97754aecbf59870d595178917a5c8ce6ff8211d20bc804332233b85fcb7a26c4

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-12-2024 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
Size

12KB
MD5

c8f3115838b57dcebe58ca4a63bbb9f9
SHA1

1499782dda07a69281fcf4b77012dab58ea241fe
SHA256

97754aecbf59870d595178917a5c8ce6ff8211d20bc804332233b85fcb7a26c4
SHA512

a38dc1be0eaf93e2874d680b5d7af357b45cf50bf58cb6c2c07aaf5ae6a43a6b1bb8548653ae13ee51672737ed83506f225794996f69d5caa92a4ff83ab9c6f6
SSDEEP

192:o/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMrmEy:oebFNw4Pk1itKkpAjjI2YpdmqD

Score

9^/10

discovery ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2210) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ClickDownExpanded.gif	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\fr-FR\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\AppInstalled.gif	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\HomePremiumN\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\StarterE\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NDIS\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sv-SE\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmkortx.inf_amd64_neutral_1975687236603184\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\Starter\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_scripts.help.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netevbda.inf_amd64_neutral_bab421df9c31cc81\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx004.inf_amd64_neutral_2cf95f307381e481\Amd64\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-OfflineFiles-DL\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\ja-JP\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomeBasic\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0804\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Throw.help.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_WMI_Cmdlets.help.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00z.inf_amd64_neutral_aea50acf04a2db1d\Amd64\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_providers.help.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_requirements.help.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_modules.help.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\en-US\about_BITS_Cmdlets.help.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_neutral_f8bdd2cbac28a8fd\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_profiles.help.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\EnterpriseN\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions_advanced_methods.help.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmarn.inf_amd64_neutral_fa693d8797766f49\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx003.inf_amd64_neutral_d1510a8315a2ea0d\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\UltimateE\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0409\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_type_operators.help.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\arc.inf_amd64_neutral_11b52dec8e94d9aa\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hpoa1sd.inf_amd64_neutral_caaa16c52c48f8ac\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Assignment_Operators.help.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_hash_tables.help.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions.help.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions_advanced_parameters.help.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pssessions.help.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\spp\tokens\pkeyconfig\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scopes.help.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmusrf.inf_amd64_neutral_439e7d1dcac00aca\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prngt002.inf_amd64_neutral_df2060d80de9ff13\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_methods.help.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_neutral_f77725472d91b1d1\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_neutral_8b26ad5d0cc037a9\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdyna.inf_amd64_neutral_7e4d690d07ee94c1\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Session_Configurations.help.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_troubleshooting.help.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\HomeBasic\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmiodat.inf_amd64_neutral_839e9ee1a8736613\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\Amd64\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc004.inf_amd64_neutral_bbd3435eeaf576ee\Amd64\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Switch.help.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\com\it-IT\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\Starter\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Recovery\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\ja-JP\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\Ultimate\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_neutral_b9280780a8000d4b\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\ProfessionalN\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_pipelines.help.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_pressed.png	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\css\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02466U.BMP	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15168_.GIF	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Response.gif	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Groove.gif	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\J0115875.GIF	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AssemblyInfoInternal.zip	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows NT\TableTextService\TableTextServiceAmharic.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\settings.html	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Mahjong\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\redStateIcon.png	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099168.JPG	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02218_.GIF	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_partly-cloudy.png	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0300520.GIF	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\GlobeButtonImageMask.bmp	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\TAB_ON.GIF	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\SHOT.WAV	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21327_.GIF	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_s.png	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files\GrantFind.doc	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Purble Place\fr-FR\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\UnformattedNumeric.jpg	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter_partly-cloudy.png	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\css\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_ok.gif	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382950.JPG	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14844_.GIF	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR9F.GIF	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR1B.GIF	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\fr-FR\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.jpg	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_hpoa1ss.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_bbba7fd9b4e0d732\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_th-th_d3425786c0003660\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-sports_31bf3856ad364e35_6.1.7600.16385_none_c1c84490c211896e\NavigationButtonSubpicture.png	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rpc-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f92318b478516665\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a2b6db8d0908d662\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..linetools.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cc53e808eda33786\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnky007.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bd86dfd1c4d5e0e8\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-capisp-dll.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_429833dbe5cc00fd\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_gameport.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cf34bcbc7f566a00\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_winusb.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e8191a4b5975f329\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-advpack.resources_31bf3856ad364e35_8.0.7600.16385_en-us_51b86a7fe0f26a03\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ment-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6de6a511daecebcc\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..w-devenum.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_26629994ad81c5a7\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_99195a03b9496b17\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_remote_requirements.help.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\74c8f5e75ec10458436bb476c2cfd9fc\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\it\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-snmp-evntwin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d67ae197822a6ba5\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-u..files-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_61f22410c476d267\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-msaatext.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2f1e2f82bbb04ffe\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\inf\usbhub\0411\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000081a_31bf3856ad364e35_6.1.7600.16385_none_588458f27036187e\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rundll32.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d790bc9e705bc218\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netr28x.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_93c3d0b29e38d8a4\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-azman_31bf3856ad364e35_6.1.7601.17514_none_585e832110fb75a4\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..xthandler.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0f637e6ba35d1e2c\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-a..ce-useractionrecord_31bf3856ad364e35_6.1.7600.16385_none_32c4b0bc55387f75\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_ru-ru_924a71ae0e077dae\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_sr-..-cs_88db3354592d20be\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..opeerpnrp.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8defad3fb87a4ee7\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-a..wdm-audio.resources_31bf3856ad364e35_6.1.7600.16385_it-it_fd34f8922d591280\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-credssp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_eaee1bbccc2029c6\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-korean-migration_31bf3856ad364e35_6.1.7600.16385_none_84651353bdccce78\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.build.engine.resources_b03f5f7f11d50a3a_6.1.7600.16385_it-it_e35d5cdc18bd324e\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..ystem-web.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_45d0c7ecd3f5bd59\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-push_31bf3856ad364e35_6.1.7600.16385_none_cc073ae540855a07\push_item.png	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..ini-accessoriesuser_31bf3856ad364e35_6.1.7600.16385_none_7ff91f5d2dd6c770\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnsh002.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_376b9ae2d81fa458\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.iis.power..framework.resources_31bf3856ad364e35_6.1.7601.17514_de-de_527cbc407cab8a51\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-corbel_31bf3856ad364e35_6.1.7600.16385_none_2e9e7f8d18669105\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-locate.resources_31bf3856ad364e35_6.1.7600.16385_it-it_45e2cdfcd1d8d8f5\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_45286e597214a485\401-2.htm	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\404-3.htm	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Idena7b556ff#\0723ea64eb28deb30a0df931a69feba6\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-bootconfig.resources_31bf3856ad364e35_6.1.7600.16385_es-es_20a4a7ffdd575f27\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..-comm-dll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a64fa53805e723c4\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..lpaper-architecture_31bf3856ad364e35_6.1.7600.16385_none_d99106b927aa7782\img17.jpg	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mdmbr008.inf_31bf3856ad364e35_6.1.7600.16385_none_c32ad6c89eb402fe\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..on-hkmsvc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_077dcc4c16fc3919\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-proquota.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b1dd5830a5a06b3c\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..k-softkbd.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2204231a1958833a\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_functions_advanced_methods.help.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_adpu320.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6a45a05a6afc0a79\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-fax-common.resources_31bf3856ad364e35_6.1.7600.16385_it-it_324e7c801a8beef8\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..-kerberos.resources_31bf3856ad364e35_6.1.7600.16385_en-us_daa798ea36daea7a\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b1c511d8fad78ad3c5213b2b4fb02b8b\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\Boot\EFI\sv-SE\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_da-dk_58a1f0f7e0539925\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..otmailapi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a51487bbaa1d90b3\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Heritage\Windows Logon Sound.wav	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-processmodel.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2df93f296f7a76bf\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..s-collaboration-api_31bf3856ad364e35_6.1.7601.17514_none_a39735a9b3e58f7a\HOW TO DECRYPT FILES.txt	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BPBIDKANWTDRRFK\DefaultIcon	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BPBIDKANWTDRRFK\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\E9G713do5ll8EP5.exe,0"	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BPBIDKANWTDRRFK\shell\open\command	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BPBIDKANWTDRRFK\shell\open	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "BPBIDKANWTDRRFK"	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BPBIDKANWTDRRFK	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BPBIDKANWTDRRFK\ = "CRYPTED!"	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BPBIDKANWTDRRFK\shell	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BPBIDKANWTDRRFK\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\E9G713do5ll8EP5.exe"	c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c8f3115838b57dcebe58ca4a63bbb9f9_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt

Filesize
17B

MD5
cbbb9f5dd35f68292dcef3020f9d0696

SHA1
fdc1b69aa777f6e940ba1ae9b3fab576fc7ed95a

SHA256
3f4ae3840d456a08b574639b6fefb217aaaef6625600110fe8aebc864c094ef4

SHA512
2929fb4970ffc66f4835bea44b9285a2408401b155410be12b3314a383e50f71a7a0fe665e9f03219328ae675ba6bcf0d841204229120ccde73ca190f5572d81

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
5fe88e9d177fcf7371b7f8958d71041f

SHA1
b00dc3e1c5d4217486dc073365bfeaf74bc461c1

SHA256
691681e4ca59652b1e3177287562b33641fd9080114ca619124bcd32b4982d4f

SHA512
00aa630efc98956861451466041c8f1d48d0a976c662c50e66388559ba977ca07fb68ad72d1817795a46b10b4e45a3318c0f443f58ca983847cef6ff0dc22fa2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
665fde46fe16ee499c71651e419789f8

SHA1
86e0192ff1e1780ca00c2b21e031a3c8a93f7581

SHA256
2e3c128ae77ea2b72ca458b9e207218e25beca6f40955d1a25b14a01e24f21e2

SHA512
8e81468256c09ce0d52ae19c5d64b50504df323373e2ce045702619438d6d3315ff01b09bfefe8fa85c354c7ecce5cf531f672bafd1f4ed81ead0059f828370b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
5cbf832e17dbf59d9599a0d5068f4b20

SHA1
3627eb13042935f734a1987eddfeb1cf0aee5919

SHA256
06cc7b604af6980054135f313849d0b6d715f94bcb61800148d9c202d8a6823e

SHA512
c8efed4dfde391e431941052537134a0cd2be946691d36eca519a33a2339e44c32b5d2481be74bcaeb6e858b5d1c31360a86975c489fc1a451764dcd783cb91e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
e9bd97c266b178773e92b7af922da2d5

SHA1
591e6d65aaad367c08884f3411684728d868c13d

SHA256
24f7142c6057116106073dbdfa9837c83676ed96ca8fc09eeb677831db682446

SHA512
aff514e8478ecdb2a439eda0d9fb5c498b182821b5e519f1ee43dcaab0257a80d12fd4db0e98b0f676cdd1b6048fc9cbe4ac26dc6db26c0ad3bfc79f9348421b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
a69d184a87bbbdc6a7f9d2efb4ccfd43

SHA1
30b789ea890f535f6ffceaeb5628604fa6481756

SHA256
07687a0308b2d87e1470b907a1a9205882b2ec5f1feb4e0bf6deef1276721c7a

SHA512
acfc4bad98319e2c53cce058f9395a8731d4610216a9870eab811f8062f5721725010bcc11dcc933d1da4f7204fa470f8d82506225020d66b49f4e284b107b94

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
d1d4c2ef02b8bc94fb45a21b84a7ce00

SHA1
b55966cd950d2ad6910da381ffa20757cbb751b5

SHA256
3e49899f5ce1ade30077f970c00059b0f22557f9b7e047216e967bdf0a3288cb

SHA512
d9fd00e54716b29dbef1132e1ed6f945c59d495d150e81bd217072fdb863a338f30e79c71764db73670312f45edd1c33216a217ddc23efa12fc06dbd2d80e183

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
f5fcaec1a2965fcdcd867bba86b03e85

SHA1
6a4e1d4b82908e2210cb2ab5db8bbb5ff5fb7dca

SHA256
907ccdecf05e838217467688f24a2276d8198d8fc5310816ed435108cf45c922

SHA512
62da7d1b13e74d61047590e0ad29b0dba53a48bda9e0c1128676ff9e8c37f6e57a176f8368e2fb1c37cb181b040f64c630299931743577487b04915a995d1a93

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
3bc547e7f693082486103ec9cdf9b98b

SHA1
14111eb20949fa78e39c1562124e21142d8c10d1

SHA256
b9e4d7433a14b0ec2f6f13803ac960fb37a7b5fe1cb9f85f3b07b943960efd91

SHA512
703ede11797b2ea7c80d9b7a4ec9f7e0c0f4b4645afed6f82d9049931c05ae66371ad8738f1a13f3fcaf287270096103369a5427128b9e344ab3ea6ad5fdb680

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
ef0d109ecd4aa3de43c5c05a9e33485f

SHA1
f3e8c967443dfd3675b448fd781b9ee793a2df20

SHA256
7ebb8a1e3562fa983c445e6b8aab827f505c54814fba4742585d6d98426aa35d

SHA512
581b0b856d725ab9624d4ac5bb82224c3a35cd04ca161b622c729a49ae4759a07febe264907284fb39bc13ab33a4f01b465e238eccbf18e406e2824178156a76

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
619c78d131e93990ca28f1d1af505aec

SHA1
60b71841d831a8cf17205de3103efcdb6c9708ea

SHA256
8fc6c07e521ec1091f16866a52715799ad5055948a0cb53776c528c1ab46956b

SHA512
66a13922fe06b3139cfbc8dd7e73c26469ff42fbb1ea5cbf1c631f252d4f367af4b67461bcd5cf0496ddb1148c04c32830cb11664b20257d91f6cfbfdf1455b7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
5bd9c9a16ab189a7d3d8b79fc176eed5

SHA1
6f4c62af59ab81c9f0c5d92fc3691fe4ab5bfb85

SHA256
57359cd08fa0cb190854a769bd5321046732c485af6e6d3fd77ae6c762fc5aac

SHA512
85cbc256d84786c1946cde48f7b1d63163226f7bf1de3a8b756fb24577e561a5e5da6fc8d77785ca8612fcb70a68867cf5c270f379c91cc5001135701156f955

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
af420beab61c659cb896eb31c83718cd

SHA1
a94746971b5b865cefaa62a2624a27c6b5571782

SHA256
93f920bab29766085e2974b25e50e2a8d20cf701048d1cd669e761fa8d79332f

SHA512
c16c8eff817ee5eccf7722db86e04183888c9d818b243e8ee13f82663d36771c63c252418683da01c4b8514087e9b3648c48f00fc926e469a5deae5da551c885

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
e86fccc6db277b4ec66d870b8496f483

SHA1
3e1473efd02e215bffa761db577a820924474798

SHA256
8237dbd26ba631a4919810c753736d0272a135ed9f99d7f0f0a63e1c8eb1f33c

SHA512
a695ab66113bc2e015a7b2ae25d37bb229cdbf4858bf07b1f8725e4c71c9213a43a40eae4e8c352e6d3f891d35739cc5e71b5b252a8708a9cc419d0acbc0df48

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
361e53f4c0af49a3630cbb3c7c9b3636

SHA1
e667db8d479ab033e14e4b3d47d2ad39e5f8f04b

SHA256
dadba5b4e1e67c3169d653da60ca666e2d67484b04b207b8494597a048769025

SHA512
bb0b1de71afa14399660098ee1b4c9fc68735d0ade0fda0378fc2e5ec88c330c9503c1abaaa4815a32a66836d48a724ce615d67dfd1cc3dbdc213111569c2260

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
f2145305877252fb661c69748fefbcc4

SHA1
8bae8a29e79d33b0bab48079aa4befeed35b25eb

SHA256
9d427552dbec5adad6db4b4997be5eec1c693eb803b581c6e9ebf14031f80d0c

SHA512
0f51c0d3d829828b38a1af8f890e1a7d868657ec9c7baa9a100e2ef98f39cd9c5aae6bdd3da1ff8f9a3b750fb33d204dfa4efd16df767918f4d049bb1ea1a321

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
0c0bd929682a9e910593bcf7f6a4a71a

SHA1
b5a2bbabb5f76fe45ec8491a1257b789a4bbf3a9

SHA256
7af943ff5fff2ff9965ce8c6af6b65e121c2cbbb371322a93bf35f3f42bbcd45

SHA512
acfbce249186250d637989ba4674cffd61c6e82c64571b930ead5d91d504353f4d7ae114547cdd2a6ece34cfc4ccaeaa904549d32eb6020ee249d1e25f4f593b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
f74dcb5ff9e6e598e19b4c48c2f54c85

SHA1
3eb4a1c901f4cc7986a966a0702bd21cefadb3e7

SHA256
b9423ccd5121077ca8fb3152f3908a8f3ebe2da0b81553664d244e60408d20b2

SHA512
68dee119a8a5b64e74e2324bcdce630cadf2c5714470218821c51a6c5bb99dac9489b0084c23784570bca51016124bf8df4ce7bb9f4271d4bef4d8fee5b49061

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
4922f4539496feff808eefdd6b573f86

SHA1
b20b5e3078d6721504de0db427ca7ce48cc73163

SHA256
b4e450be60cfcc1ff691711be41f7b5e61d7873486f3b3bd4983ce75598d3595

SHA512
4be6d6e59eac4704b5fc64612327233b2fa0eacf1ce52f2941b14bbb0d01060eae75e1737c77663bcefadf1972524a7e563e9346bdec5a847f0fd11535b48aae

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
91b53cc26ef58b92b9f00cc2b5628d4d

SHA1
e4f0f12caf48d56c319cb5dd4217019b143ec943

SHA256
ef1d238b0f293e0cf33736c650b7df403b155a15f11f1908e8038dae5a66d3dc

SHA512
f81daa4f7dc0da9abdaedbc278e6fd4674ce555691746401e2d3cb12efbcf3d7a27663a62c797f38d8a57c96f2adac603e10dc0e20ffe6e5860fefaab5367e52

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
372d62fe4cf794b7af80a5a0ed0f3701

SHA1
e96df8a50141b9f95a833cdc115910a895c67a96

SHA256
91fed637d5557d4da9c178334db6b557f0261ae347cb2475129a676aba91c5d3

SHA512
bdd379b0c7c8c60cf6443681adba630b1bdbe6f6afde70eca65891574670eb735697c17be57b0aa6bc33b110e1dcd0efae17dd99947547192e2ebe03cd25f20c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
68fc466da23a5d8bf89f6f05d0fc60ef

SHA1
1a24df3fa98d8072a4193bfe04a70a6ebb182e49

SHA256
b9ac498940d69beca3aa6ba56cf9ad2fb887f549cef9b7d0dbecc180839ff9ce

SHA512
6a67e12f891068e7589d0f077dbb11cd493c0dca5183c8a4cd7d2d82e59bed3cbfae320c89aa945e89cc336ae08b5dee1161fa72de08ff93f34f4e43aa6dfc67

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
7eb2c745286dfe48cc98f602b60dde5b

SHA1
c77fb199d8c04c4f29efe30587ec57c3e817c014

SHA256
92eaa21e4e6d7fcce92e3736aab86fefff1c0a37d7118c355d689359d856f221

SHA512
55272cf74b9e7cc07df5fa7c086998444068937240f0eb228aab094c7977c9af7ed7f136b3fab69ecb9a98b8984869d464d8ad83010626fa93978079af1bbd3d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
24cce93f49cce67f83b4328ccefe949c

SHA1
8c788affc520a23e8c3616b3068ea966109b94f5

SHA256
0c6754981a4da9b96cbbc57ffbf6ed6796a78c0abd10fc084bce4807b1abc4f2

SHA512
3e4b04f65e8813daca8654425acfd36a48218fd01ce9fe422a666ad45256301db77bccbff7f0df89f34c22b2b532556bbe6bed1d8f9ca41eb626dc011f0512f3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
c246b298cfafb797abc87424500f85c0

SHA1
534e50fb4747ffcfe2a88fce4ea57e2596f7b6ad

SHA256
390d8dde8e890c2224b99559aeebc64894f8254da46c47c1e97740156a1ec3f4

SHA512
862985b7b1327ae2eeb5ed677d225722e6885af08adbe96051926ae53b78f3b11d9065c72e41a2e3676bb3ea670564e25185470ec38ab84a27851302aeba7db0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
64818e704b04382e84df4cda784deaaf

SHA1
219157421e4733a3100a02c974e015df74764f3a

SHA256
cb7c476635827dcecbf5072086578c0d5889d0015508bc22ab5f7ac2d39af39c

SHA512
7be7afcdd5c5ea60daf120a146f6270b660073cee5b1d9476a639248f7b59013487df0923cd4fb291d55ee3d65a46047ef18ba660facf734d5d3056eefe12e09

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
aabc2dfbc221b6130269efdcec066f52

SHA1
86628385ea319cfa238d11f2e2564287a64c7c3b

SHA256
c1dd0d097f889f79058fd22157c575df0b73f2d43af785e2b15d5acea2f46582

SHA512
ca360cdb52e57ebd400508dd5167e82aca68454fbf7194ed47bb0a27bedb0c0838df5519e598dd7aae0e9b009c3e1899e6418c5045fed1480e4032faeedef7ae

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
df56f8f8e63aa5b9475c3a873e539281

SHA1
94429a1a10a951a017a71b3d177cab3efda8291d

SHA256
34555eda9aa65d8230d6d3568c3f1e9cd4fe2ea669c3dae34ef24e4f1d6ac207

SHA512
4c17c5e4871762997e15c8e222d132153c6608d8d67d64b14ae6ed398fefc2f460ed7c5d388d8c87b07cee9ceb74a47083f40a8ddb201556fcdd8c774a54b7fd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
060bfa1e855512f7685aedb9b778f78e

SHA1
64f091dea87809575a5a31f9ecc5704461764707

SHA256
49e1c863e83359a98130a63ed7f740594661015eb301284e0b88f85972089bb4

SHA512
1d381badfdabc479dcb66583b85d4959dca5237595e11aa8a25f3441e40f7abd5d6740be8cbeeba36fecb7ae0672a35b827dbd85dfc11a463cfe43bb8cc98903

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
bca065115e50291f6a836279c1d0c4da

SHA1
f08b37f50fc55dbcf82bf29a1a83b125b57e46b2

SHA256
8fa2aa93fa03e38c2f429c13fad5c9ce10a2e8ccb3000d3bec1ed5ac973fd16e

SHA512
e322b39e8e69a1743f1f91fed75327cfed2113cb5cb9e9fed450aa25e0ff31a748caca9c3fe3f7c78154c6534b90e01d7dec246c0eb88351134b1e92cca7ddab

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
bfdb5c6f3a0423ae609129717d1f65ae

SHA1
b574d5bb70cfc889f08905e174269355aa1da75d

SHA256
eba7517815c299ba711cb0d233484099a168e47a6ed18913bc7306c3427fb3bc

SHA512
9eea2e3a336a8421335153d55752c5c79e003ae8692e6c495176e0840fc83ae429ed613b80d39a1b1b76d216e101b6843001729ea7700e1b064d51629d811c38

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
e1e4565e059c6adbce055f6eac7ef083

SHA1
6e9b157adb1f7deff8cf3b941d75dd311ddd655f

SHA256
e03e268e28d475b93d862604ea0bd59a9da86075d06a78d54b510fe7378d5a3b

SHA512
e5528472b2139df47be5db3adb5dfc9a4ec7c92e36322a3bf906ba9b4c766d705bda2eb5d6c9a763e46805f09afeb0e389ab9dd837ab5a879ff29456b08a5251

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
b3c31432fd5f0d1bfb5ad0d6ebe2611e

SHA1
81468da3bb35ff10b68ae4579d30fe697e1e3636

SHA256
673cf3567a44879e4df52ec221b54feeb6fadf86df8acef52fa6d11adef8f3bc

SHA512
dccb8969e4e22094a85052ab8366dea9d56170149b6484faa0acc60eb52fc4fc9698e680e167f1cdb2bb8ff3628e182c04c9e7ed7b4c3c171f79e2105a18d8a2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
0b8f873217476ccde5b13f8bb44b189e

SHA1
be2120d2d94b5a7907aba444b27a12c9edfffbee

SHA256
50a25f7dbdfc429269fe0cbe6703e1685e673e30e2a700e4ea9b19d1f78b6045

SHA512
1007730a386478265eba34eb5a1fd75f94765d4c37af845d55f20edaef3b77358e41c9ae09f1bb92937c8d7834ec31a921685db83c505e7e1752624a81faedc9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
51141d2a957f2f3215d1b0c5f286b81e

SHA1
f8be18ff0fd715c099264aab1d35d5f67fd45016

SHA256
f785827774dceabb645b7c5024b9bb97581631e3ed0598082e98f64d380f87d1

SHA512
c6ea89518240c933347fee78db2221c8af9ea599d563b98cf1843b68187595088c750e8627b2d1c8ad5e7b1e3413fe5332e5fafefc697ca33fb7d0ec79966593

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
de0c60930893c586226db51170b5a6bc

SHA1
85726660be96a9a26439a2a8617ee7fe95949639

SHA256
64f460c65383b957010736c5f83a605a97e9ebaea058b5408cf9c290c59a53d5

SHA512
9d3c3b60fb82b94aa9d512305e6cb8c3a6236ecc81d7d46d18e1205086a8e1d605d62475a55f77cd352ef3b2cf59d1fd6fab3f314f0b58ff4cefc130013f1e85

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
fa07e0f458d294e0ef655a6ebc687e05

SHA1
473cf6f50003099eae4138b71de3487b63c3c52e

SHA256
d63a4ba7dc12e81c501334a70bd526f4a474808d9116e4f623a713f0aa25bc2c

SHA512
3c71949e331f508e5cc9ca5724abaf24a03de95e2b55da3028b8e99ed9003b94551c5425186046871edc35974cf0ca9dfa26fb656bb1e2cdfd2a711d720df3f5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
e8bd96b6931dbfffeaf9bb79f781a6bf

SHA1
8175c8dfe860180add2760f807d2f10f242e8b45

SHA256
428b5dc34dc10752300afc9a99e0f1c86943c0027f8542a089a4bd8a25e127f6

SHA512
ddc93379454ccbb9c1493da945b1b6f14ad433ba89a8c4ffccda58b0160cecb8c82a9a5203afa11258f94a277c062990163f0865ca189d4e49ca8cbf00c263c6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
6dd3738f5c109876fb610acb2ee3816f

SHA1
f4532c22d61dd3bcc7b3c4e6b6c8b0e1aceef562

SHA256
05338d1d6b21e6164d105b1e60038609d8ce103f8f569b842cdc71a289f3a586

SHA512
d1eb0f4cd0981fdc705e4b6884a378848a55c76a1d028b6df5658871d8b575653b6d197d41bfc49fdd338728d0ac024ed7c52c40b8b4ef7cd855f9935ec9bd4b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
9879a7211c0112cffe08b86cb68e7ee7

SHA1
eee0687de63463047cb41b6603b2923ad3f54a79

SHA256
d906b969f4f6bdaf9a1472031de974bc8852b91b3d1991ca13032712293447e2

SHA512
8ea4e37dfe0be1837825638b1444ae0f5248c20a126eee6157356474a26a62c8d17a22381186e531b30cc349f6a56f5ca449975e264a86b09ab7db2d45bf31c5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
64c2762d6e16c9dc3047f881cc474053

SHA1
dc0fca24f582b80620a4cf9ce6a89d9f0a3e2c9c

SHA256
df805cd3eaa529b8b341c3510e35f5a0cf7d08f87665acdf5c4c81f673755118

SHA512
3139be59f4abf8a0e472497fa2fdc7931ec629cae0989213dd4e828955727f1fd27d603994e875dc1709ba40cf362ff068c8a79aa92486988b430a1ae13fa468

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
c559251fcbfce26df554256233bb0c32

SHA1
9c93c4ab7195ee2a0d4dc53e66eef529773c1deb

SHA256
9046047c40073e5a5b075807646f916c2ac994137d66f688b94d444c662f0c06

SHA512
6b6681c7e2ebeaaae2b7cd308da900d486ebee0c17e81951306a22e51dca2994fdd27f02e8e42077e5465d4ebcfc7e72841be6f93804301cdb90e82e1a73ad70

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
6a08ad4a50179e705bdc1fb6d0c66c08

SHA1
0546ac899deef72be07fd29cc505da4267eb05f2

SHA256
9874cf14b7483347c9b96bb6e1aa52815a1a93dbbabe325dff8b30edd3740858

SHA512
e88e9b83ad84df1ae29a6e35a7dd54015d55b235f1dd6229ba49a81960689cedcb2b5bd45f92ff39c9332179ef94264e535f957e1d788128272fc27d334f05a3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
a1697237f3e0f6f7ada45b36ea42dda3

SHA1
13cd590f7eb1cde07a8ebb34276db43bfd4dea97

SHA256
498b2079746cbd025be4195f6b35502e0d0e3c01a35a0589f65816815720f8d8

SHA512
40da82f1b424f7d55726117a8bcaa7eea0a4dea76cac7b4da2b622ed3f2b1638397acc3076d27f0dfdb394005a80a77a5229e3667e54df967662c4acaebe44a5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
6001dc6376c3e43d8bdc3f72c7091f41

SHA1
2049f95ff949d092bb84db584d59ba0d9af99a84

SHA256
490744004d5dc862ce524b165de85e058224c59aef83c578713ef46f6a8bac2c

SHA512
b1cb83c7d3f3b9c93350fbc5f1c5cf8503e7c48ed8b4731f0138cb537aeb4b61a1bd41314fe0511c5886332b2a089f7a3c39ef22eaf154c0cf2c3b9d1e885c2e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
ebe96e233247fadc1f5b9b9c0f95e506

SHA1
e8f35500c2f47c627a41b0a2e5bf5e9253c5577c

SHA256
6c4ec59cfca4b83af155db560ee8682d98807fa585f6db240f4eb59c4959b5e4

SHA512
04c9a7e9fd2c68a42182604e7751a04211b3b424cbfcb7048a196160857bf650d708e116d63fc74c4d4da366613e7b016296192fc446468570e4584d936053e1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
9a30eda363070312c2f6f4db5d8d23a9

SHA1
c8d3aad4711e3f396eace88f474634e7d32f851a

SHA256
98b23a8b1d92a6c61ce2f1c59197eca5e969b61993213292045131031bb982d1

SHA512
9b1520c07e143e51fc3ebfe45527044ba83e6d979fbf48b7bfd6a1c943c6d134f1d931081b2cbe9fb9719d6eed8d4fd0a0accfe9efe459f2fd53f4c37cf798ba

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
0a2a9a9462b86d6d22dec6b058363c04

SHA1
f225aa3002b4f9743951dc5fa2a9c29bbd929c86

SHA256
d4efa57eada81d52d5c1a7e6dab7f26b0cd060bf905a9362d0e0086ca4656399

SHA512
269eaaf4ad0a0ccdf2ed14442455e2102348d24260d64ef7c3d75a0775e57b6794be62e909b90a8bb277b47d5912dc8adda06743a00c97b5b249db09d29b12b7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
1a0177f7060615cab1dbab8fe99770eb

SHA1
4718d19397ad004c913ff7b27313b4919caa1d48

SHA256
15680f8b89e8e4fefe8a3d847a199f98064119a117047a0c7ff51a1cb733845d

SHA512
629af4f36baa36a0fc0f27bf4f2cfc5800b99bf4d5610dcc7a5939d1d19653bcaadff8b0a31c0a094b514214c82aa6457bcc4df3091336fa849293afeea6bf09

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
cf4ba885ad33ef8b19d7d51cf8a181c1

SHA1
ca14c036f655ac0b3a43b1c2cf05d963cd085a74

SHA256
27113e8e907309a6fa064db80eba516c48f374e88d5bfe449ccc5882a6b3c60a

SHA512
97aa0c6fdb096eb0237a967e0700aec825c1caa00b3ca3d84f75f18619faaa448bdcb14166b0a7e384f1d04ea8504daeab8155b9fd00bd2ca535b1e9c6d196ad

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
445daf8ceb39179fd7cbae34be769d5d

SHA1
56a686b190ade74ea6f999afaf8819ad1ac7ae1c

SHA256
40c58f5c7dc673551dc530afe60cae98165c2dd1bf4a67e51830885edd670b03

SHA512
935f55f96cb2a5c54ca5b10396d537d4ff5a4b27fe1285efb9749c17a0e46c456c6a415d6c5bd4e8a9bc73882da1cee809dc03d393516c68fa9b59fab7f689b2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
fa0755eefa45c174e7a4629fc549d0ef

SHA1
8d981080dc50c6bc124ba95f2cc35da4719103e9

SHA256
cc0a03ba08b311b4f38461512d0316fa7aa6fbf6b3ce9cb68d8935b8000d331d

SHA512
243e3c396b3ea81635fb78bd72188df3dc720d9195c625ee46fae71fbec9e7926d9a6d92b108fc62be344ca95df2e174b5bb738eff3fe976ed32d3d3dcfe9b84

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
4c46a59ff94a9ba107461ffa7336064e

SHA1
85737b0257b84978b12c6667e59d147511a2c848

SHA256
e4ab5ce3316ea94ad55545bec0c2b89da3c52b653540f2da9667a5397ac1c319

SHA512
5777e5d7f3ceda6c2b90544dad8b811a3746770e1d1380c758d167f92adf1ba2ccde9de504bd26aa53e6c2a1b48708f12d64d8368b4d1e821cfa5736732cbb2c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
04775dba2287ec42dd7f98fb37d14621

SHA1
b2e7f5756df500c0c853b62c9b6366b59816c89a

SHA256
4207ffb354cc4e7daa91e88fd0332af5bf85ef258949e44992d05889cb2b4c3e

SHA512
d1a9af9fdbcf9471fa12593856a9e308e5c65aba2934c45d26278b51b61026f6b92e6768e98e0c0a078bb4b82ddb7d198dea1fd19a390726070f9f94d8a79fc7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
1787af98241ffb659601a9e61a60dc7b

SHA1
c8b7cf52c099e4c657f5421ab5f9e934e3c57a32

SHA256
91449c5c9c5a1636121920f20ce95f30f6e20f9e26b617c1fb3dc5d3cb25d9c5

SHA512
0a35091351f8cd0a28c3528f94936a04cc22bdfa798531a3f6f37d9a3d748f63c2d01469bd5d08825325e3dc21d5cf2ca838ba2c508bc604126795d7ae12b9f3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
3f08c21e5a2716737a57959ac72ca160

SHA1
07388bc7b0cbed922026beac314c252a328c76e7

SHA256
bfe509b6ecae2a68230082ae3121ec8a764e4f5e3d02d0f958ee6154336f6024

SHA512
4214d2e4dce6f776081c2889f804a6a3a06d7e1fa4a4dc11f714c5bd81ad2611157972d21bf3200bac919cef70baae885bd4c5b5d5cf1c8063e6d0337fc5c379

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
5f13f1be98296907a8a45143cb1ec41a

SHA1
69f29d397a499465388302e06c9ffde1e55cc99d

SHA256
2593a29bc6b6f79196a3c3e2586e369efddb7f53a711ebbfd9ac2374505d7964

SHA512
c8b32203810948641f30231d73c2a52599ee3a35b41dde4278e915f4a3207c08babf633dec2e2adc3108bfbf0fc3af2701e02feeae5e0d4c2c6452889532188a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
92cc0d4a80af26a144feacdf4fbd5d6b

SHA1
2e63bd8563f2a8ffe474320f2689784e50f7fb4d

SHA256
1d310a6f53c86a189592d5a1a2cb3b8124ab7bfed609bf9370c01235b178290b

SHA512
d6fcd58496ea9e767696b237b2afa6d2642b4448b7b373160ca843d6e69fd3521c02f637ddb61d254358420a8157fa933de3150588772cb580e90b12bda2060c

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
7ffa5e1e3ed1614c4ef8ecf24926246b

SHA1
c41d8111df6d7b215f210d828ed41ee16a19d732

SHA256
57b51e89979f608d026ecbc37b21c54860be36374b331b9fecac3dc82427a94a

SHA512
ffc186924cfece7163037d8a86a5db43549a95042918a7c663ea098fce36d5518d0052af25dafd3dc1b5ba284fbc0c7db3ab30f3aaf6e55ecfe524d1988c74d9

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
f0dec3cd3df6b22e6ceab155104e6bc5

SHA1
62f092b24b892a1aedec3e3347203c409da19525

SHA256
9a2db96333d9a39aacac819c90cf185bc306aba3590e8fe28695f65f236f772a

SHA512
9412cbbc553569edbb908be48e583e07113e7f804dd54e50ac2d24962669395e9ed46ceba105fc2a1bc61fad1909cb7df464fba7e45db4c7c47a9d1dd453c9f9

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
8ec0c7da73e9b7894746a091bfab6e4c

SHA1
f96c49152c0c7b91a28daa68df0cf8a8ba87f713

SHA256
a1e5083dd701cc2463efcb00707d4b33d23e8dc4aa5eecb94e38fc4caf5fba5a

SHA512
c73d239a3f8f1a29596ae0ac923082986de96cfb9d1565fa6c1ae7c933015196d1e7e738769d696c9c268361070273c72a53c8eae06d77838ab7ea0c3d48d313

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
9854c8e0b07451bb5a8f62e26fcffae6

SHA1
d7fc1a0682479fe7b3f717ef7bc1ad59c0a1e110

SHA256
fc0c5e918a7f5e58d9dbec5beedf82da1b106e5feb07bc3d126ee0765a509d33

SHA512
e0846ed0fe54c26fe1487dac95017bcbe0aba7a46b7bccdaeba05dd7fe3c79ae84d236ac67d31d2ea73b1911adb30d0769c6c7a5404e40f75287b7e00aec6084

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
9dabed97c35dad576a795596d651ec0e

SHA1
a1be075652681d5c166f06d3494ce3d751c9dff9

SHA256
5db7d1ba3a5a7fcfc19b488c27942b8ddca03d055f296367dbf1f36ce8430b23

SHA512
619f15a895a19046a9b6056f54c65e8ef42491da8d4b34fb65691fbe5385fa8e6d52d37e2b557b2ee28946a41cdfa236ae4c6ed6414249a79a43b3477c5a367a

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
32a149283b10ac322cc6d9b13121317b

SHA1
0b8cb706884f2be647c30ae12abd5c98563a4b59

SHA256
2a854eba4e99fc6ef6ec99c36afc130018bacb8dcaad7d97ac05674054a37bf3

SHA512
f1734fac41f42222a9e92a1fe85b885223e11210aa04e53cb05e74153c8a81fc8aba837f656f42081f384627421d94be0fe344541759ba26643a05688d80acd9

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
20296069c0267374627199a64c4686e7

SHA1
d1606b0ab0d560726b9fed4ec380e3db7af93970

SHA256
4be9a6ac6ed89f060eea2f8dd02b8cf20a4bf97ba69cafd0d008a82adc673793

SHA512
fbabe46fef1b62fac5ea03b796ee4cfc560cd62cfae0d796c0e113c722201b35a329b88da5c7bf82778da56e87eb4749ed731280a8d845e1f6f5ae46676a8989

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
4d66163c59ce2dffdf0bad8a420c3122

SHA1
ef02002b039116e0f8609a05aceb3e7697b51b85

SHA256
dc2fbc2bea03562fab98bfc41ab50a3e6ab5bf955d41ee7ec9ad91350e594846

SHA512
e06f00f661b818435ceba139bbfb303d161f0e863ba1d2489b74e128bc5d9bbd74318be0d7d5352147ec2c6e1675d601b23314145c6adb700ec5462c34546722

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
88162f6d138b6a0019ec5393cd156539

SHA1
39a849884b4c76f7ec14eb88428c087e4c6e07c8

SHA256
0f608efbd2113bf297f48c163df9d1bcfcd7f4c85112ace990fbffb14f71132b

SHA512
cad8f2583840f01f56ff03ab62be70b9aea89d4dfc41f74d5151d87289e1feb6ab2fb824bb5b1d85f41327f35e36f03a055b1864f12e00d2814ab18f09739783

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
e50a1f8faafdda4419ad9e2924634b68

SHA1
91372ddc3ac9e96fc9e7ee4cc3a8b12b87995d90

SHA256
52f0ec9ce3e2f5b7bd612594e652bc15c8cafe2a0953afd39b119c1a4de0b446

SHA512
dc6f652b0dab0b23c48d4274ade326a657c820d9fb415159e567df2e6177901d9c7ccf4f6ae5fc31cd5c3d4249b71146b77682672bc227d8a2bc73f5768b4ef3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
e01daa311be7dd8c26c5269a3d44620e

SHA1
6b0df4940c3100c7d5f6e20eac493c1c46def1bf

SHA256
eb1415be18ea40faa7024a030ca06af0cfb6043908f36b03fc015b3fcd33784f

SHA512
b3dbb1f577561807bca79b7255dc206c677689505d5c10ba227694580ce88e256aa5aa4dc722329a0af5dea419d65b50defe29034c3c1d78105b89614e4e39d9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
0e34bf2c49aa3ba41f264bdfbc16aad8

SHA1
cf89f84b60da1214cfa66fde9885b1ca5ea514a2

SHA256
a0e98f66e6a49c8f88c7cfbdd271377f085b4a70939532e9ca3dcf95f380601e

SHA512
dcb0c4c1dcd818773177d3a83a217d63554a56ff521060a0224e0d5308ed584df4f50d2a3023e9e8c5e1f73f6f43e9f9ddc5c84feb96fc51eca7a4a4fd0b9099

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
ef6fa83221c147ff6b108ae8799ad9f0

SHA1
27f797e17490aa2b001ff7fe28144dd8f3cecb65

SHA256
5629fd9dce4d08aca343265b9635c500d91f03b7ca490ae9e10e84efa0568639

SHA512
c6e2df1a281b434572d1e3c18227c5f7ba61d9ecc0c4c0d57b3b0c0a21f9313fef86bde0a25dfc4a34a47a7d6ea4c1496c0461af1af14b64d58e08956f233dff

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
2b60540a6b659f53b10d7ccc44fa81c3

SHA1
df5d9998b0cdda734ec7244d1edc4f0b57c9c4b1

SHA256
ca40234caf0c770009fd74a97c1ff53d232cce3b924997a8f228fac82dad2d8f

SHA512
f59f0813b3ad5b9d507693579250670a1126e49b8c2621ccf0795cd5b310660a5eaf31e4952bf3d22a2c37abde4bea20b7392c6ef3a29e58dd5f76a5f8c06fad

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
667c83c990a09ff5c06c11b843d49e9d

SHA1
9405bff3fb25406945fdc614a2eae175b448bcd8

SHA256
d76f669225dcb21e4ed604769c13888a3810ad80ce62b69eb9ee5c1e0bcc76ee

SHA512
25458e18c39ae3e5697c45d7251244f1ed877e3e3df77af151834d9ed4d43a9e24d3a07f795003d3011e767f0e8b3e522d757acd43e64f5b8f9b97316c93a0ce

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
92c2581688d28d3af78b82350b8d53d3

SHA1
47746e5a0607f168fcc2c7536731a141f630e6cc

SHA256
1ae18c3612b034f029ca69581ad6d4e9fa0dc7afd80093fd3480e007fdf187d1

SHA512
dc1bdc720fdb10fb7f0b6bb8ef6f8a7af1ee0b5c2253306ebabd486e30624366057612ebdebadc4ea42e1009cef7f992832f4719c41d951ac7ed0e228ebd0aa8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
3464967ed85837f3f2c8662d4cc7f64b

SHA1
60c3e8c9345281138b3b603d3475026107c78c82

SHA256
01108860b283ec2b486dbeaf7349f6cc6c56775e03d228812fd2dde27f70dd42

SHA512
0208b57d53f25ff9df7517eb547eb4af87ccfdd8458b6c060387a3ea82503ee87e894cff956754ef0d770a763a2772fc28063371da20692738bed3a809791dd0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
2e5488c3acde66e32eac50b81d7b6699

SHA1
a3583a96ae7f3c9c3839edd07774427bde49996c

SHA256
e9e863fcc24552a718faf69c8ed6cfc5de1423e94ffe9c3f49d76e67430c01ab

SHA512
dc60ea59a02ec67c478489e5d9aac79cbd6ab3aeef13003f90df848a63d3330e5cc0efc657313e91ca4224dc30021c6cd87e58b729e53b74ee233120cde13b78

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
dc5ee4681ed2d3b1fa938da1354a4755

SHA1
ecf5e606e51f0d8458fb08f5527caa113d471570

SHA256
3b24f350097cc437b8676d5fb9ec442a16202e19be3a7c4defa6efd1379f20ab

SHA512
c1137b502243957fe9ad6f415759b584db2ae2acf0d3b63d1c92d06476f82619ab7c2d99d8d11d953a6b5c9b4a6931ff42d08054d7947a4fb73a006479f9584c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
c1a9cec18c3abaa875366fd25348e1e1

SHA1
a521f1fe8d7552af04d7a957a90e2f165cbabab5

SHA256
c268d9dc37af40156b7725e95263e1159c7d9a32c82d69ad03277ad76b660516

SHA512
ec54158a3c3a98b072b8bbd9532acd2c68140b24f0b14a3292f0db6f0f1c8ca2fbabe2223ae56f519e9941e4e0d72b06da3a2c0403f4c88ae6d18eb528fd19c4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
4d2115b42741b15a0555e5dc062cca61

SHA1
57882111e4030e1c2b0d5d8bbeb10461db4d8c45

SHA256
2a4abdaaabd06eaee4028124fe98831ef34b43679fc90ff76b0a748f75b94a97

SHA512
a20155a4deb04b460ced822b8ba4bc6d6d991a13a165ae3b5cd138b8c53f24ac7870f8d32f6944795df7bcbd64aa72736e10095014d721d571d2cf851180915a

Download Submit