7d9579d6ab72ea2aa749784b254eb43282ebe3ec6229fc01de368a8fd4df5348

Analysis

max time kernel
44s
max time network
20s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23/10/2024, 05:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
Size

12KB
MD5

6d43a6467c6b24fb293dddeec316a300
SHA1

3d6ffd99cd07d062ef006501ad2635da3c0fd5f1
SHA256

7d9579d6ab72ea2aa749784b254eb43282ebe3ec6229fc01de368a8fd4df5348
SHA512

93415c15070e83e1b654d0580d45c43b6568b726b8e90c48b488e9b4239a6ac55029827027508522a7985f5db5f92466835b6c488e9db3935de4e24fda0c5290
SSDEEP

192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMNY:eebFNw4Pk1itKkpAjjI2YpdmNY

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2199) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\79l4PX6H5ZTE8RE.exe"	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr00a.inf_amd64_neutral_aa4f0850ff03674e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prngt004.inf_amd64_neutral_f5bf8a7ba9dfff55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_split.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_join.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_hash_tables.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Signing.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_FAQ.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx006.inf_amd64_neutral_cc725426972d1293\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Assignment_Operators.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttd6.inf_amd64_neutral_ce587aa61510da51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiabr009.inf_amd64_neutral_2d7b3edfda95df40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpin.inf_amd64_neutral_2415474b9db0a888\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00b.inf_amd64_neutral_4412894f52d39895\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\002d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\dot4.inf_amd64_neutral_b89cfac15ccb2fba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prngt003.inf_amd64_neutral_8c9aae54a5673a35\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-OfflineFiles-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Path_Syntax.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Redirection.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Foreach.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_neutral_9b64397618841a19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_neutral_cfffa4143b3c4592\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0010\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_CommonParameters.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions_cmdletbindingattribute.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Return.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_WS-Management_Cmdlets.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmhaeu.inf_amd64_neutral_6611a858035bf482\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\pl-PL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_scopes.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_execution_policies.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Path_Syntax.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnin002.inf_amd64_neutral_977d40799168c216\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_amd64_neutral_9fe8503f82ce60fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions_advanced.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_parameters.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\hr-HR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_wildcards.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_eventlogs.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_properties.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_troubleshooting.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced_parameters.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_logical_operators.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnin002.inf_amd64_neutral_977d40799168c216\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-AppServer-Licensing\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\fr-FR\about_BITS_Cmdlets.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\lv-LV\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00673L.GIF	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR5F.GIF	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\TAB_OFF.GIF	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPreviewTemplate.html	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00703L.GIF	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\InformationIconMask.bmp	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_left_disable.gif	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\System\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101866.BMP	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0400004.PNG	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_right.gif	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\cpu.html	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01330_.GIF	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14692_.GIF	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\CASHREG.WAV	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfo.zip	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_thunderstorm.png	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\THMBNAIL.PNG	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099165.JPG	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_top.png	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tr.gif	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0287645.JPG	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309585.JPG	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02028K.JPG	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR28F.GIF	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\TAB_OFF.GIF	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099198.GIF	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EURO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR4B.GIF	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\RSSFeeds.html	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\System\ado\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\SAVE.GIF	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_scripts.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_48ab2da59753f08b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-msmq.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bd8ce9d791941641\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_divider_right.png	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.transactions.bridge.resources_b03f5f7f11d50a3a_6.1.7601.17514_it-it_ecc242da97c292aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_tpm.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8bc8ec87503a38ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-verifier_31bf3856ad364e35_6.1.7600.16385_none_c9db8b862a010029\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_server-help-chm.nap.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b7b934071b8ce21b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_networking-mpssvc-svc.resources_31bf3856ad364e35_6.1.7601.17514_it-it_161ae747b6e53230\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..omplus-ui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f47b88b070899321\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..reensaver.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f976ce14b4222f68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..t-starter.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_54b8783c97704202\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..ccore-api.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a33b12d762363917\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web.resources\3.5.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..homegroup.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_82c1d681ff5e2d6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-powershell_31bf3856ad364e35_6.1.7601.17514_none_5b56b853bd5adf50\Windows PowerShell (x86).lnk	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..ls-nltest.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9ce195cbf4f4d997\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..tservices.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c4660e6b73100f55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.xml.resources_b77a5c561934e089_6.1.7600.16385_ja-jp_2ef78183720505ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..tx-xinput.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a4a6571ad2418db7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_it-it_da156c29d2de7a95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..tallation.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2af34a82f9bb2cb5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_format.ps1xml.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_fundisc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_dcaf3820c9632c68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-shlwapi.resources_31bf3856ad364e35_6.1.7600.16385_de-de_06d3944f4edc080f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..registrar.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a8f8db81d52af370\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.RuntimeUi.Intl\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.ThreadPool\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b\usertile38.bmp	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-fontext.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e809374e7a95f832\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wiaca00c.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2a6c49c557aaa43a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_es-es_a29d24bc97e24069\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-sbscmp10_dll_31bf3856ad364e35_6.1.7600.16385_none_74dc56c5664f82a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..-startere.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0949e9d37370d0a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..ponent-sku-ultimate_31bf3856ad364e35_6.1.7601.17514_none_f7e6a2aa970662b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-quirky_31bf3856ad364e35_6.1.7600.16385_none_e55404efe49bb9cb\Windows Notify.wav	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-whhelper.resources_31bf3856ad364e35_6.1.7600.16385_de-de_992787fdf80a08dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\403-6.htm	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ef7ec24b37a4d290\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_6.1.7601.17514_none_4afdc98b09e3cfe8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-smi-engine.resources_31bf3856ad364e35_6.1.7600.16385_de-de_34bdf35781933007\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..ender-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e0f4d6e03e160be8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmi-jobobject-provider_31bf3856ad364e35_6.1.7600.16385_none_c0e48a4441b3f2e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\5d81c3e6fa9f3f78cd8d06d8cf2caff0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\Boot\PCAT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-a..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3c08c58c1a7a6fa5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_presentationframework.classic_31bf3856ad364e35_6.1.7600.16385_none_b02fac0c45e541f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..trics-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_dc160164dcd1eef5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msdt-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f68a223479bb0190\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_server-help-chm.certmgr.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bb4623ec2a94a978\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_server-help-chm.certmgr.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f0e1c30ee39da2c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-m..ification.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9162d781042f78ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\1025\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_box_divider_right.png	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_If.help.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-directx-d3dcompiler_31bf3856ad364e35_6.1.7601.23796_none_eb8e769493af6438\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked_black_moon-last-quarter.png	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..ntrol-rll.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2e6e1fd85163c539\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_mscorlib.resources_b77a5c561934e089_6.1.7600.16385_es-es_66b4f1d2756f92ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.directoryservices.resources_b03f5f7f11d50a3a_6.1.7600.16385_de-de_e104aeaa7189d0d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs.resources_31bf3856ad364e35_8.0.7600.16385_fr-fr_058d5ed9a384f2cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_networking-mpssvc-svc.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_2bf2f100dfb34cb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..admincore.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c780a86542568eba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GCXSXEQLNPFNCOO\ = "CRYPTED!"	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GCXSXEQLNPFNCOO\DefaultIcon	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GCXSXEQLNPFNCOO\shell\open\command	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GCXSXEQLNPFNCOO\shell	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GCXSXEQLNPFNCOO\shell\open	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.LOCKED	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.LOCKED\ = "GCXSXEQLNPFNCOO"	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GCXSXEQLNPFNCOO	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GCXSXEQLNPFNCOO\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\79l4PX6H5ZTE8RE.exe"	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GCXSXEQLNPFNCOO\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\79l4PX6H5ZTE8RE.exe,0"	6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6d43a6467c6b24fb293dddeec316a300_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
183B

MD5
8c3be944a21e70bd7cb910b11728be94

SHA1
a3d2fca2d8f79a59a5f9e63668d42c4311a14849

SHA256
6522034d3e68f40daa2869b1be177e0a02fbb6d047db5aff0648b6dff5cde104

SHA512
714246479ebb08cefb5ca7c45f7b3f29042540ebdd3d3d2afede2f2e194ed6901c3cfe0899b4101267237496e16e124dd6fecbf245961bc2044ab76f8de249e3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
e195bb7a9ecfab310cf7d652eaae5eb6

SHA1
fa086ec644f7fbaf53a488e1e55f606c89bc7c16

SHA256
887cb7514846b3f884f9158bd0493944c6b88168841859a6f5b36c29998c1be2

SHA512
5538cd166590d2991470c67118a8494349f3a72725ca9fe349d919b0df8a0ceb46ea0f10cc2982245d714d645e6b20ff21387933785b1aaa7c3845e8818dab70

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
d9ac9ed63d5d002bfb24f68a1b6e921d

SHA1
1bc19ed87a589a968b6f4a51fbc621ad0632cd47

SHA256
4541dc5f965b06cdcdfe5e2dd674d02ce84f36f17c8df02859ad892f7b72bed1

SHA512
5b5daa35ad426f5f229be0849eab25d122cb187bb1c7b4f2d55b9ce634401bf3f77435b93d6de08464b6068edb5621869ab4f3d6a539d89a183e530fcedff063

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
ee8722cc86104344f319197f7c879637

SHA1
1304fabcb376faacf964e23a7fd33cffdd1ba238

SHA256
8b43f72ad11e6ea7732d646a0dad61bcf2a5dfe4e2039e2088956b462c081801

SHA512
bcff65b0630022d067ff6cf723543764f8867e99a6d04a7f851a95b7be865c8209120ae64fdbbf6631205847a1cdacd6cbdcbdf128a13f7027398c1ee1d585cd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
712a6bad4b5c05d14008aa3d273457d9

SHA1
17556e3c44eccacbf9b827677e8fd606bc3cca0f

SHA256
e2c62d70a0b39c880b372b1055663936e5fe3c8f9f7a969c6712a1cfea3f03ee

SHA512
1c7f44b6411403e70a42f5e4562d3e1fb0f3308aab9d2af7365cdbcfbfc110e19f57bb33fe4d803d32c1d2860349517b31180787debba00cb5c75322ac64b992

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
22756c1bc4ec0365311e55131025d51a

SHA1
bbf210ac1f684866af985d54a9abe0b0bb93b103

SHA256
a25cf5cef0a6c7de6101fa224bee2ff49af1d063fa95f5386e41fadb67e5b03e

SHA512
564d7aff7a3a52709528ff32c2706f60208c6f6eabb44d8fbd9bec7c35827586745f068dc675d1836149dc349ef19bc417bfd67347c1287b425d2036e38709e6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
7702e902ac35c37889b4000d7cb21862

SHA1
53d31122e5f85ae90d69532a872b3af1d5e5f568

SHA256
9b34f3a589c37f4c45193d389db7585457aef7b143c62bea43991ab2831e2f96

SHA512
c87d7c842df952f25b207eddc8b95c873654077ba83a479ca7912ccbed2dde50f93adaeb53459f03119a4eb7bdf6019edab126ba960e59d9fcb9cc4c3d59d433

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
cc9ad1edfd292f631001ff287eb145a4

SHA1
2489792f33750417d5c3bb718e6745daef9c60db

SHA256
8fd9e9ea363505ed4e478fc6d0c384f691b9f5897c54cc2e9e72d6656b94d5c1

SHA512
d2c8c0de4030436448210f24f9afdad4bcaf14174971f108eed5d878582b8f2fcd8dd2cf09899b9abcbf9a8406635668e7ba8a5598b6d589cdeee7bc75b01880

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
dbae88e8f5d2134a82739223a209e4da

SHA1
07c0b93178dce7b67d3f160a92e7922ba8392508

SHA256
72f536e66cc2122f5cf1d28475feb7ee84894d4be7398b62acccbe7717d36147

SHA512
717cc0b31eb5c149c6aef94f06ce25fa728b6b3c97aa02930506979f372f53da079bf06c650c185b270197ae2398b25532a30c6719db868c5fa5e1e330d5ebb7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
34f24af246a626a803e1a44db89f17bb

SHA1
3cb7ae8b1a9374a1c41dd81905e59fe633233c5e

SHA256
fe4eea492fca8d21023254c0a180be7cbc1f6910ce4c330abbb91921bd598dad

SHA512
507fafb2583565f71b0296a57075a35a79e621ee71583ba35c86f5f77138590ab297a88eeaff721ea4e93fb78e8f3ba1080c2f49791ad35c7e36f8051370f5c5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
c9266517724bc643f46a5719c4c2c3d1

SHA1
f7aeb0c43020358a9aa163e7800325155f72cfe6

SHA256
058b13243b7d77d53f29597d772860b179d81b8192b8e7110de2a38a51690942

SHA512
14e44e93fc9751c963f6b47a1edd6c72f69c27029069232461ea3e7669a6f5ab9ff8883f8432bd1251dacf68fb0b5ff5bbd44b2a5b219557ed3aeb768f274c46

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
55f483c644da4982316f45f04ed9b2f6

SHA1
b639e3a19432210850b8546fd400f165bfdb7fa2

SHA256
418b447e35a79ab49a2f29329b301c5e0c56fee0e314347e727b6432baa924d7

SHA512
0d35663bed657941c91ca1c705b235301ecbc4d9987ed995b43e7aed3d44ad96b44a904356608cf7a6f0a5f61710e1933df4fc00d7db246a21125228294a8fb3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
ef4deb1286ba8679672ef067da149fb1

SHA1
c3378ade6868ad7e08c1be39b7cb12c0c29875c5

SHA256
e3db19cc2a3b63e05d31d5d170ff38b5970d71f4adefe3a750ee1749e1eb779a

SHA512
28a3b35e7adc8815832637579e5b7edc7e37c6a328c0f24a17052cd3d67dfbe712c6c2438944ea79ff81b95adafa85b64f0f09c8e30e80354dcd33d115ae9d60

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
0fd331548283e3855e90b5c7b2135521

SHA1
b51c709870c2b2e444b780c10717acd4476753fb

SHA256
b2db839afb338b6b0d96322642a67ce23cabaec4fda0b2de1ac6ebfe2c2f4751

SHA512
23ac32fffe9fd0223549b21b77bd7f17fcc45fe81adb1921c05a5b63cc62994c4d4d329722e0e96a49575823f8d160842e5d05b984eeb32487189079cfbb130c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
8019a66f61fdd884002c4a09670b1f48

SHA1
0683c0a0a728f1de90c299b1eec378e33de6867b

SHA256
83ad3d8825c3ad352a13b9882b3638cab7d328ad26e0faa3be3daafa8c71bd06

SHA512
46fe2d3b60b286bf19912fe6b6336905b5c2daa22675799821d9c29bee7bade65925d18ae77a8640e9e3c6b8331b068d214a55f4ee08d7c9575eba1c6c2e58ed

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
3e79fa8c9af41bffdbb161ec74e89f49

SHA1
86e6a92fa2b0f263a23ff95e0026fe3bdf437c35

SHA256
f9ed618ccb423925363f1ae92aa263f6be313201dc6e13ba58d6d099572245d4

SHA512
8c351973113dbebb744cbf72240bfcdece4bd53e236d7cbaaf2a638ae08702d1dfd850ce617755deb337c3bec11b5127e403be0a8abb110594ce0ac70a28b349

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
0ca2337048b5d9f12be766a2e0eebfac

SHA1
e6b8eea60adc69bbfcdd43b0188d44d58880ae77

SHA256
085c8beccc276c7d8511e5b4e934df8a86682446033ea70c3d54eb7f599e06f3

SHA512
4b2ab3b1e4ed58414ea2a6f16d012286d58b2c2535831b41558d89b013a2dec21aed840f6acf30d2525e1047c85d4bb8e21015fea0237f710bb6dd9003e194ec

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
3e710be5dc984fda912386b221e0f304

SHA1
6e1e8d09ba4337306f7b477ed475c8e22eeb9d73

SHA256
332a6e30eef04784ea7ed068bf6eed2f228c3ec9e7c56d1d2bf5c8a4a1fb3f53

SHA512
5e4738dc68b47c110114f9c1e95dfd13f537af152ba0d362ef263b22281790608602d96936c0ff1a6dba5269112ebfef809e9c14e6a5e14554e42d60843eabae

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
398ec0eb7af84c218a0a2fbc349c0955

SHA1
9f031b7071c3f715b68937f686e9aa86cde71d07

SHA256
ce93b95fe5ee3d142b87463cb13f5e5d4929b601fc3726a8c7a391fa59e7eb68

SHA512
57c5c44cb3f44667e4eb8443b96b6caf38b384d24739d9fc16237a1c58d8bf273e4cdaa0b6827e6d96b9e50e172c6b7540b72f703d0c5f000783bf8f879ea9a2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
135a90b6e44af4a11fa2846d7592719a

SHA1
8f376346a1e9bf1a697c6573a3f84e5447f9d332

SHA256
25891833105de0df143d7731bcf3ad986ab7fa3eb93d9c02687d2025f20b976e

SHA512
451c9f1b23e234960fe5141fdc577dee733e430275278dc995819db58fee1b55dcf0d593984830f39b8591fdcd830871e20048d6d108315b661d2b355f7f7f27

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
6f60ad1b5c1ae6e790908d3bbfb1be91

SHA1
297a333fe5a1232554b660cbeaa18ee80bbf2a69

SHA256
e0ee1795a6f8adbbd0a0393f82ccb5f084ec98d75e8039f6b1f8070f376be232

SHA512
1cf36adcdbdd8acef67c2f877b1b9348a34f55429fdabfdb9f8d4aaba952e9958d2fc74f8f82c1a081f1d1be0657a03b4d90d834196f2c301c916eba5043b1a5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
e2e30eaf6e56635b3fbbb1c51b7e1372

SHA1
a55974439bfd656901d1f63624515ac72cae0e1b

SHA256
8edd7c37034cc3c1f6680cf5a53723904fe35d72dbdb92fe0316e6262dd290bb

SHA512
2af1bc94ea7b935fd733a25323ae2630545c7888f095a97fa925966465be9c4590ea41ff8c449fbc43aa02f212709477bebd102a24cd365c20959dbf73440395

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
f2a16f8db0cba3712d88a2f5aa742761

SHA1
85e2e1f32e505d1b425e77124c004bec38ef91e3

SHA256
f5225f82d656043e3d89b319ae1291e449dec860c12d72111e17e6327621c9b4

SHA512
d4e363a6024aa87a709ed6ae08db1e0cc997a3b90c7e3a698f3309cba72c10ffa96ed60c766255fdad066809408600dbee7cef262d29b497ddfd92a4559a734b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
8afcd925257be7795b0b0ef4682e337a

SHA1
d5278c4bf880e77174c7d2a574729e79bf2b0522

SHA256
c4489f8d43fce7a1b7ba9ce5f7185a1146f3458bfe5c89d9e008ba56bd994e12

SHA512
9bfcdc25a486c84dc19e2fcd8c45c0d2122826fb22d8e9be0b32240223a082d39d0ce624b492a19a7ee0221e29cac13801f03262886ac221b79472f11f3a9820

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
5a9b32ae0b44e56c7361f3e4b6c9c5c1

SHA1
4920bdc9fcbe0292c1f5c603b61740f6a7dfd749

SHA256
0195192e5cc9e3bb6fd775f61b50641109649091e79ae295f736c483279f57a4

SHA512
a77e041a0c2e2a735a56d4639a88771736005f7ef70af28631d14bfd72bbd9a80f216edf59b59feb79cb408c333eb6df0dc9e69cc0ed026c07ecd4faa9b484b5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
feb9441c0faa4b07596bcf1c83cc85fb

SHA1
fd4cf98ab86de72399d856563cb808d788a3387b

SHA256
4a7f7541510b6fcd285d3a3c77b35e62ac41477bd37a3e467afaf3c8cdb116eb

SHA512
c0d232bc5099e793e350d15ca0e2bbc2d4ae56ce3e44019d2999589a1d213002bb8f6ef219b6abddb293e3147ac4487b7f5cbbce2770caeb842b0f098fbe8d0b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
66ad8b480776736b666c28c18dda6cdc

SHA1
cd8ca1ca6d55f89dc4b039d0dd80413a20880305

SHA256
57bcd8813061f8c9c7d681e664e5cae52be92e67506bf3d7837d7d1217cf71da

SHA512
3011e16800647c80be5556643c0c8a73fa4360fe02a67d26064d84e553614eb141b233b417b9be2f5a0bb1fceff25a1e9fa24f773cf4eda2b24f7cad6d9d3331

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
b86ff2bb7b7c082c95c2db0e4946ddbe

SHA1
de158d2cbfe1db98df00a31412f484553947207a

SHA256
410565f443dba09562107d940e32b499a4d5a555ae13eb43a1cdd2d3d008184e

SHA512
fb2edebff80970f05dc127fb4b5a611bd7c518606605ee09df7bc2edc44b07849210602a3e544890cbf6b6a00c2ff1c86829c91d792bd3f409f47e1a7456b816

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
baa2ea2c00f106797eadde134d5b226e

SHA1
eef820f604dd2123a939729d5a0492e36a9807f3

SHA256
22b0817ec4be0c318907d7d7c781939c66d38b7187ba3dfa9857ff4ff470d6df

SHA512
c5c7f7d66d70421c998e1a24f4e1589f0a7ef5529993a56e95fa265ef8bab31c79a8ada616daff7d0b8d874ddefd31a3168c766302a20376713b54e1cec8320d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
855aee7fdf2fd1e53912e52b408f8887

SHA1
57c96363c3ea5d847805f84c70a8deda40998c14

SHA256
31699cf58a4a565354e88498f3fa8479fa918abc720e886007a41948af56a48c

SHA512
3ce3f922d031ca66da1a2694bd944a016592a63a0eebccf53a03c2045f4c850efcd865dc883cd8ef755522da8e9d82eb5485fec2c860ba8da104a858a90c13ad

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
f3a6389e647dca3a1e08086d156daed1

SHA1
350dd87906b8c7480753ec34d8870b44d233738d

SHA256
8b26e8ab4880d5a50c21fd05ad00f9e951b510b50721dc57242f4c980c3dbff1

SHA512
73562b9149a99b135f44896d64e2acc84c19fd9cdaa73c7172029f1b8c52dfd6bad65ec805b60a40dd35bfea88a1ac7e7da59fb4fd7bb379eb771380555132a4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
adefdc9ca1eaebd54fcfc86834ea2913

SHA1
781079a48fda43a0968390fe77d65328bc474263

SHA256
f1093a949907cad41c29f7025a6a76646a957f5428404f7fe4f116a621a3333a

SHA512
6a336a986ca40e379fbc7414c38a1756aad162e681015b58a92ff31742a44e22c6def1274e4b10faf2c807d5e699572b0c28e3ba5ca31b38c69554fa5e6a4d60

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
91849ff4d2c659bbaea6521dcd380fc9

SHA1
3f412ad0c478926cf4f77a4dae1d28813adffa1f

SHA256
506d4811e2b67c3ee27e27e0f06e7e9a48f254f35c0aa7c100d51e7b9b927d62

SHA512
9bca87e9d59796d9b1438c67a0cbb7961b569479705610023541e65622265782d341460dc1c57360f498a0b84057d733f70480c1b8f1cbf033d2ed006a8f9a97

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
5badf6140e54127a23bcb26561fb6bb4

SHA1
e4dbc431b0f67b20da84b885d89054e6e46d0c25

SHA256
ed1a2d6a5c826b662abba2e0d84f7eed7a88a382a8392e9560973fcab2efe83d

SHA512
e6ee2b20158a95ab079135ee8ba5acc15449f31b8454e3a82ba20f59879c604558978a7f44d4c3512f174f183a97239e7633ef1d6cb2497625bb3f6e70c224cd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
672817ff15bfaa9956a987fc8d0dc9d2

SHA1
c1e461faa283acf792533a08a24e1490bc2fdc34

SHA256
2e640be99410f180083d4d87afb75a2eed8a592c825801f269e4d11ea1d70bdf

SHA512
392e39ba2465a3c342bec8a9fd7665883a18a01788844cea371e639b08305fd3ec225fb6170ee00b0ec008ec245137426494ef0d82d5de5705f5d533766d9b37

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
f8d5811e47e4ae45f3a27d1a95120b53

SHA1
50e09e8944e256a171173668c0c5359e08348551

SHA256
ffd83008e73b1bf5e7046ccc987fb8f331ff6a461f1ed4c422b9a9b953191af9

SHA512
5a3741fdf9b5cd606355e349581c4604c25227f7073048b2946003be3bc3d6d6e25dbd854f981b3e7e7f048128c43a7da7adf2a7d113fd4534ab865f48fde5a6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
1c95cff34c23c1aa0b9b60b6eea5f003

SHA1
300070a76b58333d31d39fc2755b27b399240afb

SHA256
19512fd67867b858287ddae8f133cdd2661a0da22f2e33a02c0efb20f3cdbdd1

SHA512
6441c13ff6109487022a5c7ad44462164b2a922be0153cecdd293c53ea3c0b21b103d862a1ef5ff9ec66ed689a62a2ec7d892bc54eb05d9b5282756b99135e11

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
a7a2be9a20e4f33f1e68c28b0b98bc2c

SHA1
3069be877e163b59d1bbac7fa810fee0c54f82eb

SHA256
22127441c7417e92668a7a4e8a68f1373cc7dd63af4e2ef765cc6ade0f878169

SHA512
4cda537dbc2437c6e008ae6d08ced4c91a2d32bfc6c471b482d368d266eb4505da62b6a797d9abba4f14d18e03b777ec6815ae695c5bd1e9fc5d20e2552357ce

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
64f99cd853f7eb7789e6ea0629508589

SHA1
30fa1fc415bcc0457afdc5679ca49253868b6f25

SHA256
d63fcba2ffda8e7f96d3299b7ff9fdf3cc8c8116c9f20266a1985c41eceefbda

SHA512
2d4ec7db8210ee12547409d82514c55c975095a7984ceed05101df9ca71208169680a99b3009e838a24c9ed9e3913b88c97e7b494625a4d154ab65d527024702

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
513cc74fccdcb98cd531b76dc5efdd18

SHA1
1c9b0b5b40b177e8e9dd336ad54c83755709b895

SHA256
a1446610fa5709181d69f24891318c0b0103b39fa65183d31dbb997d1e46cf08

SHA512
f14cd8ff5ecdf2b727f0551d29b75b6d518b659b526b302533b9df3605000ac27f36a12e0b0e407de756e8b06088719606e642d1ec28ee48f028081193bfb757

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
e821b266e73699b63ecc3edc20b56810

SHA1
298ac151d68e0827bffb2c66b5fdb34b9e36afca

SHA256
2e71947d736d4829be83f268e156a525ccad96edd621f4af81ec275dcfd7914b

SHA512
46184bfb65e38789dbaa0f3108701c771b394fd060116d8495892a4a329262422efe25ced99440be0f91375f2b5f7652b789c8d92df759a252351832dad51a1d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
692ec1f5aefdca75d29553ed4f22a2f6

SHA1
476d374ddb6c4b74d7711595c6cca064079f9172

SHA256
32f2fc3ccd0da4b230e5e5539bc7505e51f936b0af06344ab671bec8efed4c33

SHA512
d0e3e31111d2f3a2cfbe6449a1402c9188552ab77bc979317e784c5ca455c1b037f63290bc6ced84a87f8fb40718df1fe05c5f9c1848640d07f1b521d867f01f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
fc0ec435651b0b5f0eef7fae4ca4929d

SHA1
fade89a6672f022625ec00842272190f151c4a48

SHA256
8be2dd3756bbd776ccc95671ed4b5d9b39094209233fc904479707e5f00b20d2

SHA512
45193c5c8b8c1037b96785c05c4a92135cfb6faa615f952bcc974c1911a7e54f2545522018e58bfddb0003fbd04c0bd1e924b05918cf550ac9fbb3ce60ce82f2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
3a805cf31a65ff101858cf5ea852f827

SHA1
67ae2db0e98a271af53b907a978447287f0140a3

SHA256
cebad2bfc37ce48499189f03cafcc0f99a9883398098c417df29623265ba6400

SHA512
90f0969f02c75b8c28d6c9e60e22bb9393c27466e71e46e245285d76ea70a4e0ece7a516eaedd63a049eb0b7104e3c905ba2e4de72ea65451cdbccef771889b5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
14eaeb036f0bdd1249ae61f149f96a12

SHA1
fb92a141f13f724ac3e4f1f3f25e06ea6f14b87e

SHA256
c11cd0683b3a2efa767ea842cfd686d0f2281984553fd8d1f5e1ff10132abe37

SHA512
104a781d673a05bc225d145a274c358acad7386518638f0c37fd635297f503c6fa96fe7a246fa42e8d9035a1b2acf2bf16bd4467bd817a6536ebb9db47b93e82

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
33bd0833f6eb3b7d19a022ce63033df5

SHA1
613330e52eb2a6132b76c6327865c0215df350a0

SHA256
9e2400bc42bf6f0a0598eab54a0f47e7da5feba860c51224913f2a569005e8a1

SHA512
2b878fbee152c7c4e7bb14aeffc69bfd76478c53e933175e738de997ac753ef661c94bd128cf8158886fd4ae98a963e15d916fdc2f6cdbd7d1bd98c21f1d87dd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
f4fff3a4730209da34d750f6a74f83f7

SHA1
6e2226e4a7ce1bda75f403bd227cdb63b632ab19

SHA256
b48dcae047065069641cd5a77cfd5059295f1a21536597a711d9525e1fb4f6f5

SHA512
0427a3c23dc263537add0db40a815b6f13df76335100a609b6862a471796d50ef9ab207921579f3929501cca109a09e7baa2e49a2eb4422e7b4f767e079e1010

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
a64d39d205d98cc925b1b3570032d2cd

SHA1
a7748477820af369f041de0cfc913785d6cbcab8

SHA256
4a35ea5452302c6068a7cd105ba83a3580fd6c35619e542cfbd277cc7b806791

SHA512
68275c8d91d0fe537f05ae99b0a92d542bf233ecbc8aaff883568cd1c954c575c3f84e6ddf8388e9e33c8bdaba31134451d631596188a8f4848dfe4be5c0065c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
ec12bf572ecd841ebb29108c79bced5d

SHA1
615e9b78468a9dd2b082d26058f5bf445ca5a164

SHA256
cfb279eca28e1a5daf5e44e8a1d636780ae1e19f668127c57127298bc1508ed4

SHA512
1c2d2308aeb69df4f003e2863d6afefa66d6810c99752f18529d0ddd48b267cae46f743c5417a7af054b36c04e0945661ef86a64a59325c6817ed1192514fb67

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
4c6577364a4f5e8846cfcee807630073

SHA1
11f720a9bd7b9913dfb125b7ce141254b9ec3a02

SHA256
0b9f3b889933c632fb2a92d663e7bc5af275f466cdb3be9aab62c352752fb5cb

SHA512
f4cf86815e4d85e8b9f889705855346ae48ef18f31ad016714484e54d3088055209c99c64d6f27a27b6b87cee657003a7e31a1ebe046202fbe874335f6f89912

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
b72a92537f1f247ee44d3935de1134ce

SHA1
af17ca823bb3a606ce408fb0619b9aa11dd7448b

SHA256
21e3af07ba8267ed6d7ad74193d404e559b0e5a1d397ab85624e5be2735f4a49

SHA512
0678fb926fa8466c0c79e7a68e82a518cb02ec6203281a8eac2964423925184fc85cd614113eb1b22e1fee16ddf76046ea15971d5063dea6c8135563ff5449e9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
0846adab6f621c7fe0b6bac4d67bc9dd

SHA1
bfe3b0684ffcaaea35ad7dd073b29798b7f17513

SHA256
431e6fd81411c8f265e0c675269b0c624fca624c9a9b416eb717ddf623ee323e

SHA512
067678aa244599ce99c3a8019f60d72e0cce2509b3e8f2e84c6fb304878b3b5b3eae4fd171da1eee903633bb7d35ded2c71ecd088d1f5c1851ab9f1c126855ab

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
084d34d9eacbfd5a52e31d7dc7aa3760

SHA1
7f75f6036a03a8bf33c20e0dcd4d1a25f14aaa7b

SHA256
3edb504bb8920f42095062a2499352d14d9c86ddde317daa4cb086d51253fe46

SHA512
de013f195aef2cb3793cadbf511cf0155fa01a63de57e5e3a1000421c9b8e497806a53d00459e9025710be422d7ce07fb4881f20927a290ea14c9438bdb3d8e1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
a7b107b707b9d221cacd1a77645dbf82

SHA1
2cc1ad90c888eed47316ca18c0acc3a361e8c7b0

SHA256
9083510888bb7fbd7734413a8d64482ff0168f7e2ba21c6cfd87d151bae8d2ad

SHA512
63eff9b27f620c3adfd55aee68dade5d13f5d9108ffea0c2c44f873009d0e8fc186efa5620d845e1a354bbd6699561fcc6f4690ddb1bb8992cdf5d03babbdc4e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
77f3e157655642c7a6ed3d7424e050da

SHA1
afa2a5255eb3ded8f88c7dcceb9557b35fb80ced

SHA256
7dabc7789079096ff427394c1d93fdf67b752af8829784784b8e008bc5aa97ee

SHA512
cfb2c5e9ccdd40101952100f4fe05973196bb38ef5da3463306952a8f8b24785f2692598f09988d6d30477347ac7a8eeb9c6b10817b530d5e4cdc1aca7855fab

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
dae3488233373551ae1a23087ae425af

SHA1
2a8ea2e48916d8865224fe90edc99af362918ea5

SHA256
11f62296efc5d2c202ffac7e3bb09d1ae5d3a9af37ea3cbafd272e961837d951

SHA512
d3b359deee16c229eb317c57842b377df8d92fe7a4ba78baa28b5e7755f3ceffddeb742572de8c17644e01606aa1b06d3228b4f960dc5bcc2375933ee381ea32

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
27e4d4f315ae528ec3e31c733bbc9706

SHA1
574918a3418809702a8e50fa89d4b8aa06c9d641

SHA256
37be22daa0fb1fbec49627f7440c47e59e6d1d18bcec29e31973c5231c505247

SHA512
c9e82cd1ef693ba2b3d11124c7a49050eaccb39667a93b68b1f07d90abe9730cf218f36b7ceaf6b1489e71d35621dffe3f044b4eab9b160821dcba309ab42310

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
4ca2653850b4d24e42d6d42e0572d952

SHA1
d129467ec1da1c802a61d0216fe886183ce927d3

SHA256
6af1233b792d63436e13b3489030e561dbc8c99a4676bf2ce2e31532ec2e4ab1

SHA512
7b4fc35688a95b6e69c35f9abe657627a1a541b71cc0acedc5801e1a2fd00b36fc0fb8fd8a6eb20d1b294155c7175d99c5ec5604e22b86d4278525e226e93fb9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
0b3e5ad4e9aa0bf434411cc97ec8feb5

SHA1
48b800d634ebf18e3fc2878885dbb4b6575d4ebb

SHA256
bcce36b355334f6f79cd159ce66e3551818b9edd784280d27356147727b251ac

SHA512
5a96db68751174b61b3c83f3e1958f2ed0f607430fbad9ee1c6176d069534484206e3f5988fc0dd9849262854ccd4873541525bd435f1b14439cf2c955e37193

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
d674fec2b5259ecd4af583dbb7494432

SHA1
36cc344a61a22231c8996bcded5df8afce7839ce

SHA256
3c535e40f0652b5a8323b34cb76d0812243999b8c51ca4e2e22497231bc5ad88

SHA512
e5ebfead431f10030d90212f5ed7928b1134401566b0b369029f424ca2698c0fcde2a8db59123e5547c025e3c5da608001e955e2a688cb49fa735990d266d77d

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
fc424e2a2db279872449bf230d032758

SHA1
bebda966f74fec2950600e0531b237b04646fde6

SHA256
afa2c99dfaf5f3d8e1acea1c6d38ae55afe8db2e29f8b5095e1ac51b466f3b31

SHA512
73bd1a669afd5453cd4fe2caa73d6d4dd10f35e192f99325474b8934a6f321ee87bc0ab2f6211080278085a35312df26507bdc89505eeac4b3cf9b100f3e98cc

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
3e65eadd714a9c8dd75b0b7f49986a58

SHA1
ac849ad3b129ca643f375ed036c4cee93614b14c

SHA256
9ffe8d931d8f7a7679c9d59db883f0d96e7e571a03f37b07e676b2e6929b6f88

SHA512
27fa02a399430ede463824cd135844f23db72df5b94230d8b129691ef9f33100cf561cb3fd99f9b3ef8957a2404c4a8c392cfdf65300a98e7bf8f44f03ee0b38

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
bfce2e527c8bf4e39a61d7baf3228137

SHA1
4b783c7f18a6599a519496e69b03536c4a1a7140

SHA256
3dd813a184e89a1730ff1c565dea8393b9390e38cfd2b1775421b6eb41296050

SHA512
8fff195c3b67eb356cd9d503da4a09508f1bbef531e99ec066fae25361284efe6ff5429dc2b930ea4471159f62ded6cad5c1f36f335f4a1f8c354a971bc1c21a

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
ee42937d14c26cb8adc877069aedd8aa

SHA1
724f1bf2efa7f6596248f8c2bfa14396b343f7aa

SHA256
9bac89857e5a23005fb6104456b75094e0770124157cc9f429ad6579f453b10f

SHA512
14d39d01166de57ec211ee4e9f2fc0eb1ad00058e4997900dbb0229d3f2e41b971cac9e13fa58d6f572d0566ecde3d942224de808bcda0ab5308d6850397db4f

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
1c9415f6c568ea61086dd5eb64eef3ca

SHA1
eb5e87977d88a775b47864359f1f238ac5ab1988

SHA256
6bc134a8a3313dce8a8c5f272973eadf6c89ec2ac32f11b7e4d09fe5225af385

SHA512
0cb6a30ff9f3592f7361883c46df82052f8d56224a23b65beaa008f62f959708024d2ef18e0d2fda220b9227470223f48baa6ce7c13ff4f41cd3d95c5cdc7561

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
16d75d95cda654395cc2761801c25a08

SHA1
9b8a718f525576f97bc4acc4641ce848ba3079b6

SHA256
c6a6862e1975576bcdf42f60e1ab896f8ec4d97942074f216c1bfecf36d39ec3

SHA512
fc72b4ca020d26cb9728aa58bd9f90bb4ab7aed34ad30f63c3617bdd8f5244fe68f6e178b501b0afc953ae52c5f68422a7ddbfd7f84736ccc2528ef7064369e0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
de012a95ebd246953c2353dd672981a7

SHA1
cc06e9ab6ccdd408b6ad613cedc882d275dbebb8

SHA256
e52a16a7aca97aba51ebacc5340b7611946ce9274cb7a68216b96a5aecc629a8

SHA512
09740b9ed36a1f29e2c9af34492570093cc1b7f4c08d8b729ef5197e7461810bf432e39fcd7fc0fe1ad2b4c42dddd84175d9a13cb7e231887690ea34ba218563

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
a347d278e7c1a66fcd0e7198d3768431

SHA1
f74968df47cc9571a1b06062ec99c66ccd5e4316

SHA256
51e83cda304c4085d90372e005c44c4fd1d6dff5db0a741a31c9c7b1cdd207eb

SHA512
83cc27aed922d8cd598845f0891bb05272bdef7ee42ef1b5f4d3a715fe66373723dc6a8ef79db6785bd83c8c1ccf5e1ce8e5b207addd24ff0654bcae114e21db

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
0e287ab2eb55bc185d5c1b42c414c238

SHA1
da8d06a5766f4288e38e9cb8efdd51ffe7ccc01e

SHA256
1f6a3d3492f2ecf69e6cfcdf784ba7b59552303bd245c3539d9b5b45c3c814ba

SHA512
da27172e37c742df2432621b3fe6b3a2cf1e479820737c76726e3c3ca9565fbe3b505ea976980eb3d0906db340e19f8c24f9c36f2358b4540d7e4e28a29a8f3b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
50bdb61223efe9d96126a0eeb1653dba

SHA1
a9f6279889d7683a7badf93c5eb67741890d92e1

SHA256
3e36a0cb4cf7997247798b97cf278b09fa99b0aa6f62637998172d9727b49bee

SHA512
a7127afa211bceea833ea218f66a40595986db06ad352c190f61770ac3e83739f65db2dd9c84d46750153b92a65bbc3c62900e6253b8c180ed231d433ce25a03

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
a6f779c75b72e763a4ca4c534eeb5a48

SHA1
9907f7296e04e01f0600448397816b5a338e426e

SHA256
4002c1fe04d35d8d052e0aac73ef011a263d80e6821b7bb2adb780e14f21a38b

SHA512
f6a5148ca91e9acafe6b300a0aa8a27f2670a3f11e754075fe3cf79dffa9f7736377ea0fb9280f5ce674a31c61563fdc55d4575f671e28ad9b07eb35bf426ad7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
5bfc08300b19288ded6f8356a827cf36

SHA1
a0399498fd341322589aa0bc57736da1ef4500ca

SHA256
c85af78a17c0b788b56e5b2c00eb2d4c789aaf2bf103bce874669f568cba2e00

SHA512
44da679b5799d49e8defa5bfa8d14b52042b62c19f4245bd9e5069d19a916a5d85270feba9a22e401e1169de9445d9f06cace0d87ef322586f89d6f737a92e04

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
bb206a8b738071cfa06e06a422a34862

SHA1
e2c9bed83457bdf19164d092af721a22cc4fa0fa

SHA256
e20b158fa62797e467143244729237aa618633f2b977575d80f99d343501dd88

SHA512
b889ec5cb6e1bc37f8d0c99c8055052f9a26a268bfd6ecadd506875304e5d26545876390ef68f754d21b517af4f7dc692bed87a73fdbb635d0d29032d532cdec

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
68b176ce12e990e229c2e93f6d0bc4d7

SHA1
e4429b39e5571ac53c60976906946e43689f0991

SHA256
b10c2a2a1f21d4cb35b9998cae7e7098ffb1645318ca0336ec2448e624aa41c5

SHA512
87cc1d43f6a0ce4d6d2a24dcb4799d1b5a1febde0567d241eb4f38e1201a5031bfa01743e83f3ac130d0cd03a1ad39a98a79346a1910278cc331f81427ed5fd4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
897360a7cf70b9615fc416e3db53a475

SHA1
b0515257ae287f221c66f72912e271b885a7e4b8

SHA256
adc35d57c90a71f96ad3bc8f3a891ae6eb6c165beff122fc9ea200a90191bdde

SHA512
565d3e80238b74fbfea41cb55313fb21ff11369d807515aacbf19200cd5b9bb3ee3fa627cd6f9aa60a66126caffae9d9ae8a9780b74ba40c1984adcac5283838

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
851a4714c98b95f54022e936e0e44d1c

SHA1
b9cd9d2e2fcc838d4ef8480bfb7089a67380298c

SHA256
b56a54f6e216d1b9e685ad800d8fc81121db57d6427d7e45af97082bc238ad7c

SHA512
f88a14fc3782b0348bf853a39d0830bf97dfd0d56f6fc72fe4c90fbe0711f5291873af445ad96b5029219a11066f6c5733675c79cc67a527359b2ee565f694b7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
cc3a062adc5b8be512e62535ad5a5e11

SHA1
93ec646acc28cd2ebc11022f770894dd24a20608

SHA256
680bc290055932f24871e0d7cc437bf27dd78011414756ac2c887409c6d94c7a

SHA512
6de8c1e0df85c5963f02e9f5249d5f06b205d655e11deb7a4af33a5ca9ff05e83a6e885c6b39e61002a9ae6bc7a73b2d310ec83ce89f179a12a1e7195aa159e9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
8555d276324ad608f744a64be88617e3

SHA1
028ba721213d4ecb91bee20cdd6b0847f0a9dbdd

SHA256
a1dacf1448633b9615886812332be1b706e2a675cab812845b38d572d7c5f98d

SHA512
6b9a16aff31fea8e297a3756e2b9f34d0b693f0c765291277e03ebd1bb2280e18654763621efc058793235ac921249fa657aceb33976e5c45c0b8753ad2a35c9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
bb36afffef268208e9441f7c082dd24b

SHA1
96611707fa30fed956f20c43c1f9fa8c204dcd67

SHA256
da4128540028cdcc5e9e3c25cd3aa9f9e1441b2edff4f056c9170fb1e6fbad6d

SHA512
f1415422c16a00c561ac68af92c2c51c608b29d3453b73c88f683258e89710fc6e07f3ed6e4beda1d5924a069f9609c65278c13abfd0cf4e7f7dc2cadd71848d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
7a3d3c0c59736ffc3e49f45bbe468a3b

SHA1
53050b6eb6194a4adf781565e6d6d16ce9443d08

SHA256
63acf8bbcd09f40d37982e298fa682fe357888e1a18eb70208716c8710bed500

SHA512
37520f505d158bf6b91dc76a41f557781072d981c01888780f7499367a73b5dc91ed779cd656102dec3caf1c39eb16aac67e21663975b317fd1442ada336038a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads