8fbaa301ca4ad9034df155670f66c428ad36d9dc5b6d573edb520b32793b780b

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 08:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
Size

12KB
MD5

9a74a7f9074aae3c09605cfc362df9e1
SHA1

e8bdaf674522f6d352ebaeb2a7ead44bf99c6474
SHA256

8fbaa301ca4ad9034df155670f66c428ad36d9dc5b6d573edb520b32793b780b
SHA512

2155703c3b19ea609d1f592886c04a1fac30a4c874c9854f53ecf14b86f84fef78d8a58c6d1369f85ff2b1b923fdf779ea225e5dfb403018b274f907fa442d04
SSDEEP

192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMC0FBEG:eebFNw4Pk1itKkpAjjI2YpdmC4S

Score

9^/10

persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2212) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\14Fc59lHJ6Lr98g.exe"	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\cxfalcon_ibv64.inf_amd64_neutral_d065aec3fcf4ec4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00y.inf_amd64_neutral_64560c72e81f6ad7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\000e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky009.inf_amd64_neutral_8e54c9ff272b72f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Break.help.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Continue.help.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_If.help.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnsh002.inf_amd64_neutral_42b7a64f45c7554c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiabr004.inf_amd64_neutral_b1d90b3749c5e6a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_execution_policies.help.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Path_Syntax.help.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmaiwat.inf_amd64_neutral_213e93b5ced8b0fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr002.inf_amd64_neutral_db1d8c9efda9b3c0\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WCN\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_neutral_db76873d4261eb11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netl1c64.inf_amd64_neutral_30b0b06f47cab8cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr007.inf_amd64_neutral_add2acf1d573aef0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Windows_PowerShell_2.0.help.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Throw.help.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\atiilhag.inf_amd64_neutral_0a660e899f5038a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmct.inf_amd64_neutral_15bb3ed734fbbeb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mpio.inf_amd64_neutral_0c74c0f95001b61c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IasServer-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Documents.gif	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep00b.inf_amd64_neutral_2e6b718b2b177506\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_data_sections.help.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx007.inf_amd64_neutral_0b796ee4978458e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsMovieMaker.bmp	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_debuggers.help.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl005.inf_amd64_neutral_8b56291bfd2a4061\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_join.help.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\zh-CN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Reserved_Words.help.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmjf56e.inf_amd64_neutral_328dabbf0aeed9bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnis1u.inf_amd64_neutral_15011483bd8465c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Bluetooth-Config\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsPhotoGallery.bmp	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_output.help.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmrock3.inf_amd64_neutral_9fdc5d710dd63e80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00g.inf_amd64_neutral_6f76b14b2912fa55\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_arrays.help.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_join.help.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr004.inf_amd64_neutral_a78e168d6944619a\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Parsing.help.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_PSSnapins.help.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep00g.inf_amd64_neutral_2926840e245f88f6\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-DirectoryServices-ADAM-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_arrays.help.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_type_operators.help.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_67db50590108ebd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmadc.inf_amd64_neutral_62d6e6995428f9d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc007.inf_amd64_neutral_2df575afa0f7d35f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

Processes:

9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0315612.JPG	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15019_.GIF	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\tab_on.gif	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Class.zip	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_right.png	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-right.png	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Library\Analysis\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\42.png	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00516L.GIF	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\settings.html	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\MMHMM.WAV	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsPrintTemplate.html	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02077_.GIF	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_orange.png	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02743G.GIF	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\THMBNAIL.PNG	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14514_.GIF	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Garden.htm	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0400005.PNG	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PUBBA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21297_.GIF	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Stationery\1033\TECHTOOL.HTM	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\40.png	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EURO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02071U.BMP	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Earthy.gif	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\7.png	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMANIAN.TXT	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR48F.GIF	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsVersion1Warning.htm	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\PREVIEW.GIF	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\slideShow.html	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe

description	ioc	Process
File created	C:\Windows\winsxs\amd64_adpahci.inf_31bf3856ad364e35_6.1.7600.16385_none_c03269cd9f4f5ed2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..randprintui-printui_31bf3856ad364e35_6.1.7601.17514_none_3a5b55d98a9a0bfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_Path_Syntax.help.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-appwiz.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5f33541d2d40f157\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data7706cdc8#\d3c9daee844c6d685e059108aa87b3a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..face-winnt-provider_31bf3856ad364e35_6.1.7600.16385_none_96978ae7806d8215\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..etoolsmqq.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1e724bbce79fb0b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnlx00z.inf_31bf3856ad364e35_6.1.7600.16385_none_6e302aced697cc86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-searchfolder.resources_31bf3856ad364e35_6.1.7600.16385_it-it_09d8903c3785e299\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..ion-video.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4cc1d0741a97ef13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..onmanager.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_9d4aeebe4ef0ad3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ko-kr_e2a9c0d3f3607b59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.security...licymodel.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d7f8cee99e82d3b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-m..icecommon.resources_31bf3856ad364e35_6.1.7600.16385_it-it_24b48d18a44edf57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft.powershel..ershell.composition_31bf3856ad364e35_6.1.7600.16385_none_c4ba0775f948d698\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-rpc-ping.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4fa67a8a637f9e11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Heritage\Windows Pop-up Blocked.wav	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_hu-hu_330f86d55de64a40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.web.management.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f2015bcc6dd31617\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-advpack.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_dca74e3a5695da99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_b490afff5b93e5a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mfvdsp_31bf3856ad364e35_6.1.7600.16385_none_55b1951c6b1ef505\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..dthemes-calligraphy_31bf3856ad364e35_6.1.7600.16385_none_c1407bc73caf8dfc\Windows Critical Stop.wav	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\napsnap.resources\6.1.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_de-de_14921001ba403399\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..terprisee.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_e3b259cc3b13b0cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sctasks.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7ed8755f62bb36e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_Comparison_Operators.help.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..verytools.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0e65108cd3afe999\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\diagnostics\system\Search\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..commandlinetoolsmqq_31bf3856ad364e35_6.1.7600.16385_none_851e6308c5b62529\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-winrs-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c3476f417415bb24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mmsys.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_34e5e2e340e7cc1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-hotstart-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bb1bf6c63f4ee335\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-stacking_31bf3856ad364e35_6.1.7600.16385_none_d0d2b98d4629a41f\720x480icongraphic.png	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2d4ec6477a27dac4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_remote.help.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7823ca5215aec9e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\diagnostics\system\Search\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_image.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d1f46ee647dc5315\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-stknote.resources_31bf3856ad364e35_6.1.7600.16385_en-us_baf3ac9465728f2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..installer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1459115ca65c0654\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wpdmtp.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2ab0c075194d9555\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..gbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_779c465a67fcea75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_zh-cn_1df73ac8bfb16d57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-displayswitch_31bf3856ad364e35_6.1.7600.16385_none_48b6a2a03e2c7b21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\reveal_rest.png	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_534cc7b6b042b425\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.build.utilities.resources_b03f5f7f11d50a3a_6.1.7600.16385_it-it_2c2dbcf8e254ad48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7601.17514_it-it_068a8aa70d654920\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnle003.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e295a15dbf1fb4e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..olsratingsystem-web_31bf3856ad364e35_6.1.7600.16385_none_d16f41774bf65418\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\IME\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-shlwapi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3c6f337207e50159\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_6ed8265c4c3dbb0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..verytools.resources_31bf3856ad364e35_6.1.7600.16385_de-de_65a8ddafe4aaec2f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.servicemodel.resources_b77a5c561934e089_6.1.7601.17514_fr-fr_53906293d493357d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..plication.resources_31bf3856ad364e35_8.0.7600.16385_en-us_cc0ca598a03fd001\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\inf\.NET CLR Networking\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\1036\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-security-spp-pidgenx_31bf3856ad364e35_6.1.7600.16385_none_5d67c67ddd564ccf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dskquota.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5cf9a5db794cb010\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_sv-se_d2199a50165e07e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "CWAFIPTICWNLKOE"	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\DefaultIcon	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\shell\open	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\ = "CRYPTED!"	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\14Fc59lHJ6Lr98g.exe,0"	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\shell\open\command	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\shell	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\14Fc59lHJ6Lr98g.exe"	9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:2116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
22480294551e1474eac981a038b6b18c

SHA1
03940c9abdc65db6bebd67f26a8db598ff33227a

SHA256
669c538a737b0888f999663e2f35bbda5d6bde11870287bc5d67351ad20d7389

SHA512
5f2c4c644bd43ac3c0e99630133e227e34b92f20feccca01bc493b44bea581511602a6b2ad245a4ac2492c3eba61237dd18d63a2b3b66d0107c360ee87c30f10

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
802fe4cf96828d44f64cf65b3ae21ba8

SHA1
d30971479b048d2580396f14e8772a7cb33d93ff

SHA256
4178239de8d5b3d37e709fdf1ab238801656f0cb80c93b68c705ddeb4cb0fc29

SHA512
2d90c5fb7930439fe82f5236cdfc285efd13bcf34b41e7e12a8d11ce784b6ee83d8670850d0d6665b38688f7d5fa0b6c78edf3033c274464754434d94fad3806

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
88f623bc25d8f422608f7c167f3e13da

SHA1
5c1dfc0c0507f5ba0c682e5f29a9acfa2f42aaa9

SHA256
037e7280b3dad538cbd7c580902e112190ab1d65b50da8869891ba55614ba13e

SHA512
c9dfa7a27bc50f1642f9ed8e0cb3dd0f75d275ae8dc39da8cbbdb28c6d10a4b5f7d6cbc74007a1cfad80b5bc77c1fb03cef31bd07b06cfc4da15a434516ea440

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
350474590c2ad5d74d0dffefb47484fa

SHA1
97a530702ca1d4ca30ee073f539f9d0ed6144c50

SHA256
a783dfe1fcde7dab732b1a98309cf8b1e2f6ad99e7166783a560b745cac57661

SHA512
f278f5f3b950bdf186aa770385468f34037c6ab18f953091c2305a9d81608c8485e1ac36b900d0f0d5c0cded03d5bdb49c654a0777f4693cde0d48ac55c8739d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
3e5262c540079e9ff1cbc30f3b64bc7f

SHA1
7b4fdf514ab595f9e438c7b47fc00b8ced9289ff

SHA256
c38c75c768ae07c9e9a58da7793f7ac4d13b65c30fb2a1ac10fab2ae62ebc67a

SHA512
7381cab98c0aebfaca8fae8abc5a6a4d2c4ffdc9fc658854a680614e99e1eadf908f95fecd380a471fb662eeafc8e0e4621aa0badfcd50e5d5b4e27a1f1e3b1e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
885f830c15cdfc1118e02e79490081a1

SHA1
114e9f2e5a0c86321ec4f4af1468a6e392c738db

SHA256
9c7fc6ec4305beb9c7aa8f6e5d93886190ce8bdf7cba2410f8e0c105cc1ca7ae

SHA512
a8c6f87d4fa2f0a6aadaa9952b60256e2dd64419b7b233c68680f890fb46a633f12be1873139b8aeae6cfcabd034d59f4e6b44296672a72f1a9b2abb2aa2acd9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
9322ff97035298587666d6b5783c8ec9

SHA1
6be189398c6eb3071ab43fb032178324ee93662c

SHA256
4dd4c62855e9fa8259463695d1de6df4efd1e08a42a25249542f0a9126bdfc37

SHA512
8ec0f2df6a9eb40147aa2a2420a7c8eba6ca807081f3c038019477bad0884a43cb49b36a2698ab189d7c7e3ae88389042c1e6e41304f7ac5f35dcae0d22ec02b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
2514aefbbafd4e06d3bf13bc0708d366

SHA1
666dfde00f667778d8a9cd8564cb75f35d2e6503

SHA256
4f81a81703f040d0a1fa6eb99b299bc39f508acc005ab272a2cd2c227334fe21

SHA512
138642ff3c84683c39f4295c480597ef9fe83345f793c89b9f32ab00691d20b835d4e852b81d7a31f8f5f101bbc1079eb57896f94c32f4d1e268ee0c09c6d76e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
3ec896c4bd26ffa677e72145c042f40e

SHA1
54392921d7174dd2419f04d65cb4bd103e8d248a

SHA256
01cbd3c8c075c617458793cd84b1e86ed8a0c0dcfc9f1723c5c0c000e9586cef

SHA512
8c8461af4b09981d3a81985a6ffc9c612fcd0a9bba611af0e64f17b748b6cedb43ace395238b2665d8023027f6fb23b5e4d3bd712a4be62709ccba679fe2f543

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
be947e830db7acfbda4804e1aeaac332

SHA1
f843e5469bd3433038ca3609294794a3a614e1b7

SHA256
d0b1830f8cb35015176a3bcd82dc5024c9d5678bd2b00c79e94050a6af44917b

SHA512
432d0f29e04e25ba787ddb1c765735eea46c9c13baf855c3aef404b7aff916996603d8b16c942e8a99ad9395069019b9b7be93844d144e30a5d3675583eb0b4e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
5dd32bd735e704d5d0a9eceaf7abf7a8

SHA1
19eb7d370679326776aa02d7eaaf0f530884b145

SHA256
1765ac34a9269a9fff0cc302b3045cd8e8d70f03f8a23513b77bc86cd1e4375f

SHA512
af88e75e5a261418e9c72756922d2bae49eda36fa7e8504c67212125a515cc913e4d80ad519d7b3dcaa85820240436db1ccc6642a652f4b19702184a6073cd57

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
4b651b5d850cb62d628643f5f61b77aa

SHA1
44e6fda49595455df5da2926e5a646ccf0afbdb6

SHA256
60ea53a733a82222466bb7968830b88c512242b14444c77166a3028de52d88b8

SHA512
cc44863422bda386393480d8cb77844bb5cbb6225050ed79a3271c6868552cb07cf632e487a1da0cac975002ae77ac162e77281f2dfa79a6e40aa2ba907931f5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
883ff5e4081107306beadc9d5075650d

SHA1
580409603ba98b6b1bf753e47c606e368cce6ae6

SHA256
1c81c8b177e29d7c21a4da6acf5a1ba96804b2b5fe28bc046c9d18b9c486ccc1

SHA512
b9eb2f6ca58be779bbc543d5ed3c866f6ffdf194b6ea8ad8bc7051f3cd37046081d86c4a3c9adcdfe915fba1b2c09a8aa1e32c361efe109d666be65ca5fc8fb8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
5105d23a602e1cad9cea2a17daf477ad

SHA1
e7cdd3a3297b922d4bbd47bd3ab2233269ed620e

SHA256
d174d88c8df6a4a92bd09539446545adf88b1a91ad0c1df00a29d34fee5c66f1

SHA512
9a47b4289f23588af84d9f288726ce5efca552abaa10d8f30b9c951816a65aaf326bb8b9e5fcf97eda0525136e8ea73cf4618f5c084b4b97cb33fbc80815c8bf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
d2bbbbdecdc83f53995acd036c25e8aa

SHA1
b6a0ddbd499e96d7b37d0b5be71e2015e27033c8

SHA256
297febc131aa531b24a203bf9bda4f5686d153e7dcf2fe18d4ddf8cd778abc4b

SHA512
5f2515a62607f5891fe285f2af8b861687eba871372dd6d934b7e8d44913ee07d93723fa1242252ee1a4e0b41d7dc4acb0732981f7bd88dd486da7c4df4724d7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
dd6278a1ed49ffca3e20336f9bd5b2d2

SHA1
67ac5d42945afadf2076ceb337a23ff0253d5834

SHA256
6e1aaec749c4779e31c9c6d39453c6048689870402a9ac98219bc98de239991b

SHA512
61a0704e29c5eb1d59809b64bc22640fd3bb993eb9b9d83639023e5ae5a9eed84b7eccba6510247f4ea7db1623a645a895321d5863cdde61e3659a288ccb4beb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
ebf812aebca9c64519e5f6c21d2013e4

SHA1
b92fb1edcdf063f6010cd10c7aa63809549e4710

SHA256
1f5870b466e60550c66925f232e5edd37c34d48f48da44028f06c344ecd73027

SHA512
d898bc2e29badf5ff3e08fcb009ba83e20b08001b50af0e378171c47cb6eb45d8648bceefd4f849b1937ebac0693bf1317e6391fce921c84348e582c2669d3ad

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
9af43866c54da6646a643f05c7f9eb2c

SHA1
5f6326c15e507dd738e17357f646cf70c6d42811

SHA256
379bed96f99fc89dbc72280e756ddfb686169a99a70c02754a4c03f1da8ae0c3

SHA512
d4500e4c3a0df09b3720cd9809a13844aecdd8f8311ac1640bc97d6bb4df57fd3ba5d29b9e3de16661607ad9b472a8dd22d3700977d59f3665b11d2d3c7869a3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
4b5bb7c5efa839728dfd5e20aed7e920

SHA1
2913df4f7515ec294e30da4a2e3e63ecc15ce404

SHA256
61dc7abe2710cdc607ace92c25f4abd3428e1c7d00caeb684b7b644e56b8b590

SHA512
4374a6b24541e7afd5e1d7dc7ce74b4555e71f17f7164dfccd96a71e8f94073c978cff90e6c034cd1d094c5dc3ed9e50a515916c4f9a5ee33e4f13e664746528

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
11421043006ca2811179efb3e2b0245e

SHA1
597cf71692d2fec1de15b87d4553294d2c3921f5

SHA256
1654e12e9f6040be08c520825cd6312d011b1e80be3ff611bac72b1049a4450a

SHA512
0f3180ddcdb72bdeaa70685bb050417a824e76cd1ddf2241d1df83b67e67430ded3f3704b14db7247ffec7279d4c8460263560a7a3dfaba895a5afb365a6aacc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
d3913459cd7326820f31f8e595c4e195

SHA1
3aed9d4fd3458622be15cacb44142497d9f261eb

SHA256
042a6a7a82c5f696ea37dab02f6051d913f94c4cb9596fe6d1da41119cd1b3dc

SHA512
6f17683ff8852a79c231e57d5a7d602c1ac54dca1be5038c04a8e20ee1d209b4a96acb0f2a8df354aa98ffe549b3d6caca6e86ba1f1c995783626cbeca813c60

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
1b0bcd944ffd740b1e2934280de58ba3

SHA1
07b91aad408ae5c08ae47485a1225bd77c4e668a

SHA256
b6e0855d9db591695dd58776bdb2b7c17627b08eecb9c0145c2d1e5a9dad0be8

SHA512
40091d29fd8228940705ec0284581b998c16115314ea31eb309f6e1c35acbfd07cdd8f2411fef551cc1aa4fbcdec1ae451a04ed43159a348650d552edc8570dc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
5891edbbb5206b1d50c000406fbe8b7b

SHA1
c8a51d0eaa39486715a10495e0d785caa6f6c072

SHA256
7379a555058ee55869162a2709fa15bec4105832342c963dc5ce54f542925d03

SHA512
8d07eb498b20cb19fdd43f64f8b47364e59ef4ca6c392acf144fddca37e3749eed11477d2ca4b5955b21d432aa13cc572c9d2718ea197d1b55c2c3573c811fb0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
1e819598fa957241a1d9986af2af4a48

SHA1
76e7a486394208bf5cc4d99c0c1364d3ef18c68f

SHA256
968510c765152449eed2580e95a94592596b4fc9cd767dc4b6056293220ea05d

SHA512
fed6f2ab9238d39b33b82dc0d2b5c242dfab79be056700b5842bf7d3b43be0e17cf1308f1552dda7fc918142f8ad61c0181e6e00334e8725bf2eabdb31e6cca6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
a15ec78a6e99ab83a4f5df59aa7e6437

SHA1
3b862f784310fd64df1119614acd6633c1f50ad7

SHA256
b06947db81c361de5e206076c7892c96fad53ff737cd774f95e35ab504969345

SHA512
ced8f16b3923c5ce7ae3f61a53cf51a17ee4755e9108fa59e278cd9d17c803b649ad5d55e2117c12ea39ab2989cb166a5175a06ad96687e760183b112de4dfac

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
0da3f0221e7d3be3a856ea2fb91cdba2

SHA1
754e95453b49148131741f2b43bc33c681f21de6

SHA256
70b627b2eddb5f3ace0db6f14d287491ce89a4f5ff0d70a6d6586fbd07f38dea

SHA512
fac23f936c4f9b43adfb1948ac9ede069e19c840f2b9f37a3b567c260ca4838195a5d13c086f31a5c6896eecde695dda6c6cdcdcd2f5cd1669db7ed30d04ca7b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
87965290172a65eb1bc579d9a28ec102

SHA1
59767cd1465933f05381ec3998a453ac98b109b0

SHA256
797be25278288f937b34ca368b6cfd2c2ea87490e60872b94ca527bf9a97b1da

SHA512
d9e2b0fd14d8f7b7f18259562847d53e5af0b8db576ad64da7f70cd0a6fdbe3095dcc2e304a558df920a67e010d047f3bd5d5209e114cf953658f86f1e5e4f6c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
e95577708b4e224b6e67eb869d1505b7

SHA1
681971ef28701cea83afa8910e6e1773a183ecb6

SHA256
695eeca6435f9c8d175e2fdcc0654708a0a0922c6e623460509c70a777fdee77

SHA512
49a440c06070cc5ab99e07483a593dab8a758e5d3e38b17622723f94605766b012b89c7b8632cdd067befb6444ef53a6fbadd3a36a035125d2a54fd283b0eadd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
0946c8e73eb64bb7cbdc7851b20c85f8

SHA1
3ad8c64071604861cc476d0488445be77a20dd97

SHA256
19f028d5e8cedf87893d293ea2117d5e21cda2f5cf2ed0dd67614508304da9d7

SHA512
40c56311570389e968bb4046fb1aaa8f35393381d2e36996ef56e0407875c1d07bcaa7c328192b839ee843624d4219eb3eb01b9f5deb71b2219805fffc576b37

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
f069b2cbd2edd866ea22fa603bdbb683

SHA1
3d6c9553e1227b5cbf8ce3b675eb309e058ceacf

SHA256
4b7dc288964d2cccfc0444fec6b70a3967c21d105bec22dd0cf3387f3b9eb445

SHA512
84fd42a9328e899cdf288a7cf708102ea02ba3c9c9a7c1fff08a74ebccb2844929ab0d11f02411f6cea645bedd34aa9a364ece080329f99642e42d7fb3af35f4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
93fcc53b9db15be6b3cc145a261e5c90

SHA1
2e9665977f8c9194a0ee335c9e733872133d5e84

SHA256
40203c50af693195936a9b03c4a22b21eecedd101f0e9ec45d727f74936be14c

SHA512
4ccf5c2c31f57194b69549abd54551f6685ea5f4a2ab20ef5ea5b1451db3bd880fd4abf19c06594e124ecec35690c38185b04924beaf103e61613e37a23f0aa2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
0fc1e173dcf849fa4f80aabb2b7a3865

SHA1
ef53345b241af736780d19fd1a414b440d517fd4

SHA256
e4e39e2f62d97ab4e9a6f09052b0a87c675ddf15e15a356160cb1e3b602c1f27

SHA512
dc8082b92933462083ab8ebf0fce141441fe4ac50e0208df82335d698a56a65af9c6d0bd45788b7bf06cdb4e7782978e8f7a30dc118f9ce57fd9b1bc609f4a3b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
f3545175313fdae2b1d783c45bdde774

SHA1
d99f7c71791e9fb54c1ffe3a33f9e0cedfad731f

SHA256
0489c97c7c9ea380d083bea1664ca3eb3ae797a6854f1fa3720360c95797207c

SHA512
5fc4ccfa5e44f11fe16a52dda10a0a86af2d90ed6b436d73567278f25b3ceab50214949f0794a931b7c5880478dd47d04a5772b3170b1b2e9ddc48d7828f43ec

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
3cb58cc0b3fe08ce735ece81954a337b

SHA1
3f8686f3698c98fc37c7769e9e7c8ec004547fb2

SHA256
dd26de32435cd254f2e0303ece2c09e31920ab5358a079b9a8abe0e459317fc6

SHA512
f7297aa66fb7fbbe5fe2dff1af4f1499d3a8dec99214a4b50cd444e38c7ea438416fe5f093cc657f6f14bb8a5730951a7cfb117d3dc991b389261351b8155191

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
7f3326d3c34825a97bb30b6f18423663

SHA1
b1b5308d46700021600f1767c7a633cf64e8c919

SHA256
7d3b0727bed9a3285688b714252ef1a4aae4dab1b426a44176ea04eef57e3398

SHA512
35457840dc108c0009514301a71014f3ae7577aa5962fcbd252a9ea2b937640c4ccae5b4c3b260364d2e0649f14ceb704c7b62b83885011cc50c50d75b73a96b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
8aa935eee3eeb08424b00f69649e519b

SHA1
ca95c3342a64014264c6ee74798f5b98e6f9446f

SHA256
5e69ec876e560b6a574278574f05e6a4216d31ec5411cc18dc7044a91218f811

SHA512
a5e6acc3448a23a2f0edc2344b84119135f72a081c712fa2bb1bb5d96229edb50997db5fb986521233963e32b8d75bb4a2bf6802f7fec33375e95374711522c4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
45ee262013fdd7896f86602a8cda1731

SHA1
a10c96161e1de564726fe1d90213e6230aac62f0

SHA256
91d5c427802959190bcda2d33b637854a96f31a9e627e245e06bd2f628df09a7

SHA512
41c1e99073c397c8f8a3e756fd45b0188da4620857519f4cde0051109dd0c9bafddfd2c2a5d1555d0df0bdcbef2b8539d1b1829e4ccf4cf73990100b97532c23

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
fa68a100b3e9511377cb920f6b819a1e

SHA1
2f6c19c1915557d1183164474d4ab05a5e6b2224

SHA256
f78e0a7b8120de88243f55aae6d7e5978621eeaf8abb4f162612696a6e72c4cf

SHA512
02b2c7766930c1bd101e8d75e3fea31fcbabb48dc03da570d98544949ed0e2aeb80cccccf01f86393686af5c7deeb0acef88e024353c461d349d2f28fdb0dfa1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
eacdcc1f075dc124f628f46ff827c386

SHA1
62ac2cbe196792dc77e25fed38960997a0174318

SHA256
742f9abb0db68f17d895823ca0aab3444129fcd47502167a7ad86b9fbd3572da

SHA512
e1433d2b33d3ecb9e5f90e5035423c9cc5a784c3775e3db7d72df336971f89b8e5b44883d22ac6c43927c2c787276eaec18ac6653f4b0d3fbfcc5e16ddadce8c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
1fc393587a47d6f4de46ee8a98ea7345

SHA1
7c577366ebb3391fcd589bf62b6aac2ce5cf16c3

SHA256
865b06c402ca69acef6d064973cfdc4069d065b935ac5d3dd80024d0d81809dc

SHA512
337de63ec9740b3d03b1ae0017b5fc4cc1d87dc42192b4865bfa796af695eb4d5ddc43ffcb231634e2f1b39af425ff5bb06a6a5d174f7101bc7ace369a74fc7f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
f383b7efde2b74a3520c765671338a90

SHA1
9bcce03ef6c2eb0b0e03934f9ad33b824d19d9a1

SHA256
40df4d53c27c2cb778a3549e2592f0f2cd9e12e0f8bd1be9d35a910aeeb31731

SHA512
782b18b1804fdc375a1673ec33dc7ee3e2ef0d6a43fb84421abb96ba839c64c3e98003e3897dfa0f591b58991b79f7285bd554a6ccd772688c872eda94d647cc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
2768fe158a32bb772c2a00295fa1f29f

SHA1
758a4858ed5fe578c47fca3dbf3decf3f50587e0

SHA256
40be1429af61840773954983b31bb3159651cb8ba95d79669d778bee9f2d6ab3

SHA512
33a225ae3f137dc65afc4915d145ac15dec6959be74802a46f6d4868b38ef364521e5c61a1d56a3775b7dd1d8bf5950b3bd0e0a12689e9136b2e4bbb1656fa1d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
5035d090b721e1b0b0a1bb7d3d3c3448

SHA1
d796e9d9a3263eed9c975563bca258ff3298538d

SHA256
e4b89149a71a679e4f2825bc6c1f6a7e1bc4ddedfc3a9873da83bc4c8d829b64

SHA512
7b44791a7f3d19d7072c85a9a3ce766eae89e99b13a4bac8611be8ae62d78410fe282e2d3fce604ff06daab6445433c861d019ed1e5d88be526ac7b18b82ec39

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
7d0b8f44bd42f314be3fb02e4a12d365

SHA1
b31f2100dd192106eaae13a1f51fe4b7b4a20100

SHA256
50bd133cfa23e17f77133f3d40cc592556f846472a2ea3f9c5ab565903f07354

SHA512
dd78947ffaf72e5b9a4d9ba6bcfa1adc0da86dc0f0df09fbcacf7547080287ab28907a1eb7149dbd702e1dbdca27a55d725610be7d623bf37fbe2dd77d7af853

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
aa59adee8404b486226e73cebd74cc56

SHA1
1a1405484ee242a14111a1a11b9ed7fb32c2c6b4

SHA256
6a7669290768af0969ab60f2962ddce2b1be5c663320887b3d3bfdcdb94eb3ca

SHA512
a8cc0dee8ff30dd03f14ad88563ca9de528d08367bdf9c723a27e0cb77f66735ac1bebe92d614377411a3902704982b0d7c082a86794550d6dbb759e72ca7152

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
3efdf99226d62f160d74d190dc58e64e

SHA1
a23589e3e246e55ec3790ee23ef903ed3bc1f375

SHA256
e8b43cd03f896d2d38ef9b19065efefb071def548dc5b908e965bdd83493ee9e

SHA512
12785e3fba61995182d1b727a93843508b76ac0e8a26112bf92b9ebc402f092546d12e0903e12cc4b21682cce0913865780948b60bcb08aeff9d79de43bb869b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
5be785123a0e21902b9c855bd5d403a8

SHA1
077681a7ed341d49584f031f7bcc8814ccc3f244

SHA256
54ed6cead7df0a12f97aa2093acfd80c3ea067d8cafce67f334121aacfb60550

SHA512
0d38cea3579de71fe7754c56b703fc0e1f1648f7337b63336b38810197c010ab79782f8f6038c2735456d96bfe130c7c1b0158f760f37fa250d2dca1360f2b24

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
fecf40592286a4ee9780b5a54a39c8e4

SHA1
d3b7b6b5ef8c57de4ef0ab13d0d8c296f4378af9

SHA256
facda40f63cfc4de470e3e2da54fa8d0e49af34d1ae7f5ff4e9e231ca0016f86

SHA512
30ee44d849871b6e8bfc5212f1477982adc21785a3ace7b2d321193bc1a6d46cdff296bc6379ef28f72744516be4f97cf68a5b1b352bf039ea86e4510277b287

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
4e2d697ec66d92944b827c270f0735c4

SHA1
f3af054cffe9098477be169321423f4d726056e2

SHA256
e949f6bb7356edec8f2bc1d714bb46f93f5b99211134d1f587f072e697145320

SHA512
e9f4fb2219b47363e136b6e5635ba75a8188e7d26fa11fbd7593b3766d0913cca7b7611e346e21e4eb471e546cdb13087e26f615ca9bbc2256b28ce79253d483

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
212b4546291e1fa882fa4cbd814c0097

SHA1
851f50179b5bc258e2dd0fc35b3c576f5bdba4ee

SHA256
6611d0a1ade4b3376a6df1799e6f524919b06721169798ddac7d09dff31dd630

SHA512
620eec61a0681874775c0aa267b6f804e58b3cd794647c7c06f0640687b80520962537610328a6f0aa818589d42c55664dc4665e26331e4b44bf6d905ac35b94

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
a7c43d37c5b783ab8bf2b5197dbf92c8

SHA1
6fc9ee8a633dc486de900277369094c4146a1388

SHA256
2819b733532da43f56ad0535b8c7f9fffbf22c649786d9f033eaeea000bb2c57

SHA512
b7e0a6dc5de2a6d501551916351f2954ecf2fe203fb8010a9afe1078ff4bfbe8911148ebd48f40f1f570ee0738c1986b319972c2e6872223106823865721ee83

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
2bd4cc16f2b9e84c7c83aba47172b733

SHA1
2bd0c79d1d65ec9bd71a7fd7d162bbcb87abd88f

SHA256
9500219e3149d5d676fce6daa55617615662e00d31512098dc968e2168b57f95

SHA512
dff255528825227e4c98e055bc3f389b2ba34f949d823068803f4a19b95b6614fbccfb6d29554939ea357d773c2456f47c41d834d45ed55944b3fe6d63e7a2d0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
bd8a834dd8daf1350f9a83dff7ad8ac1

SHA1
31011e4ea209639e43fdb5a1ce43c0adf5107fb5

SHA256
6177fe011e6ec3e036f68443581a33918b20f475796cf910cc928e257f54ce18

SHA512
654d29521888789e7352bf40ad2d6dfad9263dde2a134c9e419cfbf92ea5ce5e6620f45bc19137b336b8b456d7b997ba3edd065fa2e7516e6c397cce425325c6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
11af42926b86975b5660d7b67e2249e7

SHA1
8caec8e55166d39605ee8035354a6f9ea73344aa

SHA256
6247f98b5206c281f319ffa62f5ee6e0633580996f994575572bfd40f93c2e6b

SHA512
7a9adfce79ef14f067c3e4dcc0c4b923d1b0b738a514be4c6d65b9f51d7e9d6153ab3b920b364debe73e9aefa75088d5e7489574fd2b995c906b02a0725df757

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
cdd227545831309386a47c283f1122ff

SHA1
f88805da5c62f64fad88fe11c9640236cf84d682

SHA256
5043baf5b729dca0d501369eef23ea0d526c539eb55278a91efd8772c882e541

SHA512
d3b3837de0671523e32e22815050ddde1a6500ae0caa884a90b905cb71c25a259c050be81db4a13cc61c813d7f4f0e7b6ac435a03a544f3c82c8da3180bf1b27

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
8e542e41d4351ce159886237afd9db08

SHA1
7dd53fb8c24b9eeca040c2e68c1480286ac2d1be

SHA256
3c38e17f713faf94d8f68a49f38f60dde2eac5e8c6d46fa3b8a65ef58bbc474d

SHA512
0c2d10c1e83c53d862f9f313732c76499ce2a7c8a1cf0ac7dd4031a652511def9c31241e04e2c34a446e3a133c752c18dc3f4f93ac42c2b6817208662ea035f2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
71feb7baa340c59c714e633fa9de6ead

SHA1
528a8e84a5db0c66b619cd23f2020075f2727a6f

SHA256
00abecdfdfd635630cdf5ba47c21a84704989bc23b41c9f9142aba0decf956fb

SHA512
eb36e0baea1e6c264008f67023c9537bf64b9ee3288a07162a11041208681f151414b22da54fe64ecc288eae46d67226a552a3963291abe0ccda911f58ae6437

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
30d85fb25ad16d54c786ca082ff6301d

SHA1
c0c53d480d38db1494b133e780c784084fd8d447

SHA256
e926b5d8c091d7507e5fb9222a46ef85d30a436b164058aaf111fc3886b77d38

SHA512
decde6051fd0244cde2320c7d8575403db938c95668bf37bc8c010ef5657e39574751c0ff8a9982925f19571c107b7b4e80b854f288b93e2dad34f586a872373

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
072a059891494a2cddfbd7b26ffb479e

SHA1
8a9cdaa422075dfe90aa9ffea3a7c8eb072ebc33

SHA256
724c82aab53996a54e4c93af7c8a067a7f7b1fa81dcd12955576efc3509580cd

SHA512
0919c94c68ca502c913e748f71136441907fd51ed14fe72fd97b8cb56f554327d929ea8ae436d93df52267a598998959dbd64f470d66c5e4d82f46dc501c97d5

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
e89961fd86399a9672768fc3f1a0da05

SHA1
5e03573d8aebd31e64ad6bc807eeae4325d602fa

SHA256
92fe5226adb85928ab59dce7a8847002b049cee590c7b70ea7c334bdff388768

SHA512
b58a13a681c62c37c0ab9995c0e82605f0f75dd0d1478d6cedc6ac921a102e1c3c71bb91d7a8fbf0c0e87a29efc18c97f9ae4bf1beafe4eb7b1db3ba21299a88

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
52efa575401f2bbdc35fb4519ac25306

SHA1
95989bae959dd1a1efc7b2f89a0725e00a2bc6e7

SHA256
a81816deaae970368a741357498daa0f736747fae79ff0f6b8eeb81b2258ccd2

SHA512
7db54c4d5a107ebe39a5a85e9f1f1ea2f9c493f577e4c288e4cadfbfe869aafb02361ad93d7b551798f35cb19a7464c323e15827c184cf2e825ac5b207c1475d

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
0468cd031139ab6f778214d0d89e5fea

SHA1
6e7480e3b29b2b658c25d2d638f0e9259268da33

SHA256
840de0be7e7a5a7d3695c09aedb9afe88c5d82d7232243aaa56e52c9d287246d

SHA512
4fe316a0b7d67ccd9dba7e1409297a9c81c3083ec7b02c4641ff65dd129cf31a4b127161717a248932c03c9b9d9ff1dfcee373430096e76afa4a7028fdc93cb3

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
bdb1398edf0f90a980a9c7ca03964ab3

SHA1
7dbfcc9f4412a0a947b8b303d934c5e96596b6f9

SHA256
659aa53e7b3900a5471b115ede1a11a6b10008ae83d1adb8bbfd5b5c6e191496

SHA512
ba4a3fa91d9d6564af8b8ea576776102f7dc5a9eababc5a643e6fd689b4eecfb9bf5f1ec5867e63d278d1beae25231b78b4671dff1023821140a661e87b587de

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
3939d0b61c2761f990a37ea08e0b36d6

SHA1
bbf606e3bc053247ebf6f53919406ad522cc6022

SHA256
7c6c258f8c822cc66e90419f1ea86d28fe7c650441d4b0c5393e50ab6302c179

SHA512
96698125595df6f775ffdd38c96c7236b32156d2232e36049bd3af7649ce0c3ae13eda6b4f9e8b275a6b37f75a07714701dbb0880f9cab4738823f8d79749dbf

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
fa389bfa495664f873a98e956842aa33

SHA1
5003c3b84d43e3d2c1916c23e91c2ac1aee78ada

SHA256
486868a94cd548ba77914e643a32f67a54ba813ff0c97f58723134c06d0477ce

SHA512
cd7ac21d4221e2839b93494bf80f282e0e5446e1b537664a752aa2abf9c61dc41fbeac8a82e4e3815ef7db0b0b183a0749b02b73a1d500a510cfc698a96719cb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
85c2130223dd13db719f8b23dc6667e9

SHA1
c6516ff47f961af9e391b28ab22dbd5bc9c8fbb8

SHA256
40153fc539679b08b7a7e97f4dfc2673572a349ec6402b318d945e05b8a06434

SHA512
8e1d8724e5e54707bf218bbbd92a2dc22b92bdeb355fdad9e05e578b8c8358cfaa5c89def2e6b113392f9aa44d0445713c39071b8dba3f3c936d9467164f92af

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
ae777b8acb1d7708cb7149f7ee532dcd

SHA1
5823df4b6b6bc8819952c411b9fdfffc65d321a6

SHA256
9cf00910bdf92c3a40f637c4e487d3b27a2ee0c1e2ca89f7b02b953df51e212f

SHA512
5a316fe02ae991d44c11be98e33f8a9f4501552d6a51820ae7e58bdc8d662fb5b88cf0b1b0b40d66898fe1b9f5009df148496bd6fc35ab02d92de4b675a23935

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
a9ddf09cc9cb4a2bc9179d33dcb8d4c9

SHA1
26aee15a3b54664904fb5b10607f84f1d3ce7bdc

SHA256
7e14012601249e0f20d8bbda88ba9930e0773e2add3e9b06c64dfbd32ca8d817

SHA512
eb1ef0f161c52a13285bdfb898d1349d27a964d0961b2448e7c0f1ae730d0064b4441500e7d4b331ecaaaa263781ef6f1b82190399a8448455e9584bd51718d5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
2ee38650c39a7924f47f9cb87e525bf2

SHA1
7c1bdd55fc1af76f463904d8380229a3dbc3ad89

SHA256
dae9b5a4847d307a1d90258f03e8af674b8afd4d7e038891f9a6291cf360c0c3

SHA512
8e763d4926bfcaaa0610790066cf843074e4ec15e5ffd8189b68071e16ad16132b2f75905129d5893b6bb719f7d51fd7a8909d604c8b13fced33b7dc12038aa8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
464deb68905a11a7b0585f91dc2976bf

SHA1
8ea22697e8f89431f2d47347b47dd9046184428a

SHA256
4a07c2dbd68f007374a74cc6f25be44a6850f9c11af1c381e4bf2313cf87e28e

SHA512
679c0aa24a2bbba0ad66a6fc44ff76d81e2f3d07fac06e1855b76946d0e0edc23b448760a4c279ef77eb6a5f73e1f28b6a361f921d21f79e1a6c2bbb386d4002

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
f5daa88d38fcc93986b11cd73bd18d6d

SHA1
7707d17c84978ea68c8ddaf05bb99ce485809632

SHA256
fe2ec12d06b015dca8e59dbb6d7cc16ef3dedf46dcfe6b76a70fcd87cce023a5

SHA512
8f724819317318d7eeb491908fb6535d4a662cd9231765fbd1b96bf2ab4243a515cd22e6c29d5b9d764ed0e482f0495c55662dfb82e9da3686f3d9b1006e40b3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
3fdc14e7f353ea54aac8cd2b393d4cf5

SHA1
506c80f10b18115f9cbf4432bbe78fe889c5fe83

SHA256
efb6d659d11ad032fd1cf3966bb8daebdcbcd7fac3873e38aa4c1a35d8836b5a

SHA512
627f5e17fd7475763cba743fe8265bb25171760f9590ff14cf86a67c4cdad1c4048ea0318719ecad3cd2b70f36ccc2b86649096c65bbdf50346f84c139ea2fee

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
94d88d9b2703a3b88c13ae17f84eff88

SHA1
c3aa24080f5361ffadb236f524d838013a646d2d

SHA256
87b50d8b33f893e2fa332a0b2c4afc5c3fb580eca428c6c04d1c80a9509703e4

SHA512
4c5a1e5a3358ba337138df2a9faeff357bc396f5e8177e0aa6ecfae2fe929061069bd700ae4f68549d12e1c2f814f7ecc55198034d3983f3baaab28761d2dc63

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
43bd185c34229e4ac9855975de133fc4

SHA1
75bdcb5a5bdaed4fd95f916062b0b7056174f625

SHA256
9654e63814b5f4586c67c5a579983f26898a4339b158f67c46f4095f60452ae6

SHA512
41745146d9fd1e265660d86f9529e0bfb85c2bf3c69d17bd1494c92395fee878dbc78b825acee4b3cfc1ca9c615f7bd77f7d5a382d5909aafdcf124197de6555

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
01ae71c75821a7541ace4a0b3a392594

SHA1
945926566c3e257a758e40877c5cfa65ebcd2bfc

SHA256
72269cbc8433ce5b5a305214c241c7d3ae20519b5fc690e31f94d7b7e7e18fa4

SHA512
cf0d82fddcc94e827102c759254448938d26e813e5cffc1641009f367458af811d4d714aa85e7f410407a0321acef419dede589ff6f863421bacb5f88e3d28bd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
022e62158add48a4e616d04d1a082095

SHA1
5ef2018b3fafa9908c59d838d0f8296a01dc7ef7

SHA256
6eb3b0ae248355d46a6bf79973383cc405ede862b5e27e772eecf9034ca2168b

SHA512
e527912699b6cd77a9918f976f149ad316cc1e209777522dbf8cf6c037eb5671f1bb628b435ceb4c129238051f9bdc5f5ba2a54578a324dacad0d797cff6df7d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
2841e71ac4c2b2edb3a13ec2c49a1fbc

SHA1
18d2c6fea5b047519a11e3e7612c35367edaef1c

SHA256
ccd0da7112a4b35b9b5c5a1641ca56eea2b646ec31ca17acedb84c8ccdf7d6c3

SHA512
ff7f52eed479a486bf9ca6da5077991d75b056824a6a111c4fd392fd73935836c39c6d476b67bc25d0e11bcf96ef4a417cae58f5c0ce9b23a1ce9aada822dea2

Download Submit