363475d0f90dce427656e61929a4bc6f2bfff052a003b44ecc81d2ada73c9d82

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-11-2024 13:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
Size

18KB
MD5

951d28bfa67ae87a356041ca9a46046f
SHA1

0fcc1bf1dad4fde89ab3fdc9da87bc0f7330a2fd
SHA256

363475d0f90dce427656e61929a4bc6f2bfff052a003b44ecc81d2ada73c9d82
SHA512

d0ca4004d587bd6ba640f86685896a525141b49580d977598648b1ffba43e6a5289b275f571833839e588699fb10bbf43a4b62cfcd5606f71e795a5ccd30bf7f
SSDEEP

384:iebFNw4Pk1itKkpAjjI2Ypdm/iYpVg48JrX:i0FmBkpKjPYppYuFX

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2212) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\561i1468Sx1d7Y6.exe"	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions.help.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Path_Syntax.help.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky306.inf_amd64_ja-jp_97f0de39317f6837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0019\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_WMI_Cmdlets.help.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\atiilhag.inf_amd64_neutral_0a660e899f5038a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\crcdisk.inf_amd64_neutral_d10626d1f8b423c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_neutral_14f9249844f1cf17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mstape.inf_amd64_neutral_c2bb3ef1c45cd5a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdcm5.inf_amd64_neutral_0bb09f3e5a59f3a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_History.help.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_providers.help.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_neutral_f8bdd2cbac28a8fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Reserved_Words.help.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_PSSnapins.help.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnok302.inf_amd64_ja-jp_708c81a8b0ad8846\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmbusvideo.inf_amd64_neutral_8f9a8242d3699a44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nettun.inf_amd64_neutral_bd24fb174fabec97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_neutral_9d0740f32ce81d24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmke.inf_amd64_neutral_3e4daa83122b1559\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_If.help.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Session_Configurations.help.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_troubleshooting.help.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_neutral_ea1c8215e52777a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\megasr.inf_amd64_neutral_30b367f92ca46598\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-DirectoryServices-ADAM-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sr-Latn-CS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Special_Characters.help.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmbus.inf_amd64_neutral_fca91999602b0343\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Windows_PowerShell_2.0.help.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_preference_variables.help.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00d.inf_amd64_neutral_0600b2ba575729f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Quoting_Rules.help.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_output.help.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr008.inf_amd64_neutral_2cedaac353c381da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Users.gif	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_scripts.help.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pipelines.help.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_data_sections.help.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\System32\LogFiles\AIT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

Processes:

951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe

description	ioc	process
File created	C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10301_.GIF	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Program Files\Windows Defender\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145361.JPG	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21427_.GIF	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\TAB_ON.GIF	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Stationery\1033\NOTEBOOK.JPG	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Defender\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\clock.html	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierBackground.jpg	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_pressed.png	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\PREVIEW.GIF	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_s.png	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR5B.GIF	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\OutlineToolIconImagesMask.bmp	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Stationery\1033\DADSHIRT.GIF	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0313896.JPG	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02040U.BMP	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21324_.GIF	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_s.png	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10358_.GIF	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\THMBNAIL.PNG	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR36F.GIF	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\settings.html	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files\SubmitImport.mpg	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14829_.GIF	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\HICCUP.WAV	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR48F.GIF	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\AddToViewArrow.jpg	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\cpu.html	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\README.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\winsxs\x86_microsoft-windows-p..er-client.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f33a25822fcee3ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-r..-provider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_894f17023c54260b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-acproxy.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d342f15c05a63173\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehvid.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e2bf23e2dc45491b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..ultimatee.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5f32fa59c858ea64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.backgroun..anagement.resources_31bf3856ad364e35_6.1.7600.16385_it-it_11985fe24a3d35aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a16dd65d2bfab6a019ac8a05337a5c24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..in-native.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d1d4aa4a26a25d3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_it-it_dbe061f478a504a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..r-chinesesimplified_31bf3856ad364e35_7.0.7600.16385_none_846207f778a0759c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\inf\aspnet_state\000A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7e7f3bd0c60c7e17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-imageres.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a93cd3a078fdd9e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_uiautomationprovider_31bf3856ad364e35_6.1.7600.16385_none_72238bdddb72ff19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7600.16385_none_3f3d4351a032bf57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..eady_eula.resources_31bf3856ad364e35_6.1.7600.16385_it-it_227e33fb04382aa3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.17514_none_d4a3da9f5cfc39fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_image.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_00c4b71d05225275\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_6.1.7601.17514_none_0793641fcc6ca405\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..-els-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_fcc611eff86d14dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..l-starter.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b0b3d708ea6bfcc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-logagent.resources_31bf3856ad364e35_6.1.7600.16385_es-es_82d06319ef723452\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-u..rsalcrt-apifwd-win7_31bf3856ad364e35_6.1.7601.23175_none_4e12eb8b85dd5f41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..extension.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6d0184ea2c28f513\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_851f98dba34565d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..es-hearts.resources_31bf3856ad364e35_6.1.7600.16385_it-it_75b374c7d7040099\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-setupcl_31bf3856ad364e35_6.1.7601.17514_none_b6d50b4301e77815\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-f..rant-heap.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6276425e4b0bd3be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-u..dem-voice.resources_31bf3856ad364e35_6.1.7600.16385_de-de_44de21d027258ae6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-x..ocess-mui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_dcd3b0c258470160\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_rndiscmp.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_020330d9acd0f65d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_srpuxnativesnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_acbab356ca75abf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mfc42x_31bf3856ad364e35_6.1.7601.17514_none_f51c382cb3d0d225\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220\Windows Ding.wav	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287\Documents.gif	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_d027e638f114b913\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-deskmon.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a06db0f4d325aec9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_hu-hu_cab3b172475e654c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..ion-agent.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0432f296d313ee9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-msaatext_31bf3856ad364e35_6.1.7600.16385_none_b44b4bf48b4bf73f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..bitsadmin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2ac9e265910c0883\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-errorreportingconsole_31bf3856ad364e35_6.1.7601.17514_none_b43336e6398511dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-bits-qmgrproxy_31bf3856ad364e35_6.1.7600.16385_none_5bbe17ad51338aa0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sort.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_14507056e60fab76\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1253_31bf3856ad364e35_6.1.7600.16385_none_7e8247cd23b40e54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-kerberos-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f413f2eb69b0a66b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-o..tend-apis.resources_31bf3856ad364e35_6.1.7601.17514_de-de_55195a1084f12e70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnep005.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_858ecde3cc00bac3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..ices-msrdpwebaccess_31bf3856ad364e35_6.1.7600.16385_none_e37f55fa65409972\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.workflow.componentmodel.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_dae5d518096dcf8e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-azman.resources_31bf3856ad364e35_6.1.7600.16385_en-us_118be04ccbb88709\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..-tlntsess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_898132382e2e918f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_server-help-chm.diskm_v.resources_31bf3856ad364e35_6.1.7600.16385_it-it_64141ece283c7311\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_server-help-h1s.itpro.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bc02b6df0a89f79d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_objects.help.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..homegroup.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f674612e35113616\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-playing.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2642d40f9481d427\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_environment_variables.help.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_Quoting_Rules.help.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..input-cpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_edb816beb3580baf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnbr005.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fb80a335d3ed8040\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsForm0b574481#\501c549eee2d5c10d2ba0f46aba60f47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..g-service-rpcclient_31bf3856ad364e35_6.1.7600.16385_none_3b937c56ff281e2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\561i1468Sx1d7Y6.exe,0"	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\shell	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\shell\open	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\561i1468Sx1d7Y6.exe"	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "CJOQMNSPNKPYYFS"	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\ = "CRYPTED!"	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\DefaultIcon	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\shell\open\command	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\951d28bfa67ae87a356041ca9a46046f_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
475B

MD5
45b4d228c5cac94492892fbd8809008a

SHA1
f2ca9fcbc6ad114ef98cb6ae8784bf7578625c0a

SHA256
f3de79ee3696a3abc54053cc01b339c65099251b6b07a03b46b73c9d140ecaef

SHA512
300521bb1a7f5f9ffac45aa6d73f1d2d9ca57bd8d71a291d0950af5d8035e27740f3b54b3b9870058cff4ce2d93413c59577fc11f3b1fbe31a0f321994ccdf1b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
c987c67d9f3b212d74b4a36fe69109b6

SHA1
56477c95f6c1b6b86b2531c0c5f70daaaf7aae28

SHA256
04232c6198670fc9082f9f9a628577dc60db25ea7c1501487a5edc9171db2eed

SHA512
169d2204340dbec63e3198a33a3059bead5a18d18ec709408cf0d35c238288659a1baed21fca5ccbbb3daeec1cce7c2df8ab491d8cf5b790137f3a778f104720

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
4079d751ec033c9cbd0b872ac123e778

SHA1
739c5be6e581cc91f54a1438e0e89ed976509083

SHA256
a300f981e61e66385eb31ffb6a45e970484716c330e1e57783fcbb17c0e2857e

SHA512
cb1d21e1c15867bce395b531f5ef4248697c14379ba2341f562dc46e4ce81dae5306d8f7bbfec85ef767dd43b138304b074b6cfe9a5b7338a2a19b6e9a6eac67

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
121ddd78cfea7d011dc8fd17e3fb1a6a

SHA1
d6b34057182f261da71e03ae58c1ed085bcc5aa2

SHA256
e1874766dc7f8d10f9111373e44818668dc039e5247938233a1f2dcac0b89fdc

SHA512
5adaa0347c359e44f9e8e85e8d42fabe62b0e81d9abbaaf536db5c484d5edc19fbfb4ffb2c20a929d70418951216e0436fbfce90769460e03d2311ee8f81ac6b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
f660cd5730dfcaae456ccb3545d89529

SHA1
00e7159bee3304e51749b99dacdf840a64095356

SHA256
63f34989bdefaadd7ab68d0967b3bf1e444f62b0764cf6758a6ecd36da98b1f5

SHA512
8ffdd1ecaa0acde86be92b3050dd2906d017f938c3567cc74d0630b2d59e4bc7dc1af2fb309fb6538cac93eba2924055bb3d1933cb3128d5213f3504ba4112b2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
5b69abd869513721ccc4aae6629a44f9

SHA1
9bf57067e407a492737794acaa19e5b4e953642f

SHA256
1f4dc48eec90599b9b39b07501d888bad7ad42da17a240d41e40182a94933e6c

SHA512
283a227850b168942cb060834b645e5de7f7588749c96f88f1f0d9dc062aac8c1bfc7fbb1367f3385696e9a80fc55d8d452385709506bce70a2dd57593f36f67

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
ba337af24abaaac8d09b6a94ac4a360f

SHA1
7f3f957a26fc2994c4ea8174c7ee2e1f6e3a539f

SHA256
791899978a31ab2a4f188f55f2777bbd0fd7b58fabb0dc8383f2275f2c8543e5

SHA512
61a08b10b3cdb52ed6312eee4fa1e80955f66d7fd33581e5e2683a9f17033576667371d802fdf18c6a711849e4154c7ba9cc32ff17d327a751fe13496c8b58c4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
0bffbd1b80383a195c0e256229b731d0

SHA1
28533a7d8c8043433a1753b0cce01c09c836c65e

SHA256
722448113a7b775fcfff1dd4b98dcfacd0a825a5088cfd52a7d1a1276dbb4e97

SHA512
dbed938cdd2a4532ed12c3ae0d1bbd26e0017ac7dfa50080817a12642352f133ef33d708159fbe0330ad5f7ff8bd6798398c462214d15358cd1bc6d4e2ff9ed4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
bfd49520ca68d9f2df3bd3d848a9a3df

SHA1
555147a9b94b0428f815076f91cac586a06b42eb

SHA256
56077eaae4a008cc05356add2c5322e85fcbae53e78cd1ee6280776a6a93af81

SHA512
6c4ed11a5e1563da02c3b355575d38daab06c1467b2c88b2cbf6562108568c9f50ed9aeec9f2230330e823611b51e4efd5f9b93b13cc1f3cbb38f12404241214

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
8cb7a71304e650e6a8773897eb507c1f

SHA1
8dbae6ef5a478395397e17e199b5d56258c8a16d

SHA256
5db17b8621d294030ff0b958eb4ef7d9f39afea1d6d9088681578c8523b805de

SHA512
acd6f47c59fcbb057bd7291c6c22bc809dc455722a48b4064242707eb2e75e8a0d264e3d16906f50ec4e6eb5fa31fa8a499be93bc4d6f9b44b1e9b5a21f27dcb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
91653ce74650d9fb72ba8d47b184bb0c

SHA1
372c9401c5ca943e47aa12d569e59044b6b83e82

SHA256
d80dc03a46e97080ce63e0f5afe8cca5893b01590fcd760d2ede7e93348fc8b5

SHA512
948c57c3ca7ddbf0e56d5e9b28694844f8eb396e71fea0fac8e391bb5cb4d0820ce2d0031e37d7906b5141151862fb631ca99bd03fd521261dfd1d37e112318f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
5e283f6e582b6c486a40f0cedf5375ec

SHA1
d7660b54126dfeba40ef14eef96e9ebc63497f4e

SHA256
304e42c8220170a4b686de2303f8132e3086f9fc54e05071f0f7ab3c18dd1f2d

SHA512
950ead73c3e30cc117c6bc361440b1d6e18999a11386f50c6e59ef08a45a04bfd4143a2904a0185feae7973d13240dc69bf413a919dd85cf7b28795c8c9ee043

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
14a704b205c822c9ad301324501b8eae

SHA1
03f5b0723fff1241fc8a9976bab6740d8caf5648

SHA256
48ebc4bb27e573d4fef837d00616d72e1be3ecbfb33e5ec87c1202bd9e719e0e

SHA512
bc9f7171124b8aea908ae19eb11ef767ba9cb791d8235a57915437be3a69c8415f1c50824c1adc0cb78829c734c86cf64c23438371b7eabff1a1c905d0b9212b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
b7c8968cdd86767feb6658e02a4bdd69

SHA1
4c1f85d5b0ff038c7c6505c5fb165131b4d67ca8

SHA256
0cd35eea01f7d646d22a6fe72f7ff15782b5ff004d07dd6436a7f7f5b7b90488

SHA512
d6dec843b7a4d7ee581745c472852814504f5aa9a1cde1765fae70dc5b25b2bb11e6108edabcac30da26bcfe0704fdb5faf0fca30ca0aa91d88bb347b4f2988a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
49d66de2f0cd94a02314c0a556fa80b7

SHA1
d0630080585a876eb62e56ae7d531ec5290e41d9

SHA256
bc0fce79beb60ca2a9e536ebdff7a8d8cc09fd7bf07bbd432da7e226bc7ba4d6

SHA512
fc151be4828e6265afbd736c798f31fd62f41ee123a799cbfdffb69e39a90a5442354cc3dce5fd681dc1fb40a0447adf3715e05a6cf3429dc5e83185145ab253

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
e5e7a9a3a68050a21628c8a1e9e11fc3

SHA1
28f4ac8dd66681b2baba90d83d9163d4d8693a78

SHA256
a16be4d2f4584314eb1f6329a82c406c51691f9d1b2b8111336470798ee290d6

SHA512
f262877747f9c9e98ebbe2900114db802377768f37e91337d83a1b444c9edcd8cad6360a59015b1c8c151d8450613d5d17460a57b19c091bb325635cd75c292b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
36adddedd8616a5cfb08efd3f0bb8a66

SHA1
b3211f009ac86efed28fb318d889feeecea0f7c6

SHA256
b689caa2e18196b620fc414b9a02be64c7153f6a946045bc27274859d9ed9c2c

SHA512
b87c10553e195e0666a7d2bcc1285020719c3d33d73265417ed2004c7307230029eda92beba5ac0b5871bd0a920d41fb80b2d3dd655174f47de0b479565a4cb6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
9bb8ed6ba67d04963a2d0556f655d4fb

SHA1
a8cbe155b14bb9ecc335e9ebf7d383ffe08c0cd6

SHA256
e2012e8474d4b628f97492f782bc3d5c3b71f440cfc13e097f18c9f8aa6ed15c

SHA512
91a492bf6bcae677b419167955109925a3e7fb40397050aa9303c47ff3fd4256943cdd7ff4c8ccbcaefc93e2219711afb3962815d9504dc5d97ac00717bb1da9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
273385c9bdf3a6d5fcdcd208a3b940aa

SHA1
3b85b543459ddcddb6817c6d24af06551ec43c3e

SHA256
6740db92173cf39b3d6c01f9083fa38438adcf4dcc716e87a5b201b029d2143a

SHA512
822f865a11402f9ef7596480324e09476dc70fc8708c521c112ac804ff279b44d9824b63e42e903136bd90ea9a4ca9b7e95cee794636359b1e79bf5fd2c4b30b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
9fa3ef1f5e37590bb25c5314ebc5a2e5

SHA1
cd423fca54f6b79db98fd86254da4a780d8ec92b

SHA256
7c30bd93e8c51204f1dcae814bc070d769432f2129ac93113a7ebb5da6cf7cff

SHA512
a7f78ff59589d49941f40d5374878b752cf80ad02ced65fb5d8410e37d03dc2d1c3b94539878b9aff60017944bed6dd630c59785174aca191988ae75e0c7f2c5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
9872f422b0a3ffb96465b7a78f72e5cf

SHA1
b454003ebe007f96750d948bff0fe3fa4e1698b7

SHA256
fe3cb888a1ec763abba8f652a9962a7b901a662c1269709550924098074cd8f4

SHA512
3fe41cf8b1bc1db15a4e7068b55559d438f3066cce8224afa3ef589e76089a92772314294481809b5e5650e55c955129fae2c78c5c22e9d4228319814d2f1161

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
401ccfe2c4fea7d505b866cec9050a02

SHA1
bebf721aa58b75ef6496e7a0ff070329191bb99e

SHA256
90350896d5c7a107ad3ba53d5d36b445fc65f217bf70493fc8b95b6ff5ed6677

SHA512
359ce7ae84e18c02f7262fc1a890759ab0d7b44f0d7ace7547063b0d487138f8ea9a5b4f9447f1a4b2e14da3fa28c7205c3ac6feae51721244b07dcb6831cea4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
30bedfd8b7a5ceff2ec2cc5bc64ba16f

SHA1
b548d7990b8e9f35fbe78b72770d9e8bed3bb94e

SHA256
582f1d8234edc9b36000fb26b17ce6b20657bfe8c405259c833c6c608a209f1a

SHA512
fe1be5b45de359b9672aed3696c8428f6c6d3d06f880663203b7a3546962919b1e2b1dcc7f4ce277cd5b2ef599b3359f106275e32862d36e6f316cee3c34e76c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF.EnCiPhErEd

Filesize
148B

MD5
a63f101ff3d5c2b9bee8853fdda76f94

SHA1
7a7a687cc6066600d1e430e86c583471fb4a1508

SHA256
d0950b1cf26b5f02ab3d3486d094d0618416e321b6ba05d65b8914fdb372fc13

SHA512
0660bf1c9b6262e1ad3a8c4a54599c0ae44d30d692ef7fc70d9ed70c70b13f02a89138534ab0e6476f31a73bc513bca2fbc3cc3b4e20332943200fbac33f2de1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
4ef62af00283a9bd2bf253227a7d83f3

SHA1
35addacee37274b5ee53a83035363d6a29b94929

SHA256
0aa02dd490c005a97cd3eeacc0b684fb97e944344a4b85f65d29306e2b1a45b4

SHA512
d93a7171044c7ab2f7dd21cb5de6501251a8fb56a91826ce1df0136e4f0e4f0eaf0202f938ac4a48774b428bb95a8109eed60d3791eef38bb14833fd9dcba9c9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
647f4ef2c794f76addfbc0b89fafea21

SHA1
8ed747748c7ff56768b6a0034a93f4b385e297f3

SHA256
a0bd4f9ace8126e9f39fdd64212f29cb9fcb4884fb1855b2ec86fdcbca609412

SHA512
4c209a7cfc13dbfc2ee0b0fb933ca214e3a4ffe10ebfe12bb6e24280be5c6ac6e59dba784fa813109787bc83774a3d349820de89e81f7729174e893f0247081b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
d277cf21639d00d9441936c57303095e

SHA1
85172d0e6c98f36a4449db786f859353e2968054

SHA256
87adae85e302b3ad04c39b265d73b900882def1b78290ee118d6af70c362c1a7

SHA512
e24941e64453b62fe10c70abee507f6b1a00be19510ba7f3ab5b93c232757972757e89b947fbfe5e527bdd565087f0cd9810eaa561d40c8f03786a725a533f54

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
da8b173b287cc22e439e1904abc6f4fe

SHA1
5491afb505ae3fa663bb3e3a9fabedf81e654b7d

SHA256
4a43bf2ca92f382fc57025010576c26aeeabd28b5fb4d0387abeafb8cd5999c9

SHA512
658724d6d0d4da407754f38713da17cf814ae84c1ddcaf86a035bdcb03cf841009ae37225262c66af7e6a3e34c7b71dcb20a276fdb4edc550994a56be1dfebc7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

Filesize
3KB

MD5
4c04b4aff510368f44cfe64585ae1896

SHA1
11bcd6f38f3d1ea51a02283a72a6f12b73dce401

SHA256
52e0f75f8b4f67324d9ce19f4b5bbb89235d6255b329fff991eb99635b1019b2

SHA512
10829ed4a77003f88388a77a13881f5a87ebae6a8716bb58c28a792baf19901ace64b3ca87b28793b4fd2f12ebc292e9954441010cc603a09043a3dfb545c6e3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

Filesize
462B

MD5
8a452eb15a66a276f305ce1dd88cfbf0

SHA1
fc4827b0a91f53ef378cc6fc4ed96edaebb02ec5

SHA256
6eed6d275c468fcd37c8277cb4018cab2a3afa5aa2331615aa9cf24d4f704b58

SHA512
3f764720c2c4302fe2791ba45ce91b4a2905c314ecd2b60f42f305e91509f1e7d2498c503350f7bae3cb40d073a7da24ab93d8c4501874442103bddd9af22fc2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

Filesize
264B

MD5
e59d2520fa26f0162070bcb2231387f4

SHA1
0dad4840ae53b51c8669c78f71ec2d36a5c3d10d

SHA256
f75aefbd7b9c9e7d18e2472179a801547879224516e238d5975931b128b83bd3

SHA512
aa30d3d1b65a5d28dcd98982c103587d749cc732b5ed11d6a447528d4520ab0f6e945f817a7004c19905d50e1a7889210fa8a7f1d3e87a40f3602e1b6e09816b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
d1fa16b3302259351143d2a5f00d90c4

SHA1
debe3aadbd7dded3cb25a60ede7280eaa142c73d

SHA256
123fb1b5b3b055f34b30068b582b5be5a9918a07f02ecfaa744561ebdca86aa5

SHA512
d9291386210452e05f70cd769018cf1ec48ca357c5259404776304c547d192c9a243a74015f8582615b31475391d481be41d65d26de554ec030eee1097e519dd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
9ce64e60e21b216d098ff9580e4d1912

SHA1
99b31adcb9cb8de83bd5443edc291335b3b71e5f

SHA256
bc3fcc7beba2427be3866e804dc166aad31b7c23dda1d684f2f6947d44ca1afd

SHA512
99c5211030510fa336b46218b17756de2611a0c729b4445c3ffb7e4b408efe823722ec3aeee5e31dcdc4c97d1fa61fb2e1b95ca4f7099c3a0abfa3d2b2bb01e4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
4ed74d9dd2097cc223b73644d6b4805d

SHA1
7c7ac6b6c29514b21037f0f3561d8b60131e3c82

SHA256
1b0e4b6144705f39da396b2df00ff06cfbe3655b1e045aee7a890d3c8aebfe25

SHA512
1c1a9029f73f1db8a64899a9f0b65c9f7fbb222958b41094c71ec22ab0df274c342c3a8e4a13b84cad3ead80d747e381435d8f582efc547f247861aa3a712bb3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
e9686762f63d2f335cf5fc3512ae93b4

SHA1
bc9afc26bafecffd553905a6577dc9a6d8c4183b

SHA256
2c5b8be7eeb4b24885f80d24bd18036ef7ee6d788c27457b605a5b95704953e2

SHA512
4cbc3e7619d2d5b71d382fe0620a5caa13465422857dd25041397b612296ce9117990d04be3bea6c3ce9b27273f897b53b7d4180d80623b0b231121a848b38c5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
b3225a5ad2e6405ec215cb8752156453

SHA1
afd79d8fc78737039865f3ba7a85a7e48ffe37a6

SHA256
f42070bee0394124b266e8e2dc007d222d620aa7ea4bc54afd814adc9b78f3bd

SHA512
aefc9a463b58eedc182413366ba449ee1f285f396a51f117b7794843e9d9077e23c0cf77df495a4fb43c4ddac0ae782e35edaebceae369166249a1584fa95f6b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

Filesize
26KB

MD5
a56a085b3aa2bc7e46b2c028b2558ed9

SHA1
777256e3446976603b2a73b73ca4754204c1f9c1

SHA256
c1e40a86b19fb5ef58398d55ff89c4e2a34bfc2f2b35a709fb7cd71c68609ec0

SHA512
97b41cde5857d3ea1ee9ef1e9f11e9eb5b43b3a8ddd65cd61b50fc472bb90c49bbeafc273b63b0cba8c63b774b37e065a0d9e490213f25f8d9410c5ad120152d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
0be024d38cbcb54127642b6d5687bcd1

SHA1
a360afb8b94ce482a94c3024e0c1f50b4059f0c6

SHA256
65c70b57fc027317b39dc7d0e422b3f5c4b35df836f2d4d37922213d5fd9814c

SHA512
c5562b9c79e8413ea70a77048a183c2a8063469627c3398f467fb641c93a22e52a17a958d70b6458341301186a0ec956f4425297032490b692f6424861b5f650

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
85794181b783533c3ed376934d7baef2

SHA1
4d99630666d66250f250bcaf6a355ddcd16dca4e

SHA256
9c3f44e1fe4ed66c56b6217f60efd01e3c1feff2923c34aef4aaf5eb69a36bcf

SHA512
e2a86f71f77947fcef2291b429067a017dc66549b941a7bce543a7adf864c7120347c89277d2a10b4d8603933b254736743156dbdeb1a955271c2bb809f4bb1d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
a8b600df7c25402a9a7bf7332c3a7b62

SHA1
0e87ba703b05abf254df6861ba908717b8c5bd9c

SHA256
9da4ffeb97232e5076de5f6d2c5d1da6602e96b9075a962b4b1316e22b6c5fd5

SHA512
78b31c7145d32d939434a10d023bc918aed568ef70d79d8785500697be595f793b4d339cfbd25eacc31e476adc82c3f4f9451551d2c892906cdd844fff1cd8d0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
51941ea13a29d4db2889d1d6a127f51f

SHA1
2b4960d8d3ce65f04ac8d882dba77ef072192a11

SHA256
12e135141760b7b74803f071b1f6695de472c38acad38956efa58d26d3bd2924

SHA512
4023fad7d26dca4f54c09d8f9d8843b740bf08af3482ef1ef9729ca1cb7730593e1afa682d04b2720225dd3926890c11cac66fb998a58f28b692a0435300bc61

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
58ff2c354f4610ddff38d088df0bb9b4

SHA1
d51e283be22b15474c636194b69fda7475d52ad8

SHA256
5073d7eb92d6e751969f54b53399733523d9f65ea53113ce13e103241f983a76

SHA512
c7f2ba4b1c86892c95bb85dfceda7fa341e22060cbbe1c2ac834fb3d63204d1df200a8bc58fbc8aa8b895129ee60a897acdf62e4a899051f5b0152363f49a4c0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
3017101419ed99e8280483a9e63712dc

SHA1
03be0a9f7955682deb20e29808a7014f86a89dcd

SHA256
751a8fca92ef4de096cbce4d68bc5bdae4d8f51fd2e8828a8dfb8a49ffef0933

SHA512
ba4a9c53f3ae3381a56b6c69e372c094f361441a3e382ed73ad0fbdffe78879b8c63013956d493a2f2a5f99e06041be57191ba3d9430bb3d81f18d8f40323e96

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
2bb43f63c223928e9928cf716d717124

SHA1
2e628f3150f0f3a898faa580d521064d3e7db972

SHA256
c840531ea7f5d7632f49a3159a0778a0406c5fed091cf62a3f2ad4f3aa1f54b4

SHA512
a4c11109fc1ac16acecdf53f3f36c91188d56ee90f664a670ca9fe93e1ec6bb2183474103e70c94ae171c2741e337d187f67c3b9fb2ed8954e6022bbb84ecaac

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
3cefbb8fc912833d4d446b16dae5eb9e

SHA1
59fe7c3536aa1e298627258d274bead499cb9724

SHA256
d9556c1ee928767eb631895a42a4983eddaa18006912d3b6bf62b702603cf3b1

SHA512
cf7dd463711bd68b6bff4bcdfa57c8d1c3a72defd9a9889b8a4765f055947f6a1581008abb565564d824dc100affb667b46235b59e7747640944cd400c4c1ccb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
dc7556a1c373e960cc9798ed21bc02bb

SHA1
b60313f5dd2288c3972350f9e0e2b982071e322d

SHA256
764728d47ecce657d2edfd87c3f3961355956f8874b73ea6394a4915690caff1

SHA512
3c1dd5af6a9a537e632d0f28a787e67eefc8bc40e300025ac8f9897a7e97ccfa7726ba199df4d3cff4a6039e1bdea1d376514af5d84ede9fc209d5642213a93c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
c8597e4dfbd1c88bdbbf20da9218625a

SHA1
78671da9abf58f499878fc5e85106e87150b6f1d

SHA256
22170680bffdebf8b931584e594763a26e961f6c0188d8154674beb66d86ab46

SHA512
3d274c9ef6afd594b14f4227222d43f938de26dc5e76e1bade08b1118d0b2dd3a7d4b9e6d380560f6f22f9ccf9df6b38c0dced4fc59bcbbd0ede84911df06e93

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
71e642d53469a83435b1b7b026b63d72

SHA1
fca4c8eab7233f5802cfb234aadc00605cc28d23

SHA256
c15b2269fac2f855e051536de7d9bdf26c7f0d0caa29c527e1655e7c5a12c61d

SHA512
54a6173051c623d44130b96d356efe33c947d739beb2f0df1be7ecd4584bf07c0422ab67cfc32e41dd67e77710aa7534fa92c77b7b1aaf4df21e5f50ddbd2a97

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
6ce1f26e99df157d0bfc54f451af8a8a

SHA1
d3c7b0cccf4279eeacbf323c50a814e701c02a5c

SHA256
af511eb5ce63e1a5d4d59cc04906cf21e5ad9a3af88d0619f6378fffb8816722

SHA512
0a5555d2e285f6fb5c45e6112d62942c7419df9ed102ec98a37d59b6267446d38730d16a2f99ac0c3e56b715b28313c55e0c68dafa1e903588f4122bb4e93a61

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
241278d63629f7235103d486eabd0ef3

SHA1
a33ffe229d67340de847961271ee2fafe66741a0

SHA256
edcb62d8ab35ddd754ac76205bdc1f2cb7f2ebf7cbcf221e8bc54eaacc66c9fb

SHA512
0f6d577961c487a4319cd37ded24d1d74187339e5fc9a42329c4cfae51fa67b08ff5425a001fb8487750dffda4108cdc02752e91b89ad3fb374360e7c6a4658f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
d9255836d0bb209a2201f5ece219a777

SHA1
d9f65a44487c6cbe1e6463b4e1a43254cbbbae0b

SHA256
9eb21d9780d312559944877715c4c5b05aed41fc649a4641958de8751b095150

SHA512
d246fbf8135d5d401e49b58059c83c5743c9613a0a7f83f81a4f4e644ad24fd5595302e76831aa81a5beace87a8e22d27723e50550fd1fa304c2590088d1bd05

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
7325c9b11ae8db16f56f88735f3ec4b9

SHA1
a8cce53fb22ddd84233d1889994853a6033eb229

SHA256
48cec4749980b8dc6f04ca5608d847278984b3875e6b7def118fe4307a7378d9

SHA512
988033483874b87a6db618c88fb7fc7f8349b7816a03f9d2333a6c97b4c04540b015fa9a10f0d83b1ee730770578820f1c9bfde254ef15b8b14831edacf33408

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
5df951ba695babc624a69a731f5e3bcd

SHA1
bb259b6b12b1068b29f49b3013c00b9cda649811

SHA256
8c8381c67fe200b9678bc27a37a5731716f2ecf931dc02953432bdc62afb7615

SHA512
ca2cd54521642f559d9f19458033f316792f0f3524294c05bd6e6a10363191dfd26cdd903833e09de911fe2207a8ebc289bca542c8a952bf4a315959c35dec1e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
0cc354d6ce66b79f935e8c76aefddd0e

SHA1
274cc59cd517b0397739c17f44a21c5d6a48e9c7

SHA256
4c90e7a951300e5805e3b5c8648a8a899ecb1f07734080df16e865ea842ff306

SHA512
fea3778a7da39be4fd638a3425cdad37696dad3b6492cc5e4ee4dde8d4529ec21429308ec62020ecb6039401794699810dd1196576713d61f32dbc6827be2c5d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
8d6720d0f5628342764c9e8e8fc0332c

SHA1
f64fc30b9a7f46a4c816bc4a6d891a570c33fff4

SHA256
9e2905ed451ceecab3350bfd9b9b1bd44eeafd0189e0cc3d1d4779e85c06fdd1

SHA512
fe4a42a9a4f5917668dea1a56f86b9683244d28abb79a680ee5d044391c42b39822145ab0de858064f5b7ba48d36eed6708816b213b344b69eaa0b34ae9e131d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
5380db9446293abb7bbbf625bd20b0ac

SHA1
1148895bf9903879c20628049b5986afbeb209aa

SHA256
068248075aab2d1b7f3e0e4947b2fce83816f167cd556694ef41b355bbe60514

SHA512
2a9691d92604282c2d5ef36cbd85d8a3b794a7e4ef23354d2f209eb9e70eb8827a528272a01a0bd6dfdfcbfad76857089af2953558551416f1516b095813e3f3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
391965686440b687b5c3e770688e6990

SHA1
397fa330566dbe4030ec2382458ad63bcb2de417

SHA256
587a65dadb4ef23998bf64bcc9f62e1f2d0065aac627d44e53b31a3ff174eabe

SHA512
088622c6337b92460909dfa7cd2480edd0838aa16a70a2a12f24f21d1b0190c230fea7c0dbb7bc8ecc5b7113091ba2fa9252c08136f0a6d3e46d5b352c3559e2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
bea8106f2fb7bc76b9acd6cb8b496fb6

SHA1
d7a1411486f6f3935ce3ca485828a9267753d370

SHA256
0ca246b4f8b64bef1f76eecdec95f9f0a5b8c731f77d12f69806e296cf10aaad

SHA512
e4029f095b1173616a7fe653db6f01274469cda8d19f871c092c715cf8e2a753e8aff0bd01d8a4d9b4443f4b7a2e884781cb9d449b66a5e8f3be95cf4c794bce

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
c672e786aace90268aabc7c787b95f69

SHA1
1b675b4ac2a21c6d4b0b41a6bba44c70672de557

SHA256
7f115dd23835f709b1e56cba12010fda073c5d61d584d7e699fb4ea336caea20

SHA512
a5621d37004f8d843289e8973bd1c77bed24f21798417a9a096ea754c86cb282be742bbd51125653e7e950b20e7f01b54f42b0ad100eddd4b79a8658294b22a5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
14594b8b7aca2278af8d550dde1b9de6

SHA1
2a27f88d5ef330936619dda4a0aa3eb9784aa61e

SHA256
7b5e9c4237987d1e08deb9608604d0c0faad800375850930c1f8c3ad28c6635d

SHA512
9a3e0a127d15d681119b96dc8c44137deb2fa8a986749133b89a265691d829a53f025f3172f487f59d5fd7026396568609b3f9d4b6f3d02d27f05254f4a014b5

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
7715a9518c91e4954a836822e5bf36a0

SHA1
4e530b0e6d41ee0ef5cdbc622ceb6e69ff92f95d

SHA256
bac45e2912a843d55664e09475f7003f0cfa14d6511fc6723300c1af40eac6e9

SHA512
c0daac1ec1c4f496b681ed946c3b4cbce93b3f9468a3f7ff898c6f7eea58cfdc1831098f815abb06f009ad6dc4ca7de12014c44e9d64409ff1e8775a6096bffe

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
873861b7a579fc9774117f8c3e8c8915

SHA1
144ef47b5c8159945da540445d78713a24453344

SHA256
6383c78176b35e42a7ad7a0f873ca7cf76ed856af2575028b1f2c7dd8ba3e979

SHA512
31ae945fe7a8a7ef6e4b5c3c75df98de7cf47e392c3f7c2f842e009ac31e7aac8cd3c42e558c8a375bd72e702c7463b610ca4c0478fea224f7ca8b59a5fbe451

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
f2009f74251bbee265d87e076d00f129

SHA1
d344f5a61253903835bf3189a5aeecdd068ca1a6

SHA256
8996f85ad7716410c83516294d780fe651f5b4f4072ec2a7b923d869150bf7f3

SHA512
eea11c8ee6693e5adf7d379deaed46119f03e7381095ab34ced9e0ba33f3d4413ed65bb4f29bfe2fd47a760bf1985a3a5660870d8dd8c0e20a7e2565941be8a4

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
5bf4f18c4b6ebed4dc7457b70796d996

SHA1
3bd0119b74ae54335125cc52d69cd72480e693f8

SHA256
37825170c33cc777837fc0748f99e0fe6b00e5cff3bb3be5a9bc5fb2dbcaaf97

SHA512
0eabc67e759ba0058f3b66d9eaf9bcc2504a3b805b3eb9d04b468b8071a1273c7c7544b44572efd0f21afc579499f936b188731fa0766b2131f1c1bd32d0b614

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
fa6d60f121af3023b52cdcaa73d8f868

SHA1
dd674b7c805d1d8f9b3ceef1bd09bf4a26e2769b

SHA256
093ea292fd3882d6073fcebede9d9494218f7a5a7061c8b6a6a882b6967f486d

SHA512
49adc65989e368e775613972fac74584fede5ea9845bebb9ca30821d34eb8db20b0312d4a45c60d9ed3d79ebeb443cab952b8f864a06b52db84678649bd20292

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
56468fc5b5fa6fb63421f04fed526e02

SHA1
fc4bb8b783b737f5c96af16a7eceb7ab69636091

SHA256
ec786cfa1ed791e3a7b934bc4c9990485be0a288ac90bbbb4b4653fe9b41d2bf

SHA512
34009c4fccfffc0b37b3f12e46578c56c4c509dd1f22a8b7e1f964bfd3134ff0d2f20eecbb8dad56f9d5aad786720603d9940a22802a9cb128288486555e62c7

Download Submit
C:\Users\Admin\Desktop\StepInitialize.xlsx

Filesize
13KB

MD5
b5b5083f087df246dd5500910c31bc9d

SHA1
af16cb70b90f3c798f926a02c7bd32c09eb0ec9a

SHA256
7462983cdd23e86d645dbbb93330efeaff659fdff5ea33d6709734f9efd3a144

SHA512
08c7d39b2310b59cf7e3391128b3e69eab9716596c036dfc8ef43a8c923cb3872ee326c4e7e6c001390c5072657ddb383b547e960cfe41861a605b5f94597c96

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
dba3aa77ef732970345671ae8a22b2a3

SHA1
5c471697675cab8156392f3a859591574fb27228

SHA256
a78f5dc5378a0e7e015515a80b5de47d2e5d5c794950961dd89aeb404ffa5301

SHA512
957b61ea4313544a773397166c1fe8645a71c7713a42ec9af86adc13e4c4c6ffbc4d1717486601f926bd2139e633729d74e19a819757c5336f0dfdcc02ad4a2d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
2deb361d7a8927e480eec78366485f1a

SHA1
df07ee615401f62c0cd72a3254a307cef100d243

SHA256
dbe2aa9db2afa45d26292f6378e683c92e02d7ee4df3a41a8650f89b54e10a85

SHA512
1b66c912f06802c84be3a1ee5d3af2ed6e062c5300cea012b6f651a68311684bbc21d02d9be54fcecb1526377a9d774aae528d9cca61fe90c291b0b9793f8af5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
7613cc1526079e7df1b0f7547a6ee343

SHA1
0ccd0bd9f5fbd2ac21e37739371268178ebefbf1

SHA256
3c30b62095f8da34def1531b39574906d30e13f0a92d225989fd328fb878dc12

SHA512
a9f9d00581e4484398a63d437824fe3d0ae83aaa79a09be9ff1f6f08a2851d5b3aa372bfdc0749d164554069ddbcadcb0ff07a4bddd6c1e9797565f77a2f015b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
101b4bda073431342906a584bf1a5a17

SHA1
8d867f24c8aa4a2d4226303e8b0c884cb4ed7e09

SHA256
6702691837c9c6ab6a4604db20cbf93627c7dd8d60182873ce96bd0a33b9f92b

SHA512
86c3d813dc2865f6185cb89b7948653cbc611a5feeae923e20e22577d9684ae62f8dc2c0ff7d86a8ab2829852c6c5b8384806fc30625b7c0b1248dd74280a740

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
0bfd3244b94d32fe4ed4cc4a9dfdab9a

SHA1
740ac7978f4c321d575616685ef02d646e70e71e

SHA256
b6d5b100d00ca28a7915b063a24fdbae95354b0eec35493aa9cdbf8da146b460

SHA512
6d90d1f8ba07f9ae36434f95a16af86f2771dea53a6afef48238615433e125b4d117d18a1ec9247a5a34dc0e1dd51b4cab629d19a38631e7157fb59b65a31a7d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
d1baf938cab0a4440010238d26b882b9

SHA1
b9737fd387e922676c11e140b5f5dbccaaa84cef

SHA256
663026c87359c5d760e8f6dc8b1217c13f0530f4863bdc32bfe5a688d80e431d

SHA512
1851c135c3a8669c5222f0a80e4b0f930ee805a3376d0681bcbb94c48ab564c858ca18f69c3cb4e1c1d6bd4cd1fea918dc55b4a8cdf90c41f6dac22c2b4016cd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
6e8861c48e34d68953475fad559194b5

SHA1
e41a7479070e6a537dcd6dce325b91900ae9a3a8

SHA256
a42b133e8bf0123faf3cd9c189e16b8214a245a47d6258ee553dc88bcb914fd8

SHA512
c97830dc3b41c034dbb80f7ab38eab6a180b0a913d46b973944a47a458d9733d01d5040cd9bdd9b10664c3ab5263f1ba629bf0905fcaf66985fa2f7473cae913

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
63f02655d4d9e26ecdb3fb9daf4e25b3

SHA1
3a80441dc499929034c1e6e86c775178c8074970

SHA256
433047ce3bea55a64abf81ae137eaa2e4c2d95ffe97e32d1ee750bcae29d0d50

SHA512
fb9908aa85a8b4ba6e9460d1499127dfbbaf6344a413e7cea36f2adcc4260f9458b07e0740dca4ee3ab8c5f51e841a14db06a85000fd8750d1041c97309d34c7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
fbb2813d54c76c83b4f6603e0dacb9c6

SHA1
56b1c6f50d4db96a0fefac46624b7ba2c358e114

SHA256
2302be2d57c4d3893669857589185bff56296f31c35b298985db9d6b1b1ac716

SHA512
114230b7b8b365f242f3b53dea92ce97d4d709f60d0ca8aaf8bc6eabd397b1be0d71526975e68daf1a2b03467ee04ebeda123de463a04662c3ad35eaf4510785

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
fe6570afd5abb034e07d78c1211b80fa

SHA1
2effd6cb805497cdf69877806cd8e0b587fd762b

SHA256
c06dd0b6362fffe7d52e3668592ca84c1d75e062662b4e8feffd90bd5dcc43cf

SHA512
f8cd8b547e83e7a92fd8a3ae1aaab33da6320bf6c51b025610ba3bee92b204eee169a101099ba3488082881ed29a095b8fa7449635eb94d39d999c17a93f5d9d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
e601089a6caf7f5b96a62fc4205e9dc1

SHA1
dac3c5957fc3637769230704c2cff0d4484dc8e4

SHA256
c10c8ba65cceec9d4b06f3b6dd584fb65da09f54926ab8da312f3caaa875c561

SHA512
d1f49cd1f8c68d4782813fb3897c11d20583b1df6cd56f538d210b5c7d62aa8fe0c4054c21ef4542d2ec9dc6cc7b7a7c369135de63e7f97d3998fafb44f62f1d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
526c10fe63980101999713cffd691881

SHA1
381b8b3422ea736abd1c57f7103e9af21ffc446b

SHA256
0366b81d06ae570eb6a68e36bf81a199bfce8b609a13f243d6f7ea3da869dc51

SHA512
16b4c613ebb03f737672494222f2472f9cfd0174aacf20fe2fadfcd4f28603112832523d7b81ec9ace54057b2128181243b4c6a2bd38de7cc8ec72c99678883f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
a99d4a8b652adb3bfff43855cdf6426a

SHA1
48a4a2f43bad06a41c852f3bbf4dd734671bf065

SHA256
c8798c0adbae4b7fca18d78243dd838ce8a0e4119b676a673cb0449147d362d0

SHA512
59cfc8f2709830a15009ce8d19cf10d2edcb5525a5cac427fffa3607fae52adc546fc3bb91e5a744f3daf296708e0cf015b3ff4b6e2d2fecc551d11921a07f8d

Download Submit
C:\vcredist2010_x86.log.html

Filesize
80KB

MD5
ebf13b5263326f504ce390e96fff670a

SHA1
72a516970c42c759b34e843312205a698a049309

SHA256
0c0dc5842b410bb1369b038f52c9b30782bd1481c5a02e320785efa2bc560acd

SHA512
7a90ccf2b12ecb2a37c91b2b434b2e84861693550ff76668bde29800a7eabf80d05165a01317f7973a02fdf392faa19ee2734bc5ab8a5de68a48a7d6285773b6

Download Submit