xorist | 9761e741458d5c6ddea4f66e2f58a3cb64bf5ac7d71a8d3eaf2606eaa9bf3b7b

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-10-2024 19:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
Size

7KB
MD5

23f7e9bb64b166b543ad6ca59169e924
SHA1

1762468e70a29c3d84606cf187b9a7f2bb647faf
SHA256

9761e741458d5c6ddea4f66e2f58a3cb64bf5ac7d71a8d3eaf2606eaa9bf3b7b
SHA512

c4c044eeab01c476d798d89204b4b6505df944916a67eea98e372d293be47a18f0437eb2698d96896693bc70c9f965a3ce79f7babaa4590090775bf89ba5098b
SSDEEP

96:ljZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExmzaePj7jRmW+7nGMUA:Vzdrr1FG1WDCgmjPZmzjPXMJGMUA

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2644-8932-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2644-8933-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2644-9179-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2644-9181-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2214) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6emg41x3O2wDpP3.exe"	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmaiwa5.inf_amd64_neutral_ea8128ac5da37eb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl007.inf_amd64_neutral_935cd017fcb965ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiaca00e.inf_amd64_neutral_5a376e6a7cb007d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cxraptor_fm1236mk5_ibv64.inf_amd64_neutral_b81bec917adfaea5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx006.inf_amd64_neutral_cc725426972d1293\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidserv.inf_amd64_neutral_f2223e39f37c69f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hal.inf_amd64_neutral_232b95977cf6d84c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prngt002.inf_amd64_neutral_df2060d80de9ff13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_locations.help.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnkm004.inf_amd64_neutral_d2aee42dc9c393ea\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Session_Configurations.help.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca003.inf_amd64_neutral_8e91d4aa9330d2f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\pl-PL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_execution_policies.help.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcxpv6.inf_amd64_neutral_f62ac4bd04e653d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnle002.inf_amd64_neutral_c7564163ba063094\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_neutral_9b64397618841a19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00b.inf_amd64_neutral_4412894f52d39895\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\AppInstalled.gif	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Throw.help.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_prompts.help.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\af9035bda.inf_amd64_neutral_aa11aa34552d1d4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_CommonParameters.help.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\xcbdav.inf_amd64_neutral_cf80e4da1c95e6e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Sxs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Reserved_Words.help.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_neutral_86bb50f34c49ae71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep00g.inf_amd64_neutral_2926840e245f88f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Parsing.help.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_trap.help.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmosi.inf_amd64_neutral_932d048a735b47c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmagm64.inf_amd64_neutral_ef322a8cc2738a9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Documents.gif	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Comment_Based_Help.help.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_do.help.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_preference_variables.help.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_While.help.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NDIS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_wildcards.help.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc302.inf_amd64_ja-jp_64ee91a0bf7b132c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_format.ps1xml.help.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iirsp2.inf_amd64_neutral_9ed65fe0bab06b1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Path_Syntax.help.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2644-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2644-8932-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2644-8933-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2644-9179-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2644-9181-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SONORA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATERMAR\PREVIEW.GIF	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR24F.GIF	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\settings.html	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_docked.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsBlankPage.html	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\TAB_ON.GIF	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\settings.html	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent_partly-cloudy.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02466U.BMP	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\alertIcon.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Services\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21434_.GIF	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101866.BMP	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15057_.GIF	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_increaseindent.gif	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10265_.GIF	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14831_.GIF	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\DisableUndo.gif	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115840.GIF	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\TAB_OFF.GIF	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_left.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\drag.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_High.jpg	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImageMask.bmp	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\winsxs\amd64_wiaca00f.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f55e1530d42f5d9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-cttunesvr_31bf3856ad364e35_6.1.7600.16385_none_efd12d677fabca7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mapi.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5921be8c08d1bf0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-mscormmc_dll_rtm_31bf3856ad364e35_6.1.7601.17514_none_a98a0efe27a75944\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_cf55796d9de5582d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..collector.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9d9754c209da150a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-legapp.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8259ff12427daa54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_es-es_ba57accaf17aa08b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ntlanman.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_3a394bdd55075554\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnlx00d.inf_31bf3856ad364e35_6.1.7600.16385_none_62689a3eadfe9b80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-rastls_31bf3856ad364e35_6.1.7601.17514_none_6e6c95d9ae65f958\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\diagnostics\system\WindowsUpdate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mdmnttte.inf_31bf3856ad364e35_6.1.7600.16385_none_01231bbe5f4a51a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-activ.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2a2e13768aa7e762\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vssadmin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b039d8914a98caf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4613c32c9fd7aa95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_server-help-chm.perfmon.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e619c0081a16967b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mydocs.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c97a20927d25631e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..tconfigui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e4aa467e1dc39248\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..mentation.resources_31bf3856ad364e35_8.0.7600.16385_en-us_8effe3e3ea5c3179\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9d255ffbb923bb4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_Line_Editing.help.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..favorites.resources_31bf3856ad364e35_8.0.7600.16385_de-de_029d071c4e13a2f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\inf\MSDTC\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_en-us_201bcb86330412a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-helpplc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a754e80125cd76ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..sions-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1974dc1c0e53e24b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-tlbref_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_edeba22efbbb32f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wininit-mof.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f4a964847e8dd5ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msfs_31bf3856ad364e35_6.1.7600.16385_none_026531e2369d6d42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-regctrl_31bf3856ad364e35_6.1.7600.16385_none_6c56bad999e82b06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..r-tlntsvr.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_50bfdec5a4bd0a53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.security...licymodel.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_092ece045890650d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..rendering.resources_31bf3856ad364e35_8.0.7600.16385_it-it_b423d20ba5eda168\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-searchfolder.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1fb099f56053fd1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mail-adm_31bf3856ad364e35_6.1.7600.16385_none_481b38cb6cb9af7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-oobe-machine-ui_31bf3856ad364e35_6.1.7601.17514_none_c081339cf850430b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220\Windows Feed Discovered.wav	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_sisraid4.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d18ca73d6791bcfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-00010465_31bf3856ad364e35_6.1.7600.16385_none_f26f9855a3b74b47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-dssec.resources_31bf3856ad364e35_6.1.7601.17514_en-us_ce9950e8870ce4ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..-whitebox.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3a0c3775fc1e561c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_machine.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4384d5fefaafb524\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehvid.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e2bf23e2dc45491b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..n-playapi.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6c11c083c2c64217\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..qossnapin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea3d5c58a2cba55f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..trols-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_eccc1389986bccf5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ntlanui2.resources_31bf3856ad364e35_6.1.7600.16385_de-de_99ec7fb2532247fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx35linq-msbuild_targetfiles_31bf3856ad364e35_6.1.7600.16385_none_12aa611e8a576b93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..panese_dec_lk411-aj_31bf3856ad364e35_6.1.7601.17514_none_afe5eac6921f1c8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tpm-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_669be3779426a702\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-forfiles.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_637403dec128023c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..egacyshim.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d6784b2843e57efa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-mscorpjt_dll_31bf3856ad364e35_6.1.7600.16385_none_d77af9a299d44999\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-t..pc-mathinputcontrol_31bf3856ad364e35_6.1.7600.16385_none_e8a704ebfa319de9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-audio-dmusic.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d5f9dd368ae58372\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-docprop.resources_31bf3856ad364e35_6.1.7600.16385_de-de_be3fbfa99c9fb6c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-optionalfeatures_31bf3856ad364e35_6.1.7600.16385_none_663d506d4f028574\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..ntrol-rll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ff6934859444b77e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cttune.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e76176d2f9145bc6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\ = "CRYPTED!"	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6emg41x3O2wDpP3.exe,0"	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\shell	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6emg41x3O2wDpP3.exe"	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\DefaultIcon	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\shell\open\command	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\shell\open	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "VAXLNXVITYMSKUA"	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
5923cb930e0360b0efccbbe976b912a0

SHA1
ea7d24a11ef5aeaf7277c9b1716afceba8bd0280

SHA256
a3fcbe7539ddb20fdd704a3f9eb25b06ab82a3541a3dbbf3a19efd1ecd97f483

SHA512
4b3669aed765ccacd80af12a362302b3be3fcad48fdeb67811662a061818956022c4200f8d9821f3135b1256ef29c934478cfca10e3107dc39dc93d304720da5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
7522afd97da1adfe70fba0a24c85289e

SHA1
cbbee8980587d341aa06b936d7e045720f46a0c6

SHA256
8b3399399fa957ac96cb0c821209a4711c50568400f08f34fdc8c8502ce283fc

SHA512
f24b563134a33281f0de38a4591e4c12244c671bf6fdc0767cd4898223b0ca72ff26cc8b6c45aa24c7f08471416479daebd2add5221761b262e2064af89a2abc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
3dff38b425fdb84ecd5ce1ea806e9aa7

SHA1
c687bb4f5c0ad16a4b327ffe05ff765ca2ecbb4b

SHA256
77a42f8e1ffd5895eac0b101490f32fc1d723f543a7e8eb9815257d4d5b6c930

SHA512
9e4b3b4d1fbf8c4bb62408a0bbbfbb579fa4dcb883412d51d1a8da472f5defabd67f4af580809ff4949095216ae665a8678e9d44723072ec400682be3a48c931

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
d427e9c5679bdbb58f347232a39ed9a7

SHA1
1772f55d6ac5c4b215516bbb9c8871ff9a6af15e

SHA256
99860bf855b545f3ac7b8e2677ce05a9e5f2c0a07f26234741053455ec6a19c1

SHA512
c1c63527054807646a1fbd9b790b1ab87f2faaec5bd3867ea013de356ea958ee8221b58fb8a5e07114bc0461ca215040b02fae4199c6ad90c8f9091d10ceb2af

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
465f2f7dd49478938cf3d6dfe2865faa

SHA1
db1582ca6a11bb905d0771c619b28bc42f86f435

SHA256
14994b42759224aaed4aa77413dcb1dcba22c4076b7fe817c9e9069b7ef40871

SHA512
f90533cd7e353801ff437c1b01eab35ac2896e11c501700650ecda5762f09975165a7e19588a34a2b0205f09c738d349d39c0cab612beefb4eef3fba0b95b3f2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
dc78119d6403fb5b131cbe96534b890f

SHA1
d4a70e0ed149bcbdec9904a4ae0fa50697e6f171

SHA256
c6b739b992b74bfc5711309dcdf0c6a3f68fde7e664c0aff97a9ffd8b8762505

SHA512
ffd932be06499fa59a1d80024d3692fab32007a165df5ee25bccf7425b856b6f8ec9d0c23c725120f7e704188c8187bb6a279af2332310ad19d3e5a5c7212cda

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
5d37bfcf806c8fcfad54428e8cff6aec

SHA1
dffcc0fa19199a4154a2356be7bebc10f5cda22e

SHA256
c645a5482506fca37d8bc2ebdbca4b83a25982cefdd2ffe24de3139770513542

SHA512
39188c8d190612562d1ebc230e4d9af3c5dda477ce4c80419a9eaaec5364383e026c90fc1bb5cf22a4a3056815b3e11075aaa59e479c3a1c9f75973749dc9c7a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
d843e0afa1a777b63d30980278b89f77

SHA1
762dc6317d9d9a2beb0634a389f3b23dcac82249

SHA256
208613292ebe406c049e2c0010731f6bfc2419147e99dfec4970857803276bab

SHA512
f184fad788b9cdb80b5d2ad5fbe932ee00b1f34ad585da8caf0f72e0c7297688b28ef6f21e1dfd2ac8ef4d93b4aad34133a15abdd243825dfd898c0d512b4ea9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
b6e7e1ea320e9d1e6b114e553349ea9b

SHA1
0d346a406010708acdaeb29f6130ea68d935393f

SHA256
c191a90702be4f66aac2226cda7abf2f9b62c5ca7524213e29d59c4903ee58ef

SHA512
8cd8bb456fe1f5779f7005b7961b218095544219819c391d10fec897aa339d62488f6f4b6c54c0a12f3134652a67a0a7bee07a5370e27c08f40f03ec16abfb2a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
8e39cba9f33ee27fa54ca5c84afef530

SHA1
49f3b8dd118b49c7a623180bd5f146c60bb2f89b

SHA256
0a6e5713ebe989e0b5c468b3bee8c1beb9e0ab72c21bcb6523d554bcc157c5db

SHA512
d9a981a100de0ffaa475e4e715a59734f952abdb48d5fe289d9528425173a9043282150651212985d901be54d5f59c6a23b96f2436f3e5c5f5126099da22110c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
9a22e952afac5fb62cd48d534183ea30

SHA1
b1d65a5ec4cd2877a30a09a4d52228710464108c

SHA256
d3708e360b83694d4bf2988daaf8593fc4266563eb6553bcecd7cc06e95a7e21

SHA512
05fe645a4f2db8c4769d70702f6beab98c41bc8786b4bbbd787d7c5514509ed2f0ac3d3d5aed0ae7baa454fee3f79154808ceabe31f74e8ce1729067970988f9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
8b21b993aaacd693a1bb66a5660607c0

SHA1
e336a8feabf22b85960ba3a13db48ebd4d387675

SHA256
a65b27f471ae4061a3259f259b541322f149f150bbcd98d483c1b9f307fb71fc

SHA512
54f585cfa1c1638292722d33705642d47dc7b624a2afb08838e07a1602499c691cdf7665ab1a50efcf8f7a9495111676a944731174efec4dbe87a05933b2f155

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
b264caf68c357817b90853acb8ae0c9d

SHA1
8d706eb2729a70b33091d9ac50f44b160761c444

SHA256
2d549a9a39405fc444d6e3ce075b3505efc15e7ed6041d519b124849331b3cf9

SHA512
ad8548f0a0c006e5b0100366513bb890dad322fb49cf0171f312aa65125b4b084a541f96606f140e97fc9eea7224759b65e24b18ba466cc69d7e7f32a9ddc1f1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
d979217b1ce4438e7da8863f8add4f16

SHA1
742599b2956dfeea78028338bb83231e00c7ee21

SHA256
d5474703250eb221d80d21e2c1b681a5cfbcd0939caab1697db6edd454521299

SHA512
7b545bc4c72776d66ff47764f8bdadd84669d545f4e8c301e63101620939fb49b1bb49f25ad963dd49d8a9e15743dfc6c841c90121bf472b3b78a6ffbc0528d9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
52b5fb17343488188f7cdf81a4e35f73

SHA1
3c7399234e35fe350ef3035c2e539062f920a577

SHA256
cf7307a8d854de23ffa5b0af6c663275098819da241948ebb983768ed6180045

SHA512
f6e1b3da61ed6eb0c6d24d0a0e0c373036b78f1bf042b4d7a8a21475d311c6dda22d8bfafb32037bbf90be313870603da3f172bc2b8310de22084115ae801322

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
a00eda1926c87a01b982550476161210

SHA1
5d78900432acd8ddef53e72753e9807b856a5d4d

SHA256
e3a6b218207b6d5c7c234e7f39e18e5c6785f8a2c8010633e1ead9f95d798081

SHA512
c2fb19d7d062557387357e326a723672ba720d154221a98c8c66fed0e0cfe5a084ff2b451657076d70a7b3e85f4acd87d72465025f51e6abfff24940e4d3ea9d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
608f45d894106eaaf989a24fcb12fe50

SHA1
997cb228fe85bfd3c974a9dba59ba346c136988e

SHA256
21c92a587cf44eaa48a5667976293c3318c695e6fa6b0c113ee0e29b5e2eb9f8

SHA512
80a6114044b6bfbdd250137bc227ecf82e8ffce79dc857640dc7eba5f07503bc0426e7f5176b9b9b8408741f6079083bfbe8487b465cada6cd337e7361969622

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
be3dc8ee08d451768a2c6dcc8abe4150

SHA1
2253aed4104bad7310badb96ea29432d5dcfd2d9

SHA256
3b465930ebef136e53f0141338766b5cb2b1b138db1d27037e58ac4fc291aa10

SHA512
1ebbeaf94acd5dfa2bb2d1e33c251fe7e9fce6f8456196c6e6b1be4e15ef430427a06132f58431f4bd24639a7c4b9c8a07059340ccfda6e639138e3747481b98

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
365fc3661fdacac25d7f7cdf4f8aef92

SHA1
06f789ce65e1354501c457a13aeb2612a4b1bf5d

SHA256
ac747d91650b6bb5f7ac11c756581e8359350e08ba4e289656f50884d11f9fce

SHA512
0d7de6d9efd45165e21ed85e6937feebf11054ed31140aba33a1c3d796591b365c87c26a0247a09fcdef6d3dbec80df084ff653e19c044d11dad48b3661cc478

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
8048c6dcccf5006ffbe9681fb48432b9

SHA1
56582c9d5ad67a9508b3b9cd1a6b8d02bf597313

SHA256
e66163271c201090f37112e31f0b6c571a9318fa22ee4938a0dca8297c8c9457

SHA512
5dbe59333826ede620f1055051199b1dc93df1ceac5bb7b97f9b0360fb0a2afe865931082a9f7d298d0f8c482429ab88e37adf6c528f03db9dd42c1d890a25e7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
ab5f6d5077c3fb31c3859b61de62e590

SHA1
698d8fcf3200d82050a38e5b66ba8a8d1f5d270b

SHA256
411333ff48208fbcdfa852294bdf7d4b8e6e58e5570b3b8e02df49c64ab18e4b

SHA512
4a16794f9dcaf9ffbffdfa3d1044e35400ee3ef14df89d5015b0b3e5d9703d96a1a6022d2f6f8e66380d9e0077618c6ce8214c022a30351d3b8280cd8aa09d99

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
92bdbf36be2667306b87554be02bc780

SHA1
faad251e7f1b69d713e959566d59aa288406de43

SHA256
8030d390b0d70a2e8f692a67c840d26e172c432c4521690fd4d4d28e07fa19df

SHA512
96f00dbcaeeda4a8a25749bd42e90a22587b20b4319cf91864d0adf54a4a71713eda1656049c9c94b4830c31dc0b0bd9203f7a828d4eef4617177b46a96755cd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
e80f2bd698664f508e8eb3507f971a7e

SHA1
c33dd01d10ef32a20536628e8038e1ec51521721

SHA256
21c0bec6874f6c2f6ac66e67d27f09c967ec793ec9812375516d2075b827434c

SHA512
234b881ce490274c42fa042a833db25d6ebcb538f75d515ac4e98b23593e6137efa9a55b2e75cf165013b676d1f2f16202ab58a064bdc27269810bf377d429a8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
fdf7a866def82fc4366a7ed41cfc6d50

SHA1
ead3cbc247390d83251e12a4955d4c1ff6647beb

SHA256
0ebbab0246e20463d248ad7868ef2be8cfcdf3d87a5422c2cf1f440a0606f263

SHA512
dfd5d15c527d3b411292cbe3fde777d2abdefc174135d3e29e29828226d03477daba6d345b7053cdbeb7c00f11731da5d332f3453e6e685f8e9d53eec1849b73

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
8cefc7dac7cfaa9c5c36db8dbd872af2

SHA1
e668b9d709cb9343bd671ec795a39a5d908d92f7

SHA256
b4069a72e2e0e7ff1da26a4b5f0da9a46d556880dd0e1d18f91f8bf40cc4537b

SHA512
826a4ed71e2b8075396407ec871dc52bb1a87e62b1d3410725a1f6ffbb655ccf480855455e84f2394dabcf7861040958eecb542df3f03befbe906c7479b4dd6a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
13584f879dd6670b42d8d9e67123fb39

SHA1
8e7dde131f5126711567576ff0ce53dc8fb7718c

SHA256
e7a11131d50c86c456caa2a9351027e611ed809d700cb1267d4180430a48164c

SHA512
419a7cf85810f01779e7c2a23a36f16f0de7fb6feb50bb592b485690e727c11c4981bac0529f14723bbaa3c1421d503de7f9e656769e7fa0d6f8d98597347ade

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
269ed8be407a7064a1d1f2cd23af332c

SHA1
0908d9dff424822f4e2645e3fc306b99bc571c73

SHA256
c4f514ab7c11e938ec76bad4167a082360711a2459ecbac8839be3024cb8386e

SHA512
77febb304c28d59e2e4e86eb35c9d8a92a65fc5bce4abb4103b2b65f7814e36b40c8c0f9ea6f5cb99fde6cd36a85acd46c44fc901d455383e8e2e8921593fa73

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
76ce348fcf436f1076df30d4ac896098

SHA1
bd088cb119faae920809abcbdcb0f94c53dde708

SHA256
f4fe3539d45c77fc3c1401cbd896031778a999c099baacdce75172ecd5e2fbc5

SHA512
5be6cedbd0b94d80dc2c71b1f1a6bf1393481faa39997b0aaefbe547c2d2f3f5121f5b64ab0d2997276dfc4ac61daa12c3539def49885c3fbf7c2f68022d1275

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
bf396f965951e3919c9fb6c3148f8f03

SHA1
b87e970eca1a7f4be63062e47f15baf1eeb6d8c5

SHA256
aee23e2bdf32bde0c0bda76c9775b0786dc1963722d540e0976f21cf288e6737

SHA512
cb22da2474cbfab95b5ad5d13422abe5dc508170b8625df129405c05b2c4e781c46fe02b45b354ae5f950575357884a786c63d374f7ea43bbc8eb7d6aae452fa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
62232b9c12ad49683150b283762f234d

SHA1
48539d2811708f60908cb08ff0d240265931664a

SHA256
266cdc012ba8e6e2c134623e61ad69f58b917191318190ea54b42f7ca0087334

SHA512
625981359c2b791664326722e0522e6d2e9e55dcfb9dfa3ccefba108ca71c2ccb70b6e15e9be9df84ec70831d5ed6d3ef494d4c1f975082cd36df580cfb4caab

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
b61f64920c3106b6c920495591f751e6

SHA1
b73baf77ebf5dca5baf6448b5b75b2bf464b0334

SHA256
a2b73a9dd810f8f024bf5487543479aeb312421e68786ff894432f6ebb127fea

SHA512
67baae05723d9e808e58ff89e65393300744baa2c38175632ba6ce2fb8d76546b70d69ddea7d827df89961e752d19ea5338f97c5d9f089748d31423243122209

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
cb49dd7714e5d876513f3e7d90116050

SHA1
f5a6af4ec7d415653cb48100026db43f7f7740a4

SHA256
8786ea6165cf5889b96773328f22be1f077499465844cf69753076c37b5348c4

SHA512
14d8551635846fd2313441acb0c023b558888dc87533f0ae0b80a943699ff27c4e6fa68aee064e99a531f2b6987fa146b0026e758c7c1e325054edd905995bb9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
e511210a35c6f0900f1e01dc969b2975

SHA1
bbaa52b3200639ad155d68cba06fc7b4035030bf

SHA256
d4d5f289c88b6f8a0aaac6831a251b18d6fcfe7eecccc8d58ea37db4edcabf2b

SHA512
dcf8533043c8bdc0688faeacf2026adb77b5d7fa44c3d056543904f62e0c34b85d0373b31597471d36def2b5e9c69a5b354180e8813b1eefd6aa3030e083a079

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
63edf2ac60222d0dee0e6b5549c7beab

SHA1
4f1d0550a667d8121a7b1d8735bbd2fcf3f829d0

SHA256
a304e1857dece1880d734e4fe657a3eca69079d362638e4a4f92947799b242a0

SHA512
7ad55dbcd3e9c0094fa5d4d11d099e1c5c66ac8485a5a4c14893d5556f734e81c0033783e3dc568e394dc3334095b91ab8a21a2124624ae0ebd8b43954034dcf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
bca6af2da25dd05a8d99bfe116566c1a

SHA1
918413d7313c6b29925828d16a2155ebe61ff90d

SHA256
6071bcc49a185060ad74e0a38ff5a6830e7d27b2595cf21666c824a95ad70cc3

SHA512
2eb8e10209128966b4442cab45489ec80b8463696b7d3ea53558f5164a38ce35472c1bac827aa66b6fe595c720067af5a935e3f998efbf18cdc20e93eaa078a5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
c124c1bd74eff1f9aa84ca53a03c9749

SHA1
b87339275e900f695a5aba14038f4794bb3902b3

SHA256
f5bfe2767f5f744413536ae74d1d7abd5e8c3e4d52b11aeebc060759c61ce619

SHA512
771e12cf568c8558f96b361c16584ef7cf7916760ec5ccf421540e5891349fe6f32288482e32da1388efb2da087e7d8dea00930448bf15cca7d3463889680782

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
e42155fa64569d72bdb1624d5d653c47

SHA1
64266a48545ddbffcfc1fc024dfbbed91ba64bf9

SHA256
6661ae0e47671d2cb089bf284f24cbdfbd92faac78e0457c0d3699c3466abfe5

SHA512
5505b3eb0a31734e88ad6bc103c330be5531213ead475cc1522b71bc62695cf2da4aa1cbf552e7071f813fa7ca29f2b7c21a5541e99ccf026381aea6594233d6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
2c4a3711caccc36778522643deed5bb3

SHA1
ccaa894abe4723fdb341400e05083ff75064b036

SHA256
19551593cf5d5fa976bc97585253b152d6c8f1e0cbbeda4fc1aa7e4cf5b2638c

SHA512
ec2040234b2aac2fb7fca915e54358f1ae40da41628a31c9461e7b1e5722b7125caa0c49fa7b6d59754161047a4c36c6140bc85db25982c34dee3207e2f1507b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
c22337b92cb62528da7fa802a5c051cd

SHA1
1837d223bce606066548489ee496205b779a8cd8

SHA256
4b00f10c4bf0f8a597c510f192988d2611ede5f1a784f17075cb6e2cf728e458

SHA512
01736465a154d2d481ea9beefaa7cd871cfd8b5ec230bb4bb667cb14331181fc985fedcce16c069a00d70e7d53e5094c3f32ec7cf1ec4b67ff76a14bb18cd46f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
7382e422b0bd2896a6ffd6691db9c932

SHA1
596a71cff59b15814d1dd17d567f5a03a1e032dc

SHA256
028cc9e4070ecb693dbe6d9aba12e30173ba1891494c2af29a3d0132bed855f3

SHA512
a3e7f87edd3ebc4e1283fcfe577950a3cf37ff3571f06af927f942c8b96421fac0c6963bb58c96bf7db8be9e0dc3a98c1d740e851be7501df4f7b8de3f6f7afa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
a8d2c788316aeaf45b11aa181dce8e3d

SHA1
37d399b97d195754d66de8602905fb5e3bda2829

SHA256
11f2a32e6d2cf80a03cffdfc0b49798c6057b7b558c13d0f30c469a5acd74d0a

SHA512
182038ff0ced1af10ad7fb6b4a6c81d59fc3ec5a0ef684450706517031ac4451059ce5488af33a5bb36249564393a03b1df804242ad1f9ae5d423adaaae4fad8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
92d8733703315f68cc4647a936daece8

SHA1
9bc6dc853c61a71a007c39a98a73803db8a92b51

SHA256
7aba5c8395388f288a7b9b6e5fe89a13243efae39dd0b470d7c2ecbb9aa041b8

SHA512
7dc840f5b4451e3efbc10844e436b51e6e003e038f72fa20be0d40d5ff51c4abea35a41c1ad9b566702d42601916e823fc392b69bc3d000140a3f67021071bdd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
76d6fc19671b3948d769136ea45c1662

SHA1
d62c852dea6dfea5479ed3f485cfa9c61d1b9ad6

SHA256
3f91408c9ec1fb6d96c629c031568e938fad7f4cef5d641e9b587333256985e3

SHA512
9cd6c700175fb382b4b1e598b54fa8d6c802096a81c31c01b03aa9b3b8882b4874a6ecc06047fb36dc4a9b6f50912f3db59d25152d837b42536fc3a64e53381e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
5e66ad820e7bd73a4957f92f9e822ae7

SHA1
eb5c06b12bc17c6bdfcf33633738ffa4881a61f8

SHA256
5d22e4a20be309ea9a0a76450cf625d11c9c7ddb0fa7e6170023b7da445c6633

SHA512
9f55256d6db638fd18827d7ca98e8eb89bffefbfb9786cfd65454e15b234c69896d09c416b34f95c006642a1fcd5bbfec611eacc22207e0667557f986f556f2b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
58c46b30fe9daa93cebfed8ac79c13ff

SHA1
fadda20169f4adecd2f75d8f1d70b0baa1f68bf3

SHA256
d46509a8ec16703d372f1a5eddf71cbe9a2900e95ad665f9f7ae99e250a7824e

SHA512
8a21778a3b7cbbce55f066b551e66484015e4281fdc0433b0e64e7b1d49ede4f0c48969040498c393fdb505c79fa28988d8d3a3e7034be71ec1d28eba1a6b65c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
327c767f6d89e29e72af80103e453d25

SHA1
6cd9a91e63fa6a084fd776dd87a13fb5ecd84adf

SHA256
d48a92ec8b29b953a485d2995ed7c7ed93097a9c2e6bc5817e125d979b2bd560

SHA512
2d4270eafd8ff70652a8100e8ee0d8969fdf025d5f52531b267a42cb960c370b7141d6f8c9067a668efcef58bcb2ae7116918686e01fe47cded8943395e0a8ec

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
74d7fabb4dd70aa395a0b47d033be483

SHA1
4b51b69d3aa7bc85eaa865edcc8bde686f6de9fe

SHA256
0142d5aa68c11705ec42f98d341bc58dbed25f83dd9df291d7e17119a854e7cf

SHA512
6f4fa90087d4fe175889c363ef68d851b18191b4281dbd89d88267f39d054f9060c6e6766ccc8b42e2742e2e063758fad56f71e838625e6671440f44991c9abe

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
68bd2c42df7510cf9e2dee0f52ce9575

SHA1
052f33f162629744e1bbd7f7c849dea8f816c888

SHA256
f12173d4afa75ef344445b45a6fb63d771d61e397529e753d5eb9d809f268fbe

SHA512
8c4da54b03b24a74ec86b82f416ad46340b10fffa82b7d435852210776c35ac2f5695d6b352b123b797852d3d491e931a7f15794cf7a07f303363f19703b13ac

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
a38ee2b15c9cb116627caf3f4424aa7c

SHA1
90fd07b6b58dda939e3bc58710814b6fa9660761

SHA256
d32f4a910cf36f969cb6f64c2344e60eb9c06d81e6237b08de16c85e01b06145

SHA512
cbaeba2544e5061f9ff2cd25470ab632618a99cff50a84c32458526507561ab50a0d7690d6688bbf29981c00607d951d6638cd40527a170e8962fc3b59cea3cd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
4c0858577975726367c75e6946f73068

SHA1
2da55167042622820e08bdca29341c901fb283ab

SHA256
ebf838a25bc701f23ac73f8cc1654cf5c79dd6aa1b2b7684eaba725f0fe029b2

SHA512
247a72a2d56e8a1453897852fd2bdf0e6045e8701504754bec66a9ed1be24c2429bf96f5e26da904c1d445c5483b84fb3e21cec52559837f59c0d7bedca74f07

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
935fb8e654cee264097f9721db0ac547

SHA1
ab9d7ebc591187ae68916b7a640df37eda869a7e

SHA256
eacbe261853b3603d258b7b41074644d073a210a3b8383d28e121d5309816a1f

SHA512
1a89c472f0f0e4603784cfd994cbc3322ffd0a4891e112123734e95fabb51f343f3d23a22226d6328e4f7c2fda72b94fee5a0f1e1f557e94b51b7adf5b1d9624

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
14129948fccebb4b78a6b164ba7bb716

SHA1
6084eac80bd66b2764f79a95afc22a42b4c9646d

SHA256
e58b84ed8d3f18de31b25cdb3d29d6997dee3ac4fbd16b9fc5dafd619bd8892a

SHA512
c7f78714200dd14f91143656b5d4fdb50407866caa9aaf47dad22b6ce3dcbcb58fa0b61b23acb5688b32ce98751f509fb46049cb35ce480d8402ab6b8a9f5383

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
adfba0b6be31ad1553907a0b6bdda399

SHA1
d6c06b85b92abb79ba4118eeb98ed8cea5aa64b4

SHA256
0847c76c35b5c843ea90478dcf50499338ee38f21b27d5ca4c7ccc9c68e05692

SHA512
8f1a3bbf4d8899e4fea251f96ce5ff6dc77b5c9e69265bf144edfe06e7ea714697dd0233b859d719d17fa93e7ed7dcb08a987e71c56cf101e4238fe556adf8be

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
a329e6aeca9e9d5fd78600b2910a41de

SHA1
45394db3b1faebac5d872bc198fa9d7ebd0601ee

SHA256
8e28221092334bd10a8e892d5c86d21dbc59d041cae11f9bd8a46919f2978075

SHA512
e61894cd152d9a09cbc7a7bd3a8eb2913db772631243c68d80dcd3bf577f2f0f7b1dbf3c5479a81a94cf1750eb4177de4b77b8dd65db7e1c3bc0a73e73ade450

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
79767a9dde59627840975de5422f205d

SHA1
9723f202b8739fa0b55c7ad6d4cd08c82558cdd1

SHA256
6fec4023b4ed6fa6ac961eb9be2fa7ffdd7e05676222b1fd508fc2fa5e7134d9

SHA512
2887c214d0bfc5b1e86369ab15f0a1dcea8c9c7bdd5864df2ce53235a14eb8f7eaa581778af83680f26f9f9b8e7fe0accf5841faf7f3ea5f1ef265d847477980

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
7c2f44218ec070e7173fa331ea6c180b

SHA1
cd1fa1a3f1bbc16805d2ea0c90b43d0b0795292d

SHA256
8f2556e309ff32a23d431b078d51bc04274f7b6a0df473ad4696e2339642aff9

SHA512
4cb6207bc116dc82e492495615c3ce9d3297258876f5a324100a54cfda6270f8bfccc71ebe6f9f5fb145c36fca74d22ddb1b02c75c691afe704858cd4d4fadc8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
c8c7eb806b0c1d187d790e3eeb5aa2f5

SHA1
ba7398a1131d301905e6aa7adfde2d6dc1a6bd57

SHA256
747d79e2fc3a602671dafb2307056959936819a30707e793f805700071da5cfb

SHA512
7a6b53a273fa436dae8bce1c97e8348b779c1a11b5e0d1fde1dd681d8650fb37601bbb55c6219a75755a19e5e97466cd476f9f465a9610f91cbf48a7ccff702e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
a1cc9a6c02af453b756a8e2006ca6f3b

SHA1
d01081c5beb68181a594af529fbe93de5a243afa

SHA256
bf7bf010718b5c0242cdeea77e27b6cfd920c23ad20bfdce52cb32e28f64536a

SHA512
f1d6ef197a2e6bae83c0adaa75cf11373832ad61e847450c66ac1f3c83a0b59f92ca8fa7858519a37337a5570048209b3ce1c670084abc089df78c7e052efd8c

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
6b7c80811d5f9e94554765c822625f7c

SHA1
23cac1c9d1e9260d00d86a01f15793546ab32b4b

SHA256
258e1366475a525d8c23c1db0bd40203a5a3affb4a20a0da26bbda2339528446

SHA512
72f5b4a6071a8388d8a08c7109af9d8dedd54b1f686d2f88480597179659878b44084b8e902de3fe6093089047070fd7ffb04d97c12e595720c94a8c311ec26d

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
1359d9112ad03974272c307d358dcfd2

SHA1
8a416e938d473871d8e0b5de05c6a1fea4573697

SHA256
9f45228bf0900be70587cf61e79d01352096b5ff428776ba2e3ac63f0a5df1fb

SHA512
62e79dfceb4c40f3c93e3ac3757437fd34030e6694fb824b7de160fffc541b3748b1cf4acc5236996b95df9653e6252c2dab7c7c1b854dd785eb1cad8ec2a40c

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
3487f1614d48a76d1aa5bd4aaebb82a8

SHA1
9c8240aa8cb858b3671e065555a83ddcbc3825bf

SHA256
c67eb04136c7568815edaae8bf1e0ba421f18c13da763176c75d9be440ad6d39

SHA512
1ec5676ac7e7015b653332e89d4746e7c29ad3435b411d06510f8f200ab6fae5fcb9c2ccd10c41c38ee49b8da4b70bc78f97698d03941bd689fb36989dcad101

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
a5e0cadc26a239df96ebc970f4c4c7f5

SHA1
ee3e837c838f9db0b16fea6ab2e5c70cd6aa7e9b

SHA256
7fab69e09a5593688b40eb5683ad5ef3fefa923f6cc99c9d46ff4d7bdc2de165

SHA512
141a505fc378a7f5cdf90a5f85dee050bdbe219bc03dcb49782ff48d8877f164a4a57690b0d4e353097dffaf667408a5b4a64fdcc7e8551ace19d846b08c0e7f

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
9cd523b9585b1949fb35ff5b7845fe34

SHA1
6e22dc705ca60406026dfedd26c4ff4ea450930a

SHA256
982d106ba42e16d717b39d05d72b6750e6be26d6516841391eab398639c3cc42

SHA512
ef3afa905bcc7b90c86afdaa35a6d96d0f4d8bcc2ee945d25b399cbf60188fc7399e43b03c228a9c92f0b5861098b1bd16f90772a9f94d96b2cf47f793b3eecc

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
3ae55d7f0ed79dacc8362c7a2a841bf3

SHA1
de2aa06a43f76fa15d0202c8088c9abd4c31b9d0

SHA256
18f5084e5f2df05635900d9ea190caf1d3b9f43542bef0eeb28a2de539df3de3

SHA512
4c2cc2ab2520da4ae0e5c8c18bb3ab6a3c55c22b04aead333860459ab652d1bfaf48d56556cf0fbb74655372365bfb0612087f30f618f59eca133d4490e71080

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
c1a01b78c9499f1ec3a88a99a709b283

SHA1
8088960c049c6f8c0e5bf840357be47bfca775b9

SHA256
20e3197382cb7a59c970ef49be4abb08657faaadc5386f45cfc4b819651c8147

SHA512
7d84983079544545d05b4a2afc7e4e417c6f752c998818f46bf22855dcd289e205e33dfc0ba544ee49781a1ae4b17c0e80e37c1a02422804c75606852f39a22a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif

Filesize
49B

MD5
2fb408fa4e066829075e6dfb2619464f

SHA1
70c0f86d13275c907454c37bac1299f3034d7bd0

SHA256
18d2e0ca13e6b8d7ba690d203b3cd2fce231301b59388de6da59cf697c331450

SHA512
e95a3ba73a2a432e51364dd4dbac30f568ce8b39022c120012ae7fefb94e0a922a39897c8b7861b8cd5ebcb5274ddfaeb1d18ad9c67b7eed8721b28417388a04

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
afae6dc985b81897e2d65b2a503395c1

SHA1
9e653640ccaffc94078ca66fcceecc1c2ef2d03f

SHA256
7316714f172582fbfd1a912e96b1dd3b9d0bbb569b8d3c9f4c802d747ad261be

SHA512
a2f4c2ab0a812bf97854dabab71c480a847397d2b7a9cadaca6db73d475cff07ea5508168afca0efe3538a0fbe3f0267ec117db2855ac9e10eff539c34de384e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
8171a1ba05bc068cc44e9857370b8706

SHA1
9a3949f8ef650526d60f3ac8203fe9ed2c349a2f

SHA256
ecaf3f3cc09223b79623d74e37c268f4fd430423da543169dcf707cf30bac0db

SHA512
20b56efcf4f3594dc2fbb0bca52fc783b2aae8c8086682088a16e2546799c4f70c3afea0069e0cf4b2b9707820593e52bb6583362e88b6ff12b32d30d5adc7e2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
febbb5c2c009377f1faec937e6cd8d25

SHA1
09919bffc6f904d11ed0f395dfa3708f79eac1af

SHA256
b83c7cbba964899477862fc4e22abd1429d386b7a3f0476fa6f88372bcdbc0a8

SHA512
06c21070a60d2de10376e7f7c83f8c779e9c9674c2a6a9412ed4474fc0778eaf4411a9804ee3e174d97b5ab9ee051eeb55c21c9815882885510bc3c8e3a7bd48

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
967d53ca768a8aac82b87ab7df59e8c5

SHA1
3953ed8c63e3d402f66bb9eac33967faa5ada9ac

SHA256
bb05f755355f52c74140317cfd613a3b5e1ae4b84cc3d8198a9b3be283babcf5

SHA512
6249565ce6c283120872b561812c10fd19628b69c4d42b2bf5a4dd3776fe14d4a6626efd99251796f6d0ccbec3c25f4ffaeeef612110a1a8a01e192129fbe01b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
8e26bd95a3b0434a63b79f4c35be4d31

SHA1
4ff0e89c8fd70a65701a1e4ebf933075946163dc

SHA256
e8ca358d18236dfe41e80214e317d8c7340d042a7d1853661d50240d07af0f4b

SHA512
e3527d57a59ed98004425428f3473b36d82349523aa924bd3e2827bea4959fcc435cc2996caee767cb0966682c17db6dbd94383df50cb7ba14a31f27148b32aa

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
2c26fa04b0b215c70a00106f363b603a

SHA1
40863009db6024bf54b8023a301740f8c9cb15a5

SHA256
cbc80c9f157300be36cfc072592fa0fe556373f39ae082c6dbfa3760f7c8e832

SHA512
209c57f57c58ac8a84cf7ea150bced9019499f85daf2a642b6916510df409b5255ba4d133821a15226632d459e28b7e3fb38c30f4d02b74d1a193e050596b0e6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
f430a9d8ab79da7d2cb924a7a8a61f4b

SHA1
777248464a0f08a070cb8c512d1cc4a12aa0c651

SHA256
29bcf4983e1cfb54268aadb2c8302393160f80a6c752b79eb5395c8d8cdf6a76

SHA512
2a6aa6453e1ed59ded53a5d4120555df459d7d6ba799a20db00dee45fbad0cd50d3067bc525e8e3e2518abdf3b8df8b80dc43ecfc44eaf8810d6e57ef7fa71a1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
dd916963b284650db1f4b289389da1e0

SHA1
06868e911f32c756f3df2dc47d21c5c9d98cf4c4

SHA256
60e2203edc4f69bf0bc62b23ac010def83a201c8e68746b9bc5d5fde7f1f792b

SHA512
36d6ed263c21368f27458334f5ac9567ea0241658679fad71c47e25de44871d96796fe1663746067225a3cf0dd34e6e26adb5abd8f4e915197e55ea96b038e3e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
7be0dff662d72f8fec16abd393308198

SHA1
777a4852f7e59246ed273cf5e382e2bf8464f6a0

SHA256
222d5251e99c2660a31275ce9fe153c2ceb225016596f537bdf4d1f67eaaa6e4

SHA512
e8c6494d2dc2cc93977d0e3e658d11e99b4c76d2d32bf64c85406a5f1269fda8b580b785c9aeeab08cabc1a0bf13f5b6f2e83379a35f2b37bb80672a979d77c3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
e2ec8a4496f6db836e2446ca670bb0a9

SHA1
a360ba970248520f02ef1a0de293412eea5da87f

SHA256
66b23aa4dca93702f7b00cf5c4013b81256c958253a21bc3c28ba65d4ba3f2d0

SHA512
e3fdcc35f9bcf4dbb6671efbeea47c355564aaa15e379ab2afb857f21ac450d132ee064c4d50595cd0d1de0c53a5774573368d41d34526c4e08ab6db00191939

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
273aa9ac67bdc7d76253fa5bca587de6

SHA1
b804f7860cb2a8d994bfb3ec1ccdf0a7a2b7662b

SHA256
84caf0349836b9d0a6eff7f2fdc608771850b69bfc6bbc6421940d638e22c58b

SHA512
925a8de2fb62d0f2528cc8eba68bb1fd64045e70340b34d10f4dc6e728d3a57c9b501f8c4683035f839f1d528e58177f83980c17b18241300060ca88a558df18

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
5e7600715eb433dc9c286b7b4474c701

SHA1
88b76c1f14a92b5a1068fa94a78f1be82f46839a

SHA256
427cc4b2169870d01ead4bc3cf6ed4477576ef2991be453ceed3aae325d38b85

SHA512
2d43dda45765726db9bc09930901eb181e12d09ab78f4fca953d1b690a348c51ff3b9691fc1513fd48c053cd758f7d24c55c635e462a504cf64d36a625e537b5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
09e10fd026ce4d79b29e16d189430be1

SHA1
b69e6421be87d7e03c5c19fce5b4bd6c10c1a0d5

SHA256
1e0d03f5126a1bc680110c79a4bf21ed98bc153def8c5a410507cb3f0aa9a166

SHA512
bf1ec7914ce37e72f0f868b858e513b747589c7fc8063afe598fdd64a1996584d01fd937de6e73d2ccbab1666921c5cd32fec5d6e57dd506fd41309402725f25

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
ae3f6a18eda14e291261e533afe24825

SHA1
8750fdf2eb2bc3aef6522ceacbdfd5f5c59978fe

SHA256
0304c8f2cf8e9b736e03fe67c46af9d3b96d234b7fcfd4da128986a84ce409db

SHA512
e43e3e1e1af492f27e03e6322273261a54813900460212a62e7f03bcf815f5fd66bf6271d1f50094a17e82d0e88577b498b46ca1acf7e89f0d6b205ab4e1e6e4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
ea8036850a1599907dbb0ea8ff41a96d

SHA1
696d47b0edfe76da29b5c8fc3f71f50ca00f9e59

SHA256
b3098efa8b167770d49a2b534c3514719e8e037834192757ae6b1b9e4f166297

SHA512
b0c3733fcaf97e5d29e76e162fff2306d298715baf095aa0c72e1d99b2c5322e2d866b48c400f156aa0576fd7e08391e51fec90dd50e9e7dbf12520baf582244

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
389eab711bd4755758fd4fbb1f9a635e

SHA1
393abc0cb3c5e47ac9319b71293664eeed6cc408

SHA256
c5508320f07d5cfd4c453cb92a21b79bb86cd8d00ff80c2e69335ce96aafcb55

SHA512
e82bd0d082a01a886d78cdcc41a0c04281bc85382b2970dfe855e8cb8c9b1d268c8b50ba9a11d8889984d8388f76dce955869c29f0b57c25d46b5b333e9df56a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
d526b96f361218b1b9da738e0a5bcf3b

SHA1
c6a110fe864c8b78163d9fc190fa92956d9c08a5

SHA256
935f4fc13f30e004ec84c9dd30b82028bc27bc1266e76d53b2f111dc32496fad

SHA512
8695fff46dc02149d4f2bde221bcb707b632f0165fcc7fb202feb49cc051c3f7cc729ae3f33e4d218cf2a9e5a608069aafff27ec06e04796398fc3700c0303c9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
4cd90b74138bb4ba2ca3a2e9cdb5c8e2

SHA1
fc4f9ccd15bbe592adde0671c5c072b8bcb18275

SHA256
095ad1a279f24182ee9421e36e0db7bf9cf46a76ed7502250784b047a3e05f58

SHA512
97d987cb8c1ac74c14dc3c1dcdeef01ac07189d300182b3dc5d33664cecd61d52b45052b7410e99c5f659ee0b302f0afa189d6a17d20a15d4bf67fbddc7ae3c6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
620e5014e6a039b240899d536c7601fd

SHA1
6d023a7123b57f07d4d430b4462340b6b3d51e1c

SHA256
545c0f7a6130988e867a0439a11d0331f0e663c58b0a5059af0d3b540d4b7c38

SHA512
1fc132efee95cb95afe5b2ea4c4c412d7152f41dd703a88f52a8424e67a8012d9248dd59ce61176daeb9aaf0eb8b7382c7a153839540113d448417e05ea45848

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
ff531ba553155223b1e943850fbd8237

SHA1
3f9e2c5571749de4d2c9692823970b35cb5f9cb5

SHA256
03788d6ba7adc0bfbab8a35057bc4b52d0888f1c0c93f02347c4faf3177cba0b

SHA512
91da2a4dc15c494000754b5203b273bf4ad944b21ed92378feca51173dc9706527d0fdfc46d59ab8d90de127a4de62fe83a0790cd3083e35e311c23d28f7cb47

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
282f280fdd3d369c34ff81fac32104c3

SHA1
1f15834ff80884ab9f71eac00141c389fb8e2364

SHA256
870bd9f9b5b869079961a21f3b62cfca24dc8122f00bf8e1a3e9541092273f45

SHA512
0856a005a86f0b9165b4754691487cae062674feefff005b35e6582e989709d510798b430d49bd2f8d664ea5f9f6261e741ace50e81767a7aebd32686c93f2da

Download Submit
memory/2644-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2644-8932-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2644-8933-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2644-9179-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2644-9181-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download