34aaafb27ef1d8216791e585f567ac16ac0fa4d39c374fc6c92eb61c97fdd17c

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-10-2024 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
Size

21KB
MD5

28a2ec8263fd530d7f10621742f0e152
SHA1

6d5892eb035a041c8d133b4b2073eac2206ca26b
SHA256

34aaafb27ef1d8216791e585f567ac16ac0fa4d39c374fc6c92eb61c97fdd17c
SHA512

a029f10d051a4ddb74492329eccacbf872c5cee9d4c6a584a680581129ee845afc0ffd4b929518b483335fafe50a277bdb3ccbd45d73d2c765e57dbaa5edc9b1
SSDEEP

384:CebFNw4Pk1itKkpAjjI2YpdmO9aMVg48JrX:C0FmBkpKjPYpgFX

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2217) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\GNcWPTsYMeQ17cZ.exe"	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Comparison_Operators.help.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scopes.help.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00a.inf_amd64_neutral_a89d2c01c0f43dfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Parsing.help.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Arithmetic_Operators.help.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_escape_characters.help.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Foreach.help.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_escape_characters.help.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_While.help.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcom1.inf_amd64_neutral_96c22c683482d8bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky309.inf_amd64_ja-jp_afbb421e3dc1cb6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_wildcards.help.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Arithmetic_Operators.help.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_pssession_details.help.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\bg-BG\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph6xib64c1.inf_amd64_neutral_68c99681343e9b68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00h.inf_amd64_neutral_96a8e38189e54d71\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnnr003.inf_amd64_neutral_c07c33bfb5764bdb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_jobs.help.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_trap.help.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\com\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hal.inf_amd64_neutral_232b95977cf6d84c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmeric.inf_amd64_neutral_27c5b45728cc9ed0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_neutral_8887242a56ee027e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00b.inf_amd64_neutral_4412894f52d39895\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl006.inf_amd64_neutral_e5693eb731048022\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnsa002.inf_amd64_neutral_d9df1d04d8cbe336\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wdi\perftrack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr008.inf_amd64_neutral_2cedaac353c381da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmeric2.inf_amd64_neutral_a0575ec9ce5c7de9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nettun.inf_amd64_neutral_bd24fb174fabec97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnova.inf_amd64_neutral_b52d8db82d8c3be9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_output.help.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_job_details.help.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl001.inf_amd64_neutral_9209e816461a1a73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00b.inf_amd64_neutral_89b555703683b583\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnsv002.inf_amd64_neutral_6ca80563d6148ee5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsun2.inf_amd64_neutral_242c76ad2e288fb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msdv.inf_amd64_neutral_571f87a277565224\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sbp2.inf_amd64_neutral_332943647e950ada\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced.help.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_command_precedence.help.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc007.inf_amd64_neutral_2df575afa0f7d35f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\atiriol6.inf_amd64_neutral_bde34ad5722cca75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnle004.inf_amd64_neutral_beb9bf23b7202bff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00d.inf_amd64_neutral_ce7a0b4e23e432ad\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_split.help.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_History.help.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_neutral_c70e85b87ee4ece9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions.help.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\crcdisk.inf_amd64_neutral_d10626d1f8b423c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

Processes:

28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\PREVIEW.GIF	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02748G.GIF	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\MessageBoxIconImagesMask.bmp	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14790_.GIF	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\43.png	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_left.png	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_SlateBlue.gif	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03205I.JPG	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Purble Place\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\THMBNAIL.PNG	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana\TAB_ON.GIF	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTaskIconMask.bmp	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\icon.png	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_down.png	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR10F.GIF	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Places\RADAR.WAV	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0164153.JPG	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0313896.JPG	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\cpu.html	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\17.png	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0313974.JPG	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\SAVE.GIF	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115864.GIF	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\CreateSpaceImageMask.bmp	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Stationery\1033\JUNGLE.HTM	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR47B.GIF	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\11.png	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FRAR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382959.JPG	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ERROR.GIF	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_over.png	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_few-showers.png	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_left.png	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\winsxs\x86_microsoft-windows-i..-els-core.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fc916ed3f8940682\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx35linq-microsoft.build.engine_31bf3856ad364e35_3.5.7601.17514_none_91e5fed2cfc27cc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..erecovery.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c8924ce806f001f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000850_31bf3856ad364e35_6.1.7600.16385_none_42c91e047e2ea12b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7601.17514_none_61acd141e5332baf\wmpnss_color32.bmp	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_server-help-chm.snmp.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_74164a8cec787e4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-x..lugin-mui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5570e06e25ccf01c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..tfmonitor.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9bade638c86c47a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_it-it_9ce4c6a9711aabea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnkm004.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0f1266b3c8108e21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..structure.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ee109a95f0fda2a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-takeown.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b5da002c52680f4c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\inf\Windows Workflow Foundation 4.0.0.0\0005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nshhttp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bb683665513e314f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-scrnsave.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a50ca627012e104f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..r-tlntsvr.resources_31bf3856ad364e35_6.1.7600.16385_de-de_054c35e9c2e5f687\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-streambufferengineres_31bf3856ad364e35_6.1.7600.16385_none_eb86a517749854b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_eaime-traceproviders_31bf3856ad364e35_6.1.7600.16385_none_4707e1890fa7a633\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_iirsp2.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4619279608a98a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..snapindll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_faa53288b11cbb02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..per-tcpip.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_05872eadf35937c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_nete1g3e.inf_31bf3856ad364e35_6.1.7600.16385_none_04871f8f4b13ca44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1543c3c503d80bbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-whoami_31bf3856ad364e35_6.1.7600.16385_none_ce52d479e329be32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-write_31bf3856ad364e35_6.1.7600.16385_none_5f5928533e6b72c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Workfffcbcd8#\8e020cc06c4052a50083fa7eb060e92c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mdmgcs.inf_31bf3856ad364e35_6.1.7600.16385_none_018280cbf469db17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.web.management.iis.resources_31bf3856ad364e35_6.1.7600.16385_es-es_145dba5b8aafa6fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.7600.16385_en-us_be90564719d92783\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft.windows.d..ackmodule.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c0b45804490d366e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ieinstal.resources_31bf3856ad364e35_11.2.9600.16428_en-us_38539d441ff8acc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..reensaver.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b3303c4a2492d8b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-iologgingdll.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_23b1ccbcf82bb7f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_hdaudbus.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c7c43a447533c64b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce\Windows Default.wav	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-shlwapi.resources_31bf3856ad364e35_6.1.7600.16385_es-es_af8fc72c3de10579\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7601.17514_none_f83a40e7de7c47da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-intl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_21f4c9c99f29759c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Diagnostics\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\401-5.htm	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wlansvc_31bf3856ad364e35_6.1.7601.17514_none_fa6a47c21b85ab79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-dfsclient-netapi_31bf3856ad364e35_6.1.7600.16385_none_6072917391cb3511\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.1.7601.17514_none_278509352a8ef540\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Web.Extensions.resources\3.5.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..sc-style-rectangles_31bf3856ad364e35_6.1.7600.16385_none_258f1924c482b7a1\NavigationLeft_SelectionSubpicture.png	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..vault-cpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_81784b57f0eca0d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..umservice.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1f2f2b7d0c80092d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnrc005.inf_31bf3856ad364e35_6.1.7600.16385_none_227092d2a7af4a58\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_927d3057eaaab2a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netbc664.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3504beafa788c5aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-c..c-runtime.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_287b0a356c80901c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_02ce9af6fe2baaa4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-e..ntication.resources_31bf3856ad364e35_6.1.7600.16385_de-de_aa4ed76aed194472\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_faxcn001.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1e3474e874c099f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..mmandline.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_793d0bb8e6e170c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnca00y.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_931fa6e8d461efe5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.web.management.webdavclient_31bf3856ad364e35_6.1.7601.17514_none_8fba96db23caedf6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.identitymodel.resources_b77a5c561934e089_6.1.7600.16385_es-es_d863840be88e280a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_de-de_083ed574480707a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..shell-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_71be2beaee655289\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..utomation.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_85f9af7cfbdc2509\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\activity16v.png	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\GNcWPTsYMeQ17cZ.exe,0"	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\shell\open\command	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\shell\open	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "JCJNKHJASLNTBGZ"	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\DefaultIcon	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\GNcWPTsYMeQ17cZ.exe"	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\ = "CRYPTED!"	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JCJNKHJASLNTBGZ\shell	28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\28a2ec8263fd530d7f10621742f0e152_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
546B

MD5
6f648ef72a22a7904da3de08fd4a07b2

SHA1
6dcd74b159f584c64375b97d291497ffbc7d34bb

SHA256
c210bf789f938a56da9dce3d5875d54c05f9cec2946a35ec8eb3b36d13a47912

SHA512
c0a5c9d8f852eec7dc40dce74346c66e85eecd2f21524a5ab3ef88d938d373fadbf93d171c0883b081ec1a998180a949ba1d33510751baa2e81661d2cc2c3ec4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
7bea46d5960d58104f0dc54fd4a98d36

SHA1
89d93f8573d78960cc5f1adba6bc4dfe97458a98

SHA256
d22ceb226f65b9d7e5a0fae0592655ceef3678c919751e83909f4f19001bf6c5

SHA512
a6e91d8a67adbdf506dcce95bdca37fbb58966e0262767cd0c3bca1c1c4fadf37b6df540adb6c0a127dba8cf8978b51932c20d9c5394e8f0ccf0ab668b95efbe

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
e6c48604215542799106bb24880c83cd

SHA1
f8d8fa91a71c24e38414a463c7a4fef05dabe36b

SHA256
f511b5683321214ec2e21928afc6df6587decc9b480dd1467bbba60014955ea9

SHA512
50031f74c37eb879491d6f844913da1a803b9a978106970337eda0420cbfea2534f6a0a5bc1b0cb5d5ea3d5ad2aa1bccae55470ce3afcb80b04ff579c6fe9977

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
2ca632fd110c97d7a02d03538ee14483

SHA1
b4589852ae41fdb836f977097367cf49be682fa7

SHA256
d33697912a4f8a71e4a215165f2db044d4d0cf05e1593445cb0cbe9fa930433a

SHA512
7065352e23445c6256f56b80cd05b1084c4816488d6da071328b3ecdb57c8ea72e6de4b3f78366573fddcae0054d4d7f51d160b8ff6620cce976ceb2abc20c14

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
abe7f09fbbf00d4cda4e2b1c5d106e29

SHA1
d234eee2768924093382c15b26f676a626fd3e28

SHA256
c9646be0320f3db2bff205013dfc48c1ab645dcd92c912c869b98776572a8ca9

SHA512
0fb9663e89eecf03eeadcb49280c0096d9461e1eea54d8e0d1752625e91bbc5bcf4721966b79c1402e62e660b96beeefeffacdd9d13f233c2ce9af3be5b66025

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
b4bb9945cd9be668b41860d67c8c4e11

SHA1
1e5ba8264e18950e605334026155622226b0939e

SHA256
17a691881f509db091e9cb1672156b20b1530246e72ad5c5f41f9a2f9c5b7a87

SHA512
f8d3b52690d80e0fb8f1f2894addd9a0f6cbadd51c40b97605dfece0d716231895b55feba60504f678f59c485a65a5335844629d2af4420192fb9cb6c78c1250

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
a2a2b9f367d2d4c016c80ad267bb848d

SHA1
3c3fd8b3cf923e5926e98af13e4c09d5c7db3473

SHA256
14737cc9bf1b25b8e802a4ac6404923d970edbe8c7f197bb440c4497ea8b8428

SHA512
22950f7f7dee8bc752e558af1a2b9f3ac5f170b153ca240c78244be8d5a58e4da85def49fb9a42a35077a38b82cb1f8b8c9a772149d4d07d976cf73e7d00879c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
2323a3ec9d5f0a345c1919f301ac18ee

SHA1
6ffe77d64b4d50b5d6a2f4ddfe030ae9a642f3b2

SHA256
e001c9c479fbc0723b8d8d3ab4ddde47a7dfe531a0478164c8659dff529ff127

SHA512
fa2b27b14e5aeda0580adcc3a5ce7519e9f3235946df5434e8a5fc30e099c5bfa3988ce06fd8a8b7add4a89211577e526e47a9a24b13903920290266b312cb33

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
da066dfa05d7b304db6f91acd585d8ad

SHA1
43e71f4010865facf8331ec2855f35d23af88e8f

SHA256
3417605eb5d04dfb12375d70d9792a458a3934b0b710b87d1875eaa57d1f932b

SHA512
f478fbc7e92727b9570a6351322dec1e57a8687a10e15d4e2ede8ac0995da227ddfd2305c9a8abc495d40aa4d778a1d28c4f1b89f6db983c6feb504c39044d28

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
577864f5baf598cc30647fe14d96ff9c

SHA1
eed53948e3ef9af30fa48e78da91dbf999a889d4

SHA256
807688da9a712d855296883ea9562d99da259b1d88308a005056d38242307e1a

SHA512
a0ea7947ea0dffc1abf38d8da50a4ec2095ae9ce87c2a35055e008a6c15ce2efa3d2cdb6577b2be7b64baefdbf38507d4e8351d5f803ab03e40618ce706bad83

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
4696c691b12dd49d9e563117a8f66c0a

SHA1
554f1ec36167c192d965a5d7e538c93d5dd7cc85

SHA256
8f3f0d0a0754e758426635bf8a08204f32aed889ef3a00565939ed8b3fe42a70

SHA512
327a1f8be48a5a1c1d84c2147418cd173288161b142c02af1a687cbb18938f32c4ffe7c6994590e68d03def5ac59a0da05a4a4f04182a36d1bb50d63594ba383

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
b84351287c9b0e6ad4ed4f44964a4bcd

SHA1
5ed70eda64edfd99816d859741203c1480282cbe

SHA256
8abaf5bb82347500aa591318f30ebcb8c6686f1e5bbe652764405c09a864fcad

SHA512
859a161730179249fa52379d4aa73eda8e549f9f731b224c2752dfc5f8ae76689225ab24552fe8e18052fe035ff2f71c2e6ef91102f5f5429ad9fa5aa2ad4bd9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
a98e4beb06bc0aae0e0c18c7cdfa70ca

SHA1
aba50a075297fa2992b9379d54fcd51c1a371ec9

SHA256
e5fb6d2ff5bd2947352155182b2ea5ffadff5c8e6ccd450d54362060eacafa88

SHA512
a850ce5e304a4d61555bdd7d03e1e231b2b3f05df0692415c29757c9bbc5ca56b3d6d8d4aea068a8c402fcb52315c06badd01bf04797369899020c79612024a3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
fb467ab745d63759f9d7bf1216df7f2b

SHA1
4d25641eb12953b1004058310820aa7e4eb3695a

SHA256
2dd264b7e962c74b328ed35b1fd5991cb8473e74e1429e7547b4292ad608f58e

SHA512
7fb712ea10f3724fc1361f46057b7fd046747d59b26fa4d42f069774f605116776f01bee0f2f7c80abb120d40b465d4a5b5aa0548d3d941865e5843ce732117e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
41ba9476425a50b81f5ae6578bcabee3

SHA1
b2b32cf630f48659c3874fb519061b3f223240fe

SHA256
532e6f28b528dc8a09a383fdb4438b7ee7fb7a9ffbb1d3a0d183ab5561cbbefe

SHA512
7d66283d7fa77ff3a1b696fa1c4db620880007f2d7366180ea951eee867e676efd1248a63c9eed325fb64e1d239b8b5ea3f5ddcfccdf451dca6851b6ce266f3f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
32c9ba068feace298fc7710ebd035a9c

SHA1
e98b71e1998f34d7c6f2d8e9182d50eebe4cbe42

SHA256
a444c837e3408d5d9b7e2e1e010b2f132bf2a848793e17906158fa807ca00e83

SHA512
29490a40a3e8af3af88e1dce2c2cc5709e19c9712e0d6b7bce4f0a36dc68532c1c76d851a16cb506870670a3511d8649755098644a298c35434f767affc6f784

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
58f6f39924f48f9ce0ed5cb784d91a72

SHA1
c0810f8806ba4c535f8055fe91363a7052aa026b

SHA256
c3e515ae5c28cdb6ff6a476d76f58f43c05c9c6f5104d63d462bdab978a55a2a

SHA512
2bbfff67cdd0f708f25e25a987f0bb985ec58420cb2a114ed7124888d328a1e5b41af2807d8340fa655519a88505465007884cc9977ebf0a6d746ec9b1a8d46d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
64a40701f7a43eeacf8f3fcff3b41e10

SHA1
022767554976feb4041b0dcd3af6d5c0bd30ad70

SHA256
ec6fe3afeec30b996807c50b0f7c954f8ab503ad4233c7b81bc81cebf71218cf

SHA512
556763e05fa3496001b0835354b6ec212d186f1086200f028542c82dc25f7c7f38e6be460e8a960c4b16d175f2999e4493b6f71abce6c707ba1f01dfe1a149b8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
26adee8cfe4b5b8ba187334eb7474999

SHA1
264711f8eee5d314e8afe7d58fafeb30dfb7f1c7

SHA256
723a7f7bf8bf988568d259bce853c5e2818a2626414d712468cec41f7369f7cf

SHA512
96c868bfe08949030d4524f52a62a16c22e51648b3286b0083300baedb28d230ce7ada03693a1cca7cb12d794c3dda3bb2aa52d5eb67ec4a15cd895e7e6dc155

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
c6067b885a18b6b8db19f3db3e9e8e54

SHA1
1012548bdd795f5b0cb76d4294ba3e0d5f9b9a78

SHA256
d6396d4fccca4c6eab0ad84e312ad4ad10cd7dec1c83fcf28277d2c1234eb259

SHA512
835d62972edf14a9fb5b2f8a807f3a80fc4a3e19c858fdea0c9a54591f8f6c2b9fdc4a8704e4cd194c1ed08743d3901b79b09356b6d119e516416315e7e6ace7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
1e4f83c2a0abac52a735a8bd9dae3dde

SHA1
9453502d5cb5a1ad5608eb5daf69fdd0d940d149

SHA256
4dda1d07fff2a97827c997fca64efc7876bf735affd2efb9c478b9d4e4359694

SHA512
ac056d385a4a8386ae5d1198ec45099607ae456f138859bdec01d8bda9a0649994642e1fb07bf0cc9ba16c05bf70a6efab6d7069c91cb8dae4a81a9bd8b21fb3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
29ddce6613e95501427e0c634d57d104

SHA1
bfab163ad83bf1f1799b7b66c8f142d6f44ac6b8

SHA256
db17c1de05e7d31955daa34c7c13b9cb867f4702ea2d32ab31213770be5f2e28

SHA512
17372dedcf033b8356e171460044ad73efcac81f03aa327b3a14867a4caed18cc5ec370fa5aae7c0e085378fe01968e93a386776080be1a9a99cc43da8b9989d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
c11bbd80c52513f37929b98e8a4dc8ab

SHA1
db3e8cf4249ba1ec64b3bcbbcd387d83270098ec

SHA256
7f3d3da4c335689ddd3d6bf64911d59f2d01d6275d063db2b43076101a32d745

SHA512
f53c2c09054cabbc402990e3e597695bbc651aebee1952c72ab5534864eafddbe0204fa92f48722fc978bb587ab1f0e68d79c774b3f327ed9fc843cc6d2a63f2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF.EnCiPhErEd

Filesize
255B

MD5
cb028f7887fa736534be7ccd1267c4e1

SHA1
2b9f6a658946d7691ce873b0d829a340516ef7c6

SHA256
d5750f7e12637941a873d2e4f77d5c142cb9b49a095b603cf91fc1d8ac67ba99

SHA512
8710782431a9634856eee24489223dfd41376f55e4eb54fba84ccefc34ea9f6ddc8f0ec2d0dfbdac5daf16ba55dcafe423fe70709c3cc75a4e63e005a2ab5c5c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
19ec95c328989f1854b9fe1b02786cad

SHA1
9409dba6dfcc3fcd417bc8e3569f1af54a6895ca

SHA256
d4dbfc0b5baad77cc34b8d619f0db68c4003167958b311d164817b606f8f7b55

SHA512
d02a2b4ee9dfb1506d052ffa377320fc8aca3f9f97bd4ab248cd749f153661c10cc945c0088f4977860d479d2ac551633255f23b5ece8d2550b330eab3f35fd5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
1cd955372f1a49d6e538b20301944e27

SHA1
794e82371ea5eba3020e4cb3bf09b7a9db1d5985

SHA256
ef3785a60edbf17dc262bb2ce71f0dc76d5d13d05d7ac6029ae5a8292a0d4c75

SHA512
6d073e1ee3e71799c17c5e685cdd6eaae17420b069f4a418f8e4f7a7969154d5d5eb3a60924419a795db21f6f4f7101bace0344c837bbeb9a7bba4965b1674fa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
53ea6fb9d894f0c7f898e0e147d72815

SHA1
9489f46882c7ad0fcde366924055d6b75f323c30

SHA256
1a676d430c2c9ea9eac43bfbcdf4ea822e862b6d4a716a889d0a4d2c0e6214fb

SHA512
0f40a7833ecbb66f09d9e41bbc05bfada0df49ebd88bd474f7bb71c2f36f226a447d52d5c550d3b7366423c82fd3f6d423c53b8e67e3b025666595e2684f59ef

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
249a0aa2ec7bf0b07b7f241f1aefecbb

SHA1
cb2d3c0ae6de124e0f5967dab3010372579918f1

SHA256
d0f527f5381a00e53d66dc09978170632b0ba66591c8b63b9ef32fc55094de63

SHA512
5e2b2e03f05b299338cbadb1f0881c26a2513ecb621345a1ad15ce42bea1d2800e6c591a44d4d6ae8502f772deb5c13667787e9bcb6adb7deb2dab8c499619bd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
7f057f63e18b78445d42758933086d2a

SHA1
e978ba33af70c0a00656078c62658d8fa21cd982

SHA256
b545f3fd2ffb364d709fc163653f710f1f73b34419bd9b18f11e773b024682a8

SHA512
8c200bf44f017d3ed9161855d787529e00238618250de28b6a107bf5f0b6b6d387967852a71041bd6d4c0bd7afd2e8b38f3a30fb11888f366ce666ae10100f0d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
35687fd3f34513b1b242fdfb509d27ce

SHA1
7bf1973b3cfff3eeaf1336ecf914de2ea462e3cb

SHA256
fc2ddaa59f880e8f3d7996bd61b36e9c3fd22b7980459d218d7eddf9c4d2ac4a

SHA512
2f531b15686b27b109a72b74248ea339f65a59d37064d4a2a1ca8b9212d884b6b061805f03d4dce1164afa999efd2ea9a9fc9fa099a197f872fba577cd1a435d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
18a18643c90a16fed7082af83e17c89b

SHA1
27f82f48ee87795815e192f77a10338ff91f5f3b

SHA256
69e81b22242ef9135ee4bf6e03b234da71555b47df267765140f85e1cd1a4be5

SHA512
817f81fe8cd4ab5f2653f66c5c591a1a81ced26052e2c5d37c830fbbd1b27cca34caf449cbb0b9cc9e184bee75a7782d0f7424a108d88f1f3d1d65a1901a0e17

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
3b1dfa154fc74aaf54b8d0c4f5c1c74b

SHA1
97844fd9ac37a3c2fd5dfe04a4ca713c6acfc367

SHA256
ecb6dadd9fe17530974b5996024b737273ce02e620fdeafb2e7bac36fb0fc1e6

SHA512
098544b31495c37ce21c93d233756ab61d6ec467cacb82a547f027361586a3d887258f7ccdb0ea7ec3919efda6fd8969b988f6d4b6d5b4a7e6725f7ee694ab33

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
c9adaa03684213a9e23009f2b1116099

SHA1
8209d8eb33a6eab2f897a44d6ecb4649445dbc4b

SHA256
9ea81aa4e63da10a529349b3083a48458ed8a57790244edc22ec10bfa224eb1a

SHA512
592d6ef77bd808470a0ce1c9616e701aad275a61f92cc05521afedf88d45874d5bed290662826c0ee4022208b1e847925dd702bef6097333722d837755d5f737

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
b7f1516f48768f27a432a67f2df6462d

SHA1
cd22854e15c35822c8c3e400b273af8041a15b0b

SHA256
f278cd0bfd2e19254b56534e0363b7216230340c163335ecb3ee9382f3df4a7f

SHA512
3567f5de6fab794974efe92af46a20a82295332975e7b3a12520906180c5be6db9050a6634a28fce7ce6fcf70a34a8ec8ba726824fdc3817b52e1a558c39e5b3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
5ba3e287921eb88d2e2a783bd9179d4a

SHA1
6bb739bbcdd2092154d284757897dcbda669d9c7

SHA256
1e63cbf06a8f54f5a2827ba2dd946ee4ea4e4945086affeb7bce002c1e04dfc6

SHA512
5346398970f327a292ede7ec72aba7484183f7e6115abc1a3654d71fa52dcc97aef48093b3fab41c7548c837e45fa5220ee8bc5f3f4a0d9a74ed11a73f4c871a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
812f026b50bd7b1ea01e71beb3776e03

SHA1
12a21f21e004fecffb859189c2fcd038d8113144

SHA256
cd97e43d7e563ef030683adb669da3acaf9d1c968bbf3ab3676ea477a703ca09

SHA512
0e1e30a3d1730769de3313814a0da618ddb77a6ec9a21c0a32b411100af037c50baa0b6e66344bf2393166e1771f1b5b0c07d605c99fa8bd1c984d6a49a6c9bc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
468f3032e40ba63d116cf99f635a9fe6

SHA1
17f34e9521a3166cf656ab2388f524d1b736b4f2

SHA256
e78004c639ee6efafb9bda3e1563afbb37e049969bffda28d27c96958a2109ce

SHA512
37504fcdb67bea6c7097c41dca4655809385133576b763e81874b1b3b283b6357e4648a8c79dbe8d71737545a47d2b69aab21540187b714f9854ac6fdd26983a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
100a534178dcbf448c24739a82a707aa

SHA1
83d46d259132546304d4b5c1423390ff0117f5fe

SHA256
3b0234f1884257a3ae5287a10b60b9cb96a6adf25d505d39db956827a4857fd1

SHA512
c54b96a293c1e79b3146a24a82030e91415e0aeaef650aa6072e5f5f5c7442099c9e5e6c6da9cf36b81011b8c6836de97ba7940e74b2e44f1435434fb61728c5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
6d0fe54aaee6f96da6d42886b2ff29b6

SHA1
dce76c6320052b120c446ad31166a37fcb4188cc

SHA256
067cac75eeef4035c1de088119b7eb6b25f0864aa7767497149cf27ffe74aa4a

SHA512
13fae1207a678e7d2b7c48fdcb8e7772df9cd02cb11d7a8a8c84d50e94740191bf9c369be6ec24f61334fca2620c3b2d4df1c56ee32a0b5051b6658aef30be74

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
805e6a03c166895a9277f83f46fc6837

SHA1
39e85c4607346899a15da925b380a0c3707ed166

SHA256
2531580c09974bb8f64e45d2bdc6db192ead95ed53532a60978f07710bf45f53

SHA512
a9c97fca772c86172aed29323a4c220d2cea53c438d718079907d3a0f42efb7d5bff709f5657521663df55e879d39c6018ceb7934ed30bcd9e4876c5a3f98f87

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
e1e7e8bb8506c2088b243b434cd3a1dd

SHA1
754cd6202a727c94fccf2170c5ae221811c5733b

SHA256
8bb367f00770b4778b06be8a262848ea1ed3aa2030203168fa83bd4844f3bb31

SHA512
099b1302652c2caac8d77776fe460a3f1ed199e4dd1b7412ad6e2355ea8b285d10a2e00134bf4764b10b396105c808e740a87a9a79eac703c0b9c086dfb38687

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
db5733edabe7a0b179dec998cd34b7c6

SHA1
baae6b2d41227f15322087a16771d614c1bb24b7

SHA256
8e2cb930b8249829f58c69bd455577a658f62687ea59f51f4c764f51e196a3c2

SHA512
7154e921f2e35230187bf69bad7c2488b19a6510182cdcb186c31e96b4664bd58a5c3321d6843c7bb66f7f2565e8140f3f1b347910bfc8060e4a9811ac471a38

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
4136ba98f6ac72f1117f7258679f58f5

SHA1
bd7f2e996e36d64bee303ffe257b5e49a5dbfe3c

SHA256
4642567889570d650d06de6f7f9e742157976ffd7bab39d7fff2cc8ae7bf7725

SHA512
aee805415a69c4e0ee63382967d698dc69355c3a7194ea567391f9faddd7dc16c16c779b9e7e1bec8ab40505c72446ce7fac9f28df042bbbd33e07d4e7196183

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
61dc187d50c676254426b470d51a639a

SHA1
d810a46a81ad489911031bb47c9b0e2e3e8e356d

SHA256
882d58b2e319b1d6420191fd9a0201389b3c942c65af44413119c9c1f180abe2

SHA512
4798ad9b0837c694a3c565ef4e968e34766617dbf9275bd6271722b564899d6136ea32e4e75470de48191ad13ec74f8257a41b0d701b0c86f5db717badef455f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
02491390de637110c9d75c622e0fd1f1

SHA1
2653edab4b1879903cf65182e49a85f06b93699e

SHA256
e2ed9fe55d67fea0d6049d505f6f23a001212cf59c6e4447219c6d7c9c431d09

SHA512
25cb95a97d5dcea8aa0c87dc91639778da2ed93e7e20871bd41b91c2b1ae7d29311e283901ed80b2299b5ec14a955e27dda71157ca51e324ba4104d5a557630b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
672a93e88109abc9ec30174b10f33b1d

SHA1
7756f805789aea9d1c5d6a232fe8e13bdfc0fc88

SHA256
4a3b3071439eb05bfbba484fd4525cb36dc7a947a6ca59ffa0f2ee1fa5ecc91d

SHA512
91d17b640bcee3f6af4ececab969a26ae78fce94b6073534c5b82b26fa0f2992f32269b1baff05f9b004105e5ab024b33f2fd47e9f9cc81a50ee6c0192f955e9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
0df2295721edf93a94408de7c548e416

SHA1
1b4eaa6766e9c44d61c3b5c32ce5d69ac8586e7f

SHA256
9c5ccb9a80b4938c93773a1afeb17f8e3629243a44e9fcf10c194bc6cbf9c203

SHA512
da2e8e35dd716a1756bc91570fe70481ee92632b3c320583d6c1f3fc9c1e8d72544da8682a1f1124d5763b52896fc84be0e376e8016ef674697ff39230dad870

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
daa0b6e36ce670bfc9e363893356ec64

SHA1
beb6acbc3f42173348147144ce9c84de1bba38ed

SHA256
ba4bad41d9165308e98bdbdc2a5ad6db4a2c66f865bb02f1c5a9fa6baeb9fc00

SHA512
da94e2a915ffa44d38f122cd69a77e490607a4f9703dfe5750a4e1366846c58dc3c0af717c6c5edd83b57692afe54dc5c71561e4d454d68fc84fca8e0f1857b7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
f7b4ba8a604c039bb7033fa0a3edf397

SHA1
33f55d7358e88a5878fd9fd4dca1b2892efc5267

SHA256
e1a3f3137de3ed8c6f8df4a35addc1e8a06ad98ee117c3cccdd2ab23558f2562

SHA512
12ee08dbd37290c4347efc3fe9a9513e44bd8602c6ed1e9fbce5ee8b8df8f6cddbd4e3da8b3c69c495899a4047d2be0f1cbd74515fe7f7fde849680a5e4aa8c0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
dc1d89bd1d74dcab82c33f71db4b8df3

SHA1
5e736e0ee83f5b0ea85cf1339b2697be43e174c2

SHA256
2c954f0ebae81832f49c6040335d22b3a010ce305f5bb9974f4c70f0b1c12f09

SHA512
7464c2b6684ce3fceceb7a9d59bd5ffa08e310d7577fd5622c4651e1e7f0cbf5c5c3b94d1c537482d18fba11c54370ce197e025f511d3abc481a2273b7f8f3a5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
291b65465f5339296ba78bae9f757d9a

SHA1
86ed692b645d46f145f7ae52ed4412c944327668

SHA256
21bfd3e9e70bfca4f68d464d62f05cb1d3800de56e619d7aa8c14f1cbed9e98e

SHA512
4f923bd3244e025f29ea1520acde604d610f9cf453d804736da41bcaa88675e70967eb466586ff4f66cac59db1dd7739fc3eb91ca359392261d7492a8363d66f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
ff1b4bdb676f19564289b65822fbf254

SHA1
b0a0e0efa2155acbece8ddd3e04c204322c1b806

SHA256
ad513bd00d5d2e9707887868a434cda8ad975e33d9633faacb21650bb0ad363e

SHA512
987e3e8dc6380af1066bf396e116cf3c9262852c0a3783f9bcd2d64fe86067d8af3be33e66317c7bf12db58be31d9ae34bd44b25ce13dc653d0a3eaac038368e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
165ed7d34792b1f3cd510144d2c04d25

SHA1
dfac2d536e61d1aa5c5a3d3e4a1a6f98c3618e60

SHA256
d683aa4788ae465fc40b37b6b64213815375c888525f8e0f548e0c8386b5e2fd

SHA512
6b2e9e5db4a35513e2014084ccf6ace95d9d8f6706c60f69a3c49fa986f6a720dd04f4ba5f995dcea0b29658f5a17bdb70a3fcf3ef1b797de67cbd2e8dfecac8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
b899bd7a68dcd72d572b30884910f04e

SHA1
454f8f948762fa42b88ce62c660af212bfe018d5

SHA256
ef5bce4ea1ca134cfd16bd9e86a3bb473226ee37de21f827c0f68912c34d7645

SHA512
10a6597b064c478d88a2479e462570365dd0d6e319f816db77ab0fc480761afb989a69d537ddf1a5bd2e22bc3d3c71d50dfe4f3ad1bddd718f98c20b50463143

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
0251e651165408ea0e1c25e1ceed6d4b

SHA1
e1dafaa2682dcc6458a3b0065bb5987553a38c76

SHA256
eeaffc7c6399627542c2ba046f933ad4e8843296c697260695c9c79f802cd0e7

SHA512
99c30d02fd18883d538b0c093cb28fe0ac5dbc3acf0a93b3cb74ab97ce1624e8789658aa3dcf7f3160b3b02b1ca72898ab2827cb4ad51b9add631836317dbd54

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
65401e0a3d4cf27ed4c57c101da7c033

SHA1
19d62b3c21eb4b36717edf5de5ef78dfe656b2a7

SHA256
d03b41ff98d3c40ba812a67f4dc15d8be34d12c039ef1da4819338874bc2a5ca

SHA512
0305d64cef65166a7460a41da81076aef3a71cf080c7f7faffdd60cf7ea3d62bbc7868cee9f9cbb3af9e13c38f630bd8e633e271ac1631621ae8ac4e0b96f97f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
77bae7919bd515c03d1a20fff390749d

SHA1
04f1cf53444d85bf430aa9c16debe7b752196f4d

SHA256
0be3b726e4e545dfbcc893ac9101921b75323ac53aa359b1af07ed5823e9c749

SHA512
fd2f94250de2161c5d74e56b815657057c38df7a5b658222b7095b9abb7eb8296c077b5a6e0ff4191afa8e45ddb6c3aef073cd718a3455de2a0463e1a36dddb2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
16da124d2635c0c039cd8df530b56814

SHA1
dfc92e6202939029e525c985fc423e23d4092922

SHA256
a1716aa49687e0a644b0f6c0fe0258dd39ca4441c3844abfa34a98b44a3d503d

SHA512
b7c401637357bcf0b4658f42a33b54085be1a8c746f53483309fab3b1ab1619448cf7cb3f324b72d4e22e21ab8eab87f4185c8473bb2df1539d6b3f92a52efb6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
5719b3659ea7b98966ea625334be1228

SHA1
6ab9608b2654a6f03eca5965408c0100eb2723b4

SHA256
b4f61df4bf46c484d1c42bfcff2e14905b213a2acf577555f9fb819d8e9a8254

SHA512
8e9f3b822a118f1e2e6641b0ff92b5ed49c73410c6d3615b88f94811f61a31967f0d520a687ca9cc3774a7bec7b22f18b435416097750d6b03070a34d9c576dd

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
f99f517a9d62044a6ba96e5514ce99e6

SHA1
59d39f93c7f3a6469361e25f335f8115d3cb8248

SHA256
3216891a9fedb9e9a02e4fc32b56c2ab5f8b6ea013e27e1d8ca26e7f05642961

SHA512
100f3118f495aaf087fb638314a5572b5ff06b147d206c6ae7f5b6551b97e39a514338709313c224acce7b2f735adbc51701676712eeba50fd681b86465f8c2f

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
73e26ffc2f27f3bc58fe6d23ad2a6655

SHA1
817cd7793af53e940ea29d1be51b25665d9cf639

SHA256
6b87a7fc12dcd4a25d31ffa7d488191730f333a06ab9ea3a57c236488a196fbe

SHA512
f52d66da22b576ab9e20867510d40f25f9f5896fae1fa24f3175587df32922fa112edbb4ff77517745a59636e9440544c08cb8e1c75fb9903f4065b3c6f56aed

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
6fe875f535569b7bb4802491bdb9ef7b

SHA1
3043d3bcc53afdccf42df675e8e0dea2a1615535

SHA256
3bceda4d694af050395914a51b8b48df9bf222e3dd217bccd709b9ace1faba83

SHA512
bbb9f9e8baf71bb446af15e66f2a6a943b613cfc18bdc8e1f46cab4575b549f9db663c82cbf2755644786c35b192dceed8876f4f7b537eb62199e1cd746482da

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
720d4201758e5272ba502fa08e5ceda3

SHA1
0d95790ec67b7e9706c132c77a4e62ab05851e21

SHA256
5424930f701154fc9e05d7f610372c95463c7d7fa0a09056a658d10865a85553

SHA512
951cff8429c6d1a2ea63c0feb8cdb520ed386bbd896fb8ee33bf136da1ce8b1aba47a83ee84a634f458a8017888c0c4415acfe0a15259a2f18134c0843630ff6

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
baf26a0658b5abfaca9841c993ef5a4a

SHA1
75b281e2f0c9756539bc28214952e7c4cfa3d901

SHA256
572921cc25cf5f9e59009ab7c02c9a22d5281c873bd3184b35cc91e9d98c8ce3

SHA512
9cc95d4a985f48e33c50322be663930b149617d0d637e2c42fc2df6d490d300e3543916a43ae7757c7ddec800935c104be9c0d63f65bffa5ff1c57f877992385

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
38ad9d588edf742ad594a939893563b7

SHA1
e47a6a2feada7cd9d59fb77ff6dde616c142cabf

SHA256
5c83a8ca1fa93b5ebd4932165e4eb3d11159026c58c548bed028624c3cf35828

SHA512
5317ba65e4a4224f4f92dd3b14bf642a322ac49ca40734d7d23704085905fc494abbfd697f402318a5c858882c5aa481cf91618c5d1b4fbef6095d9ca996ad4c

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
30fed964a05a7f31ab0a596e089cf240

SHA1
80a284f7aa5baf801f83206906c4e414bf1d4db0

SHA256
01a62d02069cdff10c707c9ea0b353e5700012ea73e21798431340f9f9b18b46

SHA512
53686bfbff158f85050835df176658133da39aa5157cb8dd17317d047eea8d6b6d90b8bf7b8f35527d13f3c61d51f0a61adbd397e50d061cd329e973cc6d04d6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
5045fb57000d2eba0b6493db4776bdcd

SHA1
f5b82e684f4ef3b8308072726a3d2d78a6d2d57a

SHA256
d24b0b6902aba9a08ebaff2a4d1650372566e38c22e16c7e6680869a0cb2bb29

SHA512
96b687fd46a8ae07cc118c6048a63f3a9690e4d7653ce50ee8a32a575fc712d60f3c9e8c225e3553467f096987a658857cf89a8e44a3afce2c806b396a0a34e8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
1adacf2cdae6b6d9ad82fe1bd73721b4

SHA1
b11ad374423beea4934834cdfb5d4af4ea015fa9

SHA256
c3b2892ade1d41e80163b79f6028a312963f524f1c388d4bf27448ec83034869

SHA512
6b61333571892e7f05102f0cf07f34c53fe7bb16bf4f90cb60009b81809e2efa1d3abfbe0c49987db091b928bd31bc013510a1e69f6bd418d19e812f73fb01d7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
f690ff8f1a3fa6157c8b4c5757074fbd

SHA1
a06aedc04dd3ac525561985e223c6d59a12ff1d1

SHA256
b52bda519d461d2cdadec6b9e55467a285cd2d0fc16146934a2e40f283377c27

SHA512
25ba47cfc074827bf3986d0f1e993491363984d62d423e50212844455b5dcbefaceb2ac40ae8579e60cc91e1c92ad62c962e799d4cb5e01cf2ae5c90f31a06cf

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
a530742394e42076d12a656c62e713ff

SHA1
35f804e3da6801c74fd3f89b013cb154688ebed6

SHA256
98f7fbbbf1e522289bf85bd1041b7a000a75a26506148bf1c4ade3dc5cdf4293

SHA512
c5649a1025f517cf023dc5ec6bc63f0dab8448cc5b01fc6fa49a6491c6241c0796d2349353b577f5445eb5254178d2c8f12d6a63265e3be4b5a3df56ef89ef36

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
eb1130fbbdde8679c783de428d40459c

SHA1
b5aa5acb5c5ed87452a209a2fcc43b65e9eb7c17

SHA256
ab3bae093e87f682d46bfe57f1fce7644719240a1ad001510576d2c9ffb7ee90

SHA512
065ceed4938857cfaeee5fe889c2cc706c7bc51d773a3e82bfcebc29826d708e5cecb29a0b8868643f213f86bee66c3cb6e1abdc8a62406eb141d04be6ec17fa

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
8932eb3d8d98be3d6b7b816f9b4c0451

SHA1
db4c03ef9d1589db0397d90a8ad5f3d2205cf035

SHA256
ee2bdaa1fe5f183bbedd703682d5b07ca62830555bf8b20d8883ddd5483b5f81

SHA512
4fcd1ca131c3e932bedcbcbbfd56a08d7035296ecab392ca27787b885063a5d65f3b95e1b991d425c445f60586b3bd334def157500cd440beb4958cdeeea11a9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
d02f250b3d163e8667201ac3d22120a4

SHA1
c53d171ccfe80b49214c4d4698fd48f26a40fc77

SHA256
a4277c1b5434bd3543fec53f3a49547f9e08e235b068eb0661e2ab8e1330cec3

SHA512
4d609a7e0acf23671030fecc01da013e6fc69ad48bba19b5f01d7eca2e1a5d8a2856fa308d878308c21270ff67431145c44962bc8efdaaad81a1648f55036a09

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
f0e4931ff203bb8f312c220ea7288e52

SHA1
51e463906e2b9cf85da5d4610aa859f4ac9480a2

SHA256
48cbafb9dffd320a878aa4220383e2d61c27027ea9c4b39dcb6cb94a5379dc0f

SHA512
d086a205007a19ee9eb1c5eae7fdeb41912c97fed59bfdd98812c9af0077d28c75bee571e702f53488d006e245c58558c37cfb9f3413a553b7fa464f1dd710ba

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
03d03e51e67959e9455df43c06bf58ea

SHA1
a360804bffe0dddfcfd692dbe5b2b977207673b2

SHA256
30e7fad37d3498dfc5da9f21cfc57496b2ca43be39a90f9eed2bc6f1ce62b0f0

SHA512
f4c58b2ce4c53401cf7b0936268e589d097931c3adb174aefe4eee553653bf825d599c1db3298af43a0187c1acdd417716a696d50ee762d5f075d2dd1e5457de

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
93b6a746956237bd0a4cb2c056bd7f12

SHA1
d51602b5c2a10308c58397d58fc934b54dc13535

SHA256
28d9da29ddac12cfa49ebad9d26d7dfe822a947864ad68ebbe3a70ad728f2168

SHA512
1305bd5b8d60b3295f2914854e2455e2161452932fc3d4ffd9e7d85fff592ff92bad0f8aaeee836685090d270a62f5646c45930f361c23d2e750c8d1374a5d94

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
77bfa2b6d0f3357b523912f66a2d3fda

SHA1
3d1d9dd1815fbf273bf9192181bfac55c39a2a51

SHA256
e491d17e6d41efb534ec224abc42764c4c59917fca6a48cd09fad6c01ec7d5ac

SHA512
83b398bbffb018fd9b3a058ab52b7c49e380801304422b77c2cbe18500614e8b2c7e159505f2c08d6b711f75e6930b18322208852f56d51841719978897118c4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
d94aa698224d3c806c512be368d747e3

SHA1
abb2ba77fbb3dc23298feeb96d60b0f5c67d4b94

SHA256
bb7ba5f7ba5762a5664ab18c3bb4863d9ff118cb6c6ca4e515056983014e0a32

SHA512
4309c3e8f226e832cf68e9de2c8d324023b92bde385229b54330cf113a95a124a8493b0d7e75e6e314dad6f1f49af3f827695b754b013b67fb0015de522898e9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
28aa555accaf835adfb8031bb9b9b69c

SHA1
baded71e444e155d76b11954aa859a1c657729fd

SHA256
77916e19fc970aac1f38891440604ea3311752ba17794cce99d082a5d7b3d630

SHA512
b4997e8055ffa2a8234e71d15a142e2a52e482d2bc874b1a4abde172fb86b91da47dabb2ca2ae91ee08e722315fff5c0ff6eaf20b97fb8021f4cd3c43ea4eb58

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
9671317bf2072377df40b0b0113a99ed

SHA1
3eb6295495848a2a5622a70b9b321e4a8d81f39f

SHA256
562c3d3e1e99079a61be54568fa6e2f8e616f0cfeee6863fc90ad21305398713

SHA512
0e58c6b3fc0848f83c1f4df45a205eef7927539163e0a98781d0422192c5af56c8ba35f46a289ce4746f506871c3027530e8f6897e10d2cde68d4612d2bd1813

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
fa4cda5e2fe8b69aa1a92d03e9934223

SHA1
72d69c52c24af369bfc2edd6ed11099f28375b3a

SHA256
018881290b2d1fcca6fcf7252612c317af6fc99b8f20a7d46d35fe6df8ef4509

SHA512
1953a29be80527c0d8aecbd1e7891b78dda6c23f6931b806a5ccc73942282b913abd4863547f0e28dd9183d032854ffe14f233d912810f58074bf67cd7539a73

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
ef239de90088e1d350b01f820fb6ba17

SHA1
47c157ae8f766b540398b27eb096e0a4767542dd

SHA256
4a17b86b63ec28714d1064990bd7030a091c090af8361a79ba41a83a0e569add

SHA512
f418b4826de2d79401eab395fd987fb5b0ec4b8b8ff52b0f70c168a5256e762fb4f050df6f64f037d55e3f85286aa3ee72595115259e5f03aa98956e0caf6540

Download Submit