cbb735c17006aae2d5f2381e93fbb2cfe56197d90c8f5b913c4b47039ccf7d44

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
Size

12KB
MD5

90b95058f1fa1d1f5056848753bb6bdf
SHA1

3ce6a6bd2865f9e464caa8fc7a4b3205d7664bf9
SHA256

cbb735c17006aae2d5f2381e93fbb2cfe56197d90c8f5b913c4b47039ccf7d44
SHA512

766cf94125b53218d10f30879ae4763861f5e8a9e394594bc096922227def8b33a6571571a55e457afdce8bff3b8af21b39556d0877ff0998d8fa0b7f84f8642
SSDEEP

192:Yj7RW0nlABG/3Nfv8tiTV3HGc7EkpAqjEnTPu2q9C/YpXnAITZfPtRMRZkK:EWwB/3N38titKkpAqonTo2YpdmRZkK

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2170) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oC9nIClW9awwKro.exe"	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\atiriol6.inf_amd64_neutral_bde34ad5722cca75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky003.inf_amd64_neutral_fe7ea176f20ab839\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep005.inf_amd64_neutral_f2fbc5759618d8fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rawsilo.inf_amd64_neutral_8eb7e6403ddbb7a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wpdmtp.inf_amd64_neutral_28f06ca2e38e8979\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Networking-MPSSVC-Svc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiaca00c.inf_amd64_neutral_27f4ad26fea72eb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pssession_details.help.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\arc.inf_amd64_neutral_11b52dec8e94d9aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scopes.help.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep00e.inf_amd64_neutral_edc631ff41a34218\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky009.inf_amd64_neutral_8e54c9ff272b72f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hpoa1sd.inf_amd64_neutral_caaa16c52c48f8ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmlucnt.inf_amd64_neutral_642a5ab3f2a1ae20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx005.inf_amd64_neutral_f65eeb9bff6bd8f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_prompts.help.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnsh002.inf_amd64_neutral_42b7a64f45c7554c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\System.gif	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_If.help.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions_advanced.help.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Arithmetic_Operators.help.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Switch.help.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnod002.inf_amd64_neutral_a10c656b6c7c053c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_hash_tables.help.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky002.inf_amd64_neutral_525d9740c77e325f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wstorflt.inf_amd64_neutral_3db956c41708f7f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-OfflineFiles-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\amdsbs.inf_amd64_neutral_5cae6933bef20aa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_neutral_b4e8ccc6ba210e97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph3xibc0.inf_amd64_neutral_c24bcc939e6dfc23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnsa002.inf_amd64_neutral_d9df1d04d8cbe336\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ql2300.inf_amd64_neutral_ca8487daf77ff7cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wd.inf_amd64_neutral_759109899b486d47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_providers.help.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_neutral_7499a4fac85b39fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0007\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-OfflineFiles-Core\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_aliases.help.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions_cmdletbindingattribute.help.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_profiles.help.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr00a.inf_amd64_neutral_e7f3f91e6832ef5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21533_.GIF	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sw\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_sun.png	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.DOC	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Mail\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter.png	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\TAB_ON.GIF	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_WMC_LogoText.png	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\INDUST\PREVIEW.GIF	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\Install\{9DFE08CC-30AD-4427-BBD2-AE53EED44C59}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01839_.GIF	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01332U.BMP	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\OutofSyncIconImagesMask.bmp	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\EmbeddedView.jpg	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)notConnectedStateIcon.png	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341475.JPG	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Purble Place\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\System\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_settings.png	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21337_.GIF	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21303_.GIF	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR46B.GIF	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099199.GIF	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern.png	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up_BIDI.png	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382959.JPG	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21548_.GIF	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_dot.png	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0234687.GIF	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Stationery\1033\PAWPRINT.GIF	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\UKRAINE.TXT	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-forfiles.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c14e84d1ce0cf061\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mpio.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8864ce2c1a92fc64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-tcpip.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2327f9833f998849\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mmdeviceapi.resources_31bf3856ad364e35_6.1.7600.16385_es-es_23a47ce11eca99a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..ration-ui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bedc147da5afe521\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..registrar.resources_31bf3856ad364e35_6.1.7600.16385_es-es_78380abfc38468c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-logginglibraries_31bf3856ad364e35_6.1.7600.16385_none_7d7a11aa182f7668\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..mmandline.resources_31bf3856ad364e35_6.1.7600.16385_it-it_7af8f1283b68edaf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msmpeg2enc_31bf3856ad364e35_6.1.7601.17514_none_67639ed55c9fc03c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-themeui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9c6be9757a591588\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_ql40xx.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d36dd71a2b7c0dac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.1.7600.16385_none_ae92b0937e708d46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-shgina_31bf3856ad364e35_6.1.7601.17514_none_ca7e9d277e2657c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.6161_none_80ba6c811e9b4aff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..et-client.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7b756a85dd138f83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mmcss.resources_31bf3856ad364e35_6.1.7600.16385_es-es_098ab71a511b4f2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnsv004.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_678cdd7af8035f84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-t..utcontrol.resources_31bf3856ad364e35_6.1.7600.16385_it-it_eb05a3378b507acd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-v..virtualdiskprovider_31bf3856ad364e35_6.1.7600.16385_none_fd447bb347c0d118\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..emotepage.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4398b5665d43d05b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..g-cmdline.resources_31bf3856ad364e35_6.1.7600.16385_en-us_83230ed9a6fd8126\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\401-5.htm	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..ultimatee.resources_31bf3856ad364e35_6.1.7601.17514_de-de_a3713776eb43c7df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-dot3svc_31bf3856ad364e35_6.1.7601.17514_none_d3e6be89be849836\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16428_none_88216b07fe83d256\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_ipbusenum.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9a56a25fdcde1bc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-runas.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9a72c22be2fa8eaa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_infocard.resources_b77a5c561934e089_6.1.7600.16385_es-es_64111c685385404d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ncrypt-dll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bda47ba84194dd0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-setup_31bf3856ad364e35_8.0.7601.17514_none_121fa84cd569cffc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..rolspanel.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f5efe7e190e2986d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-h..datalayer.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9e320afeca2c598e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-r..onmanager.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d0760d755772cc44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5e7e03e26d6d129d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Contract.v10.0\10.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_battery.inf.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_659a9508438d0aea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-c..mplus-msc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_69cfc6ebcaba3f43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\icon.png	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\system.workflow.componentmodel.resources\3.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_brmfcumd.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_70e4c0726eafcdc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_isapi_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_6a5786eb10d40b64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..writerqfe.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_3f692809d286300f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-networking-eqossnapin_31bf3856ad364e35_6.1.7600.16385_none_1741aed6f0e1757f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7156b656087cfd20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..gine-main.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7d0b430f54c619cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..licy-base.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_bfac60257d903e60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-medexptv.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_84409e180e7fb334\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-metabase.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1371f719024ec402\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-afternoon_31bf3856ad364e35_6.1.7600.16385_none_2a05e57d5ab3659e\Windows Hardware Remove.wav	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..ck-legacy.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4b5d6eb2fb867e25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..-enforcement-client_31bf3856ad364e35_6.1.7600.16385_none_3efbe964e010a5aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehvid.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e2bf23e2dc45491b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\4to3Squareframe_SelectionSubpicture.png	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.powershell.editor.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cc3ca7032400ad79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-dot3ui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e67359a3605d24dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\diagnostics\system\WindowsMediaPlayerMediaLibrary\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnbr004.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5a80ebea9d4afeb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnep00l.inf_31bf3856ad364e35_6.1.7600.16385_none_b2881ef0c3cba5ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_hid-user.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94492e5609cc02ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..cking-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d88bfee1c164d630\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\modern_h.png	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\ = "CRYPTED!"	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\DefaultIcon	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.awpteam.ts6.ru\ = "ROQFLYYPPLMZMSX"	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oC9nIClW9awwKro.exe,0"	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\shell\open\command	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\shell	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\shell\open	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oC9nIClW9awwKro.exe"	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.awpteam.ts6.ru	90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\90b95058f1fa1d1f5056848753bb6bdf_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
298B

MD5
51e3c93bfb6c20bcc7e8b3dd27595e14

SHA1
f67355913b8bd117abe11c03f1220a5a6fb7fcf5

SHA256
735a06b74083f33c3d23f5a4e7fe1135c87e1bea8b0a23a8e54761eb34b35bc0

SHA512
b6c6fcdc86fc74a69da557c32482a027bbd360aee0d572ced9a20dfbd9c5d5749f7ac527d616545ef40ae51bb05320d044d714e85dab40b6eb9e4c33db2bab80

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
3bc4f0563e9a56c578eb4d071c939da1

SHA1
2903ac715a5c1d7039ffad980a63860cf0a560ac

SHA256
ed220d7ba3aefeb688cdc6abf42cbb7e008af9362b88e1154a80fb0e7b49fa2a

SHA512
6dd9d5f960a89fc3f9e750cdd69b4ffa766dd29195cbfa4d931f6b1e61f379dba1c9c93bff84de1b47c43413cce461bae0ca63442696815a5a94cfc0a7ca99aa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
dd6bad27f34c515c61be21f4f2321d97

SHA1
4fc7bf981b1f25cc8b6916d0da23ee82ad9d17b9

SHA256
e8defd0e7a3dc29f4770d839b0ed6b16467a67ea71ab824c110b9eb42fbc9103

SHA512
cf44a1c8be4fd84411c93a00dd72d19b0c384a1120141352cb4592abd89b97b3097cb1ed37dfbb7876678bdc5b9be0ae5cf56614ec957264c7f25558c9b1eaa4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
d184b701a5783b415b0e6ced35962333

SHA1
e5c2e21c4516bd2000d3db50ce5182599ef1dffd

SHA256
4b836c51ce2e2da6b1a87e338540cdec03099841b073cecc41969f43affa2e68

SHA512
5d6a79d9760c2fbc01fe112ebd0d408718129cbd183882eeb0e8976a26ff2f343ecea05cc65b371996a4d5872397b7d73ccb62d85de122ab05ded93511835ead

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
7ddacb42c579952165969bfbcae91f0a

SHA1
9c6b74264ee389f154d088426a1386460fd36891

SHA256
9c24cf8f2e380b50be7c2e615e0a1b928224ddbe4d9f9b2e7a5a5569dcd13806

SHA512
6fc6dae7d15967e50937361484b622c15dec625b686145eca40fe633f996799b981c7e09db4f2334a140367b26177af7d760b5b6808cc60a2d3bca0066e59b2b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
b963edcda1a0ed9c4613409a7345d993

SHA1
961d3bbb0d9bfb0431bc326b34fe84f369e3840b

SHA256
a113a730bd67db9f546ee4aa31eb51a1316731d5b9c0dd3fab6ff7d049e1b450

SHA512
cd2b4b13b02a6febcddbb4243abeadd056d15cc8afc138ed57d4e49e19b10a015aec830f894e2dabc20ef8e2710b8d541441e32478fb843fdfa545c8256a39a2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
d4d307ec3e48fbc5d760ed95c0ca6280

SHA1
067f55906406be97da44c92335bc01809973bf8e

SHA256
e20d3f796f35cef2d20600870f476b7cdd0e7fa3c91f96e113e6a9a80b34c582

SHA512
bb1c23e4cf4873a8854f432ee07f549e5073a12d98ae029e56b5333706145171b4286cb8c8d3c09f2efcb37f6e5d4fd2c6432c04bc8cf9f49ca3164b742f12c1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
c326c49e4845f832bdba27511b83a985

SHA1
8446c53383e0017aa672670b1c19794f4b794b8a

SHA256
0edc114f41bf11180814f4452d6c4e975962e41155feed655513e53a7e3ee782

SHA512
ec0b0f4fed5847394638c3a5ed9184205fa13711a37eb58586410d5e38502e23e500a19ef7b8d61543a41f4be299b2b7267050b4e865085f88ae6f430765bc55

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
8e544b5b43f4f6f3d994f18592aa99ca

SHA1
a4838e73fd4d44583373171e990039027dd1ce14

SHA256
686a2bbe65b00549f0df563256991909a46bcd12a06fcc80ff3cf6aed73dae91

SHA512
0f0e8b9021c65726fb49a877f27aa5a655cc307b167ed46276c9419f133eb3ef81f997eb7d38f863f59d084f29f1a0ac14a3988fdeeda0101811c0794fd1662d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
aac9744a2847642bdb160f43c36565ce

SHA1
764b4abf23e50f25e84c29f461394acdfabac4b5

SHA256
c793b610dab536e2d7556cc7a5b61ea41650e1ade0232dbcfacbeacc005f8452

SHA512
215697255f0e47890b97357810be285b8c2f9ec0679935536fc6d8d98d43c9b138e153d87f3405a9cfc1431a20255188e32ee85ad64a894abedc59e28adf5301

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
e03f1f14a2e3087e1ea2ef9b99a758ff

SHA1
c65cf7796f22e3adc5bd688d84f24ee62ae7139c

SHA256
2dcac811b3214f152d1e1e0000a94ac4f46afb1cf8c6d9adff447877f8810c90

SHA512
ec6b7a979c95efe34315a79d16315fc1fd5e3fd692a46b05562e71626e5a4ca2ea7218e7feaa543e561acf341c26edc7d365f0db355c1c80d00c319eaa5ccbc6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
d7b75d0860de2461537820f570dd7388

SHA1
34cfe37ef590d0c85939e5bf4a15c6c656ea7f52

SHA256
7bb784a0f9b636521085ec8fa46ee72f7b2553d24425343b5f9f06e1b2983113

SHA512
14029d7a96c560c82f2468687e854777c6eceade782cd59cd349337ae74daa5a8a0672fc02fef646900c991c3e8d95d758c34cf2b4df6064ab60fbb6354b2797

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
0e862dbaefd55435ee173499e12bb39b

SHA1
f46f0ebbc7be1fb76f6f1a564cc5a6e58b85f558

SHA256
1f1fc7693af1f9f5367b900e42ee719e79d8c3ecb0e466f5349607315d50344a

SHA512
42011dd7c3e3cf8e689836fb8052bca2c7955896ca1649b72fc9ba4a8805a88016e263aadcfb54787a43665f53fa2fb238a7019c942eb6f7d7ed37a69af4d3d8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
17b2a8d7947616b4c84e03a618948227

SHA1
2933334be0635fa7095d1a0619ae6c56cfabb73e

SHA256
aa9706fbf1478d85f081a84bbc73aa84ea30f83babc069046fee5d66a8100d9c

SHA512
3c806633401364743136f53b531bf23ea41b4e7c49f2ad9f85015daa475e7a545ed44e93366ec0b62a661374901ab438aaeda86536a0483439732586dd81a0b3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
74c636008a38d835d25856e9dd9e283f

SHA1
232f5009674bd35f8dece6f95dae6f1f77a8f90f

SHA256
6a67c7b5b90413ba952eb4ce053ed17af6b81f77b6a47af4fabd0a0b2af491b8

SHA512
c6b6ad3ed43f75b24738f98d517a3458618f0be56c700d5e611d79ad33af26f00e929b6ee37f8e4025cb00d1a0a04fcfde5fde0e3b757b7740e5df8b99b83a25

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
9ac11693b363fa93f9457945d2f66e60

SHA1
ef91d312026fae9fb6f4f949cfa53d09efc3eb98

SHA256
80ccc7ec148380300135122106eddeabd782128d5418f9952f557440433a9e22

SHA512
4451149ee035ad185bee4698cfef106f6a4338b24f92863ef718e7926edae6a787988fa94099862334c85ece9504f4dffa605d74044340e09a60501f53eea203

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
e7acc5f7ed6f29fac6a4a30576c0c372

SHA1
9ffd5509b1e6e2b05455e421f00707c22563cc2c

SHA256
ebc093de9d75ea371bcb5e260211fa0380a0f0982b71f16390e342bddcda464d

SHA512
f7ec542fcb3096cd42095fa9b0abc942c27dc0397cd348e3e276f04a6e7376ad6ac50d0c780ae8216cd263e89e01d26a7641bef85985d752165f7b4a37c97238

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
4bf97efafb0a5fc86bb2d7c026eb3024

SHA1
6e7d0380dba9381a682563853f93925d8096bd22

SHA256
6753b414a7c38090653ea48d80d63fd33bb93b673b03a24e4aeb5194a15b8144

SHA512
146c7b5f384755a0e96e51f346daa613fa682e2345cb51b043a5123fc7f7c99817bda9e9aebb1b01bca2ab300d53fabd9864cd24f91802ea2b0412699bca4ec1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
5d9185bb608eb047d09aad07494518ca

SHA1
cce9d6b0b916764449981b3b7cca1d4b4e8e465b

SHA256
dd8a3566a506b425b0769ba1a9564d63a5d1e7c80d4eef8d3b36d97c39b0795c

SHA512
c3667bdd78f5332284c038573c39ce300dfe43b4f0ae35b666e0c8e347eb474d3e395e3caee3f7439e0e47d806f9280d87eed3fbe03d38e67944b3ac88d0ec66

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
6e954b5088d9d997febdab84ade26c03

SHA1
300d32e91c6bceb918f503b5bb0a709750b86261

SHA256
1b1e8eb0aa03c94bb5f43360ea19a0e84a0bb37e69033cc70195723cc882a850

SHA512
76ff58ec294924052385f1f8fc030bebd09d7cecd26de8fb312f8b3a439dbb67ce7d520092956ab4d3f95beb5a97a0a15997d4da2777d4c120c180ae9ce4ccd8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
caad05a210502482ce176bcf6c2867e3

SHA1
56f81fda52c72fb4e953aed29956db4d6e74d13e

SHA256
0c67f0cbe2934bdaaee3e4be8bc50fdb7389e788a0e09994f36755b00edeeb5d

SHA512
772966545b2ee12685d193a91d5d071da2487ec14a94be44488f7bf7c060e806c142205b651de55954e0c2f9c8a817066bb7cc2f212a08187399d28e29ef1912

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
85700e87c29be074df5c9bc31247b946

SHA1
0b61caef93306f32ae67eafb717fa63cb57540b5

SHA256
d3677899ef72849c0128e3e027f34f4f036dcc71583c0a76b65f2c1ce533c1e0

SHA512
92c2cb53c0ca7d66b307d12f397f53c954800b06ad0992d94abff2721b65f975450ab80b4332d3d6ea79c9f3368cacbd0a0accdafeeb77dbd1b7df50e6e608fa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
4e156f839b3d0e8a6bc7adb4348baa6e

SHA1
2805fdde1391399040c112ee7d9e027d7fd28f93

SHA256
a0cff9820192c200786c839ffef697764f174ab15ab8bb1dff626844544ab8c2

SHA512
aabb2e901765296e152bdc66e9cc95645d2b9bf9bdbe233f6ad96d239d293df1a8015599f6d0f73cfd2de44135891232ce5aefc0291d5a42ffb7ccbcfa50f08c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
4d1e5d1ecf083937ed61408116cb463f

SHA1
b13aeb789a674900072168a67b0abe20ea0a8a0b

SHA256
9000b480170e6d1d066d0698c99646bcd51388886b56976f086ccec54c021a17

SHA512
e7df40710f72be3342d7835558485f3842a5cf9b0136a35d949bc26e40c0a4941c53a88595f5607c2c11f9776653dadd1d665847504395ac5f88f78cb4c02d2a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
8e2f9ff03058e80ba890259c9df21f44

SHA1
3de72afd8c998c33367aa65a601a7e4afa18679b

SHA256
70f7f294f5e1909454a5d2f0b6f834473a6306efa515e94775a99d3fb54b2a2c

SHA512
c3d27ef8bd3028d9481d4baac6b84ae33b6bb096f504e8149aa418797bc87cc4d9e7573fdb061b609a476b59ab59f9f9119432c047afaf34ec32044d7537349e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
14368763631b93f5943794aa927f81d3

SHA1
8aeef84314189bba778e31f4ccba9b8e30db3267

SHA256
b76dc153a7d0b72b89550a305a60a9da088639992517d8f2e00105fdaca3d4f8

SHA512
072873efbafd34191932ac7b5754e509a8b8dc1f15b542a259f8e89939b5c816aae53523f43ac8e3ea8993cc5ad445aa21fbdd497dd8e849c2a44e555ae164c6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
8cd0cadf0289118f2373a9640ff136ff

SHA1
e75d7df9d19ec8da86c4a85d01061a4e5594aac4

SHA256
2a554c20dde450db5cd3cde041fc9131ffd7040b26e8b827079fe617ed40b61e

SHA512
f5389b04676dd2539f0673690b322c1919251b6b350a4556b0c1eaa089d77fefdb9d669359116d4e49ec40e9399b160344a71e87600b80635a66a632a41ed6bc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
21d9713d04f98411f7217aa658894efc

SHA1
a566ec6c3e80a7012ba2fb1fd30d75324e8108f3

SHA256
33cc8ffd7c6872670b8bc521b854eb33391209556f67c457b341011ed157db74

SHA512
a6303e6b5129865dd5f9ab0a937260db4f01fae2db346fa24c41f3082d970d67954bbbcf28455e2955a8a017be89fe4e100ebac6197dd7d5126d7dc56642f774

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
e526a365fc78a7e80299ee278321ec6a

SHA1
0c27d3aa7dabde19dd738f7063a54e3b4d1ce33a

SHA256
f4c3936beb4fb5c64c72309901dc39d65584c39580b3d3e489103f9fa28e609b

SHA512
e3e865e88bd2b8ff41780d7c9ac989e763e123fbbc5a854bfa4953c83cb83c57aed9fc19b435291680c12a578542fdf4076e156fac7a78d3993f98d3d8743b6d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
917701a321c61659421980a72d269182

SHA1
a5ac65522fa0f8d40ce4b6e5428b588b6e68449b

SHA256
d077753ae4f2e48d744f99e9787f76dcb374ef55f845cf7730f4812e230bc31e

SHA512
7805b3a4ad374ad68253099f12f64bd12113f666ffe51de24b0385e6170a8d61475b410a595ed8e905da6cb49dfddcff75e235a76698413d8507514884e76a1c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
c3b18e4d5f94ea2eb60f26c75aa22c98

SHA1
d9963eff2f5232cd8d67527f2df085f41d44e0c1

SHA256
c5c8a3c23cc6d69b2c72ddd6ae50c25b18d9e77b2dbf97fc462d06e1c2fb391c

SHA512
331386e8b6b6158a6b30a478059af995d88718cf5e8aa681800e6b29e162c0d199cbb41956064730c155f0b74ac5d6824b3c01986661f28c9179f4f6ddc902be

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
17c5e215c09811ed92162225f3f87f63

SHA1
5c8e0a506a27dcb1ea39a10263fe8b818fdf7802

SHA256
f9e25d8f4820f55c76d683eaee5a78a6dc783717e5432c100126d5c9159b53d4

SHA512
7980999667bfa24940c451a4d4d5d8aef10451b67bc15b458aeb47344e8c72c48ea84e99720473f805ebeb921aa7241421cb75fe244b1ba3e28823a3ce25f2a1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
1d6702f95737c90804fad8438bd0eb95

SHA1
34055bab98a5f2663e9a865c6792ed97183fcf82

SHA256
a956be55e96aabdd81fd7454f85159b1ff388d6a4f4c53c9bec0dc6e9123c678

SHA512
7529fbf24103a9b34bdc01aea194a5346d1ad298ea150c435b75f16defd4fb7245589faadad9a7ac5f4da70babe61d526c6a6132089b040a4101583ba668a785

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
8813d4a838c435841740e38d8afc5e03

SHA1
886ace9dcaf255d815d2dd3dbdbd7d1581bcdfbc

SHA256
d18a466f9340903bb11a05578d8eed2b9d3db809fa0249706ec79b6d93e5d2d7

SHA512
49f448c712e3625874143b66d3efb865fca6eb274a2e876b83217fed10a87facd588dc2a3eb40873d8d439be83de9e9132ec45603493da46fe5e639bc965ca01

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
91dc1087154d1280f2dfb92a06f38141

SHA1
923c81a37e134836614f4a4cbc68420efd05c74f

SHA256
c89fa67bba2f0190345ce2012451b666e9020bbe3e14bcd72e26b0eb37595a07

SHA512
f65795d356fe16ca56fc46c2152cf220ce1207e8c89cca6bc8dddf4bb7d8a1abd93e51653f18836c127a2ed447e5cb663a0b82bda295605e52aec8b376f4755e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
a7ff2504e1f735fa9414c0e6e22cb82f

SHA1
bff03e61de8a01f17fbe893815ca125b0472b128

SHA256
aea2d23dc1d68783aac97c6c493357178752794f1d2794dabff84fd867bcb60c

SHA512
a31fe968f602905757a6940890206542ea8972d9b2496177261bef5f3ea702411de29ae05ebb86178f79a1384cae13844412c680db922e402234ac82c459fc2f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
c9ecc40df4427ddba7a5ed510b615ca3

SHA1
85d73f23fd14bbae0dd4ac631afbefa3560c7777

SHA256
f26116d637048b7a727d05535937d2e2ffee6f6d63df6ad5d4ae20e26ccbdd69

SHA512
5ab011ffca63a5a0531bb7840c279e6e8c0a157d340806da09b63da8cadd56717d2af5379d0e5b6c8ccff8668e977b08c41c7be91eebbcb736c2bc74a0a7b5ec

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
0e0be9c9ada0bdc1acd7ebd3e10c6021

SHA1
3fd21adb33a893e2cf842f21fa8e92fb361d38db

SHA256
7437874d50fd95b5297a1aba3715221f7f34320522f402929e38f756b4e22a97

SHA512
5947fdd043cdf981c949b2cc1f2a6f842be12bde67455c579dae03673686d19d334fbc520c0e184bdb83401ea19909f6a005b904b62a050ba6f4f90aa5aac223

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
af6a100a449ecee9c9452f4400791215

SHA1
c1a6662c30854de5d7f31175564e151fd73eef0f

SHA256
72026398e19049696356bfd22fba520ff5c8d099e38304612d73652c82590d9d

SHA512
956e8b36f8dce62af27da26cb9a4b92df6320cad51a92f76eeb8b103e775c7928498752bec3e66f30e129f9693eabbf7da1184cc57cba7077158c1710fc344ca

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
f989e468a316697b6f2862a4de220ca9

SHA1
4a8cfc81f58a64a5ad55a3e73eeaafe7c50b9147

SHA256
922f0eaa4c7b0827655fb47619251f62ed623014031f5856bf08293f5108dfc8

SHA512
c52ef24fc6bd4521d979a5462d45da3d69e58f94495fd5153c65c528f98b4fe74c1124cdae0567dd1b71a479afa4895c98276cdf845bda0c2f5c3eb4f4252391

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
af6f0e267f60d108866fa2c4b6453cb3

SHA1
1e228a5ba86b42b3ee8c5dba32b400cc3091e9a7

SHA256
0e5e721bb16a3056655310cc24bef75c616b5b4e8855621a878d37e2a2c20ff2

SHA512
b7d5abfdb01ac8bad3ae4c9f7423c95c68b65e85e1e62f098a9dddbc34deafb94bc2c8f61221d5f06dd15691f46c646e2d9b68817270f4cbe7081b7e2a13f148

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
8e2f23755bcec106b3090fee0acb5f10

SHA1
0ebea6c5813feb0b7ebc2bb7e6ca4131583ed5c5

SHA256
fdaea785c778415bbfadede1a0b66acc4bf45a2672e9a4993a1ac620c483ea27

SHA512
b9691c66c69b0c63bfe6234b3970c648852d5b0d17ed23737cf0e42f5707a6c1ed31a25377a5b48b25046823b1b4e8207542a2d765c63232dd99d0525ffc99ac

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
38a2e10aa325bc65cccf15089ad88521

SHA1
76e5a5b55c90d094c44b4d625d882b8318a171d0

SHA256
c8b4de1d4f9118c9603e3c1774af730e1a31b43c0db7b4cef5af019de42ae5f2

SHA512
ae51f03349bc5be8ee7f3eb99c4a1228fd49bd74300c7a1e1fd82124250774589d911c133e8340b633e8d60ad43ae63e2927b507fb43e7181bd76b59a255d056

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
dddcc8dd03879e79e87bea773c2486b8

SHA1
5300e48a2bc4e9cc2c8e5b59812afcb47e0b9624

SHA256
58d6d47aa77ae680efa8375722065cb44685fd7d1989a0a626b20a0a91001ded

SHA512
2a16e4ec3c000371d625cfcfd9ff1d117972be2aa83a1b9c0987d4645bb6b27aea75cf22c78864cf08a1405e7b2f78249737228aa010803ebbd7f7faefcd7a44

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
19a87b75cda118e6cd4bdcb5c049b464

SHA1
c2fab58d844c9057f05c62cd220709166d18424d

SHA256
7f22f1eecb5a24707cc4e44007aa8fd949304a43ecdf8fcdd9117a9149f12a65

SHA512
916ae389b86119c750ff05f63433da8f5b4aa3d77070c0a9a93a6a6da84d465bc72429274afb00b7d6cf406655156220fc7b3c7be801b4e644d50fdcc677ca5a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
2c07be126f185dfb9fc6465decc6c562

SHA1
296e393cb281c2822b6c2be8280f7dbffb0e9dde

SHA256
d75a20973d61e952357fca900243e417e1b61fcee33912fba13e309febd73b5e

SHA512
e30f3da2aed305eaa47a864d2d902a1978c4f8779ee883443121ff7633d7447abac5782a7e5b346e314963556b3ce574269e279ac3742a595fb5c5521da65f1f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
ef1d560d85e54744a3ccf839ef27ccea

SHA1
d9930b42addf494978efd0203ba1e7810a8a8dc4

SHA256
6fa603d50c61d89cbcd6236c5b00b6c0a166f64c95fe86851bfd607e1c04d92d

SHA512
dc275dace4e0905265b5789ac065a67a3d3bf386de7dc9c8c02850676c539fb6427c0a83c21dc0bfa6a65a96a7a1c7aaa089a2ed686cb95b28e3a85d3348dd5f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
e9586bc43230635ee5c42419f9079455

SHA1
0ca84308419a1fcb3c24393d254f505c4369d0c1

SHA256
46f36d77b47afff938a443597bcd1c0c6e1294e452cc949b39e5dae3a27ba129

SHA512
1cbec4a8053cb104650d19e015dda3e133241fc52090e6021ec73cdc1ea572a5b7af00857500bbb32455311c8a9ed3745d428b5ca3ac2d571d60e0fb9fd9b601

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
5a11e4c9e3656d4ffe4ea9db76330d36

SHA1
42bf0088ae93fa4304f5b2b3b9d0d4028a3e95ca

SHA256
2ea963d6ad0765f4e95aaa81474182c67a7d5a0fe534e68d3ea6fbe29a2fcfe4

SHA512
d787d39618ddd295e62e633abb5cb68226a75427341d9c0f5f34b3bc71745a48d67b8747a638582178eb9bf22f3e7e36540f53b49212a279ae74bd839018ed71

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
66ca1d6373e80e0ff96030bb5010b3bb

SHA1
44b0510f83bc71204a2ea5dc3a15b3d6f28f8e10

SHA256
02675a49259f5e6071b879e3d3d53691d29408df825e11c46f3b27abb684ae7a

SHA512
bfe2d9f08230eb538c85cdbae18163fa91f68ef7a1594f508901511bc41000b542884119e310fb79aec5ee54edeab05add766f05da2d74d2bff542048576b260

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
6cd0fb4385a1d2b7693007a1423c2eae

SHA1
f16556025baed7a25cc42f1b8246e7ff7fe00705

SHA256
0757b5f3a16d8bac0ef554291eb79b39ceccce4ae8aad85c2eaa148bf9c1639b

SHA512
2899f2c6515e223d51227a5a5c560b4e5e6aa122b54fbe1e5cb5eb7fc824f221501b07b0899cc8d3646f65a05a90492d9a9b195a14d69afd20a95ac85aea5336

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
354679ab328b630950e9424bc491a628

SHA1
d1b47d71cfdd093de1ec84af34010a04109637a8

SHA256
b2dcc2bab90bf74c899574e2caa638b29f8be0eba3c344d70e3537708e0945dd

SHA512
f66a5d296e6f33413c30c520f06e2dccd90468d51fad8130a6a012523e5a6b651b33b20fb25dce0e20c7227731637237c315990890fd5024cf4eb477e5843c07

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
d053fc7ca1373ff5b1b75bfcdca366d8

SHA1
f0cc6abb68a168c7066169bdf90e4d798f4b61c2

SHA256
4aea2256c040a6ac68d5aaf6d661b9b84a8add02dfa6784f798ee31d1a3296d1

SHA512
abaff0bff41f93145cf876101cadc32fe028782aa490ec4d66a651e7a1b0b37258767d2ded41d257baf8f9a6bfab1a707e2eaa9f2dcfb66ef8c7949b135a24a6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
47ffd85b44e22d6e9039c0dbc781b0e9

SHA1
5caa785c797effbf5dba73c0204c68c148a67881

SHA256
87a5de6af4b57aff588b44be82fff3d0deff8599693078c6a9f3dae99fdaabf6

SHA512
52f30b60543c04ad1709cc5ece988c8080cc191f559a0545c9f69ae2552bf8635c0bd5b36283f6d7d6f60da71c1d7a673e7edb672c1fc73382cbba195b07a76e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
56edbc437c55f0da94ed7c4b0710246d

SHA1
795f39649fb4ef6ae58bc73bee7af59866adc7c6

SHA256
470af6ed673f144049204208ed97840cdd395d4d26cb9f01877fb77994c56516

SHA512
be76789fc1f2554f3ad6bde478b1ca4c9927fd3e0e41b234d4592dac1612951a320ed29240fe66f64083cbef858a6988fa78313af426d378b1cd28e99bda3a04

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
003b55b96a9b688e7116b590c202ec97

SHA1
78070a809f0de49ad204dd259630e1b97d7f8b07

SHA256
4c51bd46be4abba17447aa21bfc4a571bccc32942317a7ecf77fdd0a3e321cdd

SHA512
5f311e53afe14a11d2a10fd35945eab916b2659f29de316ade5514c0345dd7ee4689a7f7bd9488ec74bf04cb865a57e3e34751bf4e697890a4f7174c2bce71fb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
be99958fbfc2146f0c2b91043b4c7b74

SHA1
21a63a5f3c6b44dab520f33dd3c9d2bbb44a52e8

SHA256
08cdf0faba7d5ab6d0ed966ca9ad2e4f15e6470a17a0cae5d1dd0a7b09dd4d7d

SHA512
9f4cb7bedc580e61228fbb2f65644c7489d4fa458c9bdb57f402447490072b7b7c3a7fe93e1e35826a01749d34a7efc5a01f4a792d3976b691094aebf4a1797a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
be4c73e04f4cde319804ca1314bfc0f2

SHA1
2bb7aede60e6f54168d1588254375818ec8e1354

SHA256
073e236a0588ce30d65af5115414755f4fa2a9a9529dea2e2cc20354334c7c16

SHA512
7015fdbb51a95e57a594731a9928ba096fe5fbbb19994e92356c77464dff93130114f648506711406a8c3e264c2e49377fb91a197166a79cfcd25126a9c52185

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
7bb41881027fbd80b7152a7f3a0ac7d4

SHA1
e6aa7adc25b93123691c4682321e468013648bfb

SHA256
a0b3879ba223adbbc8f9fc3d39bde8f7ee9e8c571cb91c33e4e65199497925cb

SHA512
d35af9b035fd356f3eb1124b6fdb03bb2d52fa3d4745f02b3914a9bf8ca3d991cd378f23279375112642f49fe04390640d5703ec8fff8fe9e0a08516043c7a20

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
179fc49830d6283f08276d2be49568f3

SHA1
b279806266646b97126f4d332638e265d1bd9188

SHA256
9a5384b8c14a6a4a631c8f15f50a14c3d9c8a38eb18d4bf1106c13f81a5b554b

SHA512
8fafebd6d4f5ba19d30980bec80ed5e02baa1679a591f26a173baa82d3f724160088b4bc00cd91f6cb869325f67b78b5c434d80c4d18bd78f64e1d3ddb1f3adb

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
91a9a7861109fb22c4978ee6f4c367b3

SHA1
2ef8185ce23c6e1f6a2423fa8dedbb81fbc7a60b

SHA256
b14e6c723acb2ca335fb653d1e681957ca02076b53911e74c8b2a8e053112df6

SHA512
aeadca32c4c4e3f154cd7d18f13310c111dad831c15f72056f1de931a3eed78502b0a79a0a7115fe7fee8f16d963a53220e840a0f8c24ed2d112bc9b9d72d204

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
b4bfd918052ba941f285d72f3ef1ed69

SHA1
2d033725bb568f175a299520ef0f18e034b85b8c

SHA256
2034a88456922d50e1c2d627ceeab8e9c5fbeb3ba8c999ddb3039fe7ef84b62f

SHA512
30e48268f1ef21cdc8be03a8f0f353952d9c284245c767172a4aaf1dad4fd093dbcf43cb32e9ba442043c9fa6af919d2aad98cb0c5748e44fef47053b020b6fd

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
3da74baa320ea2809ffd66a356e112bb

SHA1
441db4a4f194deec49e7a955746b3b55de27288f

SHA256
1a469965ab8b33b78631f283e26b87826b98e3e15bec3ea3ceab9ee429e17c21

SHA512
603589f2dfee941d8ee69dd9c71a0e2c518f8ddc1c92d62b3436f21c26995a370c522b7819a050c57e84a80d9c9a9d72bbbfabf0e5e469eefbdca7960e4b63de

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
7bd3e390f1271ad4351a0728417c6bbf

SHA1
5521c1a32ab81b8ae76fe3307241d62c096449c8

SHA256
e9cb95f041820be5f5121b6cb6d5aade6400a76fb69f263124021cc417c52b24

SHA512
37c2dfffc91ffe72968753a35aceb793f9c0ee3de8b93fa1f81bb5bd82b390d72c3893d20b67bc578f670f13d4ab9ce16ce6abf732adb9419a42363987a03044

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
f1e806ce9c9e5ff442e0f744477e7083

SHA1
6ea46f0ccb2609adfff31dea72669dcc7bb98e5a

SHA256
73413851ff14a1c379e05e43ecb3cf29564ebb55b113cbd4397af668db8aa903

SHA512
1ec5f0c9460bb08ce1337e1bc06cfb1f704ff73a5afa1eee19b0d8e2fa9278d06908e031b2455224b940dfc9dd672de0bc820ef3c2f20f96100fa325d63939ca

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
838d178c2130ebaff65428d3aabd9202

SHA1
6d8f2e1884d7a4ba382dfe52d991bafb5c0815ed

SHA256
c38b7e54985aa2e0fd2fc5253a2d52cff999272fee573aac93c95a9c70500820

SHA512
c1b9ba233a4219b72443699c099d7f5cda56a9980fd1f471009683843497d8ea6366dc63fe71fc53fdce2d6c22bb5bfd0748b1f4868f971c10c0d7889f37e019

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
6e2c8642789e0e5e8b8a9eb239df3530

SHA1
887fa4ba155b2974d6258394073d6f82b16e530f

SHA256
4bbb083f4c5d8504c9a7cb69967a8b2e5f289371239b2ee0d0d08296477670f5

SHA512
7e9ca8e9fd6acc5b9a0f627154faf2bdeffeaaaa493d6b70e997ef83a2151ac0be6e4b817eee6a61f11582bf78f734d16f3689ff78e16f413ed857adacc886fc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
f863a5647216bf727d29aa64a6f19be1

SHA1
868464397b45e04828f51dde2f12cc78b47edf6d

SHA256
3cb17c45194cac708f6a02c821cca245ef56106230cc22fa76e3cd53e36b232e

SHA512
5dc32786882de589caeecdec54472d5685d8d302488e1702e0f4b51517aca7750513ce91e349fd07e4372a1b4f31cdd951d410f9647feba1072985683bdbd8e8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
3c5ffa17fcbddfb3dc7ddfb26ba26daa

SHA1
557beb59422285c8d5c7ca5e4560f291ba7199e8

SHA256
d261557d7ec812373793c4c1648df0e5d79e1ab836532c079e45cf66fb9c1e71

SHA512
2e420f26e6f524e132b442150f73b24ad1a10464a2161470d68f32c82f88238b8793783e2c74b42aa516670727c0d8f2b642de067424cfbbe2ecffb60d2e88ba

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
64afe9689608bdd29823cd496a950d81

SHA1
2b5fc0139113ce5ab0ece6d259e0bd1bf57f4016

SHA256
19fda99dd07ffd0d2073b648042f459c8dcef470e60950ccab6560b57fa586f7

SHA512
cad636901fb46028bf788d4245eb20c80386429e2c8594489e62faab5a96ed46b27bc7f566bb8b0f8115fa4d26e6b1cbc195e9f8e33839df48014e54a783e5ff

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
b9b7beffdcdd48ec2b644d4149fd6a12

SHA1
6015bdbe6436c5407632ce79ebfef63232bdcbdb

SHA256
8b15e75adb194d835194fb1eaf6380d62f1976bc4b9c822217a249589e9e011d

SHA512
f749301b4d6fe454df608535aaf225cacf253be24004d7620009cfc8014674f489fe5a34df11c94f46d5b3af3dc5451d9ca956cfa4debffc67fe89c5ba50b86f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
674df4ff38e7a7ac431da1f8fdd50d04

SHA1
a4f3ca67563b735534a8cb17a20c05267fc48fce

SHA256
6fe7feda96b1450d6feeeb9c159cf32b8bbfe87147ccc7c7d1029e14d772e1d2

SHA512
281aaa6fff413ddf494adf43a38be88322e31a0efd13509edb4a0ba37eaa6f457bb399ee951c7328dfb9e57b04987875919f8867110ba65fd907989fc8428b64

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
4fa39f94966c61a03f225ad5981a0110

SHA1
d2b38026798ec2338198bd4e4e2902ba88eb0e49

SHA256
bdd4de1b7507f412b1d6012ab06ab411990ffa3a77d44fccebe20b7d8721d5a4

SHA512
8e0bef923d8fee787d5adb4d521c39754e1f239ee9290b1642a84f38ca0582dffbccd8b70532751cd1fc94745e870264631b4cb8ba3fd41ee2404a95b09c9eab

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
cfefc7a768eaff92ab2ea29ccebc81c3

SHA1
5b4bbac9944861aeaf90edc4c966cbfeda714844

SHA256
0b6c3e98087fa814f42a314fad637866a6fd02899a28e4f7fc4437d5b7f876f0

SHA512
227a96f424366c870c86049b8403cc53c9734c2ec19c3ea194c28e04914b310f61755d925bf9888e88110be639c28cb3b7b578e33aedceb70ddcf4df9cd33189

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
fbc99e81e079588d922e611e6099868b

SHA1
42a0dea61a2ddd3159d689d47c6bcf3e7a4ced39

SHA256
4e24bdc76e5569fe35bf08876734ffc0fbe51ca8f998af00ac6c6e30437b5e06

SHA512
f60ad74808dbc600fbffd62f3384e46227729df43cd531dc338d31a25747648bc7c6e24f7a1fdbfaabb6e503d0507eee24560ffaf8eade934c829d6501cf7941

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
e81e6acee816c253c9f51e5285f95996

SHA1
a39e2c455d7f3914561e4934d84583757f5243ca

SHA256
f28f3a6f20c8a2e86ac96569a2f79c0d445e57f4fd4828d56db8b908724cfcb7

SHA512
3411aa33738b6fe186557e79372b90b0f4cafa5ff82754ba5d83b652efe26b7dcb49922ff490b7ec52bb3bc73af97197d6f95739041d28041ce4a58082842ce4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
30a551ef637517d8598e3fa0e573d1c6

SHA1
25a311a00bb1c4b9f70cfcf3d26dbebba526d81e

SHA256
244c0fcae88f97fe3a2181ab8e059c83db864cad146fd1a1f6d159c06df62f8b

SHA512
b745a1a0e3389daeec6fa321173e67f1cf9dd3c1c5272c5990563e773901768307177799548472e5547becd5dd6c8b72687ce128d20464b47d1725e42fe938a6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
4c4b9fa5e48e23e0930043a3699d3498

SHA1
367866e7339f265c1b7a82b77f7c72caefea30d6

SHA256
9dc566cb9b8171f3037d09fbc6ab065b041dd393fbf69b1f333cf5e6a1e65138

SHA512
a17c03370b6d383006ea89c1539d9d0334ce204adc7b11da856461094072f67b58c725393ddada58834968cfaa2631d112a334f346be8e0c2c8d79eaf0f5df3d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
cf73a3cf99f32b542cec394a51459e97

SHA1
9def0d24f329d7b5a0b8781284d1c5a1215d4fad

SHA256
6979aa86672195648fb3638322e908960117fc646aa807849d5dc073a1af122e

SHA512
86e38fb115b4063d114afa9a92729c94fa422dad79213d3e8843adc826b9730468680cbb4dc85a098c2dee253853dbf0c1a71f159dea5d9124f6d6c085ddc6f4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
36b903c48edc70b4d15c4adc83146a42

SHA1
b5f5868d4ef245a37eef34a5bdb6aa5bff2d13d9

SHA256
015b4555efb02ff483824994527f1413ccbff1fa2885fe3363fc18520ff66327

SHA512
5935f07f97622656b331cb86132a796aa271df10f495fef74bb180d60fe7636f67eae9cb31715fc5e271762ffcde17aa601afce5e0b903ee7e92d74030f08ada

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads