5ccaec3ac28c38d1af7ab4661d2d6c49dfc31eb250a598aa57be448e0b7657d4

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07-12-2024 10:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
Size

13KB
MD5

d1ee60da399d2520503b3e134855be44
SHA1

c1f289ea472dcc5c5345f64909388f2fc573c3f4
SHA256

5ccaec3ac28c38d1af7ab4661d2d6c49dfc31eb250a598aa57be448e0b7657d4
SHA512

c3823c50b4340dee8129f250aa1a53482d9e5ac4b3303b8d48763fad9f61e2c0601445ea6e0a8bec13f9842a9a3a0d801909eb14041c151c23b625ea24cc11e2
SSDEEP

192:i/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMw/htvt:iebFNw4Pk1itKkpAjjI2YpdmwXV

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2218) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2Ob0pY00oQ009gJ.exe"	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_scripts.help.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced_methods.help.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthspp.inf_amd64_neutral_1b15060bdfbd09e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky309.inf_amd64_ja-jp_afbb421e3dc1cb6b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Throw.help.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmoto1.inf_amd64_neutral_bf4b404852955eb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmvv.inf_amd64_neutral_14cb440c800fe9fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_types.ps1xml.help.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_do.help.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\angelu64.inf_amd64_neutral_3d6079dd78127f5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky007.inf_amd64_neutral_e637699044f367f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\zh-HK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\averfx2hbh826d_noaverir_x64.inf_amd64_neutral_da2ba9e8a30dad14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr003.inf_amd64_neutral_dff45d1d0df04caf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnok002.inf_amd64_neutral_616c1e9b7df7d5a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_neutral_99bb33c9a5bedaea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote.help.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\xnacc.inf_amd64_neutral_13c4e272a96185a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Redirection.help.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpn1.inf_amd64_neutral_e44cc033b67e7d04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky008.inf_amd64_neutral_9f6abc54cbf095f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnso002.inf_amd64_neutral_c3b7ce4e6f71641f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\it-IT\about_BITS_Cmdlets.help.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmaus.inf_amd64_neutral_5fa4270b9924b918\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmneuhs.inf_amd64_neutral_d1563e8412461eea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph3xibc8.inf_amd64_neutral_c93e7023ef90e637\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnle003.inf_amd64_neutral_c61883abf66ddb39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc00b.inf_amd64_neutral_3338d41663aad5fa\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Sxs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced.help.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions_cmdletbindingattribute.help.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\com\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmaiwa5.inf_amd64_neutral_ea8128ac5da37eb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnkm005.inf_amd64_neutral_c03c9e328608873e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Redirection.help.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtx64.inf_amd64_neutral_410e89ed86071c9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Command_Syntax.help.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_wildcards.help.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Windows_PowerShell_2.0.help.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Assignment_Operators.help.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_script_blocks.help.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_amd64_neutral_0725c2806a159a9d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Command_Syntax.help.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_logical_operators.help.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgatew.inf_amd64_neutral_84eee4cc19fd00dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky305.inf_amd64_ja-jp_4d77cc4802b17ec3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnsh002.inf_amd64_neutral_42b7a64f45c7554c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\THMBNAIL.PNG	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Purble Place\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382969.JPG	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR17F.GIF	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\SHOT.WAV	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Mail\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\More Games\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\THMBNAIL.PNG	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0387882.JPG	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\GlobeButtonImageMask.bmp	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\31.png	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\7.png	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143749.GIF	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15021_.GIF	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\J0115876.GIF	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\4.png	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\lua\extensions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dataset.zip	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)redStateIcon.png	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101862.BMP	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\arrow.png	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-4.png	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_disabled.png	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked-loading.png	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\THMBNAIL.PNG	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\RSSFeeds.html	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous.png	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_OffMask.bmp	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_pressed.gif	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceAmharic.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-legapp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_dfa289134fab93f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_c29b6c0480cc54b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-shatter_31bf3856ad364e35_6.1.7600.16385_none_0cd72f8900478c68\1047x576black.png	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-travel_31bf3856ad364e35_6.1.7600.16385_none_f2a7c66510a5395d\selection_subpicture.png	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.InfoPath\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mdmtdkj3.inf_31bf3856ad364e35_6.1.7600.16385_none_0aac5680b7a55e26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-raavi_31bf3856ad364e35_6.1.7600.16385_none_a2d43ed8e3097243\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_gray_rainy.png	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..play-troubleshooter_31bf3856ad364e35_6.1.7600.16385_none_164e092b536913c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netl260a.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_37d5568c6cab39ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack.Resources\6.1.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-hgroup.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_84349890449a5d7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnbr006.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_cc18236ec7661409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-core-dll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_cf6d5b93b496da35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_tsusbhubfilter.inf_31bf3856ad364e35_6.1.7601.17514_none_776b19f55ac34470\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_blue_partly-cloudy.png	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\Speech\Engines\Lexicon\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.1.7601.17514_none_44b0c76c35d4b76d\verisign.bmp	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-winrsplugins.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b940072721dff350\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\dial_sml.png	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..-netlogon.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ba88bec7f5c72fd7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..esframework-softkbd_31bf3856ad364e35_6.1.7600.16385_none_0ea5105470d7098e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-installutillib_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_43907f7b80523a4c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-directx-dxgi_31bf3856ad364e35_7.1.7601.16492_none_89bc8ef5c05582ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..e-library.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6e5eadf52d4094a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..ehprivjob.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_955baf9439a9939b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-directx-directinput_31bf3856ad364e35_6.1.7600.16385_none_1d6e705f6d025338\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-legapp2.resources_31bf3856ad364e35_6.1.7600.16385_it-it_39c1a15fe5d380f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..vault-cpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4bdcac3537e3a78e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b\usertile27.bmp	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-webservices.resources_31bf3856ad364e35_6.1.7600.16385_de-de_659c9fcce8b577b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnts002.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a943357dd09aaf46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_napsnap.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5bdd2bf01d7bc0ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-zipfldr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_134e0f99df9fe86b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..s-utildll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9cd7bc24d39fe04b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mdmpp.inf_31bf3856ad364e35_6.1.7600.16385_none_a9d2002feb81fa56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..tion_service_iasnap_31bf3856ad364e35_6.1.7600.16385_none_795116adb6780e59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.windows.s..rt_driver.resources_31bf3856ad364e35_6.1.7600.16385_de-de_040354651b707cc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mtconfig.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_793154cfd188fa36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netvwifibus.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7bb34d7390074ab3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Narrator\0bae62c3fc6c327ed24989263988173d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-u..re-atmini.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4dbe3af629c49981\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7601.17514_none_61acd141e5332baf\wmpnss_color120.jpg	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-msac3enc_31bf3856ad364e35_6.1.7601.17514_none_a6e637e4d9e690e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0b85cac1a55255e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_prompts.help.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-setup-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6aab823616410bef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..order-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e736603b3f973403\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-commonlogservicesapi_31bf3856ad364e35_6.1.7600.16385_none_caaa1808998835c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..ntication.resources_31bf3856ad364e35_6.1.7600.16385_es-es_af29a5cb947bb312\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e4caddd130d36cd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_networking-mpssvc-netsh.resources_31bf3856ad364e35_6.1.7600.16385_it-it_cf30c64ef5fd4e54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wfpipsechelperclasses_31bf3856ad364e35_6.1.7601.17514_none_74a4f74e5a3cf6d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-moricons_31bf3856ad364e35_6.1.7600.16385_none_410fda20fe51f655\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..migration.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d63da416276891e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-powercfg.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84ef507e8404018b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-mscorpe_dll_b03f5f7f11d50a3a_6.1.7601.17514_none_8492ec5f045f17f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_hcw85c64.inf_31bf3856ad364e35_6.1.7600.16385_none_0446c109eabcdb24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..sc-style-rectangles_31bf3856ad364e35_6.1.7600.16385_none_258f1924c482b7a1\NavigationLeft_SelectionSubpicture.png	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_032ab4f375e2ac1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..ional-codepage-1253_31bf3856ad364e35_6.1.7600.16385_none_2263ac496b569d1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mfplat.resources_31bf3856ad364e35_6.1.7600.16385_en-us_04b29712979b660c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..nailcache.resources_31bf3856ad364e35_6.1.7600.16385_es-es_da1c4bfb8523f11b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\shell\open\command	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\shell\open	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.CrIpTeD	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.CrIpTeD\ = "CDYFHILIYTPKOAP"	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\DefaultIcon	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\ = "CRYPTED!"	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2Ob0pY00oQ009gJ.exe,0"	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\shell	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2Ob0pY00oQ009gJ.exe"	d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1ee60da399d2520503b3e134855be44_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
902B

MD5
49ef217a4be1764efc6de2d27431d098

SHA1
878acc2b9424c33f3eb9be4b29f0035d96cabc52

SHA256
212a56ae6b6fc3d2a283e21e4c8c3b4278c0cf62737825fa531eda9e282ad721

SHA512
7f7b9c42a1c7373749cc603a42b61e3dea8e45082dca6c5ee122ddb067b2613fb5be214a50e83713197194b94a0ca4b67dcec5b0c772fc32b2665a18f76ec697

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
ea089ea81acc69c3b524760249f1b4d9

SHA1
a47388f47f95f040b86a47c74eb2185eb805848d

SHA256
db563171c6047268a56195dda8ee69d2ab041c902a2ffa3080850f78a9347acb

SHA512
a5951351b25934233cf22e5d5bf0e9b569ddb08e56aeab9f1e8ae9a799e13639056da394193d5c7108b62f47122cdcaad8e6ab86df31cc4e7a993077e5c52b41

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
76ad2fbfaad9578838e68956efc70c95

SHA1
4c1469462cd9588648a16f19d5e3e33d97849f4d

SHA256
6aaab9a6fa8ccc0ad1691fd41e5d7444f28efe4dd45aa7e47225fe2c002e3474

SHA512
cfdd80b7639c1f5003a200a8d92f7e9e5ec33c55af3fafd611a035a78ae7bf668a5a67109546d8739c4ce816760b656459208cd1b0a4f2a5029d9e9bcafad09b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
23d5a74cda1f64d5383971728740e172

SHA1
dcf6cde9ad1a1542c3073f5626ac7ed6fa9aed95

SHA256
f71cf048e25fe1cae94c683eaa8281e3e3b2a795d34465045ceeb323d4d3f7d9

SHA512
bb4dda06bf6c1a487064ce9d3313962408a0b36ac43b91f80b3e41e14b7f44cdd948ee6352af3220f466471aa8fe1d9e2df7b7190701fed08c8b5ebe6ef80ee3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
0e1cbd9d662bc54b732205e40c1791da

SHA1
d73e59e2be2889c82430a3a45a7588c815667de2

SHA256
62fdb77914ffd3a65e31791759d3bf51dc0255a4167e7a4e3ea07f16dcf4345f

SHA512
21a70cb1e3536c88181873268be3e4668ecfda1b8b57bd3d25c3910055982c2a517a042f5638f72b2b38e244165dfea5a2785c148c604e6dc4043bfa7e38bbf7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
92a45c6475f3aea0f80c439d9948c8da

SHA1
c6166c834a33701f671e6561455c15024f5ce787

SHA256
0c1b12df883f9efe7976ebc1e8f8de80d95753503514b9640acbb9126cfa66d8

SHA512
e9eb243c77d6203e49ee075ba93499da9d66dbdceb754e0144ad8b2e8c9d49579a15ebc0a1552a868da448ee241bea66a24418e06eca661a41ae1c9419c34295

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
93f2346e1f4fee5355ddff4df343bfe8

SHA1
c3aa7c1ac72ea68f49a3684fd054d5c61b0f274d

SHA256
881596a53b7b81a393d80c8f93c8fe60af5ec93504b2a95fb86e14e37b28125c

SHA512
6df7581e5518935fb9f1b703d8ac3325f691db4c50fda02664c7176eef2f881df1da91015ad4becf473ab21b2ff9270cdde6086fd989a97832e90016f281d00a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
28b0224b40ee4021d25ff146088be363

SHA1
5379faf5888726f2eacb25729e033c9cf92903d5

SHA256
b473bfa14f8976e2d3429eaab29563adeba9983f6d6dd04110d49a758628b4e1

SHA512
4c0443fdafb5f381525a4cc323241e5e2dcd28441b0be13877efa9595afcdf4e2994bbb839f09aa5ac220ab75015c34a64a7d97c067d7274df41baf805af451d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
4f630a1ddfa91532f2066979d9ad8de2

SHA1
e35244bf800280de601b21ce26be031a1ca8aa41

SHA256
e135e0925ecf15d91b76a7976a08ab55da35d8a23eafe339c5807c352c9fedd3

SHA512
f0cd78e109c0dc81e615d479ee2a935a0d076cf7ba58d3ad80c1185b077c3f4c143f77ba2b0aefe5e15380aa7d3964e97f539c39e7fed593c7c03422a5a0463b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
09f3b8b5eaa9fde733c0e4e8a3c39956

SHA1
c9b8300d25eaec2518f319b1c2559fbff84e37cb

SHA256
1df07fe8680a2647a262f017565d1320eec3b3af2983160a564c6921381bc4b9

SHA512
3d4b332666ec80a3333a492b54c867684b8fa6f984de1c96ca26bf1ca5960b362ec9f48a82e1167cc837eda6905c5d3c32dc4eae06ffeb46ed9df01454673860

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
1fe06052cecd9162396906f23a8f4dc5

SHA1
8b13dba41d0e529e80bc35f4919193d64e584ed3

SHA256
ec62390d91417a5856eb43f395a3da09f8a48d60bc71196dd569f524bc581a75

SHA512
e08168f9c657026c999efec513942ef9af7dab6a96daf6108599cc0b13770391123c820c68e00ef651875db6662813b522d19e5755e2eb23dcf087152f1d6c9f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
56c9aded969266c8a94bdb06a1ec2705

SHA1
4b095516bf5de599f50d8cd0718af3aeb6f93d50

SHA256
ae5e7999d439b083f7c8a14bae259fcf310258798f99d4dbed3b53422e0053f1

SHA512
4d67ee8da9c4e1065532554c95cb6db3db8656c276c7dd0fc17344d6c1eb06a71546c1274ea8a3539625b58d75dcfa83262f8cbf293c892e317a493b0e5e1d0a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
e3fd39f3f5d806fc81052c621eeaa88e

SHA1
2ce17de9fb8bac0f527d57cd9257c649b17c10cc

SHA256
65af931249b729617fbdb3eb2539c5e419bae58f63841fe88bc81db81aca2a66

SHA512
7438ad542a57e9d16303197806ffe6710ac760e72034c525b09f47b71ce1f5dc05f33f036cac40695ae901d16e093c3094a37c2fa345f67ea9196dc58998bbfb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
17b2a8d7947616b4c84e03a618948227

SHA1
2933334be0635fa7095d1a0619ae6c56cfabb73e

SHA256
aa9706fbf1478d85f081a84bbc73aa84ea30f83babc069046fee5d66a8100d9c

SHA512
3c806633401364743136f53b531bf23ea41b4e7c49f2ad9f85015daa475e7a545ed44e93366ec0b62a661374901ab438aaeda86536a0483439732586dd81a0b3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
6063162775bc6277835d705583dd2820

SHA1
4d2cf3a0e3871f6c3fd7f3476f06fee7e80ae351

SHA256
f964c087e8fc1b15fca4ed2405ca861e2d406398d1a5d9911169015f61f23fa2

SHA512
6d251eb5e3099c95b3abb72f72ed31cfc6f9a10bc12052bad0a2aedcfe63bb18eb820d09fdf49a1910be2ae217a2da527509886c494a4472d475445c673db2a3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
7968f9e66f41ef98d0e3b30e5629a89a

SHA1
866f63c37293e59a34e5405df4f79c8ad41797c8

SHA256
3555c94216fc3e9c579031da94dde377589656ac30dbfa77010d35026dd67340

SHA512
1df4cf47fa9809b808136913718acefed241ca6426be1f47a0c82dea05dac4c1933723914246720b0ef7e06aeaf4c5fc868f58c448a36019946f4195a6625aef

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
a96a6c89f9f373f72c082d29671c9b46

SHA1
0d675809f91501fa231fcc24599291fb93992da6

SHA256
9b3bda4fd3551599b7c7b64c3ec88b9611eb28128dd1e0cb12b1b3d7f53b71b7

SHA512
fbbf7b11bcc1099a67b1de00be5d24a890732e16374c464c7e0b8f4d278c1c708108bd08d3a227501b8cd3f1b6f98e7d4513c553cad40495a1a3b2e43721af82

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
8212eb2609de88e64b8a529ddc6cdf62

SHA1
a03518a2d7cbf995c67d4cd79b7b2b187172003f

SHA256
5ef0091f0ac4778c0eadad099ffab6109ee55c67564b322bda9b2fab7902b660

SHA512
262c89cbfc754e120408d3132cfc0db83198542cf108f033cb97ac2f079bd64e7a1d9240ba416a835aa17a20cf4cec5f7d53456a6215369f27533560a08f0f3a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
4e30f6c8449a0391c39b5df4076a9274

SHA1
0bf1bf1284eea57f9a26ce8c6e472ae604ef90f7

SHA256
3b7bba6c9c634de901d2664e137ec16ee0682b98c2ca4c08f914ed3de8f899e6

SHA512
206833fac62256f7330eb5fbd19a26cb86cb2105d688e6e2bf2149135ef333e671cadf93100564aa97f89bd39507150241db02b4368adfc5b0ef56cd0e151e25

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
40213bc38b949a4a76e7be1120509e4b

SHA1
8c47480a2f68a7af3cb949308c4f9eb5e0ba701d

SHA256
3ce89980edb091e0e2e8741d8852fd1c6ed563209eea8c460b7e49079ea2f64b

SHA512
bb7e45ba719821ad201adac76ea672485e9256e86e72a5f2f5737f87d4d7f22a4e6a1cb7719d6260b59021c9538d898ee320c47e0d980c713a8d8006ac07b7df

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
67a1fb49591b758dfae9232519c31a39

SHA1
af1609561100203d3f23374a133fd4fced9e86b9

SHA256
0843ffb7b18ea3e3343d00e732aa95189f235f69ddd311ba5afdca2fce2accca

SHA512
bd3f8bb41340a1df870c2aefb44ce51f15e87423bd60319e8a877bf453a52ebf750066c138c058fd42abfcc1f4a7c6ca57ca339d2dab80ec158330cdf6ee4aaf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
b9365a91b04cb86d9786c571fe385fcd

SHA1
a7c94c1de83fbd0b0137b2f9a005b8e2858af5cc

SHA256
c8a1aa4508d95fca8e73d72634139f633cf975cab3a7512e1b7ae06f2cc47239

SHA512
35a3458d85c540d28fd16f7a0b43ae5ef282378dbe42a6de9f9a1606d1a4380c24ec4024f1e20d7d19293405d4b0709134a61530ce3bc9ae9cbcee2435305f1c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
0269ee8304abf426d66c4ce5bfeb4183

SHA1
270c6c89d14de52eb200aaf46c3ce5f26e2a83a0

SHA256
d064fb8ad4b2d87472589ff55b170dd3ef226a2af569efbcc9d703c14199755b

SHA512
54d870dc3b5d400f4c1d8cd9a658a7321b30869b23755aa9ad0ec0ea22b417eaef70826d27a4a73d54f273179913c6e1be4e07d1dd658e58d1334a9e46a93105

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
767a0241148f082640e18642cfa1ad5b

SHA1
0811de3686f88c06d979f3b86afa17c192e0c236

SHA256
7708be51f36a9377913ef6f10b3f563d9e67cc7c68070e43d6c5ac1b08f6f9db

SHA512
ed4a930505a545337bd90f8f9c62cf9e967d8cfb9c19571f06bf5ec36071ca7af28f7bee4d6012007effd5256e271b4a074bc3b4946edae7caca2783c8b732f0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
a5d1a673589305b7a5397f73de372893

SHA1
edf9b55f45fae26392a37e957813841faf22b452

SHA256
eba26c39a1d1a29e17bd3ec0c517f745140138ffba25f76875b0afc91f06e42b

SHA512
b7a057c64b05736d3e822ffe6f5ad8792c14625e57220109b6e1373e9d01e037d1a9d06e927d96d7e0568dd19c357e9d121c7fa7c7f30d7db619bf670aacbce0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
975caf233a91803a05bef325c41af6e2

SHA1
187f4cca95be04cf5ba50830306250e3a5df26ad

SHA256
d87e66d589282a1b1c7b17cc337fde4631563a86d26605a2184679299d75dddb

SHA512
0b97468a186477d1e484da260e68b05aded5d927b40f068be5da55f8bc789006db25bcec5de6e1d8022247a7ae64bbd8e04681bbde0865a376a16a7b0f4a4af0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
2bbd857d2e53ff323100f6f6ed062900

SHA1
72446915e7419b614ff2900d90bbd4a1e87667c9

SHA256
48e800f7e34026ff8f2d7809999381e5bf2d8b49aee8d7d52776729c4647085d

SHA512
2f4c68d49de153475e88aca2af08922f1346708f59ef7a226fff7733700c9586279ba21a891fc32ec3271d97ce22adee607ea258c975127b0e8800b6993cdca4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
b5172508f678cce808de834e6aecdd2c

SHA1
d39986cbdb48832835cdd2d90e176adc8700364f

SHA256
1c7bc03ace2570ed220c138e98bdf3e4f8fca98f20347c1f6134b412e3948caa

SHA512
67ed8c0aaa9068070e3ba51e7d1217c6ef767367453509c191db57467031315dc3170a2241a146d83cba9c50a6e77ee64f93072d60066cf00a3151d42fe54e3d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
aee0f930484494a5419284267c905852

SHA1
0301054cb70fe0fce4739a16fbcdc8e6e2342385

SHA256
21677fafc039c5c27caf9858625a0a0ca5e9b8442fa0f6092a516c1638dca6f6

SHA512
b72382bd0f15f150ffef394c954356e722b59c250191921cd4f6f5abc71917b2854c3ebc934fe17a8e20f76b8d6eeddd5ca1bb13da57c459e4ed0beac418edd7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
77f7133da21fdc19dd64a7c62a190e78

SHA1
3d386491aabf352ac4b1131238227334b41c48b8

SHA256
8e6b7b0a34ff45a9189a240e5cc1ed4163de6ed6d87bbdfdb64367dee5cb63b4

SHA512
8da7135f98900c78d6f421a41278fd8751dd3f6c8d8c29b0ee65fa3a56e79bea6a104d101bf15872e5f36c236528cf6cb8af476097f19d713dce8ab09756d227

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
136478c128706a85ad06049a49bf7cf2

SHA1
6b93f16b20a457aebd8e114d941b3f39bc5928d5

SHA256
3b6140643d7cc8c2348cc286915254e87185eef44c222020474d882b24438a8a

SHA512
e6879e0dfc9eab30d6eab36d102dbbb2541a68aaabccdbea1c912a708fde0b2c8367d2ea2990a6380138072f7050eca4114cb8dd020daa595a07e4ea7877f805

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
ea09ea06257128384aa2f00c1a299c91

SHA1
c9747fe48f7c11d971d7b9e4ae300edda93fb4eb

SHA256
7d9187083000da60d89b9c1d187566388fa07e1c4ce749b04c01d9bc88755a24

SHA512
d5a5fe61d7975ba0daf85fdbeda3b6e785681c3087ef9bf067fa7b3ae3599110a0cb21370b3ff7a3eb2a9280dc02325496fb699d26531c81573cfa42c297b3b9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
1491d8f6430edffda0107138c55ba797

SHA1
fd9fecfc8fae6abe816cf725373a93861b9c4487

SHA256
6f1ded49680332d67f98f0eeaaaa9e3047dc20af20b85ce72382baad53772059

SHA512
be2e6859eab174b4104286551288cdd2b815c222c3febd4f448a0917dbb9f138f05794322831582f4806b27cfcc238abd9047883d403dc5e54ced8e789d0286f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
9970f89579d52c0a61950d8612998333

SHA1
442b9d429ca94ea81dfa1d153bbc198ac446c08f

SHA256
c0f206ba59018dc7524e08d6dcd9959e23d4e6934256dd3b8c7a60bea0b95813

SHA512
a276034a3fd90a654b3af0a438632a64db01396d564028935f97ddd2f82924b1cf059f728231d96f4e8268d6884618f9ade8d8791af6a4cdb7935212a36b13a2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
b339137f1a033cd4c0d1a72abe9d0078

SHA1
525f9bf2a903bc701e416f90ee34da2cc79d1d45

SHA256
2d0e1c7af5269f57a44d68f22fd23cb7c64fa6222fd6339ede448dc243fc2204

SHA512
a987b4f540d969b3c7403da77fe1bdf5c8fe7b948225ee1b3e6bd13bce3728593167c750de4cd79816a3abd7c2c71a6ba64438caa248633c4fefffc2db363a11

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
d8466cf33cebe86e77dda4531d736cf4

SHA1
c3acec9bc327be098f2a61b7ecb0cc9cb68a2c0c

SHA256
dc7bd141ab90801e0f56850caf74a254726e453147bd7af38c653047b118e820

SHA512
dbca55d35583661e9e010ccdc8aa7e2bfbf9f18c395572fd3c0863d50e49f2f4476fc5b37c59b25f146765b33f2c8467af00b65e846d4d3b16f3a21c13f7edd7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
d3613c00810dd8a08f0466af9da24012

SHA1
cf421604a03a9ad15e86b805c033bcdead597395

SHA256
d7ebed7e66196b8f93baeb09e9f62cce950bb87980ae4b6e02c4f0f1cd05c626

SHA512
229ae23b7356f94abbc89f5e95ba6f6dc01c59a2f7db8a190f58760b13d8018effa228a0e65cbf54b47d45f033f37fe217fa72ede888a99b84294ebf11254b96

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
687b967934f532f84cb570a602b440ca

SHA1
430a845fe3a1ac93e1e663d3fa47f70aa7c64e29

SHA256
254a96b9082c2a43ad8212c928049eee0e7ff571f2ca89287125a0d8785bd8dd

SHA512
8ff56401223648fcced076c218baafabfd1e0f02c448f0f6f1c6053644b032e09eb0c0dee6f26350f4e952df5d6d9faa78127220e80629c84c5d8257b0ece50b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
70dbe95b6797295f416ab70b10e0af3b

SHA1
88b64a3e0e2d1227a9c994f850e6fac08bb0dc93

SHA256
e11f492e12280918c0cc82b19a46663e1657c598c46f2c6302fa527133d323fa

SHA512
bedd0edc5c29f97a517d90f5d54c90f95639389a272aa29c568c123ae9c73a21574798b1fa3a7a7e9b6d751df8eab7b4b571450a6cd01968f54a7ab2bbeae58e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
014094b2781c35f02e329ddafdeae4e6

SHA1
842156c25233ce1535cd488be87a4c132d7a995d

SHA256
49bb42017c4b64881f775c88be5aecd7ff645fa1f741b7bcde467d59f22776fb

SHA512
ca4dc9dba1a773fc05d3c798c95323b1237655c56a1b8f7dc23a080e7cdf53f5934d58c25f784f679a5da0ad59c648852b764c54cfd18c895b881650c2b8e61f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
39529d2b256dba9ca766a1430032e733

SHA1
c6d63f7c06dcf38dfc066a6eaace4773a2a41deb

SHA256
205a7ecbd55a0108e5bb00b121313e66612b820c6bbf5a561d0955b09687c394

SHA512
bcbbfdf4f8cc10248a33853a130416b23799deb17b827a34ba9f30c8ab2b55031f908a3e4b3d6ddf78aca01f5a81a1d13145a3de86513076da1cbe9b5b5f61aa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
027bdab93e3f823f6d72916f4174d997

SHA1
00851bb330ee715167f89109b921342cb86d75a8

SHA256
d70d342f26cb752290ec8ff7f8ef65c4bc3c5d64da68c1e460ae389e4de60ada

SHA512
7baeb99111c5ecf7620f2194c7e3c61acf3b751dca15349017b16ee4c61cadf262138551a2fc754ad3deb19eb166e0b1a65edac9807d96973b09a13871db49b7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
811b0db09ad82b27aa2f9dbdca99cc6f

SHA1
d290768f208b30f9c15afabb9c22dd276718b1cf

SHA256
ef1e82e6763c1667d8a4de513a7f920ae907417c249ee6abaf63efb8268a4200

SHA512
8b4fec17df0d1a42af0739e555d44aa334167c4abfc58831e97875623443700578bdb76cabcaaec73730a9359f48e6da39eabe2a61202983e541fd4fc345d902

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
80bb0fa39e45c896e95570217fe4c994

SHA1
b227361aa720c9a42277c415c569f28971fb0ac0

SHA256
b14ef17dbd47421b055c571fdff4ac99e55f81e4e0a17e1b1be82fa5f0584422

SHA512
e5158a08b7d21547754c331e2e236d4f581dd3c2d00dcacd75bba61fa7ae3ded5ed7e3cdea1b5caf9dc99648b65f81e7b1f6d07cbfc4dec2c2d1c8c78d4363e5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
2babbfe979eb81a5ad6a8aabadd79c5b

SHA1
9bde184567607407c2937f9c1ae6b2135760f357

SHA256
0a8b4f13b778d73907ebbc84b36fa1652aef5fff695738d7358dd5cbe6c35f15

SHA512
d8332a8008d08ffc146c4ca24be171c7ceadf19805511f5dce7d12cee905b125afddce128cfa379799a009539d196cdd1c3c23ac4cdf10e8c006f7c43b2695c1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
fec73d328d56112ebdff3db0864f0961

SHA1
f5725645e7261e47386b429628d1391e9596a04d

SHA256
8e5215af6ebd2a5cadec4d273fb1f881dd006339be0fcc5d92b2db5b73543263

SHA512
81c78cb6cc7b5e5d0ea057cfc40e8a23930b66d64fe868697d7b536e58512d8b6441a55d3d2ff7675a674d95669405591487ad9823b731b829121783f3676362

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
125d8fff1473741fcb65527c1c041c71

SHA1
cef7a03e7f5c5ea3787858dd17480c5856a910bb

SHA256
3de89cd29515d45c901ffea53311429ff78701a3879bec8e1ee582a1ed47e036

SHA512
feab01ac57aefcb85d52d252de908b6a5dc1d948c42f3323cedf525228aeca51660a03a3794e5941048475e87d59041b7c409db470366334f5b0f3caa38267e9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
6e82eaab49bba8476da6e09c4ef21839

SHA1
0aa8dc5f35084e46727628cb119de28ec98bc84f

SHA256
aebc25dab57d52557a0b4fa05dbcc597574cba2707b27fe4f39fc77bdcba920c

SHA512
e01904180759e4e61d7294a568d2545ca2c36259add695763bc273e180f6a38618816344e10593e3201a4eff49c37bf53f7d818fd71f545fab837b826c801b3f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
8e7c534c59f8ba66cc64c3bbbc93161a

SHA1
b7fef744c0cf3ce0b6a4323650ac69dd6d234da5

SHA256
0913a5d9a747d94ea6a39e7a9dabb40d2ab98252736b649b9331889a4650e399

SHA512
57a7eb112392eb6e4d836bceb30e0d726adefba7fbd1a661883485a08c4c2dae4ba878bf1b115327e8ed38a5d9851ff671524f2a5348c40e3155adeab7735c0f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
fcef41c0bfb8746ae03b8c9bb928a611

SHA1
eb2b7f166f63d6e21a0783d57c2e3092f0b3683f

SHA256
b86fe8770493d789a49eb35edfbbe6e85d803ae15550f72fda2865d7c96510eb

SHA512
7da098df5c4c62c0e90783dfa92f9f5c810e182b405bc705b4649a8d8370a0c76fae7b57059a5cdbac9ff0ddf299fea502864391deb51e59d5340d09f7c96955

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
5c0d4c2d2386b2941eff1946e008be1a

SHA1
34e4569c1f431d340c4f64ceea42ad1be7db0c65

SHA256
e4904d06854aa8c3674ecfbea2b91b765a374417360332ede95feb9b0030d0f0

SHA512
9686a955bf7eacfbbf31d250193d17b0bb1c63216536e42f03aaf48f47ed7aa4b8c09a1bc068eb1b131e62466bcf69cbb189b95e620d38fc9e0c7e473ec69447

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
2eabee2936639b4bc4cd065f72c7dc76

SHA1
0aa0545ddb44337bea593a8083505b68f0c5996e

SHA256
5de0643ac1675e75cb73907c86dd1206c89ed94150ec45e559fff5d1f93cffd7

SHA512
bc73aaf2aed11252008d3e721b572768c270743df8a6a5531ac3a238464b21078bfa4f7bfb72d9bda80c7dc6c26bf6412694780592eca30f2e3b29b6db3daeab

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
3602d85706bfd429c9d75854c1230819

SHA1
9330b3413af40afcfa5589955badf34b86e93560

SHA256
f99b4ee5ae0cb0edffee138f1d475a75e52a7cb7032625fa979dd42e4f3c64d7

SHA512
f53e0a30279ad3f6b33c830fe31cf6dce7b8db11a06f103a09f817749ba0967bdaa6bf35b72519f3979378f5c7e700597b4b40598b3986ab37ad1aa6e81f18c4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
e9b2c36ee2dfe413a1a2b0314c10a89e

SHA1
cee21b733e44061f1f7226f6ad0e98a8e2989376

SHA256
6e79a4951b9b648a70e7664903aa8b69d9d881070a11a2216dc7facab0d72309

SHA512
c78eadbde04e4df99fa447b99b735e7c08eae3dff1b58dcdaf7aba580198b01f77e349c3eb1b326c84d10cc3683c4ae5c520d2058c98dfbf3f9098bd8e9c0973

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
1d6a7891fed78f1aa748a1639ce644de

SHA1
616acbf6c10988125819fc4f2c3f50572590e8e8

SHA256
455762476c91f242e46c731ec637e184e4eea4558d5f895444ac66ba7f6f056f

SHA512
45badab8c8d539ebd42e6363592c76e3f181b9e2303cf138155ee6df54ff48d835cfd788d2a18063a324d2b690a240da375e97513911a62a08f2004ba49ab5af

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
0ea0674eac5d35d9758a921ce54ec1ea

SHA1
35dcf2c97b2d0e2520ebb4e2985e6376817a4ddc

SHA256
b84c4c3587876f81f57c67a4d6d3b93ebd314cafa8d3ea2b0e601c4eb1d1ff26

SHA512
b9d629c4bf0508ed6ae6b1a223f3e04b6807fe388defed9f93591c6884c1201f1b8cf0fbe53a973382e9956d0149106691e08c0f3cc0284fc42ca1b8c630e50a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
55e426d28e549791c7f337070073ec91

SHA1
29ea82c49105a39c99bfc6baa655f628c87168b8

SHA256
bf4c7fe5c7ec0d80a4aa4bf9235250764ba2c02d993756330cff1ff9fbaaabd6

SHA512
3b45c77fd8f89d989fab96ce5c6695440ad7eb92006ed42f61e542d9d30c6fa4d944f6253d3559f0b81f99da99ceeb0883267ed1d0ffed7fde6f6f637ddc8dff

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
6a78573e6ad910077900b1e690877096

SHA1
971afee01a57a2c41406938a099c84b3f024c9f1

SHA256
4485c3b435c14c5b79a053f360b526454344672268467aee75bb9f9e67fad1d1

SHA512
45899d42651ef40ad6b3830629352c1d098c3702ddd85c2008e08f861c7a6220c7e9932e3b9dce06f7542dd6a2aca9921d8e88ebbc9b7415cf2b60b6a21ddf96

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
a531452be29be716070ef141d566f67a

SHA1
771300be9ac216bc94a78730857c1362f5ba85cd

SHA256
b3966e5430efb5dcbb2480e73c11b15c0dde540a3e1f7bd44969aaf7b356d7d7

SHA512
110ad4e456471d1f6deaeb5ba622685322cdb204c499606e97b0fd7e23f75d6c77a2e633425cb6962ec71861ce3307f329636849c79510b3f01df8509d0408e8

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
be1dc028d2f035bedcce7cd8a122aea9

SHA1
3d75379e53f9d171d54397b39fb60647c909d4e7

SHA256
e7f7c475888528ab972d3cc869b1525d5357e8dc98dab7bacbe80fae6067c545

SHA512
7fa586bd16ac488d022c83ca64a1a3eba0d5b5afbdb1990c84a038112d645a5d8acd3950fea1b37c93d7824ddf9cb0e6d77c6e3a9ca2659313432a047c4614aa

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
922e98ec9524eed724cd3005834256ab

SHA1
682df3ccfaabbded269c6f4bad657caba508a04f

SHA256
073b6f4fa0215a48d85792fc9ba8753ae9815e8963c1f802396f0a5e07762ea8

SHA512
09791dcd63c7b1a97e7c3ae1f9a922ae812a10a701bcc34a809b5daf0388fe3a697a68191e3f0ecc001b28c0b9ca2993e20287b1040514c3e20c9c11a8d092a5

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
e53854dd264edfcc739a4a37116a664c

SHA1
61cd057673af4abd2e39d443be5c6355f2bf305d

SHA256
80c2bb8f4d15a9815581c48ed490f19cb72569c4a252b028d99d5ec9e19a4ee9

SHA512
b43841c075ff0509193b33cf35352c210be41debef894d9db0b151dd2644c2ba64e2f8d7a36566e121bb9fae4511fd3d00bbff8a45a0af6f99ef2a9ff20f4844

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
2800d6ff3c636ebece3b90eeb7b05747

SHA1
b9cd04926c72ecdd3dce1009787084d8d3257ded

SHA256
125e29b603de78767f80946f5765aff51548a896b232604e81556ca1a7cbcb87

SHA512
6a50ecb87866abe928eccc55403cc95f2d2a621786732fc658d0a62bffa4e899321d200ae7e23721b736a956a565fee02ac05979458650608b5dc8f6c4b4e6b4

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
ef35419e914f1806023d3e64ef383b85

SHA1
d4b96591348a57d7ce99997dcfbc4a6b1cbaf80f

SHA256
cf8c5f4c50e30e0f24f5b223f5d504c431f792cedd56ace27b38a1e3e385d945

SHA512
41b5e4dbdc5da8c1dcf88e950404821dd589e25141fb9e89979fef72974482b2f56e70299a5fc7f933fa9c9e6ef9c289df73df39fc9e98141cc7a531155e0eb3

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
02268b5b44128b1e5b261fdefaafa4fe

SHA1
123e77b47a0199d779cc52114593cae9edfb7137

SHA256
408dd9e49be462e0e2690c84f479b26507948faba197135cf838229e6ad9771c

SHA512
63fc4bf98d88ad2410cc3a9a6b0bdab45031c8e24a8bd3619b01924946d4b5906ed4bd9bcbf7eef3cf342f6311ce31efa5f8d3b7bc5920ab05f5b53ac1001886

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
f1babfee0b1ceb125ed43f5ab5675fd6

SHA1
ab0ae7c21e2e12d2c9eadeafe4d329f64e09bbce

SHA256
1f729b1131e33665c1a90038e8838f5e12f0ce857fe969caded03ef7daabdfa9

SHA512
f2dd69bf120a654a4cbecc439803b1b23be9f1d0d66c12aef17e5484e2cae2c4990743fa0402602a0f971e2be2084f698e24b627d5ff6222f61dd3671d7cf037

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
2d19236928565d01b9a1b20e9a0adbd4

SHA1
88e4d988dee7945401b62da51d79c845090d9ab1

SHA256
8820c4cd7e340dce9d3885f13f396aeff733bec68e942fca5185841079e77481

SHA512
f4133b02429cd457cf2e491f2a2ec758b178a72e2b5e153f8ff2e5413bfa48f871736789d0ff47b4c5013a160890c888c71960d2932996b882673fb91d54e876

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
bbb786b5a24fa371b09af71a083e1e6e

SHA1
553a81c3ab6f33397595345a201788fb5865e076

SHA256
17af19fa63d41d361f4d001076d7906b7761accff74c2abf20ee927b770df9d3

SHA512
31d92a83a07421e51faea225aced077e34cff2f6a9d54f9052fda08e051d2b801241d276892e0ca197b9a649641f5399674d52fdb19a32855a3e760517b38843

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
5c770c08a4f3a6aebb49fb212477eb0b

SHA1
ccd05102a660eaf331bacdbbcd7d1dab80f7d484

SHA256
fc7fb7d975fbe285d11f9110fcdfd929eea983276f4d10011a8c87402c612f2a

SHA512
3ab6b5ffd3de6681a385e14a8e0b5e45dee33c810c36884d31ee05a0f00b6ff32adba2ed0535b4963574c575e5d295553c8b3513da03dd9ec24f49e2d8d1245c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
eaf30806ad1a78f96812de54d930b6f5

SHA1
6a79ce8ae2b1acfe611611b91f522fb0af015596

SHA256
7ed54632b8dd43a684e5ea64b2ed406c17545b83e1b7e07616baa1ae636e3173

SHA512
fc428cecac111f449212d7e6b2798929a3f6a94a1e9e68c51b50c89d0684f5cbeb2ae646d103bf570b61b403f0cc46d719f5a6f6d129f44e658b3c2a84c74c4e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
e7516c66ea50a66f0fafc0655b2c2a53

SHA1
5bf95db5b9b2b89f9df541e7e08e1b13de9cdf39

SHA256
85e66f44369c3671552d2524aa614b94736c1f665635733f5d0ea87152cfd111

SHA512
ad2f564dd43fdab12cb92e7a9b53a4285147d800c878d3bb432791ca4249c9c722a99e209cc8d7ae0f2d2087bc34eddd6a034dedb0da48b33281cd11a64a6380

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
14db8b707e4127a16c2bee0ae6613cec

SHA1
09c282e19916d522940131ce0230f7ed8b6ca15d

SHA256
8bccf2ed6bab6e896138c99795bb1b34283550ae7b1fb884400615065bfd76fe

SHA512
2ab863128e5e54471cc135bef93ada8b4acad9c8eb5c99bdd2257641feaa1cdeefc4d9704ee345e8e53f7468eae9caaaeaac3fffa4d624521843808e5d4a5af9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
8a2b7aa1dcb3f78d68dc47007e7c1e9f

SHA1
c19f40cdecb1d02de72d76e4e28ad5264f130462

SHA256
d2da634e6d0d0d55e81df55ca460d184fa0b0e26765691dfcbe6331da70a88db

SHA512
a974a73d6c1efa2f6e1e7013e041e358e20d89582c8f6dfaea9d3fa765dcd072d0f738e013ffb35429ee3b7f0760e0bee1a4964f61eb662b8e44378cf6faf500

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
4028b4900333a1dadcb1be07470d6ffa

SHA1
38bb6c1051c1fc6caa96bee83d9fcf3db359c6e5

SHA256
fa5226ed3dcc9032f82638db376f62dbf25c238672444227c74bc1db80b490c3

SHA512
e322234bb1c43c6832e4fbe0dc6b5cffbf7d6d2f481933618031a5795040fca03936405c98e2edef3f4ef9fd2df91abb7a6a5990def55b6cb3333a4fea5c0f53

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
8d7561b1ed0c1ec3da731827a4908525

SHA1
1a6f7733a912eb6f6ad6565d043405b3f6ef248c

SHA256
5236ac5db42408f5989d146b6a376ca2b51a60f514b384242a2ee910731552a4

SHA512
8b5096c43e9fce48ff4240518629d0733717d371641105743a95fb3fee8eb8d858426938c77d7392b81815d44a075a39beef5011ad4ece6c6d59563cfdaf8f41

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
75f9d66295630e128c09148d8b7e6a40

SHA1
422063e2ebbc639a23585896f818c27072da6f00

SHA256
2a7f2c91209cbfd08bbf1c6d6633203cb02cb049c23375adc7b1a98f63c9b4d7

SHA512
37cf2510c01fedca9d394a22c1ede24c7eb75da5d9029703deaf7ad709eee17478dd2eabff9c1edd876ad73361f20d4e9db2efec863ee1582c4076ac6b6b5333

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
f024875bbd7f3f4b26a1310d6f01a9d0

SHA1
a71825bed22fc70a1ca44715d8ba24983ff476f6

SHA256
bc37fece17c6a209724291ea97231ca0dbe70a8d78895571775be89c4db110e6

SHA512
b2a181580ea714d9804ad2a75754703edb5fe99e7ef859cde779cebe1e405cd251c7e3c3569eeb847c91ab387620052e45cdb3be02bc7e9246688ee0ae71c772

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
9606daa754a8e9563b8f7a51b77af113

SHA1
124baa0f0b13c70214395b9b5df2d0233e556660

SHA256
c916aec122122af4ebdac136341e9bacaaae7f9ded6e108cc5659472b64dedf2

SHA512
b0cab7d5992c84d3e5bed65e225d5277d780493200963137118b46345221d99640b929305c7a86a0fd5a475c4fff961b0471ef65b51f7c60a55fb3a177899bcd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
d1d477d0c373e08a45df5340f842abc1

SHA1
deb234d4ae44e261dfd30bf2d19aeb8c7d1f312b

SHA256
1fe543d8e9454a985c2a5701997997899bfbe5eeaa63e62183d87e947de4d9e7

SHA512
1265b0e8fc0accffd1e426bfdb68188888c821fa40149a7125d94b8ca9cd248c52678af91c75188b415e03d6893a981dd164cb34f003fd997668bcb0c1cb8f8e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
8a49ad9aff95fcf5a4355322a7967122

SHA1
ec1773671e831c0dacd8e966c2b24747a89856a4

SHA256
a0d74e8409c01f862412cf9629b1b975e657832ffe304b69361e0d594eb9f2a1

SHA512
64ca52a741380879cf8bb3a44ac588a2b2fcdd9daeb3cc840e92619dd87dddb2e6c7d34ea15e60a4871d2a43623e5f0c43c60a6e96274ba627504ceee036beaf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads