809ead42b86ac24d93896af74f2df781ff40e2157e33d47912202fe95510cc64

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
07-12-2024 09:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
Size

66KB
MD5

d1cfc7d645f1480a458deab931d69c9b
SHA1

d0f2513dbae79c174f94aad30a7f468c944f8d65
SHA256

809ead42b86ac24d93896af74f2df781ff40e2157e33d47912202fe95510cc64
SHA512

d4365ffc48cfa1fd9c89f1899d192a2ad7b3539c0c30f93d9e35df6730284ec1b725485ca0d370abe83c9b387a638d7ccaf07ea8ba95a41ac8b4b05c70625b2f
SSDEEP

768:j0FmBkpKjPYpiMQyfErDvh66fNAcnFEVm3kxq4ucJaYnpIs4KbRRPM5vEvv31fal:jOhrt8rrs6fN2sUcYas4icst2QOaJK

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2198) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ja-JP\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\20h0qrWAF1yJNAB.exe"	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\prnep00l.inf_amd64_neutral_f1fa021d2221e2c7\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx006.inf_amd64_neutral_cc725426972d1293\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\HomeBasicN\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sr-Latn-CS\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\it-IT\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr00a.inf_amd64_neutral_aa4f0850ff03674e\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\ProfessionalN\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbw561.inf_amd64_neutral_fe42c0ff14d5562b\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky308.inf_amd64_ja-jp_d90af802b607044a\Amd64\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_command_precedence.help.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\ja-JP\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmkortx.inf_amd64_neutral_1975687236603184\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmct.inf_amd64_neutral_15bb3ed734fbbeb3\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_While.help.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_trap.help.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00c.inf_amd64_neutral_79ebe29715d2fa47\Amd64\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_neutral_4ca64d28e1be8fa9\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\EnterpriseN\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_jobs.help.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_modules.help.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Switch.help.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr002.inf_amd64_neutral_db1d8c9efda9b3c0\Amd64\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep00a.inf_amd64_neutral_92a4c727cdf4c2f7\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\UltimateE\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\0410\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_script_internationalization.help.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_neutral_aed2e7a487803437\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky305.inf_amd64_ja-jp_4d77cc4802b17ec3\Amd64\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnle003.inf_amd64_neutral_c61883abf66ddb39\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc002.inf_amd64_neutral_fdb6f2e252435905\Amd64\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wstorvsc.inf_amd64_neutral_d7bf942e99bb1d41\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsPhotoGallery.bmp	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced_parameters.help.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Assignment_Operators.help.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr003.inf_amd64_neutral_dff45d1d0df04caf\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_job_details.help.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\brmfcmf.inf_amd64_neutral_67b5984f8e8ff717\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr004.inf_amd64_neutral_ccf1bc353e588fe1\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00h.inf_amd64_neutral_96a8e38189e54d71\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc302.inf_amd64_ja-jp_64ee91a0bf7b132c\Amd64\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomePremium\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\StarterE\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_requirements.help.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\imekr8\dicts\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-international-core\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_split.help.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_methods.help.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiabr008.inf_amd64_neutral_27d1c9a28eac4eed\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_properties.help.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00c.inf_amd64_neutral_79ebe29715d2fa47\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\Amd64\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_transactions.help.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\0407\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\ProfessionalE\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsmart.inf_amd64_neutral_829e8c7d1c8d5207\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\pl-PL\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Parsing.help.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_escape_characters.help.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\qd3x64.inf_amd64_neutral_e8903726d63a3f07\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_debuggers.help.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ffilnnacffikkncf.bmp"	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\microsoft shared\DAO\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143752.GIF	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0214098.WAV	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.PPT	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR34F.GIF	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR46B.GIF	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\settings.html	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.cer	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Discussion\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\THMBNAIL.PNG	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\LoginTool24x24Images.jpg	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\35.png	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow\HEADER.GIF	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15072_.GIF	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Program Files\Windows Defender\ja-JP\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR7B.GIF	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21308_.GIF	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382930.JPG	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14514_.GIF	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_TexturedBlue.gif	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\background.gif	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EXPEDITN\THMBNAIL.PNG	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\PREVIEW.GIF	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10267_.GIF	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21390_.GIF	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\QuestionIcon.jpg	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_120.png	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\ja-JP\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01750_.GIF	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.XLS	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_few-showers.png	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\de-DE\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ViewHeaderPreview.jpg	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101856.BMP	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Places\BUZZ.WAV	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Services\verisign.bmp	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ad093f64c1519bbc\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_server-help-h1s.itpro.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bc02b6df0a89f79d\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_0ca1c10dda240617\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-x..lugin-mui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8475cbc0e2ebfdd7\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..figurator.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_bf45d11d71d42eef\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-behaviors.resources_31bf3856ad364e35_8.0.7600.16385_it-it_2ad115cd06965272\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnep00d.inf_31bf3856ad364e35_6.1.7600.16385_none_ae3f8d47fad9c2a7\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnrc005.inf_31bf3856ad364e35_6.1.7600.16385_none_227092d2a7af4a58\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ObjectModel\v4.0_4.0.0.0__b03f5f7f11d50a3a\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\PLA\System\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-mobctr.resources_31bf3856ad364e35_6.1.7600.16385_es-es_69840a3195e14db0\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\settings_corner_top_left.png	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-fax-common_31bf3856ad364e35_6.1.7601.17514_none_6a2ab458674011dc\WelcomeScan.jpg	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-onlineidcpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_de0838fde8c16c11\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_xnacc.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_19e5dd6205b3ab29\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\settings_left_pressed.png	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\pause_rest.png	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_36bc61b12dcec80c\settings.html	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4d6aa30008b38d10\cpu.html	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..ce-common.resources_31bf3856ad364e35_6.1.7600.16385_es-es_035fb2eb1fa7bd31\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\inf\.NET CLR Networking 4.0.0.0\000C\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security.Cryptography.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..core-base.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_68a3391d007cd856\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-halftone-ui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_11659fed3eedfa29\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-mscordbi_dll_b03f5f7f11d50a3a_6.1.7601.17514_none_44829d2719114141\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-van.resources_31bf3856ad364e35_6.1.7600.16385_it-it_595ae8a0d0d6e218\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_ricoh.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c55debbc3f7a9ef0\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\Roses.htm	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..rkprofile.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad1c591dbc1da7cb\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-o..tend-apis.resources_31bf3856ad364e35_6.1.7601.17514_en-us_a1eb9485bb71c8ff\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..erecovery.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7d1ea40c2518ee28\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..ellibrary.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a84baf4dd2397886\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..eercollab.resources_31bf3856ad364e35_6.1.7600.16385_es-es_82946e72e9a0f858\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..re-client.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5201d5325fa2b291\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-duser.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d1256a4a3c8105f9\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\Boot\DVD\EFI\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mdmgl007.inf_31bf3856ad364e35_6.1.7600.16385_none_cfee2604c67345ce\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-themecpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e5ab4e59c02b40f7\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmi-ntevent-provider_31bf3856ad364e35_6.1.7601.17514_none_4e7fa5bfc379eecd\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mystify.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7c8fa5a9054c2f41\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\inf\.NET CLR Networking 4.0.0.0\0007\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\inf\UGatherer\040C\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\triangle.png	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..ty-client.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_14f92bf9e03a1646\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-euphemia_31bf3856ad364e35_6.1.7600.16385_none_14191eff72a98c54\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wdma_usb.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5cd8b8e47c5ea11b\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-directshow-devenum_31bf3856ad364e35_6.1.7600.16385_none_5914022fa13f06ca\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_6.1.7601.17514_de-de_84f7d8bcc36e68f6\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-performance.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a2a861c03173588c\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.web.dynamicdata.design_31bf3856ad364e35_6.1.7601.17514_none_0f747869dd9333c9\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-r..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_it-it_16e1e8ac01f98419\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_6fb51b358e21d75f\correct.avi	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..dac-rds-persist-rll_31bf3856ad364e35_6.1.7600.16385_none_949185e7889c96d3\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-shwebsvc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_be1f5001d1e707e0\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sctasks.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7ed8755f62bb36e3\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..gbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_99d78f6b8e497537\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-0000042c_31bf3856ad364e35_6.1.7600.16385_none_63b7f9b0a40897cc\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-imapiv2-base.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_07c24db6284f4de4\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-m..ttheme-us-component_31bf3856ad364e35_6.1.7601.17514_none_b52573ad8e4c2d89\US-wp4.jpg	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_6.1.7601.17514_none_38a043f2b45f9ad2\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.7601.17514_none_0a379bcfbdcffb74\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..xthandler.resources_31bf3856ad364e35_6.1.7600.16385_en-us_937f19a90a76d802\HOW TO DECRYPT FILES.txt	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VNTEIYXIWDWJPFL\shell\open\command	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VNTEIYXIWDWJPFL\shell\open	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VNTEIYXIWDWJPFL\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\20h0qrWAF1yJNAB.exe"	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VNTEIYXIWDWJPFL\ = "CRYPTED!"	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VNTEIYXIWDWJPFL\DefaultIcon	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VNTEIYXIWDWJPFL	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VNTEIYXIWDWJPFL\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\20h0qrWAF1yJNAB.exe,0"	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VNTEIYXIWDWJPFL\shell	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "VNTEIYXIWDWJPFL"	d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt

Filesize
26B

MD5
b2890cf3bd97aac347746072c7028e97

SHA1
9a4c919126522232477ddf93e487dfc1b51ba5ee

SHA256
460c888926b71d1f00952860ccf79815d24a8d45597206bb31c4f5bdb8bcab63

SHA512
655857fbf4091f7a610edf1bed2733398cb100767f1fbd2ca163c8b145233217c939083389cc651c5706eb86beda310282ca05c3bb44a2b26fe2d6f90f39ad80

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
72d0610dcc0c37c9bf929105a11bd796

SHA1
92ceed0411443b3049a0ea7c3a5f3dfac4b655e3

SHA256
d7e7201a400dcc573da43de81bbffece41f6a111570e11adfee5d8545f9e0f4c

SHA512
e2383f043fe24dd3c18e583da9231cf105734550a230c5eecffbc30f809a23e2982f7ab2d2b1caaae2876fa89065a108c67dad50bd97f2da66484bf0565a3e4a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
61f5e11ca53b06775c9e6c0b8432fb72

SHA1
5c8f1bf6e1ebbc8f8ac515add7f3fc60d79872aa

SHA256
d1b9e740831767d1616b519c8aa4803d15b72ae86a4fa81bcfb4b60d93f9eca4

SHA512
fd7d7e9527380b5d190ef0114786686a2e52ec1eadb5187902b3b98e9ba7cbf2042e9cd4ce98a8872f6493c688ee0b0b54f19cf92fdb732f0a4b287e11a5a227

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
6f5741e52db754c6cdf87820ccb9a5d4

SHA1
610744b2adec319e347be408f6abb4f16a129f39

SHA256
1035e72b927d8015028595bbbbcdd2c02a4016af8b2394eb07b8075a943afa43

SHA512
a788a62862127fb4129b4d778262c47ed9ae8b2398e6407b4981071645dbc54d26cb8e3abf43c5e11a5d44c987c81be81d151935d319ca315019ed7b855a972f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
e6b1e11e834f6013a8d8ab14ef6018b7

SHA1
29f3efe7d70697c4505702b249f414baebc80768

SHA256
8aad7acc30b18e9f1dc4c3d7fac3936338bf0d51df018dd2ef829f0920b20e20

SHA512
14c5a3e93f975691d655c6946cfa9d16aaa5b73045f84673a671294d06b100bebdb1433210ce266008e823d662d743c981c47f887c4611289c569a980432502c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
4420525c46e9de14082ffc8837cbe997

SHA1
2a65fd859f0bf781325681526432f15bab793b5e

SHA256
e61e0451143c4c5e3c9ce88e1ddfcc5c1dc10da9c61f7b162b3912b4732739ef

SHA512
cef6c9805bd2c5d6db033885bb650032acc8dceffdaf49e3a1c56f189920b5aa6aa534891b2ad401e461da27c4532076fd435ac12bf1f53ddbae2c5dd086038c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
e534c8dea06ce2e4961d32f37848c225

SHA1
6e2ad53b6146b2ad10d6e0ed3703b8ff34657978

SHA256
8a20ac3edc5f947a22d7f1ded97feb213b5d89931502435a3e1721c84253267b

SHA512
53fd9c4ef41ebc23fdab36366029fb4fd18cbd5284f73ab3f13def407b201455cf189dbe673ffdf6cdb9bf29942ea7757596810f2fb27dcba395198c94e39bd2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
b8ad0a2db66a48bfa7b17c30df677575

SHA1
9f52ecd1d819cd7a00738ed80fbbe1c651788468

SHA256
2a4f74e2de93c817e94014e95df6cd908e3256d942f43b8b49de968fee9948b7

SHA512
34b1649bbc122266c8cf36d014decee6f74f7d1ebde76b57a0f1c9167e236095a4dea26908bf4bf37d0e0d27aebe72d72e47f20e488a770ee67f6e7a089db124

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
4c0879a2b5bbf838f8777daff056aa4a

SHA1
c6af07dfeee7c69a5d55a28584502f27f5782597

SHA256
5b4bfb2df85e725cd91df739c9a28056c14b3d56947a70202662d8c6c18316c6

SHA512
7beb391947187232d3de91320ec7152ae93e66454ff92398cbc9364d5322c1728140e47e8fc24e42647ab823d7b1fc7925ac7ec64474ba152e4d2379594c7324

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
060960ab8057f7221c04340ac060a00b

SHA1
436b7a5b7bfaa59c7fa6cd9ac7e89858f884200b

SHA256
22eb686f164a4d34d58a547c4ea048202d257530284ab27804ef7fab18fe61cb

SHA512
7b23f994210a10d0c7422e143ec7b14195407096bfd9aff5862f2aae2104cdc38f88bcb1561d09418cf175218f4bb2171f52f8d58828f3bcc9e22c8110e05455

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
5a67fde1664056d4235d4fc1e0de90c7

SHA1
e217bef756d9df9bf04efdf93f314a7082fde99d

SHA256
97a2f3a71b9a76db1ed2dfd67e1fd1e44f127af931b39b01f39f58efbf865bc4

SHA512
214ba9b4fd8c9bd737f74b5d122b907094fca998cfacd3f8705c6fa8a1c8f3b547fdd8c1ce2b69f4c6c35dda724a4e9ce8d1c7fe2f67f7ea2405a3f2867972c6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
00b19ad9baf8a7e2296ed64b790aab26

SHA1
62ac832423ecad1445f61d313e8c651eebb72a7a

SHA256
b119f63eda0a9817663bf7a06d71994353c21b6888fae940ea763d5daf4a283f

SHA512
0b9dd2109cbec82cde42aca922cde88ef5ebc26cb18ea75e43146b8b35820bc63f18aa538a1dc6cb122db3a1444fcc722249eb4d3c1d4ba39c59b454c2ad4cc0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
d072dbdc4123506370d9170da0c92c3a

SHA1
2680d93fcb50e74b1ca2aa1d18ff978550ab4b8e

SHA256
9dfc92dbc51418f7611928622038532827a065cf2bcaabf46319e9bdb4056888

SHA512
53cd2be21cfc305148701692912ed99dfa4c22aece4804c685554972bbd1c3acdf37344d5701e9d4b48bbf509f37b4ab62c2e65a28044f829db79df3b52aed9c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
33aba222d2991962c52acbf5347d1425

SHA1
757eecfc26b5f566917d67a39cadb23b7a353f0d

SHA256
8944d88ffafdc7a440c142bacac0e5f5d6b7e8883f8bc6e461b9ae234d033004

SHA512
6919fcbb6066c574fed8043804ff96c7f9d577a461ddf21c8dc23030deb78149c0b687c6d8758421c8183e635372aabf4fca279224093793d6d9737ab00d416a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
1c1412c785b4ab06c6cbd2daa10945d9

SHA1
b2010e09df6a2a180066980a848592b3065816dd

SHA256
afe628b8750a19c7b0d22b320696bcd7862e7ba5ab4b9bbdbefcea1f7ff566a8

SHA512
ce346417c0a17abce013547c687ed409d065bd1bf33d6f24e755835d180df458da4e23314e46bf315a0991b85f240ba745e1c8d352a85ec0784bc8e83531ebcc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
b809256234e7607ca4da34baa4a681f4

SHA1
cc4ef798acf969d08555186f68ed1aad71d6dec8

SHA256
e6fb79b5dda0685a54b7b43642065f55f5168dc867706d8b9b7a78b6c0035b4f

SHA512
728bcf3863270257fb6e5b1f1e2f5b67fce63ee885e13d609f90b5cac12adf28141d5f4264bcd8874d6b0f1780ec636f1b3beeb57927a49639413a7ee759aa81

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
6b3198319643dbcd5a5a92e9305eeb1b

SHA1
1f506f6e054cb42653ecaa655951209b0ec50cee

SHA256
b37b91b06d71a5c2e8f6542868aeaa66c04e85fa4963bd4a0d9a6e63094aaa25

SHA512
ad112d761fc72a37f36885098f67c338bea9698c8360f6f9aeb3ca23792566129b07e1fbd8003120888ab329424e129887f984904de3a34f75dcdf540645f232

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
b21ec8573fb27aa42cc14c8f6223b5ff

SHA1
c69bc910e58a0986867661b202debdbc1fb7cc3a

SHA256
85ac2d81920675141179b6ce813d38c7d1b544336c3244f201f1bfc097d5b15a

SHA512
3c3ebb4023cd706c4cacf09928f57935d2ed4437498ee0e3fffcf98f1913b1cf270301070fbd5a1d3bb512403e2fe46d59b960f5f879fdfd3d1eeb37a9acfa3b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif.EnCiPhErEd

Filesize
6KB

MD5
f8a6846032af25fb636503e6a383ac60

SHA1
b0a56a9d348bea000d6698d436f09e67d9df1924

SHA256
b283b786e2501012b4ac416c1ccc088ee19b860cac26bd55f8c43d1b8b4bbc30

SHA512
2b547dc360e4f1bae26b16efd6315f9763fa70ed1ea97bf317b64cc809d7f67c9ad322a0fd7d1941a55126b3723ded8b82812e4e41f4da4a4c0c7fe238a57e9a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
cfbf6a10688a2a64461de215f4aad103

SHA1
f00a0dec9a40b12c10771dd360e18c6a0d0de3a4

SHA256
e2896142127a75b3e7ab74ab31a516b5b89edbce9087e8e512773f0a282cdd5c

SHA512
a84c1b75d450a5be8297b08ae5a6d20353d3e9f41c076782256091dfcd32eca86e8e6c0b830d0c1795c4f9c79ff3e07642db00986175c06c4cb8d9f983c613a8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
e64c742909a36269ed00cf80019134fe

