d0d08712c9a16bafbcf63c8ead779c466a9f7b5f4ffc5a496f79cf030e6b486b

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
30-10-2024 10:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
Size

12KB
MD5

7ed2a8f26751a06acff7ab672d8ddbf7
SHA1

6eccc8b87bbc5575c3d06c1b459aa852ea073085
SHA256

d0d08712c9a16bafbcf63c8ead779c466a9f7b5f4ffc5a496f79cf030e6b486b
SHA512

b3dc7cf000378695cbb0a6b431104d8ae8329c0d4a58e872ed4b1c0939d45a7944be84645303726327b790005e7e3ff469234a8193586895c74a8187e6ff5036
SSDEEP

192:Vu1/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMEmIKZTf:Vu1ebFNw4Pk1itKkpAjjI2YpdmEmIKZ

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2198) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sWf60P7W7JWZot7.exe"	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Path_Syntax.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_WS-Management_Cmdlets.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Quoting_Rules.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnsh002.inf_amd64_neutral_42b7a64f45c7554c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_If.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpsion.inf_amd64_neutral_6e65ea91a16f922a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Comparison_Operators.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Assignment_Operators.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr006.inf_amd64_neutral_40c76453575b1208\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmlucnt.inf_amd64_neutral_642a5ab3f2a1ae20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnnr004.inf_amd64_neutral_3319ff2548f89fd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wdma_usb.inf_amd64_neutral_7bb325bca8ea1218\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Return.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmc288.inf_amd64_neutral_c4a901dab689ad79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr009.inf_amd64_neutral_fd2ac5b9c40bd465\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_jobs.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wialx006.inf_amd64_neutral_ae607a72b46f9cfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Arithmetic_Operators.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_neutral_d9eee378245b3b8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Core_Commands.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Windows_PowerShell_2.0.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmntt1.inf_amd64_neutral_ecf5cff2236b273a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdcm6.inf_amd64_neutral_b1db427ce3d2a1b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_environment_variables.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_FAQ.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\hr-HR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0804\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IasServer-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Reserved_Words.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Session_Configurations.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Special_Characters.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmiodat.inf_amd64_neutral_839e9ee1a8736613\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\zh-HK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph6xib64c0.inf_amd64_neutral_a43df8f7441e1c61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_prompts.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_debuggers.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_PSSnapins.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\manifeststore\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-DHCPServerMigPlugin-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnso002.inf_amd64_neutral_c3b7ce4e6f71641f\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_eventlogs.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_amd64_neutral_9fe8503f82ce60fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnts003.inf_amd64_neutral_33a68664c7e7ae4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiaky002.inf_amd64_neutral_b898f5982403f3cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

Processes:

7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01740_.GIF	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR48F.GIF	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Hearts\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\DefaultID.pdf	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01750_.GIF	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Solitaire\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Chess\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sw\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\logo.png	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile16.png	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21342_.GIF	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_settings.png	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_snow.png	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR12F.GIF	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\THMBNAIL.PNG	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_spellcheck.gif	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_120.jpg	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\settings.html	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new.png	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_right.png	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\NEWS.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099167.JPG	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_left.png	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AppConfigurationInternal.zip	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\picturePuzzle.html	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\10.png	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\PROOF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_left_over.gif	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_few-showers.png	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_rainy.png	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382930.JPG	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR33F.GIF	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\EmbeddedView.jpg	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\winsxs\amd64_bthpan.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e8849fc7d7c046e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mfvdsp_31bf3856ad364e35_6.1.7600.16385_none_55b1951c6b1ef505\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.1.7600.16385_none_00ea0373d94333a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..duled-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_020bf59234fd9577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_Variables.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..essionale.resources_31bf3856ad364e35_6.1.7601.17514_en-us_19fef411813ba5c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..vider-dll.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2c9b21077d55e984\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-twext.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_58838f97071f9f01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_srpuxnativesnapin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f31eeab6051142c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..tvratings.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8358aa274f88ac93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..ingengine.resources_31bf3856ad364e35_6.1.7600.16385_en-us_812027f5d695ec84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_Parsing.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_Windows_PowerShell_2.0.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-feedsbs.resources_31bf3856ad364e35_11.2.9600.16428_en-us_2ad101a9ed448e7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-printing-fdprint_31bf3856ad364e35_6.1.7600.16385_none_b425025e9ef3d84c\superbar.png	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-peerdist.resources_31bf3856ad364e35_6.1.7600.16385_es-es_76d9b9f1825db588\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx35linq-system.web.entity_31bf3856ad364e35_6.1.7601.17514_none_3735edbaf131e268\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-addremoveprograms-adm_31bf3856ad364e35_6.1.7600.16385_none_a053d741312f3b44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ification.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9ce636e7f89cd174\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..torclient.resources_31bf3856ad364e35_6.1.7601.17514_it-it_296f911f1e250dc0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\404-7.htm	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_fr-fr_b2f26ecb36a2bcea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..l-starter.resources_31bf3856ad364e35_6.1.7600.16385_es-es_23d46ac3206800e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_kscaptur.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_382a36637ed613d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..tyle-resizingpanels_31bf3856ad364e35_6.1.7600.16385_none_bc51073aee3391ed\NavigationRight_SelectionSubpicture.png	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ting-separatorpages_31bf3856ad364e35_6.1.7600.16385_none_4dea3646cdc94f6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-cpfilters.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_272a26eb3951ec93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wiaxx002.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_586bb999e79bb340\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-peertopeeradmin_31bf3856ad364e35_6.1.7600.16385_none_471fc05f313ae61d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-takeown.resources_31bf3856ad364e35_6.1.7600.16385_it-it_42b96c721c6c0b2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-v..re-codecs.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f9bd65442cd15213\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-dui70.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b8ad3df5d5fd57a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pl-pl_57651e9fc65047a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx35linq-microsoft.build.framework_31bf3856ad364e35_3.5.7600.16385_none_3e476b319efb3987\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rasmm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f63bf414d7eedbbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-x..lugin-mui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5446f1f0d0fc77b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnrc00b.inf_31bf3856ad364e35_6.1.7600.16385_none_3a88c62811ffe8cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_umpass.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c80aa46b8a271aa4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-dpapi-keys.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e88e719a875d9336\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-setup.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_f6ad2c5a1e5c2357\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-azman.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b40eb32fbeb18f10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_ro-ro_8fe226220f8cbade\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\(120DPI)notConnectedStateIcon.png	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..extension.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6d032548eb34bd97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_sonicmceburnengine_31bf3856ad364e35_6.1.7600.16385_none_ebb34a71240ecedd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_functions_advanced_parameters.help.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5810c0c2d427085b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l2na_31bf3856ad364e35_6.1.7600.16385_none_aa9a36e47b608e1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\naphlpr\3905ee11acabb6d202a69b8bfa3c91a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8dd8c4f40dc38dd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_7.5.7601.17514_en-us_860088418894b80d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000419_31bf3856ad364e35_6.1.7600.16385_none_46c3389a7ba0fe0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-shlwapi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_afc46a483dba13d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..n-shvhost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b8244aa1d4316c1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-time-tool.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7d0d9650dd11f925\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\inf\aspnet_state\000E\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574c7d41010b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_box_right.png	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_black_few-showers.png	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..torclient.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_3f479ad846f32842\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\circleround_glass.png	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wwanui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9aa1077d817ff4c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-ftpsvc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d250db6576e90c00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MGXHZYNXAVKTJUL\shell\open\command	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MGXHZYNXAVKTJUL\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sWf60P7W7JWZot7.exe"	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MGXHZYNXAVKTJUL\shell\open	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "MGXHZYNXAVKTJUL"	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MGXHZYNXAVKTJUL	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MGXHZYNXAVKTJUL\ = "CRYPTED!"	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MGXHZYNXAVKTJUL\DefaultIcon	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MGXHZYNXAVKTJUL\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sWf60P7W7JWZot7.exe,0"	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MGXHZYNXAVKTJUL\shell	7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
280B

MD5
c3f458d9082cafde60db914991db0e75

SHA1
9fe93235e580b3b83e30aa38a41c89ba6010bb6f

SHA256
1692bcf4e7a1235b8d6d2c8f6d820bd2efd8d95e47a4a1d636cc62f126dc47dc

SHA512
5681d564f57eb4831ba1dec21676f48f57699e003e216300380dd1a997b08ac3a756525b2c509c95c129497c6a8be3ab96281172fa73b5d9318dd69844b89d79

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
4abc72dee969e07450ec2711b5649560

SHA1
3e354b0ee663e6b0ea62b76a9da8491d5a2c0f03

SHA256
68d4ce9f75e0f70deff8483d03585d1c0709db6f3f9a4dbf33a9a220d1380a1f

SHA512
4c0a97c4f93381c87b2878d01e9fe8e250996d8aa51ce94cd059cda4357bc4efb0c73233ba6db4642477d5f5b303b0e35b069ce9ab0b8eeb15fd74cf8479186d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
3daf577c234e027398fbd087b0f473a0

SHA1
2a24c1f0ef17b702dd418c1623bb62acc1b32eea

SHA256
b335be01894045bdcbccbd674f3f410585ad8218bf448250af77a75eab0dfcef

SHA512
953a7064587a6b035ddde503b75248eb72b59b71accc23d37cbffe28e2e10e256b7a7bc7fe01d715f78334e475e0315006f8a323b66fedfe461b8b1085a72e51

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
78d37c1f1e3bd686b5dfd420f26e8ff8

SHA1
41f080462c90f427a376babf93cd3f38ebaee6d0

SHA256
19c5bb33ed6f913c33ad49a75bd07eb79710c3b3bfab33648f5c41b03697a52d

SHA512
844dc84b379f71e6b19190958ed12e081a30136e25d15bcc1e659e9c9ea1d8cdff835ff0c10c9fc9931a95f1d34a52dc7d7e52168cbee31ccf06693439008230

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
4d14ec1bd9c751eb3063ad7cf89bf389

SHA1
7a2491cb9abdde719b4309bd11af8d5a476f5c46

SHA256
7587661c61ad867695ce7dea26f387e61129a91c2eff3c688dffbf43fc12c535

SHA512
b119800aa1d58bf9469f5fb76238fac7bbbd0c661395d3a96700b828f548fb1c7f7d3721c4100f6ca674bfada6ac4f330e903e2f2f45ee5ce808f5c403067db7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
2eccf5982d2684dc5d3c4cd18b32c086

SHA1
baae53132e934f65508cec217eb26142923d4845

SHA256
e03187b262d28076283d024710149b96c6f4d07b58daf9ef58ff893760845d55

SHA512
cd4540f8354b017a1fad73524401974ab6639396330ed6e21094cddf4e0d5f66d4a720f34d913d3e9f2a3ec835fa83f86681d6532c9ef1909687795eb97bbe00

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
713b1ee34b0386195fb19310e9bb08e9

SHA1
91dd863232af8249977d9f01cf049aaa32922dd7

SHA256
f1d1bca301da7f545e193e680eaaaccdd1ac6a719f64a50dd254edb9a5a2add0

SHA512
dc634b057da9558c2306a6d36a043c15984f898fd33818604fcd31b9c8243e09c818cdfc0ac21b1670cbda1dca4e474cfefd01bcd6ba6201409720256b4da933

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
0fcf9388619e997955a9ba40f7e7b655

SHA1
788333832fab7acd437ce93421ffe12eeedd7c10

SHA256
b7d3e98774ae2e995db32d26765f4043ef52b083da5b44c3babf64662f58fe5f

SHA512
65c1ef2acc1891186560f81afcc9c92973a7ae970cc9b1f35987302e30c670848313144da7484a89a20a4fb833f160baa7deabe1ea39946e135385ab720330d4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
f78cf0b127fbca0d5808c4c9f8d5b1a8

SHA1
defbb99d1fa37fe2247c3a9545555e65d2986bba

SHA256
fa472f3e222e953faab7ebdc785d4604a75d08ad11b26c2fb0c9c1266d3417f9

SHA512
7c01650f429821406abc6ff5096335b3030b3aa1e5255e17617a36cab36f9e3f5ad2f6a54f9df0fd533ed774f014fe26579b0dffe7732272735656db405c1441

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
8bd58c0fbdaae9dfa4a2141c6e19a7df

SHA1
5f346e2258ce68b00f571619fad39c1ab95f2ce1

SHA256
09211e335aa0c097e294d693baca5319c87321e4b4181dda007197fa61d53c69

SHA512
5ec1d0a70efaab331cc9831d2651f79449c51e32f57d9ed8fc893d35f35429d1d1b0f8cb03e831b135621c39fcd67cb7d2fe43dd6d099bd4f7cecaf7d3d05886

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
790785f2638306fcc79de6ae174f175e

SHA1
cfe6d0937e78b4a56949aa9ad3a6303f29390020

SHA256
ee57add597c240a22e44c4f0e018e30373974b929f3f1e2753f8ec6bc866a332

SHA512
29558877105fa8e42549d53e56b2d78d6f3a2003b87b2b37bd430ce7cd0fc9de32fd7b5f8f035bd3bbf514192c9e637694952674a70d03600ce6a6c81b993833

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
5cfd122e365d002ad8762440eba2c9e6

SHA1
885814c322ddc1e318243ae9570c7419a54428c9

SHA256
68e7b38a3dc6de6ca04dde4f96ae6d3431860dd51e5b2528f054e3fbbb5dcc17

SHA512
967db88dac739b3b0788d24b8beaf1e0231b2f73116dae72e60159f2e10e3e61fcc4662b3125689a097856cf6d9364af885785d74afd147c8a6496d7d941c48a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
1812b4d1ba1c6aa8da8056e65baa7529

SHA1
29bcde447eff3e7567ee29a49a4a855a068d42ce

SHA256
a72d229d3174825a168284ea4a396bed3ab369cdfc79f57c64ea4a41e4ebd93c

SHA512
df5e032d2026cb257dde56f1e4644c3913e956d82c672214f048284fae1989ba426f7dabdb240e0a3fbd6208bc51d1c6694288b28c65cedd86afcecbce6f4dc5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
17b2a8d7947616b4c84e03a618948227

SHA1
2933334be0635fa7095d1a0619ae6c56cfabb73e

SHA256
aa9706fbf1478d85f081a84bbc73aa84ea30f83babc069046fee5d66a8100d9c

SHA512
3c806633401364743136f53b531bf23ea41b4e7c49f2ad9f85015daa475e7a545ed44e93366ec0b62a661374901ab438aaeda86536a0483439732586dd81a0b3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
f2584537b5790c2bd280ffc636f47f4e

SHA1
e4432eddcacfd59354695256ae9193062a08ff11

SHA256
de9143979594af8d7f2fb7062c149c25255b77acbbe98f1000e523bf273d364c

SHA512
41e0b2bc70067a343e552fe82498c66279e7994f91265f4dfae98d0fc0f668228a75b6ccb99091e0572b99223b78da0489942b186b943ef165a8bac624281bb5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
5288e22694e13927a2c3be257c1a9f34

SHA1
153c3eee896d96d5ef0cedcd1e6893f5e8fae9cf

SHA256
867db4d2b07439822fa0f348d54442451c11f50d741db5c59541d94d9ee8f1f8

SHA512
baeca0f550fe825ce6c248696aededff527000ba368fea0fa8f2b02674d9324f8625483c2f3d42e2970cbcda45cd1bd1afda620ff891b09d98b08b2b4fd63ae2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
e3e11b68992ee4c266d16864fff36272

SHA1
b6bf85be3b0f7e06672fddf0e33aed04ade878ca

SHA256
c9d5a231c92e8ce0ff5a989c07e97fd1c6ee1a01d828b741ea1459192b05c3cc

SHA512
0351682ecc75f877bd03c18d756bc542ffbd944544b204c8f8f072113275df5d214907639463653152d82be40f2ff34ea9bbe4553959202d4eac1927256cab44

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
a5dd66c593e5f658a221dc55f9f813f4

SHA1
85b29ff63650643584e157c73370ef28dab4f84d

SHA256
1c82b05260e8926facd9060b0d3493a051d16a1e795aa035b7e057d7023caaf8

SHA512
14b575d41e1dc255adb323a06626994f6ae94500b033ee76cef9e9f23b90a7ded64fe7dcfc8b0a62c5128f11bb19d38bd6c0846c0740bd347a41df1a67c1d4a3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
4c35438568b5334290fc6e645ff8948c

SHA1
25c4cdf76e76fe07ad80a69b687d83a4c20a5ecd

SHA256
dd47a34f487a36db638febe70c75691b3ad38f18a1cf183f179f2874f8f391eb

SHA512
b513dd24cccc1d76f901f4dac4509b85c85508c1cf1730f902102e389fb766e3e3b011dee43cfaac444f2b0abee0c07f2bacff5d48188793b0cc2eb578920a3d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
5a9c12947857f697d07e9b607b5ce3f2

SHA1
78d9d60a56197e615b5b587f07d38446da47002c

SHA256
2079d1307e7f8c0e59cca4fa51cb33cf821afc0ade724a5a5e357297c619b7f6

SHA512
e5dcfd2525e55fe33622a8a14d10d4432303e26dbb5564fb0b273807b73eedccf22390def027c07d27e6727b8dc0c4cb1afb556d54f64afd4fd3d1c854c19610

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
a85de44bfe26590b44ca801b7041fe1b

SHA1
68dbcfec93561ea5c4aa16d67d3613dd8f018b9b

SHA256
7f0e645e797e7085de0bd36b797993b4b3b2957048e18afc9039bf9a0ec9afa7

SHA512
1449d19bd3161aab97fa09666bdf7c7dda95456415b5782b0e205704a5b46bca4d532563e17a8af02f64d702407ea444dc32cdf482e8ab9bd84483f55f50c694

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
caaf819615e9c4d97bc039b876dfe881

SHA1
887eafac38486ab4eefc6e82a3a81ddcab9fd68a

SHA256
4d4ba2fbd2c757c096174158a284a7af6c84ae796db3bd985a1b7fac67acb172

SHA512
e16ddc9c4948a5bc01e0cdb76f82ff8768e216a609a22aa4dddd650aa5ecaa1ca3650fab7f9bb7fa763231e194a79e23f2715995d956318dab14ac5aa5a2d1a4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
12128c5af55e8081fc78ee59d85735ee

SHA1
9ffb22e94f547ab7476015a1d833a01a449eff68

SHA256
593bb4a8537f8ab41617b61b107428fe8f6f1da0d1f7663d29a93e5fe4a1f309

SHA512
15c9cfbd71ed0b173e9a2cb6bb2140105db425604782b2ab5568b9cdb84e1aaeb7550141ab6951c607a880d2af9ffa806714792adc7c3edee276ee399c3a0ddc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
8477b2a5e03e28b22a42aa2115154bc3

SHA1
640b0c1495a9df08a18af3fedb8912f4b1051ce2

SHA256
afc1b9df68e2e02f5a1d6749bf005a394532516341b69c2c9356c4e23c6ff8c1

SHA512
83fc662835000a01f6d2c28333d48f357c844b424cd2ec753049be3ad7ed5384170ee3d696e2e06a9e8701f5ac05a45cf7f161d6f1ed475b6ac6faa7294b4153

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
86e5cb2172ee1b7211ee67c4c668af22

SHA1
b093af0b280ad322594a4e590e02b795ed85f68b

SHA256
133766e4af6d723ec6c47bab759b2ec4d5c96ef06100e986208fae4d1476f7a6

SHA512
8d4d52189444442f3c5c01168ded2fb62de3f759a78d6dfaae19ed56e0fc9a1c40822e2fd6994862227116d0294452dcca2114beb3b6bf99c2e100105f088789

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
a2ef68eeac00a0bdd5f57ebcf118c9e8

SHA1
c7cdcb1a08aaef601e76c19cf8afb9f29cf1f4a0

SHA256
da6af3cc0458d21092735b9101d9a4829df01567ea630a00cb59aacedb36cffb

SHA512
62714a03ca89d28b82e4feb480c3d3f444488f69200db44f4d62e0fbc096afd4ca2c082da4db7346644ed7710389e8aafbedc5c7ad5ce73a2db11eb295f3b5d1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
bfb3dac36c07011f616d8132f09283ab

SHA1
31afcae250c18ec1e71e621a15b4919e5f44793e

SHA256
b29b8c19a91d151136668f42822ff6f01c9f897b56c4ced864ba6dcd0a6b437c

SHA512
939f5d1cd4b7d7290c8b932dd006e3e051fa94370e673d21a3466260e2429441bed15ad73593865d30daa3caafa36a8c0a7f66a895bf7734b1be67bf97587145

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
89104b6857de6cebb6e766d0868b6747

SHA1
892a3546ad08eed815a57c831c6de796031465e8

SHA256
1c853e99f75b497d4ee94e667a273030849a09118ae6d1f2bd86745543d4772b

SHA512
71cad439dd26a0f098cdd3eea3d1bd33e8dd7d98b85a56382dadfe38738ad201d4f5156e4be55029f56d7b5a6ba91ed77e5743eab87a3fcfc3c22767f6ef75bc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
994c7ef057b4d6526c9d6c19af5d65e3

SHA1
bda10aeabb5632287f7787d8150185d5c0c8d094

SHA256
c0e48440cd37f55a232913def64bd1295c61884444bf49f30c77585e21d7802e

SHA512
2ed765ac61c1c882e5ed41a210c5ed0febe49b107420106b58d2264cd523dd04f996fd6e4036567a8bd1955e7a7b642c104b96bb7150da8fae67fe9785c589e1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
5f3bfadf6729547d89a1350547478231

SHA1
757196045a3905cd0bb835f04f82956716a8bd0c

SHA256
989181e461ceeaa26178fb9290197a66643b1c867103719169e5aef4ec788490

SHA512
55ca7e654319f9fa08b2e8d7b261ba7f3bb038475bb8b8fafc484f019358d6cf5cf2bd512d05007ea550f59d34c7b31ab1b70a51780da1cf4052e13ca446366f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
988567036d42e4991d522daa620a5320

SHA1
42f17e4146831f7c3eaec9fa183d71a6757e24ff

SHA256
94843c24eb8be8d59c86fa3270698ef5a6ea31a3c313ee40fd8e82608503ea12

SHA512
202ed975d3701860f7199330521be54412aebf77a0f34655afaf64d361751f535a2def34f61c3dd5b4b78a61bff245f0d6d14171266716ce19a1d7abbc446962

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
a08399a5913bf80fe141e927aefc712c

SHA1
53f25ef24e821f9ab155fce2a51fb8d7510a9d16

SHA256
ea8b0bef1e7c3a250184482bdef451a6e410fe1c5989b8eea620bf8fd74b533d

SHA512
8977f2815e48200cf76eb104788bcbb8dd4c41013eba13e8919f68f13350934316e81b7a365f54c05648124bf38095bb8adabeebdc50d7784826fddbff94ce6e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
50c7fbc1a92aab2ff5de47862d8bc0f8

SHA1
59c5c4c9ee9f0e5b16d6ab9409ce91e498682d4a

SHA256
a6f1213d3a6f89dd9eebdec5abb2fd1d71eca822ecf4766e6d40d47dbbb2d521

SHA512
61c7477836236d0b3534e2fe932a8db49a2b251e7b75742d2d21c1156f4a3373715124b67c780bd23509311d35d08e59b85a33efcceaaafb7a0740e6efb302d6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
612abb6643caf2a2068428c7583b09c2

SHA1
612430444579debc7f2a1ed3d3d94dba774020a1

SHA256
8d7fcfa238af87997fb9f2b3bd1008649f0e942fa8074222024cf7e6324cf6c1

SHA512
5056cf321d3bf6a20698851fe31c338a126ea635ea001f90107d6acf88f0b4086db483f74513b2ce9b3bc4f8eb954212a2ded3bc0d19beecd1ab339204b21d1c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
8854f799475fcc26642b5103f73e027e

SHA1
964ce3bc69a8cd1b93137a58c21d7c93a98236a0

SHA256
dde0c08c8b745cec4fe845db1d250acaa2c8f073325a6e592af4ad44fecc94b1

SHA512
0395a2c478fef7dde881e6599444e94dc8dcd25601ace8766c74335a79521981cca74701793aedb49cf4ac2557b7bbfb1436021dcd5a91c783e99a7fd6106f4c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
50024c4516785bd880179f645c54aa06

SHA1
f3d96767591e9fcce2b6e7928a037d1c5469c57b

SHA256
34d0e1dab71609428c1d26bd075b3942648a725d79d37dec9b2880d169ada131

SHA512
256a0ea2b83d6b908976a43992ad9f28aa2bc8f73c07e4ce0bc18dba94fe942da83729d8d5016fc516337bc5e4ad0f865fe62432bf5286984727e97586fc0f0c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
f595d9f455ff0d0d02064626dfb61fec

SHA1
8cbe1971026f2efeaef9afbae3bb673cfd0ee019

SHA256
f97fc69a7bdb2d1f08808b39cc09ea2dc024358f3a6077a670daa1a017ea21a2

SHA512
ec173b923e53bb43550034abd0373cac9901961b426cb3f0f6dd9e6d02612b81d91792057ced622b51693fa6a0d17280d5925c4dfbfdcaa1fe8d130639ba8bc6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
96e5b2c6c62e1b99974ef777dd840e52

SHA1
e448c557190a99b7707379249ce9a2345ec19a22

SHA256
70bd2c98502478dc00d2806e454a436a8fdbc8e8e0b66aef6b515f2dfddd1052

SHA512
ac5619ef0da25378ac8b847fbba987ecd293d3e32707853b4f654f971248d2ca1ea4478915c4bea9f1a2e61262b64cda63febc9ea2d650f39907de28d2a226c6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
bb98848a9b402ed85ea6d97427465f46

SHA1
acae9c9e6b8e7cd87331bed5817223a5ca830ee5

SHA256
01f8bcbcfab4cdc7512201259378c89bce408e6e2fcd122e9804c512dfc13ef9

SHA512
fd07479dc646fc814cf7e58854a948116cf034920624c8fdaad211a1dc9c3348aa1194d892417a72ebfa6ac20900433d9aa07f3aa499666515f06ca234555e58

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
c6cf5d0cd7e477a72a417bd7b4a5201e

SHA1
65ffdc34b070d738eb05efda76a2d613c285639f

SHA256
8c2cfb8e67e5ed219be22d31519c7d81a2b3d60c740ea62f140d57d32adf3d02

SHA512
0f85161f9a37248864cdadedd959375ababccb468c3b14a7227e7b90f1981ba832e107fdd02ab290f7d2e159dc92939ff159458182bc2e6b2c015ced06d63a93

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
2c25c626c8e22d3b1b2aaa8c2246c363

SHA1
cde3e6893665ab1874d79ef5291961c1259f4b0c

SHA256
8ed71004004de08278a288890288bfbac3f0ea350cbf96ed352c33f165807eb9

SHA512
797354f841e48377e2707f2cb8cca3fc428c6542ec061715e55cbca913dd5d13f830c82311f404138488dabc771366a160781f8ede25af15fe605a3297c4ea2b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
ed656624ca691c8d78dd886c065d17c8

SHA1
6fedeb4db6a2a855f232b281312064f3b03a451c

SHA256
a37c81df2534cf5e57aa42fb954f3873bd3daec7d21a5dbdf943ee517cfa91c9

SHA512
4ccd68487c22028544e40933ce0bf618e905b4bd2130ebe5bb25a16d9dafdf0c08a13d2f6975b3ad0721cfb1bd92ae314c763aeb343dbdd2e6478050f8e1a174

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
0b94cb36fa701b87bff033296d27071e

SHA1
cab46a42682efa4eb065c7fcab14db298d931c28

SHA256
f5c19dca4c31165e3110348ee405cc2675e225a8cab4d83af5485c38863685e7

SHA512
417a08fbcc880af425fd2ac99e1506882e1803e6852b4af70f8c8508205dc16d6d97c21a700a9e9d1d3df05b00a83f2dce41338cfd59c820a4457deec8bd1258

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
fc41e2b36ff040872bdf64b4705d4bed

SHA1
81290d45a2efa231a0a0b7f4c22346442fb5dde7

SHA256
ff488fae9035030de77f7b885aac03e2d07a6743431b0d4c0ed402888a64c67e

SHA512
78a932279a579ec9e8995c2c5fb591e378ceb89e7175011df80d4f1855936d1e3b1c151d6d5675e2e8588e60babb26303eea62a2d33a66f17900b0ff5d3cccee

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
083bc1c48121096338295e91bdf247f5

SHA1
2330e27c36ce0551fba83a5046388a51ae9a2a26

SHA256
2eaf628e89685021d14dc933307d9b9531c44710fc66676bf97bd127d343d9dc

SHA512
e900f3aa09d675965c7ac88fdcbd2eaf85a8ec5868ecf14d05e9e1e2360f66dbb517e9e4e6aee92bd8f479e32a2b5767b3d24760c578fb4c5c9cdef2529d2ec0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
a1e5a44de0ac3130ed07089c184b1479

SHA1
0fc70584cf4995922cb829e181c506e7d9aa6087

SHA256
777c45b4f800f566d78caac2ceaaf38d4497559016f8febe2112bc0ba9e2d174

SHA512
89f03a36767320c48d6a620f2a78ef45a7b2a2d018b6b1469d0099ffd6262236e0052982f23008bfb86cd79b58cf622531c0ca0bf394166f2d49c182551e2d02

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
3ce9747bb1427d5eb2a56ce83c50f013

SHA1
cccf978a2de347a2641add432821eab490f6fd0f

SHA256
56d529512377779c9a8dd5e31cddc633c8b16045f04cfc29b8dc1402f1da8571

SHA512
aa6586bf97f990111297542460791be0d4f0e080019089d3895c9bd48a66a88ffdeb5576886e881de1511bf489b4daf67ba61eb60dd326e35fd16db895dbacd0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
2107b0e6360f02e7d03ab0550f9f4476

SHA1
c04e2ab92de009325793d0b2d2df3b535983c0c7

SHA256
ee513248d1db4c0227780013c1f44e32a44208deed48c9c8843bc1a6b5f19e50

SHA512
a4ec0dfbe6afdd3522f6397a10081bd56e0273cbc773ef79ebaaa3fbb7a69d8e0db2d3ba537eef9b143d326e62830bd614286a2f1fcc83305158fe4b1dc4f3d8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
ed8146497be02b871684a4cc783fa6d3

SHA1
4b42694597e665167fa07036409c1018fe3e00d1

SHA256
5901d3d3f8ed2b25f46aaff4a8715389ff79e925861ab8e9fd5cf67a58a0f881

SHA512
2028eb2fb8e3d56f93cf726166e3c8dee69c88e0a012dceb702a283efa80d87e917fe6161dc8986870fb4344f438e14a2ae81721f128e60dd5fe8aa3c1a85e30

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
b564ad5edbf0d68e46e98b9ef39c27cc

SHA1
07245e898f4369ded02239f73375848d05bb8b15

SHA256
e473878e6ec7a4a907ed23564afca2067acf83ed30ac06da0d99f02c46a55871

SHA512
59f515d9c5d1689b91a41b4d858a89e644c7612930d5bad8c529374c8d28ac32cf0a4ebff8b5d06f7b75ee66afbeaeca76b3bcbf8eaf6a9315defa4be64ff60f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
df8e82b7ccd4d80e0da8d56eaf2863af

SHA1
46409fdf6897198c9530adf37ad4f272c7b0e8d7

SHA256
f928affd6c2a4a2578c8945408f15760c2a9485419988dbc62352bc599940408

SHA512
42a0742daa3c806495594f01099b5382d15dac5683ed6eb1ceacfa4ddd5e56ea84f45fe2a6860377062b1ba75dc8fbfd35dddcfdd942f0599b72d30e2fe70cf4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
a16d6ae8317de5327b5da8b3072ec130

SHA1
612b0b26fa25f2abf44b40908b3117c0e5eb02ca

SHA256
48072a7cb1db5cb02f436e1a7982648af11e78ea000487aca2318f9ee8433e48

SHA512
fd738e3894688d1c2e1a58e351c3ded0efac19ff6296e6bcefc96d193bf8ed068be567b52762b29df68512c2f6b9915405f260f8a04b8289cb0730491f08fc26

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
3883cf45723e430a3ed8c97611180793

SHA1
58dafc7a2f292934f0b148fefcf84fc98c4a7cf6

SHA256
467e034bd38fc8a99a291b8cbc394d592e9d245f151345eb986fe3c3137ecbfb

SHA512
2d86126722f3beabd5f401e68c8225765c8f13673de502d52340f0ce8b3cb59258026611e5cf6a0da9cdbeb75df96f4987af06622d4024b8424460c84b47adef

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
b603591e96f9c9785aeb0b6a3c9b35d1

SHA1
0891cd1888ca4b6f9a50d5830d1d266d3607cccb

SHA256
44ffe38887da9106c7d412bdcea9c049609ec1a5063dc13a4ca300fdbc04ac78

SHA512
52dfd93e83da4c8c33060b0d44f44324c44da37483180aea82312596a36e49ef3f346aab090df218a6b8e683cfc2966f50b6e48984989f0d60e9d455f5030434

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
276f3dad4728025cab6451d542030b8c

SHA1
162be31503517f03dc69e5e98607edac0d62f2c6

SHA256
aa102cb61836c0d1ebb72e5758756aec2400d40139a1092ff5e7c7c82267f338

SHA512
cc15f39aee9a53800fe7ccc86eac55ae6e96433fdb3869a2f0a0256e416c7aa91273ad0bf9a53ef760dcb7ba57286b14b593c6859756c0912a3cd35f12459570

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
ebe180d23e0f5d72aa627528b97f8c52

SHA1
d88de66d2c518dd4dfaef0a33b204411fddede98

SHA256
afc06107f7a85b3a6f86ab5574fc710b264001777713f3441edae859989d8de7

SHA512
fe6a1763b5760144fd36ef84c3367f3881de406782457df7dcbd62c23e30d10a8370831d5ec2fd5c06d485f2fde2ff09efca7c5c473316fa27b8a7bccb5a93ca

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
aa926e7b08757b84c0e6a02c66e9e119

SHA1
b8e86fe561a12669c720fcf82d0c21403359b55f

SHA256
8be288355207927655182c4d41b6f10d75781c82f1a7699218f6fed1addc8c8c

SHA512
c1c68e9950e6027adfc81217fc03b781d5b3993bd05d41255b371cca0199f4196e12a7cb3bcacc340010b454ddfdc8e8a3061b982effacb65fbf2e01e722da6b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
42cc88792e966fd051cc129d95f6727b

SHA1
55dca18241b82ae87b73886ec2fcbca187f83ee2

SHA256
12892bf75dee208f195fdfac96e2d892ce75627cd7d804f8590c9b48d90ce416

SHA512
4b9a4aa11fef46dd489bccd2dcd398e31d34850cdb465d4f5de42498b06055df1d47d562c68858a3eb3371023f6ff585ba232a0e91130d02184880812c2170d0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
ab44d0ae452881a832c569a0891b210d

SHA1
07ad02c9a9671525546614a021786d54ffc41a23

SHA256
5dca7382a99b513c952fb418b4b4ba97a345a3e2b374bb43f70f942e3a2d5e4f

SHA512
e1144feb47b9e9352ada7ccad2b511c1483ee225b30fecefefb6d7cf1d834e0826e1891e169c36b5335011c2f2272cf8722165bd0afa54387444dc0106ee040d

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
bbf1fe5ea7a01ad7db87babf2190fa78

SHA1
fb3825c8a971ca033e458faec1627b3bacb51ba6

SHA256
2492a3aae74c905551891043084a82591745a28c2066d842fe66dbc813154191

SHA512
1c04520688e6bd4dbc1bdddd058d849bf9159b90bf38104662a1c75b663daf38c41579fb8fcab6c1ecfaaf6af58094204dbb61f6087fccbe9589ff1793ae3111

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
9f14b5b3dc7cb396fc735a30180b613f

SHA1
caa4c3464a064733cd13ca2a0cb0a3387594bc6a

SHA256
5710c275563d304c1ebabc019cf4887827c099f4b62b52923eee5b0954853de4

SHA512
10b7d3eadd926161a98368b8c2f2442426bdd924521a4c1f4ab923e4bc2ecb4a4e085e2544418b9f2700061f2a112324fa62f908ec2b57ea1212752b37e7596c

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
a34d039ee5b1c8a1effc01a709492463

SHA1
7de889f02091cb46b3c2ad6e0076395849b930d0

SHA256
a6da41b5a78b6a9d3a562ca4413e1773d0d4b05be7634a5fd840a57e1db0f3ba

SHA512
86ac5e9e4e82481cd3c0ba945b1b55444759f12868de5d1040611c17f1205af3125ce3abddec17ea0a86f989bf764fe8f16269b03583e71837c2fcf74a5b2840

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
215c40eb7d4232456951dc8224655e82

SHA1
9853fe74b9056aa927ed3529481a4725db82b99b

SHA256
91db728516393f4a459c8ff04fa7ec2775ad97492d8889bca2d2526fe7fd8053

SHA512
465f27bb07864ffe435a97147828e7bcc4a09bc5208eda33410e1248fda712bb302106297fe81286e279b92b9b780780f8c8731c1957b6dcee3bad158f47b848

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
dfbf3bd35548a94d8ba41c9b0f42772c

SHA1
9350eb729c3b93a2f3daac58ab790c0563e7b374

SHA256
3db4f3119a325c3cd98366b69e543ff8785ad99c907ffa95a3c57afda976eef1

SHA512
3f24b0c51913d4f554585ca96e2a0d19ce9a42dee7a851b2951463678de022e0d5a4e946fd75ce29f5f75e9f334ca21b9f31061cf16e1de0684988071db70844

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
5bc6e1576f3dc931a04fcbf1c56b23c2

SHA1
2803d6d974f7304ce7fcdc1da37f0287c5048d32

SHA256
f48b5a8735cddef55b70ab476e4801481f4a5cbbbd77cc4d7a16968c5995dca1

SHA512
20bf90fb3ca878e52c795f0bc9aa93b45c9804ee211efe5952e80a8c6c145317d272ca4fa330395f298ab7222d42ac11718197439661ba2a2f826f4a3ead2ed7

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
b45eb52c8e61302febccdf41afd6edd3

SHA1
9d122c752105af076cc7ff0977c362dd36fe6367

SHA256
f598bb748d68255ce96c69230dd68efd44f5a94f8ebcecb9c3a6f66de8393243

SHA512
84f3f717c26f7716cb18b0d75665adb0c1f051350aea36a5c6be6f4f027b0db40f9a7f8deafccf5d1d83a3fba5c775fc2913d8ea19351aaaf8858dc4db33d07b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
750c0171fe23c6690a4b2451f1a6827b

SHA1
263b6dca532b87e904b26b068eabd16582d66e95

SHA256
a6a6ce9a782a7e388cd1620ecff51e29afc6422025d04b90c1dfd6f40c9f581f

SHA512
a2741dad54c1d94d5f6fa21ef703137f01cefeaa9a5fb28087658a9fa8402c60a204dba0a73532746ff3ef221cd268e15619b0956d62b5f2336e5f22a56151f9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
927f23c3e3005c0e3c3259528926e4be

SHA1
566e8d190d709d322be95bfe6932c291a3659336

SHA256
ad25fac4bc40215175519f245fac61cc196a2ac1643cd520659af3f4a197bbeb

SHA512
4f02262f97575d92da89cb4d1f31e855ef4376e96e608148ee06d17ba14db2a28789acf4f1f7ab488e5d385f1a6d8d17f7477db6307fc65ecc81b3b26b5ec357

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
d902e242198f7975c14c789cdf784bd1

SHA1
1a7e49a34d95ec3525b4e1be81ad9f576850612b

SHA256
4364a5aa64af1bf4cf615b1d14754e24d33212d257316151b5f7bbbe2ed26139

SHA512
6f598c0d6a8eec74b87060e6a03ae9fce511e70d0b1539cad14181fa34e8cfb3830b3ca060d0833a4354ccc99d056d4573b36bdb3d3a37376dac3dbd8e906b24

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
8c63332a24cbdb3380eef6c52a781957

SHA1
1c674c286ac68823d404072f6b86b4007aca4759

SHA256
557dae5c11a602c669c08832c16006ffa9725a07089d59c0901dde3575900b26

SHA512
f901f716d1d876731d8b9d21ed9de6db6270fa1e05e0fe9fba54baf4d29cb229be48c0495854b114b9903c67198cbc6272264a778d9b259de55d59fe0cdde247

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
b343e7e47fbd6929397cc2a34061977b

SHA1
7aa40224ae79164e78fea7f748ef9ee24a3eceee

SHA256
89fda3b4e284b0964748027b434be01633bdac6d2f2ff7e28e715de9e62b69ed

SHA512
2c3ccf74ce6ddb825bc53a2ea391a23655672fb7f119ca179a5961d549351706e755fc6209179352436c5c96a5d58decd1110bbc1abab654398dadebb511acb3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
fe246cc369e17e5f61d3f197aa440729

SHA1
3c08c6bf6fe353ed71aacf84a82ab2db29ace248

SHA256
3f02e03a42660069b1c927c485d6bfce4805ea95165892b7cc72fc30404c8796

SHA512
b2dc246e5f3d5eecda2a803758fa03278a160f51832d08fd21aa84389b9555f74bc58117056eabdc921d73a020f9e02e1511a9b6336be7a8bff95c1c9af8a178

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
3bcb4f6a7e1eef70ca6037dd2b0e9942

SHA1
8ea3bd0eb928bad0a7dcc82d2261ce832df47540

SHA256
b0ade603097613c20207984aa2fffdea134b3d9f9ae401726beb326530276835

SHA512
4697748ef99e4535d1f1de2c83731de8bedd23273a84c8bb7aff277c4475b0edb650ac5ac7076067ef5226779f6052e76335df1746686828137a33fc79f9810c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
b88bb39b8c30dcde6b3657b09b752758

SHA1
5a0e924648c6edb56bb457b2cdffc2a77693c618

SHA256
fb177a63ffdb89c078e61b16ac163540abb0ad0b5f5c3baf4a2c12daa09b2d02

SHA512
980d1614a0a1fc0c7a07764a51749df0fe76ed810a37bcdfd358106134551e2a8a9c1819cc308fad096520f5fd9dbde3f0b2adbc6869da28feed191300de70ed

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
733c7e1bf653a6828dc4fad490ea3b16

SHA1
326d8495dcee58042dae874304cce2e65709af29

SHA256
fa0f02a93fc92eff63acb6cf6cdf5e694ff93fece358c56017aa325ee5abba12

SHA512
793d30feb28568f1b36033944414bda7515186c1c71c130c68925ba59d742b9337a4f9ed33eb3de2ceb79b1766d20fed04e1a7f380804a10448fcc70495bde7a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
1dce7214fe73c3e2c03c233e65dd04ad

SHA1
6bc09e2c00b06c6fd7a1428e137faaf8054bf732

SHA256
91e4241b813a855410eb86690ad951b1f1f64a22e382b30899bceed0fbe4e1ee

SHA512
2b8b015a7a0dfc8e77791a847ec186a4f0fd37aaaef9bf1609125ef0afab2318e711310313a435a1a72e58013890136d1747df1d2bd9b6035d2d4f24649b3edb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
0512660bf82919a497143aa15bd55198

SHA1
f391aeff22e832c3faee1caf84f969ecfa0e9b34

SHA256
cf9e2da48ecc3c97a4453776db46ddaf92fab1a6019c49c8ead5ff48ab95dc95

SHA512
d44d8335cd628dbe72a56c7563a342d675f80f0a26f56a8d1c714dee5326f99952d0144d89a83e749ce60001655612aae070a2ed82dfa48e4b69d920ac0bee7f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
b4e46db065756422b0ecdacc8e261052

SHA1
1381ac0845ce8a0a1d2e47b83d0e793bc2422a5e

SHA256
75823c2ad0c11a1091090bb80a0a5855c64f86ea7842961e763dd4f78a075b46

SHA512
1f091a2516dabaac4f3ba066f7ec194e0321f85e2e93dd9d01b966949e0ca700a57ed702276a7f58bd477e34fe57c54709842a2eb86c43b3a1db7bcfe90b3e20

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
969eec058df03fd42e5e3877a4f98af3

SHA1
5f6b360304623c53cc3ee9bde939101028b7cd0c

SHA256
fc1e80727925ecdb7d20fed34d59b9b8999f7872d6928d068f2f8ebe8112d646

SHA512
202b69852cd2908d5010ed0402b60ecd6eb0bd5dfc4d48467820a0c0dbcb8d2010d3383d527784f406cf682155f0e2c71ed090ec9ce303597e923c1b59a68fa0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
f56052a1586f83c8f1940be52fe60fe5

SHA1
6f79c432e95edc1ce457681db53acd26e6f17e3f

SHA256
72d58b160a66f82836d4e69d877d054a615e4efb9e1adf1c0f2578ca29fafcc9

SHA512
d1bf57b723aae752f1379dc9d10ec9494668b0adde46bbc4307bc040aada1f56f2de49c9dc0ce445ce0f8d5a393898adf97562d315f24121a671301fea939eda

Download Submit