52f01a2e8797ea96fd305aa5c4167c80843db8e3f8b718fe6c4b686d7c9d8c5d

Analysis

max time kernel
87s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07-10-2024 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
Size

12KB
MD5

1b00466fda879c94d956c0c1c59ec790
SHA1

5774b50124cec293307e939ce08eb22d7ffad72e
SHA256

52f01a2e8797ea96fd305aa5c4167c80843db8e3f8b718fe6c4b686d7c9d8c5d
SHA512

244c02ef9345ccde7b5a7f296b36f2c51edf336b0a273d8fd03db49c466417b4d27d7f5670567407985850302d745533ce3e008b122dfeef5740a7e27d534ecd
SSDEEP

192:J/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjaGpsHcxUw4h+lfPtRMNIxqH6:JebFNw4Pk1itKkpAjjJs6B40WNI46

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2166) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2OM66SBQ1gMU3f5.exe"	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_command_precedence.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_methods.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsOutlookExpress.bmp	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions_advanced_methods.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_job_details.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_format.ps1xml.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\en-US\erofflps.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Automatic_Variables.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_trap.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Automatic_Variables.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scripts.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_aliases.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_logical_operators.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Ref.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_types.ps1xml.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_aliases.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_scripts.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_requirements.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_eventlogs.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_operators.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Language_Keywords.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Windows_PowerShell_ISE.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Break.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_join.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Reserved_Words.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_scripts.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_operators.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Switch.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_trap.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_profiles.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_transactions.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Foreach.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_properties.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Parsing.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Windows_PowerShell_ISE.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_jobs.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Session_Configurations.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Signing.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Language_Keywords.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_pssession_details.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_scripts.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Core_Commands.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_advanced_methods.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_History.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_providers.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Redirection.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Programs.gif	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_command_precedence.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_do.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Foreach.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_modules.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_command_precedence.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Variables.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pipelines.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\it-IT\erofflps.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Return.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Path_Syntax.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Comment_Based_Help.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_CommonParameters.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_command_precedence.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_debuggers.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\THMBNAIL.PNG	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR8B.GIF	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Stationery\1033\CURRENCY.HTM	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_snow.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_right.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_snow.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TaskbarIconImagesMask256Colors.bmp	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_right_over.gif	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\PREVIEW.GIF	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099198.GIF	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\TAB_ON.GIF	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\OutofSyncIconImagesMask.bmp	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_GreenTea.gif	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099187.JPG	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02201_.GIF	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10335_.GIF	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\CircleIconsMask.bmp	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\1.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_TexturedBlue.gif	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\TAB_OFF.GIF	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\TAB_ON.GIF	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0386764.JPG	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01179J.JPG	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_Premium.gif	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\settings.html	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\activity16v.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_hov.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.bmp	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_up.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Places\WARN.WAV	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_over.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR44F.GIF	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_MediumMAsk.bmp	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\main_background.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\drag.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\THMBNAIL.PNG	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\RSSFeeds.html	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341328.JPG	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR33B.GIF	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR7F.GIF	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Form.zip	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\settings.html	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382962.JPG	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21324_.GIF	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_windy.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABMASK.BMP	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AssemblyInfoInternal.zip	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_Break.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_jobs.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\settings_box_top.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\ehome\es-ES\epgtos.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\drag.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\403-3.htm	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_aliases.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Savanna\Windows Pop-up Blocked.wav	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_left_mouseout.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-rssfeedsgadget_31bf3856ad364e35_6.1.7600.16385_none_07861dacd36a18f4\rss_headline_glow_floating.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gpupipeline_31bf3856ad364e35_6.1.7601.17514_none_5a5226e685faba67\DissolveNoise.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\novelty_h.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_black_snow.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_Ref.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_Windows_PowerShell_2.0.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17514_none_75d78dc0bb37c026\Wrinkled_Paper.gif	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked_gray_cloudy.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\ehome\en-US\playready_eula.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\500-18.htm	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_Windows_PowerShell_ISE.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_format.ps1xml.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_45286e597214a485\401-3.htm	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-heritage_31bf3856ad364e35_6.1.7600.16385_none_5872c0830d0c4747\Windows Feed Discovered.wav	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\default.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1\prev_rest.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..tyle-resizingpanels_31bf3856ad364e35_6.1.7600.16385_none_bc51073aee3391ed\NavigationRight_ButtonGraphic.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..yle-specialoccasion_31bf3856ad364e35_6.1.7600.16385_none_01242a21ddccaf3b\1047x576black.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\setting_back.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_divider_right.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_right_disabled.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\modern_m.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-pets_31bf3856ad364e35_6.1.7600.16385_none_d0d7ee773d711005\Notes_LOOP_BG_PAL.wmv	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked-loading.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Calligraphy\Windows Pop-up Blocked.wav	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..dthemes-calligraphy_31bf3856ad364e35_6.1.7600.16385_none_c1407bc73caf8dfc\Windows Error.wav	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_requires.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_requires.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\405.htm	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd\flower_trans_MATTE_PAL.wmv	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_pipelines.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-t..d-chinese-shuangpin_31bf3856ad364e35_6.1.7600.16385_none_1e8c88df3830bbcc\TableTextServiceSimplifiedShuangPin.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\timer_down.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\404-14.htm	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-e..eady_eula.resources_31bf3856ad364e35_6.1.7600.16385_it-it_227e33fb04382aa3\playready_eula.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6\DMR_48.jpg	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_Reserved_Words.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..c-style-performance_31bf3856ad364e35_6.1.7600.16385_none_1d8aecb671a2bda5\NextMenuButtonIconSubpictur.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..sc-style-rectangles_31bf3856ad364e35_6.1.7600.16385_none_258f1924c482b7a1\15x15dot.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked_black_snow.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49\Windows User Account Control.wav	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked_black_moon-waxing-crescent.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\403-5.htm	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.7600.16385_none_a61138e7aab17fed\Windows Information Bar.wav	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\4to3Squareframe_VideoInset.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_modules.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_fbf7e0678b64a4b8\Windows Notify.wav	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_Continue.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Heritage\Windows Notify.wav	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Windows Balloon.wav	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\logo.png	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_Throw.help.txt	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Afternoon\Windows Navigation Start.wav	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Garden\Windows Balloon.wav	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Quirky\Windows Logon Sound.wav	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KIPNJWJYXJVVHHW\ = "CRYPTED!"	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KIPNJWJYXJVVHHW\shell\open\command	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KIPNJWJYXJVVHHW\shell	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KIPNJWJYXJVVHHW\shell\open	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.gold	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KIPNJWJYXJVVHHW	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KIPNJWJYXJVVHHW\DefaultIcon	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KIPNJWJYXJVVHHW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2OM66SBQ1gMU3f5.exe,0"	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KIPNJWJYXJVVHHW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2OM66SBQ1gMU3f5.exe"	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.gold\ = "KIPNJWJYXJVVHHW"	1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1b00466fda879c94d956c0c1c59ec790_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
03307a2ec27408518c86946757bd9922

SHA1
5ad6c6aee6a3ab44eb80c8b7871418b1fa1d0853

SHA256
dc515c44d339fed78cf7c30035aa336c08cff5e40143b19c7c7d392480988d94

SHA512
a1d07affd4e905a5bd66abc2a74a049af78b5e9787ecebe1ddae1d87c940a2b1f74dc055e6a8098d4f4f99eb4dfe0657ee61e9bc96384a07c9525d71696031ed

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
f5966d2c58b9b34e2df78ba0d111de81

SHA1
7c95747e1f078e8d3f9cc37209a3efc6b4c6d641

SHA256
521d67da3a51344ad60186fdc75e7ee6f430785ba765a91c0b025e212b5698f5

SHA512
9210acce126522fc92c619afa6b8102d592fd9793823ce6065fed966965312c0f8e95bdda5904e5361a78a8f45454ecda380201c4e33cb30f2bb263c33ca2069

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
5fe9bbc3bb9f3cdaed9ea769396b83bd

SHA1
c0e6c4a0b92f72fe0fe46bcb6b99cad918f0db41

SHA256
073c9d5d95d520fcb69a33dfd536b979984f854fccc0b7c961ae1e44cb1cbed6

SHA512
f1b65aa300e3116878897c73eb0e0b13e688cf022e2db2ba35c18e6ae7978f7781f0884044fa064b1a3e2ed840b97454a405fa04578a5fd7e74490270a6911ce

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
7869630898fc37477d02e20adb04418f

SHA1
8859c45f299215f11e96a0fb3bee6a2cba4d392a

SHA256
ffc16e415fc177c8b651f4402d7ffd969fd38af2c54258831a8d6839417fe337

SHA512
93e8d7266534ff044b995fcbc8d031a8f4d0e30431307751231b95e7421c2c82d88d1f727c642db3bfa2eaf91a073404c4f3c38b5576df4dc5302df7ce0f0f04

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
fc9d2086951672c0f3556f958cd1859c

SHA1
4ed004603c969d1526f03238dafbd7dcebfb3fd0

SHA256
6f24a4df262f0d9a36b0942fa1e8555236185f3dc731ac55a0a2bcddaf182683

SHA512
76b22c5b51c1a9c6977032db86acb101eae385ce20a812be17eea53d6d528323a5ec06aaa33435af02558a2da89dda1f4c3865676b928a958e2bf82a196fac58

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
b5693d6f2261f7a36d7c1a4025b3216f

SHA1
47f8eb9f55d69df63e762bb29b5befc3f9391eaf

SHA256
b7c5735dbf9e9f26867c48ab1731bb8c8c92cd13224a8324e2a97f8d4256fde3

SHA512
2628dac5a75634cbfa069e9d58dd0d26f3e87fe603b97f799d0faaf56d9cd0a12c3ddbfae27fc08bda3418ff64cc103ea209b62cc04092a65f24b620ec4958c0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
0190bb604e8994bec01e24555f84491a

SHA1
c67e03faa2c7d9fd620a1cf8bf8ac66600c5ced8

SHA256
aab0480b7682162e830c4f6d5c9ec37689d36ab5cd9c5b90eacf302fb2bb09dd

SHA512
1201f55dad551c92bd39ad3c89bbdb63e540776e7d7fabad1c61405a4ec611ae6882d1de497ff8c4f1effd2a39e856a2ea36196c0cea0634ea0802e68e54dcf4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
ed49b8b29a797e457ebbb1adbed2ee12

SHA1
77e843c71376026aa26c8624b969e6f8c992edd4

SHA256
1958fd8a3b4644b8b91a8942aa5b580956687af3bfe385cd7d40b43758dad264

SHA512
7052696f799c2d32a3c2f889ff3bcf5511ef5e9b7cd745316031f42f2e45cf1cb8d8069649baff6660d5f4a365c0e4fbb06bded66e493b7e99d6d1dcc29948f2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
b1dbc912f35a050f03009ef4d6e80706

SHA1
31631590bb05684ce973ec6a567ca9159325a1e3

SHA256
c1dcf7f2cc91a59162c4e6e62afd884cefe6e3100c37c2442c300d266dfd0eae

SHA512
a42ff9b9827d54db89ab4697e860afebcc01816dfba6c83b8cdc05dca3255c41ecd5ef5f1ecf756dc8150e6f8067e346878d2238ff147837b85133f7b13a20f6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
4bad641f38b72b4f189c9c4942c94918

SHA1
3d39aaa3a291b6648dc4fe3e65844752307541c2

SHA256
5b865ff004dac15e276c78e64ab428f2ff2f8be2d9bd2930ae946f555444fa3a

SHA512
515df4331bd78c0729d772e7194729ad7fdba0cc900965cd5eab64dbf968e1f225c963d99e67d0a7df50137bd1c9bcbdab3540455e55ca08eee51e6c7db2ee76

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
f58ad8ebc5cb04525fedd652b47e6ca7

SHA1
13657da43d2f840f774afa39687b88550e4d1335

SHA256
1c7c310918c88355a447a81c154291aece130b17382d07aee1b09a6d42c51022

SHA512
de9551de7a462ffebb5837fb9e4daeebd60edfafc97c8e49489509c7daa64f9febdefed67d702b87e8de60efa7b2c5d6ca406e2233b28793902fda5ee75bace8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
08e286a485c4716af742e0cfaadb0bcc

SHA1
d92fda05a3e64badba968ebcf5d9e4572503e547

SHA256
471fc9c3afc2797b79e99a391a6f39874e76f3ba888a3f957b31b393b2ca1e23

SHA512
c2bafe9130c2afce982d15cb884cab50b758588f5a74048d79c0a2999930058a10494ad42ae09c0746c0eec513490e4583d27fb0fbf6b01a3d641911bba18296

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
0011a99a1bf50fd591fd18be9ec5bbec

SHA1
2f6d813fbdd418b6f631d047779d9ca8a179bb13

SHA256
9273889a51bbf84a8a36c5ba6cdda49cfb7470bf6be465b67110086031e800bd

SHA512
a078dc1e50aaa4c0f83a5f51238ae6f67972c2605ab4eaeddd86b6ec2a0669c5d3e3e9fd181ce5451090cc8a96f36c81902d941fd69f9cc6196856c67d61e591

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
4aa057194cfec81e7ff9c6f49d999e4b

SHA1
9297659f99af554ebe3ac2bb2cc51c1380a7ba05

SHA256
dfedd75d7aa1187367590052307b4e2061a42170ab3ce3fbd42df75c27dfd375

SHA512
ea2dc436ff10a851cdb5a3fc287805cb6bac1d1365e9bbb51469479777866a206402b94f90560fd8d66c9a929eb07c7da49f70c43b3b244da1a52d28a2605dd5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
1dbaa5da5daf0c1df53f52f19af5cdf8

SHA1
9823e5fd1a661e74a979ba88489ac8c192f871b0

SHA256
f62f9eed93b329573f0b8223c0a8ed50fd86690bdb7eb3277aa53affb9ed73b4

SHA512
d3aa76eaeaedeebe067c907f9f2d22ea646259ed3cc0761795d8244f7879b465d3ffab5314b1bcefa10759b5c4d77fb0908e9c3d719d619434ac7c8a19b0ded7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
afe2b1a41bcd6f1cd09c40f2cb61f5e2

SHA1
8cc1b06632af2cff961002768de2757571d00edd

SHA256
cc4a75dac278e504f995b466a13ae1eb9d01a0de7c4de712109da4c1a1e45db0

SHA512
7f6a6a9bf75f0d68635312426b48ebf5694aa8af44d982b4ce45ac2035a3b58abe8e31776e22f9fc22a43078923b5e2990aae2bc9efdc5f7367d4a683d99a240

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
4f099b3446ea5ca39b462089fc35d6c0

SHA1
54b347432d712c2c7fe502d47a4a56066785138e

SHA256
c4a2845b1265f709b3d5e35ff067ad4cd7e5f074b47541ef48db4270d1a1e57f

SHA512
14cf200ee9ad364d1ce8bf0c528dbce1a3ba22dbb9e1f008772963ef6ccee253e304bdef436cbc21f6ac8a0a63a67d27850f18882fd7e9d93a86958e2c4043dc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
ff979b8cf1c7e6cbff2d2c38818f3cae

SHA1
b68a977ba1465b89e7b22a63b58d3b10e27d33bb

SHA256
b78bc1f8dc6ffefc5965f27197806a83c7d300edcc88bda7f3d0a1d8b6e1cbfb

SHA512
369d507b1c532f3047cb6c9065ad001f52a4595a13b3a53ed5fe0642b9b05e89a56925cdfc2b4aa86535849dd7c3526fad7f6e0a7cf24f43581b850957c17702

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
7b33d069a4fb7dfd4e24030352486871

SHA1
0785461962c1a5118d577851e7cb1083fda54d86

SHA256
b022ae2e4e569d9d4d6729528e42235ae1d4e4e7507391a1c5f3801dcf04d248

SHA512
fa08f798f4872f4e4e260642af3da5278316fe2a6122038d06bc4948125e293aac19c6731ec71e9ad163ae125aa1de771d1b1118c41efac1f9824f39230c6859

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
f8ff67ba0a38a4a8e3eead0a5cc7aae9

SHA1
a775f3ce8fead27d565937a789e99420b4584619

SHA256
3fc7895878debdf84bb073fd54668fb7ec5818c920f7c1596fc6252e1ecf552e

SHA512
891cac9587ac5200f7eccc5ed2c28e8563c72a8000fc5d3b09c2bc1ae4bfbbdbb19eccd5b000a6e146f1cb52b7de6258d1f767d636b05ba332f256b223b0902a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
24fe536b5646ab3653c8cd7f6c1dfc7f

SHA1
a147316b9f38077daaccecf9bb7113436c022da0

SHA256
16a5078fa19dca8930ea85d56ac58f19a5ebb12c540c42d0c7330ff6a95e53f5

SHA512
07c29bfb71e10ba0eb70091df45f65ef02c7c22fa9a7e0a7d6fcd738839b701e5a88e4ca7712916f76e2c9203135716d20372af46f65a36f98645be1349a9fff

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
031d608fd381eac4a56c8b87e0ebeb27

SHA1
3146f8ec81fee743fa5878f6d63ff520ef76447b

SHA256
b643f98ea8daa2bdbc6fd885244d768d4b86d9b25000ec30a2552de234172970

SHA512
f17ab5980bb83a653cef4b5ecf0f175e10a28b6332c24459aa483c7297f6bf1fb072bf9611c3f96361f1aeaf262be16f4dabadb731ed52defd34dd15663e4f21

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
30f5e225a0d35edbc72e560058ac1c85

SHA1
ff431dbed8e18532fc30da305c671afe347f2309

SHA256
f5b1bdf2f3e458524f288c1fef14e5520d702e03662ab4c96b95c510fc8a3839

SHA512
55c5efee3da963dee4b8f3e33572acd10da7ff1c18b036d8e8806ce647aa76fed7d2e8b243026bfebe1b4073d9dcdea23bb6a305bf50a569e0e5d2dcea30d9a3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
8a4fea0cdf5120296a77d3782e5e4e7e

SHA1
132c4aca55e6edcf8d1d74431d18293c073ef70e

SHA256
c392b3c76f1a301f502a9c94c4dcf7691052b180e712a037b5708238a56dd20a

SHA512
5bcfabfce6232e19a8d6bbd01ac701a4d814d9cbac97032c2dbaea97f3b5d2347ddf83474984a65a1cbdc0dd65b1ac18e8dd919def2932a5847511bdc3ef59b3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
ba4f2204bd667f732b724c4a99af26e6

SHA1
e88601bf488ce5e9164167f499d93af55178980c

SHA256
6710408b2e2fd0468f37883fbecbc686b5973fb0067b8c49b64d36e209a8ecfb

SHA512
8d76854d17d7456b25ff361995421074a25707c85ca3e0a3054024202bc05f85af559e5ddf64a31140c812b3a6bc4e67fa66f45ee2dc06f1fff8feb79d55d327

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
3fd4f3dc25445aa134d8050cf6d3fa55

SHA1
f565dd5f27afe5b47cff436e4bee1facf743ab9a

SHA256
2dce0fd330aecd628ce598428bbca11349fd99b824db149478c28b486e487c3e

SHA512
a2ef57a60b65c7956af6dad78e42dc112a05fcae8c7efcdd54fa96654188d1d81696456c0fd205770636cb93477b6da9d8ec6550080842ddf2651c28a3b2c2d7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
b2346f171d7a0b042693423775fb9586

SHA1
ae8c256abbb56899ecda12b88fd5e993c51cf09f

SHA256
3fdcf1428197b79f4d4841964251d0f56b1e89c0dcbf17efbde1240059990448

SHA512
92c46c128ba726158d1d37b7e09c611542c8c23a1a9f8e56d9018f838dc3d5d204d095e4bf9014872fce39ab4f62b47e8328c74fd48e99a9c991b25765b29c6b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

Filesize
3KB

MD5
1da5151914331c370d894adb937e5b9b

SHA1
b84e1b7958565ef1525a2763c6e54fde80f36387

SHA256
c26fb50973c3636dd7cd3ceb6aaca87f59800d729b039be13edbe58d2bbb51ac

SHA512
5bcb09b1d0da5464da50fd0a7e0311b9c3b68de9aa97aba696d67c57b45296f59ae4a52b46bf174cbad9154436147b1ebb9ad0a340de03c8508d3733835af97c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

Filesize
462B

MD5
6f717372043e2e16fbfc122f67e0c54b

SHA1
06f2ba21b22e02ba9ebd8e0d2bbf42504003764b

SHA256
64e7acc66418b70b126c9442092d96c5e24ecf1d8f95d6e1af28b3aa2de86a02

SHA512
2830a8e1db055d61fe94255ad928123a5503f78b3b1e8b049df68b4cb15979e81efb0fe7233905ee12196f6c885959fe6951f51c3e6c6929824df1da8297d8a2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

Filesize
264B

MD5
f01a1ce223080a38034a983ada981934

SHA1
58ad934376d254d456c142dd7e62ccdebab417b7

SHA256
c3cd10666e4bfcd573b823627efa244cb955e7c489c15e0b7c4d66a56aa52c6d

SHA512
793b3bfede69d89b033c61156d2ba13fe12ea1f7b699ecc6dc4beb9920ba4a230366f1d7a0fc3da5521991e398229ca10dd6b2f4f0eec55e108e0fac7cdd0328

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
d32b72c614a991e5a4aa60f0d1a58020

SHA1
d85f7a1e0a3bd94960055291ab6f85486f6c517c

SHA256
f61076fefeb4dc70c5da815cb967f3937256577aba18f7711d0b87309d9c4742

SHA512
f310275c156718da7619d4e67afabc27b24b376b7dc112bf49f0dce51c7e592b7a28abd0cd41e90f0d109143c7cd9dfa6e670934c66730a40a22f622da435790

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
3efc89eb0a172e31b8e215fe9dc50fc0

SHA1
93551241c7e0f165f9118e75d2a0f74961c66eac

SHA256
71bdaa4aeafb13ab8705cade74eae24d4d094806f9b9a0ce7e7e0bdf45c4712f

SHA512
5b8a43c067ed25ef4930b2d28b30180c35867647e1c941d7589e1b5dde061661101cf0f80bcc959cb9a479a39646f55f980627685e2f1aea988d9d6424c490c7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
4cca0c0942de04060ff6eea75c87d53b

SHA1
650f2f049052a53a06f8568d2fe3e86c79d04e29

SHA256
311377aea58a185a296965e60ab76fb7ab311c657f61092014587953281d0ea5

SHA512
f7b045a6873077108c8ece1e085af9263191e134dbe52685ed83307e471cbd5d90d83b147f755de1223a982c963aa61bbfd50c7f76a0e988aee0762d5ff64b3a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
0e67fe296fc98e9dfb066576438b3d56

SHA1
6b2d4b31266e740e6780a1b5bb7db3631d366ff8

SHA256
7d51a1815a35221928adc3e65800326a9acb0e2bc1e9ca5f0fc1a4125251f76d

SHA512
7566dfe7f277641025d248e478a299da50fe64960683be517bb4b72b1bd56634797506c2d3603be19dc9d4d3f0888aff157fb3de2a13f23bb9de736bc1230c9a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
a083547f7dc7617768dc4c5ee7a9a4f2

SHA1
1f3452d2a392734d880d00350fc3f998f1707d8a

SHA256
3fb3200de5096f9ab9cd6dd8e1ad24d6ff28af141fc86fe5e18ca54bb555bc6e

SHA512
627524f267609e3fd4648ec41fde6bd17ecbbcb4877bf20469e8362818a4d90ac2f47ce5e47ceb45cb7039ef830478cbafda915dcc619e8bcfd2cbf17a883d0d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

Filesize
26KB

MD5
bc54e2deebf63c19443c0a2e3d65f540

SHA1
280a42df306d12ec3e14c41a2ca2ad0616ea6ca9

SHA256
139e93973ad4809c13e13ae3134a05b031a8c89476027379a71d6610cedf889c

SHA512
461b459c496ef6dfc555431e6c6a67476eb752cfd85c44363bb559efcf2fa0d5b3bf70bc339561dc8d429d9d867c447d253eec7a69eeba82eea00f82faa84f7a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
88989a2606bc5fc9318a427da96ac7b6

SHA1
b24387ab22aecca9ac4d0d036029d4c6ac278f4a

SHA256
c08d1fb60b2c490ad7ce4b2c97da03570a799a8c96368c6829349bfb0fbca762

SHA512
8db254a7fd513fd6567a63e78a522f21d0b0a5d88f1460900205853c302ff861c6f8e082066e6d38a6f0581c65e62cb8cd9dbde80a1b4f649986c32e9ee5dad6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
b56715dadfbbc7ec46ba1bee380df0b7

SHA1
8d1ddeb01d82372dd4643770582f5050420baa54

SHA256
6635274cb5ba7766de9961c69ded8a2073fa988c62d7ad5cadabe69984c90e0a

SHA512
2ca3c36d5a890fe40ead839d421ec3e312aebc42941631702a0f6e9f17f29f541c198c0f7973fe7f9e51f7e95d05e3abb2092827a136b4b6baca4638c3e5c174

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
4c6b46ff256d59130da1e3abc88e7212

SHA1
fd39dd4b1963ae3e015213014d3a792ff1c59d89

SHA256
81c5dc5e23bc93fb9d37fe474d6ede88d08f4c7eb3012348d7f0476966af2640

SHA512
7cf7900964ca289da8c417c38c358af6d8c9f64f61fed8fc05b3ef4880ff943af1ae813d673e39f9218a13c3fd892ca63e40c5ba27ea4e45346421177abbf631

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
0203ef7dd6d52bf240e652a8177fea7f

SHA1
5a039056cefafe104fff044c0a942de4cbe957de

SHA256
851a3674a5056aa2d604fd665aa338867abeb864ff16be66cc2d5527adac63f7

SHA512
f66a250d78907f51d3f2210947afb382faf042c70643d87e6368c4f4200b55c60c8bb378e89bb8f8eb0592e1bcb3bdf923c0a21790dbb5f7dcf11e968da74f29

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
78c9d0097d1383bd0788cf8bf5ef4d13

SHA1
c18762f5e217aa0b893257d275f5f30ff20f2a8f

SHA256
8e5f104c424fb57535d707876e421ceb364db5483b963eb7c4af419a38b4bf92

SHA512
3794874bdbe278174c3f92ab4de0dfbd3ddad00022688e59a669e869e2cde581686321492b6677626397d147ac3f5adc4479fd67c884ad0bf636c1b4a24ca134

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
7b5e94b8812abbe159f866822de81f25

SHA1
ce02856f5b23a22c1948c9788c391e580daf099c

SHA256
15cbd6061f8b18b672e07d7add16badc0beeb46df6090a5348614e33d030ca0b

SHA512
fa065ab4af05ba43db3399e1bc1a4d79006d7164a8fb5cc0ca8ea3deb86ce6910694b9f6d54d3ef2aa9fcba0d2af430919350648acb2d86dd1c9bae6a6ab487c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
7ad0cd26bada66c646f2feeea541c5f2

SHA1
053d0884d614f608bd8c4dedc7c2ec93843208d0

SHA256
d69b82229c8d688b9d487c84ee68f2e279b6ce146c50d79adec0b6e75c4b736f

SHA512
7f17e267d502322aa082aef2e7714a7870701bfd9142caff0dbee7aa39de6fbaffe1c0fff5490b390c367cc04f2bb26669cd1f47911d00b3f85a15fe8e7f26f9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
17d1ad4bc9c1a8dc418ba22b228a5011

SHA1
c2aaa9f1c84a03e88e2fd62908ee840a44d23d2f

SHA256
40c6516683c22a08a9525d800084794a043abc519c41ec80998976ee477a1789

SHA512
d60d34df5ac00e4650baf86f266b700f9e0764eb0f012d58a45d67d1403f265318995356c8f68c4d2762cd72074e8ecdce110aba80230935e441b05c45e05cb9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
bb475d28a851719a776966dd501d1406

SHA1
0041827ef2e3152650842f48a0f18b9209e6f1b9

SHA256
cf4a99b48479f8c73db23521aa92c2fb44c5cb128648efa057ae97e7ee52b019

SHA512
d4895010753dedb5dcf22afac791bce08d53f5d00bfc71c6d22132d8a3b136f6f904762cadeca18a5316391337c68a2e4f124542e5e74e246f80c9f45a4ef123

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
da1215361817768d9ab227bd549159b9

SHA1
60fa5722451c3213d8d266cc0c85e52bd4148a2a

SHA256
4c29f1253179b02f8ec50df7f01d4dcdc55b1a7dcce93a09500ced496db38239

SHA512
d794fa5c6f3f3e314a9950cfdac6641d2c29fee5fe9c6695f6f34e650eeeb28d5e874ba6a9008649b47449d7de0aa48f828cbf4a8cd77d3c9418aeba9b22bb26

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
5d28b6f44cbb775976b7628b904e9a1e

SHA1
0cb7b247060bff42a8b99243864e49eba618f5c8

SHA256
7a438aeaa82cd3879d15a6d475da32d381b075f3cdab2257b8d5b8ce9b18c9d1

SHA512
214f2712ebcd7afcfd79e38c112d9fdeffa5e472f0e3673db33f6e77eb75ad1c0609cc6375e4d360cf6c944f37297ed618355a4c9cd35ac9cd7cd392d83d793d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
1a5929abf35e68f4f81c133d86112a16

SHA1
450ab44a12748b59db7ba5e234f60ccd1183f9e5

SHA256
3a8f0b450c76b0b096d3ce2ebdc83dcdc628bc9ac972efbe83dedad0543d76b2

SHA512
f87b3004238ef7121e2e1507bc98de65f6c15f968f0cdae9e160c37d9147efe41d353d6dfcb043557fdbea3d70d99351a648647d4a9ebc2c41baa7f0df9ec16b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
dab8b13e430036942a2d3a3081ef69db

SHA1
3888688c3b729360d150b29a448fff7606884d14

SHA256
ee1f2df5e3245772e178c09ebc18157ac1c9475291e6ecbdc28882ba6d8f7a8c

SHA512
d1cc02c1127f90b35b747de8e405fb58e8053888407c50254d881d463dea8833d85c870adc7433a04f5d810cf925c1edd9d115886db8459e172f179740467a93

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
03a7a8a988493c104aecaf7d8d5f8d65

SHA1
0ef8ab99a9fdf2340db34d4271802c3ffadd7a95

SHA256
e3b447d7110248c5c085549e41ff6fbe08512053f306fb423dc1c566d821037c

SHA512
29b1e5ddf3c6676360f1c3606e3f7adbafcd6d9dde37dd514ebd5ce71ca838c8f65af78e9c881749123b6d5f81001e3dff03941bb111b7d9aaa9478183202298

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
a72293d1232a05e8f7bcf57ccf7ff87c

SHA1
f6c37d4817e6ab6fa6ba6d59a28320b070fc0cc6

SHA256
12519c7e0286a11874ea864122dccb89366bc266dacbaad76a88d2b383ed0734

SHA512
4e0cd506fd0154363b4a80ac4e2e720ed05b8a684a0e52564626932d1d73f383d385f8d0b90fbe120b2d2da740fab1be211b3ce97dc8b20c23037e6406ab27f5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
c5ee6ffbd03345979563b4ac701b327d

SHA1
705f9ffba7c14bc9a040acd9bdb9803b7433eefb

SHA256
923aad82a47732ba1ccc427ac824ad80b756c108e3643a682711b64c344b1aef

SHA512
825dcb99b814422c7f6eae5977a9c2b580e57671d00cf027179a2f7082d70e746868ff18d9f2ba862d07797f82ead1548117da555f89d9c627ace5c9f0b47154

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
5df307f6fdbe3162b907d426c116b9ce

SHA1
3b1cb6b62411d6a54845d760e1320f47d1bd8f10

SHA256
ec6419f758b6008ad219210e5b5aa97baf7812a65480ed5bae450b6e286ec455

SHA512
fafe1dfb5f188bbab82dd34463cd6152c351cc87ecb6a78bb564f11aa6fcdaba03120f3c08bc266ac3ea95c82acfc8ec8250596933f4f01080844fad0a18a09f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
cbdcb26772e124220b8dc527475f516c

SHA1
f95e0a621669cbebb14dda9503910c7608171b51

SHA256
487456fb5ebbce97c56b4527a1f20e6535c526d6b2fd831f536d9733e79474e6

SHA512
5332361d09a3393194a10658fc981727c0ac967bb32032c4095aa72ab51c0b9c64fac8fa0d4fc1c045057de077941c42e578ea2d46cf211ccae4e31552ba8ea0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
15ae3a6b39fefdacb19a0a6b4b9465c0

SHA1
94dee4a29bbeb98ac62949dad8bc673fe8c53d42

SHA256
c3ae24e6dcd552ef28706cd4e75a25eb9abe8e7e8474dd9ed200e6f52218ed0b

SHA512
1521b3731d2cd061e224edf7b18505dad1f953ed81940dc394b75aea677baeb790540272aee390ed02e0d481f9d7b386c3b9571b054baa9d93b325fada4c98f7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
a4621ed67249bcab7c6d0bcd74093563

SHA1
10c6b8d69f60527800f629d862522bc8ec81e87f

SHA256
a6d548f348db9409ceb7c03f37b5df1570a2dad7ccfc68bd5e78591fb8c01c66

SHA512
cfd3948c941df8baec706b771df99c9b4d7f2c0c29b2fd33b564969580b1e3090dda249e5c077df4f418c68ee3b695e168b558871ad59ff796f2c02700882120

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
e9435b8a843e14865ff6d3e3a39bfe49

SHA1
a9298e61c4cc9b93308fc88849761e31218e846d

SHA256
03f096fb9ad29b296c432bd8eb702ac4b4142964280ef05f8cfc5c4ff9578721

SHA512
32c350ab303a2d7ac8d4b318f4650cfbf4665cd88440bd07ca9f79443e9c6b9c68f4b92785406ff074c96e8e7b6c35152dde96dc3b0d311decb1910e9db58d29

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
5e0d310a982cd51bbd0951d520724559

SHA1
3d9a2960ccab6574c2967b38a4c7ce32ceb00480

SHA256
00d63ce9b9d3c3ec378a83c31fdac9aaba1778000370bed59a0f2a25a1a4a8e6

SHA512
4aef9e7f0f6eb08d8f9ceee4714cab98ecb2d9e1327782f682f736187cdd0564ba46cf4b15ba36b91b0ccbe8a27d34d367d649b2fd0383d825fa064436a55ed4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
2093c91bee90de26b0db69e1020e09c1

SHA1
87e977aa62046eb31f12fee13cb30ebe75933afb

SHA256
dd3d116759f1fd7a63c4531af139fd15c3ca30d7d424d59120f7ee87e538d18d

SHA512
a18679f9d643d91f85f54988698562be63b78af023b1c96245d81cdf38f01748c4459627c18b879b0458d6fd851bbc8bfc33498fe5c3f289f6dc6fa0d4af3c00

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
33e39028ee59373486d265e7ff1e0a2b

SHA1
40831b17941c19d8a60c9e34defae33547b26fdd

SHA256
733fcaef5c61be956be52596e713a7a08ac00769aace3c0ee759afc68dd9d8ca

SHA512
28bdaa59527b1d1b57d37bc7631cb4bb3449bdbb3cb1b6b4d5faf5eb7bb355cf5892af6ebe8171f5ed0b1077c1be4c162e5788fe0a69c1b70a8210a2467104bb

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
a84f12e838c75386fb7a8493f3cc02e6

SHA1
02571c7ea1356766b3e6738c24913f34f72f24a9

SHA256
9d3d7a5b584a5ffbb2cd0648a969e243e1c9f3077573713c479d4e06b5046347

SHA512
9f31c975c89b0d22edd9b2a66f7d1a20ba730f32a05f8d2d4e8eaa5669bf8fd8a0429b1ac1d20fa0d19f9caba609049bf82e7670144f6bc78829bd2ab8d39c81

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
8ea25f5c5c7eec4cd3bce35b13661f2f

SHA1
989d7f07b1667aae561ab10b3a6d98c03daf504f

SHA256
d08473afd02d2eae941158ae77aeb94da88c3030bee65237d76fe97101dc2860

SHA512
ae8564debeff4bb0f3862d727d985ec32c5e14ee6c39887bdf7fa38bd98b64ace5e6638880be93045ea4ae26e9559f9d75f90c7232ac562a7bff0c1347770381

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
2d75a2770b49aa06a1c5a171879bbcf6

SHA1
d3e369d319ce1cbc5fa5ef458a7036e6a2e1e517

SHA256
bb0cdf36c785538712659165d553cda1b38a92138a9b0f82a4f19ea09301f7f0

SHA512
386b114a11bcfbcebd3f77a0389ba986e4f6e80c93fdf15cf15e5cb7273fdae14f7eaa09e881d718422446cb883c57c0a503f046afbfafd9281dcdd3c4f7a5d8

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
24a43ebe019d0b0cde0dd12eff58315d

SHA1
233aba74bb1f072f167693e7f37425c115042ca8

SHA256
4bf153aabbdb99179b31e693c6124076ba0bd38d9fb4e6cfbd5ec1f754622c9f

SHA512
900dbadc14cbebb04cb034105ae038a6373322ff4b2f51461afdf14beeadee14e50abcb4ea264058f9c828c5dad0df6502763a96e131ed58c15b3a05f0496f61

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
39a3395e5d1c21d5c58ac9a6c6960653

SHA1
a23f0fe57551babd3a1e1eb9d958d217eb02a442

SHA256
e7215e77c942f2acd638ae2f59ded907a8b12dff6be47cc00533e911feea624a

SHA512
f81cc5023963b008b574b288f2a0681ad0a3acbdc26cbd506aef863179d64a6dae9089e9f41e1d6d200b2d3d34d0e4ff4421b93018ba115d1c590b5fb3d94701

Download Submit
C:\Users\Admin\Documents\ReceiveGroup.xlsx

Filesize
11KB

MD5
1b8e18750e52f94b40744aacbe4d8d1a

SHA1
1718e14b754b85ba3200221f1a591fa7ddfa1cab

SHA256
2571cf09da6939d4863b84f11b8e6451ac0e75f82186f3218f5252945761d352

SHA512
fff073687700c2e1377ef9e68952f692ea2799174c54a1b32a3c387125b5f1f5e579ff805e83542fbf12bbcb6e0833f9ed82e2cf8e7501d8edd19fb6d7e98cdd

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
dadaa810a7e84cde09075c241ba606c9

SHA1
1b85a8774ed899efd6ed901ac94d51e359b90427

SHA256
ea7c430de997082628eff2d339d4f766106b79b9f523075d5798e78dc239f9b4

SHA512
e655c77fc199315498662980a97fd1c517a7b3f127c0f035c192e280dece464c17f6bca75c5b03bb52d25ca9bd2e1f9460000052f7a11d8d646ea866fa513c2f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg.gold

Filesize
21KB

MD5
9d288cca0f385a2b00bb62142e9cc9fd

SHA1
aa62a4f321db20948beb0f7115c2f8e1901765f1

SHA256
c06d368cee7b026853a434f63f176c89c5c634f19434bed823f69a1d58d555e8

SHA512
5ff0b30363ae21ab2c2b63b1d3647bc0421f54366a6b2ca5c00d44c26c374a057d7ce0a3ec4b81cc60dae5133cd786059419b315b5cb39b4ad00fc5bf4792159

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
ed3fac456cee619f72114a158de87768

SHA1
7038a013adfd7ca6ccfdf67015c6475d0e2b021c

SHA256
c60716866550fc745ef3994cfa0296775c73bcf3d1ee906b9db5b0cb592945e5

SHA512
3f710cc97e6fc598db05b83d2c4672bbe6b47a4d52583322cb4b716c3429fc2c353e7dccc9526908346954c51b5181cc271846df7a9641cc7406be594878d80a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
37f498676c6a5830cd2a7a6b874e3388

SHA1
534c0fd855646e28762d441a2b076d74588e4b31

SHA256
e166e07923b560cf12a18ada4884c601be22d6ac50b45562ddec8c49aef1ecf9

SHA512
c582a4f9817af8557c0b872496c4a6f0d75eb81f27e87fca60ff386509d4739184137afc7d734db0aa0903d62996a1462d191ac49e45c899cfae6ace056613ee

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
e4843a44f83e0026e204d74d10bb2bdd

SHA1
d59b3e643020a73cee73db5ecd42a8ebdc5d7509

SHA256
6ce47d3e94002e3b7ba76d726ad40b01266cd58e36f189f354da881d3f243e0e

SHA512
15dafcf3b6a6739482d6c0b74c76b5988f04c868cc2b751434ea371022e08c1fb4a0cbf59f8fbca4e5747b6659158e9fc8066eeb58ee8fe11a3c9891695ebe7f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
3b522aff0453d2fce672a6714c1c0440

SHA1
ad07a9893f8dc2c761292ad41215ae447f19b212

SHA256
400e23e961ea4571c1fbd51bc517a3e8246bc602c68c2e1fe1bc0058868c5fc3

SHA512
9fe24ecfb7112951d0e12298d5941e00ad163c91fb02da12306aacf1bc19ea17661c12ecb4e2bfd2f7398518df234b1825c2ae709c31adacf37e8f739276df16

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
fefc40f1eae2150d9d4c31e045d33ac7

SHA1
dd6534dc22c2a00b2cd30c91c7f2d5910979259b

SHA256
dea2b053d069259fa1c902e81d874a1328f0b71a3eca3cdff1e918e5e230e732

SHA512
a409a73e48150acb8058eee72746c6152a9a1deae21453d59b5c804001f86f46ccf29f62506b475ae842cc86b6055831ef4d23fa4a85086de76570f32ed8699b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
5f9836e0e1cbb7c23ff76aebea3e269c

SHA1
f1d2dbf6838456850b468a8e57660919fcdbfee9

SHA256
f9a32a55c5181914c886640c3fca288d73b6de9af8b2ed87787c78c8fbce5b40

SHA512
f4357f87a2e8429e5edca1e90d6e90b2ce49aff6bb5214473a9a6161c043b8d56ca7f9fae87fbb36537f5e0f0106ca6111c839b66ad4af9eb5dcb24f669f20af

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
62b85af76fe5be5b10e91254aa10ce44

SHA1
5d9715e9cd8af42fd9dde33ac71603daef1bec1a

SHA256
7cb808507fc5c57d70d9e16877b0ef8a6a225c74f12d12e7a7f28f61300c9a84

SHA512
a6c4db88d651941f0dccfcb0584ed57f9213ba791f5e12a33bc4a32353418bae96a927aa2930fd2c1712725f1a0039baec430021bd3ca23ea1addfb291710349

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
9fbeca767fdd21e3446427450ff7543e

SHA1
39c7ea4fa7b28ecc79978e31f7913f4a06749f09

SHA256
4b0b1050baaf025a9c8a7538ccee06dcc5664ab2c41b70ce70ae7652f5ebd28f

SHA512
37ed79ef26637d36625c155c94b0bb4d3fc551be19fa76cc2744916665fcad35bc228f5e2ff87687c547544667db7476a4e16392a9f707f1412d33b1f1aa3d37

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
de61c7cb19551430f96b44a68dcb84c8

SHA1
8d2f830eec41fc384427f912717cd8d0b1b19696

SHA256
a7561377f6aba8245ae67cc2a4053d0915d3b3fddf3ff793e93e04f75c5ce115

SHA512
e296c4bd1ea4b45960fa60fc3014421ca11f0b468af0ac39ed76d0de922027a14b5cc669a41727ec0de1757d6cac04f9708902917b0fe0d6c0c03a554475b676

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
da239758272b0f80ebeb3b711a9e7894

SHA1
922fdcf9f1b6065e19f01ab0bdcd3d8b50fdbcf3

SHA256
a991608fb951c406b306c588b36ef2471807a1583188ae5cf4cecaa7291c0538

SHA512
20946e08e2e2bea2c215b50fcbfa2c16908657271a2eb28c6044555b58c02de0f1df6cf9cc3a1d379f6abe85b718cec99fea517ecf3d952312dd54a102f98ef4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
e697db535aee210f23f71ccfa0649534

SHA1
ded0891af9e3d696006390a635665a7384298f6a

SHA256
86533c5f7809f221f002bd6171015a67aab500ee3d59ee1c028d37218e139ee0

SHA512
4e1233f32ff8cbca15ba4a935c63e46cfdebf25b3c4679c7c2c77c390896cdb10ec28b741ed23f112ea5bb0017fe1f9d16da864bb19069f0567459c4b28e9c35

Download Submit
C:\vcredist2010_x86.log.html

Filesize
81KB

MD5
69b8894b027bd8c957a4ff97c57e68d7

SHA1
aeb7c5b3a46cd5f7bf56b18eb9f7a6d9caf46e09

SHA256
392c70875a99a0a0de51b3e17ecb884a7e595f793e34b092e9b45d96e2196796

SHA512
3d725f5ff925e945939d64d2a3b428ed79a54dee5962d259a0ff7639aa1b74f1b1353c2b4ffe0e6e3a9a3510935f9c34b83bfb40e392ba4e521cf9310a0c6113

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads