc5c8ce5c382c7d7d82d33bc2b4ac65cfc

SHA256
9411fb0f8ba0f88585ce165f0b1f10af98f087f64e6ae1ac31ca4d5db226a3a2

SHA512
272c21fea037b467a99c930d1807cfca9f490b27ae6d8b9f65ba42b9f349978a5e54ca952ad4b24cf24690b2ac7860cf6b4c9b4fbb68223944b78bc76f4cc80d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
009e70d42b521709d561f256d6e30411

SHA1
058429787baa758cd4900f1d8465a74e548162f1

SHA256
c7bd4d349d60636e2453960a2c27b7e3147447bc99e01f96369a9b94af43ed05

SHA512
e312051e5c3a41ef4c2fe519a9145988f48303e0bfc2a5662fefd33df8d0770a63959c650b80ab5bcd6c06dba45e1e26711b4689e7fbfc68d310634eb3500851

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
9c6e71ea0843ebd4c99f32debe7b62bd

SHA1
da9032dc46a8c7680d47934aaa18bf56a129bc52

SHA256
770e6a08e0374aeed68ccb69647ddcac093e1079c5ef18827900fbe705c25bdb

SHA512
fd8b7841381b2ac62377122c9b586101103223899383211a9558f529c247842bcd532c793200e340e9988f4ce3a54b107d2b1c3d21fc4cc3de035c7a20c67fc5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
dca2a13c90580da0988759d39d99e7b3

SHA1
d1f4376776265ee64592aea939ad13de0259ab57

SHA256
6a7d7625c70f7fbb366b78027e36f92f4e2db031dd6a8142b8e046f79821f97e

SHA512
3c81df766c31b0368f192e179c427aadc9e252c6d0d11635787656fe118d97e43539d14388ef46caa8ba9da9c88daf480ab19c357d6a2d4d8b1eb566b63fa574

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
c16c0ed3f41be681fd08d234426f3cd0

SHA1
3c09b2e1064ff73a90d3a8aa8be489243a52d03d

SHA256
4e4c84a7fd8c4b571a334b8d54ab5228d8e206a6b55e69b6a6b7bfa51ad614ad

SHA512
b436aa8ff64a332c5b4915cdbf6e92e0b759581ffb8d390356a3bf3440be544616a58ff3b49daa501a17842a7b260248cf9afd59d554f354b42385e508d80f9a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
03f116b41b76bd5acb3e99dbb17755b2

SHA1
dd568be4ec0ce33562a6b95a961817dc545cba5f

SHA256
c92247943cd5c82ba7785596c80d041a6edb2e892d8c8ad4e34edb42219e9ab5

SHA512
3ed96c95cdb36b3d6dfcfa23dc80b053d2444e6c5693a5b0705145df1c9903b9c88b9801ad6f435ab9feecfadb283538a5edc9642beaf9b1fdf8802e9d2a3408

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
32ce67dd7930c2fd9ec39e43d67b4007

SHA1
d9d868053729264e14bf90926979391fc8258c07

SHA256
4c72dbfe332ab2fa6817b6b43d19a64a2d83d4a37f52a1d407bde5a79e4994bf

SHA512
ea3ae47701a7cd359f28e8c2193b130d031b51ae236be305462b8c2260f733b0570e7cb2d3469e268147160fc0f70b2cfa6b8f00a5814e90b196a5808e4165ad

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
ae0b0e36c1d85281d7f8dec8e2935806

SHA1
f618b3606c3b5284cfde9a6f60770c47cbcb1bcd

SHA256
86f522bc510d0b3e5c796cdf51977fd875dca3f634fc2a7e76323fec9d73c0a3

SHA512
58ba76fa02204347c9095fc17dd64f9362565b677ab7695d5cdddcbce01462247a9b90665690f654074ebe83f088b7b7a9d698b1509bfc050a5525c4dd7f527c

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
e94bfb63a708ce099ad7a485554875b4

SHA1
a9607a3a10d749dbc91d98313ddc95ed5bb22907

SHA256
ade8374fbcf65118718639ae1ca77e403016e0882bfaf476979712eb6e72f90b

SHA512
64f3bd208dd0bef2651fcfe93e456667969ef5863c4b174b15c7b37f8ac01ace0497f7c5a2be558c1d4df5a99ef0c2754dce39afada5b8f5c36fe3d9abcccf09

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
88b5a873b651e29402d29363876e7a07

SHA1
f1197a37a50ec3b7604783f55dc69c6fac6fc75e

SHA256
07705c344cde439b63948d6d1eb13d56ebf95ddf00e2f4c6e81fe60048f740fa

SHA512
9124eacaa5f4f34bf24547a393ed62c0eb27c4ee22b2d2fc7e32e6011cde7590b190dd51cfe212d03672763df4eed9ebe0f9bf13e5875bf89bb19e509830ff07

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
956af2d194877173092df055a0dfbb3b

SHA1
3eef9c56a41eaa0aba7d6e4210285fcb82681548

SHA256
61c67ca5be053c5680488e66cb81f94efe7557b69179bdb86bcb95621a958f5a

SHA512
6550a0b82e30950c9879eb4eff6a3c0b651db6be500dfeff7cafd158552a4c1a2baa174a2b2fb9da45fcb0faedcb680a20f6542cc2a740cf86013b7c606eb8bc

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
c89f412d95bcf0679f600242e44f089f

SHA1
fd2389b0d5835179ae32dcf8732e7a435de59579

SHA256
56d07b61a464df1a11967d92968f26771868a3e8544a91288c61e3ed2c342d85

SHA512
f9f53e87c5ac7e4c9842f9bb11e53716511f2fe78aa805de8b2483031e5638425653520187bfaa79f40b2772fcbdcb01020656b3c3e69cc18bd6a1b6993d0657

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
cb11ca35e2cb2aaf3853558ba3546072

SHA1
28e26a78dd3c1f60cd74ae521aa5077c21a4a890

SHA256
811b73637da56727dad6173748285d2527f6d5881056d0cced4555fda687eaff

SHA512
25a494b0daef5b9a6896c46482bbdd7f440466d9b15a3a5629b9824b7c40a7781ee71fcfcf139b5eb35fd6ff02ff723ad6bbe045332a5eade21f404c56c73b81

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
70d47536a29c60815ab16f8c11656c0f

SHA1
1eaaa46656c8887535b060cff54cf33f1539ba9a

SHA256
48eab7534dd63e54f79c15d2788b5af3a0c016916dbefdb33ca926542054672b

SHA512
ff97beef0e1190d9a79fe1a8618842784b392fc075391e02b8e28e811e94fe3e6c5a2ad6c1a45f3457cc504c61b1cb3c3ff1dc6074d0a920179ab5805dc31367

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
475b82ed88e2e15c77aff0f7e3674560

SHA1
e6cd530356cfe3b47baa3554a0b2078913b78b49

SHA256
a6b0920edd7d8688b0d77afa0fbb2337450464ad23d16fe7729f10fbc829a13d

SHA512
b17b94d474f9e573cc4375ff5024156c601cd2d54073c8c74c0fa8257cfe9d3695a75c97f813bc6a12b2f7435aa461aea017044191bd8ef2ababfaaf105c244d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
57a075bb40921480efb9b3a4b8d6ece0

SHA1
df02581f6438e4e73a2e387ea157848d13657866

SHA256
5f990754ccce7cb2430ce17080c52490735dbf7f74d81ba05e21c21e85524cf5

SHA512
79d38aa753f422c4639a575bc1dc462e0c4a8a0e436aa5d55563fc6d0e3631d228b1fdc6dcd419b6a24336a9af1fff3ea3d8f0d437a0a62057bc1e373ecb2451

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
2c6c22da606f975b845aac3f4ca8f2da

SHA1
4dc3b4bc217252947e5f4c57ce2b99c5522904f8

SHA256
52110da0780a359e9511da8ce052e3008a020edfafb3780c5de538cbacc2a7a4

SHA512
2c8fdfc059ebd0d902e728f9f06422e1a67bf76138116bf7fa61586321a380b9ce06591b320a34c255215f0953ca6f96b12978e85cc61f2cabe6ff9d540cfa12

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
384eb6122868168ea33c7760381ccb12

SHA1
f621db69aa9e2ddb398ebeeb6ddf04e560818eaa

SHA256
6fae23276263a55f3c75ac5cd70a91eaf62ad6ff8b2ce1db1f49c5d0e2a7b141

SHA512
be157411b9f0a93a1af3abed6ca220f457adb36298a93262319a582e7a46127ec1e0ac29126646e6f11c7aade9ebc1318a2d6c4aa751dd302bb3baddffbcba8b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
6ea853e9df8cd7f9ea5ccee7c59268a8

SHA1
2be5d4119c4e4dbbedb151ac72998d50329d5e6f

SHA256
e00a97ec706535a7edaabb56dfa8fc837eb6f737d1798512693be6e1df310eb4

SHA512
bc28d6e3e979aabf39c72fc54e83881e453143918ba93fdac1709e23307f6c8503feae18b011875f026bcc2f98242a5f4f35bcd52d0172ed9e0e7d64a35ea193

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg.777

Filesize
8KB

MD5
6a19c7f3286c5047bea5c65371f85514

SHA1
f951f26c6d2fb810b91914818103a2b5b1138f1f

SHA256
c9f683ae5c40c3007676154e14c3eccc9bb6a66d36409b30720a001ff76609bd

SHA512
5b4d62af462cedb3ee8ff5d764038f0a08c2e3168a4da38a2591380dde2b7cb3b4c76f642daccfd9606a3652788b30cacb1d74316b03aca8cbbeacafd5002526

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
72046d9ce2b319185af8e439624582f6

SHA1
46fbb2926f66469ae85f39082fb46dc868dbedfb

SHA256
fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd

SHA512
17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
be762fba04d5648cd22359b831ea5ae7

SHA1
5291f92a6f5c8f753b7bdc52cb9f4ac286e16380

SHA256
33edc7f72dcfb3618ca843ada93881d126c69202ec419fb2208fd1d0dc0d70c1

SHA512
ac622bda73841be6fad49e95374988a4d95abd9385c7eb00e1f3a6f365d8e90ed7b3d230fb8b060f41907b300f7c4aabe32370b1ecf5240225f5f2140d7d7433

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif.777

Filesize
90B

MD5
ffdda14727e59da2c9a9e34f4e8dfbe3

SHA1
bd54ba3751488dc4a2d6408d9111f0884aec75f3

SHA256
71cd041ba3ace679ad584037ef9eed80237f831035ecf8f7e86c5db8b091563f

SHA512
82ea0c11d66c711bca444cb9ff55e65d344969db7e0984d612c6703737202d12fc081c43b4d7f1130e1f7b315725ba8cd5c67ba77e8cbc968fa218932e48bc4c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
3402b3dd63c9377fb8563a8b264dc1d7

SHA1
8c65f62c241e6adc93f1e7b26dc3a3d6f299b8be

SHA256
ea67ae9e7196e20d34cfe514311bc9e509eaddde5be2cdc729d8cba0763f711c

SHA512
b8bab842b79fbed86d922342ea668646f91dc27a5437122806573c7c91a482c10e37e3cdea0679657b387cffcce0eb969602c374a46d98174ac3dad672af1577

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
565db514ef7933ee85e172e794963d5a

SHA1
ffc51eaa52c6ffd16376151eaf2c0e3dd5ceeab2

SHA256
f73a21a924f59eb27d509804050c3e6172d7e0e4062fe8cafe9b15cd1ac3b784

SHA512
995b66a4b3730e2eb866bc9eb1e502a9ee245f1cfa4ea1491dd849607b66e3cda0875a337ba13372c701786b2b6f4cc9d003024dcb8f1e97a95b6d7b6a248d19

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
cf67888208ef729beeaa70aabfe3a9d5

SHA1
7061bf957d9dec06df34d9a26dcc2179d61b1c83

SHA256
fed954e3abc0fb70aa06064f96cfc7393cd664a569c217103f3d50a574bc594b

SHA512
33d45a1c96ac09df897f43bb0a027e692b75bbcf920a89f9484c476d0ba12be649fd6f8bad7817014c486a0cbdbe445b79c77ec13a27b9314f8e0edf7a53ae0d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
47ba5821b2091d8cd61f84ed5b52110b

SHA1
0f28dabc9ee64d129cf5a032437ed215e5e0a9be

SHA256
81b260e3fe58971c9b4e122a3ca1bb7207d6d2d3c20f9551a0186f7d92f634da

SHA512
0aa14ee3b20eb79ec2bf237ccc01de380e30fe27d3afd2bd20258e4a561ee4514687c2af16001a7ed00ebaf566b7dbd4ba103b48977fc6c61f66d8a06afe5b94

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
dabb02d3ce480e6227076610a1b4b762

SHA1
7a7d598288164ffa3b4d55dd1245b7c9b105a26b

SHA256
efb57e58a641330d3cf4d577477b4bf0e6307d43a2e0161215ae27322118d9c0

SHA512
beee275a94ffec468e1492e8645b1a77aa49a2d48b113686ae22e7a3d87fe95fa4b1b26e5c45161a8a9c9a1a286540941f5bd19d7a9b563324beaff835afab94

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
3e903b6f84f870dc277e56cbd57ba159

SHA1
33ad8ca3c6dfa8c1d29f3d8e58da49f08b28d67a

SHA256
2943e0edbb7bc2fdba373b36d93e42c06f2e87618f2bb1bc466ad31c4199b97e

SHA512
80bdff9d6942c014ce08472413c18d6b8d01e30584fa1125af61852127e46f7b3cf69fd83530bc9948da9ebfee6f2404ccc6c7a39539dd7b8c3535b4573a4b43

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
998da23e4d77ddccd0e8fe0aeebb29cf

SHA1
ea456113baf7d07347727e11a908891ff1d1a2e2

SHA256
879fc75e44d333c014517cb50737f7f7cc33721b88680ac200b9e2ebc2d15eac

SHA512
1be2f6a5c96338195b242b69c39c165f948a16e4b0cdb7170b6896de63f9b89370c57766f2390c5f7e9238a2cd3fe7d9b3090175beff9477dd5c566db71fc348

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
2cb85c3b4fea5250d383a34dd7983a28

SHA1
250dfa97310c7f63bb580cbc74a67a92ee558843

SHA256
ea01d4a0fc2509395eea2b84f1effbe5c11c72486266e54b7a575bb61ecc845a

SHA512
1d25f30f7088afb1ecf0a3bbed11e2531000ed7729aeff5ff8c800f28fd3fef96715836b5a388aba2e1a8a8c63e425917e5bc7132f2a0d391aa253f2016f9f8d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
bd8f0758bb11d1101143f77c7c98220b

SHA1
1d107175ee942b76e3472588d73ba32dce0887e7

SHA256
704fc1a7afb1fc74d50e216c636a6ce8af9b7581eadac5a566bfc272ac441411

SHA512
a5ccbe8b4da7e1f258329941ae2eebb9c823738a03610b8b4b5365f3db1043cae34096f92d5c55d01856c4baf4a50d73cdd74d37e34c5bf7765216b063d24cf6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
6b625fe1028a39890518c02201524fc2

SHA1
0325092efba4ad49b1657a1eddb09b79b7d6bc3b

SHA256
ff3b1e8ac089cc4da2179089365b88d283907e181552891cbb4e26cd4bc28925

SHA512
07b35a011983743be94c32b39dfd484091851b1c50f1ab48954bed490c593ab99d55aa396e92e4d862f49a842211ac8b1322cc79f535a42379a800b0c836c71f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
736e17833c0d1361a85dd6a0a8a2b281

SHA1
00f7e70861e9767061fd6a4176cb452f892bd907

SHA256
761057a82a71b1f9112a45da70a58676d77b708d4ef826557814fbd2c57d35f4

SHA512
648924b6876cbb9a9a1b77cbda3b9c628bc818dad1cf1f8982ee24dd5f281a2e73d797707b03974b8dee824404ef0578fdea8a0a8a643e76133c1dd979bb2aa5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
bc82e13c50c49fbbbc356aa29ea2b451

SHA1
fc12fcdafb548324711bccf93c30d1238b88d83c

SHA256
d67307b6a8673b84eab9e7cb237654389dace12e3c94f57b2050fe977ba3214f

SHA512
c260c62e9359cf5150b505576a9865fbd2202af497005c132f889a4f3ede992033f1eb206195ecc65c854f436e77ba9347a7d191115a8206445dd60c6c00e8f9

Download Submit