SHA1
b21678297a540d30a345176a1d6e3cbe09705663

SHA256
8f177478e172e6449e4779e483372e5ae9b89ef9f5f0f4467409b927f687873d

SHA512
debc33bdfb174e12524a305905a2e0400cc6baacfa3bc72e9b2c1c9a2fd4012fa80ff5792f0a5019b326c1f40bd82b677ffd0ccdb39b54941e05cca15a6ef222

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
3decae9d8f3e91edf4d05bb1b7898231

SHA1
ca0e6c4cfc431d3e0d6e210d069943db812e9911

SHA256
450b02e36b15357c7d3571c289c9955618641e97881ae2cb7c5fcdddf8509392

SHA512
68b080eec7d98e0c0f2916421b4c87402e110d904f8238fc31172da10da94e39bf27219fef5247aad4c035e40048062d1bc65e1d733f0b1ae672c1fc560b2fd3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
76e83ea2a28e5f32ade810deb01c9d94

SHA1
c6f7f25b177f245a2e1defa9954d76aa593247d0

SHA256
0758bc7ce685df20603d16461e34e22ae99777b0767ac119a27c2d9f3f03c99a

SHA512
ab5e62340bfaf0260b4c9b465743a73241eeb2b7b7e24b60a91d438c56c0b4f5ee4b9f7a4a070fdcea1ab7f91e0e6cd3d11f93d9cb8af69affae6fd84193e972

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
4e19e524492d9181086fa82d820c60b9

SHA1
e4befc8d034281666b0dcf83cbe516dbca4c4980

SHA256
f7d3994216f35df576674f04ef9def7d159eabe4dbb77a5afe5c74d36ee9ec1e

SHA512
b06284c86240d188d1c690945836a00092af243cc5986184e2e1333323701e95f12fd5d93bf9cb5cfd5350ce27bd553c515730ef0d60072fb666193ee0ea7435

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
356c3426c6c2ceb530a57b5c274690e6

SHA1
b03271e2d74adfc13116848b06a1b1a7f68b4b7a

SHA256
7dd3c5af0785aa8362d137044f7409e3828a2a009a241a8a22222cde2ea294e0

SHA512
a79df36f36391fdd6762970dff254342eb3e50423da23929609b7fb3aa7547f5740ee45ab0819393ca3feb444acb6abc8a7d4fa03f61a85d443c10f3351c89e5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
5a290d21d80297ebc63e79a450ecffff

SHA1
e4fa9b1b5be1604d076a357c1231407dcd597b89

SHA256
4ed5ed0061040540349776ebdcb34e75f8ef558e3c3b130b4524c3b83c00ec05

SHA512
a00002b5665b16c3cddf0927dc0d9994b76454ba689838cbc71d5d12db122b535fd9692c2129318d3f6edc63187ffa195845d5821df421e221d0be01060c7957

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
3319304f2722a5ddc67686fa76594735

SHA1
8c5bbc04e1129dc780498790e844c20f56649b3b

SHA256
b04c2f1956868cdcfc6918f56156b6c236bbf3229f4913b5073a3d77ae5c4e9f

SHA512
7eab3ab3a4504ee62e17a775e248885980c90facc5fc23d28fcef490e41062bddae5526e486d4cd0efe430fd2be0e2884b103fc0a124ce052388ef43c1654f79

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF.EnCiPhErEd

Filesize
440B

MD5
6ec38bc33fee39f2efa72f93ddad3b4c

SHA1
7174b64af8865468f6e58a4c73bbd2105dafdb36

SHA256
eff56592600bbb819164b504a3ed346dac2a332a17f574cca066f562d8db7141

SHA512
ba48b3b2fad6430d39a7a95d2c286dfbd419967febeb2af0542fa8ff0c4577a187b1dcfa8dd3e03d09b07b10b5d6e0dcd627c1d34ea11927d0d7341e8e8c6123

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
b593ecdfb3070ad7d7e70932259d323f

SHA1
6d1909c8b84927b329b1d6f05345686f18bcc614

SHA256
bd9c8584062ee460a9d5b60f87c913924bcfdb2d61ca667b0468f4c60f4ca22a

SHA512
4183b08798852033172081e98f7f03dd22f8bfbc0fe4dbff66f898554e7efd01ab8d22aae60a5ec0eb4d316d2601d8eab5bad981e584c85c394fad76ac5627eb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
0736a7dbde68b1f161346a4fa365ae56

SHA1
d582dc542e1c3b81a36da21df5ea1680f3b2ed8e

SHA256
f7ce84b66eaf4d027cdf069ea0418bd5a8a7393a23222d66f936ccfe7b1a264a

SHA512
0a24930bc19ba0876425cd9923b8a67cc22b648d50ba83490f1d4640b9001a31b02f95a28b2140a7beca3d8969b93b89eb2539261fb3e0c5f84b9d1851da3dea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
fedd78d4536fb5583b436c0a74dd8154

SHA1
bfe33db87a8bad67cd5911407bb4fe7cdddba9a1

SHA256
5d1261c04a1b84bafd226435a3e083a1820d488fe4288d4e25594ecab00c0a85

SHA512
9baa5f2cc4cbcda0878b36e2cf3fbb33f693256aa5091a33c86e03d9c84e543ddb028ff5013a8292d86308422d0463b4f91a4a200481e2259bb209e26172f73c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
493e4428d2221e4c8db069d19605716f

SHA1
d84b76e042ee0f1dc482dd94a0ce4118080882b6

SHA256
dcce53dbbff6de0883b18acb525a0054155cedf0ae1854dccfbb3c1e96fd886e

SHA512
df6d320dc3e0cee7bbbcc66ff099628295dc32811da676530915dcbd0412d68a24f500cf2687f51f34cea75025f37a4427e5edcd5f4e42d4f3280f542e04abe4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
7d85c762837cdcbc741e256895f92284

SHA1
0a165f12be961da7245b7d09c11f4b960f782f2f

SHA256
777100b3fdad02737d82d15fd3641c0df79549d2e71fa7d87a7e1f0c3b3ac107

SHA512
539f99443575e04449bfd938fd31e1228251ba8eedd26166ab1ca32896861b8c063b385acf7c858f2c36bd447ff9fe3ae954b66eb688114ce86482705fbb1fa2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
b38eb66f27f539097067a517281e7a3a

SHA1
868ea1b4cd3ecaaa04fe38ab063b4ad048b6bcc1

SHA256
66f1281bbad8fb6c60b12b8aa2b4c618618c49e3c69b8eaa0fa92fcd9ce9f2ea

SHA512
7e315abbba2955a7445fc8008ae7352465d65f262494ecc408df6d118c3fce04d3581fcdf864fc183c8e4e5defa765e1c9ea9fd5e94520681c1f8859c5313378

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
d9699d3cf31cd0c9e193bef647922208

SHA1
a75d67c4741b7f8a5782d12ec34b92696d323472

SHA256
97220265324415fcc2d2d29f73e34e99a781964316e50e4d1dbd9bfd5bab6e6c

SHA512
0e6dd97e902da754a3e2425b7cea928075f2a0e56d1b7b1f14d6f8dce89a4d1860bf15b66f1c0caf7d8e1b45e066421ec2ac705eec7254380d9dcb1b195e73a8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
d7e57b5ae1d9d8634dc95472e2efb112

SHA1
eb708e3cd53e9d69aa7fd352a6958c135ce746a6

SHA256
629d0c8fc3e0e99f53a426f3d382b50a0166995253d438edcc8578e7461aed8f

SHA512
f7cdef90893f572d1954200227ab483e9b86e2ad95a8fd736eb4f00df0ee1bf6ba4571aea33835e7eedea56ca9ec621935a55e2bf787782239aa4c499bd13254

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
b208dc907fe0feddc0189bb18fa7c490

SHA1
3e5102a2817c08bba74dace658a289f8f2211c0d

SHA256
b4b0cb85ae4a2912c48590ee00037b3a250260198181b6a4a33f2ec1a23e6e90

SHA512
ad5efcfdcc6f6741ce21ad94b8ef399e7ee6bebf2ed74d9cde1aa505f343cca3fab86b0080e833dff63495842be2352715e7aff3704727404b07a78c6f3aa2f4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
3a5dbf7ce3572f5c15a90be7a02f58ac

SHA1
2c9c375bb7ec542753062a5e0cdf8977cd06c2bf

SHA256
3624ca524cfe5a04a8a1878a667778bd07b017f700f00779f8d67191ed5752ba

SHA512
ce81f44674d98f0ec52035947dfef8a4e11f7b84568cb76c24528bb6fcf5465ddc95f2ff6ac717c438ae802e8c9cf4009c96eb1388690e33914cf49c59105904

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
5d80453b21835e41e00310ed69840974

SHA1
38157a52755db3de04099168a7de585186d3d7b7

SHA256
34522800d0809aba03cf956e87ae88b4d8e45e3ad85a3bbcf57086017bd1ac1c

SHA512
2152235db8867d884a5b6dd865fb743f345444af48527ac74f07e76282dd7711540bbdefc632d76e34a7d752e3f29ee4cb9cea7e445cb443a74f3bc74c6516c8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
aad38bfae6c03f793cc5619593e0de82

SHA1
07de20d36a9cf92b20a6c40a3e60bb838a468cb7

SHA256
a7484ef493b2299bd55d43defca5bd1628ba5f8434d22a956af2edaec47c1dd0

SHA512
0614543da9d936034f333a54360aa09ef60a4345ec17bae9fea8c8c2512f9475ccb16a5a323ff06ed48f405b8fd89d5ee15c031cdc8973df197a478997f3ffc8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
fb96d0b74a037a36de340e6f4e2c45c1

SHA1
847438475e9e12e74da82aed525ecacc2274d662

SHA256
150c535adba1bc04b018517516f74d8032c58a406006b9891c7189de83284273

SHA512
8bb70b8247b691b66296a6dfa4d84a381efd9dbe1652655afe07dc1dcf53c7f7af8e23fa68fa3823bd662dcf99cbab5d00baf554a3b9ee311526dab964b62b73

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
5f6f93cfcf359e3d3b12acb55c6ac5c5

SHA1
af41415b74210b156c2a14f616eec99b94d7386e

SHA256
9d5b5a794c08319be6812d5ce60e8e6c2015713cab9cd9c567027a4ce72f0477

SHA512
64bddf746bcb4d09ff2426dd0062f8acc6881e7193b76543b4a78270fba9af2ec447b3c10ead65ed6755e5cfa5436ad2b9b99d07ed85000a28e70baab4d89ec2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
2c8aedc82d3d74ff931af840e1ebbb49

SHA1
0986744fa89be236e06d9b9915b9f5e8ac666924

SHA256
b923ca17b8bef67b39c2368b6d9adc3c9ec9bae9311a1b4d8575f5c7c4eab645

SHA512
d6327478ee3231cda89007b1f2cfca7f38e88fc6723028685577843e913f993fdc3a4dbe44f6d5eeebba8d36e903282a7a98ea96c55492120701562dabd886ea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
e1bcf8f6c09a36c44ca24720bb00878d

SHA1
c22ab3c3ec44f4ec62c7aad53e3a79976bd6d9d5

SHA256
f93219837106fb181e062e81ccbbad1f7c95e41c58d121033bad600c311f619e

SHA512
f67e4fc5a5444efe27506e81948bca8e8856fce8fada4b80ef2bdf0c421df2b65fbcfa3759c086c32f62cf3202566d13aa2634c0833f328d14d0831f6f5079c6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
2e8097c68e138bd87cd2e7b4d0879704

SHA1
8669f66b1aa4beadbd9ffef10928701fe5d3d622

SHA256
afae67cd7a5004f7bfa0a6b0f58177db1203673e9a0a1cce87feb5b6f4e289a2

SHA512
37dec804633b32efd4a4deb9f420969409ad2d6f910021dee2c76f22778fbcd621271d76d498c97ba98d691c719fc4bdaa899054e9a3415fd266267528cd65a8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
1b41ef7e3dd84e6c1d864a970bd0ffa8

SHA1
359e8484b5c6a819de1b114f53ab9491ade54405

SHA256
a90baa17cb894a7f908e4a50691a0b44a473f5968a825726e836669581ebd4d7

SHA512
18214f0f8cf908044a58eabd294204d55a8802981be10f3063d082416ee9f89bc5f223f79187e0385fea255747392b61b917609008e3d4d5305892a165559f34

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
bb27bd066d95e9405de05dae1117b45a

SHA1
48f78e92f938bb72f19e8b3535a9eb5eb60005ac

SHA256
36bb1323246a87cc285e18596075f45f1da0c1d4f26470cd839995bc650ddbb5

SHA512
3b91cc17c3e6e742f7470cc3fcf1da5f108dc966cad4f66623bd66ba0ddd9ffeed1be735a9f2b727f11223175cd07bc0638daa4f4a68b9356143594c406cd860

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
e95f4fd143ee46fd5a1d257c91d4208c

SHA1
3027e6ec467b8dfeaf9a82ab37d8dd5c72388643

SHA256
0d18cacee12ac49e345f8392e9b718841effed5cba3469a6558803fc8cf6527d

SHA512
9e00d96184f7cd8530127fd03493be052e41515075a3b90302cfa6695f0b419d1f1167eccd60b38ab666af339e6644e619d6b6aa49a6c9fdaeedfa3e26457cbb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
1fe55de5d96f077b1cdabd43eecdcded

SHA1
b027ff79375e2892432c8cb0cef61791e02b9b14

SHA256
7bc91e49cd894053ad4013767957250d3ee2e440f416e632aa3c4994a542317e

SHA512
26904bd5462f0f12a2275c2ca05221b0e4060eed9aca74150735d08fa8113549320006c428eeb93b49518be1f2ab3a47bcdd4fa6ff793f73082253074b6ffc0c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
e4850c05956b9a6cd1e393945593b6d4

SHA1
3dbafafb4ef88edfba273ed36e91fa5e0e8d18c5

SHA256
a587c5e4453c7c587d8371a4d992f31c6d38add01cea7c2929509ce511ac717f

SHA512
c7def6d299c3771cf07bd8f81f6d617fd3086805565bf21425de20b85da998bfac62c1573676e0d463bcbaa9daebbce6c04b7d42a96f8583bba1a22c13db83c4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
661702b8bd2ebbf8bca970410e67418b

SHA1
9b75615cd8061a0ea54f6fdf0e2a645944609c9b

SHA256
143b2de9ffe32d96e94b49366ea84201aba99ed7044e83aa926aac5f85bea1e8

SHA512
318a24627f0d569858d1dd896b64d7af301af5fd04d1a1f05104d7b5fa4816f084c24308196d1b65f1f7fcfeba3875dd181a9bab9fd3f1f3904912c10f21e82c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
a996e5bdfb96f31b37e655618410ea9d

SHA1
ad096b8e47588dcaa906e004aafcda3b498a2e5f

SHA256
53bdcf1c04e65c23ac82a60273508f501a7fa5a7e8f6c1575506b24da2bdd679

SHA512
e3af23aaf17c143c8970aad34f33c778f9b89c0ec6354e16e3fc89a01da85c85c0f74a94a735b82b91da5d7d6d7090d18ff7ea69fc50c4a205d293177a136ddb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
4f5cd5ea162ba4a59103250b3b52c041

SHA1
45659d967e2b38ad1c8378f2c0fa049211d1d35d

SHA256
2873abac56cd4404a0a604133a0855b3c97f0c5195d276d6b8db9fcbbbe2be30

SHA512
820a9eba908ae12ad97c0b139494e6bec4d86978845a5ce7190d894610b8b77610b96fdbb0d691754315fff61e86fcc44d2b11d4393ae9aaf11e53d90efcb77d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
755c39553041d08da2dc3974a5268119

SHA1
28b6145cef9d51d38b50f16ec3334b02e7e5644d

SHA256
faff74be6922f403ff88d8b3c9a536bc14c3cb9be2c477588ef2b24adb25adbc

SHA512
1b1fff2d9a15fef9c20b075472915d9ae86afa9328040e8a23e840a571eb09d8885ffe02a129cc47e64a0222b2ae769e56d8fef3a86788fc7f9db7b57c4b55bd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
6c1dc396d6d4317ca66309f28d8636df

SHA1
81b4cda515a44c95136b0e78d71696f22b7ade44

SHA256
0775c3ae5af84564b293cfb0534779f77b81eaf544335ad07d8a817ea13857d7

SHA512
2889b2bd64bc8fa003afdd5a488a084174c9f4166b70b5ef77ebdbb3a85ea29d034186a991dc97c8cab222bd70fcd045a9f417a5daeb98fe57b13f8156772376

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
31207d5404bb3efa607dc2b51e25eba6

SHA1
30e1493e85c5e5fd660c68c01621033492913d59

SHA256
334e66fda13057a60bad729a91c4f0d39b8f22b6a738edd9849440669b869437

SHA512
a05740d823598fed252a8b6e8ce16ed25511451eb3dd4085758f8a9c8c006906bc62d424933aa4e54415885686d45f690a17a3b7133dca72ea5200a02bed54a2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
8aa9bbfab0aef733f5f6497043770d43

SHA1
e36dfd5766e7fdefa5b34689c61f4931d00dbb8b

SHA256
cccd7160b552227a84707172b750b74a21ecc844abf0291ba67279399978eb7d

SHA512
466bf7a7c9b33cca2b8a30a284d71a44f6b3aa243a118594bb7bf3d3fb47980034e949e14ca5df832329763e5a80eeab10eb2693ee7bf3999b08f399277be60c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
762b99f040f30af0b5af64b7e3550319

SHA1
bd7d2c5ad58ec0d637ddf4a88b2f2ebd9345b007

SHA256
5858504cda8cfcd1292baf9a28009851511634d98b76de88110feea111ebac63

SHA512
54a6be46c474ad5ea13668563071ac7ec50ef4f98a30e5a4a05d459b400596a29191d3deb84cf7ba084f0c3ea3180554a35f1dc61901d4fc83d4130f7d85333d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
0dcf90c4f44a1edf223a63188d17174e

SHA1
50c2dd77409f57c546d01543e8bcb8a9110bac22

SHA256
36143d73fa79268c82f36aa53a3134563df3ff8140342ac5aa33bf133b9031d3

SHA512
c7080f4a8dadcee0c7507113ff1babf5ea657a1adf71951a4dbd79459d2ab473096f40284f9bb6fb0cf52d53a9fdde0b13e5463c16696d266b6d535b7de9b657

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
abf131c64a2d252f05d00b5aa36a9dcf

SHA1
e75ed214987bfb40242ee790c883c7bd878dc107

SHA256
f3062f4ef55bf421da943473aacc8ad237556e8af8a5c10646ad65215df0dcdc

SHA512
d9e307e3b5f111f8c3ddac85d0315470b62e5f847cfdaa026cd28af326280aa35c2013340963d97cdc0ebf1b7d3692768b85cdc66d869e371ae7c38c25268fab

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
efb5de3e67c0a24b752bc24469a17adb

SHA1
128449ac112adac276a47f0b0917ec287f379249

SHA256
3948cc8e7884f8cd718a1e730844b32db54957a68c0604a288ced183e948d6eb

SHA512
d8a3ced7a6c2eea1e315f7c722deeb67f563325f70a11e2bb2b2ca2550d02762dc35725849ac9a5a25dc56e7842b549598f5578f9bdff216fd04db8d1da2d4fa

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
799721e1061da7b932d031d82cb80d31

SHA1
7c7bfdda1cf9687e52049dfb52ea6c26ec39a689

SHA256
dbcb13bf40706616abfaa29d29cce3f294baa4794f8e87a56186ac26d2d02361

SHA512
ba55dde307222060bac2e583a2d1c3d8406c03b57e7441af61529077015c77140d6c107f8b66477c3f48870804e7bdaedc5eca3c5bcd1ed4feeec4478ac302a7

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
0af1385253ac47b344d3feb23cad5b7b

SHA1
b3873fe834a875d5c6910cf6b844b65053817bd4

SHA256
5083a98384d060d8cfcc79499147438b49e1f87d98892fa7aa1113827b9f9eec

SHA512
51f4d97dd582af13e3751168d8e7bd436952ebe956d8eeb91877aabbf8c4f60fbe4f4f99cc201169cfbb42854ed6de9f56dc999490cc811678ab24336e533d64

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
ea6b0db636d56305a401abe465473fca

SHA1
71253c0a8ba5124a74bcf0a4f7a4efb4ed3dce35

SHA256
2b33944d83aa07795b77310caaff89bea24b8aa0d5c3ea19a9e7d171436712e4

SHA512
bfb510c130c2e9e4d6c95b7d707201d4be7cba460dc25f15489152e7ded5908c4ea5a61da150772ebb28e5964e2de27f5ad3bf9e0689e2dad60a706e6560cb50

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
bcc4e36a1f2602146cb5dce49cfde71c

SHA1
23ec537974903f889996f253f480f4f2a80fb7e5

SHA256
4d4f39995c8978f4139b19878660247b6bfb9b92495aed5b5409e5b974dea9c3

SHA512
30e652783415fc5be10d7e399fccef6603b56aaa39680657518992a0386406132a0111518ce49b3d8bd8ed13625b50472734a24d19d3ce677c94e78b04fc51a3

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
5cc56c81d67fe543aff8a438d53d118f

SHA1
408eed2fb494d876f091855e920559ad6a8ff6a5

SHA256
a1c21a4b4a46d6f532b408c3ae87678386675321a8c9031cdaebcd4b3860f88f

SHA512
e6776c251fa852bdc14389e7a7acda24b28d5490722fc030b2bf819eddb1f44ccdc9e8cae080d7320781488b25dd4a1db4fe8da46f070bd398d6960db1d75300

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
64a17e4677a11daf682876bab435f60c

SHA1
eb4319b6ff9dc50a02f1f18eadbc42cbfcbfb030

SHA256
626458ccab34b338a130152e1bfb49a4dcb775c44eb2993228ae7b5cc25d7879

SHA512
bf0dad5c9754b2299d831741e8458a04189f7437cd97e007df311246c065b93f7594058a9d2844a9ead4b9f0b5f036a39aae8c02f6aeecde8ba913735f4de668

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
2456e8cc81424ad20c7583abd7ebcf3d

SHA1
66984f2c3b3d6b83b3321964562a5503039af80c

SHA256
aba18b205c1ee14d9fc1516b1f7c37899b0b22636f472b76c8b133a5d883e5cc

SHA512
5b87f2166a188437f9609bf5cc02a5e7935f97b0488726f944401b7c3565b7765551f66a207e233a182ebf64418bf765229a16314e0b72481cd93e29f79f6161

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
728a877bc0e0dab33ad7a53dd390f3ae

SHA1
a52634b80fb864a8c2b9976339b48b14cc6e496f

SHA256
96b486df3e3a20f03413bf19127ee30f9318c667fc0e37744e6dfaff9eed8fc0

SHA512
c928d114bd3b552197413a211a29c9c5b4fe559e395e19921dacb73802a812c4776c98751bbe015635a92882841053397abdf45106abaa32a4467c10e2ab0dd8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
06628a9043b71f0c8223e79441199dbc

SHA1
c3c325a2dcdc1f347f1cbc851f225ae0565eafc7

SHA256
3d6d3c6701e638291aadc809ae0818395a679d9b1ecf69ed8139cea170973504

SHA512
bdb39bb9ec7e6993af00757bc0297e8a24376fd610f207c4765e4fd7a7a6cc6dfca73067587c9260d9915783d68f5e2145a5fda265bca30012bf8c0a3fd1b29a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
80c8a00e9a20e65d667f438ff3e2265b

SHA1
c2673cc25a79a31748b11d0c23cfc5102ee5bd80

SHA256
47e38060940b64686464091d68a69e89273f0c02b8a3aba9b6c16286704ad8b6

SHA512
602ab1e665209e05cca352403745b1e77b6eb1351daebb98db62a9b56c81f9a387c1886c7d99335d2f733b64663171678cef80909701fd9c5cbe77cfddadf451

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
10a6a5e7200f30919d71a050b67562bb

SHA1
09126bf0836f86afdaefcf66483587a59e8197a8

SHA256
6bedbcb06f00ba762cf6bad561230f861ede6c5cb3a9a06d926911f581c35a1f

SHA512
af54227d119395fcd3c766e266f37b292c7a985500e11fc90a60ea5746762d99bbb749aedb0aebe4eac01a4c1575b0e3b0ebdc394c0caec9ef0bc9ea334b0fb6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
f27d7642e7baa968d3eeb206cdd0db76

SHA1
e68d462b2d4ed1c4f2481ad02a8470c9e449c56c

SHA256
8b757b53eaccbf645d159b056fccfd440f2380f7795436e0129d546bc3c4ff2b

SHA512
9d26a1c19ebe50bda2a2f51b78f6670570a6186f2d58d0f7ddafa1bed851c82647c6d34e2866e25b4d08691ce12abdcfe8dc0f60bdedfa8f370a524d8fa25291

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
03092a426842ee9e3d196d1b74596966

SHA1
e879f6639a1bce1e2290e28900d7d8af8bd9305b

SHA256
8bf67ca7df0a534f3d0b789987c15982d8d145f9ac84490e06498cd67f95e67b

SHA512
8a898052838b78beceee239cd368e00bc9cdfb3efe7e316618ee3990b3a84f319af69c0ef8b3d147a446b964aa7565681a8124a8398243c44918fb7493837e80

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
e0898a5539776a45c76b0b57e2e0a0b9

SHA1
f14f44ed15f43cc34593aa1dfe7295a7ce827cec

SHA256
f9c3b343e309b313297b17040d06f6ebc13d41b756d26f3f3eca8510994a95d9

SHA512
8c08a58e6f96e1be515a414002a16f48b51cddd62b8d37568812c9bb2d37b5032c0c6b25b19cfa67f5c5b6438aa5dbd601ff9ee4e4997575446be27b8e43a436

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
d608c80ceafcd95ee0ad5bdc9e642ee5

SHA1
ef5f9fc42fcff6926116860f2f1ba5b93d0cc49c

SHA256
fe445fc9fab544110468fb0e7e559cf7f2433ef272b55a1c6fed13a46040e1bd

SHA512
4c363f83be59249c096a79fe95ed18bf5763619f0e915a80194684b7a8a1f57bf10d4d1708f39707e66cc63204d94c279bb24b703a7a06a6e0ac8ad6bbe45cf0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
c12d2e4f40b88096c4758be33ac64e1c

SHA1
a26d37b2483286cce7dbb9de53ee62fd26c9b60b

SHA256
980d2d49f1ac8fdab75280d7544a2e1abd35dbdfeb0f36f2b81fc47a846a4951

SHA512
a46e2052e7db86bad8c5851018c501ef28a673385d02d3a561fa5b6e2da7cb122501d07e3c94e1ea95021f2734b24ab630bfac77854457008d6812198fe058e6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
6518e1d11419ae837dc954f10c0edd95

SHA1
e127d480a466a27d8a049663c126205c2de21be2

SHA256
dfd90058d7b750d7e009785bbbf4f8e89339b3140ebac1c87557609f45e11dc3

SHA512
490c629c5533a9aac192ade552787e2df9c4bd354d7cdbf6df999d1b667aeb7f0a35393ef344ac501146e293a51cd366d291d81418ef3b7bdec4c7df106a05ff

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
201267ab2fc0eb112e47835b0c00c2b1

SHA1
b1594fba5859fcd5ce9c2db95053531258f6dff3

SHA256
9b706fa69bd03fbffe76005d514d7fe8f6135bb4b9f1fabc382b54a49b947acb

SHA512
d7059606acec0c1aaad4e3dae5496fd3ffb79469cc71c2f0d9a409098dcfb6aed04926a0f74df9f6aa422858ccc3b097f1ef5e75c854b4f3cf5eef49e3b7714a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
ef382c75f8375be0b022c39c7a3e6833

SHA1
96782f71324a65c05d0104b15a0253437f1a514b

SHA256
47b1dbdcb542dda5d441a7bda72bbba53f2a8c92916d6aa1373ddfc01be6928e

SHA512
f0302c46f736fd294737faabfd9f0cfc5a94cb36370824a73c63b08146892dcaabd9bb6b6231f7fd8f9ae6edadebae507fd34148bab94998c4e9971532789e07

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
2ae2ca819d90bfe1d4fdfb4dca7c8278

SHA1
80c7d721c784605e2b0f25f6bfa0c8e3b1873fa7

SHA256
e2dfbe2587e7cf3db39a5605e8995413e1a9bf32cd86d367bbaaed9b4cd2487d

SHA512
6aee7695875a4e4880965b3ce5e5ddf17ac81070be58b91364344a4bbdc56ee4ee5fb13af56b0c95444be58138c7f5aa8f4cdb97f2d277b2ac13ae0071a0323c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
f6620f62722b20fca3cb6a922f5fbab5

SHA1
3c0aa2a32268d80880f68a89efc88eacbe65dfcc

SHA256
656c5a7cf9c06f80135e04422dde55b731be6a7914dfa0a1e63e9d07da2cabb3

SHA512
ad1d4fedee12ed92361c3a4cdb891cdc51c0026018bd9bd6eddd083f318307522846c6bac9e73769c390b9c50bb8513fee59fc2421e9ca4420c2f53172f0fee0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
25eb9e798f42da709c61b7c05c221059

SHA1
8188fd960cbe5bdc25814d2dd8bafc1eb453f3b3

SHA256
474b695a3b249f47d27e9476adcfb2441bbc1fb8e589c4752fa3f2c2a0151792

SHA512
9318bebd0ee55fee5992a42445596c3e04d19a7a97d4aff92eecbdcc8a51a40d57bd7b6deae7778dfbe6db6c08b709d32b4b9f3a14d492c905229fa92461d4cf

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
4f9d63e49b5f4a1f0ef366d942df50cb

SHA1
b17887011dec1aefdb08fafb57831523e5e79384

SHA256
ee18edb2bbc106838e4a3b1e26240a7cc0ac14e0ea6b901c4fe7da4a1ad444d0

SHA512
2e16e3bfc67eb99b1435c5503de10561c87ac15f51d8b9b3eeff7368c8b2431c3c0086da49d00500dfa638bca843a06cf9e22960be1e8e2e16d7da70714f1e93

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
09ed5362331faa56504a91f31257810e

SHA1
ceb5d57752995307ba490fc6d29ae539c93ed603

SHA256
74303390f4f247f14f7ae4f45ecf0d80ab30be3bbbac07ee01b515f22f01fce3

SHA512
3a8e0b22ae9ef43578e87b873f306fa83d7f5c6a92222e6b41fc9e75ddf195b952b6e26ee65e5b097344fda2dfbbe6a51d8d36aa1bcb582cda38b307a9352b89

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
ff6e5a956f62387c3d0880cb5ab779e0

SHA1
1489841af8f734caffd092387c14cc75b7b36558

SHA256
81edad4e48febca40de66e451bb3506a524c09e2b6fedbb03704a2ded1b7188b

SHA512
c53fdc85ec540cf9f4e3e20ea1c5c19a2a5801f33fffd5e66e9910d4d250f28680bcd77dac684d822b4fe5a03bf000797745aeab23aab9313a77b70ee0eafd38

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
b101dbc14d0476d9191ae64dfaad86e3

SHA1
8002768ad413083aceab39070c49c20f4fb7079f

SHA256
4bfe7a54c943837970bcb499d1d3f798253cb528b89b43483a0058157cf37215

SHA512
35f40e63457388bd144961c83bfc59b40c66530136c05260a4c822d05fe79cb06dd8932ef582dabdff93f998810bd06e99f1a9b58746a8c117a068238f4fa259

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads