xorist | 917d5f2567bf5f1bacf27d88fdf66b147fd2e5c8eac501d8585bcd8b6809ae19

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-10-2024 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
Size

18KB
MD5

3463f7ea4c81675aa0c3e61e72ec5288
SHA1

d44431137e8e508860df91e964c4ddc0ba6e2658
SHA256

917d5f2567bf5f1bacf27d88fdf66b147fd2e5c8eac501d8585bcd8b6809ae19
SHA512

7788a94e3b3147f3c302225e808aabc1871e980ae674f6607f4899481fd4a5b4da66fdda10d3de69a148c4918c46000e6c21e862430fba198376157c47798307
SSDEEP

384:xprr1gkDCgSn4sbFQ2qZRFxQYzubaQxd/UGW6keK0WLNB:rrVDC/iRrQau9K7

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1800-9150-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral1/memory/1800-9151-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral1/memory/1800-9164-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral1/memory/1800-9167-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2214) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\L1o9m7si2knIS4b.exe"	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_History.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnis2u.inf_amd64_neutral_de46607a02fe2552\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Command_Syntax.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_prompts.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcxpv6.inf_amd64_neutral_f62ac4bd04e653d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\pcmcia.inf_amd64_neutral_1678e66e0cbb04b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\lt-LT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\xml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep004.inf_amd64_neutral_63b22bfb6b93eaba\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_neutral_c48d421ad2c1e3e3\amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_command_precedence.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\faxcn001.inf_amd64_neutral_d23021a1eb548156\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbvbda.inf_amd64_neutral_2bfa4ea57bd5d74a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Reserved_Words.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_neutral_7f08406e40c6ede2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wpdmtphw.inf_amd64_neutral_a7a22bb0bb81abb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_properties.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Session_Configurations.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Signing.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\angel264.inf_amd64_neutral_04b54b6322607cce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Parsing.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_objects.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdminfot.inf_amd64_neutral_fc6bcd80e9e6a3c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_WS-Management_Cmdlets.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\af9035bda.inf_amd64_neutral_aa11aa34552d1d4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcpv.inf_amd64_neutral_5667cca434e3a6b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky305.inf_amd64_ja-jp_4d77cc4802b17ec3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\nl-NL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_properties.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hcw72b64.inf_amd64_neutral_023772237d3a4ade\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_hash_tables.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnsv002.inf_amd64_neutral_6ca80563d6148ee5\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_neutral_ed16756f950857e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00w.inf_amd64_neutral_d4c93bb2fbf75723\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr005.inf_amd64_neutral_d140721f97061bba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc302.inf_amd64_ja-jp_64ee91a0bf7b132c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_CommonParameters.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_requirements.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_job_details.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnokia.inf_amd64_neutral_a8e9a41983d33a0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnle003.inf_amd64_neutral_c61883abf66ddb39\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnhp004.inf_amd64_neutral_53f688945cfc24cc\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sv-SE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_script_blocks.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pssession_details.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Reserved_Words.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmusrf.inf_amd64_neutral_439e7d1dcac00aca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep304.inf_amd64_ja-jp_27c560b15d9928c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_jobs.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_neutral_856142fd87f1c21a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnxx002.inf_amd64_neutral_560fdd891b24f384\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bdggilloaddgiiaa.bmp"	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1800-0-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral1/memory/1800-9150-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral1/memory/1800-9151-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral1/memory/1800-9164-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral1/memory/1800-9167-0x0000000000400000-0x000000000040E000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_right.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewAttachmentIcons.jpg	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_h.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up_BIDI.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Mahjong\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SKY\PREVIEW.GIF	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01562U.BMP	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_choosecolor.gif	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\PREVIEW.GIF	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382959.JPG	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099189.JPG	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\BUTTON.GIF	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\settings.html	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\create_form.gif	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382954.JPG	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\search_background.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15073_.GIF	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\HORN.WAV	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_VelvetRose.gif	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\BUTTON.GIF	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\CLNTWRAP.HTM	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_mid.gif	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_48.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Discussion\DiscussionToolIconImages.jpg	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsHomePage.html	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\RSSFeeds.html	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\HEADING.JPG	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\calendar.html	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\daisies.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0178523.JPG	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Casual.gif	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\winsxs\amd64_microsoft-windows-notepad.resources_31bf3856ad364e35_6.1.7600.16385_es-es_79a6269ce8d217dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\inf\Windows Workflow Foundation 4.0.0.0\0005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cpfilters.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e0c5ef8bfeb655c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-r..-detector.resources_31bf3856ad364e35_6.1.7600.16385_it-it_58c0b0f0f0041d9d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..e-ws2ifsl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_282d1900db697084\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..mostfiles.resources_31bf3856ad364e35_8.0.7600.16385_it-it_2454ab4efd21f1ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\Speech\Common\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_functions_advanced.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wusa.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_98d236f1683c8164\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-x..ollmentui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_38b2b0e8fba01a4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-webdavbinaries_31bf3856ad364e35_6.1.7601.17514_none_c87778b746d52a7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_functions_advanced_methods.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-object-picker_31bf3856ad364e35_6.1.7600.16385_none_0f6c30b96de81257\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..y-secedit.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_cb54b81a0a78bf8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-w3svc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_58d860520ac16b37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..vider-dll.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_35b011d70e1c44c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-spp-main.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a954f5523da316e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\ehiBmlDataCarousel\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnca00c.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c15e27e5445ce1df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..reensaver.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b3303c4a2492d8b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_cd9932e5aaee1f78\settings.html	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm.Resources\6.1.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-userenv.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ac91feb2074de783\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ac02e909516f7d8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-intl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_cae59fc28e078161\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ee2eb924e76291e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1.resources_31bf3856ad364e35_6.1.7600.16385_es-es_23f6dc047b6676d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-whoami.resources_31bf3856ad364e35_6.1.7600.16385_en-us_cb28c86f28d65ec7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_While.help.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-peverify_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_711dc6fb06230c92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mdmmcd.inf_31bf3856ad364e35_6.1.7600.16385_none_75f2f184549e8f36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..tion-core.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1114714a18672629\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-dfsvc_b03f5f7f11d50a3a_6.1.7600.16385_none_96dbb959ba7c7a79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..mentation-migration_31bf3856ad364e35_11.2.9600.16428_none_9169fdbd15286489\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-healthcenter.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a222165421adb16e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-blb-cli-main.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7f899f7c67d0364b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ndiscapinf_31bf3856ad364e35_6.1.7600.16385_none_7d40259a2e779260\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-festival_31bf3856ad364e35_6.1.7600.16385_none_121f20b55f0bde68\Windows Hardware Fail.wav	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-stobject.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_2242e72b1e80255a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..terprisee.resources_31bf3856ad364e35_6.1.7601.17514_en-us_b4335a571a3c743e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..g-jscript.resources_31bf3856ad364e35_11.2.9600.16428_en-us_da2f02e5e31b2286\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..audiocore.resources_31bf3856ad364e35_6.1.7600.16385_es-es_804ee20534358f73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mchgr.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5420fc1a33c12118\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_megasas.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1f2bd203bf02934e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-journal.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f13bed568d7ad40d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_es-es_ba57accaf17aa08b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-compact.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cd64998bdcb9c762\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-efs-rekeywiz.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1039ded3acd3a6fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-rpc-ping.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad23a7a77086960a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\Browsers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnca003.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0efd8e0c7e80662f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ktmutil.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c388a810f45b04d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-setupapi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f6e1ec9fa2e0ba82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..edtracing.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1667d0c70a538c1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-remotesp_31bf3856ad364e35_6.1.7600.16385_none_0b18eb4970943336\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\inf\ASP.NET_4.0.30319\0404\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rasmm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_98f36a13cac0f221\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-stickynotes.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e32a37af24907a87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..nvservice.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c9f660d22efb4b98\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netefe3e.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_36116b6b901641ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\Boot\EFI\el-GR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\L1o9m7si2knIS4b.exe,0"	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\shell	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "LBXGYCLFZCAEXPG"	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\DefaultIcon	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\shell\open	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\L1o9m7si2knIS4b.exe"	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\ = "CRYPTED!"	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\shell\open\command	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
321B

MD5
771e9e60910ff5ae17214e984d4263cb

SHA1
0f0f34e72e38ca6cf88b02fa1d3c9babcda2fe5a

SHA256
5594cb08289cff699592961ca1ef9489ebeed81c32c5bd8d668bd71e212aa300

SHA512
847e7d198c4f63e1a5cc0819cc0e2e60f080d8e19ff66e4ab06969fd5db88ce6be3550c52e9d38c7d417456c08c07cc2dc755e47f64cfe98a0e4c44f83740c6a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
54168c7cd18fce5b6251dd335a894071

SHA1
993a6e7c88c4b341a1cac61ee8d6ae34f5d3127f

SHA256
6e1f7a6c8797f61795a89c144312d54c44edd6b92d7a3d5c5b987437d9089e17

SHA512
641aaf92a89d66dbba46deef89887e18c07a3aeb1c0e96e135ca8cd2b9729e34ea1e5fd668520dd9217cdec95865c3de0f1d31ddd6c4d3ec607c01d4405852a6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
ce77f4c2284478f6252002181ca7773f

SHA1
b202eb1d5471e6123482e68695be32db89be0823

SHA256
af052c6f5592e748614707834a75f21900a9e7a58f0f103eb156ce258cf60c61

SHA512
b033fe048ea9f13e5a63e99be658d6be62ec0766308249f7ba766154ad211c2e6e103809da1a7e120f45cdf8afcfb5fca6c4eebec54033a521d92ae702bc140c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
37c974cf8b17a0fee3148304cef8f1b2

SHA1
ddfe39710be81e8233e0f5c86585b3cfcf7ec4b8

SHA256
cf05376313e4aca844d700e5047ec0a3d84a0cfabc51ec0a9177afa248d0eb7c

SHA512
202c0bcf704daeb1d2f527300a4686b45fa6f71769e4099225c4bef43c78f64f6bbd14fbdc1f1f0d16148d12b20375852147cf56c892e3a2f9d28afeadd3cd68

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
1966beb165afce8a7dd62bc5cec87b3d

SHA1
1d57f63aa2483a4f443ddbcc39039b793651f6ed

SHA256
b1e58deddde6ea2f348939d5ecfa6e166e7f0e6e381d6043a3082cf60ce0b5d6

SHA512
e1baad83974a8317977dc593e8741ba708a29083571b65e1dfce1c18ddb4950f150076ee697caf953cc576f7d8b43c20431823fe1c4a2e8b2218be68c66f84d7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
900287530a5887dae8a50be7fd191b29

SHA1
aa23c9af669febce4658a34da559ca9552035a49

SHA256
0b8e5b45db0ac0e55d175c4276c3f59aad2a1094a57fbe851b9873ee547c4858

SHA512
07730e0b15460e6651621651fe949822db79631e75dbb523302d40f2f2a86e8fb8b6a76eb0947a3996fe7ac0b382e56feb63a84ea2080fcc17022dd3cecdef26

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
e606f5d5bcbad2c6bffe87edc5901f07

SHA1
f4ad9812dfaf6aed4aecb9c4543c7b83be429e61

SHA256
38e565e33ded3f634efa6795b1f31e7b4c8a2be72e9f49b237a292393432567f

SHA512
9ec656046046fee927afb044f6517e7cd3ffdd52864592d894149133b3beb1249d8b6608964fee5361d698eff6014f439e00d422ce9e7f554b37a901f4417afb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
2495bafe6a9b3e85eee59ceaffe0029b

SHA1
1cb4d30df7cdfdbabc9daf37254150194232dbaa

SHA256
870a4981c3689f1fbf97bdc175ed36fd24c0d2470d0ce691b83450071f9bbd0c

SHA512
0c6f060d6af7fa814f8a01653ddd1376d18942ad04ae1cb1f6dd3291f74a9850453cf90b508d4fc39bf9015ec3db2f806d2da7ec5af5ca304f08e6c577021403

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
4e5a6bc1401487be3baf06e122a1d691

SHA1
e137b2404ade90793c3a87a17ce4116540c6a1a1

SHA256
c12477e67521d8a1062bc96a656268f759500922f183cc4474d0bd999bf3fce7

SHA512
524792a12e7fdc4331d62e8cf12768f2802cff1725d511435a3ec36756d505266c3721158c3343505244c2402ff251e98d8719ad5e3db69a6aff7a1529dda042

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
4411ee7217c8a410988e031650a78d91

SHA1
5a1d0ca80c8a6f47726be3bcb65c4f61b9c27aaf

SHA256
eb35708bb95188af254283089d78f9e6429c282924ed5ecaae65cfd2933fdb44

SHA512
ee7aff402f63ae9f1d0b0fc1aec3f3f2680ac688ce912ccf3f4b1ebdf787f384cd5faaa8e2ce6fe05a4196effb4bf6004c3d1e5e55a05c22b148dfb2d3de5482

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
adf1060471d430fbc2bb242de3d92dd3

SHA1
2858adc2cc13d7d4fe73cd100fbb27e2753b089e

SHA256
1b0b96d8d71a1c3b9e4f3290e7e77406345bcc1015c3476d83e86206b2ca2e19

SHA512
7320158b88377bc1ec01187828c3fa705ca5e6ce97e65342f978c2ea0d9dbd48cff441bf0354bbbc2ce517d18a36b1485e92e2dc3f612f48d29fb4dce2489173

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
62cc2b0e712df645abaeb6b26bc80433

SHA1
a06c1382d293a87c8d1a0cba0c63c27856120983

SHA256
8ad5076fee15d50a3241fa2ee3a232f93a2a409ce3a3a42c99e35b63639f2b29

SHA512
248017f6ad5ca93a8f24227c8df2c6e3f5cdebee9a342aad9c21f2d9133b176e2cf965ed58b69aee7407a0a3c0244e72b7d6aff1aad8a055490dd2cd2129b399

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
bd1646b72b257a51af25df14fa0a7e65

SHA1
b4d058f5f9185e665877c09e6480f08488a9955f

SHA256
08e3fd6e079ac3586e87c38a3aba2a0e63e6e7b49c7a78f47f8b0fc49c243a5a

SHA512
987eb6cf5c5819b49a18156b9e02d388414c97fab2b2511514c5fd1703444272669b0c6be93780e93a5564a14db2cdc310c8392103dc4fa0d18dc1aaa4ea9ce5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
bc5c332a2ee76f7371c941e76338b75a

SHA1
d2c19a8faa71700add40e728c3a9846ef1946bc2

SHA256
0a7949f6c04e2ef632259953ec8ffa747d241b654b2a4afc6a8d717c4f1ad987

SHA512
3922355fa01c882afb578f54218b9a225b3a3f6ae9808e41ad776355580d00d25755d475c9bcc22396066ffeaf872308c673b5504d82991606ca01b82363205e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
63136ebcd4ffd3377bdce753e420ff97

SHA1
6acc9b0d415e0f78dd922b6e685668498e599828

SHA256
f572af4188c0d803064a2b6e2f4cee2224504bcba4132a4abce7907809796795

SHA512
fcf0a91aa6a68fb5e5e7456e66a487fb9cab5c3a31b7c06bc3a5472e3a6f4d2818c354824920a0522b84363952e03b186554ff59510333cb84b05c356d670d2e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
5aeb795475e0cdcd74554fccd8bd2901

SHA1
7703058c5546dd1baa2d16c7aad35abf78b1407c

SHA256
299efc365fec2bd679266ec3342684bb492e6fca6320d08108587614ea8656ca

SHA512
aac60f97fc394cde02fb79bb86c080f1e7a2626724f014da345c550ecfcdb37a7a0ee6a73d167586bdd8cac730923029478ae6e3e216a6accd65edbf64521296

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
724a26b9011a5d8c6e9af0ac8111ba09

SHA1
6fb38282be8d8abda581d4a5d37a61abaab13b2a

SHA256
df5bae05fd70d800422f3cd84060b2b9b62779ad496dc55fe008bfbd0a9eeb08

SHA512
3c8076cf512924e8f0562de43aa21b7b7245c7c20720049347f63c667662f99883e0509fbc56fd89134b026df4ada81feb8b2d3ade9e6fd900b19fcfd56e96fd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
cf309ca4c21c794c1f7ae2b8544adc33

SHA1
addf0da220a9247e9c526811146fb97f7eedfe24

SHA256
65e7e52ded231b4dc05ac8a920162f781b8528653b6806967e54c9669c5f1aa5

SHA512
d5c1cb06e8ebb2a67cbad60b9d0e04312851d5c4384aeb7285a4e8a257f2e56bbb2ff6b50611b42b065999c51264866d222dc0660018a303e886379d8d4dda91

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
4365aac866f311f3096100638fc4351a

SHA1
a155983e78629f26de32a6d7b92a09abe3e7a5a0

SHA256
bedbeabe427d374f4579ef4e8d504e86268f518a8188bfdd6fe8275f3d736758

SHA512
474dde9cf9af7bf821e36c462d78f0fc85306fcc3ea69480466f7717b676847e1193b6330291c383b9a3f0fd36f62304c0550034bbabb58abe3a0eb2f0f0334f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
9930fc0f763c5bd859d6c51255b5622c

SHA1
cae7caac1e3442650767e7f18c0e1beb2b9ac3b0

SHA256
33de36600a24eabb0ea333f319a14c04a862c192e9d55596ddf543f00ec70809

SHA512
3989524c32ea42509a79b08b0a3088e3575b2b40977a097fdd6ee6e482402c81a879d3c3fb29fb771f7958321b7cf86ed5b6e371761db480455d9aa1c28c2ccd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
42766afc81003ef910535df507d71947

SHA1
58ba6d5e618d83e13001c94e012683451dcbd31f

SHA256
1676ae2bc1ce4b5bfadfdc37e033c8dd5a20896d66ef22d83b1d4fb93d72eb74

SHA512
0d53fd7c52ad5f24479a0201459e38452a1fef01cd200e89d5e758b3f58b6f5afedc651e96a11a34c08dd3a69d1954db9c43186d5858cd5296dd1eca9ab8b6e8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
a9b50ad88fd2e6e7dad3b6ca9ce95215

SHA1
a36e42859d7ef0bb7309e37371f54eb0bf4ab20e

SHA256
febd04c65540c2d2e38f19c4dc0303cd0bd6a234a1320320c1a639a1f6f94086

SHA512
6312a8a9db23ee4f473299628a7922198c867b17bffe47b2d795700314d672caabc3e8ba9cb9679b154e504a0dd52e7fcf6299469b91369ef002c6caa56bf938

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
bf4a240f78bf3df609b32731609068ca

SHA1
d402901671a1cbd0a937719b7f585f644cbf0d2c

SHA256
4bcdcf016217f7776dc293e880315e7c6306f401851464c1159e16d9a8337366

SHA512
0e7c78349df08aa5fb69dfce42d924ce8a5481ae80db7d8d77509eb33076a97bce17516cc507ac3a2c1e3958324e66ac76600d015d4ae07b97c2ba859418873d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
2f9b3d46b62169c13df71e23256e0a29

SHA1
32c9df0755f442ce3ced51760e0f0963c64d7611

SHA256
0612c5bc0cd0941c325c428f8a06c2237e2be5f44a8578602216c1b2d2d4460a

SHA512
04968bc6b2755bbd77e6d518ad6d96381ecca35813c51505f99440fba51046b27e0cf07de4d4315410f38ecd6d095f89c4e3c6ff4bd593789dfc87c7f1df0251

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
5d944690f7d61311e0235d345a735aaa

SHA1
733d247be4d113ff2ff5831b3b4ea564eda4181a

SHA256
0e9c6abf3899edcd83cd41f042abe328a813d9da730528fcc8b7500b201361c0

SHA512
8baee1f48893387334895a6cc8b8b09f59a8361d4bdd0f919c6ff0d02750e3b81e883c0e4aff6bca249e3d57d53faefdbc910179c5a7712a5d40a350c4e6c2bd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
5e5d0f8d229285d7f2fdf0f58cd9750a

SHA1
d99f9c8822acf760cb8f75555cf0e93e17a00aba

SHA256
7398381ddf7b39ba9f68721b14b969102d327f500c5ded9b4ca4a11cad8a258f

SHA512
a01c1e9607381e88862144f41520d32dcd488c99ec85888308107f9e06cc52949503dc6e0066f4dcd7eccdf5d473d987e4ebf891a718e4b839e10ffd91122b60

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
e0b8cef7221bdd50dfa25a6f6192c77f

SHA1
19a7dacd3da85eaa06046ea8ed04b394005da522

SHA256
0127a448f133954ffffc26257079b721bb95da21dd1f8b42167d279480692f17

SHA512
cb56097b7d14e78823abd96f4fc13acff5b973201d8c78dee56dcbf0a6165f005ca0b7c7c4dc4ee32d646de21a28deb50f94f77b57aff43ddbe2b03ef7d7e5bc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
74439cc012f454d8ad9ff7ca6bce52b8

SHA1
3883da679e3d96d2e2a8f7f93684d51981473134

SHA256
9292e8562e28e05d392fb1bca08b48ba9428ad093f46c3e2ac0d637d89cce796

SHA512
49a7a98aaea25f4011a88c42d180a6c62fd69a559dd23b5d5d7a89bcd55a3127cfb9bbf40ca78df699cb55122319c1ced1193d775b2579a8f77dfa74e60f77de

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
f2026520f74cd49f62cdc9253b302a34

SHA1
8eb94326c104a71bf66d9e4ef1ba68d01219b1fb

SHA256
4ffbd1f684e10a88f9e23a24aa206b711204f8e2065183973f3cae4f28d3f036

SHA512
a19a32bc7252b90db80cd1a901e969e76815d033c89471869967701210270f4400a7c98a336fc13cf7099f2c51ec9a7e750237931db95685fc6da6b704d10138

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
942f75fd0206ce9d4d458a201a1850f9

SHA1
51c75ecc19aaead60a96c6cf1c18892a474f2b72

SHA256
5b6ce8a79f37d6277de1e08a31a96497b724b33afc857141be2a0f3fc941026f

SHA512
d634ece4aae174a52b2d75fc5b14826f9818aa41fd0768a1eeca53da31126da60c36e79584ee7822cecb39e5528864cf12cd6ed135d18d5598265be8989b5621

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
abc6f19e0dbdda72928c5a49d63828e5

SHA1
3f9bc8a58b721388792fb5cde42390c5b2dbda84

SHA256
9ad55308481294edbbce9f06ac097def90d41735720505f20b241db7d5ddc418

SHA512
8ec56326b9fd93cc4907c78c75cdb6d8950c324b70fda96d61a474378f292f34dd5c2dd7033dba5ecc1f38aa1c7f0e48a1461148eda6ec924f244d479a2ef438

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
422b8c00049c4bf9103ff1f160e88998

SHA1
4ec04620523f3433e1ab33b7042439a84f477b02

SHA256
b1922de885c77b420f2edfcb71dda14d75f1e7da0a37f1f5b3731e5eddb3c839

SHA512
6dbc6510db1f94dcf8935ce1f64780fa1275abf5946bdac14ef73687505562bd5d908a5086ede2e0f3f59a9d096c53f7ca74f2cd5a3a6a6adf6e357d9c595a96

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
b7a3550aa7c284a90aba44f1ee5e079f

SHA1
5edabb5615210a0c046408365d723da90720ef82

SHA256
fd49761d7d57b6df1ab07f81bef8720fdcaa45d891c367e95c727d417542d877

SHA512
55f3cc19c29874a22c69d8b604f543fb0cdbdd9117cb6462b61d0465f22fd4e20554d0471f793b228ca531b74ef71c898db600284d2ae29644f8ff3ada83a596

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
a185951cd94cc2eb3508169c968dbafe

SHA1
84fa9f6e7981e4cc86b77f4b7541faf19a7ea791

SHA256
b0dc6b7c2039dbd41e811659b2392d9ad6c744decdba2c2d73e693a437ceaaa1

SHA512
d58cf2c937a6611b340e817f159b8d23c364d5db210e74d937d5a28a7312a5b9f6d8f5740b1abd7a80a24af6ffaade391629e06a2e5638b6e6feeaec52665103

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
51c41eb310464487c545a0dbd4a828a9

SHA1
1fa8a72ec3f04c0c5c4e6c367951c3fec3fd5b0b

SHA256
7274ad6c80ac19798b009262022fdaf7e84cc018af994fa9abf89dd195aa4456

SHA512
b693b9191841eff94a1600715eb3e8b985ef374ad30206f4a9266ff8e8aa11aea894102c4d35a160916d298cfc561fb2a749f3d468b2d975366e1bfb4c181228

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
e39f91a9ff2adbeec0788fccd84be663

SHA1
ec76021db1385f465a00fb22a73b2a8511dc3059

SHA256
f034b5cf528451d908bca72605dcf3468ced86b113858b86dabd32d0cfc73836

SHA512
9f59da5a5bcc83244ea987c6689a1793e2b869f1b9739ddc1ef121aae1d1bb8d7ac28e5bb826ab24e63805dd828389b87cb43195722de47727f7e7306bb61372

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
69e643d92a3df269e926cead83700d96

SHA1
6a2e7c92bec6ff6b283d3e0047bbedfe57c26b73

SHA256
94ac324b5a5c76c30071f2498cbbd1f0827e7c7ae632d5d68871c2f19ce9302d

SHA512
b109f4e318cabe4accf3b3f689f09ef70d9130e587912514240cbd5bd3a112dadd278d79fff754d8b20333e4c4abdf11687855aa531a5881f8fafb25b8c610c5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
ba7d73699244b3f5df83ef4c732e5ddd

SHA1
438335a5023ae1036c47c2b809f6be0b7255275e

SHA256
53eaf575c3c2f99f67d86384993d1d794af1a23b69da5a16caa8f55639280566

SHA512
b5c043601cc230efd510543956bc928f03777ff05fadce4bd839a9d750460a39f0f722f645a998e7a1bb492e226373da94ea4597ee398a92c95026f72d7fed5e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
8d3625f8bfb6b063f3e7a5ea5a38c7bd

SHA1
193e7d1e93e85947f854daa73cd294c8a73c58e5

SHA256
1e5e75305255b80a22d19de5b817518dffa6dabe04f581e9659022de3d49f445

SHA512
4e48e0bcf4c67632d4cf6ddaaa14467f8bc6b94fdabcb82daddfe04f5b35bb4111c266923c7817c0b73dfc9c2fb380430622f0c24bac7f71c8188b96079b1ff7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
cb716fa48906e754942fb9c33e665eba

SHA1
7ee59e39508c4b023a96779b3c5913090bedf4f1

SHA256
eefa81cbad200c8fd04a829d7ca00f9cd5cc4be63fa3d0b54dca29a90f3e018f

SHA512
7c960219ee4300389d19e9859dc64a236f5370646a5901afcf2c6660f2f5ba18f3aa11b76edc52188952ec85a55d64689eb2578bb4ca5897b8a8a61a552cc7b2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
345ea06bcafdd97d41d2f56f7627dd48

SHA1
124bf683d9ea7774abfa5751e5730b7268ce8378

SHA256
d2743067b27cd4f13a611a53c463a1ea4132ff5bf56b108f7bfbcd35d830fdf6

SHA512
87ccc4d580efd75368e34fa9848a37aba2b0190f2abb92499fb9602d69efe034c5b2e0b9780a31752a31b1f5e50e438347e7715002861588526b835e70605627

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
0b17a838a320b38478dfe735c9d9789e

SHA1
8bcf2b33a5ab52d705c6fed06e058c89b1f9c816

SHA256
1c986583a614b3f9caaa75d9d7b56db2fbefd8587c4922d1da2d18cf4db79639

SHA512
88f1faa65cb22d48e89ec1085fcafc5ba4f7f5880982c8dda4c60725f4f5a726cb552a096470303e69c8280b38c965087186392f6c46030e43d0644ed84dc64e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
ffd63ec8941c35cb0c29d51694aa6787

SHA1
fdc3023670ada3f0a0024d9121ee43675b36d661

SHA256
5f8fc4d5ed7e663d37f9475e32d61d31f6c156265a2bf4f901e89feaf54e14e6

SHA512
2d1f88af6b9aeb9ca48a72e3f231144498973cf7d7b4503888678ff5be55e5511ffd8b19beb6ecd063b15aaadd97fcaea856649c52ac3bb01e81e6187e528d41

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
5bb2ba55ebb7787597b89eb122efcedd

SHA1
d2eb3e7fb041b6891e26ae70fade1b88fdffb27e

SHA256
9b41ccb73861ad556b781b43247759741068f4cf06ea342bed55fa5413000ed2

SHA512
6f91e7d0cc8194f45734e5a6c8c3a8fd1bd93cdc85a0ef24a9a6567fff217cbbb75f6c030675a9e6dc688e19571f776bf98e24409f714c911b1c24a3229be070

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
3edca3ad5c96adfd46f4e3f0d23cab7b

SHA1
3f6e1e298dc2b55e961c47fc324037c0f3d37888

SHA256
0e0944705b5c60017f4534e7b46120393a3fbb5d2e3d06e7f49c34cf477cda5e

SHA512
5bff5a7c774f368863cd8de05bbcaec8e0783728e079603595be2f2283511e833ca6d475c1f2027902dfbaa2755c54d9f8f9dce8009943cc988ebba4bf117d3a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
14a7ab133eb6953455e90fdeb8baa6fc

SHA1
8612762ab7b81f57cd72233c9d44db53e75464cd

SHA256
833ceca74d9088d818ebfef3d3f2017480859f4ec7039ca0ea76091f343d74bd

SHA512
f9bbb14bd4c4f606afe06b0b1cb3d5a4a077a34745537253b06b263cc55092f6792e9a341918a621e6ff33926d243988493e7ae85b0a7580a75efa823c96aae2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
fdf3ec5d9bd82691b610c7dfaaa14455

SHA1
09d6a397d0fd90664ce583b72acf40b59eb94d5c

SHA256
87f4bbbf713779db59508472be8fd6412654f837b3e52277de68366a0c60dc19

SHA512
82388075b33940593ec651b6771f78a8619e1fe8761bc56fe573203240d2fa4e19b62eecb9c994b50b51893baafa8cf8832e8551b81951199e0997d8ca5d9120

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
9a9483df7f348ed832320fcb0ab06115

SHA1
891741976f82185834664019b4df4907275847a3

SHA256
d52b1453dd05cc79d4b5af20ba550d1f40c1b083e3ef4899eb916a99f417e7ba

SHA512
3fc4013c8c8214983d5bceff2f5ff87630c43d561e26cd20ad58be4869d2184d88305389f754bf06c329b72c7dd306f6a50010df618866cc00b9a15d1af5dfb2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
f3a7b17eaf5af6a578e7cc62a2647004

SHA1
2d22f32a44728c895bcf25103fe01f4b401e9bd2

SHA256
c809ef256df48da987383338f71671138f0b9b3e67daf2fe808c5c28fb27d05f

SHA512
9efa036a3edf1b98bb4c7d8800c96ca6eb2ba135f8a93764b141e1f46513cc82959c982ee92d5ae1a1779ee323e5cbe8bc3acd67e38d02999d62346ed972b639

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
b0d634628f4118491092ceab77fa702a

SHA1
02cfa2776cdbf612e2b0cfbb1ab4281dace638fd

SHA256
1ef66109ee40857fb62a306535c6e7a6f8c0473045a0c3db07633de29710b179

SHA512
6ecbaebb50d010352e307e9228c5b23baf83aa79082649fd329e83b557f473e8f903b1fb6774fa23a7bc3f475e181386ad00e1bd80a0336d90d9172bfd0526d4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
cab0b2de8294c9411ee38b0ee4105e7a

SHA1
7a805d1eeeff22be68f02e291a5447624d728473

SHA256
fb7979e2e51fd1f3420ae86b6db6e489d06b2439ff2e0702f4855114ba108e05

SHA512
69b7fda2b4214f0331c51849998f719cfb12a6380d96b316c34c2b34ad857565aeaa74905ba0b0c94216149ae6337ac638dea538b1142f18d4d7123ab6134546

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
309000a3e757194370aef3bc5d9edaf2

SHA1
386d8328e446f49fbbf64808f0ad45238de80cbd

SHA256
5b86ae705bddc7cad746360f8e2af3c5e40c1c4aa0f96f8ab13e2b1a3a656b11

SHA512
c5a43ad3f1888e34658d2976bd3177d38af566464fd9d0e395107866726e1a1701a2155e32168541821e1bf6009e7025592de397418d88692d314b988ea73596

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
ac1c36aaa7f29d8db705e5ae5b7653a5

SHA1
b152bc0cced3d3f63cd67d92ea0a1ee8da300435

SHA256
ba5af185947476e5d7afc52aabe7c3960e4cd581ae6178460b4fc8ebf980f708

SHA512
50623ffbab92e5888e1249aecdf64a9e09b55ff666a85bc234ee840917a93bcba5d2ddef983ce9f7ba1968e3466016ec00c8e49b531b5cd9135cf6aa51fdc599

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
897b89a8c51dcca311e699397b82b035

SHA1
50392b06da435222cd1aba27b8d28438623ef52d

SHA256
d9202806dba842a356678eff1002fc02560828c01b8dd5ecc932b8ee7352f813

SHA512
806a250c6d6cbb744a437f05e250e8ce6e316ed8730a8fa2c921e730aa45466ad9bc754b287047d6156114019e4ca4793f81c9101b91dac85c967b54ec985a28

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
1b2eb1b4b64cd31ed3d5c79c892e8165

SHA1
0d098bb84d7092ac75a77efbe29dd79d99026fca

SHA256
81c16f270af63ab27fe67e85f097662506277a6d44554a110220e3248a49cd11

SHA512
f5759d2e83ee95b4e2d60ed63be31a657ffb0dda5e01eff0185f311a55a8cde9e02c465748be8c00b4b3eb67437656c6a592f0b2b3ab3f7248d54b294ef3228f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
1032a75dfbf1c2e3a1fdd45266c6d4e7

SHA1
fc2a85219e5ba45bde47565a4f528668081a0736

SHA256
a17b0876ee00373edbd39b659d456be97982baf72e945764c4ac7fa599ae7db3

SHA512
6d6a2dbc580bff041d749f6f58cddc51a7aa3b09a9fc6cc3059148cca7b34186b732b173247b780f46ffb89e28faa53e87cc0dd54b762626599a4f2a6220bbfa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
e8ea52627fbbbabe169fd03af3253e80

SHA1
d852bbc482ca49e805e48464cf452b905bbc3c3c

SHA256
b28cbaa2af2972ca24428ed9604c19d19f50ff292352a212d9fb25946aad1e44

SHA512
72cf2347d40866ae9cff07be1e159d3f168c718b64630450bdeb9be09a05b202c85bdcd0fcec13035e8542571ea0ead9074e9ef609bdae390ef0d8d8684b9b10

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
f1a6cd2b7d08fd82229b6497be6e3a43

SHA1
1a95f7556826214d1796b4795b66a1157ef2422a

SHA256
86c8f55fbe1be1318ecc29f08cd3f42deed596f664a08ef3eac2756060ddb5f8

SHA512
3b40c786d0d55ea8eb7d3508c7db573f069dc8818f3eb57a8f09ab2487564a44a82044d8c49c2d7a1d373a9d95c6221c8dfcfbf42be34ad1a767bf6083db44d8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
6d34493ccf2058945dabc5d10d15e83a

SHA1
ba6db16803e53394b8c802273b6accfd3aaad3b8

SHA256
ea4acab08bf798cf46d42529d320a104dd67890e01abdf49ba70028c36282df6

SHA512
5dddcc917132d019c60f25167b5abbb89d6d0937a621c669de76d11f64f613705a21e9f6514acb2b04c896162a434a4926782e24ba9d3a74d0489eb812a1febe

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
05f7ff9c6457cbdea9e21f9519611fcd

SHA1
cc991ff7f01d0f7fded61c3c034e3cb39837b815

SHA256
4672db19cc3ff29ff3f4db6b753b30c23994e25a4a45b060c9d7677ad4042793

SHA512
c857a282c6662aefe102d222ce523d309b6f02e0678b6c72af8d5a4a2e2b52f31e3bb7bb8f407879633957d5afd119f423fbfe711b72dd58a53f780adb4e2ee6

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
632b51a552f75a98661b21629300750c

SHA1
340cc182b7d84306639bc60cd5f5f098739e1205

SHA256
0f3335f7b269c6a30863380d45647a99858fb987d1d21c16c1d3ff809925cfbb

SHA512
3f00302bd12688fc36d3ebcf8cc067d3bf67e514edc0f3a50c9f63337b68ef75c123a7f6f085280f8cc47ca797f23c966f4adccfde11539924d3cbff5fc6505c

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
d2409931cd95b70c377ab654e6fe3df9

SHA1
063fe366a3aa3d28b1e6e6f77020e14b22c588a0

SHA256
b676c08b3ef77796621a0b417c7d6ddb813c613cb6853314230a20d65c2ee3e1

SHA512
8885b2189a18c1b0bd5fc6795ea8b6a1243b6ebd0031d1df9f4fec66e3a033a26fed5c53e6064b467abd550d7f39e9f3b6893018d5fbe7488f0329aa33a5379a

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
80d1c028425288801450daa95e35162e

SHA1
c1fd2aa1e32cbb74de3d81eb28d6b6702849941f

SHA256
545629da070b7f0095a2c88749efa120867e96312ca411ebda65a5555e69f089

SHA512
829ad6e906fa21a92f94a2bba154027fa71707297269cd20f71fef4613b8a991123cc231b56f10a67b136f445dd2dd42961fe8575d6352add2baad375e791493

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
a55b8b2b07abf5c16dbd6342d79e4334

SHA1
74f7d7e3d008e691d794342eddd89c7e810e2515

SHA256
3fd350b18b7e00548ef907864aa25da78480370e63ee3b020094716f0289defd

SHA512
9196fa40b95d306c5f7127b113f2615433a7b39ec532fa66a32490cd936450fb4e1814b4902e8b36d4cb710b7d5ae0e9a9c2eab7ec2d1ef9de1eb2b73afb4bf4

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
ea12a3bbdbd8ab9379ee89e84ce7f95a

SHA1
3a594222078c9625da518d47558cee4aade03ff1

SHA256
f74a37eab8d814dec9b7b8ac376f27bbbe0ae1b2b4bd3b467ca53a341d3d4bf1

SHA512
a6a3716249bb21be759eb5d4b5210c5d8619e20f1315f33ca77ced30e7ba805383e54533ff435c1f7c24cf991ac673172cc313afead8c45ee49f90aab4e1435a

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
61fcecfef69e9dfe72c86999dab6fa40

SHA1
2e752f4c08c1005ebbedd4efa7306782c89ddc37

SHA256
e0f6f0ccf52237ab43dfc62aaa1323c9f39e3d389faba7f0447aa39fc6490932

SHA512
95b42483c902e30b8ed227f3de840a6ab7155b86b65631cb0c69b9336df5e908a45844249146821e260682c7582f23e7c39e7bafab8f4cd1776287ed2e8f74da

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
f19535f6394bf03180bee9ac724b80cd

SHA1
5af0a454091b714589efa6c507f8cde57e0ccfd6

SHA256
24bcb0fcae0bdf214bf7e590692bcffbd701a25bbd71cdfd968aaedc27067dc9

SHA512
3c3d04a4f97a708c1bf2154711a11a721ff6d393a03f38cc20d814b0589f68133e68d8ee67b50ed883a59b4fe4d4e328ad6395da4ef8ead3404acb5fa3d6d5af

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
9925494bed9f10841fb048aaba6c76a0

SHA1
4f00272ed70b3f1b4ccf8313a00cf84ecd22131d

SHA256
2ed3fa90e20a84b9948e24c69e1729e38649c2d04170c290dcb7bfed12d75ab5

SHA512
8e97a313885cc43fdb19c32d4882249bd6c8745b33ffae5b6f79add111ab797adf416b97b768e64385f377ad0c3aaecc57046ef2ae2faa49f58c640cb4019db8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
7d518c6b59d0322f80e99e5e417d3d48

SHA1
738fc77523801357d05817ec58c96a4ca499bfda

SHA256
2f8f199d74439453a1f966a14ada8bee14c4982c3bc703d69c5da6ab9dbffdff

SHA512
fc79e050cefcb6b507e6e8e1ff34f746fb81794bf7e03dc68cc9bdefedf3e19518b2ebd2f1f8e3951be22f38c9612886b3fd563f3c9d692845233e43861be55c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
445afbec1a9131faabe3d9295c50c414

SHA1
c0881a83820f9e5d4410dc1aa4c514343a3665e7

SHA256
8405384be1380788486ef88e05a3a8d7ed153d506fc88fd06652d15cf24aa5af

SHA512
60550f490dcc979115c3cce3d6c7f8904831d69a5cd6c38bef8e7b171f70d781de547f13c87b5a347d781366736c2f04995946ccd8ab3f2d34a443a203048975

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
98fa0a175021128037b7937ea84c36ce

SHA1
6ddf3eefe0f8b34e6deecc38f6b209eaff9323ca

SHA256
85e108da775516dd894c3659594fb61b41c11f3fc300d14e1d76fd59f0bc8744

SHA512
9bb2349a546cb900d663431fe9d2e2391464e84cc15d840a9944a1edd98b158297d4ae3ac849515a10220e19131e3b36a548a100d42a2521e4bd96774da52a28

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
b0a50b065bea2c81884133a8e015cc0d

SHA1
03094e1f1b0b6cd89dbaeb8663251b8bb5164012

SHA256
52193a94dc7229da5215c86cbad5311896dd291ec3544fd46a3d1b9d4f2988ef

SHA512
37813b28d14717766f00d62f3016dcec2758c5b688637455d15f1a1deacfa9530f020daebc530d8c4d6c595db6d6af1d0f68e272b448b0501d0c4e9bbf5016aa

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
6bb7ade19ce482d765b3d1a80851d590

SHA1
f014989c4ab6dda6e67e2bbadd35775b18f2ce3f

SHA256
cd606d1ffe97de47a82e6dfcf39de4938019c44d1a180738dfe4f9eb99a77ef5

SHA512
aeccee4ba8ac56b1f1d514abdd65f8cf9ff5699fa90fc580ee46cb197c47cf6288116356cadd25fcb75b62b90220890c3a9e0ceedbc66215db8e592fba217271

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
f3b1ffe40f64ae417082a584c37c74fe

SHA1
36b2b2be1d6114c4ee438d138b887b1b16d08235

SHA256
fb2e030cd20797648b8edce40b832938145600db635afb43248f9954031bfb30

SHA512
e8b54b6fdc84277eef6038555a8f203f9e824cdd5dbfd388fb77a8fcff5b78d5964b4504fae40bec4ae70ce9117af40ac5059781a8102fbd86ec3797d9fb1b52

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
90f0484f10c7eafb9524e5bf7e186190

SHA1
be17d708b67bbd123ef83360aa0114a603c1703b

SHA256
f6eecd92b70d23003ba9970ce2945ce721dedb1540ea6b64b8165e3ab540559c

SHA512
da5f031c0ba3476f7fe2784966bbdcb9c61d95342177fae8662b00e48e9fe4aeec1e3024d39e58b1aabd6d7f5004343319dfe6311a87949b9d4bda67a4a798cf

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
0599289e8ac007289cd07d4b70d5c991

SHA1
51dac2d1ee26b4a70fb5a45c686d51255684b2a9

SHA256
3583f6d1c856710b9e916f9e782a56c6646fa6b4fb19af61ef5df70eb7eb2de9

SHA512
0bec4662caa0af1ad8e0a65cd5819a45daeda0f09fd8a3baba77d7059700d8240ee41aa44bb8d60533d1f400738a6fcb3769d473dc07bff6cc71150e491a95df

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
19756955a4f50b67aebb9bae095db10b

SHA1
1d4e414f3289cd1c523da0bd4fe93fa481dde3e4

SHA256
cf8ea2ae0550636bb2d8004c68bbaa4e1edaf460bf4f25ee435fcd0331d78ba2

SHA512
5e2bb5551687ce2d41bde32ef16efc1eeef6284c6489e51b8833c65331e64ac58fe0e8ed216d5ccf650808996ab84f3a363441a51d023324bc55b07384e9e8f9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
6513f82bbfaddb0ae3c1cecaf4e719d9

SHA1
333a52e741a5c535ebd0c57913e1cde3b2a42ec2

SHA256
0e954e5f956b3029937f096cb89d3e0f59a20c8bb7a01d0843f11152d5cb5514

SHA512
05a3593978189e314ff574338d48b7550ba1e0bb94a786423d5f5917a7d766d52029f517d6933b8b90d63e09e00ddccf2fda9aaa8dc3c4e668c1ac904b7f4dab

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
c4133b9ddb67f10d95125b50a8f1ddcc

SHA1
296bc330a72ae608be52ce28ab44d92c1a546e3c

SHA256
22682d3212c8e837eeac4e168ca9184fd3bf5afcd1c4d218523ab9170c32fc1f

SHA512
60b008f9d14c6f6e1de8f9674ffafb95500b728f88e9eabc345947505db727c12dbc38904079f6dfbb502964c565a104b377e69781cc08fce8824f80aded0da7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
d98e7904dd0b4dab56f66f4d01c8dde5

SHA1
aefd9e3a59af0373aa841f76f9c89ab5bc475ce9

SHA256
a6a3b85d52b84a1357895e75455258c2dc0644c0b52e1fb11a0f7e6e25976e6f

SHA512
8020d7a1f4e0314b41c24e00cea153304b4cdb36141ef6e43e5c76f1eb38c383a9e2281ea62a585c29e17adc4e68e84024c711ea5127eaba5846c811a6baa782

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
4f3ac9506fa89246cd0b38a3e42eaa63

SHA1
84f67b85c17d8dd262e3be89bf8b5f183c373581

SHA256
d7ce9c3ecdc3e7b227553ff159a1d695c219f3838e52cdd0e48c02c97e71e8b3

SHA512
1a8e25ae31e85ccb9180ed92bf725128e0a74a8684361a750e7027daed5714054358f8112fc818090ce87ad91ab8aa7dae4a149ca0ba83a091d1e3c3aba2db8c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
5720e14c31466316b71814716049144e

SHA1
033d6ef73b8742dc3c4ca96c00830e0685657d2f

SHA256
f4f89c555cdb4efa890e8b06f030d1fa4bf0fde5f34dc06608ac94e554a9fee4

SHA512
6ebbdce11d62a60de23532d79fca160a0623a8b29d6d03e2bb96db2721b95f71d4192a45e966699b0edd4e5d5915c637b2002a798f19de62fb871098520faa98

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
7c663a4d837312b113e783e0541c1d7a

SHA1
5613cea10b1247df0a251a90bf8163bfb7995f9c

SHA256
3cec27fc52a35a87ff0ec1e297f5f2a1ba8c17de0de85fc32e22af432da6b2ae

SHA512
6e48d4a796cc29fd27de9f877d78b5a0987cf1b7753fad205e7167f77fb7b71fd55495f88b04a2995361dd7459f4b7ea13e73b72cfa7fe16133195be5ed1dff9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
dfc82f4d8343c8b1b9e3208dd14d88fc

SHA1
40309152425f0993e5fb6029945d3d24103213ae

SHA256
0b21ddcb469fed9970c31346dc1d8ae1086ef104481456389258c0a36a5179d7

SHA512
6c49dab0fc2fc807de309052a6327ff24eadd0ceba4857f436f7b5b80c90558d1193c00dc8f9d1ca221b71fa5164f7cd36c474eeb675ca05e396c2f0197cef64

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
b18b591bbd6c753b9b1840160939f261

SHA1
04e47457b11fcd2690d548a87e215a0c48ed81ce

SHA256
f12cf35ee827971a3375f9245187904eddd6081b1175f63934f1acd765fc856b

SHA512
3e5579e25ccfc87800fe0608856efa65246bb41c3478aca3bf5393d1ab5d9b61f8ca0d03f1f9aca7c954ae4779860a7cfcd2afd35119804d878a075ed5cd8e60

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
141afd63a7efc70c24def1a5e60f68b5

SHA1
f65ab5adcd8950b4b1aecec57fb690071a37e372

SHA256
a971ece13c746978b975cea423900cde6ada61761c7723aa465238771ba8eb85

SHA512
4078a1e4ab25c7a755c8d9a0decf22af75ea2c8cca237edc912723e8d13396c9cbc8a336e37a92265c58f2c752aba03abdb3d6414bd731a1fd3e48f4203f661d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
dfea1a9d65c60c0208627227b689c06c

SHA1
47ac861ada985c6d197a5126d7769bb2df9af517

SHA256
ab9150545023a774cd4d6dcdc333df9e9e6b536e9cc5a44a55b29e46e8b53633

SHA512
c650f54ab1be21c20c478575cc921e6e2fcca863b9767ea4818caf23b33c1f52e80a8257c9ee81f215d475166227151a10039e9aba2946d90c7f12227de1c843

Download Submit
memory/1800-0-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1800-9150-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1800-9151-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1800-9164-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1800-9167-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download