xorist | c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-10-2024 17:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
Size

7KB
MD5

0fe9aea31913d392769cc6bf40d2af61
SHA1

6caf7328e9abb5ce35dc7a4b3eb39726165f9877
SHA256

c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5
SHA512

c6c617c069696ffb1e0d8c1381de90deac18ad6551e8ad864a32747d5e065e6054d2bcdf96769bb33c1728402b760abfb70a414ff4ee52aa4aea8182556aa65d
SSDEEP

96:V4Zhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihEx5ZWznr1x+V4peJSpNMB:Ozdrr1FG1WDCgmjPZ+zn5criNMUA

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 5 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2168-35-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2168-8993-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2168-8994-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2168-9167-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2168-9168-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2199) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tLYREYsMCZjJ007.exe"	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-ADFS-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdsi.inf_amd64_neutral_e77f438012239042\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_neutral_7f08406e40c6ede2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_providers.help.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnok302.inf_amd64_ja-jp_708c81a8b0ad8846\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sbp2.inf_amd64_neutral_332943647e950ada\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmbushid.inf_amd64_neutral_6708ad28050a6765\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_CommonParameters.help.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnkm004.inf_amd64_neutral_d2aee42dc9c393ea\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnle003.inf_amd64_neutral_c61883abf66ddb39\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc00c.inf_amd64_neutral_53a58f4fd7d88575\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnsa002.inf_amd64_neutral_d9df1d04d8cbe336\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_profiles.help.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl001.inf_amd64_neutral_9209e816461a1a73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_neutral_86bb50f34c49ae71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Quoting_Rules.help.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_If.help.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnod002.inf_amd64_neutral_a10c656b6c7c053c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbcir.inf_amd64_neutral_379fb0c62496be6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Windows_PowerShell_2.0.help.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_jobs.help.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00w.inf_amd64_neutral_d4c93bb2fbf75723\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc002.inf_amd64_neutral_fdb6f2e252435905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdyna.inf_amd64_neutral_7e4d690d07ee94c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph3xibc9.inf_amd64_neutral_ff3a566e4b6ba035\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_pssessions.help.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Comment_Based_Help.help.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmoto1.inf_amd64_neutral_bf4b404852955eb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tape.inf_amd64_neutral_c6a6811d3d827dba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-audio-mmecore-other\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_data_sections.help.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_do.help.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbc664.inf_amd64_neutral_673d3dfb961e9b17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph3xibc11.inf_amd64_neutral_bb18e5f134c40c68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_eventlogs.help.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_parameters.help.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_output.help.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_script_internationalization.help.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\xml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnne30a.inf_amd64_ja-jp_b2245ba886355a9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Signing.help.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbug3.inf_amd64_neutral_7617862a9cc286da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph3xibc5.inf_amd64_neutral_2270382453de2dbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00b.inf_amd64_neutral_89b555703683b583\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_neutral_c48d421ad2c1e3e3\amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmlasno.inf_amd64_neutral_c86d5b5e5fa8b48a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2168-35-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2168-8993-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2168-8994-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2168-9167-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2168-9168-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

description	ioc	process
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_Off.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_hail.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENFR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_settings.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\THMBNAIL.PNG	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AssemblyInfoInternal.zip	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\row_over.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DAO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Places\LASER.WAV	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\settings.html	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02738U.BMP	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR29F.GIF	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\TAB_ON.GIF	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\13.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0177806.JPG	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0387578.JPG	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15135_.GIF	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)redStateIcon.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_foggy.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\CLNTWRAP.HTM	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_hov.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\7.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14982_.GIF	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\TAB_ON.GIF	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\vlc-48.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SONORA\PREVIEW.GIF	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21413_.GIF	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR26F.GIF	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsFormTemplate.html	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_rainy.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\LAUNCH.GIF	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..ls-ksetup.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a15d6287e7e40f4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-taskbarcpl_31bf3856ad364e35_6.1.7601.17514_none_530206f2406950d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_Language_Keywords.help.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_0dfaaaec65b0831b\bNext-down.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..lientcore.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6a99518f74886ef3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..atson-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_78da2230f6594d1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_704c52cf25e6d3c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_net44amd.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_03f11f9f118f8e2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_31ba297055661ca3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-eventlogmessages_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_a3ebab27af457126\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_amdsata.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f331045b76819f78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..eprotocol.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a12e2ccede577752\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-networkbridgenetsh_31bf3856ad364e35_6.1.7600.16385_none_c0185651c689213a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cpfilters.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0f9637c2bbfc5522\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-directshow-dv_31bf3856ad364e35_6.1.7601.17514_none_5afccbb236c20f24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnsv004.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c50a0a98050a577d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_functions_advanced_methods.help.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\UIAutomationClient.resources\3.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_ph6xib64c0.inf_31bf3856ad364e35_6.1.7600.16385_none_f3eb68fc33ce478c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..cy-script.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_68726bf1a6abc429\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ae782db97dad8098\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wab-core.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3cd92eb2c30ac395\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..lter-mime.resources_31bf3856ad364e35_7.0.7600.16385_ja-jp_bb0d79a2cc76d9bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\EventViewer.Resources\6.1.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..rofilerui.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_ef4b494552357608\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_it-it_12c37b9f680a53e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c4ef56a87f55e896\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Windows Print complete.wav	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-o..s-service.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0b87e3eafadb992f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bb1089905e09bb65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_operators.help.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnca003.inf_31bf3856ad364e35_6.1.7600.16385_none_c4148f7740e2dfef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\Web\Wallpaper\Windows\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_hal.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_262a614c9173f860\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-console.resources_31bf3856ad364e35_6.1.7600.16385_de-de_31259e1e6d22b96a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-u..rsalcrt-apifwd-win7_31bf3856ad364e35_6.1.7601.18972_none_4d8675c06cc24030\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\eca4310274a7a6ce651b33cd4278610c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-appwiz.resources_31bf3856ad364e35_6.1.7600.16385_it-it_192c7093f28350b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-csrss.resources_31bf3856ad364e35_6.1.7600.16385_es-es_365159a1fb489751\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-festival_31bf3856ad364e35_6.1.7600.16385_none_121f20b55f0bde68\Windows Battery Critical.wav	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..rkprofile.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4f9f2c00af16afd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-shell32-license_31bf3856ad364e35_6.1.7600.16385_none_70de2556f6dfadae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Emit.ILGeneration\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_faxca003.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a69691e004dd5081\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..eparation.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_46f7e138c0b8a66f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-festival_31bf3856ad364e35_6.1.7600.16385_none_121f20b55f0bde68\Windows Error.wav	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.security...ionwizard.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_aa9a6fcbc11e0130\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-certutil.resources_31bf3856ad364e35_6.1.7600.16385_de-de_27084d0690a76495\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-packager_31bf3856ad364e35_6.1.7600.16385_none_4a05002aea6f24bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\e97b40597db13e8a8151b30b9c59007e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_59a1026530d3d729\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..n-shvhost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1442e6258c8edd53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.AppContext\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_d18028273214fa77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-smss.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3b4fb88dd1aa8639\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mdmntt1.inf_31bf3856ad364e35_6.1.7600.16385_none_c672ffa117dbb255\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..demanager.resources_31bf3856ad364e35_6.1.7600.16385_en-us_654d1ee18bca2e08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.backgroun..r.management.module_31bf3856ad364e35_6.1.7601.17514_none_37732539b17f6579\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-keyiso.resources_31bf3856ad364e35_6.1.7600.16385_it-it_970c208e9f8f3615\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.157953\ = "BUJYFGNMEYMSLBG"	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\ = "CRYPTED!"	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tLYREYsMCZjJ007.exe,0"	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\shell\open\command	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\shell\open	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.157953	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\DefaultIcon	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\shell	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tLYREYsMCZjJ007.exe"	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
334B

MD5
f7b1a7c2747732fdbe4f31406c7ff809

SHA1
c3d9ba99199fd3b6e357699ca59f3f359729a075

SHA256
2958ba7b084b4097bccfb53bc6141c9e73c3ac67b9eea400ecd63528d69e5ec1

SHA512
105b8c363eed685fae1ac9e53320c143044116b8d8ab23844a2c6ef08ca3c81add491ef3d9f09a64e0b5712007073c66141e7b23f5d59686cf554c41892fa67a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
8ef4e1ea424b8ef5d205cc7703604594

SHA1
5e50c13907748d1c70ef5bb8d5b04400b5ad79ba

SHA256
49c182ea467e40c9cf464596b0f9ee19007cdf20df9f9628e0fff248bcf5de21

SHA512
ccf045e935143496effb885bc6704cf977bf3de46e7430cc2534905ece864d14de3b57f517643c79671e4ca7a216407bc457ad83af1fd98e9d164165d3052467

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
1f2d503d60b252405b0accf41353e859

SHA1
b855052eacbc58ba77e97fbe75de39af89275c77

SHA256
e287467c5da5bd23f1cd16e00bf95dea0c1ad7fbcad15f16c39ca6adf824c36b

SHA512
84682ee23cf85860af3fadd7dbc82af8dae3fc59735b1cec7312007ae69b76baa1f29ebfa4d883d9af54a8efababb009a40822a1a11e464927ee9fd4373b134a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
37cf85751a33a3bf29e49e7d0e6d2176

SHA1
4a75a763c052cc3bf124e5e88e0b3f9eda4aa8b6

SHA256
a63cadcfebe12d037de5280cd18cc5d025cda0d4df1422c7d8e1ec0746ac431b

SHA512
9c689e93b01d9801e9f2d9fb3a536feed02cfbc8984759056b37ad38ce5c5fffb4ebb51a660c3fc66c856175083842aa5e30f6d9e8956affe5379e9622e31927

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
7f89ca38700a52d763547d4403141c9d

SHA1
a7ee9804519a9c3d611bd3e75e2290222bb4ed94

SHA256
d21416f6099bf345379fe5094f496cb3e6ba94dce14b81bb8b40acd4fddafecd

SHA512
7717f996baa65cb6ba79ecaafab9fec204617c587fa31d54f2faee7db426fc01f023b98e703938c7bc5720b31e0febfcb97742e5f5c32d4c90949ef12a87f741

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
a44835e0e447f6f96a8decf5e45f7687

SHA1
61917c870ecae2d7d30d02b63e923966764eb85b

SHA256
73c525ac68db2deb8487ee39661613d70f7fedaabd92fd4f49b8d9e7bab99b75

SHA512
c2da001b3c3b8a62d94dbca7828350da475fc120b96a1d560ecc2e3471402385a733d056d428a7222263a4f5ce05e3d8350a86eb08227f5080b28671eb003f5e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
743cda0d014e8e9eece3156d3735df76

SHA1
fbf0db9935badd17dfdc1cfd6e52d7b524c0548d

SHA256
7dda2a95a368b9041a36bf3b26e104de79210a1a4c3497199201f8b2ec2a3737

SHA512
00fe083bf69758460b13b10912cb96eb057be29e61421c03f0e0963593bdee6e27cadc1d4fa842e20bd842cb98014b2e3f05fa408cc07d18c3a4c3f9ebe52cc6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
8c682fb2db00475978b9f4da99defd5e

SHA1
3c9d1f9ca8ca27f73e53463b52c3ce262aa313e1

SHA256
6e92aba55d0a31a40326c7f1cda1886a734cdbf312766f05e99f195e23d74acb

SHA512
dc9fb60d5ef2b784664bd7f38ad46a8d4dbfc8f29121a55c03896c5c36f064317d6c633b827272ea2cf69469e814e52dfb27277db247bd22b1c1dccf035de9ba

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
8cc2500c45932b482c098bd2b20d3a77

SHA1
ca4c4667fc659898270a931383a537c2ce31c341

SHA256
680d349be132005b03062d719e7aae4f190df7ba7293a96ff8bd4eeecc1eb7a0

SHA512
33b14fffd92abb1831be2a91a652a52e3ead2d21d21586fec0ad4a3c4a85afc1b0570155e24190bfd33bb2dbf9a99fe6ffbb1c96b89bc9f10f6ec4d7e6c2a607

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
19830412fb1bc0f2565fae8743561b59

SHA1
032d190fde8da695d5d038866a02b438dd522b51

SHA256
9668f242aec28adee51f956641fb96117ef05d0df346474e6c76b503f430c455

SHA512
de66d825ba2acc1d7f199a1801af77a8dc7497b7f54d70efa24702a2fac59d17bc554ea2be55255f05a287545d89f89cd63a86e274e2751162e068de1bb552cb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
f64209d9bfbabe7bff1860dd8b3ee691

SHA1
20eaec37f9e7fb0f4c69ca7f04e076722dc8b85c

SHA256
35bca1fad3b738738c137acb63bb97d3f296ff54cbd9572e02f39b5996ca68ca

SHA512
3df4a4765ea5de29e59f07ba3a08cceb11af6719da297bf9913b77e61ff67ae32ea9abcf56da79e26f4a42cb48f8e6ddde80316012ee7c703d40c1208ce3f6d3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
ba34e5eb11ac462751f2cf9101f4b2a6

SHA1
4360580d0c0f7659b28c53d8d93eadf86afa6020

SHA256
f28a2ac590ad53dc77f4b45712eabb4d5c48ef1eac798863af1b3d3be859865c

SHA512
44f272775dcffe8cafd460cac2551396089cc7bc23a8e5a522f6b1d1b4bbc5f3b68cbf0c4d2acbeb71bc932cf3b94853097eddd17d0d2d8b274ea82fc487440f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
d65f930486aa11f7b29c4d592a693e47

SHA1
1db3f7d4139c13e3e30e3da856bd05bb78f44284

SHA256
77a92928a26819aea33da210dcf1c1d65d4bbbd35953b2f9cc48522940c4baeb

SHA512
09be7f31c9d2f9d7620a5e6307681c51fc97d8c70766e3f04de365707eb68bf16aff6dcf1236d53d97e04d95072529720629ce0afe91011514057b936f4df00d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
6c73169438f6b0d58d23fde2a58d1c0c

SHA1
cf6026ee9cbb7603066ffaec55f1d89bdb752e9e

SHA256
d9a18458c9855359780274f7f9beba24734521db766075da4bc3a0631d612a9f

SHA512
8d262211b7d1ccef4b8aac1b2aaf637101015913afbf2b37546fb6944505bde8200a7e0b733e227525f3cbab7d6f04967d67c239e355892ee8eede824cf60da1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
2e85e3db77a44721919c0bc1853a7921

SHA1
5efc8f5d174a2b62545ec816c316f9068ab167c8

SHA256
713b022f2638910da7ed85959aa2fc6090f858c30d160fdd2e564c6e1f8f86d5

SHA512
9c1aac3a51745e6ed20ff41348f2452bed690eb75555ec5b1b43ef4346fe72f03175a1036f104d98b16eea0436c916bd0f5d2e5292861253f72c46f095a34c10

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
0866db313909556d6c9aa511ed7d5ea4

SHA1
6a89c63099ee1d42bf5fc5030f3c02f302e456db

SHA256
b2b11e80269aea4cf9a806eae2e2446a6e68ca3109ac2324f6f49ba7949ce2b1

SHA512
58ffcbce87a46f254a8249edcb7585a937b98baa65c97763a9c9411470a73c728ff7997c32aaf3eb84d1d9f6cf69339b4f7763e1a105f583528f9ec9b8457e0f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
2c318be8ab20f252ec57eae4f92281af

SHA1
6378527fd5dc8890e7c596cfaba4c8cd29664981

SHA256
509c6094bfb85891f9436c588101fdaf0a066ca3b5092c1289b792bb30cd1111

SHA512
6f69ef355247fc194d04cd5b12c5d2c8bfe940a81054817d6937bfafaf4d126536f7c35e8a44d22f69e48322032ecf40baeacb66b1a1c8bce06be626f2d3ca63

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
d465086b7d8c4b519f71983def0505da

SHA1
91790fe38bb3550913a1eea17c1a13f4abbd6eef

SHA256
69919de74ae7dfce561cae2492797b4e5be69b9434c6925a5c3e90db0ee9dbe1

SHA512
843269d61a67b1203dbe74eec357dbab642fb6a1ae1dc5d1b746fc9839bb2f28d9e0c931302ca8cf4dc1c7d83fa096faecc486cef1e4baf2d264b70ce0ac0c1c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
0a319d76d88a8c0b12797d1f2bbcd9ac

SHA1
7ec988e9e9352dd24f96acc178670f007c1c0f89

SHA256
4bae5bc6b8f8269764446c5881ea217708e1d15e79432ab7e8522dac57ececa7

SHA512
5d97f6a4d61e180e83aec21b1a1fa9e27700eb04205859503d20019b570129e577ab490752d3a7bee668ba35708b0112cadfcede6ad86ec55a3dc6b3c1b26759

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
d2860518bd389013583f7b727e6a805c

SHA1
cd8afa36773c9402a087a7ca3e54f0442b7f7a3f

SHA256
38215898f4cfd9bc5cd3d12cd5bc79c11a80db4d918b768106dc14665f667326

SHA512
7048445a0ae94e31484da343beb4213788bdb4db833e8496816285b760a53b28622420eec6e952a6eb1180fff1dd7e9b8442d45991b12f74524f8d238322fe8e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
40afb3e79d3eb46357225d28c238802b

SHA1
20d97ca3b190e68076a89fb50f5b7f1f8fdf58dc

SHA256
112e6a459f32204087e54cac032ff44a5460235c66139f279dbfee6d064efacb

SHA512
f2a1ddd30e07e06b05588a9314424852d41c70a5a3e8f6c60720ffd37b3946505c4c51a0f034af91fa21231d6f4828a1d1e0a8a450bf26085726fcc191ce2e50

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
fbaa1bc62b555c67f27e7ac73221bed8

SHA1
52dce23bcfe736eb4ca55aee5457b1b87d5a9307

SHA256
66a3e979974966962dac78b7ecebe347573325e29fd86570adf4fdb4e2b7ce0a

SHA512
62503e477d4978c555311fd7bd86d034eccb213ad8795d33e4812ce4ae02a5d74966cd0dd527b9577e24c54a06043190ba2f12216ca38a8b1f2653190216fb4b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
bdcdcb9da525618e39742a12fc188767

SHA1
c4edb75a9795f405db330c53fd30a95f52ab136c

SHA256
cacd9f407eac538822ce5188404006545687348177b45869cf85af60c3a4fd27

SHA512
1ebc2beba2958ca481e2cf729dfd6e9a9433d5c40788bf0dd82b95eafd9784ce877727550787d750bd919118d1626cef66cbc14dbdd3f5c594cc2c3435621926

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
11de64e70a31a778ebc7babe03a10029

SHA1
c49954c66fc3f855575762aa2364bfc8bb526ac7

SHA256
97555d60615042c076df02a744d6a5a8efb3613c2685eec0a2f938c1aa567a46

SHA512
35fe9687ecdb17d3e4a03d2d94e67c977831b49a53faf793cb2434e39434ca8e8ce87073cade8b999d58d4d44443b046222091fac9d54d10f248064c4d1235da

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
cf271ce6dce4d8a224cd48139fee75ef

SHA1
7cb6355042a8fb282b7c2f70e78d6f7299c691e0

SHA256
8e3d00700651a179635388feaee77fa4f8f83f0adcdebef6ae5c70fd8a383e7f

SHA512
510f2120e8c57be462f1d15c7b8822974093b4fada24397b5263872ee5523c42a6c99f31a194040cc5e9556d412485b3283916898d2fd6b8de5166810b16aaa2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
e553cdce92f25dba2c4889ef6dd3e41b

SHA1
65ec7e4ece47b800b03d8ca3af4bd767aae5b55e

SHA256
6cf411582ab2bb75667f226a20989b2fc71d799c11492443257d91c39440649f

SHA512
e616b5822a4269ad1b383b36a4db374a741880da688b1718f68bd2ec17cd0758d2f7d610d5dd7fc7a2f574567f8da6ff03b1e23b432c6a6301395952c3194eda

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
0258e9a745177636928cf7fe9c227b82

SHA1
9ac2b7a35dd867a0863721555a7e882fc0010833

SHA256
d9d9b79a40b4c4be13f398664f0cf4f2a4229a7c224f7268cce20d35eddefecb

SHA512
880ea246fcf0c3b67b7850e61e9c55cadf4f67893831c7e3694e771868c2f5a4b0acb916fa2377817858e3edb390c114ceea24138d42443a8dba91dbc07a7b1e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
3f19e3ef052996c2a39860baaef2dcba

SHA1
a01c482fbf2a1256cde4a5880973658a9e1499d6

SHA256
5f6459b838ef64d83f2e0d9901e984087d2c9166cb07bee036125d9acda2e8a6

SHA512
f8293c88bf17d18852cf07663e33fad581c104fc921d3742d3d937a94a6468d966d579951cd43790a3ba617875fe0deeb7ac8984f3c5f3c4b3ac412d6c0679d4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
48734a2dd4755eb8f978b21b1de75e6b

SHA1
b6d345b6b00c61df1f0ad51899add36cad685069

SHA256
61d1020cc60a9de12e7f79a2f8cf9c8a2e38de0921319fe18adcf4d5df5406ca

SHA512
b00c1280256da70e3648cb52e60a9a857ad334bd082fb8f4c664ddfa7397633cbf2e5ddea95775683314a343d220038eecce3c1b6c21d660b3620956ef463c44

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
d83424eb3740837fc204ba4dfdc47478

SHA1
dfae1072cc1b271617426737f57982df6c1aa44a

SHA256
72578a913ca92b8ba9d799d8a5cb662a5e19cc0da27c23dfa9148202e839ad79

SHA512
ca8032df671336ff10134fd6beca49294fb7bfae65d316699f4d1cea467a6f35b05ff5aa00c259e12bfd02a777f1a2753ef54bd9ffbcdc618b729272b21c00df

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
570fcf6f99ea5fb5a1a4c26c1d509c75

SHA1
d7e0e0606f6470c55be306db096608155b19ece9

SHA256
0a4c9dc9f0ec4c7831b48907d9707866aeea020dd6894a617cae190056bf8515

SHA512
d3513f3ac5e70037f9444f1e1530829d627bde441373f489c4be146844e1b32e9abfe695ace4128cf791ae481870ec2ad6bbb0893ff0bbd2282910e57b2974d8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
3eedd4c64f9f4075a98ef669aef3f8eb

SHA1
9d1f377c3e49880aebf30d997cc5196785f0a9a6

SHA256
af91c12e6c7bb6a213ef4e04ee7404693d86f17ef58974a706bb40be86253c44

SHA512
61a2fa8d59b1451b839f0d78967ea3264ef92e385dff69b8333f7fe0a72fcd75b4de60c52b7aae98dc497f4901c8111d9453f1e83b90f8d5a50118f130f8cadc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
52c792994f499241f60fddf5e7385981

SHA1
066ecec4a94aadd400a1db8ea5a6862a1fb21977

SHA256
eec9aae96d466fcd3b7b08580f1d82eea47a4cd7a3f7a12093560a19a90deb0c

SHA512
882b8af2fac989d63aa3952f4bfc25fa23112908af3ecb4cf79a46d3f96be845d9fc131f27513ddcd9dffd16245312805f97577c68e069e1d1b10e59c8805f44

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
061bd241305e5cdf3fc7a031ada3b854

SHA1
f991f8b9b23bea4ebdbe926c4896d700773cc13b

SHA256
d7f6bd8bc816f0d383d1d74031af5ebd9061a0bd4733f561f83cfba96c1046f1

SHA512
8199bfb6a92332f7da3648326e3da2c4ff837ce9e70c8eeed57f06e95d764bc838b58794b75824823869e367850044f7d27d764b88dbc20a5802deacb3d1ae29

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
ebcb0c9b5e7210f9b7ccd74991525a89

SHA1
49a47f4985a41790a004665f89b0825b6826a497

SHA256
becc7fea551f95fdf59e87b3f8069a6619769a025fd9cd19e5dc2058f011d24a

SHA512
facdb5fb567b3f3bb22b53228ee819a1ef1e2dfd9c8be850830e6bf72cd02004a5716f3dafe6d0ddcd7fed172c7237ebe10a4b84c0cf83e0e69444b6844495eb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
b7e1cb0e98e786c4ee0aa8e83cade82e

SHA1
c215959c283475a1bd267b6f4fc07b5b95c452a0

SHA256
f07f740bd64dff9a6f7fe4f72e43d94616fd0567768f034106b220b993feb8bb

SHA512
bd2d2715ce71fc26f6e03892459c0729b4c3d6f610c384f768b62856c43b36b32bfdbc9dcb2a3680895d7d2016864e896629898fb64192d800f834755b90c273

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
f38901629e48abac4b81bbee709498e0

SHA1
08d93de991eab59a3b8a2c15cabf1a483bfd5aa8

SHA256
2d2dccc709123ab13db0b7847dda70dbe514d976d25971b5b41113f82cfa8571

SHA512
4a3854a9b07edf5747bc8a99cfb50f5c85f448fb448cd30b816e89fd5e948a02e104448e1ab818a6b8c77becde4d5577c0eb7ba6f6f6b95da4ef2d93c47976ec

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
2c70f9bf3a2bf4c0135e558cacce5359

SHA1
17075d128c39ca271bbe1abfddd9e75add4bc6c2

SHA256
90624724748961dd1628e5a93f2d56e2d6b92213ea9b35006838262dde3937ef

SHA512
9dca5dd26e2175d953c22090d20a74c711f05cf477a7d1b65a0e59b67444bf7a3b8583fc5a44de4256eb2c79ab64e98a5e9368ad350c6b0fbb308a62e72d3de3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
7f8749fb4bfad95208c4b263b55c12a2

SHA1
15fc05a0110437948261cb7667e6b56236aa83df

SHA256
7ee94079b5007e4e7461a204d7944934247a65be02331c0405ea0c9ab5ae42bc

SHA512
c42e1f886882e8a99a3fec40b938ecb932ca006519e12442daef9ed5c9c332162d8022d18238b23a953552c9b34515a8eb70ce77267972e0df6f7defe1fa9e48

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
b8a68b71b49719ea4fcd994b26643b08

SHA1
13c5bc67d07d3c61566d13d4652ee45cbd67fd2f

SHA256
a1552d02631febef03d48f9fae4bc43f1d5d50e745aff77bd9c535005504485d

SHA512
cd6529700da91ffddae51df1da5f4409c80079e4ae02009c5006d75d84dfeceb4074756dd06a6cba021a19239817a077d9a4e2add021478c8163c9a70119d9af

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
5833a6b6eab0abb443b628d65cce2a86

SHA1
8ef62cb2d7f123b7545fe9c9a7e3cf0fdfa58922

SHA256
4fff5d5663d2b80f7ffb3f41eda45b2acfba9b5e1e5d6ddf3a51c6163707d063

SHA512
2535063a8c9da127b87c5fc8689b7f8983eb8254998556bac015fd2716bdd9d63de47bf82bde45a7826a1698346bae08eae43f5426a994081b6c1e1f90c43874

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
50a70798c0325bcd5056a2d528d6bced

SHA1
89100e90bd736ee269c466486f302d1e7405a2d6

SHA256
f9eaee6743b43133e7e8bc2a4048844501b149ede55557f58954828806543051

SHA512
a8da6213bf978101af606e9a3ac3bf935cbf8a9fccde10729b885d3565437f64ff1b3a00e649da1756b2f0465369fcf78ee515dc4308ce414dd5e79f00256c7b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
9505433546f71d5ce9f7f209f5703c8e

SHA1
ec0f98a277b2c2ce7da69c242ab22d1d0353ec57

SHA256
e879a020ca7d4e58ce39d966c3ad0734d21b0da296924235411f3b09217aa7c2

SHA512
5d61ed7ef9ff24665a927ef69f008a7a8b82e39ad1c0b084ba7466c2a9900af9de222855418f08b71966aea31c7c8c81bb12006584b9340b5335804cba235876

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
744e1bd754f48507d3b6476104b25dfa

SHA1
6a1eb4dc40996cc04eb6d0034fe1925ebe95390a

SHA256
733ba6165fef0714f40990c681cfaa014cadcfc9eddf192529d10332a08223a7

SHA512
eae3df04621c6722c53fe777edd3287ec9f8e787a3ca58acb983309ec667499a6369457e5e8da86905d638d829c7e2b30a36c4d42f34f9b16f01bf54ba6605cb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
02f48b53f5a043ae05c8bbe76f372c6d

SHA1
9ac934c79a499d0540e577a241aebed753301031

SHA256
525b596df7219c246e811991fdd70f49004aa91f0f74c3721f319d062b77df41

SHA512
44d59d87075984450fb3aae6a498a193f55255f2a23a0525dbea8141307a12c34f2608cd38d0b49d692f74b26a3498a2604ff6eacd97b8a8b34b87e971162aee

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
013509a04fb1fe3925f8e9b0927bb11f

SHA1
2ce45bb83e70a3dbec852cb7897c9c1d691e256b

SHA256
aae0bea89ab359cc3a6f998727823b28123490ca97f0e0fc62a7b39209659003

SHA512
71777668c80cec896c60a2dae46cab12c94864aa1f10a559a99054b546973d3f805a52545f7718881e21854600b4db7d15adf189b390d128e5e9e27bc8b5f7f8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
ae5091647fcc302e202b1be3c1e088f5

SHA1
76a100d022122f7f8b91b6d0095c99b392a98fd2

SHA256
6fffedd33a5ac318c4adff92dc82ff732ca014453a48db41fd2a5d5fc070d4a9

SHA512
3126abcfd3a6dd1e18c0862b2643a7858eaa182933fd0d567bdd5de790a5f8bfd27657b2ec5ec49600a6cae3c8497e07d4b962ac28280230848359d0409ebc56

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
d910b1c3ec08b36938bfae93a491848e

SHA1
f116d2856aa644811cb5fbd873f70c8d4e74184b

SHA256
ba18ea47c8fada97579810fb733944f9a50200423676693c490f0dc79150a0b8

SHA512
1160e4a21a8ab11c649bd901532638019d97012a238ada8d452dff53444e67a4982a0053ef38f1cbd0faed4bac36c012fb368d9a06e2622041a8180dd8bb092d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
8e6bf9c5faba30522f2989de9e738bb0

SHA1
743516b2aa475c7995bc447c0edd90c5cd11f1cb

SHA256
875466ba806cbc0541ab5cec76cb6be6933ca4c0a2f4f0d9966d27af4ef47757

SHA512
35041e738d42235e7c8b08635732160731bfc6525b32e08e738b4151e14f631fc8c11c634ad36398e0968c1f68a35be16cf9e0f874253694dc9c78df48ef8e0a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
c2ff731c766fb9da2396501ed2ffae06

SHA1
3dc03362bfdd5657a82037e2f1b2ee4956381bda

SHA256
fda81207e7f24a42af1b902add6cb10250889da2c1bb87064467e7cd1732bad1

SHA512
37565c23775d1c21d1a969d7a4cc435d7344bc7ae2812dfd8730d086ec2eab65944c6f17107b33c9b84da6f130c427f65f5e1c2bfcf15e38fbf7523115192863

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
4b0e02855c303e5d8e5443c3114fba7f

SHA1
e55083c5e6d61b0723d99ac668517c8a941985af

SHA256
d1022f65076000faca87a9d506a80af4b08a797811c46f6aeeac53cc6649dd93

SHA512
925e3b155d132f02241aa9042769731902ab386bc28995f4342b2657d9b8b63f4eb7aa8fed693bb5b25768527375bd98a104ed66683b387a0b48c0298df9c0bd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
97da0acdc28167907e5e89e6601174b8

SHA1
ecf0665e6578441e77d51295089353f21383e7e1

SHA256
c467240a9fe14dac0a67d2ce0327687cba656077d11c30ab0cb7c16f1476e8c1

SHA512
b8c3442852597b6d1448cce0ee4d423bd0defe13691d8149a2f897003600f512e8229effbe46d7e523c97e8f6863fe73585df74db976b697b8c915ad7607e540

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
5fc637ed917c81af16f361f618309205

SHA1
221c60b410d58c61c36afa379ec46f01524d3c62

SHA256
fdb2622ed09ce0f0ca345b96da64a8136497112c6a7786a061af3774a505754c

SHA512
8af531430a407a590ec407c3b372121ca8b1d997f7ee2f49f0caa48290d83eabe1fd3576c912c5404867cd4307c4cd311d82b4ab05f5425e1fa3fa6264ded396

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
63b784e8bc16def780b9894316f2f6f2

SHA1
4d79af0147fc8acde3c745d62d85ec8c644066ed

SHA256
d0752aa18d1b476dc5b35980c84ad56e868c9f70ac84811782a66a1351911ba5

SHA512
c42e42d1adb88b1bf246cf7b554224c58bc3a0f0c34256fa71b380235538042029f4b250d34e6c986e9de74d4d7189e4cc28537e11b732397fb4d4a6ee7c47d7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
a39417b0d349d97e14e790983b30ce37

SHA1
5ad2f3b3bcacc77c8cfbf5e9282a49be88a5238d

SHA256
2925396500aa5eb865dc9dd4054f39f08ffb3b6c0de347c03d841c1f128001d7

SHA512
cec9b0918dfa62b8345a39b1fe1bafa3714513e174da0079f02b293a5b56196c5810afb0f6bc44eafc60c5ff201587629baba96af279187f91fb7650d8338f55

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
3eafed88018b24cdc7b817a077389689

SHA1
41799f59ca1fd75548fcb23bf6c8e5fbe5a20c35

SHA256
40d3c98164ef09601319745003e9fd7daa533821907a1a6eea144666103af50b

SHA512
56500e784f6ac9b9e8fb7ca4d63ccc4db40295eb513cb6ca22913bea71769f78d0cee9c608af71119f53f5f5dd52870d9989ca73960843f9c989a5221524fc75

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
9ea6892a592514c28f3f007039a83869

SHA1
a2a02baa741e70cdef2f98bb02c7c83438107dcc

SHA256
78e2aa777e7eed64924b6ab18565335f28a2b278a619beee71d0106f3edc84e1

SHA512
8f716875f16c4c6ea860ffbd661421d55c46d1d9981e90a3d44eb9626e22be3a9fad024c540c3e6d9a1045aaf09c66e90d7a196df32516bec0495bf26809717d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
16c0e2364b3373e472a45e75048dac04

SHA1
5c18ec7f12d7d179fbbc693acc50651fcc6e6c89

SHA256
8fb3ccb9b34da10d2ad84f9565cc7f6c304a78bc005e9cc8c496de283fdec423

SHA512
36ef26d1d92870eaf7c140e42674c4de4ddf12c077f98de574511bbf0eeb690214c3a0b6fee136b9c38538015128f09e41c877c7102a621deff30d46a9f4179d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
5e3b19f76c62d00bbb1d122a700f8ac1

SHA1
f741f640ed554697554ec01d99aa29a4b7e9e841

SHA256
85e0e6466b02998eca3e4a2ad9402ca012f8ce9bc848eff255b7ccf1e3c0ffdb

SHA512
809ce9fb5a107a4c94799795c7480f5dccbdfacec91292093d857f419c0e8ff1fae833d81e2f17f6c0641dfef99c551ed78317b0ce1bd3c3077fab9333ab34c5

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
3bee9abcfbc086b08b06be9ab32a7d64

SHA1
390a6169f6619246a4c86c057e85a21e26df13a0

SHA256
854f8e80ad90f10c9dbd09d675e456aed38928e48aa5c1150e7ecaea7de5c6c3

SHA512
dec95f807d1230d0be24a1c4299f6bb0d09b600a84a5cc7f6177ae0ff13db0e6705dc08a3aba2df347c832dec987e84630200540cb01c0fbdc1f560dd0e5efda

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
6c0a5a4a318bb3d279dce502dc7f74b1

SHA1
334a76e9786daedaaad64d43d138e50f54976994

SHA256
896d3b46e19dc90ee7967e0280e11b18a9f4a1cfd2767657a0dbafdac9840fe2

SHA512
575fb3cf34fca5ba1adb93a8bff60948097e6ab725a707e02942e16997c6f19e8d3eaa5f086a3582de5ebbcb87861a1fc491d336de0b5d8e804f0e3f70dfc939

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
6578e2aebcad53e5fd9b40039a073da7

SHA1
b8bc8a0ea9facac6508558a65aa31a19e0a34b58

SHA256
bd4624a5899577c166cd6be182f707d24eadb17518057ea383add883ad1509d9

SHA512
c55d4f44399937a8eb4a36fca69a72d15716849fadeaba5aedaf45f742649608d10517c46279e4842bdfc58831a821c0362086019b5ae8140d4253f10f750ab8

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
222bcfbe4fafc096675439c5acd43d9a

SHA1
bb3c641c07b77a7b2873c54a1add5e367659778e

SHA256
bc2f91624be0aaf4c9c34d56bef9206842c41d222e12b250cf0f1fc1a0caca73

SHA512
0b6bd6bffff913720d9eea814f2a94c8f005d55bc81a0770668c68b6404a37587e0aede461ca53a14e4ba9c5b1ea56b200c915d5073fdb2c16feeeea7b1a02ca

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
7298bbedf2beffab2fa9793980c88b00

SHA1
742e6e9c4cf1529fcbe482e564b07431f69ce943

SHA256
0845191889309530526c1609fa35e3d20f79e60a1b5aa5d6b1021f787fd41e61

SHA512
021c40e5c578a524cbf88bc1f9aa836374bb03c6167b2a902ef61737f8f22615eba555cf612277f218b13debaab0701afa6b8f5fdef87947b5519b42fc4cd6e6

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
fcb4b2f0a0e5f21a8e0a0429106f9f55

SHA1
fc4a6c580fb1f412d179d77ededcd0763f7b698c

SHA256
fe8f390180303d0f4b5d4041fe8b94036d9b3a5f9837d1bf3a921e6cd14f7c26

SHA512
b5f2613459fe6a70910edae137d4174819b27217feee9cc7ac95115092c815f74cf72843e6ad2ab12b44fa05e95f87f748e0b81dd2377e0a68cd3a84b6f26fbc

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
51f31971b36033904c8ebb3d9bc72065

SHA1
51662b2706e98a9e1ae6660e3172032b571ea459

SHA256
82727a3ea85731fcd226659e6c4155bedc916ea0afaabda47bcee30ebf8a40d1

SHA512
e36c8a213fe1b4b7ee534bc5e785f63e7549866d24c8d8b0d27b638167a0c1f10af9e13d16d33f112da5567bfcf5ed800072ce4faed710cd43e950cba2604e38

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
eee08885066978361d8abaa17ff70400

SHA1
b3b15f5af702f7516ad5b24c13576a80e2fdb844

SHA256
5e4305ed89c3d1a1bf6e9cef7bbca30c367ecccc1bfb22a3175b1595a1d12efe

SHA512
1b0595fa28f22019b81094974e4a9977b666c74c627559a04cbc0b45abafe0e48a80ef053852fa7a4f30c353c9f1c5059a1fb737dd860b7a101f8470710a8460

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
e2a3b4c469de7b31f2afd5ec343aab40

SHA1
ae287329d77835206cd125b3eeff1c811bece13b

SHA256
d6defb1e9976b21f0627dc813ca1d63a60fec5b1a8ca380333ebfe45795311e7

SHA512
e6b433f98d255e954cbeb25e1ed1eb0ba956eae5faa005847914bcb644b15167da02c2ce79fa08272938de17234f163170b09b8c7706f34df87a33328d6037ec

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
a3f49753ac61ba319dd065a0cac18a28

SHA1
a2ff784e2952ba5d4e4265a0312699373e6a9b9a

SHA256
5a1bfab86e5862c8044f4dfa6fd824e79e641819b0407afd366878ad47b7f701

SHA512
afc793091d6f050473497b123ee92d22df1ff0792089cd18834ba3647634bb1de1ca4477103164b31e8f2f7974c4242e527448abb3d1e95f18e792ad0f51c93e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
326513f77872e1497c65df6eee1c9d1d

SHA1
42fd9d9b0695eaa67ce05bf4fcff54b9a0678c43

SHA256
100fe1337a8d59627c53a94f0d410dc4b057dfff6e56cd0006cac05327d69a36

SHA512
12453f675e58723d2236315b3d0f40c97f927b3df38251427996cb4b7408f2b980ad9778cd84edaee33562d0b6fd6d962f84efe7520dd63b3db361c298fd7198

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
67fd7a5d45498d57f0639c6ae30c7002

SHA1
408a0e0a6b9c04928b0d64a8b49e79135cf8d79d

SHA256
604e6f118f81143572c7f3e080e8b54b23b0fd9e23ba12cf8859b3bc59726ec1

SHA512
3c446d0b0a6cc5720a05ac855ba331529a90bedf307cad0e28573af3b5525ebc9de655482b89e44d4c9c828cff5322444e22e4781cc9dd68035232a780ba0ffa

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
51f8a4351625259b8feea4df81ee27a5

SHA1
8171dd9e1e442f7ffd1709240f7eb8b23e252520

SHA256
0dd28ea5b4246652b8054ae6e51fcb8af15f232f002a1935526a8213c4c069de

SHA512
45ed8c6581e10e67ae5bc43644c345611ac2a61d048b463e44179f8760c703370ec513c2be66b7ea280cd79ace09a51aa7b961c78bf5a925c9d7689ee7a66f99

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
54211f15cc83bc8ef54cb62dce92d0b1

SHA1
c40a9843ed992710098298fb8e1d4315725ee986

SHA256
9d035ffd80b755c7834dd0b7a19a017b7a558c6efe07a44a6a275fb897a7f9a2

SHA512
98cc373fdb9ebb050d9154ec88a3e8fe9e95c42183db9ef6fba51cd61c49f688d65a09fe3852acc8c2c8d87b1b0d9816521ea8404254c928808cb9b4a94232ce

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
c07314e5eaafa7b3963c1ce6635590a0

SHA1
43d42228ad32e5c4d6da16b3a892e884f26f5be3

SHA256
471ced9bd9f2c0dbfa8e476b625f5b3fe78b50603f3ec30e805b2494c11bb16d

SHA512
e0fe9f0de3dd9b51786f7d5ff549b64b7db70e1a211443bdbf44982188cd1c71f03d0b1fa3ae354670020679615d23942dd520ad1fce22646253493022c50be5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
28b20a47a682173f93dccf3921d4c69d

SHA1
3e5aa4d131899b0b367da569f801e216984bc941

SHA256
f224675401924966c42da19362d6d1b6544c1003c55b036bcfc6355fac8e5b44

SHA512
f826db99b77c00e037231b6007adbc693379df859c44f1ddbcaf9d9fb127b3bb5340d09db4bce68d1a482794d7e3181cde0056829e040210eb0e4279a69f99ad

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
452d49e23089f887dcc36e7cfec0c4f2

SHA1
763d0be6d7a79422035668ede6dd674a1b4d745d

SHA256
8e0e5ae10dbf677e535b295bdce362456f88f575e77cdd1e62fca1d6c75b1fdd

SHA512
285c5f3d3cfede518d4b6a1ca47e4738e8936e0cacbb423f9d9dfdbed5c64d5f7e8e657a0944a8cf615804402b19c33eeaad1a71ca2a086690e41a4af2503088

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
b3cd2a1d3551e7ec412cb12cece040fb

SHA1
ba12d66d71e4bcc1a5810de98ece0b2793e3cff5

SHA256
36a2f88d6a51e59194284e310e4740c500b644b703bd8b939dfb08b39fd3d550

SHA512
8991232256deb9fa872c604020cc1e3aa217bc397ab02b6ecfd03b6d8debd498a1a5b29a4a235d9410dc9069b9872211c59f22764330a8a57fc951a04fcf3649

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
e4d41c23e04f9fcf29c03d77147dcc9b

SHA1
631315948d2da2df12aa45c0288d0dc5032ba099

SHA256
246bbebbb6b6c69a8cc3819dcc7cdda91714ee8a779561001f26a7f3896e45ca

SHA512
644c0246211b581a6b88000ba9216e77e1e2589d8474a2e629268c3b6ecbc25199afba4489e31eb93740a00f55c6c14f04ee8304535d338b90e28450ffadaf74

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
d2c13708f6380c35c5dbd682b808f0c9

SHA1
fc69f992da129f60f77536a020e5c4fbc68f82b0

SHA256
29e4a31815e17b03aa3faf116c7d99d04c8e3c5368122ffb756d5a46dd3901f4

SHA512
dee3b5d518b69dee5568ec344b669e245ccf09746d3520f0083992454b0183533d0705d5c5929ce1af909e4db759748b265ecaf48bd2075407764eb43dd5dea1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
e106827611dfe1cd524400aae74faa74

SHA1
fedfeeb83f9d657e725a9ee5e6c01c1bb84a81c7

SHA256
1a0e35740fb63d357ce923fce53805b9d80d0fc20388db01178a5c0772bb1553

SHA512
1518574778b02c8a250a76637afabad8225435e8365a6410a0b2ff03c9cdf11cc49e6431011180910a73e4a5582b06871318454c5144e96d537f248cd4d0f6b4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
df28862681bf1c09a365b19f11e044e4

SHA1
fba0289f2f104cd5e53944fdfbd1ef46a2abf122

SHA256
7447abe5e93db894de44f1d949c4f58a59c5334aa11cb219a83dda22dda3ae05

SHA512
55968c806221f203c9962fa022458718cec2bc85b651d0a94556b590a5685607f568e2ac673f0a1338a5cab026a19dfb63902a847e4b9cdb8ad2d9dd245d6ca2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
c0d7bc3404cadeca65478a566749b6c2

SHA1
9079424fd46095f8569f8cfac330da951c569418

SHA256
22c5e97e0d69c5b32426c4dbeb00289f3e13c3f384e2586ca67a5824e7052208

SHA512
cac97f6cbce9da53459ba1e41abd3651bc77d4986ed02e2dbe43fffbab5ac4c3dc53d166b61530fae38576cff8af28c19e7a497d120079dd2061ef28c5d3db57

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
da14d7c47823f93d4998de74c6b51a36

SHA1
4aea53e91f33fa92fe4d8a7689d353d12c08f31b

SHA256
ccb534fe3fbacac74d73e0cddcd55b8aa0c255485d1245c434b227cede5e5746

SHA512
f566d52f076df743315e37f15d2220ca6f0b76e242f5fcadd65e2eee86d08ed061f16eca65788dbe6d7b754bf3b8fda1612af8b426d0d29e87abaae995517b55

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
4789e7f96983053f665b41248ac7d82f

SHA1
7cbb6436311ac5721caa0e731d825dc64e1dd482

SHA256
69096f46d09274b27aeb61dd3bfbaecfd8489548fbbaf92063a49a770d6449c3

SHA512
bc4834a36cdd5c3acc31f2fe403a24d875b6fa5f822161c88cb2f874e712ea13d49c733dd5b2d70dace99ebfb3ff9c2474607fd7666fb27ba58a8a5d3f265b00

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
e8b3707c97d91df8eca87ce8c2cc0373

SHA1
b191e9302c41769533307c3ac2280c5f10799f1a

SHA256
241d129d0a584d4383d7f9522ab0428dbf7b71cb93bdc44226af2b08cb121010

SHA512
c734d0b30d046b68d45d6a011d9019c91fc6046dd68ab14d145ce51d98ed0541fa2605c077f71719711d40148832279a998312ebf3fab54a26d11709515bce16

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
291a37c5075c9fcb49c88dca7e75abcc

SHA1
81154fbf92332271d48da4595a230fd4cc52ee74

SHA256
5850d8b1f525c41dbb189fe36aeb3b4679a38f2022f7b9a0d4d9259794d9f96a

SHA512
1dde86e5ef955d54edf470180050ec7cb41b09d60f15ad4baf1237276388e5a9829359ed99bbedf27fe8c235afefc0d460375bbc91904845704bac469a43cb4e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
2441e3c16908f11b6bcd236f93b3ee35

SHA1
e27b2ff1c14a5b08cf217565a28d5edc5b6e60cf

SHA256
d34cbb1559618e4e8c85fc4e12d04c60cca5dbff252284ca1efaf4400b9c53de

SHA512
776a90903c011f53aa85c9b5a96d9b93ddc49b5e862a3c1712e63402c014de62222ca568d37b9f4bd93f1348eacc35a91e1be5ca983bfe16b7c575ae3d4bb08e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
ba594efb4b6653ee614caa18d976c79d

SHA1
d7e3dd845dc5382794e90163701bedc22e43ed96

SHA256
e629449881b0aca639613ac5f7e4b96cd3a15fec1023ddba07b3cf67a3d329f0

SHA512
61fd14e57161417a1acb8cb5c891cf02e1875925c1a71dc6a1025b237fc3c0450119a11ea84393f1a1ea8ad236c5d019d2c6c1986056761cb7b33e25cd8bb8d7

Download Submit
memory/2168-35-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2168-8993-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2168-8994-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2168-9167-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2168-9168-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download