xorist | f3299275739be51696747d6dc00495487d5ec6ae3715403d94c0f6d01d200d8f

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-10-2024 09:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
Size

318KB
MD5

2ee7e57e5a8a6d1924af950af8eb6cd0
SHA1

05d777a1148bc27794aa8380200be257f7f30c12
SHA256

f3299275739be51696747d6dc00495487d5ec6ae3715403d94c0f6d01d200d8f
SHA512

0dec4b6b4b1f98616d2561f39332977e512e3081044007208219d31cdd94259efd7c29be0b63c243dde62be63fc93018ea5785998c9e859a5ea9d4e64aa3884d
SSDEEP

6144:NOJGPwedDE+EcIIUZYBwE57MynHkrAlHKNIBQrtf/EuZtS2Ejga2SWH:NOJaNdDEvIVwEpRHkr8soef/EuZtS2EO

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 5 IoCs

Processes:

resource	yara_rule
behavioral1/memory/812-8525-0x0000000000400000-0x000000000098B000-memory.dmp	family_xorist
behavioral1/memory/812-8526-0x0000000000400000-0x000000000098B000-memory.dmp	family_xorist
behavioral1/memory/812-9157-0x0000000000400000-0x000000000098B000-memory.dmp	family_xorist
behavioral1/memory/812-9158-0x0000000000400000-0x000000000098B000-memory.dmp	family_xorist
behavioral1/memory/812-9161-0x0000000000400000-0x000000000098B000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2195) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\CrhS61Hgr4mVybv.exe"	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc007.inf_amd64_neutral_2df575afa0f7d35f\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Reserved_Words.help.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ClickDownExpanded.gif	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sk-SK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Foreach.help.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_For.help.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_script_blocks.help.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiabr004.inf_amd64_neutral_b1d90b3749c5e6a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_CommonParameters.help.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnis3t.inf_amd64_neutral_857ff0fa9c73850a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmboca.inf_amd64_neutral_cc532ed7b3b5b5a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr007.inf_amd64_neutral_add2acf1d573aef0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMETC10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttp.inf_amd64_neutral_18b899bdc8a755fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_neutral_0383c5de75359695\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc00b.inf_amd64_neutral_3338d41663aad5fa\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_neutral_c81780c5dcabd0a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_modules.help.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_join.help.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr005.inf_amd64_neutral_9e4cc05e0d4bcb33\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmagm64.inf_amd64_neutral_ef322a8cc2738a9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_neutral_9d0740f32ce81d24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Command_Syntax.help.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_neutral_86bb50f34c49ae71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_output.help.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ehstorcertdrv.inf_amd64_neutral_2e1cecffae9c899a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsupra.inf_amd64_neutral_c4fe81ea47c6df87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mpio.inf_amd64_neutral_0c74c0f95001b61c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Comparison_Operators.help.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sisraid2.inf_amd64_neutral_845e008c32615283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_advanced_parameters.help.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_type_operators.help.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_blocks.help.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_prompts.help.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\avc.inf_amd64_neutral_3ef33c750e6308ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_neutral_4ab014d645098f5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnkm004.inf_amd64_neutral_d2aee42dc9c393ea\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Language_Keywords.help.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scripts.help.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00b.inf_amd64_neutral_4412894f52d39895\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnod002.inf_amd64_neutral_a10c656b6c7c053c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\000a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky002.inf_amd64_neutral_525d9740c77e325f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\000b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net1kx64.inf_amd64_neutral_1f62482fbb9e52a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_neutral_99bb33c9a5bedaea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kpcehjmmpbeehjjm.bmp"	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/812-59-0x0000000000400000-0x000000000098B000-memory.dmp	upx
behavioral1/memory/812-8525-0x0000000000400000-0x000000000098B000-memory.dmp	upx
behavioral1/memory/812-8526-0x0000000000400000-0x000000000098B000-memory.dmp	upx
behavioral1/memory/812-9157-0x0000000000400000-0x000000000098B000-memory.dmp	upx
behavioral1/memory/812-9158-0x0000000000400000-0x000000000098B000-memory.dmp	upx
behavioral1/memory/812-9161-0x0000000000400000-0x000000000098B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

description	ioc	process
File created	C:\Program Files\VideoLAN\VLC\plugins\gui\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10264_.GIF	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_SlateBlue.gif	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Stationery\1033\PAWPRINT.GIF	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\16-on-black.gif	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15060_.GIF	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\icon.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ICELAND.TXT	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\34.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_issue.gif	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPreviewTemplateRTL.html	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\hrtfs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\LAUNCH.GIF	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_left.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\PREVIEW.GIF	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382938.JPG	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\picturePuzzle.html	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Stationery\1033\CURRENCY.HTM	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_over.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\System\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\bin\server\Xusage.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0321179.JPG	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_left.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_foggy.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02201_.GIF	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\1.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\settings.html	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\weather.html	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\MeetingIconMask.bmp	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\logo.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15272_.GIF	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR1B.GIF	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABON.JPG	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ec3f1f5c9198800e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\16to9Squareframe_SelectionSubpicture.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\a94b0e3f1bf00abf7e3630e666aaf10a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dataclen.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_bdf0967626a1ad3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_regular_expressions.help.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-system.messaging_b03f5f7f11d50a3a_6.1.7601.17514_none_b72e2693e84b039a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Characters\Windows Battery Low.wav	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-w3svc_31bf3856ad364e35_6.1.7600.16385_none_1a0b3f4b23047c9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_job_details.help.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..atibility.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9c6283a2a059680e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\69e6acc80dfb71c3ebeac12584ea008c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehres.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1e9779aa27da5472\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-v..r-windows.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cc640b4c1f94494e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..revention.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6becd7c8227ef44b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..e-apphelp.resources_31bf3856ad364e35_6.1.7600.16385_de-de_39224f16bcadf7c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..-autoplay.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_71a556abb87acb26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..on0viewer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5633a8dd8910dedf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-eventlog-api.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ae9bda912e7a71a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\corner.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..indetails.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_fd1ece67619f6bb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-wnewue.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3fbd9160844b7e42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..y-secedit.resources_31bf3856ad364e35_6.1.7600.16385_es-es_289d421b17a6a929\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..ation-api.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bd04fe8efe827cec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.backgroun..anagement.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b3bddeef3d584785\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\dfsvc\9bc0d921859b039d6e9f642148333949\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-fsutil_31bf3856ad364e35_6.1.7600.16385_none_cc3a6a9c514031a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..er-engine.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b6ddfa3bc2153c94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..ls-ksetup.resources_31bf3856ad364e35_6.1.7600.16385_en-us_14b2995e1db921c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220\Windows Hardware Fail.wav	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_ff0e900816896618\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-keymgr.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4540d35fb28dafe8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mail-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_868e12e5e3585129\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-r..nt-v1-api.resources_31bf3856ad364e35_6.1.7600.16385_de-de_85149eef14919edf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..r-library.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a99b2e7da01e4f70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..nsors-cpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8a9ea056151980da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mdmelsa.inf_31bf3856ad364e35_6.1.7600.16385_none_59fc54741904bc43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..bilitycpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f4919a91b56dc419\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..zards-mui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0ab225f359f5f4de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\403-14.htm	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.security...icyengine.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a69eeaf796a1eec6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-a..core-base.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c110f4bd66485354\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..mecontrol.resources_31bf3856ad364e35_6.1.7600.16385_en-us_392ce9a7ba4fe7e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..ce-server.resources_31bf3856ad364e35_6.1.7600.16385_es-es_84763198452af611\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..riptcollectionagent_31bf3856ad364e35_11.2.9600.16428_none_981e5b1badd89cc7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..ylistener.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f306baddbc30d70b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..statement.resources_31bf3856ad364e35_6.1.7601.17514_en-us_8e57778214225c92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-vignette_31bf3856ad364e35_6.1.7600.16385_none_cc1304de922cc585\softedges.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..isc-style-videowall_31bf3856ad364e35_6.1.7600.16385_none_f0f97c9a09073b00\203x8subpicture.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-c..ermodepnp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_eb2a201373875c74\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..terdriver.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c8badd97538530c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-controls.resources_31bf3856ad364e35_8.0.7600.16385_en-us_c879b5409038c19a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_0ce95442f3736a4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-rpc-ping.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4fa67a8a637f9e11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..lpaper-architecture_31bf3856ad364e35_6.1.7600.16385_none_d99106b927aa7782\img14.jpg	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sctasks.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_218feb5e558d4d45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-s..ty-cng-keyisolation_31bf3856ad364e35_6.1.7600.16385_none_2a863865442ba065\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-dpapi-keys_31bf3856ad364e35_6.1.7600.16385_none_7da9291f2ec46948\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-rasserver.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7ae2c74d1db5e2e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.1.7601.17514_en-us_f6719a27fd39b2db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-autochk.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fc92234d1c61b08a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..demanager.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_37fecb9490b2bc32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "DERGDLPLCMSTZSI"	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\shell\open\command	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\shell	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\shell\open	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\CrhS61Hgr4mVybv.exe"	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\ = "CRYPTED!"	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\DefaultIcon	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\CrhS61Hgr4mVybv.exe,0"	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
290B

MD5
bb4e8e17325a1c0f310ef380ac2b89d0

SHA1
7337c25f0e89c3c5e55ea233956cb4f81acfa7d3

SHA256
4185f4949bed6a2b059a1d64aec2ca9d87f0ed1bc5c27f94596e3fa449134ffb

SHA512
87fc497a83f42c54236acecd77cbb561bd8cdfbc1beec5e06b6a196519ddec11691af481fd55861499a47e42398775d2a3b04face0333baceb538b11cdabbb06

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
567e4365bff37497b83b53515c59ce23

SHA1
98b4afefaae8a2aa9207143503d1d010592235c7

SHA256
01818ebf36b2e41286835b528026fa9d4f047739686ef5c8c6c53d1df8a95d0f

SHA512
f99cde832e456144fabda18fac1e7c115abfec5cee43a5d0599e791ec944ccb35ba1796d47586466af56bd586272e61a7e1b9c510361add7830cf6fc0acf78fd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
f8030907de90062ebc6c821a1cf27ccb

SHA1
9f559f0c7929b1d83b4ff3529b00416722d7e309

SHA256
8405b4bad0367d2df128da9a6b9b8b040c9bf30ed3d7b9c3e1db56663478ed64

SHA512
6bfac99131cf3e1e3e0c0e1d5e7e1e0eb73ea3009c67d7dc14ac8ba17ac47d4f20eea3ebbcb5d2ef4a33fed34f531a1f2470c23ad13dae372ee0bd30e5ebe392

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
929dc906cbc13f6074751f84f81178b7

SHA1
1f0bd52dc86b07f7abd39e152d98b149186cd54b

SHA256
28eb7a46d4594156e5c36b534246567ebab71c0643f1e9e82566ade87bf75478

SHA512
fd86ed0d2bd5940a38bf9308e565aa7d5ad97148a509e957b2c1fb0cd965ac868f2f29508c608010142e279f5d1eff6ffd620fd8423054f02670238f4d592d4f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
7060b4b43a6947b1404a34110b9855ea

SHA1
6015391747b3407a3aa745fdc867b04304da6614

SHA256
0091ced49d857d6f19f73c588a539c9557366f2cf306e66eb31b84ea94365c8a

SHA512
59e59bb12fcee5f8b062a92f8e531e2545b086a361c6efb8a41eeb1ba1d5e2fdc23a0dee3682a8e3705b161460ab676af8e198fc10f537b9a0887f93dddce7dc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
dd1977dd78b5e2e656a4941f393e0940

SHA1
4982462ab0f7719be21470ecd1ea65ad8a524634

SHA256
d3de243abbf34bf1a1807429ce50f4ed728e4a69e18cd76359cc0b3ddcdb987b

SHA512
3b4c7f97c212257fc6bc93e524474e203d9a328aaf76e5f18a49f66903815a1886e918997b65ed0b72cf483bbbe797563c5ad2ec36a7d5cba2cd08e7fed36986

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
7c173d367a8c5f929021ee1fc57defa4

SHA1
b1b70faa0c279baa54e3393d7bee71195164046a

SHA256
d2a120ee319a1061c396fec1fd9ebbd7422e5eaa6536e1bb5a64c17724c26ce5

SHA512
f4f87bda3c6136a7eb845a0acab8055bab9b5a6a5542a679f19a7fe42c7da4dac874b5304e346af68b0690e0734b893dabd0e32a8ba82c7e96b9dc0201fcf2db

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
3aa513d79d1ce70f155ba3f116667b5a

SHA1
d7ab5c551566544c413f026b8c7be919b6ea30a2

SHA256
9e46a4f7e35d3f6e721ab15407daa62141292bbe86116e787f11b606fc03ccad

SHA512
bd7645235b9c4aae2bac52f72759e5f7f16b2fd5fd4856093c9927c1089253efed8b8358d449a733d82e8565e332c55bc1d03cf014e05a779ecf4c2d9b45f3f1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
17aecc16d6d7ffd5afaed0ba0ab06fc0

SHA1
8e68e3b07d9bf298b0eb65c1a31a0f9a0c8c1bc6

SHA256
4c6fd85dd02298dc60e1da79380ee7be8cad987eed2d34dd8e130525d1cc2ab4

SHA512
e04a9159183d6360f0a0bbb96c8e014dfeca301351f88c26e5c2484acdc3e833d224f70eb7078097c1c50630d1073c9ee9d41f590eb7373a0cfa5794e18c1766

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
564067eba048889fd63dad9864f83b12

SHA1
123f21231046cc875b4f78ba3c54d602f95f940c

SHA256
554aeb1ff2f97e8e7981419cafbfee355be12be23f1a0f5b2ba0d1fcbf201d6c

SHA512
0108737ac98463c931507fdcb1d984cb08e61d529ee365fd2fce07ceea5dc4078e8e967f748e13685dc68a816fa75bf5ea2cdfc18bd55f61f1b1ba46c6693775

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
ce85a1b39754e87e43f4d712e9c9cbdb

SHA1
e0430423f1626039365c2fc370cd027978988dd9

SHA256
49386431619711e31396e3d2481b10a4100e07dd79a3c7b5dfa6263cdfa37406

SHA512
621287e2e7cd1559567d2933d284dad0bddc6638158776ca335eb760cef1df238889e90cdfc8f473f41002719da5d3ebc0020e22598b1e18ff57c030ef861768

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
2932738f904e4767538c7fdafa6950a2

SHA1
efebe5cacfcf0407941fccf1f3f5d59bd6fab831

SHA256
f13a1b23f8c00945f4d10834accf1f9ee6e835c65a6d960d474fde8c541d9d15

SHA512
852c69aa961af841495dce4376ff5433303c20d7d23d20a86653957604359998b74c837ff2789f2a5e2972a44f0ab27c3d9367a861eb1739fe317224b349c24c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
fb33f673847ca40a53d64cd5d0f99a53

SHA1
522bfd85bb757a85d3cf0dd78df8ff484e55de2d

SHA256
9790f8db0e20b6354d036f8a86adaa3a11cd91e3061a15561d7e932da0ca4866

SHA512
6c2d205c415dee4d4d9f7f0a98d41e685181ded6232b73c1b3367e0c54f3634563b1d694ffa779ba89b87221e731d41ac279d12445f4017fb540fcbbfa9c29a0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
a4033aad94f0cce2125c49204926dc8d

SHA1
fc0901a06e6be0863383ed61f8063979f51d4ff6

SHA256
3c7a65eff935b1d5e33b341bdc8fec6fdf8fd350f5c2eefba8646b0ff21b8062

SHA512
c85fb8d09af73560cb2df8b5023078b0a98b06fd7ca8c607210fd3f33f5398709a5fb36a02f1732e5ee31a14b61b665ff9ff1b41849b656b9079ed7117fa9496

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
e2fdafff6c73784464b279dc8b5d1d0b

SHA1
28494f9bf972285abe00ab4edbcb02495d9a4a04

SHA256
42493ccfd0412a6efe442a5f36318272214f6ea90e4004225e284f3e6da437d5

SHA512
93bb136ee28c8051fa011db622b9389a90cf8ad7d25350bafcd6efa027e1064b6a37da03571cabfad20cf2b15789b75f40a33b6aa5667880636520cd50c66a5a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
007c838b12e3edb701965e6177cc59b5

SHA1
dfc975503a642fa69e62558ce01d4fce02a8d4c7

SHA256
6f94cff4bc2b4cc218fed17171364b2e8e59b72af7ff18920aad5c95d9c28189

SHA512
318e79a4fe16926679ae7677f60f368dd51ed4c551bce71aa257a819b4dee0b04004f3f1706c9b2e8b6b41d25af8b2380f0c36a2f950ada0af72154218987543

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
92cafc0f5263a84ce41e69c6de40081e

SHA1
4a2693154645f7139fa977158a1e1ba87e28db4e

SHA256
3296c793e4ad18299e7f3f6e5e43f35aca09dbaf86e19585d12f6bb63fb53458

SHA512
b76a5c2321bccd23aab0dda05009c39eb57a60a9b5bdb01158d4f3d5189d6a272378f53c9e4f581c384bf740f46907ac18a858522945870ffc6674f8c570f55f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
b0800c6425221b4967dbcf2ff4869f4a

SHA1
e484ed751ba2cd289852550aaed03671b0ca939f

SHA256
a52655deb06964bc27183ed6af9d020f132a1ee75193907af600d499cd5a15a8

SHA512
94ff177c50cb52636514b1794344a693826c8304b4aee1cfa6a297ef06d973903d6443bc1b4e317e14fa74646793857fba9fb8ad7fcc48926c3a5c0440318435

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
fa21f9b7dba3e74dd6fdc8a72d8c2e20

SHA1
5fe5ba60ea74011d7a2abf0c84aa7d319eb5d394

SHA256
00d48b90640523a193dbfd75a954756a53378945fa7df142732fdeeb4a5f2b12

SHA512
331ecf03bbcbef6526eb72e9ee5d4dbcf8068f9032092820f09d0c283dc655b154fa268bafd15cc57523d1913604fd5877daef7ac8e1d98f7fcaa84a4a4a5a0c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
1e71437118890b4d1979444b209250ff

SHA1
1ac52572061b009305623966202e4ff7763d1c88

SHA256
dd92c1ed6458cefb50c649a8572470b098d0ea7d2406a68c090596554b08841c

SHA512
11e799862706a0b12b9563e7c5ba57382e76fef540d7a3965634b2c014694a405ae40faa7ec0d703f1f9ad78560d05486522d81c8dfd57a8b08400ff223ce7f1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
ed0d8a8974d0b7c6f041634caf18ac15

SHA1
2b2b7a255faf61d6d4fd960a8a5468b7f56e5eb1

SHA256
5b6b034cf21fdb9869a2633232326ba07773f278ae6bd073cba9c136bb2279f3

SHA512
d9f13319b442fe838a16b5acd513bc9a4b30dace35b6caae6c900aa6f436890ee504f5e5f8ce00ffad0383e889474df845ba29ca4655a082983cdf3253ed6b44

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
e05b57c9230e0585c3dff84e345a9057

SHA1
041ee45414c86f282d4c601a4c25c8d06e86194c

SHA256
eed14ac474afc3293e9d5e6c35e0cf3835e6ac0307622a141184461644aa92b2

SHA512
9e477f852f1ac0736fa26d5a5516cf4a85001c34b9fe04c010820f5c115a319963a7ec354d7b309975ec655f40fe3edad0703804e3d29c0445c5cf1c0e891bec

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
fd37ece9cdb03c97dccfa087edc7471c

SHA1
4bc1ebcc8f106411c6fef35126b09a856c8beae9

SHA256
b6cc992f33b5e3a33a8d2ea38ce29de200567f3afb2794d1438edc911ba0d782

SHA512
6c8124693774704f3cc08243038d06b57b5ce84fbe21e31e18b7db8df8ef662560be6ad86bce591aa54370498df5e93ba0fa7fea36ea123b22bf29749520a020

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
65b71ee5fe6b7cdd13b2ea5d16752ae9

SHA1
b7a48c746e3bcfcb8d33a6deee9a499172dbcf7c

SHA256
9e9a8a09439440cfe6bc5e2aadeb2150ff18f12f278acc94fd8a18b16de729e0

SHA512
ef4af162300544cce528485010824f80843c616981dac310a9a14f8609413d03dfdfdb84067da9ac897714c8c1cf6ad1a07a3fbed46e0ce681559d052b8c2841

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
d2345859d863a218d32f742f9b1afc7e

SHA1
981f8bb059f61f1d3ff6bd2c1d387e58f2817449

SHA256
4f43fcd5d1884d49252c28f3647cd3f346e64ea3c82c5fa3b06852b84a951119

SHA512
d1b38b8825583e2fd47194557babe962afe5a4739d566c7abeb693539ae9b1277f73089bc35d063a28aaa1112412fa60289f8dccec0740ffd881f5ff48308f32

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
f9b8c6b9fdb59bc169593dea23a38e9d

SHA1
d05c5c5fe2a2aed09b555a4c3da4539f8231f2bf

SHA256
f11038342a55215951f85653b7e851e892645b05e52186e0ee7987fded8509a1

SHA512
43fae3682110880b1246e9f3d181a0cb2e9fd8fa05a6c0b74551ee34185eb610ec4651f295d8782b3dd837955a8e2b3e1446c08c722de1f77a64c8fb29e4fe50

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
894a1b79113be13ea54b9bf1a59d90e1

SHA1
db4662ccac22d83a795dcfe80885aca4d2daf39e

SHA256
8ccb5bff07dd9d38cda5554335feb59d870a66dfc99a6a7f1294986edef7b7d4

SHA512
9d9a53af0fe2d72f7779c96de722889845cea452a98c74a8037b32bf7f5799e185e651161e077c0f30f83c8152c0af1d70d8ff6393789fd03536db0f9ee12760

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
33840f141b8d7e96b414ab2eef7f6b57

SHA1
9ea9ed15e3d4a734d02ea712d4aab4efa2a67c78

SHA256
f77d2b97b3f1546272040973c350f18adcc03a868d385c91d25f014f137dd52b

SHA512
aa0a8cfdd5b70c6c797b8867dd1d7af24d79e69c4550292d1e33d5dd33b466897a683d2d53c1948ed9dced5e4e2d865a21793902f5f3a17b48d1da4adaeb0dd4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
bc4af73f08f814e5d75aed7436d2b244

SHA1
0f6effde7dcdd19b6766dc04ee441e87f18f42b2

SHA256
a4fe37b535cae9fb3312b5beae2cdeac8b4320c433c9898c7a9ced2f29fca280

SHA512
9a02d77defa745f7027902fdbe97f24929b7d967b02eca613dfc2ab82987c92a704c03fe1ee48fcc6785355a0652827868f10da2e05502ef9319b9326691b58d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
40843f96a862fb0fb308fc7629791a4c

SHA1
c9847b255af1c6dce1a8dee9128122547c9b6757

SHA256
b573cabb0670d9eb33bde727819ba7cf441970dd34b9ae5795bd521782f9b421

SHA512
355eed7d12cd270aec8e996b221cb2a52ee756d504c1648669b1f545cbed38ec36272f5b4ce11938a591665204177ee10aa695aa5844ec566b200895393a1fe8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
8dc3149e9e945687901fc27f2d9dca3e

SHA1
4602235b407a1c5a90ef584887af92879b85dd1c

SHA256
217aedf017604d5fd3ad91b65d734862f51777c531bc1c1b5a290de7322e25ae

SHA512
859d4d5eb868589095205adaeac2149a2918a63f2424f4c9028177e4597eb430a3df79938cf78b35b42a3997e4c087018cd1d0becef14b2dadb3b999152c7ff5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
2222f6cf083bb4ad0302034f9651172f

SHA1
8f812ee8382e0858037184b69c5240e7d2fc376d

SHA256
09c3f224e1e517648f9bc9b6798f2ab8094b1722ce21ddbcef88e03379afa754

SHA512
bb5736a1a1c00fe1c16901ba7ec5d9e40641c0e1238b6e153f67bdf3c33326a818421d256502a85bcf19479ee5291309cd0463ffd447826d545c2738fcf6cd44

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
f3d7e3df6576306ca062cca2b05d1891

SHA1
8bb8916b5c8968622227e1025f2d266ea0568149

SHA256
cd2f3cc046d1b9289e499b3eebd28e5259bec1cbc8377d9b167bfd6774b25d44

SHA512
f48e0c6fe0d03c20a9604e10987fa48d502e502e005c0c013cbcfc3175a9207a095f1d3f7d68ffd673ed88bcb28ffb07d8056fd22aa0b7ca9c17f98cd681e272

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
32b6bf3d6e06e7817ef6a526e6a71f9e

SHA1
99b3f96185f2b7ea78c12e2407026745ebf27f1c

SHA256
a57b6581bd78562d9448601abeae09cd244a99b89a1a52f3ddfc7871bb0fe532

SHA512
ea9d360762fea8b14917a479becc15ef22120e63bec141d4cb1a7fd96336c698146f42f5b60d9ebf2aa60322d08def3f37a22a4dd8f83b1088729d9c1660c218

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
fa84c19b6ebf5789394bff1614e3b863

SHA1
01e3f0fbca9605506c93407770bda2869ae0df3a

SHA256
42edef3fc5df815f5dac1884d6f6c6b0da93c4077748d576987133347049e6f5

SHA512
8db73c029a3634242aaee648d1c6bb606863697c9529b88abcefcbe62f8380d7bb86d1a6bf5d1a29b3638c2e183f3a7f5438e14d576d3d6d6472a632198311e8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
ecf1a19bdbc945fcae4e035292b15ec3

SHA1
c452d90143ff8f5e37bc78ba9588522bcf45925d

SHA256
b19caed0afe0328ff82ded67ed0fcbb96442ef05ac12705d73f35a8a7bdee08d

SHA512
a074b557ac0347f4636182deb8749694b688a2026efd01b5202a8b2f13ed6b506ac1d40dcf5e276523d3c00f3e08758dca81b7cb4c607e62b8f82953694afb35

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
f17c1e712ffacace84f82931f99d7e19

SHA1
110ad93a77c9ce7e27a4b8ece5a4a6c81d0905ae

SHA256
7a9df28e8b3fb73163c8f5b41b837da9f4eddae1fb7d2a1d2820d246ba6e0a10

SHA512
d0eb812625a5a622c650045225c265892a809b05471df6f8e38a1ae83c183f767ef261a7d66a7c76df04176cf7fa3a1e1c4fa26aba5a41bac3da8fdf64b0d06a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF.EnCiPhErEd

Filesize
870B

MD5
8e8d88d63e95963897f7eef1ce57f825

SHA1
9ab8486ba0a7085400ee3068951ddd85ffbec7ad

SHA256
5ed151dddf0f4897fb61cb43491d1e70b4a724784b0cfe2d0ca42336af5ade1e

SHA512
2cca8540b213750ac01d130eda8afd1fbfdd9acf48fe338896c8486d1255e631c82a1be2c7052de56b8dbd74cdd73d97c45aaf403a80544edb88c9d08e75420d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
668f38a3afb4800b0e371341b9c3f711

SHA1
58a789073eb0a2ab3f2e80ba71f0daa292621d2d

SHA256
2d63604d71340a7ce6a9570d739a6e7117ea720f17f240eb1b77c6ea5b199d77

SHA512
4f15c8e047db8dcb5044563f26be7deeb760fd942a7a6f397f708b7a598c28f14e5fd11d0696a46ac96d04fda4430efb7337ea3e3f2115007fa3c7d30fb72dc3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
36374ee729cd36644430fb3d665d2be0

SHA1
f035e34339772ba323461874780cd7bce89e5b06

SHA256
6a54f62b8f08d4da6ac633f146b22b0260190321e8d089b0c902c957b343cf0e

SHA512
24bd8f41b9ca7fc2225ad607cf5791cf0a030cdf429b56709d1578d20dbf50af75fa9ce8f1d9a1711c9a95d1274ffa0ea682ae11139e4cf7f33e2fa4c60621cc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
455c4a0d23abec3dfd66ec3d2649855d

SHA1
966edc95e780033f4f79ee369fa10b8b979c8c78

SHA256
2d61b7ac78f79e1769bdd943ece3aa14f2f4bb33043a32154702ad7206698103

SHA512
476c7b5e527935f0ab92ca98c3cd89134d956d3c6f07b0ef2d2e08759f1b19a8b7166b5bf6be3f533af21101a672c348aaa725dbcaaddc7929b85ee734deabef

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
e4ffbe1ca8b3e73fb3b5d4f587679c2d

SHA1
a070f31e889d90c5d2e23a6262e6d077c3c1365b

SHA256
700be538b374f160ec004405a2ddbf97a874154c4acca2ea9e85c82436ac03d7

SHA512
275dd115dedae2e72f853fb5082094f9ba4e7439ce3a72c29ce13dd7dde141fe726223628f69ab40128105667f43fd7650b4251cbdcc2344df4954558d1f9dd2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
986325e60c0a005fbbfd1de88246567e

SHA1
004639fe4d167ea19005b79d6f1a7ae8acb4d2dd

SHA256
928a193808cabf0ce346b5a8b78946d6f61f05b8473b9608b8ae35fecca6361c

SHA512
a7a3eb80d95e90cdcf8cefd2918eb0d84868a86a45ec18d8326e0edd86c4ea22a9e803379d824d282671dc63b75d24de9acc207ec655c75200443db2099abfeb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
52092feddb1d003f7bbce40aa344ac21

SHA1
3b8d1e6ec4dc0123a17f6c0833e8cf7f9605d534

SHA256
47457f30eae6b17a9ec4483cc9141f0300d14c38a3f9a665c87035d9761d01ef

SHA512
f626206d1b610c404dcfe3b32a6505c88436975f68779f9c04da938de118284748a7f07dfd411ca10058267b7cbb0dbb8f97b66a5371f55c5a9c2bb79681636a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
b01f75242fee7574ba5c718e3a19cf79

SHA1
3115d1a34df55709a2e7bcb439a896e3d3730162

SHA256
fa6ca094f14b5863e3322170d2d5ce93724d0e382c46e535cae2595268ff986f

SHA512
86779b1b0cbae1bc8b123e983f17b49643cdde4c15eb00f32df06c8ec96a68bc3134c6bd025219698f765f0de28832f78ff7928b6427a63266080aa5ed5f807d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
5fd78a319fc5a80a17b98161f613a4a8

SHA1
07cd05f2d9b63e509607fef732424baebce19b73

SHA256
bc78d09e9fc338507d1ba0dcc0f173293fc35e00d2376862967809b3ccdbd857

SHA512
bd46f30aaae46517c12c94a5387ab9db0433607bdd24fd690cd3b3f947c6853ee5d6be07d5624b2ff15be3faaef4072a527d1090fdf27e02e53377310bbae1a5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
e52718ea9ef0d8b6137b275f1152f6a6

SHA1
0d7af05359c7566549613a9bb2c8bd98270e57a7

SHA256
e7adf3acefa3fc8c51317e3ea31106bc60b80536ccd4d6aac4f20e25749423c2

SHA512
3c2697fd7966a4329613dcfbabc30b04c4fed1d3560e10a78ede5cca1ff3d82bab0c81171435c2a8a41de4487d2a2cf2559f2123b01c750dbd788f51c540b9d6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
62c3664ce5cd287abc67c586bf331694

SHA1
f03a8ff72167a74d34f189e1ac242585f4994014

SHA256
95b5143ea48d08c25b93a4ecdd2ba0f0512b06b47107aeeaaef6b418fbedb32f

SHA512
f205cf31495e12f5da5ac7930bcd80a16970619342c0762bc83a97573bf7da7fafb8c1478948cef672b460a240e0939d9ea60199b0c5c6eac495dcd686addea1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
8acbef1cf9d2763f1f5039d52e9386ae

SHA1
9de54f1a38c5c3d11365310d1a39e1869fcb39a1

SHA256
65b42a6121ed80f4cab9e20c08ba3b6063a79c85ddfa1762bee6186d1e8e0918

SHA512
10741a02b8dba616ec3e592ed422ed279bb536873a57df59ac4f7f7be3dea12bf5f0ecc5a49feecdcf4523b4bd7bfdd348d6f0d19bdc604db2c4753736d1d3d7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
405f1cc5b67e624fba4fb43003c17d1b

SHA1
3a0c4908a31e4e3ba208fae2433ab8c7f722d136

SHA256
cdbfbd081c742a55ec14ec40efcdaea2b1a0b35aad0b9b6ab756b301fd8053e1

SHA512
ad02e4d95e2b57c6da27526d07b5134284a0b37bb8de7656a7500fc72e26bc61f44619452e32adffbca37b4a41dab92ca75453bd5e19740e834fa8231023eb99

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
81f28ded3d038a4cd9546f5ffe81daf0

SHA1
1546b806af14f7dd27c01da8f4360b83598add17

SHA256
954dd8456110f258ac572e2d980429b0b499daa435af195df723e554d417ff21

SHA512
9d08f9dcb2d17965eb04b5ba3c3e25674814186e320d01103be1ec9bbfb8b9f7c691704b76782cacd716842b9211e9219334ba32e0635bba3eea41c702d23dd4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
d9f8b57a7a85089287c42af7880dd8e8

SHA1
bfb14f24342744a46f501efd2dc5015536079b57

SHA256
0bef70e264c9096f3dbdb764b4ac5a9d7f069858d7902d8b88169fecd90f273a

SHA512
6bb75d9d1eecefe205ab4a7d00b58e040570cce9ccfe66bce7de370e4ab8ff3195c22c06b5d297a7d5b323f22fd1a71c3ddf0b3f2f31339f89bb0294aa5957be

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
257e8a5d2fd47b0a25f971b67232594c

SHA1
2a73dd56289a0e31634bcb3c0fcb094b2845605e

SHA256
e19aa51abb2154aa4d0c933928803dd06246b7d15e246561a6105a3ea38e66d7

SHA512
0ff6ec4707811a768520ecd03e817a28791fb7eeeaf122092326b54bc25fa30d3a197898e8f1416342dbf8a44e8fdccb251dae3ef7df2b540d25d4f0a3063b23

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
f54a85aec19ce2d2fca706361cc40cc3

SHA1
4e58ba3488a41d7fdc9a2c4ca0004e7e03abad22

SHA256
9eb6837cee75e94f8ee822bf7541fd836ccbfd7cb042f0b25cfa8176fb4db9f7

SHA512
72ebeb6e1cf888ad278f31e54e436cf20e51888a5113898957d9990897b4b55c305452fa175e6aac85a3ca6cc3422216bb535f4df278c8b7e1c81f0189f4a922

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
bfe671817090688b05bcdb7911c9c720

SHA1
ac70995d491eedaee37affb22c65be5d962bbf69

SHA256
bf8f2321c71a28078cc3fb1323a1a67b7f5e9885895a4591a388af5edc7f3d80

SHA512
f078233100e61f4fc6ee426976aee2eb5684c8632462510dfb33c86586ccaae920edb4a3220ff5e9d8c00961c56a4bf8523d10632eb3b1be3b9e4b2ec4c06d74

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
3e37b9a533560208052dcb913755ddc4

SHA1
1d8b814e1023f239e9c7357171858e133432198e

SHA256
c65223c25063bc9ba9c9f7ccad308a34e84e16d1677f4088581be4bf9349f9af

SHA512
352d96514c25fcf6e2fa0d7ff57749767ec5b1837efbe2258b89bb8dbf9b07122398ef42fca58a48796284eacc53e9a4cb66f192c704d407d198aff5d9b6076b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
4f1f42022662b97af01a66135f301d4b

SHA1
ed22e4840724506a6d1090b54c1029f8d8bd6f19

SHA256
ce187131422061700cc67e7c7c94d08caa04fa83e3f1a200f4fcbfa14ddf0392

SHA512
d513405da4e46dc3df28e957a70a34a0108f301f8d847236fce5359aa346945bf0331ac05869c770696b2e8bf84d3594f53def97865bc28c2ea560c3ea8acc27

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
f0201f56f4e9daeddc3ab3e88256469f

SHA1
d4f88f8a02e566ffeb7ee9e95b70d8416ca0fd0a

SHA256
2caad4c22ffd9acd131eaf8145353bcd1a6c26a8cfbe0a5298dee010871d5fe6

SHA512
1449b105838b3b436dc3918b409202c70a6bb2f0db91ef0fdd2055f4d94c2f6c7407b2a7f66becc5a633cc69b6e8c6b5d4ab69dfe5e3ebd46b53a576aa640b95

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
9fa9ee066d50212b5f139f91cc5f571d

SHA1
fc0e191619b6dfe52083fd78076045e873c28537

SHA256
57e38e803ee8a82b82095fbc14e369a156af77931c34e25be43f4a82efe438aa

SHA512
f9f6604c8af9f97f2a10a41792f6375de736233d9d0d494a3e28a9c0ce12e0ffa3ed74b6de2899be8b372e63ca937113ed7fb3cae8993f5209b290883d466fd9

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
753a19577e04eb7b542ddb8e576d583d

SHA1
a3b264d244124dc3d043c8b5f29409d9451d1c6b

SHA256
68301687b846f845130f11764aa9f358737a53e8c2db6e237e1fb5018a18a90d

SHA512
d51941ca49c615389520a7ff6c8ba7913013990fc6d0a5c20aa0bbfc66ff6d79f0ababb0f603d5f8cadf7b5b3d915d6b1dcfeb782d8b34c66d6ad3422fabae0e

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
ef0545017be48e3ff5cc7abaa9e47639

SHA1
05c85bbc52c1eca225254ce9662f22fc30619334

SHA256
90c7e34948e24e53966ba453c798a32ada7eb4f1092d8d9864b8fcd5d3b88173

SHA512
f1c081298e1a9340344f5f1685b862bfa85901726ea0495f3f3bd409c25626fb25a04669bca8a3a0b20875074d8702f924eb0ed0c2e07feae1b76066528451c3

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
2f11e3860a769a4da8f570e886755d35

SHA1
71a2005c86e8933e23ef4f3e2ed81ca8f1fb424b

SHA256
9670af6ee84d12b7bef68c7d7951684c5756556a6aab82fe1dc71df5699847ca

SHA512
a4a799c05ccbcd7a8353f034bb0fdd58ad7abd853f04612ea5dab8966b07dd38cdaea54e3ed2cb8df5844dcacf450772d567c5673d2d9c7c3a20eed0e251880b

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
564879a052c7568047f70b18f717b1dd

SHA1
498d9978cfe78077767b076fb5366121da4da449

SHA256
9b3c53ddedd234333abb8795a60d66d04ba0b1467e9ced63eda734ab2ba038b9

SHA512
f09c81c42c660cf1199a6598385b133ca1ff2786e640d3f93e59e565ec7116a7f1dc12579291167377166591aefdf99aa144d27ceccab651eb0db98e446ec962

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
e2bb82ac0953bf82d72a925016f00605

SHA1
f26ac6a45b8d4f4d3a877e8817e76984ada9aab8

SHA256
a2e05d6d315c243c4a55d49a1ed37facb4c102b7083c6c640591875085ffcbc7

SHA512
3d4f011d6de59f1fb5d821ea9643e5188d981cdb8261472cedc4cf8d43ebd0b1af918260f558785f4f7cad877af6f11f35e684122d530cd83798cb25254bf2ac

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
594b6a00bf4eff48bc20bc2b824f722f

SHA1
c2a4dfb69a41f913280bb18410e34427500ae212

SHA256
308b408c9774b129d89f7ae86181efe97037a3c008d3ec2e0cc7dfd0d1cd6c57

SHA512
d58f5404a1932ef15dd7274b09986c5a874becc79a4be7a1085c2a6abdedcaec0f8c644bfa465f6591b93d2d77ddbd1b2a10e7c0e9ec6552f3249bf6942b6ef8

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
9fd9cffdc392a8695401c20a2ef38f5b

SHA1
4d1cdbde8585360bdbe0a9ee2334401551a9486c

SHA256
c1a02041f1e882b79f60694acaf1e91eca60c29e8a71e1c007a3dfefca18d3df

SHA512
981b1b22a30f45f38d92bbc1e3f8eb890a84643ccd4187af7bf3ede90b033919214448fc7942ad316975047c869d5c1b3e8fbd67a71051b423bc19cfffd0f567

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
be263d9b2102f3070ed14b6d66896ce3

SHA1
9be960776b2001ce2d3f7d08cb1cc2d58b21ae7c

SHA256
ba2bb35031b78203e760587285eb35d82fe651dcebbc984cf059fbf74e2641a1

SHA512
b6e082eb43640516d855782ec3e66a5037f865f926d91c72738c64537a27bc2f8e97df4c0c0eb535e7bb756cf79104fbc6644b110cbffddc39d2ca7d584a7bc7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
95c0771d5c9a85c23b1398baa5f343bc

SHA1
94cf0fb0873998eff0ff6b840a125226a44847a7

SHA256
4710db84c7cd1122937683b543ca2d1e69efaa6aadbec3354117d67183e46d20

SHA512
e1a494cfa3a828fb9d79add5178ac11e2c8544d1f959887e11bbb075b0b26876b6c8d729fadc7bac376a909af0268c81c8a31c96c75d5d326d2a29d75092e20d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
049b3a9bd5252eb759d6c11cdae14a5c

SHA1
248b6cc1487c18779a63c07ce3740ab901904778

SHA256
e3b31d033419dbae20563da8560b2543f7788dad602e471b8981df71b18469cb

SHA512
01dee542cf63eba9b9ade62c933218e0899b690901c57273d75589bf21ed1b374eff58ff45f43461fb55ccdc98f82e5e69db8ffaad8f2e97ec44d737761fb4d4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
60af4693b4b8f801ded0b22aa3748e0f

SHA1
c2b6e78d42b7c9078845dbd5362546b4d18106f3

SHA256
b62551e546384d20f984297b6063cc8551981a77f9f08c5cb4fcaf84b7b312c3

SHA512
07ed0d9b5f2293ba3805da0f560216e0fd843c2074934f967ad6b769ee4acca214377a705eaa35420244a9e08bdb3dd5dd77373f621a96dd8b5693aa099c414e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
0415117e0e4466244af29e4c2390bfe2

SHA1
673b648aa17bc573d29164cdbc05e4d119bc6281

SHA256
e691becd1bce7e7083b931dd2dd72de6373d6fef233c955a31ecce98d5f6dd2c

SHA512
1f2fa425a2aa84fd16063a37325d68f614abd621dd27d5be59a1e42288e74c12aebf28564dbc4701ba84b1fd1aca699e14cdf79778d5572b87af40c028a919b6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
0dfc6bc681f1db8f4e8bcb646ed5b6c4

SHA1
96430cefb1dfa52db36b314dd14edd4840d92efd

SHA256
c6f707a5b1ea10660b51f4245caa59c2e8f001436ea941c1af286dd09f4f057f

SHA512
55904aafd560166df5277a80f61742d1c1ea33e6a1738402b7cd395cbba714ecbab118fab5c357286b59e17cd84f351040e50148691f1ab386642faf0a1b9f24

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
857705bbcdeed32c50bfe1bd4c2cf155

SHA1
e0c05b4018199f052d77244d6c3d45a98d004ecc

SHA256
f85f237c20b73d9abee9f3cea955ac91befd5aad9570253cee0e6d92db00cf0b

SHA512
ed0bf222027639796c0e3f3d110175a68b9239ec480679ec7f0ac21596eb32a2375792bb1e97c10736e924fdfbe204ce53fc71132a1b4d06d6bfb8e57b40ecbe

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
e59c19c3c9561589634142353862ffdc

SHA1
e72d2a4dd078cc992f5a2bb906136dbc8fe478b6

SHA256
e5fde3e582dafb08eddd8eb2de7f50b8047ab4f7190d99b04ec47d816bd02de6

SHA512
1e7c9761d1c3599dc0107670c4e576af63dabc925fb3e68a1eca628d3f78104f81b35060af2ed6f2b23e37ee5d504b64d60d58c7dfc5aea45b6f78cfd2bfc44c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
86a1fed106b1f2e34ccbfa8a856fc1b8

SHA1
4c702729693f1027e8b7c9d39d77bc720e00e67d

SHA256
69705338f676e8abcfe4f9b0218b8ce6fdd78333e27781abe5baf5e8a18932fd

SHA512
e31c6fe925e1e673b5028c10c0ce31684ff33983d4c0cee714a25376326588312b4754a24ebd12446f45ba69abd2f2e4e04d4a099601a63cf934e786fcb748c1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
dfd843ff5eca2780af082806775c42c7

SHA1
4e50c7487e79ed4a85e182bee334040a8b6e599d

SHA256
efc14be3169701a0b3ba76ca5f70a8ea21535d2426cefd67af4f7ee30d1ebb96

SHA512
fe58ad6b46d30093991abd89185adedecf8f462e732149adea13f8202fbc242aa4d79774ad0d3823dd329e4ab5b12ad91f77b5e2604ace28bb89a5ea41fada03

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
a48bee5abbb6b421211cdc7e84939772

SHA1
167aa5f06ba76bb8cdbab83a03ae266916589a56

SHA256
f90ac92a953154eb5057ddba841891ad84b991809825362151340d73d412a2d4

SHA512
8a7a7d98b1f5c235adaef3cd730930befae77cd8b7fb66a08cd99345d763c34bcf579238b89f08779651be4ece188bf7bbf10a02e4554619c4c1f1ec112f3461

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
5dff297f9b70a4f9dda274ad64de4d32

SHA1
1dc71791a407923c4a6a47d5009e9f7d9f7c44c5

SHA256
a4969174107d18d575bc908446c2df15179daabe8583b592d061c6e702354a16

SHA512
91ebb668a806c69e725e9c2a86cc2e7ed5fd461440e7a8705de8aff0428fdddcee3d2ba1d8f5c9d995cbc8ac8d15b3abc393ffade121f3cab6897b053e308291

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg.EnCiPhErEd

Filesize
1KB

MD5
925f665cec0b819229a5ad996758ce4d

SHA1
db810dbba2b148e7178fe5d584e913b70db4ebee

SHA256
863452fcdd9b6088b8c5bd723cf94e66748d1a7113f0c2304ca2ce8478019460

SHA512
00adfa32328678f4f6cb41948c5269cc82899ba32de3523f1f0af492d91ccab8b99b8447995cd0b56bdfe5c28aea37cb94f53e1e9dc65e1bf93e18b34946baf6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
9414b0b53dabdd736c5069c3a457eab9

SHA1
b45d04c56453ef1df8486e9ca75cb154a6fe722d

SHA256
607581a9393f392b55da8df1fc55f1ec2c27c82a79db68454803604b03049c2e

SHA512
5a5b3e096ef07b318c6dd4c89554f2d2344c6b9da5543c284465b160972291468153c8234e463c7f847d99656ee0b0c78b7eb72277cca551e17ac703308bf478

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
abb312e498a16a3538b18d241d1d8e15

SHA1
b71a8f36372435f589a4128781e089b8a4b57dd5

SHA256
5438c70522cd8befecaf22225d63497274d1812da5d4bc5c1cc9c201caa58069

SHA512
a57e2dddf381c104736e8a4ce8aff0ee250e525c085e18d9619dd4d4b1da7e8e0667a39ab850ac31453adc463f6b162a20530ce269aca5938192dc85ee8d36b6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
ef775c4895dc1562007ecbdfd2cd6315

SHA1
a85d7b9c88e041c8a96cf63cb7b9b27a30064162

SHA256
b18ed583b33efa2c17fbb8b854b3f2ec5a9433f171f8116cfb66c0b6f6ad3e25

SHA512
5504275602bc229fc96d5105985028472328bddb5c6aa38e245d282d90b2d14c5497ca69fb7e9e3c6cb69219d94d86b1b7f29bda8964ec7bc4016f5534b50ef1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
400cf7d1ae1d86a9dae456f979efba14

SHA1
8413f91b5190585c7aba95b698608576b4b69ba6

SHA256
cb971406619c23d4a79c963c7c69c549317f7cd54e3de4b1d8d5a88346bd34a5

SHA512
a5df4915edfaff45b27650a96c7e6945a7d4c47687a8763892f0dc625cbaa92f05ffd409751854d55f786b20ac7e03ca2a31e78933d4caf89c7f81b5939ea853

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
f87b9a27cb52489038eca0b0bb0fe6c0

SHA1
3f611f349d671270be9612ffbc78baad09db25cb

SHA256
26374217784a32595b4e80fd9bcc433966bfdfb794e3a461b38b10e88d2c8e43

SHA512
a8dd3fefbab6e3d9d259f52a2b0d6928dc91bbe834d9113dec2a15fe1703d069aea2a4d9d066b25eb75ba1bf2ef6d775dfeca804475f76cd3f790d1f650595c7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
a52365c250eeecc76fe498e41ec5ef0f

SHA1
66b8e6f9328548e191afa75b8e94e884f5d7b8e1

SHA256
25681fd73efa05b0a71fc3be15a821e0c65dc80a9171013d7b1f26254a0ed3fb

SHA512
3fb55056aed16a2a1192208fd29b13cf95ced88c00e544148cd811b7dd89f856edf15c2c95af8a4493099811edc978f1ee0b9cc74d97a7edd034eb68e59ef770

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
b507e9fdfdf39a59270f279e0aeb816a

SHA1
f102c7c49f23f2403b4f07574c1752c839147328

SHA256
80a33aa8126a69dc6b175de84939bb4e0d1fdcf79a8122f59df9ddb415ab3384

SHA512
64e341da50d35f10c7f93ccdb8e3c7d092d80b9f8eed83d3f651805c87caab6f924741f2e43cddd733e23451aff0bbb2a53408083ce682cd2853905ce25e2502

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
06ab12a239537bd82957e315624a999a

SHA1
51d2f694261f7bfa68e7f35628727b3bdfe73dac

SHA256
56a74a1452e2221ca445deba76fcdabd8b36a3d3a4c4873f96c0e4b7c53e08c3

SHA512
0def44f20abba4cc9ba68a67e7637889cc6e2b8a79b90469da6c4fef96807cc0bd367057f5655eef12638bf54c30c2021b84988bbda4202eb88ed6ccfca9404e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
6f48028b39a042345823490c4cb97751

SHA1
64bdf5bd2ea1319371d2c2d707fc290dfd026571

SHA256
6aca63441fd8978a2f2ff28a4fdc0aeff6d6815d7015587a47f10eb07cc6f1c7

SHA512
241abb1540fa8df6c3780ef578b0adbcbfbaa8b177ae5c57faefbfae05724ee535c6128b09f9e7611ef5904086e8962fc5913209800541b7696cec1929dee186

Download Submit
memory/812-59-0x0000000000400000-0x000000000098B000-memory.dmp

Filesize
5.5MB

Download
memory/812-8526-0x0000000000400000-0x000000000098B000-memory.dmp

Filesize
5.5MB

Download
memory/812-8525-0x0000000000400000-0x000000000098B000-memory.dmp

Filesize
5.5MB

Download
memory/812-9157-0x0000000000400000-0x000000000098B000-memory.dmp

Filesize
5.5MB

Download
memory/812-9158-0x0000000000400000-0x000000000098B000-memory.dmp

Filesize
5.5MB

Download
memory/812-9161-0x0000000000400000-0x000000000098B000-memory.dmp

Filesize
5.5MB

Download