c6f6e0d1fb9cf86b134e5a273fd852a333885604d9d4ea3a79334e6fb3b45b07

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-10-2024 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
Size

12KB
MD5

36fc00a9095273bea40c8154b336a648
SHA1

e84a6fb6617d2f15956b9e2d5403a6e0b487a25c
SHA256

c6f6e0d1fb9cf86b134e5a273fd852a333885604d9d4ea3a79334e6fb3b45b07
SHA512

7d8f20b08e155e915af747a8dc5735c044657252e74867542021e83c291954aef2309e9ecf3614bfb43afc3c87d6972be20f35ace556a81ca562bc0cad97942d
SSDEEP

192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMCDY0:eebFNw4Pk1itKkpAjjI2YpdmCDY0

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2214) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\t5Igu5hV8iEnx0k.exe"	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_locations.help.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_preference_variables.help.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_While.help.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\de-DE\erofflps.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\monitor.inf_amd64_neutral_ab477c4d805d044f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Foreach.help.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtdkj2.inf_amd64_neutral_0cf7696e2236ca4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\002d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_While.help.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\averfx2hbtv_x64.inf_amd64_neutral_7216b6fb23536c40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr005.inf_amd64_neutral_d140721f97061bba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net1qx64.inf_amd64_neutral_85d10fa4c777b7be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_neutral_c81780c5dcabd0a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph3xibc10.inf_amd64_neutral_2c5d0c618dbfaf2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_arrays.help.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl005.inf_amd64_neutral_8b56291bfd2a4061\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep00e.inf_amd64_neutral_edc631ff41a34218\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0014\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_History.help.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_neutral_b94eb92e8150fa35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_profiles.help.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_For.help.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_PSSnapins.help.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wialx006.inf_amd64_neutral_ae607a72b46f9cfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_wildcards.help.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnxx002.inf_amd64_neutral_560fdd891b24f384\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Assignment_Operators.help.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_hash_tables.help.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_jobs.help.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsier.inf_amd64_neutral_622ad8125bbeeda8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsusbhubfilter.inf_amd64_neutral_d0615d6fd67bad03\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WCN\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_do.help.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Quoting_Rules.help.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_scopes.help.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\com\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcomp.inf_amd64_neutral_e5ca2f01ca47bddb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_split.help.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_67db50590108ebd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph3xibc1.inf_amd64_neutral_662220c3016bb4d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00e.inf_amd64_neutral_651eeed98428be5e\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky305.inf_amd64_ja-jp_4d77cc4802b17ec3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiabr00a.inf_amd64_neutral_6033065925bcc882\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_neutral_cb8fa151a7b7cb80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr00a.inf_amd64_neutral_aa4f0850ff03674e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_neutral_085226e1dfe76c55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky304.inf_amd64_ja-jp_1b1a158086a263a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-audio-mmecore-other\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\kscaptur.inf_amd64_neutral_6cb3fb6811a3f83d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnhp004.inf_amd64_neutral_53f688945cfc24cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR26F.GIF	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down.png	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsOutgoingImageSmall.jpg	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\OrangeCircles.jpg	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\logo.png	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02073_.GIF	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099193.GIF	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR2B.GIF	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR4B.GIF	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\bg_sidebar.png	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\alertIcon.png	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ICE\THMBNAIL.PNG	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15023_.GIF	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\picturePuzzle.html	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mousedown.png	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\More Games\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR4F.GIF	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_rainy.png	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15060_.GIF	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR4B.GIF	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTaskIcon.jpg	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_up.png	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_windy.png	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Stationery\1033\SEAMARBL.HTM	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099155.JPG	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\settings.html	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_settings.png	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\METCONV.TXT	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SLATE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous.png	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Mail\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\2.png	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21331_.GIF	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\SplashScreen.bmp	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-opengl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_87e73bddb8b5e46a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-setup-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c828af53234803e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-powercpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e61d5168cebfabdd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-proquota.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_899e766051c47661\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-keyiso.resources_31bf3856ad364e35_6.1.7600.16385_it-it_970c208e9f8f3615\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..n_service_migplugin_31bf3856ad364e35_6.1.7600.16385_none_5e24e56caba0b429\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_usbprint.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a41e6c19955d892d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l2na.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d4f1b014f6db1cbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_auditpolicygpmanagedstubs.interop_31bf3856ad364e35_6.1.7600.16385_none_7dea25c08325286d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..ependencyminifilter_31bf3856ad364e35_6.1.7601.17514_none_8878ff5a9e1a8a48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-4.htm	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_perf_h_b03f5f7f11d50a3a_6.1.7600.16385_none_48b522f56a33d033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-usbperf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_357ae31b3a829900\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..e-upgrade.resources_31bf3856ad364e35_6.1.7600.16385_it-it_484a5ac5d5c1ab46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnsv004.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_678cdd7af8035f84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-_vsavb7rtui_b03f5f7f11d50a3a_6.1.7600.16385_none_24e6a98ae7855ab9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Process\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ic-module.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_174810fad121184f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..kitengine.resources_31bf3856ad364e35_8.0.7600.16385_it-it_e7719af82d7dbe6c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..orkcenter.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b1a10c571895f60e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-chkdsk.resources_31bf3856ad364e35_6.1.7600.16385_de-de_092d221039709f59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netmyk00.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ffe3cef97b18e5ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnrc003.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6ddafcf31a29080f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnbr008.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_695e87bc431d5e5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnso002.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ec6f9ff3cb65d89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-legacyhwui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f36e4f388e096ead\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..ce-common.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a61728ea1279d393\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mdmgl008.inf_31bf3856ad364e35_6.1.7600.16385_none_d0773839df918237\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-atbroker.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_65b0ce353b009c87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_functions_cmdletbindingattribute.help.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_73e472e09a1a05d1\DMR_48.png	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-wu.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7e74b84fd24bf5f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnin004.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_caa92d1d6639bfb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.grouppolicy.reporting_31bf3856ad364e35_6.1.7601.17514_none_4c14798809666596\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-rasapi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e9530cd2e8e5a7fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..ation-api.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9682022dff2e0500\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_locations.help.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992\Windows Pop-up Blocked.wav	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-v..eocontrol.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b54c2fe3cb59c96e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-rasserver.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7b176a691d8ef141\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ac-sql-cliconfg-dll_31bf3856ad364e35_6.1.7600.16385_none_c67449ab74075edd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_Language_Keywords.help.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..yer-wmasf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b6b26efe4de8fcb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-o..s-shellui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_89c12f5f5317f4bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-convert_31bf3856ad364e35_6.1.7601.17514_none_9edcb4a706944d0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..ents-mdac-ado15-dll_31bf3856ad364e35_6.1.7601.17514_none_0e384c71cee8c9e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_elxstor.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7366d223bf4b0182\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..rvice-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9710ce79b161a562\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-recover.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bf035cdfc3da4515\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-uxtheme.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_44c69dc0653f7644\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_usbcir.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2efa34100d05bef8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_43da70e526c7c1ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..ingengine.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7c10b6792f5a6f89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\13385391832b7c36af9306baeb570e57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-r..dle-agent.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_fc1589e2218d0bf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wincal-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c8a9a3a2e8e288e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnnr002.inf_31bf3856ad364e35_6.1.7600.16385_none_b91afcc7c666b4b2\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..yer-wmasf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8998becd52aa9938\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..cesclient.resources_31bf3856ad364e35_6.1.7601.17514_de-de_cdb448a9dd826b75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_fdrespub.resources_31bf3856ad364e35_6.1.7600.16385_it-it_41991f13eb65acc5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-autochk.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d60f26ec1d0d389e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "KDURWVJJQCGUFCX"	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KDURWVJJQCGUFCX	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KDURWVJJQCGUFCX\ = "CRYPTED!"	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KDURWVJJQCGUFCX\shell\open\command	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KDURWVJJQCGUFCX\shell\open	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KDURWVJJQCGUFCX\DefaultIcon	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KDURWVJJQCGUFCX\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\t5Igu5hV8iEnx0k.exe,0"	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KDURWVJJQCGUFCX\shell	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KDURWVJJQCGUFCX\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\t5Igu5hV8iEnx0k.exe"	36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\36fc00a9095273bea40c8154b336a648_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
b07c67283044d198bd8987dc76f073ce

SHA1
449b6a648b51e642244a3b4e772c6ae5411cf7fb

SHA256
7318f993c8d700fd31ef2a15c505936ba30bbde1c4d905dafb9c877af61e30fd

SHA512
82ad7ad9467b03996f2c42a9334642869e25995bd19d2bbf2b9eabf5d89e573e754d88fbc55673bbbc4dc2eb2a4220e65850059a5c82aea1017e9e4207d61b3b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
3b6e4721fa70610f2b89fbaa1133f2a4

SHA1
a0e864552d1d4fbaf8a0edaf6fcd1330d33b9809

SHA256
a13da031c53ad7857f9f136d380f53e854bb94420cb677e25b2303d6a7c0ad5d

SHA512
e714aae0514ccdbde21e82ab4a799749ad3bc230fca06ce1115f86a0a4094804deb8e9ac701122966f682bd4914bc8365bbebc1c9e57444ecda56682cfc64bec

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
7383e6e695ee60b37ff02278de07e202

SHA1
05612061701c7e7193deccf3e7220e2228be3dd3

SHA256
332d66f7e35eab921933f2e06c7a7200ffa4519a5a4f50153e797d571f8e4fa8

SHA512
29940d8729a2a099d64a2666ac98a92e9d88a9667e2f6516ef0fac9205ce6b64e4df38f1108174dd5bb28273faa49cdbb32c257280d2ccba913dd15d71c74a43

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
5a246ab8cdb64f64ac7db8fda875ea65

SHA1
d908a35035aadb2ec5b676255060b087f654927b

SHA256
6042c10cae581fa498bb0f50c4a351cbabaf905a625f01a99bb96c4d1d567137

SHA512
a7b531b2b6d8216cadc1a3797c19793a36e915f61bb2ff513a67a7bf6675b43888a1a807e35c5bb91e43c3a73710d05b5fed8e4b96283e11843e2ab621b39560

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
fbfd48ae29ba81ded662103d2784eac6

SHA1
7b9328a4a5c9b943d03e1b10077c2f7c3c8aba8a

SHA256
3f17a92bbf4e5672610ddaf95d29351ef5783d85666a6eb07bc120e6306db04c

SHA512
2961bb6e2e8e3a44ea971c24c3c6c96cb18bb4af59e48a087e9ee10f2cb13ec5f8a07dd00430a09a8f842b50f8c68f81d15b0e6ed208e03066cf8814ba4742fb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
50493865ef408e8eb4ac37365b9924e4

SHA1
5f0dac6870385fff93673b81cb57e2e589bb2bf2

SHA256
2b0b8b8b08b59391df8874e7a33a0e9316f290679edbf7cbbe1d24a194a6b0fb

SHA512
47cc9505936afeb4bbaa1cf665f6955dc6c409b6fafba40cb842abaacd3577383b5bfe5c5413f76200a1f3da9abd34b68906d04f901763239cf9a441143e45de

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
f91343590202ee42fdd541fc0d6582a9

SHA1
9698f7b983ddb9872afed800bf20a9cd9035df58

SHA256
ed1ce2219a31ebfa8c120398aa241ed9cf06d7dbf6b7abb9a573c3a6ae269198

SHA512
29b9b725e4c1c2070921d6b20c212c30b03d99d1d65d7dfd52db20a213bbb53c34f30f6fe1379fe94e12d63be20c5f3fda8ebe637a2897d2af4760103c8982f5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
f5b2cff6594fa96abc6575102e08375f

SHA1
840da928fbab26266fb683129f2ab8f9b71d4d86

SHA256
bc7946df754d838699e1869ea38d8f31bf97ef3026ce0bb3902141f1b8811564

SHA512
8eee9cba58e2f8b25a274485ce81225bbdb87f1f940006b405c440781c0598f6289a467da76f4a07b73ef2776491ce262e5caa4042867a44a1be19b710303f2d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
9662a8d1da0b5feadb42268dc728a9f4

SHA1
3c5cc8ed75de990592d311c0737080961b967538

SHA256
e9e1f2415238b6022dca53188db5b0d8f37cf50654d5c551d9cf3614716ca672

SHA512
c061d430f0a91ead23e0a6a2e89511a85987db4681c26607d62d27a938a02a3726287301d4d752600abccd6319f127f74af2443c531ee71fcff6a39c3d7999e6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
42f59d27d917a27c63a847d6a0a18bed

SHA1
2b515ff29e25040de0970cb8da5119ed7915ea5c

SHA256
4c835d61a7a102af3d494e1a89a77a5bec91ac0c73003c97a58da90bc2abe5a8

SHA512
719b5a540aca53c3d4df6e5f5d1c08b9fe8e9ec9ae2e5bfcfc6fc4a6aa8fe0406ed7f8e47ee2493a0f26a63d59725b17d503f1ef8dde45e8df54fc2c7e4f9bb2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
9d7a3c21e86e230aeecb35df8c66904e

SHA1
64183947d67a15581bfaf70519026b3358fb5a28

SHA256
49d2d4397946ce8dd4f35aead5a25e44a368d86aafe361687c9d2fd4dcce6235

SHA512
e0dfac96e145cc5759fbfaa97f10782dc193ebae7996ed147d0f5ef2843d73bb13ca933719db1ff64b3735867432dfc2e49c1661fb7e6ea53b22d126d63cd8b1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
4e2549bd3d74e484d5b7452bfde3d736

SHA1
cd9cdeea51a5118031b816dbe436ef26f03527af

SHA256
cc3d5e41cfc3c3fbb77776e0e445bc26786429456f9f240fe643e0be14055cd2

SHA512
25776e3077753424f1670926320e0ee645e768d08742e1edb11ca36e6ec5b667e0f3e99669952be485271ae474dee4b2336505ff647077dd477587c4284e4da2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
5ba07521ae707a57f179bc7bd082ac74

SHA1
53382c6b5e84af3df4767f83f822ec8beb3bb89b

SHA256
a9ede85c45ddaf8d972c075e9eaa65e61074f711a1ef2d46210571ab40f7ea9d

SHA512
9c2a6a563d544c4be8b07127a3b40424cfa5d5556a069b277fe7701000c20143e831daaf328293ac223a69ee8975758dbb6cfd1fc8692199485b4274fc7264ed

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
08851b2d6cf003ed2a3d8b7fbec93a91

SHA1
3778a27a647800a1a68fab83e1b8371163e9ce58

SHA256
8ad713bbb70301e96dd2c9b1e2545478ed50155ac8e3f1f1bbbd222f559d1f0d

SHA512
fd1a870927b42b7cc96978e5be9b533abb52dab42ccdd281a7b742a8b2d33af3520863a4baf1eb30b968790d4b38666d7b6432a901f1b21f0704df895ccf09fa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
e95a69dd87ea53565521ada1e1ee0c3e

SHA1
9cc34956c03b610e0b7d1bf134a5c185e949dbde

SHA256
40e87faa26bccabbca108649596b9707e3f31df0a011060ecfc40b7dcc1b3254

SHA512
ce2112532d0ae951d016b4f739448ac71f9a3073d86e336141cf2d1b7d8559ca83fa4cf0c36b24b91bd4649c385f613660cd0288e6563a4090b9a419edd60bfc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
7d120bef82da0f832deb8067c2f2c43c

SHA1
beead598265fb87c322cf46cb3865569f63bcdd2

SHA256
7051c1741d61e9fcbddb2695bab98ba0358db4639d8772e0d29f130948c82f3d

SHA512
5afca9d79076f8dac464537c32aaba546e18823cc2fd456584bf546cfaa21527ea67e350ed4bb26b52d3479d584c01b02321139602cfebc13e78bdc1f1f42786

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
09286d5d16167c53a10b1ecf98fd9dcf

SHA1
fb1cc6f7aab6d5dd6a0eca46d06fece5d3fb0c2b

SHA256
e4dea2c7002d28a2a9c6c392e939089464e1675ea512d7cfcf71007ae50c795c

SHA512
2d226083e758e661996dd47f0ab2f782890d29859c9c228cddaa39989e91d51c4d2b9934947ab00890c9a953b78dbcd42cd0b29735ba1f76ae3e6ee56c7de9c7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
d0c7fd1f579f850e6e45200cf3d25730

SHA1
a0721b9413b0196269fe76bde73da4ecb8a77e92

SHA256
4deb56f1122c7c238a43615fe794cfa749542ac65a1397bf771f063447dcccda

SHA512
0a0ac0ebce6a481b36ec6a2c771ad882c29a1d1df2e7b5200c97b34e76b404f177efe3ba5f291307b82e6122752a96b139824a7ed4f9937419dd9e57840484bc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
5df234a0310f0d28fc134384d6705c50

SHA1
78650b5e08d675bc9bc04019f65013971976289a

SHA256
9b98ddb654a62a6706091bf02a93a8692dfa2938df0a85c8da8db30a547910ba

SHA512
173c77d74ad1ca3e505dccda2633a302406a28437c2f4a34bb9d87381ddd718194f707e1d1c6e3c9519dd42dfa20bfb17b038c09cb3833f8f9f63793fc9d908e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
6268fc852c28dbab7d13296378b8d676

SHA1
d3dd5d51beb73ded956eccf01a03a3f3edc068a3

SHA256
48967c181ac1738dbb1114b8f366fa0779cf4ff594019c1993ee324a7fd9ee88

SHA512
7b3d11d37f62774f28c4909d8a778dd77fb5b469b59736a5e5381acfe16d86fcc3dba981e6d21f936bb00944901f0745f7c3cb06328cb6b0ec0672efe39bb18d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
e99567ab4d4b4764539907beeb7cde74

SHA1
7dc9b5240f5a1ae660cffc230d75f83faed24876

SHA256
63a90498682768a6c0764162a0d3cbd3d3fa43cd7ce253dc8b3ab2f562ae9cac

SHA512
db489d7b35e97a333154d24abf1988c18ad8fb8ed63b8634cb4f07793d86b59220efbc76af9cb211b435d29af09fd62205b670edf1e644b24eb7f194c070c5a0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
def4537e90738442afcd9f383d081463

SHA1
9523379192b2b53b1760f002a27dd3fff97b4948

SHA256
78ccb9f43dda4b7ee09fc0c28a7636c6b4601629c189465068bc743d1400261c

SHA512
a6dee4c4ab0b70204c18fda76f7da7cd62aa35572aaa3ba3bbecef53e02a632f8d36bbcc550c681c9d809cacb55183959dbed204e2a088fed36d634545e7ee00

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
cbe137e46ce6b4220a69426e566643b0

SHA1
888076769e990a8c4a4ddaa2f8baf59f63edabcf

SHA256
e8c45c0ae5571340240f6f8a2916ecdddb28e2a1bda8c1b1d629de1e1ccdba59

SHA512
e69318caa814d69458b934bbd8b8df4d41b59e43122cc0da42522c8f7098ff2f0917cfee5a9ac55da67f2beae8c3526a71fa23b017468133c138d334f2a42e90

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
58f21d7087f6696d916d9ff993eaf423

SHA1
62905c597b9f4eec2f43dd6e4c3d580a337d7b50

SHA256
01c6876a1bbc47583894854909f1877488e1bcf8989cbd31da5dddcef7a3fccc

SHA512
bfa719fd676dd0ba8655ad5544b60005e83a3015f2be594a549d7ee61aec851a658272ff47e2a7aab06c6a0737367aa3f00d48de92a310c29c3b6417e54b2b13

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
1aed158656f88181359bb154a0674e6c

SHA1
8ff99701602821ced9f0f9e838b33c92cb1cb2a6

SHA256
749908cc995b965e469ba9423ae043ee455c77f4c7b7cbe5df42ab53ac005371

SHA512
c2dfcae59328b1bd232272311efdb1517faa8fd831a052309c61c392207c94866a4efb86df20aac097fbbd3187941da6f9175e3a55767901716f7f698df3dca5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
64194f7da27ddda4fbdde19a03cd4b2f

SHA1
7b6ebac545bdda572b00a6799641c8bc729a991b

SHA256
e2846569d929cbb53ecb48c158a7557dcc025c7114c5934502c836868da854a0

SHA512
5982ffda5f5f33d48a794d83ae5cc58b32d10082f8dd2710731ab0864e16104003e2d6a8f756e0c8b0b14330c526a8679563abc0098abc9577520e638cb17ebb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
43a947364c695ef3a4b9c36644b85d29

SHA1
d677a67ecf0dcf0b505879f7a4da4534ac30144e

SHA256
d45e01cc2307d54dcd4946ee4c612838ff2d96ac51e3a8361967ae1b97cdb093

SHA512
2c62a5026b4d5c12d44fd0c5cf4163aea48bb4a9b1f29ae07edcf1fa05b51de9b01ace5da068310c216eddd098ee05e7d45d236ab4fd791efe8d8749b78ed789

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
b6536beb548962f4c6f95fa5d9059caa

SHA1
042423bd4d3727300e436c3cad38822e009fe951

SHA256
2b911d05366ef24f8ed0b6a662f47e3495b90a0383566ecfb6f1f4c02e08de7c

SHA512
901062899a829da991bf17687042e19386888f5dafa7cdeae7221113458022d5628840114dbc921e002ec9afaa568573605489cda714a9b38e1c9c8e18d37cde

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
00cb1114838cb5ee34cec8c32e5f8e86

SHA1
c3ffe83784536e7582223afa28086448b5357a43

SHA256
002ae6c591a4c475d0162179a6c328ac6933f1cac179e25c7a63c3702ec5e785

SHA512
b2b50a1ef1777c6ceaf4a6096bb42f0f0bc32ff505122521d387799358ddc86d65ca4b317a1f620edc3a6d2015ce934b7eac05a09baeba70ecc2839d6b772d27

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
11ad25162700a7313ea0d6260a880de8

SHA1
a53c10109cd0055cb74ad289c27420f3152ed6ab

SHA256
c41db38b67270f7f18d380eb96f88389a315409d8c2564212f5699be5d8d105f

SHA512
1743f74d8c824ea35218667a80fc311ef71ac4459ea0b2cc6a64f29a5f31edbaeb5055d5e63e02e66ca0685127c2face7ade6fd501647254e7f7f17969d1ac9b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
74f3f0f7b3174f43910733bc75207162

SHA1
66a011ca7a4b4461c75a156f1e93193aabd5c1cd

SHA256
f051b7ea4bdf98e690e4c9d007c2ee672c2184ad3cec1f8fbeafa3a77dd86ab5

SHA512
4487162ebe49638c641558eb4c51a039dbc7d1333b0936655cb4622044ae26f17b4be69df26c93bbef47be45360975fbbc2271fc6ec46ed1a882efc8e2c6db0f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
b53459d485b77814a4cb0d5430eb7442

SHA1
04dd66f844664ff98c57771384b6f10ba17769fa

SHA256
642b2bd15e93db93b1e85a892970fe42439f3828072888633592322fa6a70402

SHA512
42b9d1d361b2111b7b83baf7ea67d9e2f38fcd5955eb583916b4c955c36345f957c4637b8608a763f34ff2f63313a9f6cf67e17dedb38dc933f13ca00b2840bc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
d25a6e5aef13d5bc514675c56f78e1d9

SHA1
95139b700f691a430ccc3e8e9405522a53b3a19b

SHA256
bc6c6566302f02dc89346b7d5092cc5b7808b30a4dd1c043b1c6006c456b7be6

SHA512
14281f9cd40104cc22bc249f128e5b29ac9a51013604b2ae0921bf2a8baf143ecff74074c278460b64c6177cfaffc49a39f0530eca3e8bd851589e923435f050

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
28de7d67c0c9bd403de895065d3318d4

SHA1
35777f9905f24e74bb4fb946243034554216372e

SHA256
393cb7c35c55f127bf67af8809a358333a7f8a67f157fe0eae1f0d7290dec0e2

SHA512
b6da8dba95eb342a722e4d23d6b4db40600dcc5725b4f27fc83a7d31d094187465ae4772430bff63a03fb42f82e8c77203d9335df79cfa06d750030f59c542b2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
0801127125fcf5f4be776a0d401bd3b2

SHA1
a9359ab6e8a01110e3f797a23ace267833c67bbe

SHA256
df70f873c4ecb8348b55b2df6215767419e8eda90757379f11d8f9ff00f43e6b

SHA512
0c19a7ba3bf5aa00d1ba4e3f03fba5fed26127c5df407d275f9bb75fee7ee4aea74d583943117d52aa47786fb64c363fad2bcf8aa390da718de5cbb3c93a3653

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
e62420ef9ce261aa9fdb087f72ed93b8

SHA1
292b7360052bae93dd2ed19cdb84dffc17dd0949

SHA256
e92bcca88aaa1a3221186e69c8637586ce9e0e1c96efb7153a0a3c63c3a4b9d7

SHA512
40a7759f9d92b54fef7d2fde1a792a582367f1fa56e3e1d5f884cd19408472a64053c1668c24388832bd9c8feea5427b78d4f8acce6f6fc01f8b6ef8df684bba

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
127ce6c1cb78c77a14340f92ea59ac3e

SHA1
bf068b264689ee4248301f9525d928aa7da7c847

SHA256
0c0f0e773fa45fef7efd64496d63553576bf99e3c5ce2e6a30ff84fd40dbac7e

SHA512
c25f8fe97300fed2d81f03701126ac3cdd0c907cafe9e2a9aca23d940b64e0f3140af5286b549aad7ddade3bc9d4532b823dba7da2bfcd4b95169f7a55509bd9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
65f4db49a7ac1135daec2080e7da3410

SHA1
f8f746018afe81654ed058d17744f3bd762176cc

SHA256
2b0746e5cccc1ff566e1143646d505ef92583c84e8a199ad30352d426e2858c6

SHA512
c889b658036bb99bb841ae883479d43d19a8ee5a8405ef3a3f6cab1fe709f5cda9c91a450ad271239d24efe5df720f31ad0e3ea8e684671ac648136e9af98400

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
a4cdf3d1a0183986dfe46b9e405c18e3

SHA1
4a25f34f0cc6708b1efda617ce200701da24932a

SHA256
c3c1b1d062201dda02b3a22e905207dd62bb6e0de354056568e329a0c58d1f77

SHA512
9981dc265de89f6df0f16cc1e43b05409e828bd3868209894a1205062b168e9beac97d95d2243a9e539160d6b696a79cb78a08c38b55773490581e5fce17cac8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
082cac6c80b0cbe95b222f9fae891ba3

SHA1
0c2d300d9c86121d10da90ca9e81d57d0faced9e

SHA256
8ebd5a701f97f3a4eafd7999e0a03e866454330e7e3264dfe1b7e2a0c1d99c2c

SHA512
c3ef73618d18199587f4034e4d3262cbbb299046393e2c682203e2017d45555ca648dfe7e9976e0c220410639129fa17df6d282c65cc627f2ef430602f293a3a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
96c94daf863a120fe0a9916df30e57e2

SHA1
94a6400ab6c4089535ca861bcf25ee15787095c9

SHA256
3ac65e6d0b7eb6fa1d491bb6d2d93a31cd7b17153fa7d184147dcbb9f0fb0d3f

SHA512
0abd2d652bbd32c1cdbe7ff22defbe72bb5a448ad564c54fe16c7c2746b977e432d771222071dee495ed3b58ebfb8dfbb0c1e3bbae088a50d1a951261ef02be2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
e74b614e2742b81adb966ba0d040a20d

SHA1
9a85933a35f93601fd97f697194ff98002f05d89

SHA256
07fbe0afe55fe1025ced512d77bf5ec440c9bc6cb4a1e23cb35f16fdc942627a

SHA512
c84677b8f63c42bf1bb2ac375f3359e81e0864837958f82b685c055a69f73202b298760f019f9cc4683ec38292786d72684c2c5f00ee800973ec961112f98ae3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
70533f0a8a9ae552ed4fc350add9b158

SHA1
f2602c243fefd6765d875b6b13d96bc93495d819

SHA256
8fa35699f52392369e363de5a571fe199bed5ad7b09a0fa3251fa66a39ea5eab

SHA512
947a68b5a42c451d1f9bfc6fba8f93d6ad84e68ffbabac717cbbeda89c4acb3ffb5e5adebabec80ac9f52a300730b9ad258cb3d931532efa930954ebe7d9ab42

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
c568200423c9ac426ba466f6db612c64

SHA1
f17007a61c10dda906202ae235d84a246b5a3703

SHA256
b374f130a1f68f83436af45c301daf5ef8cb5d8cd20dcf542d59bcd59828b7ba

SHA512
7613b1f03f70b2a2a3b52201eaafdb7b563b5be3415ed04f19be4d370788f31c5d7611c108f9667dec2539746f7d5c3425a9be1a6ee663865323c390a981dddb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
8bb2925bd42c1ecaebd6151ca031d741

SHA1
48ec7dfa6394ce0bba33c38709b6ae40c4c9a9d0

SHA256
392493cc5be2991b2aa03b3e2423125f5d385eae5596a2692733e9dce929ef55

SHA512
0639dce09e70b927c33dbf2bbab42ae60fa8f04d4cad898789c295270d24eb017262dc9a08819f451a53bf27e2d5e02d4dfa2a5dc4de330757f1af044d322c7a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
c64829de78ff97c5caf1fcf482fad348

SHA1
37fab928f1118b2c99bff0ed6aca649f64385557

SHA256
af9aabf2a884f96e3a921d3e4f8e4080678d3d3bee7a7e35ad36a07c0fd53a3c

SHA512
207e3c70154c3c8799d6986ae56b5c78f5565de25369a2a31555055aec43af32ec3cd1ded92d2f6db877978e8d7a769d0b535a223a5165c3b5885ce93228a02a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
c27e99fe4ff53ba6e09d3068858ebd38

SHA1
143a50c7446136a524d6dab519c6131bb0ff04ca

SHA256
4fe754823743a327916e66b1952cd2d08809c91a742b8df98c473ac862889378

SHA512
1ac01efb9265c85a9d32b668c2132eb33b51a0a6e18153545e83aed4019c9dc7501b93d5a7ebcedb68ed184cdd5197247aee7dcb1c81ad5cb4a657d7782cc627

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
b92926e3487a7f6965fd3170b1e5a587

SHA1
3e1237a449cf369d3e6285448ecc222aa85e5ecc

SHA256
7983d00df784b713539a2f9419d3b9a614ac999aa6ed314cdd55361247e09f50

SHA512
a7eec54ded964dd5127b2d1f91320151339687976989c0f64607d9412718cd9d9a9ecc01b9d0b4e2850d9d1f8f69a4fee1da8767700b73ecd14374d586f1ab58

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
0c8e86adc435ddb39043c389fb81da99

SHA1
9fdd4bc1305685feeb8abcab29c0a4770bb7cd81

SHA256
58a44ce50e717416765b2e2b86edf826f87f2aa4ea25d5cdef4d7ea86c09eb43

SHA512
7260093250dc05cc30ee37ca385b49c75a194c2c4a11806969cd5dd2d47fcc1c2fd5a283e42b5e7c8f685a1b3cc7cded5762153d393d7fd22ce376c78c8aa921

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
f2f9b30ffef2b171a8a2db0b52190cbe

SHA1
133aaa16c48547824896710010447da288072ea6

SHA256
ae5eb93a363f9c49d96f59aa34de290a9d2a235467f4a95d72f85f4e438b0a53

SHA512
85dcd823a2277f4fd56df78f31fe6a38cf3ee9989d2dbf12acf9b09428be1af243c8819dd6b832e93251551daf37a038432670fe74e04a083808f81becfe34e9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
d5caa8f6f0f425446c454fda373b04c5

SHA1
75bd116b7c0077d8013ea1cfd5ffdf638fbbf6f3

SHA256
aa19043524e21148fd81f31236b29cc653b11096d4382f22c547397e94abeddb

SHA512
c9800222275bb3a7d8f3e37791c404990feafb643782141cef8632a9987a3f241ddc8012ff3e323640ae34575a375bf73f24816d867a770a8a7c687585591be2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
314372748f7af79968686173104ddafa

SHA1
4c4ef5512190ada93f3639a52cee8abc0dcf28b0

SHA256
4390412845c6d3ca379894e1f2090e625eed56cd09f1a26ca3ac04908c12c8a7

SHA512
69d45fe3a176f1ee07896aad2dccb4320f08ef266f5bd2aa20fcc7ec00d02e9a0caf07fc32d8780333dec43c531f9856c2c9c1e4628ffca04d010a9cea566a8c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
67c57e8525b5b7880a4db3d02826d886

SHA1
c5aca752c0d135b1dea18b46e807e124dbde4995

SHA256
cc878ba290eb50e174981001fcd5a26959c9543a5df7fe5092707c7cc7254904

SHA512
e9bd442ef42d24d1103ca459fdb4eedbd3ebdac668402b7ce79ef746fbd299cde8f385fc0dafb06586258afbe4a1ba7abfb702bb747220d785cf81935ea44b46

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
bfcd7c333d4c02cae0baf1558f726a73

SHA1
0313d95bfa7ffdd74606c1a1464c53b906fd2b38

SHA256
6e7ca230d3630b8b865144a6c15448e522cecd315e19ee1e9eb3bcf5d3366fdb

SHA512
3f8dd6abbbc82d66df7a4d84e20b695ee31e65d4240fb070135b4710b1d82bd36218ed50acb2d4cf0920e9d4fa62d77be26055473a187b14efe95b41e5854558

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
7fc6489918638fd2f0e9045effe58b57

SHA1
050cfdffa715ad9fb5b23bebac958c7dc0a59924

SHA256
c24efe07c33fc196986a0a8af8290ac496ba669152ca3f2dfdd23d57f7caf341

SHA512
4bf56a8a533551043baca4ce0cc80b51eff3e35696366aa1364b8f98fe22ab5a28be782fa5156ed8edc5bae50a2b1d84b7691e1eddf9b2b6c4289518a4981a9e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
19d2459827072894d3ada20b6229d4ad

SHA1
234a51c14a91ca76ebdaf8683e1d0e0e314a0d98

SHA256
bc65b2886bbac4f14332e1c4f3376d3bddde306e22eeebc1662274eb9ff0b265

SHA512
e3fe0673c488c5a7b499ececdf3eefa8ec92df5a44ace2bcc9c2c68cc3b7c2a8ae6d0c0f34d0fdd012b8759f0c6eb9835afa489786b8e97ca2c33fca819f4ba1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
d5446c25d5759512fe20b4ead9c636da

SHA1
bf0cfee8c06e0112a92b0ac471ad2a3a87b225bd

SHA256
d20b9fb614a4834c6479c52b80c4dc874e8c0a107c38b7849068e28387811f59

SHA512
599c6b347302d344c84e26dd0d8b223e69835704a54eb54ddc4c5bc6cab351336ec57d16b3402ddb0cf3a318075e2de8ab294b188c9adec61a9235e3f583e0cd

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
1c457787a1c96541945a1359daf94927

SHA1
9bf675bd700951cee6f697f829684502f820d4dc

SHA256
ff9ed5289fda7edea0eb79d67702d2972fd78d57a0b3370b8d43199f056aa221

SHA512
c98a648ece7f5f32dcfcb50cc12817ff7cafa4f82dff1725d5013214754d4f4e1a4e97093eb338388f08653ca6e1bcd3b661f7ba2c472310ca9a6dfd946275b4

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
b64715eaf974c78d4027ccfbf5a39fc1

SHA1
c41c2b9785788e3882d6e890c1fc9b929d865179

SHA256
620b03e809000a413603ea5af2608c10305e8325563a896ac82e7e2ffd178a4d

SHA512
5b3566c1ef65eff7a6dd639e8ba1c10d9d1b551b55ff234ce18234b52e6a4f268b351aca3460a3a6e2e08a76603d48b31905344aab66f8ecf0f3b1d70ad9538f

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
22f5f667f611b2ad609fb214e53e32ad

SHA1
4364fb68f1a080c23efe500ca89e51569f8f149e

SHA256
08946abab55b19d5ec36e5a08fb81e450729620918021e29b4b7e3f0ff6f4577

SHA512
f232daaad99934dcc2270c0e0ed2b8c21715529d6757ef4165a5796234784c0c278790a7eb776d28fb205b6b6bef3276d04237130bce88aa576c31700ffcb394

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
65685a90c38804d12aca42baaee614cb

SHA1
30a0074a7432e14c4f9a23f09b4a3d702346db19

SHA256
86776c7ee46af38250e726c47ea4f93268ac09a48a4a2d2b45f37d1367e44dc4

SHA512
26c0f86ff3916f299d2346c5dec6aa74be6553bfb2fa52298c6b3e139ac9f942545a4c57d45d8509d1a8a6df72a9e789058f5d9e1fa58591c09d423924191f51

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
78e38d4753db1f5a3fb6013b1974f9cf

SHA1
1655134640d8c2d37965fa47cc57858b3b6b1352

SHA256
02f6a7d777b78a41c8d2bec0a254815de097824050f68d868397801eb3bc7ba8

SHA512
d911cdcbc6dfb2c8beae29b8b2437373c51f4445ad22a3e9801dd7e83c5c7d01005ed6d717394c3a1e5a98c961ea03d8b8170ed812c0229b4e3bc4776b360e12

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
bf61a340f7cc162ebdc7410a1170bdb4

SHA1
1cde9aaff2faf70628b4eec3b6ac1cc76b4c7645

SHA256
030374f0b72f39939ce85292109fa3b58d173f0afa76d59702c1fd558d905d35

SHA512
022edfde2aa0b0c959f12a3b3f2c07daa43bc5449a2ebc1a8968f9934263d354d68ab675880bbb56c62b9759847658c94d68068f16f674452454719f8b4d7f7f

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
ec6140a45c9a0213d4b25ac7dde7e6c0

SHA1
ba28a5e66d0738d819cb92a804e6aae0c29bc4f5

SHA256
db9d172d4fcd48c33ae12228ee82ce3ce58c21bc94a781284b78fcf6a017f663

SHA512
fc3be9757d0f8d23f475eb5572eb7a60281d955bf162a4f0c9a05f32d5cb38518f1da85303d8c2fa8d1fe4bea19f4546dbea1b2e35f6d35c3d244e6ced579122

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
605835cc89f8c453ed9a47ec55beece4

SHA1
a909e53128e49016ebad607ef14067db15dc192e

SHA256
cf84f4601f8f135e9376a47ffe2f6726ab2f89f4d36b38ce5d56c1159029f873

SHA512
e67c2998064b74e04104672d649dd7f27843f11f6f62a31df74118859cb398f1dc243dc84959c80316b10850a76b0f9a106fb8712a567db2c9c0dbcee50e14b8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
a72548c44c7de13e0eb67fc4902e1dea

SHA1
a0afd4c9f350b9763e6da8cb6cf2e3551b4d17f7

SHA256
aaf12f261a084909e0de91e17ad3f7f0a3cd686cdb8d132ef859f71c22d0a5ba

SHA512
c89958e95c388dbf6e40ca8c00b0b17bd2d01220c5435edd5044f12e434380edc28c4b86f8279df2417c1a30db77f77f91bea597f48d9497ced62b4d0a415fd4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
b3e6773d86e62b5a3e593c1bdfd666fb

SHA1
fe131afa5643c176452f6631fff9d5c5e6690dd5

SHA256
05a4c1ea30b24fdba061d4cdaa2918adb428746d526efbff9c128c9117667378

SHA512
f82ef287c30715311e8a8573a4eef3160298af1c84aeef3ac4b1cd89ed4c546bace7ee72be95824f77845c678c2d2d6f31175e4061e086358898bd76b060fa4f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
bc60d114ab69b8788b87dbbafc5f6ebf

SHA1
4b567a2ea842cc00af56e4b1f429b0fff35d2c07

SHA256
7bd64e2c1dff6019282bca56a03456ac11d508fe2d32b7fd8d624d40a90ee738

SHA512
2fd55da2a543702cdd05375b78f6585610bfa15af00e87a69348cd602128f8a095184d5224fdc64452348bc4ac03b483c69457176e0a1f6710496d46ae9e7fcc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
949b18627863fd743d3c5a12a291c836

SHA1
5c287f46db8fe63acedcf57368e3e161ac45f7bb

SHA256
5c8680a6f21948a0b550234b563c8f9ecf92d9c7106133a6f0cdcf2bd3723e06

SHA512
1dfbc527ace32318fba9e2b413eef76bb25d7447140c5a5ab2029f97a1b01b2a4dc7b74e2f44fa4efef4606e297f95f89e311d9f254328aa8c4a74a68ff04046

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
3eccf7a0ec02d23ae792a90dc5955b76

SHA1
5288a0e0a6ead74340b7237c34d4013e7d0158b7

SHA256
0abd2da2d76ec0fe2886f5c1a540f6bd63969b4296ebf76962035e48e2079f6c

SHA512
128159cfa16b2c870c61a6e22d39fcb7dd310a975b9d75b0edcfced89d49fe189d874bc380d58b197dd8ea9cc55c816c4f597d1d9d0ce707c66b8f3b7c18f012

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
57d2bc66b4cd086855aba75bea21ae12

SHA1
93a0b2604de296f43a050082d95cfbd5ead8e1c9

SHA256
6d48d5713832abb353dfaa5776dcd0604370e5581afe9ca57c8503327646c2c4

SHA512
a47c0cb7393c1a0950751a0294103f9a5d10843217bbdf3c2251e81a75a147e374b44a8a195b86397a83b00cba961da856428d70e40c7a67e78973d84a6c431e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
fe803808886bf32a8a2afd925a57c94b

SHA1
9a310a28780fc6e82a09334479b6575df9c47c21

SHA256
33835ebf4ad918232dc940f452d250e8e9e559886274f382b58378009daa3d6f

SHA512
6ae833d559eb97bf9bc197dca7ee53169f5f45352c55f0e9802c53584b060a0afc9092d57b18e1f43b8a57e1db5c05a1aa14ecc0052f0ef9b3b3ccfa3dfad16b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
80568f7484f2d7f03af9d93baed7c668

SHA1
560642d59022941f2c1e38cdb32c42fc7e86772f

SHA256
79222e9f74351f83e5979080b8146252fadf375e483477f594b09fd63b288e3e

SHA512
597c432c5c8b4a2fb0072c4dc704d530f61386f1ebf4ac3a018a39ca637983640e228f85b9d87d5a620185b1b7769a971cfd80dc33b0b408a4ad21e77114aad6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
e18c0f7d445db4c4c06308e43a3ad46d

SHA1
df4a482de1ff1af27694ea7bf7062c0d14609e3d

SHA256
a71d5c6d547caf766931be5a2fdd1aa44bac8dc0cb0a70bb4e5d053e585d8e54

SHA512
431916052c78338714d41573943cb3cabdfbfb11409f6c0838423cfa0b6e9dd26c21560120fcdd86049db0790877953caff975eae5f46e21be95278f3fbecb22

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
93fe34f92fb9f6bc3b5f585ebe96577d

SHA1
71ed8ccc063018a8eb7eeaafda1b64c7a80f8b30

SHA256
a0258819117f5f0dc7bdca3f64f7648cbef34c6c6b2d7c36fe477cd0e8d86163

SHA512
e4f1934c1e2fb83dcf25d7b1dda9b862ef886d4ae12a1ecfeb54d97f4ea873a86787114f2cd2c39532f1a661101e499293e37fde73220514c4697cb9a14391bc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
d02b7220ce90d7c8e3ae38ae149598a4

SHA1
df318bf256425ce3bda38b10def747d53191efca

SHA256
6cb21335331e38eec2b27103ac334247dfec496ef6558453ba3e0369aafa8781

SHA512
7f6240b48497867909c118770621739c30ebc4f0d55b644c42e4d92816516ca0821abaa727adb5b183fda05bbc3ed71201f049970016ffb1763083f072a85e4c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
c9030e6ab9e7eb8c0a91711c4696fed4

SHA1
848cb283a4d660c8aa228f4c693507bf2516338d

SHA256
1bc74c40ab10ad1c48d6f9546511cd817cb844932ecc7377e1e102a8c20c187f

SHA512
cbea5e65bf9565b91f931d30537520b51e23d6928cabc39a20cd840af30357a4eb401b014dcebd8d67c358debf7c69f7e0f3ccb6a54b08974a760d384eb4dbfc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
e03c2d2a3bd90227c310dac5fe00ec2e

SHA1
801415d79fc6e4fb0044905b1e87aec0c9cb2d71

SHA256
1777710a24499be862df3aee02cd1da066b139850b0d708a294b51a8bef9c5a2

SHA512
b8847723878eb869a6dfbbd4ab538e9581bc59ee0229b18d9ed2248369996b4741d1cbc9ce5af8aa4eb2d48301dd07e45d068269c44753fe54586d40df72f7a9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads