428299dc31e27b87dc22effc5ac29f77309061ad32148a0521b94fb438c4ed56

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-12-2024 15:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
Size

12KB
MD5

c84a0dfe664a8c7dec6bdcbcf391e120
SHA1

756b815b6b9601e56dd827782a2d5eae3c742d1a
SHA256

428299dc31e27b87dc22effc5ac29f77309061ad32148a0521b94fb438c4ed56
SHA512

64203498ef8032470b077d81c3d27f6c2baa59c027b059bbffca655f5f6386784a5883c0f1348fcbbd696a15b97a66b2eafe2802d19553f67e9383d08606c592
SSDEEP

192:G/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRM4dvbK:GebFNw4Pk1itKkpAjjI2Ypdm4ZbK

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2209) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\biP8jBWhU7aX1s3.exe"	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Special_Characters.help.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nv_lh.inf_amd64_neutral_bc69f20e3115af59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_amd64_neutral_d2425e60845d17d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_preference_variables.help.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IIS-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnis1u.inf_amd64_neutral_15011483bd8465c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\catroot2\dberr.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl009.inf_amd64_neutral_bed6224f27f5c478\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx006.inf_amd64_neutral_cc725426972d1293\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep00l.inf_amd64_neutral_f1fa021d2221e2c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnhp005.inf_amd64_neutral_914d6c300207814f\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky302.inf_amd64_ja-jp_dd74fe49601b74f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_CommonParameters.help.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_neutral_c48d421ad2c1e3e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Parsing.help.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnnr002.inf_amd64_neutral_37896c5e81c8d488\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Sxs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_properties.help.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_jobs.help.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpin.inf_amd64_neutral_2415474b9db0a888\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx002.inf_amd64_neutral_12563574abbc36eb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced.help.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_script_internationalization.help.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netb57va.inf_amd64_neutral_6264e97d4fc12211\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_neutral_d834e48846616289\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wstorvsc.inf_amd64_neutral_d7bf942e99bb1d41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Continue.help.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_modules.help.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_do.help.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Special_Characters.help.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiaky002.inf_amd64_neutral_b898f5982403f3cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiaxx002.inf_amd64_neutral_fbe080a7dd77c4a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_For.help.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_script_blocks.help.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_regular_expressions.help.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\fdc.inf_amd64_neutral_bbcfca39fdc02275\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mpio.inf_amd64_neutral_0c74c0f95001b61c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mcx2.inf_amd64_neutral_8cf9cade8f7bba56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\System32\LogFiles\AIT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-RasServer-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\zh-HK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\megasas2.inf_amd64_neutral_599d713507780ed4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0416\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_transactions.help.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\it-IT\erofflps.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_providers.help.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ru-RU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_try_catch_finally.help.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectToolsetIconImages.jpg	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382962.JPG	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15060_.GIF	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Generic.gif	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR1F.GIF	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_settings.png	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\drag.png	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_windy.png	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Stationery\1033\OFFISUPP.HTM	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1254.TXT	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\QuickStyles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\clock.html	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\QUAD\PREVIEW.GIF	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR51F.GIF	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_increaseindent.gif	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\picturePuzzle.html	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down.png	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_pressed.png	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_up.png	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\slideshow_glass_frame.png	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Computers\computericonMask.bmp	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_hover.png	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_drop_shadow.png	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\System\ado\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02743G.GIF	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10301_.GIF	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\THMBNAIL.PNG	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14790_.GIF	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\CLNTWRAP.HTM	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\TAB_OFF.GIF	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_prnlx008.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d3c351224e8ae0c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_Foreach.help.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\500-18.htm	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7601.17514_de-de_f1c4ddbe1d6460ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..idmanager.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a87b71a591626c1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..nttoolapi.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b7d0e50159d7fe4c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e0d4892640d5a889\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_data_sections.help.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-grouppolicy-license_31bf3856ad364e35_6.1.7600.16385_none_91d5eda96e27b8a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-packager.resources_31bf3856ad364e35_6.1.7600.16385_en-us_414f4d10b077c5a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1f85c65eb05726c7\settings.html	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\undocked_black_moon-first-quarter_partly-cloudy.png	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_command_precedence.help.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnep002.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e96e31580cc200c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.1.7601.17514_none_0fcd98a23fa9452a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..e-apphelp.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6ebdee3975b6f113\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-browserservice-netapi_31bf3856ad364e35_6.1.7601.17514_none_8bb36948ae5a5afc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..it-snapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_06d49e4cea0604a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-v..skservice.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8ab09743d05aab36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dfsui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_de73c80256b94e4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..gine-isam.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1edda9a99ffeed56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-shdocvw.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5287fb653132a4aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netmyk00.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4b5777d55ceff979\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..icysnapin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_403deb7699962216\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_Ref.help.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-festival_31bf3856ad364e35_6.1.7600.16385_none_121f20b55f0bde68\Windows Feed Discovered.wav	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..howgadget-insidebar_31bf3856ad364e35_6.1.7600.16385_none_a8d08d1343d8b261\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.Resources\1.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4f3598caae7a1724\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ponents-mdac-msdatl_31bf3856ad364e35_6.1.7600.16385_none_420a021325513b63\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..re-server.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e7be835328ef2a06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iscsi-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_93b34f8f10d6cb59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..xe-common.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b7b7753bfcbf4fac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_6fb51b358e21d75f\correct.avi	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_remote_troubleshooting.help.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..s-utildll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_cd63e9cae56d5c9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-userenv.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c393f6e884ec7a6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..ruetype-dilleniaupc_31bf3856ad364e35_6.1.7600.16385_none_8390abd0a70bdb46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\4.png	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..tion_service_iassdo_31bf3856ad364e35_6.1.7600.16385_none_7b674a85b5245f78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-mscorier_dll_non_mui_31bf3856ad364e35_6.1.7601.17514_none_7e99757d39515abd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wlanutil.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_627329c5bd7d0f07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_msmouse.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5c34eec16d0ebc6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wdma_usb.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a84c61c05e35b4e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_comsvcconfig.resources_b03f5f7f11d50a3a_6.1.7601.17514_it-it_fcb4104b09d543d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..anagement.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c60dbf2e39f40d95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_91dad42d6dd1ea26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..readwrite.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0921e3e3a5d60f69\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msxml60.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_60588c2c5e51e081\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..ity-vault.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f2317dde6bc00bc4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..epremiume.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_5f871b07a900d354\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-onlineidcpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_81e99d7a3063fadb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-downlevelapisets-base_31bf3856ad364e35_7.1.7601.16492_none_1ed670cbaddb31b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_de-de_b9615ede3154164a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\ehome\en-US\epgtos.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Afternoon\Windows Feed Discovered.wav	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_multiprt.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_892e315f4e7ef6ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.visualc_b03f5f7f11d50a3a_6.1.7600.16385_none_5979280b6e249d91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_6.1.7600.16385_de-de_898fb6e6c8e19482\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b0039ab1e26e1a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-g..howgadget-insidebar_31bf3856ad364e35_6.1.7600.16385_none_04ef2896fc362397\bg_sidebar.png	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..oledb-rll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d36dbea01368547a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netbc664.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_34d01b93a7afb74f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ZPSFVNEOBKPZAMK"	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZPSFVNEOBKPZAMK	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZPSFVNEOBKPZAMK\ = "CRYPTED!"	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZPSFVNEOBKPZAMK\DefaultIcon	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZPSFVNEOBKPZAMK\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\biP8jBWhU7aX1s3.exe,0"	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZPSFVNEOBKPZAMK\shell\open	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZPSFVNEOBKPZAMK\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\biP8jBWhU7aX1s3.exe"	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZPSFVNEOBKPZAMK\shell\open\command	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZPSFVNEOBKPZAMK\shell	c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c84a0dfe664a8c7dec6bdcbcf391e120_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
503B

MD5
34105a54c933656ef940379c27152036

SHA1
17f93b42e26aace5a979de6bbf20306d2ebcb7c5

SHA256
22e0f9ddef21a68c4a5c44f88d3faa907f072626c02194d15c6e0ec04abc8855

SHA512
2a0d537fb1239b84043248472a8790cf45b588065892156766ff15a268f69bd13fe74ce7eabcd1ecb7747ad51ea115887d13329fad3cd378e17e712d8c5dddb3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
72fc077585cac057076355de5e2aff21

SHA1
50d36eeeebc32ad075859e714691d0787b7cd428

SHA256
879e78a2fac8cb3f5f3e9a7595d6adee7ea802a5da1c2fdc99fb6490ddc10dea

SHA512
eedeeacfbeb7e4154147a14358fbbeb4c030c005a5248f62aa563ffb82ff7e3c324d77cde419ee4d417c712fe4757ca9c1c18909ec5f4b9c0ba35f30fe650dfb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
8401ca3a01512fc5b42ab778125cedc9

SHA1
bc7ad1e214c64218a9c7c97536ee75a943b2f7e2

SHA256
c55b7eec3d17e7f0886943f5abfd4132d65e50ca6cc5f2e19fddeb5aafd3f23e

SHA512
fd9713430765d3e4057de6fdf7de7379f32185b18c0ada7a7860507831ed4a502ac3fa24a2195a043955a14efcc019853414b484f7d11169846c6188a9536fb5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
9b012d4ad7ab2c081c5a54757a789b23

SHA1
eabfbd9783f36fe4d898699e9aca8ec7f9348b5c

SHA256
0713519ccc841506e736c819f114d0f152c3155a1fa3aed90d20e9b3706bfb75

SHA512
34ebe98832c4b5f426f59b04a37d130f891c2186a31d3405d17470ba1bcfc8173f83382fde6e47f4819359c16cac439dc6b089de474c0a0789689b7afd3d7d5e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
c8897eda9e660c68c13493e9d84e6ce9

SHA1
69bba017c63c2b66762902dacc6821edddf8f962

SHA256
744865f925b5605b93821922627342ea0008c2260f88b59878fe01816f939c3d

SHA512
84fbf3866405916767d5fe67be43b5277d4b43a8be2731046f72fa6e4c11695ec9e15ed2e72172b9743cb3acb3cffd665fcee5d90415637b6b6b83601da4420f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
1e8a875a34efbe0f06d5e3d973ee3e65

SHA1
bcdb53f2f94e44777ff39325a288768f003756bf

SHA256
96e42dca7d6cbcf63e788936750345efaf3668e3995e4bff29c835c1f6e8feac

SHA512
872b39716876793c5049262c65cb18ef9c8ee3213943f91493777eae7632c5963f71f804fdf014de23fb5ac6df3ea6d2df11d5cc40c7fcc821c7c5301210a6e9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
af8c85e95e80b0cc9a7daf7a76060d89

SHA1
21288d6c7a870aa637cfb1545b9fe3435dc44f3a

SHA256
55a49b0b8382f817a68b9af38c73eca4ef743c0854974da62867cf5f9a2b9173

SHA512
103ab9f7b94a33f28d3850404578e1e3dd9496f0722287c08555c8bbc6900986ea262da70d8b64f918b5160138e53cbbd50398ac1c7b966c8fe983881946fce9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
f1887fd3f6e763cf3e5d1533022154d2

SHA1
7041b9d71023ad02d7d2b6c133e0fc1f99dd8245

SHA256
b51117f2ecb88da0bc26234900c9dee89deceba62b045f143386c426739eacd1

SHA512
09e990edfde7210cd39435bd119af2f7e49e180c88c1f13b9ea78e32b1fca146c45c78fad18f960d115d210dd89b1f56cf7bfdc831b1eb461e01c4ed7ab51c03

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
69bbffc47dbe2a30e3f2f77a8fe58c19

SHA1
26b20a3f20d9012bd38f49dc66f2331cdf3c0629

SHA256
db8f535f397c1c2104d78a60ec3ae6552c8dc17d39ca08593d32e1ac1e2e1ea9

SHA512
408d9c32b5fb4c476f13a8f8d0a7c91ac2b8507ca7e3e13fdd0c5cdb72fb296ff5499a9220732aef099006295b420df46c36385dff7caab6396a46f0b3a24a8b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
01eeebc1956794d7e3c4405dfb9c3fb8

SHA1
db27b696e1c2e9573852a77b0d4d2e49cdc4131a

SHA256
137705b20313a094edb73ca465dccfa08d9c562b407daf9b86a6efe64fece33b

SHA512
9084a3d9b551019d3bf6d05803e675b49ce4f5379484c9c07c9ff9e177403e4b9473a6d6cc23c398674e9bcae029e6e73ac33debebb01c2c5372fe2cdb347ef8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
68b61adb3dbb451ae6dd780f7e96492c

SHA1
e5a21bf460254dcfd68af32f8379ae3e94c835a6

SHA256
09762752133c2077881727a620958d06ea76c2a129febaa457d70ccb11f9e423

SHA512
282133716cdfcd4ab9113e0f8e0a5d928ca2cee3a5eebcdd9a3f10727a71e7ae64bcb6fe219259886baa8ade204cbaab042a75ec445238fc550fb946cf4417ec

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
39a32a71600a61c308e16e834b3f5c26

SHA1
237dae6b66f0bc12294820ebc7b8e4318a2875a9

SHA256
574fe3cc6cdbd10f7ee490babd543d768e944f14e249e44a63b9ce78416da462

SHA512
8cc029df082c35b6b64ac06c52c3836def5e57676ef1b01874bac524f67be5dbc70b38f0e6c1c18b267249f89ea8cce4e2877ed58e70b313d2cee9c7262c67e7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
99e19e270be27b33523dc079d7e0fb7c

SHA1
d1e6be2fa8f1dfd9c141b366a4922cedd7a40324

SHA256
206b890cbfd4de94962e86d83e3428a1142feed6f405846318e334a96a9ce63f

SHA512
01d09bed1ce0264a946f644c35b16c93d58c7cd440e325a680667bdb1b9ecf641714f928732af714492fbc593d6df339ffba435fe9867aa8502da572dbeb0e12

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
3533c51bf68abeb75f0734b9a0980c51

SHA1
aabf71a9d25f88087e63127364f3260c806ac59c

SHA256
d176b35c10016df0757f22a65b5f9487f7905d7c91e405df824f27f945bff9d9

SHA512
464907c9182ec431a7197ae7ffecbed5224c9fae9348063ce69d15d9503beb2e9013ffc855f139fe63a969989d11d2c68342c2eb658f9a4b00b88177687363b0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
8bfc73737c49a30d74ec43a32a5caa5b

SHA1
526ecd9fb3cbe4bb60a92856b9aa3e6092de59eb

SHA256
9d3efdb3a3af05627cdf15b487b00e5dcc3e2a7c6d5dc505fd5085b52b8d3650

SHA512
e44996378beb3ae5df0e493de05026fd40ee7bcb2892e8e56b96c2eeb9d9e0033cd5578eb3643b9b5e0ecd72942622f291372190b7a84e31dfddecd7dc96b91c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
a9827479ad526c27ca8a68ffd9082198

SHA1
a6167be85aa81fe83c21a1a605cd80c2713ab975

SHA256
9c36766e7ca476fb8aa07ddc86442f0ca08eb391b4e8dc4c59467b346c788e22

SHA512
552d9ca6bd7abe445dc02c0dfe510858a8d34ee929ece0221af26b46148e29a52dcdb164f2557bc4685656e7d43c563643f59b3a7a32022aeff05b43be65f2e7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
cba2c973ed4b1e1534f795067b84530b

SHA1
7cf16d6020d2401103882e0e02edf1603cb9d275

SHA256
d9575295cb189c02b88fef68809ec9064e26c9c716ffb35c6634127467e82da9

SHA512
61dea43a4be4a0238d192c1439a0fe2bd3adea8052b411800c64d9b8dd0f71385bf25fe9b9abeb622b51f713c305ebdbb1805096e3c203d25bdc82e1703d3cd4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
81db3d93eae5b664a8282a1d917156ce

SHA1
fc8b88c442be37908ddd876ea35b023c67e19c74

SHA256
44572c49de5e3bd91774bc1ff3e7322bdcd798351ac6229eb9c5f295848fea80

SHA512
b0a4a6350c21915ba1cababbf5112b59e769f7fc38a58d09de3367b9b1db3949f8c40e7951c1940353b60dfae054b744f14c9b1c4c645022dff345aa115b4362

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
6f3f31b1db9bcfd1be221d8d6a674600

SHA1
10ac43771fac841cffa20580ad6c48717df6c52d

SHA256
8ffd78b36776110d4417abd43ee4582d4fee2a54f3f2aa09bedf3ae95a575c82

SHA512
8fba2fadefb89b146d06573834f22371d3a6e06cce5fa40f44d6f1496743e60f42b241ca0914e876dd29a77a5348e06236bbd5877540e4d1cdb09444c340194a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
fc338dddcd17e9760b82d35cb9c3d0b3

SHA1
c483918cde3804c89417b2c12aaaf919a79e6d0b

SHA256
7f94149affd68336395a50953b0528a4d7fad018aa322502b311a9a42b76ab18

SHA512
a8f434c3812f1c85c30b23ab80c0e00b78704b94ba78f05ce209e011891377edec714844087ecd64edfc15079a618be438fe985938d9b82ce1d1bdaef871a7b7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg.EnCiPhErEd

Filesize
6KB

MD5
35c89f9c5382658a06ae994d15af3117

SHA1
bcde2849bc3094a5a93385d7b45f41cbead78367

SHA256
9034b6ee7eaf83099e674e56e6f0db8763359571085842956e75ec90e71ed159

SHA512
b2d558c376e36b490fb42c22c86df21e72b7a20dea53eeb3b395f194b5bec36de0b11388c13785781f80f8fe4c74ccd54818f9eced31d5b72ab8b9564c14233c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
f86141d4398175381238df2e5651d7aa

SHA1
557c8252e79955adca612783611d408ce46be39c

SHA256
b0ffdbb5f58411bc7cd87a5fbb7787e8d0c2be99db3a0aab4eb8b77aa8b975b8

SHA512
07eeb59e6ee38906db23fe9301b25d24a1453243cb75dcd73b35ef477b3683c895859439856a5775f47812ac4ba823b9d84579f4f2bdd94afbe371e3d0e0a081

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
9f531d10167d2a497f80eb93d2e38b0a

SHA1
65f8faa1a0f4dd5f40ac4725525ea4712ba6f6ff

SHA256
9c8a8a34045635c38291211a56e175534799a9c783cd88507482f8fb72d01824

SHA512
4549095ae1990d98ffb00f32815733283945b326cc8a8ce115b2996c1f13e77a3082e27fe1b44b3353a209d72420cdd37161147eadfb4c81a67fd7f23deafad0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
37f1ed1f9b6299764a353654cde72569

SHA1
8843fc749f1d6499c1ace809d88cf1bfa44a99a7

SHA256
381b0b2c7ef1b6b8da208d2f2291350904e55668ab2ef2108c1cf98a0ff2a261

SHA512
5214da4f2b7abd5279aad738a0b48d61b6aeb2c62743677f275acaa9786f31de78b682fac02a9c06b4833d9df8e05619df7a3e83b08b88b6c852bb95fc1f567e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
271a85380aabce412e2bd8dd4e461ba0

SHA1
3552a394c11f54755028de37fbc827551db7755d

SHA256
36227931852b8638f88a35d468297d544c732013afdc9190e0c5ed2993ff00e9

SHA512
4835403c9c0e4386bcc357c473ed4035a515676b82dca0fdfa8bf7b4e9e76a799170249a433eb4bc845dc633e1952c9990809fb338341263d3288b88f2cde416

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
5b9ebb8b3bb301f4e30be2ced024ade6

SHA1
dd932e4ddd9a6e68817195861596955b560cc528

SHA256
92ac61edb7f8ac3a3787997f82f7e12939bfed726adec7144cf80e8692a8ab9a

SHA512
819b0e0e0849ef55aa6008a5bad8ace563b489dcba53911e27d5fec9655af559868113fe93039db5bc5d7009061373ec3d4a0d67c5ddd86a460ac18edd79c7aa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
fb8e81672e99ddfcad523f25cd75303d

SHA1
059b90cb0c2ea761c7110462c0195ee38a43bf22

SHA256
266eda9bc06cf8628a9c031a6d6987330047f5443e54dac20a3330f013fd3d4a

SHA512
410abfa85e98930a77bd87e2486c4ea5d633be9e40e8c85b767fd6bfd5d82caa0b1da5055f27131d6a66fb67527670e59b73571b83214f7783cb22e1a3cd1cd3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
f4e3b3ea73c1883d5038b9ee86827f01

SHA1
4c8e46b5d037c4805214eb0e5c3111621c288c3a

SHA256
205c1f34dcbe671a31a9800138605f48a17768d610a69d8b595d845d81a3ce1f

SHA512
a710a04ff4a3b55ae8da244871d7d5afee60f396c6965dc96b9b235123160cd58a08eb9e6120523f47aaad043673a98af7f10e9f081822c37b1ccd8183bf351b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
872ef0d3956aa2a1485db57a6f6ce145

SHA1
ebc4b322e44255db54e6e4e45dea0383f6d8c4ba

SHA256
49e45ebbc6c4b80414f7bbbf7fd92b9635d255aa0c1632b5bbdf533cc40fa5f1

SHA512
fe5ff5e6ed323d30a521ba90bf6902101cbabe0df623e2bc640003fd40f4564971b93449d62690879f8df757a05d9804c5ad4c1a7047e11359f366f29683f947

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

Filesize
3KB

MD5
0bc7a60fc14a2dbaef13bc44dedb4f26

SHA1
95fbdc1073c7ac8094929c7239ea0ab3d72ebcc5

SHA256
ae8875ce417b4da6dcb7bfd710cfc40f7fbb1e8584f06274c258ef9c082670fd

SHA512
d8de43f38d803656855f5851d1654175d35d3014cc7c2896b88713e0a4e7ca07fba87e69d17649fec762eaca2c707f3b2fea01a2f110a9cbab054a85db78ff6b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

Filesize
462B

MD5
ce2d4f92ebfadad55ed21f3496008732

SHA1
50cf05f78ec17b5a9bb759374d1c1e043e848ecb

SHA256
542420e3e04fd72b9c089fb20181c1385f9d6554d3025a7e63e5929f864ca09b

SHA512
a58a8b73cab52ae4a0e304d3628c65199daaeea9c26a71b8e6741c4ab159ab23388b2b90a9cf1628ac3f4e459a36cfca26bf41479872a75cb8ef59fcc4990842

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

Filesize
264B

MD5
753fc9d4b42e9f270f3c54e73a70ed5c

SHA1
75b7bb963fc9cdf2652e57f1cbc844f720c22c36

SHA256
1667efe9e4906094bdc2391a7c6f16b65f284a7bab650ed7cc38d0b702e727aa

SHA512
b6c789631da681371b69e34ef02261b9ee00ebf9ee408328a3e6ebfa1887d4818909156fb6a352c58643698cf2eedb7cac481cf6a51bb93ef7f94d49e4c04b56

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
0cc345c742783b6f2ccdffd8cafa6513

SHA1
a082533a454ad12900169d910592a43386d44341

SHA256
6ba4666f688c0dbc93bd6567ab11b4414bffb87930164f965bd695b00996fc42

SHA512
ed5ec326e1f154251245698a5d2decb90176bc25a5aa3434a0e9fd4dc776086403d5ed37873aefae54bc213db572e902b41aa427bd2a0b674aa98e2ea3d662db

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
51df5e6aa5f4e56e6380a272e5048908

SHA1
cd17046509e1904f18b0fe2cff48e5a9be3ab5f1

SHA256
b37e09d7066b1b206990ff8ec25729e5949c778def48bba16b298fcc6bf4f884

SHA512
2bec0ad67b250d027daf3cbe5d18fe9b5040509bd30e66c844d7b09743b2913b3b1e09bc8491802e73718e228202fe87c7624b46955b4fca1f434ad010920614

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
17eb02825981f38ed48e4cf433502229

SHA1
2093c07995f76780c51622ca6274e95cbe045188

SHA256
e47275ba36894faad22d84aefc821c2e70608f689f713bf524a6bf302e96ba3e

SHA512
e8c7b996fcd9facdedeb9c653b8fb82a59d72e97595e11e76816048d46c9a1b5163c357ec1aabae7d22bea263172ee27d3f5f31a027b1dca666bc3da6d5d8996

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
6e4db3362d92e3d9b563ef3cf98a8f46

SHA1
a8bbe6b60421e14d7d6c0a50255de9ab8cddcdb5

SHA256
210aa340ddf18ad400110e840e164849d5ed006b4082f9d3dd88e2fa3251b595

SHA512
30e666ad1f43611e5e223277a7b5f73b7a3b6cced7bea248984e734440643c3148341f5e1d768b6b307b675169228c9b12ad7e4a6d7e99373d6d15ae8ff20132

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
8c13a03d52aa4085f59019e7b00221eb

SHA1
01849ad7c661076db842417a40c2d2f0d29a55e5

SHA256
68d5f861641b64c2b3587b4477068c00e68c4e087980acdda2952afd33816687

SHA512
771c3c8808574bf19ffd116b9166ab8422614206741c3e6e347884f5326d8a546bc889faca6ce24e6345fc3e09d6db94b6de3dc2f860024b2c38338daec796c2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

Filesize
26KB

MD5
5580086575eef75ffea3c03d1eee469a

SHA1
f56ccfa7a57f2719b3671fff6ba17bdee417f4c6

SHA256
776bc2b2c96c383df2d6d39d0192042ced0a14882bc780005b6c9d276c9e215c

SHA512
8604cc525ad662ea6feb1b5b760eccbcb00dd4501d7b84bf9622432de2a5935f48f3a7b0cd53b6b9c1f5d402fba1c0e6de5974439caf0a063ab5cae7fb3b98c6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
7fc15df9c464c1b329b2d866e7c5d8dc

SHA1
2702a9679f2fc1b4ecc61fb0e1174dbccb0b9451

SHA256
0fefaec5f00eda030297450171b49e9cb414f6021307f97ef8d5ea4c03032b0c

SHA512
cb6294ba533aa83c7e44bd14a7d7fa220aa21229c6a1f8fbb84d5269c7c9a64a07a240a28d3f9b7e7fb3d4e1b40c3471957d7644509af01ad15521e0455979df

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
2df064e766203e03a8b15229dd385f8a

SHA1
e614cdcc60cd56d9f762b794f77173ba0422d807

SHA256
664ebe77376a248ecfc9f873bf91fe3d3c1472dbb4ea7ee1edadfecc8c1e3c2e

SHA512
88ae8d77d3b2112523643d51a6f309ab79637f1d21fc844780216a055e01edeaf40536a89f4d485c936a803d161d778308cbab80d86d81e2f2283fb39aef58b1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
ba38acaa5b329a4756e21b8055941629

SHA1
582e4e5741d2a2b3b01e7afcc977541c0ff9740b

SHA256
103146f9ce1a693d023c01162d04d1ebd5a2af46baa0976383a5a06133d8312d

SHA512
f72042fd96eb826fe179412343e0a27f724772957b311cdb2040e85a017f2daf09688d9c081338fecac4b64fe495d8f92f5514522085b6cefe48abe95502a26e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
0bb622b318b6f2899adacfcb9d614eac

SHA1
b6ca9177341ae08582497f38bec0d8d369367e28

SHA256
cf58fdd948c2edc7300eb4ef96cf17bc16fee730708dd98fd7eb6adbd04d1645

SHA512
236bd00372f6e107b54353924fb064d056a6286bf24a0315d1486f8050942642c7fcb32aa3f9e75563deb56ee6e7fd395023c1ec0e8e54ba611ef59d85cdd45c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
e0b80fd80efbc501bb17bf5b6f22aa30

SHA1
0f20ae12191db2b63c623cf3fc82f5326f21a6e6

SHA256
168b0e1cf638dc7c7c444957196f71e9f28ee58a724c9500752ce5c83d11a343

SHA512
31f0a78d8f8c9cb7d3d9b2d0971c5387c19f2f22f3e02c47edc5ef1ae6c002e64d1c80f66fff382d22e876ae2790e9dd31df88acfd98a192b2da8abe18b23107

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
7ff0e2b2e8b558d0ef8e1981fbb11688

SHA1
51afd49a107e56100db7ec305a8b841b1c550634

SHA256
1a221fa88937b73492cbb2021872f4a506718f3d7310556096aacaade43fa098

SHA512
8547829e0de1d0604d1a7c44d8d205fdcaec9508de6db0415d23e0a32041810738401f08c783a02bd0c2c67a431d1863c588769452c16bcb7eecc84a1b15a657

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
d58889013e820875a9e70cd9de846c1a

SHA1
96812d418de7c96ea0fca9018a9257654f4987f8

SHA256
c68414d92016d6f53e1e6b4f2ad3d5d31a4b02082dbe844820b8df085327993d

SHA512
9d971ec7c3e8f99b2448dfe7b3f7b257012578d96c5062fe62ffcc4ebfdb95e0805e35d75c65f7650470f058a3c45aa9c5f187f3b9e6ab71f61cb571a53e1fb5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
947dc82edc5e7e9d5101ff79cca1d14c

SHA1
a0dee599b0a9d4ab619de1ac30259f087d2b9f6d

SHA256
c8dea8c6e03be042c782b6d555ebb72b7047a8dc4cc79193d120a1c299f0620a

SHA512
e769f8f864bd5c85223fdbbf612b51bee9f4f22052abec578eb40f5d80dba1ef34f2b5f0fe23bec1752c7266d88650760a7ce75dbd941bdf1d731584022ca64d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
2e95bd61c818eba982be3c76273388d8

SHA1
d21ea83e51422a29cd37a5eb4ff38f577fb31995

SHA256
850a93aaac94652d22e7d31c54dc718a1b3b598f298471b05abc2db553074fbe

SHA512
8aa5a6300fea5a638e2ecb532b09da82c672032d637aeba0da23d737c0dc3369c8dcbad0ff3abf25e6d3defee020fb72719d76297bb60acf2e00673e8692149f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
6950594a530a32d731ccd85484542189

SHA1
ea0c22f0d2f7e6ba3e44ccfd25697cf0e8daeef6

SHA256
fff08c992a475536ee6a974f2a2539d64f9953eb3896d50acc6af9a20468cf23

SHA512
34234835a1ade9750bf1d4425d156602c36d792e789a4d4fc4ada8df2594bd3063ebc124d6709f6cf38f1bb8f15e504fcb070e4c9caa79111e64d6759aabefb0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
b742571203280b5c44c9b1cb67171e3c

SHA1
3d7ad9cae2742a15bb6f34f567d0727b5e1acf83

SHA256
967c0b3b6980f5a4ec26b0d8d2b4fe14a12bb28c8a7f0c43ab28893a451c9f63

SHA512
bafd0883648841527d06f13f520d47789913b32e0f83017028ad45ed0c5dc0b0378895c6ac04e32df2d1bfb7315ca9ab6308fdaeb9d2942460ef3ec9750b493c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
906c44773a5d94865ce3683e506f4196

SHA1
dbf50a6952f47a4469d1f8988b9192a3b5b5378e

SHA256
36953c63abd5b9ba032a181944ca1f9b6e4a502d47184e4f9b95037e8bce6195

SHA512
392bd299599ff3967dc234b52632ff924b2ee2cec578ba560cd635e23ecc7d8d558129b9985ab89bd142e024ac55a9cc57a91f11e8aa903bdca3e25767f05c07

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
9eca6530162a5d45c7c12f73ea4a44fc

SHA1
3da343c2b95a389948e0a8e3b53d220ef8ff5920

SHA256
7998a8962e9486660d01d53696be2186ef3e84f8301b698ce6e120c176ecd6c3

SHA512
94fcb88e78d6262f396ce9127f977a7be7960da981fc6b0dcc7e8c1f822e65a255c712c23cce71ef4573f3be3609fb90531f7478d0e5da9a2de796d84458a0ef

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
c71928d48b2dee5c1ebb5ef972905ca4

SHA1
78e67a8cc6039cd2225bd4e1f20308e199413980

SHA256
a56a4ff1d09627edd5a162db21ca0a075c40864d90bed5c17cc9d8e328f753be

SHA512
46ab3415aad619c36d64f0fd3582fff38e2283cb3c69f3e45c7825bfd59d6162908278d50d891b75168726a600c04dcb19e3d8b04f3439a3753e90cbf811414e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
4371e91e21cd02f1a328ea6277e0331d

SHA1
5a7ed2bee01b759d8021aebf0801acfd3f14d953

SHA256
4f41efa59bfc05159a171626ffa518c746b4262e753504bfc4b83e8b3c0a954e

SHA512
df05c2940bdda49de3a275d804ad54c9216b9690bab25b4c946d06463ef54f9667b19d70735db3c42a6b0e7b3da7e54629160df6b20875df9e15166cb6d06e1d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
6d8d37d3bd2ca9de456366435ed76be1

SHA1
84d824b2892bf5e2f7b06ac971a72f8ea1cc7353

SHA256
ebd946466ae6d58ec5dcc95f28edabe19d4a13d2d89f8dbcd1990ee89b307116

SHA512
d5deee9a34c76f3788bb319f65280651eb4d6e482e61b00a21d1993bdfb50661ab772ba12af5de1d5c369404e46363510c5d7d62300a875936349dd058e14c05

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
0f843bd367c793e044fb74ed82c839b4

SHA1
1facf7e88ccf765adfffddec76a8bde2d80970ff

SHA256
cbf9d6cba656d0087daef915e65b30f85e76f3bb5f5cf138581fc290da2f9932

SHA512
0a8c8c19925a82f7d4fbad3b026a5243f8955c95925e3899ddc4b6b10b4f08532edf97e1752e83ecbb6fe278426973b4991bb4f647d1303542e4e521f15bafc3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
e84cc80fae946ae1f0d2fa0233fda64a

SHA1
0a28a41c736e1872e4372b266ce6020ba1c2a706

SHA256
1b4e2012783ede8e9cd8c1784292e37f511c5c4c332815deb76963a85c790f4c

SHA512
4bc7958fecb6b2bc2f94d70eef1058a8b675dea97826772f378a1da5647d2879b27c808b36c80e806d186366325e20b123b8bee4010d5f68fd8d2148509692ef

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
dc352704beb4fa235c0c2c47a48bf30b

SHA1
59a13a44976c0635185cca65807c9bdb608ce901

SHA256
f910b23e2251399ee4a5e4a95e76c9c6fd8065d923596a5c61824f64147f312e

SHA512
99c2a13d1914477803e4851f821df7626e4a83aff20936ccdbdcf5f53421ee8c658c7b57918f090277ed1c67a8d241c89710762d8d9dc6a2f6c87db61ecec87d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
08694344edea5153f7ec5eea7cc08847

SHA1
d7a68f1b38df445bb4160e74d984f631452a6d3c

SHA256
55d2b60b07f38295a026e9f0f900f43964d458f165148a14d1a4545686ce4773

SHA512
0804dedf5ac2fe812cf18c49bce0178d976c3b75dfcfc721e4c5af2ef3a8ccc4ccb0a3f446c8cf59308f8f4e9cb8bfcf0a948222fd254fc3c8e9adad6cdacdb2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
f90002d0f82eb834fe18ff0f376c9767

SHA1
5e773040ae291ef41340c1bcd5df6116d0fdbb8f

SHA256
28883a41272ac8d8f4244fb9899de567bc78e3966f9c18b76227cadb83224ec3

SHA512
042a203cf8ef7f7d5f27c53376a604b67c23640b04a5e3c9f3283ad55366b6677788cc5a8647f51d57c5a64dbf6f0fb6f7023ee6fdfbb41ef015b58eec6161bc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
26f7378709598344f37689c3eadf59f5

SHA1
d60ce901e6072f975e67feaf4eb6e872ec5b0f87

SHA256
e61df7a22efcd040e1681783795d0fd165a986084d843d06a08934cf84bc5be5

SHA512
bcd10a7a22c5ed27af7c56bc2cfe9b2eb09b19ed72d73b59ef09de245ec7bec9e5f32976c0b0206148d2b9ee0e2e66e5567c1ecf28096c0abb3b8ab441716cfd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
9d6d1fff68e0f92933c7aacfbc28b551

SHA1
28002175b32801ce634cb890bcc921470dd38dcf

SHA256
e7380bbb506902b14b0782495cd315ff134a7242f69ed6b8be3df02e55d255d4

SHA512
da06744ed378e352dd93fe8ef047430a828f949dce30116161c3b1c815f3444f6078786a824ae515e2efe8d8e161d1778621428bb8205f364304d123b3d307d1

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
1536a3097a194792b5e896aad90235e7

SHA1
c269537390e8c477fb9aefc951b1d3213eddb9df

SHA256
0c3785ea50bc46bba2f6f245858c0259eebed14dad47ffeb8fc4269bd5bb2287

SHA512
4373bf8a435bce81bf13134943ccf48f3537eb7e12d8c0dc867b70baff5b0322df1021bd728ded57fe88fc9bcc031873cba23525c9b191033b3410f2de20c26d

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
f60d9b6aed02e1a9dbbd1e68b3e90f0a

SHA1
6ebb902c04d25c9c546f0a08e2105a00c848cfc0

SHA256
57b10f84d18f118c75980efc634e34a6cd45cf4a1b536d24b4b5484e58abc588

SHA512
3479a345d885ab6e25e8a3acbdc4fc686fbaec02dda3f86378c0f750b23e387d672b5cffd05f0014537fbc6920ad7cee61649e3c43271b057f5b72df560b44d1

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
7098b908ac1352fb70e6efd034922f73

SHA1
f7c322ec007a903a18a477c2887b2d0e80e90119

SHA256
b7a432704cec99c34d3d7d78f261f792f73610bf4e30c1e277e061613e092070

SHA512
b1ddf8e4343d12893a7d3ffab8511d42d754ac34db9fb88eb5682700e02ca47481d8b922dd83244601ca21ecd6038117f5ef9dcbb46205423fd3d5e53cc159c8

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
68243838eaf306d995e173f4d6226c62

SHA1
b99cd72165c324d6b72b2aab39772449449f72b1

SHA256
cb44a488df4ce13a607eb9d9d95af986ce24eb8ed892d348fcb2b82c289ddc4a

SHA512
eb9ffd776d7853867d95f418364e094ff9844cd477250c8a3b59ea7a8eb1cefd353d13a856346e94ce4b0400cd202238509aafccf07dd64a126323c8deabf3ca

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
cef3843983a01a977a2deabc5dc0a1a9

SHA1
2614b32d7217f1423be9a4318868e4df292373dd

SHA256
d828c20c91400a16f794e8cd46f259343babdbfcca7c0396350d3c60997f7f1d

SHA512
0a556504af49543c80eed10e2c59df82bdd099de34bec7898e76eab8d6ae6c2ef264d9e9ba3c7ffab7625dc0d325730ee880a9c5d29602cb9369734cbf2c309b

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
cfee59fedcf19a6019f35517886477b4

SHA1
7624af5a60bb67d1c2325a9396d028cf828b9e33

SHA256
dd3c9af4f1a285974de6275d4381e5e10c1856196121715c5854352bf6aa7fa6

SHA512
ac4f3bee08577205024e57e9cad127ae79d06ee9dd1ff32ae12911406b9fe9cb8768c922d5f6c7758109698762401b2865782fa5fa1fa09f916d97dde8f17051

Download Submit
C:\Users\Admin\Documents\TraceEdit.xlsx

Filesize
14KB

MD5
d15980ff3196f055ab5c6c63e83d98b2

SHA1
19db7e6e49880188c13757ba601e8a72449ac030

SHA256
4b5e08a20370846e4e5e5e5aaaada8ffe056a867c10c5dd41921cd657bc76646

SHA512
83ed2dfde4092abf594c9e06a836c699a14f2be0cf3b2fc4330398029f8f24d0043996fc1e493eeead36d0bab9d1602ef6d0cc29af1a7de1dbdc6fe2056352cf

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
2df6b17dffd8a1859a361a0aa574393c

SHA1
cdefbb6e4fd5985ef917a859fc522e2bb0284edb

SHA256
1f324f527975db016e1bc699b5617b83910c4dc8d349779791917a564f958fbd

SHA512
3d60603db22cb0cb5fbc6126246011b523ecbe88ac1f556a063d25a3012f4dc66597ac14862860255c7324ade1df7015223df0119b6a6696b439b11b28b13906

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif

Filesize
49B

MD5
bc9234eefeb669f27c06ddc84246cb97

SHA1
d2b5bb9ec848d6543b52cf91c0b381f784ffdc01

SHA256
a43e895e8903394e4c7a804c074f61f7b21a0f9eae867a570bac7c8987fe1a70

SHA512
f811734e0b3b9d88bcfe1e96c6f0c19f23f4db6faa29de6e7a7403981a942f5f319c66e1bcb8a105162c72c36a3de2e8530702d4ad401b3035694746ea20cffd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
785d77c05982897f5ec27a60c68747e0

SHA1
4069c5c8acbf65faeff8dc110dd04cece7ff4826

SHA256
1d81b7c4ba7bd40afd218102059ca808a9e56b1631a902c9b51d33d3b258003c

SHA512
2a1482601620a1005cdf5759a3def65b94965762c5a567d999e20de77eb461fbaf02487427b6f841cf414aa5d5c662a7843b3d255c2138641252b57fa955b71c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
10078bc882e04212f317ba07525c7912

SHA1
c0f810c1d5fd2c40d78b18945a9819fbcb2c752a

SHA256
5f07e144b5080f53a430bdb38f6d14450da4d0ec739847aecca70d0ef551ff37

SHA512
5fb68421693ac3364ea61472cba01c5461190107f4e979dda50f58bbbf000d868c40f24f11854a8afa69ba4f7c1f8fcebbdc409c06be0538aebd121a5ad3e884

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
89e95e232ddba961dd7818c3ef31ba72

SHA1
87a8bb9fee7f91d2dfd7599566a752bc5c04d66f

SHA256
a4033502d808f03435e52b5f64199627898b8f49a1ba9f4fb8dd4965d46e59d6

SHA512
20e63d0405e8998f283163830295c26d1ee896a868c1f668491fc1735ae1fc4dbda1ae887d0e80035069c2ccbddb4ee653ea99cc5533362830eef283fcefc8ef

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
b47aeeeefbe187812b32da6a6050f2bb

SHA1
ee16ef42fafdc4c2c1e09be3cdf15a6f3c6b00b8

SHA256
ba1147306b152ec12bafc2fd49b34b917187b99a0966f9b79f10217d4bb93c3f

SHA512
5c34af9249ab57e20ea16a3294060cd74b065c7226b4471e67c770e5bad2784b23bed41bc25100467fdf4daf49571d42878939475740ec68b6d9c192f6b79940

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
2a65ceb211f297e85cbfea9815971ab4

SHA1
00943a8dba6d552e01acdaa15a9c473ee8205791

SHA256
51e60ae062349272961b35cd41c81789386e6a2bd783e7b2ab4e3343adcf313a

SHA512
4f02ee450f4b1064f335f36f1763d2f7abfdf1b346f1e2a1d7512630d16a01f723a4e6d290c233766f8bd1d0bd3cf401aa8b5009bb168840d7c44a5bcae81157

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
480219d8c85debadefc50fc424f36b8a

SHA1
904074167d6ae6fe9f27b687be49557cc7866f91

SHA256
cd8ec7ddaf354a3d4e100a074b9b6e473f02d9273934250357de62560f942f24

SHA512
9e3af363fc14b05dc0c04f082bef5349e9e5791226ed4a8098adde84f00373a1b5bd1ea91fc9d0dd133b8656ea1a74f024c32ed6390d6fdf5d353af5bd537cbd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
5fa7d70822766ee95436e314762ee053

SHA1
4e1063d591a9620aa58203fa00ef97ae6b376627

SHA256
a78ec826d1579adb8e89219989e52607af4f0e4cc1390c42a9f00c671e0cda43

SHA512
e576a890c0f90ab6a567544c7f4da1e6732a240f43806442e8601710c68a8cf6e80d6469dfb9c1350016303870815c3b397ab2581e901fc727fa5c5f6737ffb1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
25b2065dfc9051e26dc123979a475662

SHA1
340a3a32c8c7779e72f37e79552a8430309d101f

SHA256
d3fcf07993b1c9580f9eb3d3528c42249de64889ca9492ad72e586196153a4b0

SHA512
c600c9baa59401f5711e5ba7324b43d0048ae8fc948fa1df6128d9a4cf8af2d0e7b8cf2feaf99edcd27c1ff09e30c3a8c5f09cdb75c8a00eb133514c6734a6ca

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
d6b5a02659b0ba4f674aed27d0bf2a0f

SHA1
c530cb6f8c7286bd2f6b600778fcdc661daad999

SHA256
2e8f8a6aef90c8793d858b8f019b49e24864b818e3ae70b2e3c08fdb91899865

SHA512
3662121e98e45f0e6ccf8519edc955ddff5c01d81fc9c0d43c8f1c77297bfdf11c83e79c0f378398f5d23b1990369ef6ca61a9f661cc238184161a26cac5a7e5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
cd05023fcb9080ed76097fc23c1fcfbc

SHA1
26b175618298c514c75c044821ef8088f5d99ad6

SHA256
78265129a93fde3a02c66366f42f9b07637de18e2c9a0795ad17586e9b66a401

SHA512
08049642b9b585bd05976876a2f61ffb1880c72c0bde4d7f99244e3a46608e8b63c90a4bd0d1d352f33d907968855c6482a813a14d468954032e5c695934d01a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
3c15deb4ad30dcb3d2b50ff39b60887a

SHA1
c2e5ce6bdcc1a2e477e542aabfe3f189572b88ca

SHA256
cda31a5b359c89878dbbb0afa41c2bafd1d97b7e0e5b8637564288ab9d908abe

SHA512
b1c5790c91cca24c04f5df5340ca79d514592a7ef6f704d844f4eef1dc2bcce81ab3085d74f391cb459b733a852cf3c193ecf95d855a039d099c67654bf93e1e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
d5a7df3bafb0aceef0257fac581bb75a

SHA1
3c2803eb9b350c9536f4848984f39b1dffbfc4d9

SHA256
42c14a8afa6efbcbc74b47382559e83aa275736110a3f5abd2b52313fb3dded5

SHA512
4121b9e56edd941dede0238f41ad54989595cde29b2bec83e5dccc32efacf5fbb20f9ac147b39951290216c39d967e426191efe0b08dd7727797038481624283

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
d98a50b2b163d78b2dea81805d8a7352

SHA1
179834cd359d27d8e08ac176a2131611ffc8018f

SHA256
f0658becdd73b42a7249573af071ddafe6fa4e67aab0144896a9c7d438d55183

SHA512
8e9e9535c4cdfa807c1d8ba60f9a019c33fdae3a3eb4cd8303fcb1b8c2896506737c8a63d6d3b0f6f8618c9c01f84b1976c7531976bbb5796613029a554fb0f7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
972cc28fa41c057529dd76b7368bf318

SHA1
05bb2c559384c8ca8e6ff4c3c53280a2dab31b46

SHA256
a5bdac680c7e3ae318975053f8f0e2149bb1f1c92452b5d02ea00fe0e816a667

SHA512
b87608b5e85284c803f7f152347577ffca4fd2638475b075f9fa2291df8ee39016cbcfbeb9462a8e742e46a927ca2f0210c5c6addaf7828612152171c9477994

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
113fbdce4db0a1efa8641f6b7e1e54a7

SHA1
f1a38e834eaa204e064eeca4fcec9a3cfee171af

SHA256
b3d637ddf33241f8af78d70ceb7835f9f8a515ce519f57d7092482440e9417dc

SHA512
f5149860b2620adb45c7a500733fe90439b24fa29059cfc8d70de415e280b002581cca954198f78829426e43880bef2d41a542643d32c9806f536e30b64b1d79

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
16848be78c17c86ff9e584a3fe931aab

SHA1
b19ef630eb0760a0674c9f9864515d7e51edb3ad

SHA256
daf96e22001acbd9068361c7b43c88e482440f825033924b2fe792fdd0ec5e05

SHA512
37cb092ea32a01e38192fcdb12267d23ff0d2ded5bf8d27fde77d7bac040794f58499e791965ec0fcecf9a0cdfd56117d90d49f6508a92a55ff8456453f50402

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
da71778ea433431029d7e9aa0856c8f7

SHA1
04c87fe7832f62bf35a86bf1325c337cc068eca2

SHA256
f73f2f08b4b95f295c8ff7e2d2a32326c2beb048991d5f7b091c592dca54a404

SHA512
02c403043b6e99e37b3513a3cea247bd130fe348876bc04232d73a8eab6079ce6c28135a54efd6a93a004e95cb9a0d9c7554a1bc1ebca15c20ed9d55b03829c5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
a652694fb221a616927ebd52e286e44c

SHA1
d0f9f6cd264413d5280d4088dc0d633c73a1e7f6

SHA256
39a5cf669da531051eb75d44b008fc52ec321343cc18a2117bf2eb3216fd5bf4

SHA512
bc45df194ec688da7ed0f10923f78fb4543f9daf937fd63882f8099e29a142cd02af72ed2a1fad8f86821ca54c4b7932c109399906a3c9c9a46679afb8f25a4f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
f47aa58d0d4b32688b4d03fe5b52823e

SHA1
8981a67b83e389153e4d3e27fb74756f6a58c768

SHA256
863e1346dae7127d6b825764b6a29f9155069c56dc9872e022b5c775d6efe7b2

SHA512
4938bb4b8b01f63d4d645d6d9ae52369e833fa629b922a6b2366c633133d77c313b348b721e21179281a85c0ae29651962543aa0602aaec6ba8c4e9abd1921aa

Download Submit
C:\vcredist2010_x86.log.html

Filesize
81KB

MD5
d61c62d685eaaae728c8c273b538c3c7

SHA1
6535391b8e47b9a250e08b7f4efc81a9de2872c3

SHA256
a87ee5a97ec34be8541f15c22d6499fc17d00500da01c1f7defc6dc8db794a36

SHA512
ede60b51a35c4b5b881d4f0c793fb2f876d7783b8334e76319ced63cb780d9b4c3ee473fbb7ef4e7c53bb2ab72675b95529d5a18aa9229d832f025f9f4a6e276

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads