b43c7c6a97d02ab5e6a4bf60cf9188edac971f3ef8a807b5756a1584defa2297

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-10-2024 16:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
Size

18KB
MD5

48cee60c2d2d32979c40c5f630c8f220
SHA1

12531e0df36c3b5b4fab47bb7feaac105fffc30e
SHA256

b43c7c6a97d02ab5e6a4bf60cf9188edac971f3ef8a807b5756a1584defa2297
SHA512

b63758ffdec53453f01d01e983765a4b43b4de764b62968da350e1fedd8a8c80f17965a0c134952bbf92166b8748fcb283ec0db23a6ffd1edbc15c07c40221bf
SSDEEP

384:SebFNw4Pk1itKkpAjjI2YpdmAZQzVg48JrX:S0FmBkpKjPYpDQAFX

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2203) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\T77E0sNhHdq7Ov6.exe"	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\61883.inf_amd64_neutral_a64d66bac757464c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Setup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_advanced_parameters.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_objects.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Networking-MPSSVC-Svc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_methods.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_CommonParameters.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00a.inf_amd64_neutral_a89d2c01c0f43dfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0404\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsupra.inf_amd64_neutral_c4fe81ea47c6df87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00g.inf_amd64_neutral_6f76b14b2912fa55\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Throw.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmadc.inf_amd64_neutral_62d6e6995428f9d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcm28.inf_amd64_neutral_d3fa0f62d3d7cea1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_For.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_environment_variables.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Comment_Based_Help.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky303.inf_amd64_ja-jp_b054bb0d59e0a3ad\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_PSSnapins.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_output.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\XPSViewer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hpsamd.inf_amd64_neutral_84ae149ecc9f8033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_neutral_54f2470c084714e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmlucnt.inf_amd64_neutral_642a5ab3f2a1ae20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions_cmdletbindingattribute.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_While.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_For.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_join.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_neutral_cfffa4143b3c4592\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Comparison_Operators.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMETC10\applets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_objects.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Comparison_Operators.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Parsing.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_prompts.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\avc.inf_amd64_neutral_3ef33c750e6308ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_parameters.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hal.inf_amd64_neutral_232b95977cf6d84c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr008.inf_amd64_neutral_2cedaac353c381da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\replacementmanifests\Usb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\angel64.inf_amd64_neutral_6bed16c93db1ccf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\System32\LogFiles\SQM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CYRILLIC.TXT	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14656_.GIF	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\33.png	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\flyout.html	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_snow.png	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\background.gif	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\OneNote\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\settings.html	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\month.png	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\TAB_OFF.GIF	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15018_.GIF	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Class.zip	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Hearts\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\cpu.html	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Bears.jpg	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)grayStateIcon.png	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_cloudy.png	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21296_.GIF	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR50F.GIF	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\glass_lrg.png	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14871_.GIF	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked-loading.png	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_SlateBlue.gif	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_ring_docked.png	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern.png	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10267_.GIF	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\blank.png	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\trash.gif	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_windy.png	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_left_over.gif	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_settings.png	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145361.JPG	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02750U.BMP	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03224I.JPG	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21399_.GIF	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\cpu.html	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-imagesp1.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8c519fd14f2cc670\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_trap.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_server-help-chm.resmon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c26d25a0f42cb8cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..ooler-ppc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9d2310f2243fe88b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-r..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6df1499b9dec880c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Garden\Windows Print complete.wav	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnky005.inf_31bf3856ad364e35_6.1.7600.16385_none_3e5e9dc81f7d9f61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wiaep003.inf_31bf3856ad364e35_6.1.7600.16385_none_5103eb30ce5ccbd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3687be952df5b9b1\weather.html	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..migration.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_758a47d74db96bf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..fications.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0fc41cf559e856fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mystify.resources_31bf3856ad364e35_6.1.7600.16385_de-de_00ed22fd11859552\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-netpacerinf_31bf3856ad364e35_6.1.7600.16385_none_e54ce8acbccc0d0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_gray_hail.png	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-webservices.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9b383eefa1be70fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_gray_cloudy.png	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..extension.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_3cec36258cdb2f85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ncryptui-dll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_397b9b1f1bce678c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..tional-chinese-dayi_31bf3856ad364e35_6.1.7600.16385_none_6052679946eea92d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..trics-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_11b1a08795dae83f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-msmpeg2adec_31bf3856ad364e35_6.1.7600.16385_none_91b0a94518ab5271\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-o..tend-apis.resources_31bf3856ad364e35_6.1.7601.17514_de-de_f8fabe8ccc93bd3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..e-utility.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5642a66333c4b1ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-getuname_31bf3856ad364e35_6.1.7600.16385_none_2d337ee8fae2ead3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_4f7e32f76654bd3c\Soft Blue.htm	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-events.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3eddeca774028e07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wlangpui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_758402a7d2851ba6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.windows.forms.resources_b77a5c561934e089_6.1.7600.16385_es-es_b77eefb1af52225b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-fsutil.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c4ea0fd9e8b12426\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msident.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6198068147f6c50d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.powershell.consolehost_31bf3856ad364e35_6.1.7600.16385_none_378f441f3260d575\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..uetype-browalliaupc_31bf3856ad364e35_6.1.7600.16385_none_8e8a0e8706e4503f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-kernelbase.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2b20d65de15b2977\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-c..atemanagersnapindll_31bf3856ad364e35_6.1.7601.17514_none_5727f15709ce8fe2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7601.17514_it-it_90d7f5ba1d001eec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-msmincho_31bf3856ad364e35_6.1.7600.16385_none_be34642396bfadae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_server-help-h1s.uap.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_732db468c9790b76\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_aliases.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-a..leshooter.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3950802fa47d5cc8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_sr-..-cs_412dfc7d44b0f7b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-network.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74e8789d956287b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-932_31bf3856ad364e35_6.1.7600.16385_none_2ad03056b4ecc39f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-r..tance-exe.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1704327a87d82961\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-usbui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_aaf80adbb11253f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..erecovery.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b2ba432ede21e772\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rpc-remote_31bf3856ad364e35_6.1.7601.17514_none_1ebf38b449c0930f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..r-chinesesimplified_31bf3856ad364e35_7.0.7600.16385_none_e080a37b30fde6d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..recognition-gesture_31bf3856ad364e35_6.1.7600.16385_none_b43505cd35efbe69\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_01c6b44660ce74c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-v..skservice.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_446a057940cb5482\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\inf\UGTHRSVC\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..essionale.resources_31bf3856ad364e35_6.1.7601.17514_it-it_02c858bf03c4047d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_locations.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..r-library.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_92073f5522c8b7ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-http-api.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b132aa0e4c2778cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-osk.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_af0c8c5f83e223cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_nb-no_45641a7fbc21db79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mdmbr007.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6f7b5695e7b39e9c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_018b4fa043769680\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-robocopy.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b3428391fd189016\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..n-playapi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9cd29145d46cccc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_transactions.help.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_nulhpopr.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ca8c999228c91ccc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\shell\open	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ULEPQAWHZVFFULJ"	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\ = "CRYPTED!"	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\DefaultIcon	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\T77E0sNhHdq7Ov6.exe,0"	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\shell\open\command	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\shell	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\T77E0sNhHdq7Ov6.exe"	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
518B

MD5
9e9783ffbc9a6de1f0a8375c6aabf453

SHA1
b65c9e7b7eeca453620b880dbeff68f01782cd6b

SHA256
a44faa36146ee2b314d8388f12755bb00d4144d31c17ffa2c6ec544dd1795932

SHA512
3974cd57606d2c0f65d4e2c8069cfbfbb1a185a3ddd83abd8a3be59e10dc93bb77335a7aa6c69c6c12850a778123d66a1e02ea2a0d191824d0692e7358258d0b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
b36b1a9fbffd61b249036458e586a14b

SHA1
3571c6a2900cd64095fa7206236fa9962762d655

SHA256
4ac0bd10c4712a2f94c5abedb89a9c6b533b98fbdc377a552b0a8cb2f436a630

SHA512
6977258662cdfc24f7f61229bd5b42f97719ee8a13942bc95f36e62f706a95eea45f303f21e3bdb1960059c13ab84bef19b0d4902a26c324cabbc7647f297fd8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
019e10fbd3d9683c98b385e611894364

SHA1
a50b827b5bdc9ebb8b811cb53ce79dee818bb66a

SHA256
211c09013deb06412210144afe8b9ba1a4778d04fde5dec8eaeddb06d0602bfa

SHA512
cde350c2f604be2a5cb98b81f1f24a650b5c062a28f81fe81e952c660b19ccf850d325013943f4eeb115e647bdb509be5211549a0be4ef16a20af8b88358a003

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
791289e24de1f7027d0075110c04fc40

SHA1
151d59c3083a1b372520d6e1704bdc7c4cc1bcc9

SHA256
9bfffa079a4b6ca10634ed7b6d997ea44aea66dcad8c8257cd83209ac1c290b2

SHA512
ab6b9a56f388fb5cc727c35015b4db01cb527c80269c5c187589b1880da0650d9056a31b4aea14abdd67431b4d0224c891b178b6a0e138bbeaa6f91162242415

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
bcf839fd5b2c9882e8ba9b29eb743f76

SHA1
3bf006a65062e4e278f354f25ea1039b4fcad381

SHA256
6a0c61cf7473aa823ea7fa243c609a44eeff39555c9639f5cc866ee300bc892b

SHA512
c8c270ea47ca531b25d44d96b70832835045ae35a70b2b68c9765393b0b4401d06b388322c91cf87e39b87b58fdaeaedb0da939a8da0d389a69b6bc5e5091efa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
756a1c1fc44dd3cab69a151c25038918

SHA1
0ca5c4cf15138aab142debae07e0c081f091b77f

SHA256
509c04420ff71c486d50d9e99d942d9441cc270258c481e47fb8ca2a8b699a4c

SHA512
3d8054b41d823f349db08f447c3ab98689251431b8aa8176f61c532b067e9f102123e292f53a1010b572c55c5459c0b46f7bd1ea595441c46b3caadc51cae8a5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
455be928d76a1b0c1fa9279dcbd218d1

SHA1
a6e7220ec00aeb61dd5dcaa3f807f6859d3077c9

SHA256
c77afdd9b139d162c5534740629843025dcc81a279b4e9c947a857da43211630

SHA512
f680a2246c4a05641d2c641e973ec9bc291d778a3a86ce1ea0d624378741eb0030eac777fc2b035405c2eff949f3abf761d79d0106311c10e45037579bb741c8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
c36120637f474a582134ffe8fd224f40

SHA1
57ed4f40469178df9406c47f6c9582853c376fea

SHA256
d3b7bec43f1bc3139e0be60687f7318e78795bcd18f913f452d056a2478f3cbd

SHA512
6eae29b97c8e59ed79ea67b772dce0eae257fbcf645838501884b0bc158f4610c8aee5ec0fad747e3ab4dba0bbf14a380ff933c99d1abf8f118339f613d037ec

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
f476d86253808572a12056643118c389

SHA1
b91058a00094554679b7f81a7d3088a6a868e0de

SHA256
770b8397b77824fcd549ba1c425ab619a81617de15f9536ca075421b52260252

SHA512
a484c078751e3b261f5da8752727ea32e2623a125f230ec4e8e7b6fde2e00da3ceba81bf3230bccc83d21e986e597ec093f7eeae518f17b4aa693cdbcf8c8ad3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
26643c90ea8a9e97d9ce4a2ebe0a23be

SHA1
3ead52074f9bfb37f2e26bf0f30cf85b383321b8

SHA256
e83af8da6cea04f14dd1d7f1172bb94a392be205b2f74eb44cfd574c080be4a0

SHA512
a7de9875100c0a71a75ecca1425478fe53cb0c189da4e2f2ab8043252e5950f65ae70a7dc53efa53ddd1947f93a6512d6aff4184607832696f0eafb8c2abd134

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
966631ffb842334a86c7197fecbcc3b5

SHA1
5b2e0c06f2514156a6ae6a3ebab6a945c2c25c14

SHA256
12895c07049afa6e19fa0b633f46ac1628f42af1ba6d26dca858145abd1ed09c

SHA512
6a454d7582569602210a78cc770dacc6e95868e2b4c9177229b3f6ba9c8a1a7d70227d42b7d44f587631e674425db8c058a9afb580c176b75d129045b1c5fe94

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
e52a740f94fa1cb88f2d88a490609ab0

SHA1
ebf58fcdd62d658b7330d3d9756933229b6289cc

SHA256
6b68dda7f4450273691250d9cb293a463dd1f378e9765939c621c920a2a44f89

SHA512
361676a4186100d5ac0d2042418c9be8df1f186906522fbadc7b564b26d6c2905ba380ca2df8d76be461fe51be110f2268cddc1556cb54b4b1e86d937d07757c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
5b0affa0ee520ede4585e9ae96529181

SHA1
5eec33c242fc5e0144bd0bf5f9957e101f636670

SHA256
3337ee053076b36faaf20565e8c232050db8af105350d836f33cda893e6ceb4d

SHA512
c8b7045c5d55074fe566e5406b175c3a455c5a12d3fd43868862e24176362326d9c8b8896334fdb15189979b179be82ef8892a1f976789eed4cefb6b3a32ee89

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
55be2e4a1e1bf6cc1c6a083e0c4c88cc

SHA1
604255e8399135f0d328c3feb1407f36cd0bb785

SHA256
7c0a24aeb2dac4914a5896faade14bdd787ef7070f5ac6527d877de8d1ac73e3

SHA512
0ba5d54918608972c9528d7b57276a2a717c261fc932d558cfb493654f0c3bbf63680c6a55a740130e4d75f3a0c3e989b6bb3f64ba03ede39844927955478d10

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
beb66d5c9393df44256d38a9640a187d

SHA1
23666d44e772e228e0c821c7de0d6ed9f3cffd18

SHA256
792de146e84209260c2a12fe2940c0da51a462c5a4ce10fa05f50862412d17e0

SHA512
efe54c26360bcd5806fdb98c714c92a8ea7000ef4bbf4e8b7c1564b6b7c0097ec3a9a3d22cf4f5f3fa48cd70c3a0aec1bb3990909e2d0ee0b42df59b6fb17fe6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
87096382c7d0121a023e4ba36ca9dc42

SHA1
2965fb9665cc2fae2c27ac1e9c3e20e347372474

SHA256
d9367a716445c443ea8cae463ec6011a0d54c54d6d19b57fe6b9c394b255ef99

SHA512
ad4172aa4cedb63f2c03da8a17081696a2eac07d9934c5fafe9e3d8d4c439b7cf9216534664ba94e3172cae9b0b2a20cf343db50c1dd7bc46f07b0199bd163d3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
395a3429cc5992a7f186ba979337e013

SHA1
dd6b770c140954e306cf992489fa6a8e4b5ce3b3

SHA256
020762971015c9c2409da10404ce7aa76d1392b9f65b3f4795625f0dbe33d9e9

SHA512
d6fc62037dbf83347880a2c0ddd2ec91f3ae56c53e91e3a51682ae7adde9ca1ea11ddc0882b6972afc605b718404e9a438cc7d601184d31147bdbb46f2201ee5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
9bdf2e9a6cd276bba3c6d8c69bb78cfa

SHA1
c914463a00823ddc348475306a9b535c4f06e5a4

SHA256
97ea3b87b5859396e21627d2345d4ccc2d0b152c892c75354c40ec062217ee1c

SHA512
2316c66c36068952461bd253e8d59f1bbaa780ce5e99072e4d3f1078678cef277339de3c3fd8a68814b41d099b68052addf7b1b3f98301c9049eb4f7d6e045ff

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
9b4c177210a4fa1109768b841f4b3745

SHA1
d0bb578b73542f5539c7f5f552d7e6a4a7156d29

SHA256
444f34d2573dc79aa5a2c4d39ad805583463b5f1e7580dfbecf34fa7d89d66b7

SHA512
13db40aa549198031746e3829272d83a0961396342410709739ee192395857169efc0ade5fbb098eb8630fadca3268cf54250efc711b8dd7b63be2199fcc6ee0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
c34dd31ee8e11f7eaa194d8bdc3176a1

SHA1
cc2ce1088715fb58503c085fbd2d4fb0f7d4117b

SHA256
0a5b6741d01754bf5ed426933ee82e2015626e08a8ec05cf27ad43fd8765c582

SHA512
208a0abccd27d6769b1cd45665fb8163fb5693af1da31df4c81e48093e2e01adb49d871a3a0789cda87b9b9daf8ae006a03743dad5b2dfdd2b1290822ef140ef

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg.EnCiPhErEd

Filesize
2KB

MD5
340a3cc395cbe9b847c5613711177b23

SHA1
1ec52fa6d747498b395e0cfdba91828eea1b569b

SHA256
e3e1d00757e548eb7559fefddd96c06b820bf8bf6b51c02b97403276cbf9fbaf

SHA512
9599cb00873cb365a9a2716953bd82619b78e9208455e936add80fb4806ccea42452a5a07b16deffb403e8f880212ce37577706fd78c1e065e505f5b8735b572

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
00b784731e2c65d64a8d681cddb4067d

SHA1
d4b0ad6b467060091d7f85a324a85bc744a0cf6f

SHA256
7b6687d52ffdfc53d686cca9510d82c0c80e5fee67b379e2dbdf7339edcde95d

SHA512
3a8bbfdbad6f281d295606b94d737a2a8686e24f07312abd61cf941ffa5ad46fd490e2f6e86aef603b7733f7664ad2706823b58441650b152fec05b2a7b0bacc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
13f53a5344637fab8063f5b2fe09a763

SHA1
796e98fe8ff64e45be4cba557ddec023b064851a

SHA256
7c279b1304f7d846d4a0ae35a1dfcfd0b08091d27040d5bfbfbee1cf19339711

SHA512
9ae99cd7e0b604435e6da82cd8c168bb469e72d09cf0424dacf5871f7209f1f0bde6238fb7801fbb141334747933f16aababa4f70804e23f6728b65a33f33269

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
b5b0fba7058d53f874c497b70b0ebef0

SHA1
ff7e89876a0d191d7d3d10735532d35dacb50954

SHA256
42b8223f02d610c839d6a7eea62292f542d02d6fb0e65a30de0909e69a21afa5

SHA512
825fc6fcbecd09d33e31a8612455dde9ee400acd704ef4751979a5279ced7d9900707ba5d970628a1db4cd4502ac71e86c81d86666abb23ef8fb15319f2c69fa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
1d9762d06a696b2f52220c4764840030

SHA1
303d64a5fff06df06f88cf0c540dc27643b7e905

SHA256
1a2ff993e58944b5d828bacad1fca5e6816a107294edf2ec92e358d50075949a

SHA512
fe9778995deb9da9778446fb52666bc30a36f56234d2e478015d0358eef740f40b53011995a2dde5bd0042cd0a0a667cd865b748e9d4a5bd81944871308cc67e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
e00dbc27131fe5d2deb2c1fbc435b363

SHA1
280b9d33985b8b60e58ddbdb685405c5916f076a

SHA256
7bd7988053c5a4b9ec83c6a9822f287bb2d648e6a8651020c0ed6cc856b03fb1

SHA512
4fd0b85a40071242d4db9cd6e10fcd2e7a6648f1cff766ef1a45c92fbac8e8c9d19f6ce4b9d800de18f575c0487bc588ce46ceb1165129510a8b0b23e226b0b0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
7fa66c3bc4424fa52babd226f9632f5d

SHA1
3444f7c8deb4d898358236d1d6a3dc660ed43cd8

SHA256
8517c6574a6daa494f74f3de4e20c61d09fbc20b36ad3cc224a6caee7ff331fd

SHA512
162b5844a0f68f1166021ef1a48f1e26302fb8faa4536c44ca698c5f339a41de2161e41275e9ffa138fdf6bc0b9fbf80801c61431b097a56b52720ad3acc424b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
6625bbb759e5ca38cda51c530d99dee8

SHA1
cc4d64283636721a5cd318d52136671ce705fcca

SHA256
d4bd1526666e31a1f493d8cc7d3fdbb9df5ba7bfe8392fe13a9d8871ac89b75e

SHA512
c8d68c8e91f2f892630d4c043bb4be97197095c9e6f567a2525d7575d8682d5335bd1b4e85ed9de1673a5e5d15390f952b9ce723aa1340c688d544870438ba5d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
1226a7b622f9fc20d9a9c6c1a4c404ad

SHA1
daaab39e5629ca9321200fec5cfc034062f80ffc

SHA256
341652dfd5988593473ae9a7a42ddb7ce642a203d0c4d1a3ddcda0754a638eda

SHA512
5baa070050ecfc20f09175f66be5d661418ff14045b420af62cf5defa0caa2874cc49e91eae8b88b26e681758256d03488a1de3627e998888f019ac947f3e7a3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
0d1d3e7e362dcf7a3d84e4887f9bea59

SHA1
8a3a91121e48d00b8b59c3381717655f6052cf4d

SHA256
aa614bcca9a8548ee528d3e08098f4a63d322336787e2168758561dd6f542551

SHA512
254eee8e1dca875df548cfba935382703503925e5efeac636b6d9ff6b2337ca43d41a4ca00a5810f9083dc038053b56ec8514131ae2602d3c997b69df06455a2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
6b5c1fa40c1bf189d4102a8015f8c489

SHA1
4af9c603515aecada38bc7376e02e83ec0fc321d

SHA256
a1d1f0da4af8ce5425212dd1ee1a6434bdac1c05f25aec51294f5600451f9152

SHA512
d1e9f0801e57797e4b2a7d1a09cb24718384f7255574cb02f6eaf29ba4ecae5ba17d1595d8bd7669877827c33a23cad6a2c7f42106082995b8f03a81c8f78a50

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
f9c22860b05ed452aa9bd14d4d94d001

SHA1
aa661cb423e8490cae55a8dff000e6e6e04f0438

SHA256
c11e2cc7c6f2d783037790a985f115390b5ecd6beea029da0c36718aa6c19405

SHA512
dbd17e795f9625f619009e7e4644adb48871e0a99e33fac0b94c8a81b69be9b52aeb59712f0674e7c1af5cc2c42ee9ad949212dce2c5a0bb1affb0fb290903f8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
08313a7d58dd79abee1a2f57cd47f7a5

SHA1
a388918be0ded59202f5562fe7eb2326e8ba8662

SHA256
abb95ac9f01180a3e69f92497be32b02c8654abf05891c6a20027b941e69dd7a

SHA512
d879525c285cdab15bfd6634dd081aa0ed280a1c85e40e3455c31c2ba3ecf810af059691efc99f72964520787dd2ee38fa61866fd12b190a00d2ab0fb3fd46f5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
da132e1657474152becd419e09921720

SHA1
2b9d86d428c0a167614104cca1001c499de2c8c6

SHA256
09910dcf0ae11797308ff49bb461ecbb66d86df10e6500e533831036982622ef

SHA512
ecb276db14522f5f6c4868427f6110a5a5ae98eb364d518ebff808b32962dc3e39da72a3b30fa392ab619495f0c9020ba48948195f2df545ff8c0fa92a18f523

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
862a6459fe90b65b93501f901da8618b

SHA1
ee259737177ffa9761fb0566432f4a4cf863bec6

SHA256
0f5926191d9b4f554e967ee7a998efa8eaa2ca5f75deaf9efcdf680b5dea0cf8

SHA512
593796299420dd52d2772f17a579bc303ba2b09718863cbc35085ee6be5e0aac64bca195bc72aa35c984329d430e6cd329a2b5d59124b9f01c915de0f11073e5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
251e89fff24c394e08a3c9e433aa9eca

SHA1
f56d94e1029e88cf7accd7fcce7e93de0827d2be

SHA256
4c528217bda55ed81a6202ae5f8d3135a87db00ef7e98135f5bb86681a6a1e61

SHA512
3bcc04ae0ece2ddfb563a9febdefa12844a0bcd883afeeaf4379d5e8f5aca6c5c5551db2f9c62d0a2b1789c6d16c835139b2f3d46fa840126eb27c6356b3d2b6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
95f7d9297e8162b7f10f9929dd99e217

SHA1
ff6de12bd68675063f98585c95bddb80c1336ea4

SHA256
e830b94e6a889cb74433a799052c5d143ec0e48ddbc5483ce5fb0733acfe8d7c

SHA512
f09e2cfdb0d62afae611987e1d551cee869916e134441cd7cd0128b3057422de2bcd8b31de6b267ea789dc3a42416e4c36dc7572697e09be8b15d5232a9a55c3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
c0673f159fb826ff4fdd421de6a86b6a

SHA1
5eeea6a7241510f0d598c2e6f6069c04d3e10880

SHA256
cc52972c2f2910fd1faa8d1a0bc88b66335adc46e1d6862ccf94f6cbb190a96a

SHA512
3ee7fec94bb02c9a8341a5d56f6731fadff951743c6d686d44d1fe8b28db25c54ecb8ebd2ab72b1fb905fcbf3484b40ceac617949aa48b4c666ab5c612703d58

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
77fffe09ae8e9a1534141840708f1566

SHA1
ef9cb06a640a5705086e78cf00f16a141be7fb61

SHA256
d4081ba0269f346d93215caa436f043d165e6e50717c9e0569df8dd42131eb67

SHA512
d0022bc0a2e00082da3c93ba2f339386105de9e695d613a5516a85da97f493b6ae76b938c483ba14343e7f7422220216a30c2ad9c2e53b1c16f45edf9b3be824

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
4aaf99cd165b8afe1b4e5287e1d8ff88

SHA1
112a9f4c9223b5d1b5d80f5ce34367ca7d4b331d

SHA256
e949e3a1dc45bcaf928c8974461b1571f8c392e37d103efcf514acf27f692ec9

SHA512
b3f99b02098fa58df8d2ed02fe2602cd39e41d6e9718024c8a80993da8afbfb8161b81917171ca2a40891e7a43e70f015ad2f25a7a43973e9e73cc757edba2e1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
b29cc692c73e56a631287341a405b068

SHA1
0c8bd5549f9416d841aaab44bf8b9535a02f65bb

SHA256
654fa6157ad84f0dfd010276b866675fe0dd13c35fdd30a4195b251cb1683f3c

SHA512
a6b0ccca8c7d1a8bd1dcf899a33d908aa3b141f6db8c39d7daa50ae03a027f3b8f80092889ff4fb70d8fc009812ef14662a399e189b5b114ad0490cb25aa26ed

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
5f86d37ca8e95d82a23b0eef2d0aee62

SHA1
db186dcf042d8d1145bb37a7d74956f38e3ffa0f

SHA256
918152d9684ba33e7c9a58d6baf783db0a234dc4e627f26abfb900fd072d256a

SHA512
d4bd0b913d343962b5992287f3c5447da5c337339efa4a9e5131862b96bdd4cb8b96edce66a96d36e4134108ca1cb6927bd8030d301266a07d50e239fbbbd269

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
62b10434527beff9f0ead5223425aa4e

SHA1
203ba6a330edaeead976160c41cb7e1670f537fd

SHA256
dc85367c14c651cb15bc9e77df25cf7547a5b736ee15d48f947384d8d6f41f8f

SHA512
fb220103d41b12fdd915bfb793957329a0f01ed9b7553a2662cbd350730d6ec6a65a45b534c118da347430dc7eb0ad29a66d4978fcb2838892ddc86f3909933f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
e1f0c32591f5bf4f1290b2442cb323b1

SHA1
fa1a516d9bd32f474c2fad00ea86a5b368a6c4b6

SHA256
d0aee00e7aa19c3c6402c3ef71755a4570107834204a594a379329680ac23b07

SHA512
45c256ed7069895cdcc2124a7618c9348dec66e0ec3da1a9b3844714b2526a3d9e7479468edebf5cd5cacda622352b3db5e807d8ad26f6e00753e4ac6daa7bff

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
2a0af3d0e0f653f758795e092eb53e6b

SHA1
41c3c3140a38346b95c18071e4795f4296626f2a

SHA256
857629ec00cb0376e40bf1b7d4a3222660ee7a4fbf03455b41d8e0035cacc0d6

SHA512
0306e8785cf78e988a712e7c53ea803c5c4af7d748280c0ab3dce0f222197d6c51dfd4469564e9b8c88287b0c2ea9818391a16e2c721185e1001d81e19315148

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
760d8e5cac64af1104cafbb37e720e9f

SHA1
e7ea40d29cc358501c81a415d3990ec7746ba7ba

SHA256
db49be6ceec2a5416b79515d19dd01686e7230b0b87274e7bcfbea0bdea2fc9d

SHA512
3ad7713877f5a9ff72280b503dcd263a2db91989d7cd95b518851affb3527df997712bcac1346a825b163e1231693b57f5439d782dc8d4ec48744544c24c06ed

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
b2c8d630b2564db90d51e08fbd81b445

SHA1
ef40a8fe2d844a609d82fecf0b03a7fa04567d57

SHA256
20be2a7f8cd8184f051f1a4085ee873e8c4780c68e6b23bcf8574a13970f57a5

SHA512
ea2bf5a09781461470d453fea4ddcd17539710c106e69bd81db21e18410ed10dafb81c0bdc869b2b9bf1d410ede662cbdae5d6c65485886ab69365f9e6085ee2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
fc3e6cdef10109e4636525d56895c7da

SHA1
419dbd0e8bf5fca57d580fe0fdd19c7650fbc2ca

SHA256
053c98afc0dca90299d115fafd7d5a1548be29e0af5b3a471327a4a6c1baf73c

SHA512
d62abdf5a678a40e81b9a03cad6ea44f57247670313961c1d126df872e4f07896a66ac64a2aae032e98e244716106923de3b5c6cdb2e86aa10b73e8d2b722e01

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
3a73504427a5fe352ee52707c186529f

SHA1
c41e4baa9a6beed3279e1c4d89d28a105c9b01c3

SHA256
068b4e50b5f4b543c1ddb8a2a79088fdafd387a21fd93116f0ad6281735f170f

SHA512
f57a0ae9a0bf76bac42ced558dd0b4fdf1be03db1a4b67b39069e0e69424d0a57451e0ba520ed9403d8ee9c1f74fc3def783d85e23380072ddb42148bb69f423

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
1bca486b63ae573394b02b09b652e21d

SHA1
3b798cf5d8117ae9e82d7640747f378988be3e60

SHA256
8cfbc666b15818a06ddec38ec67e03b4c9e999e3395bbe4d822529c2e830aaf1

SHA512
c052fd4f5b620373728e0f28dfafcabfda47741b9de5d7fcdac725ee8d20796d083e7d9417e8ddb08f7bd1496cca7a049267537f50c60f0603472c130dbfff54

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF.EnCiPhErEd

Filesize
615B

MD5
ff5006d161ffd0bb63aeadf45b42f256

SHA1
c60f73c06a0afcf3ff65943663a836bc0bb1d19d

SHA256
9cb2ef1915643aef07430dcda5763eb53271d1c547f8e5cf6e022db9d0f1d22d

SHA512
67c9a88fd50cc9b990e28d86c76bb3d1187ec17728da190312031015a0b0dd9bbeee2a7f935ea1d8f45aee0c3886f4d04d3f705b1ed078babf3b9b909c2ee866

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
d2475b7d146f541ae0ff8d23bd3f6c5b

SHA1
3e08cbb4b1131c2a2ef9dd74a26dd92c5460559c

SHA256
12fcc3e6fe516a9f66d28003ca2074e6862eb4feaebcbdd88bacd6cf2f618cec

SHA512
cbf3005cc4c78f89a549ee41f7b15bba9288e44a822dc00298bfef545270aee48e7f41e8a747e939791cbfcb5a07a41d4f9b78534351dc55ca475f5585b28d79

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
76243d72eaa372f9574dfa2de7a4a167

SHA1
f7f0de686a6f31eec6671f5004a288298e59cf77

SHA256
4afae50a08402c09d6f5fa69fae1d52fb269f61850b28b8e38d64e397923ee89

SHA512
bf37628a4ef96cb4b37f89159a0e39d3bf3226f98633abe2167852b237b6fb597530ed18f0cb873a155159cc0145ada52a77c0cf52d49259a3efee9c1973cb30

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
5ec9fe8bb58e6651d28b28705ecb10f4

SHA1
d0162a6c08b740ea6700deaded715f2815d0da1d

SHA256
e3c3f31f13113351e6114cc22112d2771566be450aeae76621c7eaa5bca6a192

SHA512
59c9519717a67a6d49cc6cfb4ca4379fe22b7200e21432e7586a6e19e84944471872d56da73ec48ae1d732590b7c1b6f20c0a67b2e1bbf47942d6302ffa107c9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
08cc187a5acde7a6fe6629092ad77670

SHA1
841af1391eb2ab65263d73c18e705325606ef90b

SHA256
d2f28ca620b893d4b5ab116f601811b9c4613827b3cf4ef8354677133821c867

SHA512
b9527a6b1b7cd551121c5c25ff74c0453819167bb76a457ca5c3a892c28286d15ce4254ea712c11d4fd139339d016238228eae539c03644204ca0db55148e887

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
94dfa6dbc4903449541c6436fb9cca3d

SHA1
0937df5ce9a72e8eebd0c23383ebda81492ad522

SHA256
93e428f2b9b040ca37aed93c34232d15dbd7ca53fe6516d0ecd5689344f238fe

SHA512
9b9e444476bdaa393829037ae4a23d70f0a57819708bef49bec02af1f173f7a1788f4e2e850a6f08e84e5d19a5279a82fc759747aa63473876e86177e2136446

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
c24a54097d213ba4c57e74c64d5df02f

SHA1
f0f74b94e4cd3ee95854acb0528acb37e6a71418

SHA256
b5b62c9f7be1527e27ed32cd089c8cdd998b8cd6b2bf5e18a7c156d87333631a

SHA512
97a89737469eb29235f52a727f5d11465da4e94064c11b5218cdb8fe04349764aa4e1646b52cc731f6e55e665b44c8f7946c7c1852ee23b2b82d94a26170c549

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
e7922f79c690b542b750fbd52495d627

SHA1
fcca3564533dad700fc8ad266b5a40c01acf2f01

SHA256
51c9f66eee9cdd2babe922ee9d83125447283ee3df94d5d5753d776230dc2279

SHA512
68f4493aceecfc587303f4a980882652dfe0d7669eaa02f389867a2c0d5d355a214c165b751469e85e7a1c969301650438eecc25333ec992135c37b6863cc18b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
5165278a1a6054bcf59f7d6048955283

SHA1
5660762c8453ec555413552215a349d94fbefee5

SHA256
7fb95988f455f5d97944c13b799b3ada75e336e1a11fdbdb682e9e019ff2c980

SHA512
73b29599cf37375b5699b3bef29b5eef0e1423b9961b2a09a00613470eb4c0ae1af63e3fb684126d4dccc300b923a03b5a38428f00f21bc89f9f1ddea2158981

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
696ef31438ccd42b2a9bf7f2b0a4b15c

SHA1
a089b0b316f5830bf512774cc0ab8b785bcb947c

SHA256
c85d93ec0d28006237e0d942ee89ef5e1aeb41c80536f62c565f48cc272132dc

SHA512
aca3bab1704a205b452f725313021ba70f766355e14b4c5513f38e0d80732dfbe0dd0252478a70e879c729340cc964b8be7988010f2bd095942776d4827e2b60

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
4b60e8cf2dd7f44f6d021c2915a89cd5

SHA1
168e39448866d0db9f1675a5a946346a867fbadd

SHA256
796275d01230071b09d30b16fc3b8fbeb3aefa2ab704d042482d068e73d454d7

SHA512
ffa738f3a33276354c5090ac86916be519ba934e873c4d16f2a932e79b226e7e599d2970786fec3c62bea9b0108f5e820ee531345fdcfc28a70f21bf7e876075

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
b6df3b1da96888217ed3f4690e25384c

SHA1
9c08bb0e9edbeb2a8118a631ee024ef8e5ca3cef

SHA256
7543af39d72c6a51a3da3cc54fcda9f00655622b3ae53aaf4564940f58fba383

SHA512
4602749331dfa1bdadd37c377512f557d67ada9d1fb4c6d57e33e92e9753da038665b3bb9bb4786ff5e5961e4ecfdcaa16eee7cf8272390d000c55f26f9a58e7

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
9eceb65483e0871ed0617ef043e8d2c0

SHA1
9bdaa47a0e9f651096c66ba2fb464e999ef9d46b

SHA256
fdbc442ff9f0e844d2805b58828f56c3f58d3d54e75fdde324e7db77f5b81436

SHA512
7921ac482232a31f9632aebfd1f68cf415aa9fbc7bacd3085672f2c96b75ad8bf6f3f4df7a2dede76f68b36d5c4580b23954c7674165c3a8932c575d9463ab08

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
a34c9ad0087300fb5cd9d7dcff493781

SHA1
d078c7d0f694173de3932a2e4142fba037dde4e3

SHA256
22078d092a24edd56d95ea2c6541ef68dd080dc0f99363925592f61d4bdaa260

SHA512
c118d6df2b398f6e19f50720243a3919f6b8a448ecb2fa25fbbdaad1b00156c37a3ccb2127a92da87f8986c43a8ffddeb967c7da2a27bf92edb7e48386e044a9

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
b01636ffc5d392dccce214cfb06ec537

SHA1
7d5c441df95ac2af262e080a0f8dea4b5bd5d50f

SHA256
03ccdb457f72e6e521105a94a7b3372db1b76c847864624638f1294042ae3736

SHA512
46333347e21430ba7648969c2f37147b6dec9d7b9a3d13b98559049c8a4aec3a16d020fe0fd94303315f9012abe34fb7ea12689e52391691499890c23cc755b0

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
62d1c803150661f010650eabdb095ff2

SHA1
548ba6d7e23857f39ae8ebe14d6a1bbec74ed741

SHA256
c4fe95369cd42dd578cb0e5863a52f7e83fefad66104988126cd21d0a0c2cda5

SHA512
a560c4835183c86ca549277e5e6032e9603eb76074f07ef4c96a56aa480681026eb8c7b064950460d4485322311b7edeecc1ce53b94a2def2c6fd4b3a8102146

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
4daa3cccb9692cebcdbd71cdc5120bbe

SHA1
441c46957351888bf74576f338334dbe8e6bc152

SHA256
2a54805a3911175a88cd34ee494a6082c4e2a53c930a22adcb4638610db75dcc

SHA512
b9c2d8cf8b1e0686673d78cadb969c5d53a4f46e6d57c88b06d1767df978bb85b71c7c0cd4d503fbd1c728da40fbc62bd843825db00c677b2343d9f3ae52ece5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
a1b0126d9a12f3b0a8984e3c3e30c743

SHA1
f1e2b37eaed1bafc90dd2e5ee6e0df1f47e3d047

SHA256
7ff73af6c8a25bf0787e23a0272e82ed98e92d8f891c42c86c60c6d622f2539a

SHA512
b4db44e9eb5f9679ba46ed4c71470512520d91a319bb9ca1dfcb72c7fca425e1087c2c3a8fb1300c0f237cf509cbe5d75e1155a73d8e745cf98f4b19548ae4d3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
3eb34d3a25acdcf7c6f534db38b03060

SHA1
b6832c2c7a8470d2c49ddf768bfb235124d75bb6

SHA256
4dcd2d2b28b4257684248e78cb26bf3f6731322811fb79b4dff5c50c6d2e1c9b

SHA512
96aa1b92cda10f34895b7060fad606a8326534eaecb051302a73886bf9b6a7d49fc62c3117ee2b9387c26c668cf5a007b3fdc67e3e2fb9dd4f09b6f1cd75d055

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
a87b7bbf98d5a8c1fe66ed0942c7f3e8

SHA1
d1d027ebbf7d3d0d9c8965fa9d02444f9e491c16

SHA256
b5451a7b9e2ec77db8db704b80af757678faa8b2b506193ec1a0ff6fc3e8c94d

SHA512
1e6ddf31cd78a520437835429aa22c7d135782dada25c6876b07db2248c5ff342e8d5d7302d8818ff20e458e946cb977afb77728eb954515c48f1fd6da6c61cc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
a9f0c635db736fc248f908d6fc31e721

SHA1
b88b5ebfa76f09bba768d2aa7508a7f6bf3ea73b

SHA256
f58d9ba1ff3c5e7576aae9f07d130a350e3a427b685b30dec234cc653f2ad98e

SHA512
4d927bcc084415b40f5763066a6ec60592ce47c31a10b5939740439a098969c69ff8b56ce25e07312d03da8df6a734ab0a7ba5bddbe588903af07fc48b281a22

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
9f1ded1c62c63aaa807f37b96bee30ab

SHA1
99648281050b3fbf14f5535a687487798d872081

SHA256
a827ee7bc5b06a559c5501e1d8577700fee6990a3724a3ac2752780b4c9fdcac

SHA512
c4a0b21824f3c4a8a69a33c934adcc9bbe315ed59ab23988fe8221f866037c8a14762dd20d694824c39b5708644439037dd351d27a8324522ca76b75712d8662

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
5a9a0a21bc8c4eb99000971ab1156720

SHA1
bc96e776cf1574f069652344a14fbfe37c5702fc

SHA256
b5c229ce098a7be4596fcd0872dd2cd5c365f36da89dffd65f40020db21a75d1

SHA512
ee9cb5f10f713e719d741e9303317ea63f184e11dd6d6afdd13109baf6c375e2255c7fcd8c7a27485de0d2d65b7ae6f0dc4be9ce044fba95cf8ecca8088e7135

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
8beaf3e476b815427f1e9e74b832a5cc

SHA1
2fe362683847dbc7ab44b89d1748f91741ea5fae

SHA256
06d421e3d5733d3d3a0d7a94aa96ab4c8106f19f26b58b55aac27d6ba0ac8ff8

SHA512
76781eac93b4ae22a04585c3f82bba0276b40c351821d6eea6b042c00137cf6d67116fb91d5a6deb885c6c9fb867fa334ef01fbfb8b6a33c28235289b6dde0ac

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
0a2e24e93635b867aa51886a3895139e

SHA1
5b88f4fb9a1c4e96684f54e52b190749ff38aca0

SHA256
fdaa4ecf243f7472205b2c629a07527b81c604009ade298c252d3d39a78ad8cb

SHA512
308297db36e337f9734e945fabe283ca41c6d0053745989d1f3065c8dca01914531c3c8812c013f17a837489bbbca2aa6b3fd8c7f77a6e9241bde974fe1255d4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
1efaef84b3e42d09047d56b316e7fe92

SHA1
fd2dc03b3d85a825402aa9e5eaebd4072253f0a1

SHA256
cc5664bbe5abe043f53b3406c3007874ad38cb516cd1665059a481c1ba3660a2

SHA512
31a7505c6a9fbb3e5bb2804be5f4204323218f058fa8ecafae9ad8b52c34b6c69a0a09b80333908741dd170fc481a26dc9affb97f66d1f443d60bed9c35666e1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
40c09a67b6dce8bb51a0cf425944a35b

SHA1
08771fa66f51cb873eb98af7e16443cf1d8205f3

SHA256
93ccbbc5e3c94181349cf8d27bd029ec2bb5349a21d609f111abb8ec93cb7e7f

SHA512
9141ac091491cde1bb17042df70cb65293699407f350e2e606a4e62fa5b134e1a474454b4e9c0acc524df8d48e288444ed66ec3d5e00db32e6fefec481ea6e71

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
242d080458a50ed8693bbbb28570eef9

SHA1
f660fe7cd8b34725b3f6d27a7aabb0bffdf97399

SHA256
90c8f0b1001777500860f9d116a68b1c7f7380e1e65ebe0a89ec2cfe0464c44c

SHA512
34140c392ba8c2c93f750678ec001687995f0b70267dda5ba75e99b56148fb9144418631846249b91f533638444f8cc738a2d1fa8e0a7febe862ce2a08c5cd29

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
958f67b53dda20abfef1a1040ca472e2

SHA1
b4adff05b07ee5595a6374641e4438d524f56bb8

SHA256
2832b71b78b5e1efb99d7ffe2669d1b5ad68866464b3467847c13b103b8eb408

SHA512
0fddd03afb51197930a841b3f74c476bb9ac3efb33507850ec526c03f9aea55a4e7529ad3b80c9e36483912e916887c461a8e87a801d7453a0241077e55d272a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
025ca584b2a7d41d2c4a81f9d1bd45d7

SHA1
5aa0df95effefb618e2534b26ebb117c3d56bcf9

SHA256
8361286cee9486321a28e9c9a0248f915c4f07540edb7ed374d9f098376bc556

SHA512
5b42944b9ca42452479efbf4ac9f5ff3abbf3b7448a1184e7f5637e40880867cafd235a4da33274243d4291a764400ed3d2dd4c5395b5773cac21d581a4d8cfb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
0a37f1e89840e7909f42451cd84219f9

SHA1
cce144e5b66fa07bc5d4d9d0055cdf453af48591

SHA256
5ec228f7e333777c7db15baf1c96e3c32950305d08d5fef8a1aee91682c53449

SHA512
87abf1ce356ad6e29716eac9104589f7404f9c1d3e40969438be14ecca9b0dbe4cdfe43d12c0853e8cefed53d6dd0d50a0e0db9126c4387b37c3dd9ce0142669

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
f84dc35d23103f200b7a329b5bc3d48e

SHA1
db5725c94742c6060d17b253aa04bee83c90d1e7

SHA256
8a585507d19b4338f2b7adca3cb665f1e00a899c27e5b1e1ddb1b6d4b1e1536e

SHA512
a7aa21060d5758b3f0e3430a0084d512568ed207128ffd2cfa25d224f6b8b548e16d8796e1e611876dbd0963171994460204a32b1cc7a09607f88bb16c6c9cfa

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
d908b26931c2de5aa527638aaf859e4c

SHA1
1f0b523c5f721c8bf23c731764694839b5bd1f83

SHA256
f1410a948ac984335f4e693d37b6411a958fa182abf73eb262cfbbef5e7f7555

SHA512
400d6d05993174cfcceaf4efdb1c0f2f2040cd11ba54bcf05e3358d6147f1c1698e98d51a9641e9877fd3e41d76c9bad5eb10ac1ab6eaee82a73d37129a93ed9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
b954ec81ca0cb0b7496a779381bc5dea

SHA1
0aaa4512716dfdeb903b97d99f8f813737e7f581

SHA256
68c2a79c333352432133b96a41d036427639f5cd7895ce52661268945ba03045

SHA512
6687a4d68c757c86be4fe0b4bfd3774061a3dbb065022024c6377c6aa3bd4791de7b7a544a8f6025b76c5dfd529e9bc7ddac428343faf22f245904b1454e1e74

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
2ab075be554c0d2fe1d2d761ff6ca894

SHA1
e171728d7dde750356b51970d074f57bdf25a2a7

SHA256
52ffad81b552847a001712a180500d0fa0c705761619784273b13e227c15a6e6

SHA512
4ca12936de35b2cf0cc2b9444a08174d5da04f19385677eea35031173a60527ca01e913d3d3d3f08f0cb94278d846cd5924a6744131f0f6a256d509d33b4037e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
76b5a6a8ad1fde890f38fb18723e1360

SHA1
14f01d369d7e12da200eb17f9393d50a37610bc7

SHA256
a967f62034b69e234cf2a2f3653ea7c2aa1fe1172e66b00fef279e5195dc4997

SHA512
14e5ae87289b12bc6c655b44b7b452221b0e7f280da1f0d5a397b5e328ad8da8d5e703f4785dc2b3c27f9e872a02c31539bf9c390a9db9026baead3ef3119a90

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
275c7fbbcf8a1c3bc38c1cb9587aca7f

SHA1
f591970bb70b2b94d29e30ad613986a977b09907

SHA256
5b4cab00eb49b5b5643c9c9e7c38261aa08d232aae8c7fb6d9ce09aefdceefb5

SHA512
6e8436e7a714f8a34da82ab62168408daf8fdf61e66f7be2fb33faed07463793ab7baab9e37ac0af685d24a0c4be069fb463b37b12975107898e3e34ff637c56

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
1c48ada56bb0b949a64e85f12d587ab1

SHA1
0419263ff835058632cd39cc48e2469b96a91833

SHA256
96d99bd31e6c4c26ccfe71db7c76503418ba0ee47d595b63b74131691057007e

SHA512
ad2019ddabad397ef8a994ea1ea1fb76b39cfaf0f8a4944cd581071a7871ac7890348044f33a88fa64f62cafaebb30895c3f865575e4bae301191e41b4c19751

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads