9f90a24dfd52a202461f7eb429f2d33cc92434d43867b4cb9181ffe71af0ee3a

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 00:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
Size

12KB
MD5

98329b91ca1d4022317f9f96d889ed5e
SHA1

9b11d747c8df78b077eb435723311473e052c20f
SHA256

9f90a24dfd52a202461f7eb429f2d33cc92434d43867b4cb9181ffe71af0ee3a
SHA512

f5c37bb7a037ab20657f2617245dd9186c00df13fb7af64f783b27248c24c820703d0188f8d85d743e48863cdd4c4bd06fe7b6bd39446bc05eae7d99556cb8de
SSDEEP

192:m/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMqEmrQ:mebFNw4Pk1itKkpAjjI2YpdmqEm

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2186) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57wobqhZ98OrXG8.exe"	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\adpahci.inf_amd64_neutral_b082e95ec9f8c3f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmx5560.inf_amd64_neutral_e853cea0022c059a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-LicenseServer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Language_Keywords.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_For.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Assignment_Operators.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_If.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnok002.inf_amd64_neutral_616c1e9b7df7d5a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiabr007.inf_amd64_neutral_442d902f3f3dd5b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_troubleshooting.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbw561.inf_amd64_neutral_fe42c0ff14d5562b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky309.inf_amd64_ja-jp_afbb421e3dc1cb6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_objects.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Comparison_Operators.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr007.inf_amd64_neutral_add2acf1d573aef0\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx004.inf_amd64_neutral_2cf95f307381e481\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_amd64_neutral_9b214cd9b78760aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca003.inf_amd64_neutral_8e91d4aa9330d2f8\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\synth3dvsc.inf_amd64_neutral_bccbc5fb46a05558\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_execution_policies.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pssession_details.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_scripts.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00d.inf_amd64_neutral_0600b2ba575729f4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_escape_characters.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_neutral_8887242a56ee027e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sppui\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\monitor.inf_amd64_neutral_ab477c4d805d044f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Redirection.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Reserved_Words.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmoto1.inf_amd64_neutral_bf4b404852955eb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiabr009.inf_amd64_neutral_2d7b3edfda95df40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsonyu.inf_amd64_neutral_45152a8a9362fb82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_objects.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Variables.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_troubleshooting.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_WS-Management_Cmdlets.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_transactions.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph3xibc3.inf_amd64_neutral_1da6abc36a79974f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_do.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Automatic_Variables.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_scripts.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_type_operators.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmminij.inf_amd64_neutral_7c300346e830b2dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Break.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Foreach.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net1kx64.inf_amd64_neutral_1f62482fbb9e52a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep00l.inf_amd64_neutral_f1fa021d2221e2c7\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

Processes:

98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\PREVIEW.GIF	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115843.GIF	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\1.png	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14655_.GIF	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsPreviewTemplate.html	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\settings.html	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsBrowserUpgrade.html	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02097_.GIF	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21535_.GIF	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.GIF	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115863.GIF	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_mid_over.gif	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1251.TXT	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_pressed.gif	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\trash.gif	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_left_over.gif	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_snow.png	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Welcome Tool\IconImagesMask.bmp	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\44.png	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21422_.GIF	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR47F.GIF	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\TAB_OFF.GIF	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02053J.JPG	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR13F.GIF	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\flyout.html	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\blank.png	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Purble Place\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR5F.GIF	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR36F.GIF	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_right.png	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..layswitch.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_05cb8c6bb7a54af9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-rssfeedsgadget_31bf3856ad364e35_6.1.7600.16385_none_07861dacd36a18f4\16-on-black.gif	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-r..-detector.resources_31bf3856ad364e35_6.1.7600.16385_en-us_cc15e7c725d93018\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rascmdial.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b9b89a4dcc1ee7f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-time-tool.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7e3784ce31e2718d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_transactions.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..atahelper.resources_31bf3856ad364e35_6.1.7600.16385_de-de_36468e58c6917072\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-runonce.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_442a6a72371b4eac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_infocard.resources_b77a5c561934e089_6.1.7600.16385_ja-jp_ff888263d4b04ea4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_Comment_Based_Help.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c0e2d3ef42cb2ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..aincompat.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3a7cc0feedc7d665\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-r..nt-v1-api.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2e0574e8036faaa4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\bcad898b90aee666da2f81b0a87a91ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-daunpenh_31bf3856ad364e35_6.1.7601.17514_none_65eab3ba3a64f6af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nbtstat.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a4107a07ff725651\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-u..roundprocessmanager_31bf3856ad364e35_6.1.7600.16385_none_6626671e52bbc0ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-driververifier_31bf3856ad364e35_6.1.7600.16385_none_1660ccbeb66c6cf1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..up-notify.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e69f2956bc7d0099\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.web.administration.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_cb2daa1e54dd7286\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-f..libraries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_33867737402be86b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..n-cmdline.resources_31bf3856ad364e35_6.1.7600.16385_es-es_36103d0b2d48ef9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\XsdBuildTask\90ef7c8e607fe9d71e83d747b02b64c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..trics-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_11b1a08795dae83f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d621267d77d470ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_blue_sun.png	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_es-es_5e391147391d2f55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_be87f950dba0b189\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_remote_requirements.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-rasapi.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b3b76db02fdcaeb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-privacy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0ed961bcb5d8d2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-netlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5913ecb0e9673c8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-netvwifi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_092802985125319e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-shlwapi_31bf3856ad364e35_6.1.7601.17514_none_57ffb773bb4e758b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.web.abstractions.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7e14431b1d10f187\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-shimgvw.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0cbbd46a7b6cb994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..cesclient.resources_31bf3856ad364e35_6.1.7601.17514_en-us_76a51ea2cc60773a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7601.17514_it-it_ecf6913dd55d9022\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnlx00b.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ba3b6ec962a2d3b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mprmsg.resources_31bf3856ad364e35_6.1.7600.16385_de-de_dbc557144037871f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-onlineidcpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b0b9e5b0eda9fa3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-r..-provider.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b81f5f38f99a256b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\MUI\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-fax-common.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_48268639435a097a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_11.2.9600.16428_none_56a77f876c8b6453\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_ar-sa_585df4a7092d7807\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-defrag-cmdline_31bf3856ad364e35_6.1.7600.16385_none_2370c162e00680c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_Windows_PowerShell_2.0.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..nts-netsh.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4a30ef6a5d99e869\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..minsnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5f1b3f7409eadc77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2d42a6783ff36048\currency.html	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..ngsupport.resources_31bf3856ad364e35_8.0.7600.16385_en-us_5153ffae540bad76\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..ab-client.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4aa8294d8861237f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netrtx64.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4e21f49fcb87d674\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\btn_search_over.png	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..truetype-segoeprint_31bf3856ad364e35_6.1.7600.16385_none_50896942163a554e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..et-server.resources_31bf3856ad364e35_6.1.7600.16385_en-us_39303c68d0c12de2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wsdprint.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2ad7f522aaf6dbb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_preference_variables.help.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-tapi2xclient.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e8e4d27156d257c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File opened for modification	C:\Windows\Web\Wallpaper\Nature\img6.jpg	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..nents-mdac-msdadiag_31bf3856ad364e35_6.1.7600.16385_none_5e72ba21938d808c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ZCLMZNJFALTDUHQ"	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\ = "CRYPTED!"	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\shell\open\command	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57wobqhZ98OrXG8.exe"	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\DefaultIcon	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57wobqhZ98OrXG8.exe,0"	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\shell	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\shell\open	98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\98329b91ca1d4022317f9f96d889ed5e_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
307B

MD5
f00ab224a1158a7e3decde3559fb8d60

SHA1
aa121d80877301362612dac27065dbfec307fe10

SHA256
9e05c50cadc1bebe79d80b6a0ee2530157e1cc8b20c6e470e09974087128651c

SHA512
1ab15e40ba2d24977972995db6944af5fbc11a9a9c89112764a6bcec036480f4285419aac7d22c3175c58f7aa6d5c97b6bc1611e9fced6a8b2325c741bcc0326

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
13719a45fafc677d5017e1d62f4c167c

SHA1
fbdb12d26b3a27765971329ca7a71aca6b460dbd

SHA256
00b2ca7b4800d029cec0d9f120dcecfe20977a11965bc25d511d6e224a58f1eb

SHA512
387358ff7b8a6dc49c9bbee14ffb956fdcc0c11266b7d42e52dc0ba34abdc906874ca66457239bb6654bef56e2e917c6fb75b0d40bcc673fb827fed6745c9656

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
9d60f8b0b398d77e512567c501e6b3f4

SHA1
db5503298b39e81b2601e8359845c06ed1a0c19f

SHA256
336c94f4843377ed6b4aff2ba163f5eae33e452bf97a804a3d7663d9b5efea9c

SHA512
cfea650787b398d6a2a4e88aa6c64b83269779a9d1ad2f501ddcb4db4a9fd330d0d2852e1216284e7b1bf0044b583dd9ee71ee399c6ae42e0ccb29bda621dd4f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
5fc14a103e54ee181b53e696e0670b69

SHA1
a38cac83a5631e7eaf98f81b96ead4c48a8360dc

SHA256
d6f745933baea97513f063754dd7519a297578fde3532284cf1c9a3198388ee0

SHA512
27feb4b3bf510aa123f714d2a75e03755458af7401f34d9b36809f5f956afb9dbe9d3ed2747e480ee5ed43641983a2b3b36fabeb1ef7472102b0ca17a73d1f0a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
602cfc47ef7e0ec63878831b3de26fa3

SHA1
dfb08a9fff60b9a5def3d5a61b6dfe6347115cf1

SHA256
92ef029d2b44cd58f68489e952e8daabef1246f016fd7f32f4443f57f7a58933

SHA512
35a2dca68466508f049b1e6a8b7730e99c193a191c5d9e55a50eec983118f9a185264ff32d43902b619fa6964cfdb5f1cb240f96df91f0c90b9110271a16e311

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
7d3d3a7ae6cebe9761aaa2e3906ec4c3

SHA1
97818d697baab9c28318acaa732cac050dacf75f

SHA256
6e081f82201115509cc85e107e349e93efbdcaf9fbcfbd0395f86ad1337d9d82

SHA512
34c3f0b4a66729507f95e73b73d606bc7f935adf8ea1697958a95ef9581214935ab8634b4f622cdd69940759ae766756c2f13c221cb1bb2c0fb917bdcde4f2b3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
60ed92551afa9444c2121f9141bd0345

SHA1
c647b3d526238b23a20366b994426a3544f3ea21

SHA256
1b7f3693119dfc1d2149b5677c1fc3eafbe6b9acc7f1541064abfc664a42159d

SHA512
426be7c4664a803f211246d54ca4af1a4a70e526c34a185a6d1d095c6af2411a890faa705cd83cfdcabc4e097e1e15e2154b50c32bb8723ea4f79ef4c07786ea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
8676155293d234a4fe396c7e7875ddfd

SHA1
c105abec735a4f7ba666b1b912a4b423d87cdac8

SHA256
e8b97e5a6ed75c3e76c502b274529df94bb3cbaed91ec9b16bd59e1ab418695a

SHA512
0e0cad81cec92e7e27a650f5d48ed7a6a11a2fb94ecac42820107dffabcb4968f57da30c8bb1de01998527ec29a141e5e518f11ea61280a19b75b475c41de1fc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
38dadc64af66ce44866f75cb626f95a2

SHA1
dc62f7935d41bee70d9327305f9a6316c54dcc9f

SHA256
87434a59654df82c3e150348d5b652a21096012e25ad60bc56faa480d6822813

SHA512
9aee17df94007d717e6f98f4834c3827dc6d6bc42846400b36f9eae75bd528e35560245a683ed80fa94ebecf90ab12f9449277f5e76b7aa838d3d06b3ff9b138

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
b3518ad711eb059e1c38be10d6bf741f

SHA1
bf8e9a50579eee07151ec6f1b58da1a9dfdf2cbc

SHA256
74d8c5b33ba180076cf952b8d59e8939250be5eda68d34549b531936020579af

SHA512
6fd2c32d5ab6a5d07f8a92243d0ba34742d5d5bf17ab7e282d5d57b9464a71cb4489eb015d95a2cf7b917deec7946669da4932f6f1ecdf0f6b21bd8b7126bd90

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
2b022cf446e0e969c7f04cb9d0aa5627

SHA1
a8a33fcfa1da44efd52b7bf85cad3a51411fa1b6

SHA256
33d656a5c8d2e1ce26974132e1736017cf25c9d314e88e6cac71c12c74e38175

SHA512
db2346e64f57b1608c4c09694bbb41a76036c3b01cafef702e261773d23b9b67ba01137a53d186a5925993d33ff9b9c57ab98777ce7d1578dffa4e435ffe5c98

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
255be27e833aaad5e7365980b5693bbf

SHA1
812b807c42813b8ed8da45b4d364f84ba590d023

SHA256
e061447b65c2f8a05aa3beb7cc4d71f9d4e0a2e86029fccb86e78a05d790d6da

SHA512
682e5d3e84f46786f864fdad5d6017c4f23b7765802e08bb0ad970094acfee3887025ee2d689f0381514ac817621659655033372a9b120ed005a605f2184d882

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
9745472df1392e95cd4c118413c8af60

SHA1
fe7444d1a1e1387388d4d93207cb01b2a618a752

SHA256
bb9e291f2436540ca84d870feca677ccf62856d3186299858e2d467590bb6530

SHA512
a5fdab99260358f113d6a1212b1ba2c88001edeec7288b9f71465519867288399428d4e6f383403385a22d2350cdca6aa45b291aec4942450ca1d0933ed8c83c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
7565d12e4627646a92412a67a3120116

SHA1
b1db005ab1932b2bd1d76aaaca9ad8ee2d80de31

SHA256
357c0ff7b18e39eac3c5c0dbdd36125fc6eb0853c7b59406ab073f1e420955b4

SHA512
29707b750757882d9baad25c9dbc2bb0b159329895200d3a561cc425c1e4ee2f9e98156e2a89b64dd1b94f46d931bad6a47ae186efb90658a41c58eb6fc3aeb0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
34e157a55a2ef3311da1c1e703a11da6

SHA1
3c56ac26f4d816dcd38a42a0e5a22ed03d7ea179

SHA256
4e317efd3ba8b0d37164dcf7dbe9b76c2ee237d7aa785edbf0824006b5471b5b

SHA512
e7c82df386442ddc87de6dcaa4fab90e5ef330988146eef5edb80ea91b04c69904710b9737685b694f890a60d28a49ed5b448e05df5157f35f85e17fa2fcaf8f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
ebef7f63f46cfd1e91a38755d860a7a9

SHA1
af6db170067e8deae10aae8cac24cd9dc267fbda

SHA256
fdff2539ccf2ab336ed6f95697900621f68b4f6cd7a440ecc66e21e47ec5e6f4

SHA512
fc7b71c2c8f00403ea564ecb152050dfa3a03b9d8d40baa314945a0aa749734588dd84d3467940275af0ed6163e1cda30b893a3cf53101f934bb189773c27185

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
5958ad0b8266348ec46b1cffdf2b5446

SHA1
320627008a01cce65485e84e3ed933fe391b9124

SHA256
bd09ff5fc4ec36fc78c986499894aa0a4d0b827d7174547a26b723efe1cb70a8

SHA512
5dc30f01fbb5e1099ea50880344b8f604cb4915c97a600d555ff0b1418db2e6c5912316ad4f8843de88742cd3f9ecb8a1df50373bd8d199096edd77ea0e50800

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
9f468574fd8877dae11e51373769fd67

SHA1
51606610937149aed1ebffd22721bbe3750a2eee

SHA256
f299b43eace54e8c10f62b28ee73fbbec1efebb9d71b6d5e036e433ffd9bfed2

SHA512
5dc82c8a9f25e4590d0f48e0c77d9228c9fa0a1bf6823195ef74918ad98004aa2ae7b3c60d9e3c0891b16fd299ee0323493352cd49fb80a1e39b4fcaa4f67769

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
1973680a2d463daffe836d05dd231820

SHA1
f6dc9deb458c560189ec06cc75efeb0cfcc843ee

SHA256
ff753bda290df3e09c1ddcf71854ed74d5f35e1046e899aafbe66328be3badc4

SHA512
9bc4ff875ff01e3d6e65b3a348ef994dc0da7c27f155debf328115e428855184fc1f4f5a3ed906013666a16d29d16e76aa1b3a09cb831950030287075fd99a9a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
c2b01b22fc34608542dc2ec70e1f1445

SHA1
b21834c5dcede2d02b204d85b2023d90fad1e275

SHA256
cfdeed08bf8fd3cd5ca30e114aced3ec65ddefd2eacc9db02819680e653caf60

SHA512
11d9b9b69831ef7f99028290dbc2a018a8ed1201c7a0798dd774fbb53f491e15e90f1384de74e7bea7b50ae2815c50e579b2038748080f7a21623f59e6e52731

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
66c17b236babdf4039aa2db66fb17efd

SHA1
04195176f869b632c4c4784efcac3033fdef12f0

SHA256
6841cfb4b6272b6c6e1d06992cecd18ce1a03f3047e0410bf19887243b37305d

SHA512
898d821b79bb6d7b92244ea5fd32ac5e7afac5cbc24ddaa409d6f140d8396b81d9a282f1ddaa301491266a111f2556cca7cb9fc0ef218036a5d6ebd40fc2dc66

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
dbb5030074ecd830451ab33c52e11bdd

SHA1
b8af3fec57ed670c80074523dcfd1b199e648aa6

SHA256
43255b31bebbd86df59b9d56cab055c04821c5fafc49eeaa9e417cdd42013acf

SHA512
17963722709b192d663ada264256c9fd59f0e94268de72ffeb08f6e6b7bb0bb1ce1c19d70fca5b345f9a00305102a4aa242c267974cf6eaa857cfb288fa28444

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
27e7fc3b89c45793399245b3875ecc40

SHA1
d87a27b21979c1f5d935ffc76ce107b7b2a936f5

SHA256
539a468e8cc5056914d56e340d478f01d11099a64149b25ba395e6ab5f12634c

SHA512
2694425116f0764e48383baa54947e5667197d65dc62eec5338cce814aad60c497f9664212e21a970537f293e670cd29f9d6450ab974b0b05686d9ecf316fef3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
1b025a712cee2dd76b954c58b8d5b4eb

SHA1
36862d971710f165faebb7ac5e2b5dd9e4424c9d

SHA256
04fc0577286149749b94d7a0184fa27b6aad23f20730ba547ad1948a35b7a8a0

SHA512
8844f9a11d8b217bcb19bacdda6544b628f938e503b19ce06c2b3ded7058f19020293497171400e9595c01162eb8be6e764bb422861fd5c8abb60cf4beb89e5f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
cdb93d47d274a0781b4f8686a688f91c

SHA1
cbe50b1dcdaaeced0e0d7c44e1d0c667f129db63

SHA256
590bfd0ace73bc1b1818474643cdfbac33395326f71cfdc3b55ceabb35db85ca

SHA512
438d0436512260b8221dce57c1a69f5c2f9cbb1067ecce675a725c628c6724f9bd9236254e2c94d9d2cc474baccdbfacae6ebc9c637b3ec9714dc15d3f7caeee

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
6a2e96bdaa645d373998f054056c7a59

SHA1
310b320911004e3ce3cf601f9c6cd4a7c5b65e5b

SHA256
88f7e59c3fd9e0048b684233ea46e323d20d4a83425c60584c68dd2b38f439dd

SHA512
537d61722929bdadc7a7519d3c1ea3429573db125e451bbbd3660764a0d913d1899d3755e540c6a04c6f4270bfbd61c0cca9fabb48c126e16b8735b41d5872bc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
a60f350362ed117a523ffc9a150f77b9

SHA1
2205fbc641c8d46f869df6bf8ba2d563d10dc6f5

SHA256
4970e4787f5d3b99cd58d20028ad98b115ec4e176072e3cd5adb1131357f2a3b

SHA512
8abec740bf34b22c86eccabd3539e9f34ff8d0bd4cfb181073ffdd6acb82ca03cd4fc27779684517b7a3b9f1a989f2f070b33108b643fc4991260b87a79e9439

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
344a01f9f2d487c23a4164b3235507df

SHA1
946247fe6e720bb3f39ca9999710aef55614284f

SHA256
8cb6820ebd1e6e8b0bc100fdc06f5a307ee489d2ae7d683f8e58a11bda346e58

SHA512
640248bf1d0e41e6ef1dce8c213df74f77d27c54f8b63982665a53f30652a51af20094b68ded01f546d5b9c151f42dbcd15843ddf0b43e31b44144cae880f023

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
a0f12c451f9e5862599ee6c94356b939

SHA1
add2073c706219900ad024ac1654c7a89f46e864

SHA256
3ac1929441258ad510abfd25bbc4907cd06db684e5b1042600654536e452d973

SHA512
fdf86029295224973f54b0b3f8621c0e2748364d837957434bce3ae5f78d1998eba05e3ad1d4fa88ad6812a85ab196b2616564b5860735f6425df6871d444d33

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

Filesize
3KB

MD5
f642e740a4d40b078514813ca4b6af02

SHA1
f8cd5a6273a534db3db68cbc31bc2f93bc1bd73e

SHA256
62379eeb0dd0c60decc16211de6f23bd99843afb402a2bc5f4c7fbb796210a62

SHA512
e6af885fd45528d660bc23bfb8114ddc4deb1ec269f744a01f50776651565d7369bd4e659c43165f284b9060537d46faccd460e15e64c73c38a6576d5b264e38

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

Filesize
462B

MD5
78b3f6a97d157d44276e7a52c8b4d3a5

SHA1
01dca0a835b6cc563ad4cd7f38744035962c1298

SHA256
6e14a968e636203812ff21c3cbc4c3be50260a9d2e174b31cdede67500e31ffc

SHA512
9024c5d33e2cec91f00d1bdb700435719361a40489823d84c37d3e1da9e96ee12c14c6665fb01edb82a61f8178bfaa51126264028cd434e19d39c634f2cdfdde

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

Filesize
264B

MD5
29e8b17ec1070a677dba7dc9deda28f0

SHA1
290b3240534a0dcdd6fc733256338aa05ce00cdc

SHA256
e81df256404cdbae38f6e61b9d68e4bbcd6f30ba484d8f40e74dcf58081fa3bb

SHA512
ef2bafa987e7ac9a312abca74c5614cce79fcae4c2b4f27d3f36c9a2d22e531e9950abe5146280a2d5e85c7e4d4cfcfc2a5b953994e7ffe9593b49ccfa883222

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
fbe20e598503545e0e409b7bda2c4dfb

SHA1
85fed67d04b13479743d9366632ee95c8ea54c32

SHA256
7cedb4323ecf418e23ab336190f13d46b4e51c7d34e7387836e9976ec141e440

SHA512
7d5ff94dedbcfd7642613b4441bc151bea1bd671252f9f4e4430a7dac6d500b8de916967f894fe458a3e90c5d7be3d1a3c7ca3ab05edb42b3e7fd884aa3e4316

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
075e01eea0b7060c1b1c48c087c96653

SHA1
f73441b6d2c87d85ed774786793c94cb1965076c

SHA256
d431fcf95fb0410d2500c0a4db04e067ce8155a00fedcd5a1d43f4f107d60e40

SHA512
c9d883b4c05aa4bdef62fec3a10691c816eb5360a5f903889aafef20dd8cd9579d5e6369ab692e242dc7039db05073d860c014adde9586a4afcb1adeab675586

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
3c1825faf6243c8980436d75cc0a54f7

SHA1
d27b9920fbcbecf496a2acf2f18f08a34b6c6b1c

SHA256
e9d000e9008825badee8aa3f3e963731e1fc63cfe78e6ae2619c7bc27b0b3977

SHA512
03f6455035b717e35a327ed02edcc5cb2c6657aa8de867b638fba2ab8c9e1bb0366d772fa05e5737a97aca98cd62602240652261501c6ceaf15c07618856e216

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
5e0a480e33514ae7ae207f6f8a4e35ad

SHA1
712821cb52fd3638e65048328d745b25a5ddac41

SHA256
e79bc06e55e6f58089239de14113a0ac93a08a234aa173730f3b581833f65425

SHA512
312010f6b2a421bd4f4e36b3867421b760e1ad045f7896b3c6064ee94d9c862cddfac769ef820d36746b6ad1e4861e06ed9951e7b942bdce496f76722e2d937d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
425c4e456bf2749d2edab744b3c5404b

SHA1
db6127446b71cee753fef3597c4dbcfec6276e54

SHA256
bb94d49cf9d15f23ccc4e14bcff854a8a36c3e6b2b04ff879ff8afb03584c60f

SHA512
c6aa65214b041bcc11388c0176acb3551cffd707984b010749422515cbba38c9d330b61cec5820ecc993328b05e092fbf3569a0059cc356df4815878ab5d7674

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

Filesize
26KB

MD5
bf26e6a1c52f84f1ab968597ec3cf0da

SHA1
81edffd5e468deab71ed21e697bffb8401455652

SHA256
5b4bdddbd4c52481cf34280d3a2ebb098f6f322c0fcb0005e96036ee3c1db44e

SHA512
f60b22ce3c61d1241ee0b4401a114379a7f9532cdc1fed9d2a189537198a21e17f7bd04195bd3b6cb74c8c97f9a4b8f90e6a5805b8fd319b88841c1b27d4820b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
b193541e545012af6364514f4bc6a53e

SHA1
1d271ec7ddfcf5d8c5f8c228b145cf68991fc656

SHA256
3a2238dbd092ae88e905d88e889ada57e84270f38f4b514cb6f9e8cccfc7f7cd

SHA512
b10b16312b9b2321c388ba181c76e5770a6803deacc464ee271e19ee51f7a1e3b3dd064b47a7f684e01719d774156d1eff2af5241c882583f40ab0d8203243f9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
440b6e08cc22c133c94013f62b180ee8

SHA1
addff78f6bf3e675dfa647c2c43d563eac196c68

SHA256
f365d917d04201f1a5729b3359db138bc0ae960fc8ccb1f95bd1f2e480afae9e

SHA512
44ff7dd463bc7c151ccd027398f0fffa5508b27489a37fcb15173526fa1d566a1902bb64607b03f92467781ad77bd7b4cdf43e2b75c24dae0f19ee9d97b3c56e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
bc308ebb3c8af2669e7407b9139a49d7

SHA1
247accb4599af4fe7e7e05e065c741583061ff5c

SHA256
7ffb46787fd262d8db2e740f6cc6f59813aa847363cde1f1cc113ddf96295e10

SHA512
658881859fa79563efb44de254c0fd5adf8c5df15ea93813d300e66ed80a10b9637f31dc5d3d3c10ddcb3b6d65bad432ac284cd134aa00c54a7d3d84c5ab1acc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
18beb54eb2534d1d1143c3712685c767

SHA1
82f1a8232703fb61ff794c4c386667d4484af059

SHA256
62185538142376fc858b853bfb13862e2624d68ffe58f3c18804a430d90f8b19

SHA512
6321cd59813e038f0bfe3864ac033505232afece422d0c37f77866cefa8ed27702524b5e5fecefaa034915682e32ee5374bc717ac99b3b11f96c8296a0988a60

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
df685b9f9746cb179002530471a8833a

SHA1
22ad68fc73ed85701488c714d5166e7f29c7d534

SHA256
eac80feb9fc84c9a00bb6ac7192209c05b5395ea403a19680567239110e110d0

SHA512
c2ccdb6d37d9f806e54cbcc040181e62a11c5c854c5af978e4353f17ea49946e17fe818207b9f44f8c32d60af38230f2a18aab381fdb7c33e617d92d7670ad1c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
c04d3dd9706053a747a4065be48adfe3

SHA1
c6068fcc833e9627a291c63e64162dcb414bcf10

SHA256
998dbb3f12cbedecb4787416d2f117339ab234e908fc262174d8e6e9ff6c9cc7

SHA512
c480f0d3b06aa8af85c15aaaeeadd70c0971864a69af51866efdfbaef4eefe9914d6b20491f683a90c953785409e75c1e64c84054210e3c958fe33c378b5ec7c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
b7f13cd4522e9ca2c1c0c97a9414f88c

SHA1
ef15669aa39ec71fbe51ab2bf37445ef6709830d

SHA256
4daca4be7b38a402b3de7f648f5edb95e6a10dddf313df3cbf02f6240eecd0a7

SHA512
1e83a9b0690d22d18a8c43a3fa6a50f4866a71766d86f5fcd8fe2b08e7668245dde7e77f13367703129fc5db4a1c2343eaf4757514331415f1b77417c42fadce

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
484fe5bf6d2077b4677de35919460a9b

SHA1
afb65308ff5d0091595126996fda7362001a7856

SHA256
cbc05d4abf45441810a6232a4428717693f07cce488549a027d8dfdbec048cc5

SHA512
dd766e66b601379aa4f56491dc888471f1f3d7b2fa7b62108e1e74fd45f1bb343d36f7149be9c2776bc3434eab09a1a35a4d55169db93d1a10e074d693bfb173

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
2a64307f7d6f120afed48cee6e6c355c

SHA1
7abd7adbf02735503dec804eb3c1300ae21b4c7b

SHA256
ec2d0f0156ef2cb4ad9b9743a249c1600cf5c2d6a0a9a4a2af4df10561f2e5c8

SHA512
1feb5f8b8a735e63af7e2fdd5f57af6de1b1a96106a720d2082e4c597cf0768ce9940f40f67e62cc9c5464abb67a1cb59e619d81a467a94baf9d79f8cb1e0e52

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
4233df9e7b55970c1cb667b512816f1e

SHA1
c6f7a9261c79a51f59d1e68cc213e6f911e0e54b

SHA256
33093dd5099d369adf7b897a4065ba722c35d5e5fa16461fe3ccd285ff8680ec

SHA512
8c0d22672d0ce2e785b4b1710d5b72994ff60c3624a4e08672cc77362507aae7f02acfc3e3528b39c8d0ff2c0152c2eba793bfae4fc8303efbfb2582b49efb9c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
7cd1e13abb3586778ec88b8e57b2c3e0

SHA1
7d4eb4dd4e55e611da80f3bcdb37d79ad4c4b9f4

SHA256
8be9cc275182ea445fea0f5fcbd539ccce56764458ae0a7f8ba5a63b1b8d9531

SHA512
9c2cceebb97e7792800b99e3d25506c7222381915389b44c25e6cd7543ca7150febfd9a177331e5a67ac552b14020629ed2666dcb65823a7211e0f164c67397a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
bbeb7dffc4a0388a7d15ffc762675b58

SHA1
fdd0d2e5b3ff78802653bc501bff72e9f55b0eb0

SHA256
40a28e94d4b81797717dfa02c015348bbabec2db21bb289f71cd022753ce797b

SHA512
0885ba632393082ffe1e0a9a5b2e70d864e3f68ba12e3ca0d050d35f7ad86fc70daeebcb530f9ae71fc7ae95116d43b13b64e21f15b897bd58e2ad6ae64ac6f0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
6410905a62a81a89cdec5d19a5e1e23f

SHA1
62ea2c0cad56148aa8d100589b9edd2d74b9e254

SHA256
eb0dde1c0948d01eb2816bc454fe43fc4bddb106e31762b01b1a65c5b67b8d52

SHA512
d48aa0a1768a78d54f6fcefbba4aa1c7b8af18eabed45614a6dba09a268b3baff0288fce94c6b75381302665998224872cf7113e0611fb5c14f91594bbeb4ddd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
7eab2222227d329a05492e02563b95ab

SHA1
fb8c0af8ab7bc684ef3268f88f3d44bc888dca0d

SHA256
fa88fe77625cc1808bfba69f0a137ea3aad4f96f1c41560733a998460b1c8fce

SHA512
4385390c7580bd534920150095cdadd9b957a0ba522223bfdac8279f48fdcf885781e0ddbb85ba3ce9b92a8310ec228a867ce427d3f21aebed3f90f2350cd422

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
18b94c7252b9e5d23f10c6588f4184cc

SHA1
4019da952e6ccbecdc625556583185abf8d35efe

SHA256
42ee66eeee90370979f3d25f52995a148023f54b9cabe5d23fc4caa70edfc763

SHA512
3a609439d52b6980c014b9b3c75dbbbbe0a79e10c98ffe93e6c9f8f76563b9568e3bdd7a40a5b2e758fe6584d8e1e0f889777dda050584ab33aa52d5c34d01cb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
e1d73d18e104e79400b11e4e0af3a7d4

SHA1
86ce17c50f9d0e04505ec523fd580faf28c80c7e

SHA256
103aec8bfca1695b2c4da2e3854c8c93731b013ec152a6901efb1ffc6e5f1546

SHA512
fc21bcbedc2e805f6042d5fe65e2f1d6d49d291433194d572a61f3d6339a0825076fc5f27c40b3bc0b9d95369d64def7e26d98e2bad7e6c5c83ba6b6bed700c6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
28b3d726babc628fd0c5818a56b4b80a

SHA1
75847aa1eaed6808b251b0a3fdb7c7adb258bbd0

SHA256
57bd0b938c99553819685e334fdbaa5b56942bf1662f1006a6570e85abedff4c

SHA512
589d2498e354843402d93f8c5b1f3f03068126f473fcec4715e8e2f96f8c674bfe646b71e126d66bd1615f82a23bfaf3d81be9803db3b7879f64bce6fa3c5f37

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
108b0f87473490ec11d1a65f67742a46

SHA1
e518de2790cc4dfb89245c39094d894b616a04fd

SHA256
3c2f08aa4003828bad3d6436c19c5023b9bb2dfd16b1033bd5d560ba4a22250c

SHA512
1b64d591c7e1f84b36e27912bf1e2ecaf936a92d0979631271b288cd20c79bc8b13cac09bdcb64da29700ee74ed00190e6fa3ee0ee061e039e36065610e8f67c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
0bc73c8759445075b22cd285388179ac

SHA1
d260b01eb70bcf351f4678feb7c80c23ac234a36

SHA256
950a3e36449329027fcac4aae3ef98e7539d12bca03be9a65b71dd6249ff74d1

SHA512
3a11dfb65bfc897b75c8ec7d520cf845ef720fcacc09fdb28575d2f6312a7d029bf67f21ec334b085578ea2b1b11ed459618abc3d67dc08024c9f9db54b3764d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
cb74e226794fc01c9b07a494b8ac011c

SHA1
95797adc1360f0703a4d396798b28807f90a9075

SHA256
778bccb137f057e08f37dca636c2e160273b5d5773e26c60b19a6b39846d7631

SHA512
0c8387d5a617cb558d65670b50895fdcd942c1b66a89be64622621299d4bef1f060b4eebd400f53e04363e3f025e6824bbd822c5f65c3053b3329ec1720520e6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
97ba6a03ebbe9169244dec4c44055c0e

SHA1
1c36b3a2feaa2d7be6473164b4421ff2ac621e07

SHA256
687f8a5f5fdbe511349749117fa9c201719521e8c1aa8f1fb331432b04eafd3d

SHA512
85430590091605e3478b037483e8b6691b737d58ff0c517fcfe9749e5351eaaa5adeedbd1f150d60212dbd88da62946c4fb81f1530634b618d79e9ee2bd91785

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
a96d9b700851da868a038c4ea96e4b7c

SHA1
701225ddc627ea27d095fe4efdc5fd61c4b1c341

SHA256
56f0280934425b44802c75de294d81d79c725b867f706f65f5d57c0efb29e86b

SHA512
2e80b85b09c6548137a721b6438c565800609d1469eb4b672b6c781228bf7cd92075039aad88c349f69da3f9097e28772ebed795b38b902bae69555a6765f45d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
cac6de561b5e847b48ee66da95dd06d0

SHA1
5e520d0e52b726ff1b7aebe6467d4976037b147c

SHA256
125470539c4b409f0b852b431cb29f84171d846f8efeccb42474712b17dab881

SHA512
89447c51a1e8861b1c574e1b9ad880f72c1db1f992a53c4c0b274750d24abf8423099498b996b6897c8b1033145c3829e72734cc15449ecddd4cda9d772c5427

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
a19c0052b89d7b47c4a45c45cd7f5b3f

SHA1
0e2eaaeab208810f7307b6bbb3170657eaf83cd4

SHA256
fc2ffcf45b058ae2b0749e996d8f43680362308096fb0e7a51e7460e5e592e27

SHA512
644ccd6c2f61ae898de6401a8e4a76b47fe5fff1ba5da1ac8a5f57f14fb49f1fb36c170fe70bf33b572a27b2b21ace7c3557d075baedaa8a5d4601b6f92c215f

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
d5c89d8fa83378be67dcb9426c1bd919

SHA1
c591a3f9cdcebda5b8115f7f64d5aaf0752dea90

SHA256
fc0531d8146604c7749a6d1b0d0c744e3c19dd9b068fadca135e4055cf05445a

SHA512
7dfbf38dd7fda5e1b6f8dca3a9dd174a3dc8a54cfe77ce6d8324854356db153954c5e2fe7c65bd0750a147afd3f2a8ffe69e05b1eae0695391c2228bc2149edb

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
78137336a183def38c8d07365f606302

SHA1
182e2ce28c42cfc265904e9303d32be10a3e540e

SHA256
3176db39a28472a48ad769d3cbc3d771a806a3afc4c2fda4eef41c61a3bef9fa

SHA512
fba348753e732f8013269cde3e08136dc469c5f3664ad6a82e4f770c4d8ee4ed9251e0b2cc65f029952c17d0bd69ff15b5d97008ae262ed6b3481c95b3b119e9

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
618d20ead8e6c6ab4959b13bfc9e1ef6

SHA1
c52918e1d3f40f461cc2cea862213fd7bac013d7

SHA256
bd9aa9d54772dd375df07132e047d999b00469104f63b6e76413244a9df72d84

SHA512
993ce79b8bad3561b4781ae69b783622f4da1cb6c6bb044606a618c0b3b4c643e292a9e0c005186049be67f6e6dcd0a9c52c8508e5973c42c3f58f4a79a17d46

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
5b53fc093b1f2291dfbf830c77805cf0

SHA1
2c11438cbf89c261748622171632c1c6c78c0314

SHA256
fa30ba7fd62d707cd7068f8d48bddebe470aa8fe22b0a7effea468b570f306cc

SHA512
38d0414c6c3777e17b1bb46b6e9dbe743acf200061715096cc89f07cca78922474165994a7e50ae85a310c4dafc2668d8b3f572600029ca0251eae7af7a19e05

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
f145f0ab9902d859f44fc9c77fad3b87

SHA1
282ab1e69a3acb1d0a8e3dc9742a356782f56ed4

SHA256
fe7ee0f5b4f62a138e0a6d8326f9c15ba09b1ed0ac92dffb44babff3f106f619

SHA512
79d42dde0c38df8fbc98614233c0cee2681db64bd8d5edd181e3f5f111b4febee531384617bf45fdabd0c33c3798edf927d9472ad6d4ec7d254b334beeec5960

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
1522060ac1463fca4cc2d25fc64d2130

SHA1
1d4af0f9b304689fbf1e43fcd546181b586e4513

SHA256
8e618eec1f53fa66da6bdc60ba0aac083196cd8c15cba7d6aba3f6041aaa52e7

SHA512
d6d085b7b27d900b9868edb1fcef8f69e22d09b2ae4a04fcf5ad175d9c16cd34a56f4da5af61fec84e182ae13bbeb0d7479c2d2767fda1e7daf5581f3662b25e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif

Filesize
49B

MD5
d722fe6a4b7a0bef9d4f491fc7768724

SHA1
a315571199ced6a2cab9d206d0ca021990fd3f65

SHA256
c5d80de25288bfdf5af13d299a0d981ebb524e46b7d0384d18a828fd326bca25

SHA512
4bb269cb28d988953e140ff61cb1050cfa3ee0eeb286ca1f22a969be1167a3ed104aabbab29c1ae91d15998b105e22cc68fece7d92e8177e6573687e52bf8aa1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
498a4c0720d9f82fe8f541486b9a3998

SHA1
6bdb555b977d9eeaa59c698444586834d69b7a3c

SHA256
3e574ab5665a86f2eaf7cbad30f16485f45a0a9a95ec9e2f943e2263ea73c51a

SHA512
b39b27cebbbb659e6a0ea50b69465d48463452f88faca668a59d3b4d16a4c49023b1e7f5927486f0419c413c5b3b891fb785ce028b140e4e68a771062d96fbb7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
be7d81f2442a9d7a594a060f6654f0b4

SHA1
3aec9154d8d78bce2f06dc22495cafe39e9db307

SHA256
0e28789ccbb00ea23dd202a59c6eb5133d9b8d2a31b62c3bbd5f4c5e7fd32328

SHA512
5585734f5b316c97d42d0e24ea94289fd5b07125420b3c9cb39f62562ccb7603388ea77730851e8036389c2fe5a704cd390d1b9ce2e0192145e96946e086c784

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
261e9fc6bfdb41fe38f482951cf3ff31

SHA1
dddc5299f2a081e93864ecb97f494d1539f73841

SHA256
cd275e62ec2db57d3f4b43bf0d374b503327dcd6153401a0d609039b5713e604

SHA512
846afe3d7b2c5d227d6432ebf6d87c4b2e68584a5c9d22f70aa3a0b1c6cf9b1f6b6fb680c255dd744b01543150944038b8097a255823f2ac1cd91f7c51390860

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
e09493ddb19d0ed5600f44ff7f2f8699

SHA1
4cc271e3812e2ba9eaf6dd023bcfaaf683e3cfe4

SHA256
c2c924deec3677318892635f116f5fcdc7c4f5c813c854377fff72afb9e545c0

SHA512
386d80d8a8c0524606e9c4edd16285fc19df1a03333a0dd7c8a42e4ead66d7aa1665a6917956e5dacb67bae6e23dd2b2d9d88e8eb49ff0db337737732dcb0ed6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
66bf6620ea398bb79b4f045dc6376f0e

SHA1
224413ac361c1149f26d100893369cfb8bfb8613

SHA256
30cc95e6e583cca670689c1faaf998f87ae69e31308b324ebbd2732b10141c82

SHA512
ec39d4496f2a31bd681ea91c4f0f3c7f2f829949f15e75149366b64377a48734d2329ab7a8f7048d81105cfb606a5e36283e711dd1801240c59a0cc559c6ec3a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
2821893a946af44474ddd8d586655ad2

SHA1
bc3ead5a3a01d89012023e83d7b6e4d518c8015f

SHA256
b27bb4802cfa92330fee8f9d6293554ceb7203ea9b79b4834ced2e7ffda604d9

SHA512
2a45f6165a730b6d791b58f7937f7effd0ed8342eb8176bf029f353b7ba05fd89fa8d01fa61183d1484c1e3a84ca61bfb0c2b0f507384b8c1bb278bb4b6b1c97

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
302f3cb2973bef4f7af5d1748e51271a

SHA1
8772197792d3349d08e489bdf9f0ad71b9fd9cad

SHA256
a5714fc8470c0f3745d787c6d7c4da346bd9b30d43a5e3153721fcd4b7eb1e82

SHA512
64e02cda4e3e83dac785cf4f0be59697524247a26c96d593240824f8326d7437e1f4898f60fde12f0cd840fc83ba05c93108cb40faf0a630e14606ffe6b4717a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
59284dc055d28c151d617f9a98479385

SHA1
5799dc0fa25a4f5c4e301fdfcd547c86d146ab61

SHA256
7e3f850ee0c90cf26a4428802f3acb59f0ce9ee8b1227b187da774544b4786be

SHA512
14f6177e230a71afa7191f512157ebcf75c8e1853005841df68f35d92a9e12937b965392d148aef8f7718dfff2905bd47fcf4bc1edba2381df42ad617ac7dc50

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
010fe3bcbf23c4728664c10b7eae8137

SHA1
061ece08b7975fd91f29b1493bce6c3582d039d7

SHA256
dcf472bba3a65a945b46e7d7d621e58729b6c22b9d957a3eb37991c6064063b4

SHA512
0522867ed8524277d15d979aaeed40183982d05e78e86f02b6adc2213508e710f121241cecb17a832d837aaac20b709e56db833486a0d3f39533ecc03547cacd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
87a0d9b453415425694ab5f776d767ad

SHA1
9ba39febcf7374f40dd962c87ee5bf4ca4e23b9a

SHA256
98c8af2f31f69d35b627ad885e472f627f940e102679d98599e8ab6edd0a0650

SHA512
6066c638b25365911575974c2ae5362dcc89db329cdd7d1f657b927b5102286e729aa6f036bd80776223bd2a1b220f92903a6b8aeefa04b729112a68cc2ee7c6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
302e385157549af9da6fa68fb72a8f0e

SHA1
e31b60cd1123755d764ee24052973d611cc8282b

SHA256
8f55af3f741180f86e7c69af455603cc3259ff35a5f3d57e8d318f9218dc38fb

SHA512
c29b292eceae5bb40fb3c31a5d971decae780f0cf6b9198b7cf63cd1229fc3f71dd6e735437103ef2db48f6f99e1e88b1ff2592cc5e07eb332df8ab57520c264

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
1da36ea563466915be0cc70f7d9d3fca

SHA1
ee739b98447c087e0cd676135698a3b05df3f2f8

SHA256
2fda0286caa93ba199ecfed6d932915aa7858966dbceeddacbbf2c169a789108

SHA512
61eda1bce5495c32f429d022addac1fbaa7d0903d0d9148cc8eaf22816a944cd7c3040cf98c387787856fff20b65e2b1cc0ad4aa00192245ad1e254a29b60368

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
83dcbae8c88bafaf8286fee27ac7be9e

SHA1
ed441730b2425c09a54796623c1c3f49d7c3b92e

SHA256
fbd76669a602e5867c44a6b6e274c53c31bedd7e1b2ae7764da1b8f111044f7c

SHA512
9337311764361600a0a54b450f7c225624b984503187ea603e9b1cd4bdd8ff89413194ecb39be409d0ba7a9cb0269510482d76b45d88475b66bb2476bfae9021

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
b9147ba1f65d607ffb379a8003fd2aea

SHA1
c73891ded54cd93874cdd127b20ab0f5e94575f7

SHA256
1aeb0aaf1d778c03a503ca615a795e684a8d2017db697dc46048a5703c05558f

SHA512
47f67fcaf56a078f5a43852cdf66878d91148926ea9991907c719fe865df326d26858901e0cd9bbf78d236f62cab894ff37fdcf104f63e50bbfe8787cfeef4d4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
bb0ed8a4199660af4cd051d5d61bf992

SHA1
39c4a6f4d2dbf363f799c26c0b682e5e812f3fd5

SHA256
c41a23eb872b826b955801520ea384621a6e39ab15eb3c8c2b918519afdbaa72

SHA512
036f05fb58fc19637bd9b16c9a3a607183ad69c42c2112c4c993b794eb3c75939043e91986c5ee2986c975f9c2b320bb8df4bcb5b5a817e05cf98c08392f253a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
735dd252487ed682e01a855df9d989fd

SHA1
30ba8619fccbf59762d7d58051122b0da4686a74

SHA256
d86ec28cd8672fd9be4e7a393de4dc87ee3778b73027644829e469fa205dc032

SHA512
097f87c76fd96015a4b840b5b0a16aaaa1671c1ce51ae5630e0c2972f52a71e25d3f63e28187c26976a81f3c10255826d9f4767db4e2716c4575fa60d36fa51b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
ccb153763043376c79cf0ee4bd0d9746

SHA1
4fcef2841a4a147d5ce12b5f986276a7eed9e0b5

SHA256
0fcae41d61dcb510b8bb4736a22fee6c323131fec1222f6f03852f4ddf5000f0

SHA512
79574cc6df331edfc9b244da0f538bbd619de11fe0503537cce3cc4936a663c0e535720c2c285357fa194e5eedce3efc9bc9345687b212158b6486c1f5704bd6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
3349f7d0c24f857778c61b5a5ffe7227

SHA1
70f40c8c4aafaf5a67883a88f3cc23723c286dd5

SHA256
4d199152f07336d1d4b7db8124acd6ceaff2091bb8f24f99702be415b665a60e

SHA512
c841934ed6f27ee95313e63d77583e3728d050b4b77d3783e00cef22977519832fd6664e5f29e36d7877d18db4f67f9b2527f5b2dda563239c8dd2d9bd056434

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
34e3fc1a7e06025a2d5842e0eadb8e83

SHA1
3f6032c967d2e53dad3f3dc682899c2494509870

SHA256
a87d48cd8832ef6fd740e9dada0b18e9f3336b86487c2ca71cc29eab6e18bcc7

SHA512
60d55b2fe1484f07a3e8954008ff237f236259ebf3ed8e7c5163dfc42336158fec1069ac72874d74b5eb61194f6bb4c71e313f6fe65652c93a86a344ed4190da

Download Submit
C:\vcredist2010_x86.log.html

Filesize
80KB

MD5
3d1fabbd9e3072794d130c1ee4236ed6

SHA1
67f67af47c2fbf8ee02729de3d2d0f28b84f6295

SHA256
3deb3c9974e61e6eac77141fcc7c751c5464037d804b603cd56c1f7cc491d279

SHA512
2f19d10a379091cdc95b140e27a5f1404f4cfd7fa4e872ff9795e566f8df2060b9cf7ddea89c04194a5b21aae56225257308484eb4ff065aa4c05e4b7ed994fb

Download Submit