xorist | 671e240c5e237783d98cfd031782bd2acc38f79ad09b32e4fedcb9911ec34635

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-10-2024 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
Size

7KB
MD5

3a5ed23192238ac0491adf5cb46b183a
SHA1

3177eb62741316541415ba3d79e51aadc513bfb6
SHA256

671e240c5e237783d98cfd031782bd2acc38f79ad09b32e4fedcb9911ec34635
SHA512

0caa962bd37be330751f0559f146321cb6bd3861cb1c7d668c41189d290b5a5ef10ca670cb3d60d501eb375fca2b8d73dd625d14fd10bad50ec0c94aa7c4e3ab
SSDEEP

96:lHEZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExPD18dNop97p9P/jMU:xEzdrr1FG1WDCgmjPZPeKZXjMUA

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 5 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2528-8961-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2528-8962-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2528-9204-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2528-9205-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2528-9206-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2219) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1uoBPi166dn60J2.exe"	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sisraid2.inf_amd64_neutral_845e008c32615283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_neutral_024281c0e4e954e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_blocks.help.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\digitalmediadevice.inf_amd64_neutral_6fd673519d66ab20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ehstorcertdrv.inf_amd64_neutral_2e1cecffae9c899a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdp2.inf_amd64_neutral_ab710894455d7b9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Return.help.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scripts.help.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\arc.inf_amd64_neutral_11b52dec8e94d9aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdf56f.inf_amd64_neutral_26a79521b746fc31\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Automatic_Variables.help.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_jobs.help.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\de-DE\erofflps.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_troubleshooting.help.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcpv.inf_amd64_neutral_5667cca434e3a6b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00d.inf_amd64_neutral_ce7a0b4e23e432ad\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep004.inf_amd64_neutral_63b22bfb6b93eaba\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_If.help.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnsv004.inf_amd64_neutral_fc4526bbfbd5feb1\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\WSMT\rras\replacementmanifests\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_providers.help.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_split.help.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Redirection.help.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky305.inf_amd64_ja-jp_4d77cc4802b17ec3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc004.inf_amd64_neutral_bbd3435eeaf576ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WCN\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_hash_tables.help.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_script_blocks.help.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_neutral_9b64397618841a19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky304.inf_amd64_ja-jp_1b1a158086a263a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_parameters.help.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmvdot.inf_amd64_neutral_714bc6a3a28b9f0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr002.inf_amd64_neutral_db1d8c9efda9b3c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_job_details.help.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Reserved_Words.help.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_job_details.help.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnle004.inf_amd64_neutral_beb9bf23b7202bff\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_type_operators.help.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\igdlh.inf_amd64_neutral_54a12b57f547d08e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_neutral_b4e8ccc6ba210e97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_neutral_a7f5d9f34b621dca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NetworkLoadBalancing-Core\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2528-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2528-8961-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2528-8962-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2528-9204-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2528-9205-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2528-9206-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe

description	ioc	Process
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341557.JPG	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14768_.GIF	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_hyperlink.gif	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\26.png	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\submission_history.gif	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\settings.html	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH00780U.BMP	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsBrowserUpgrade.html	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02758U.BMP	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101856.BMP	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosecolor.gif	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR40F.GIF	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03143I.JPG	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\18.png	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CORPCHAR.TXT	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0177806.JPG	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21314_.GIF	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\tab_off.gif	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SplashScreen.zip	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\picturePuzzle.html	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)redStateIcon.png	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPrintTemplateRTL.html	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\4.png	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10302_.GIF	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_right.png	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\43.png	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Program Files\Windows Photo Viewer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe Root Certificate.cer	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev.png	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..gram-data.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_abc97db78f780e64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-blb-cli-main.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a7c8814cbbac2b26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-where_31bf3856ad364e35_6.1.7600.16385_none_b9c82ac6f7db99ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-scripting_engine_tlb_b03f5f7f11d50a3a_6.1.7600.16385_none_42622b0d7f2efa52\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_ru-ru_cdc2da7808ad189a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-optionaltsps_31bf3856ad364e35_6.1.7600.16385_none_e1d294682a365d27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-audio-mmecore-base_31bf3856ad364e35_6.1.7600.16385_none_11d4ade16b61222e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..xecutable.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_83661b0cd6f2e9fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ginworker.resources_31bf3856ad364e35_6.1.7600.16385_es-es_adfde4e259dba0cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmi-tools_31bf3856ad364e35_6.1.7600.16385_none_33f05b889d506d0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-x..lugin-mui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1e854c2683e0e193\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.windows.h...sdhost-driverclass_31bf3856ad364e35_6.1.7600.16385_none_1ee66a1fe1e08c96\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..ingengine.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_53d1d4a8db7e7aae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_de-de_733e416c948a65d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-autoplay.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ed7f07959ef02f84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_51b106148d4e401f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-netevent.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_810041d8c841663e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rasserver.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_083761eb9020e571\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tcpip-adm_31bf3856ad364e35_6.1.7600.16385_none_8efe707fa1acdc48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-themefile-aero_31bf3856ad364e35_6.1.7600.16385_none_d5e81742635a7176\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..iamanager.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2452b9550a34d471\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287\WindowsMovieMaker.bmp	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-fontview.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d3e26e65ef2564ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..35cdfcomp.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7e0a31f5b1cdade5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_dot4prt.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e4a9d2b6185cf54e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_cs-cz_9d6a12eb890b31cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_ro-ro_57bbdc9561e755f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-netjoin_31bf3856ad364e35_6.1.7601.17514_none_5961893bcb092ef4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Design\d6d1ba722a664cd9315cb28715ed3468\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-keymgr.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d6fb0e0623f41a68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..-credentialprovider_31bf3856ad364e35_6.1.7600.16385_none_e2ed533e1c868930\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d19e979ca36916bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\inf\ServiceModelOperation 3.0.0.0\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-mscordbi_dll_b03f5f7f11d50a3a_6.1.7601.17514_none_44829d2719114141\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcxtask_31bf3856ad364e35_6.1.7600.16385_none_b6bc1aae9d0693c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-winrsplugins.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a23e0ef0a4416066\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wcf-icardres_dll_vista_31bf3856ad364e35_6.1.7600.16385_none_6d023da984892bd3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.web.dynamicdata.design.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_dc43ff8c5e3bd681\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\4.png	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_Continue.help.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnky008.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3f5831ae11c8f33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-dataclen.resources_31bf3856ad364e35_6.1.7600.16385_de-de_142d3e4e8f7ea4a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-h..centercpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a6dce91c4afdb4aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..t-console.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_079c517e4822f969\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.iis.power..framework.resources_31bf3856ad364e35_6.1.7601.17514_es-es_fb38ef1d6bb087bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-audio-dsound.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b2dfec76cfc4a9c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-e..orenderer.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4c53258288780299\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dims-keyroam.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_446c238c16b679e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..datalayer.resources_31bf3856ad364e35_6.1.7601.17514_it-it_e6a9b09156aa33dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.windows.h..monitor-driverclass_31bf3856ad364e35_6.1.7600.16385_none_b5d60f222b50ead3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_networking-mpssvc-netsh.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7156455be918602f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnhp003.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8efd7182a5eaadd6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-lsa-license_31bf3856ad364e35_6.1.7600.16385_none_a14140fd75432ca5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Manaf08ebffb#\13e78018da27a55f22b29d9ffef6f33a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\inf\ASP.NET_4.0.30319\0014\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3507448d0abf615b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-qos.resources_31bf3856ad364e35_6.1.7600.16385_en-us_97579d95c8092c0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_7.5.7601.17514_es-es_28f5e81baa162d31\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..layswitch.resources_31bf3856ad364e35_6.1.7600.16385_it-it_93d4e72ed679bf41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-appwin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_aee2dfd6a72511e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YAUJXFSNEZZYCNE\shell\open\command	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YAUJXFSNEZZYCNE\shell\open	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YAUJXFSNEZZYCNE\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1uoBPi166dn60J2.exe"	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YAUJXFSNEZZYCNE\ = "CRYPTED!"	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YAUJXFSNEZZYCNE\DefaultIcon	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YAUJXFSNEZZYCNE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1uoBPi166dn60J2.exe,0"	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YAUJXFSNEZZYCNE\shell	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "YAUJXFSNEZZYCNE"	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YAUJXFSNEZZYCNE	3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
289B

MD5
56b24ec340b599eb5173f8c1076d3f6d

SHA1
b73f4496b91fb34a22b16d928270ed9a59ab2e5b

SHA256
31e6a56c128df5b8113499e003685a7fc3142fb528a4bd89c59ef30d968ec438

SHA512
64decb283b94443d2ce2e046b26914a45f20ed5b87a2beb47da709fb1166c48be392f1cef965504bad78ae0c65d6d3161bfbdf776b5bd9bf9c71d610b68906ed

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
0ba6676ee3a6a68deb754f059a525563

SHA1
846117112c571595787a4135ce7df95569fc6138

SHA256
c21a1be497b912ed6db00a1827c10bb9f7d595765e6bed516424e125e8faeb1c

SHA512
ecc9e1f91093b185f9b2c2e9f70fb9d390d8d224232dfc6d691e538be4734645fcf7d40130b676764c4e2a9ac62756200ffaadad49d2165ab909816890c91b4d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
3fe752821272029cba17b5c059845b1d

SHA1
506bef666fcd2fbf84973962a97dfaacec042f24

SHA256
68015c80a4905ad48cc07b035bc539606b97a9701b93d98f2446a753185c0093

SHA512
27445afd50b4884dbfb06ef3b486719932b589fc22a0e40cc143d7fc0090bf59d972ebb75bf64ffd76df957a65b32e49971da536604cef4d64379c3e24dad81e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
322a51b90167df31f14babb81eece779

SHA1
141a0a2a696acf32f381314a6dc0351a6d92872e

SHA256
7b5f26562710c3530775a04ceb51dddd9100cf8fc0a131174664ad2369a80754

SHA512
1a092a547351bea1f3adfadd28fd6916f2ebd2781930155369b1e1620788e6592a97f948e4152d4077a406dfc43407bc5846039f0e24bbe15229293ea37f34c3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
177b25536d7d93b97f26029bcc3f1ce8

SHA1
2df73389b4d47b722724451bb9b20bfa8e4c16ec

SHA256
aa93f5ec70cfa0f5e42e60078e1e4b6edf97ff2a21763fbe35a33c67dc33131f

SHA512
d839347db452d014dbac0bbf528b41384c30e0e842ca9ade43e2a4dfb93e6caa2c76e1e2ef56c35b609fd81973fc98f85b44f39c821489fcd5d66a385f5c6b1c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
f9553fbd11bf7186ac5480178ee84df8

SHA1
ded28f785518c7029e56c6d62ed3922ace0ccb55

SHA256
8a633a6c1480e131a76034c66568a4bf91b7616437928bda75e362d532dfdf0a

SHA512
df110b2e03019d9bf928bee87c0a44f1bbc5d61d5ac545aeb18e9c1a58a0e0f242b722a4d03961b6abc16989b739efec763eb7b57f46ecb332bb9714d1c4ce31

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
1e88c93207f4a29cb7bfe274ffa5100d

SHA1
b23c37e7a8177f55e234016ffe17c5d52edee49b

SHA256
5cee49584a0cc4d8b63de7c7a229d3f74073b890b08c3afbcc34f438030cef5d

SHA512
39140daad9046b3c1e5b6a424fb686dca4f584e7791fe93f67adb41415e0f83141b908a021dbabcb038e40e52711911290ab2afa58d0a555bb3bc05912427fe0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
e609e69b1be28c73552698d9550ad568

SHA1
9004508405c23ba94c1d2ac27f5fa8d85eaccbb7

SHA256
bd87532d0832bc90a219973d10eb161eed21a5f557789d5c5f89bc915b5d3c11

SHA512
e0ea949744647c028e019c6871afd31a3be900f57eab1de45349cf998cc8efff136f3d394729813a030fbfb083a496fd2cae5450fa06e604ad8e49febed4c5e9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
b9fa0525d4e0e0bf59211992253aef77

SHA1
90184971a6598fa30ae081620ac54e66f910ea2d

SHA256
23bb9f4051b48413e1fa680739c68ba6595f4470b5cae507906fb5a8cf946a81

SHA512
7e2c60b36a9cbe4fbac058dd885f03e385b1c49e2cb43a5d6ad232d837838f1adb2edc585faad8d8ebbc2308fe71b604bc41209e61a8c09d862da40be9cb1d45

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
a583de3d466870a6cbb5a57b3edd29f4

SHA1
8fde834b0d6453d2efb772989d76f4777458f45f

SHA256
f4602fed4f0bfe504618afac1f927b1eafb7362bbc03354e9359d92b599d83c3

SHA512
e37efaed7a874d4b6d8c4a71730b842b955f3a83227675813c906783c365dab794d580420b7f57faab4fd85f26342c53bcf894ed8437f1fea38edd8365b992ef

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
92b3dbe00e6eac69245a1230d3d768b7

SHA1
5ffe927dc6cafedd77a5e7212f5cbfeb47fc6398

SHA256
6c3dd0c7301a012e25fbb681671e2f4713bf6c8c07fe00582348a1dbe3c1b03c

SHA512
cedc8692e1ee8275f0fcd885bc5cdffef20fc5fda46019abb7535a2001a181c46afd634af7381fee2676d9194090c208ff9009126a228d10f9fd29dceaaccb97

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
8a4ce7fd818dff25a67f73e5b2234c9f

SHA1
aa109446f569de613029a1530b2605c3cd23daca

SHA256
d5ad4041f3f3aad94e1142fef36a4dcf2b43767e2b6f042c1f201195660118e2

SHA512
3dea8f30e6df5711a67b0ad7c106645e2915286c56c66846637891d4eecb0ecdf050b2946a407d6725c309dd7e1d46e34abe5b035eae3b26af2ab102048b1f24

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
86cddcfc9e566a10fcd1c9209f0fd024

SHA1
4ee5e19f0aca6b88b58cba2179a9f14cf1017d2e

SHA256
a4652b3c83d2aa78f0dc7337e9a901b8ee08e9d138db5b91342aec9841f14546

SHA512
d1c82188cbcb73d4695b400ecf046c52a5d855a2f3e65f4560b2461f4d51d5feb5903bf1e85dd156dbfe29949733f3a7e520f0dac907a371929e2746b01f79ca

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
d922a3c7a93c17fd119d2b02296fe42e

SHA1
8b4f2359431afa8fa356f1ec9fa2be426be1c702

SHA256
8228fa42fb3f5c5fd99ccc1d7233307e2748fab90efb10203422b9c9b2f9cd13

SHA512
a1b74c7d6a85d4bf2650f084c0197d4acac2addd4e2f3e573b9c0949449278ca83c073f203173e0e918323d61c12df68315e0731faea68931dfce760b3a32420

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
e956a057749a43f79e7c974478f60ae4

SHA1
daedbf31e3721e44966e7a1a3e022c9608d46891

SHA256
8c52371a9aea4387bfe486a1f142262e9803dfaffd78f2dbe8a6c955f969d21c

SHA512
f5e6de5ad590a092d1420d512798a67f1f0849fd914ae3c72a0f6a4b0ff8ea7381303daf4a91a833808ffe3777148e740ecd7bcd6dd776ae396936d0abf3270c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
dd155d809d2c272a9f9ff36e16439d47

SHA1
131cc6447a484aa8ba6e1895f15ed7b0c12a0f5c

SHA256
7e06bb708ec138ba6b5753018ea37752f5d8c093a24c99f86fcee6e6fc6fbdbe

SHA512
3299d7be4df59a91a6cb31395d442242ec4d9830c8f39410a58ac66df5dc3a87c4b9cda3b0afb8bfb569a299f2961a7a3662264d8a83e6a8ebab225f82e40e9b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
09609489f2fca906d91c80f002b5f4b9

SHA1
dc81f856d3225df31c482e0f5c2e830c1494ef19

SHA256
c4a11f4359872903e7d98e39ba4044c2689ba0465b0129d358c3a31746ee9cf0

SHA512
2a2476591f843802ab3b8b585d6d667bf4b69261ed889e953bf86c37cef6acc626f74732f60da329887600a3948ff81254aa57d6d11ec930aa3eb581c0b2d6a1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
27d20bfaf87207ff0a5d0d52b4684199

SHA1
66cebca1a7b0d8daee67999dad4577bf867e2990

SHA256
3eafee0dff4d4e6791f750d3122e5eacbd4e85e6c78558307cf356f8ccb10287

SHA512
8b325f4020a0e04833649ec490fbd2ec47fa579076d5d3fe419bec1bd80ea9a9df1ff5f383f8a89254afadecb2c68a2a8d65e7b59d20b72d2d11f75c181d1fe3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
e31fb5cc8a57f13baee7dcc8bef2dead

SHA1
fdb298228f949b0fae901d4af1e8977b810ae565

SHA256
1b18bb7dfde22a224a3dc22a22d9e69b37d6cba2766634bca6e416d6e4d973c7

SHA512
fb61b224271d7b8b684a34e310cb2beb81d183ca87fbe50c5286cfac2ec876a9d50f83d13482c4a685893d4fca326b34735df4b5e1a0956e254a634f4ed60a85

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
66758dab1930874114751958db76f60e

SHA1
ab72ba20e96f73c85c4f28796a43a912018c8b54

SHA256
0d842a56c1af51a3e21b8e779ae5d6814c3f9763c836adcc95743f8833433e9f

SHA512
9c532e7e0ef4f7835ec5f69b6f8e944bf36e05a303d830bcecc7836328c394353817907f4a7ce91f1ca8b5441331bcabb12f8d53c6bc3a2a74afd0707df26408

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
45079a035e5b7f84d539c3c7bb93f5f2

SHA1
76ee9866aef8605d7658f4da65e72185d3760e29

SHA256
510358e61ad05a87ff3c16c6ba14faf972d4ecd97a0e5acba4eb3981be1e7e6e

SHA512
735c95eed9bf137795880b2ce337a557b30636ee0432503b20b9464141b0a66b8ff0fd9cf67634cda56b5f3a23253e7cdfa5531dfd47d894d9668d87ea7486ef

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
57f3ccf9acba4a3c043363c59f5bd67d

SHA1
db6784a60da66aef6c1b8c53be8cf594dbb9080a

SHA256
afda6652b2a9e4381d6346cd299f50d9073659507c737b92dec89c7c766c914e

SHA512
20ca17eff9e203ebcfcc2384a7a1fb401ca89a5983b4b15ce61f3957608ecb252c79973fcde917193365ec15bf63cda6c2b97be5f2dc689506f0b5df4232dc51

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
e8088dc542d450f0de6f01c4af06e967

SHA1
5ed93a8869734bee42bd8b3502c81ef96a5f14b2

SHA256
2c7c4efd826bcdf8ebe0c05c5a3a164320c8adbc589e48c785aef868c5e0c1f6

SHA512
aa22db7ecaf5ed6844285a5f0a87a597f9aee2eda104c3ab8056bfd9e2a6b47b2597da993e1a250a2ad6f1eb3f4800245bb043da371a954d4682e1e2e539f072

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
98c2d0f4f0405c21102fcf75968766e9

SHA1
34705734e8ab185d05c96dcd5d4410ae2d997d91

SHA256
42fbf09077528eff0902248b07d64c2fd49754fee6e5d80896b1ca9761142bdd

SHA512
70bab964aa6a49e147cb4af69a10385bee8729b1da0e1663b83ef74906856840a6cb0ec7979112a1bc653a8e2721600edf849913828dd35ddb39f89b28aa615b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
a191f95aea36d2e6861181bf341f3f43

SHA1
c895d83005f072689d1c72719ff1a4741ae0dbd8

SHA256
635dce462e0b06965fbd1d6821cb37ab49e74f44667ecffec16b7c87c008f04a

SHA512
4025d95a8bda9d720fc3aab5dc68618a82dade00407fca4c2eade12a351681b457262a1c69404304dc298573bff93aa4ab8046b6368894693e77bdfd62e669bd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
ca4fc0a5e4b9abdedfe9e0109191b6f9

SHA1
ba4db04ee351a2fc277e697dc7e2f5c9bb6d5d30

SHA256
76e0d0a14797a14cab399d7327b543fa2d7254b88cf81ff82b917b23b69b59ec

SHA512
d27a329ce3ddc0da851f22930895b054c87f349ee89c6d45d1685374e6c0ed62d70449fa70a271b54512ffdb3b82ee7bccc6553fc4e4cd4935f5bfb2b33b4dda

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
38f80a55ae0828338a3a0f1ce29d1ad1

SHA1
eb71be5a1b39cfbad3b9cce381042d3ec39b486c

SHA256
e3c253503af81e40ebc2d3625785293e732277310cb5f0e7debce80e7b2de127

SHA512
7ab9ff6b44c8077aac5934e09207c50dade06fc753b4ecf016e987ac8a58ea2d7174aa013e55bd789be61d9caf8bd34aeb97c6d5e65141eaa6374c0ecc6c3195

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
fa84ae9445d5f2a60a9b5e6296074736

SHA1
fa9e84e2774ced3d064e60650e97ebc450f2870b

SHA256
53c0976f3ec9b92ec43366683a5ac3eda9d8fa531b5163fef3785bf05ff84054

SHA512
ab19cdbb080ba6de8990c2b8b962a1e606f76294127fceed8a93d0919fe79edd2e8f590e9f0d57f51d3aba0b69de8060b8e77f9b5acb565d857bc651ccf38eb1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
f1f2579c2c119744a4e1de735460be17

SHA1
bf8354fed5718255ce664808524f1b69f0c026e1

SHA256
09ce514216145af87d85837cbfb6899da019761b23261f699cd08d43b8b73a4f

SHA512
be84f21b5d4a63a0b52c11bbe1bb6bbf8138f2a7946c9c8007e1374dccfa122ed11c1cce8c965319d3e1dc1007b3b0e188137368b4f7cc3c28208ed4af30776d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
596eee20827f5fc070fbc2ce1f523326

SHA1
fb82935aec28e82a87aa92b93da61de32bee4a85

SHA256
c148d76f7db6301045ed389d31a9ddeb98405b9506117bb2aa7088d305588c5c

SHA512
8a3f4368628da50d73cfe82efa7ee272121e5b12fdea64e8986d41f24159faf15bb286abc6b2a3c0fbe635bde678555187c9121642fa6f4d55a49c03c0179a1e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
24a521bfc2f41b8e41d3702cc2fea976

SHA1
df31e2a7072540bfd76a50dafeacd107fe90da0e

SHA256
e9e6f3b760f8740371deb65c094ca9256823fe9fe9dacbd25ae41deab728cd47

SHA512
8dcf268ee4ffd229ad407ac7c544f73017f614bea1e785f012cebee3c90080d10ef0683034e1fc50ff6dff0115ea69239c0254893b503898e8751180f21c52c9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
a10e4bb284e120f434961847354a0564

SHA1
bbee351b2eea50dd3e131606194492364df6954b

SHA256
99c93a01cbf4f80ffdf4ad49d5a26983890e1ad0dccd5ebcc8146674a8a3971b

SHA512
36dddbe1efdf8f1b707b5dd43e257bd6b6354958d225d87ba763f150576f78f2edff23814eff47153e060c5396348a3397cd1cd4a4d8a5352d5d8339d0689be0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
1510b094275c5d9c02d90a1580c078a0

SHA1
da0bc8622554881a75844ebd135c0a44ed332442

SHA256
d9aa8433fa1245fd2a9735773748032c6a03ef3d6db1775dcd58e8bdda00b429

SHA512
c3809425c80bfadceab5dd01e3f1f8c4ca55bdd6b66bf5eaf54d00f6738d19e48a6efcd461faf90aeaef8cd193aff4b2757afd78819a9ae9686675666afdb5d7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
adad5696d27f5424c337648f93f53412

SHA1
d66bd9056a24aa4ea550a3a75aed5254287666a4

SHA256
67989ad6581e289a6913025e46313d8897977bd19f5e709e672162b0691f97d3

SHA512
f8fcd504b5b8a611bcba8a13a6b0cb3e4cc81cb86a57388972269e88cd3b88a40bd588767a14cdd36164c2854e6378ae6d9ff6e1248e49ab1e487fd63e679263

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
47d1183ea24253691821f98633e7a1e3

SHA1
7030f9913fb013440784f2c6927adaf3e2e26ba1

SHA256
a63dc47800831f5dd3c52adf0fbfcebf35b4bf1433cc3278f553a4b640ad7838

SHA512
7f6f0333bcf8abc7123d13008b11cab75082fdca8fd76137f9e829d64e9715a4e7a3d0f6266e1467b84424f06cbf2f77d5d9b26fe727b255d60d6b26531d9a08

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
30e94fb25ac522d001b1b46054515143

SHA1
79e2167a62feb92d3896f1fb7c9375d24a70be5e

SHA256
86afadd850df872f9d49ef1abd5619da6cfa72d5a15951911008d57b700d457d

SHA512
e12b23f2ffdc4ab191e520e95050bb0b2b2634ecb9acbeb0ab3d7398fb456929385e53bc3f547dfe1479cd3331e9c42cbe53d5dcd3730b26c295590a25675bcc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
3b2495aeba8939b19dfce87a97e17377

SHA1
995264adcceb26f6a701792b6bd5f682b6a3544e

SHA256
ba89eb39eac092755ce6f4c5d23421e26218f11286a78900cef1c966ef84aa0b

SHA512
968c51d60974d574f25f51221b609e3d8c5d918b2947160da210f56c91f9fffeabb70a328147bcd1b6de42050890167fc1af12a3a4c63d0c93454cc73df79180

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
62fe1bbf8a9c86b1a5c5fe74b6ceeee4

SHA1
b5d916ded3b236654d2d5830bbf7a0b28be0c526

SHA256
fe8f0efe0e1ffdae07459510c63187f15506c00ac32d2aa567f782c1cd06ed19

SHA512
7a5ea31e832daa5aa03f94bdf1778ebbef52383ef388b1ffc601ccc9a58549dd8e2297c011e125145aed90873c9da0972177e4aa899a43ade43ed6361381ed0a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
c7a44f76e5b395a619a5c652294b3953

SHA1
936504ac97559cc8f86b42060a948069039189e4

SHA256
f7990f7f38e78aa60e71016dee50b8f237231cda9757d2305f524f80daec3b17

SHA512
d7501be214668325292cee39c8b30629d6df1af01fb34be57461637ddf3d5f73b12e62597a61c35bfe2adf336285d449bf49ab950758d865bf469175b97f166f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
64f60f73ad148a3fabde726f05993017

SHA1
a88379e7363f1357bd1968f76ca41e2198a3c921

SHA256
59061ff8b3c5c84133586d62c1a36efd8107c52f35fcecd55de2fb92b99bc20f

SHA512
2a4ea576e4d223296f25a97c2709cf9d99fb321e200a411fcd4d3608a32a54398aa3f2367ee3399f622409598cb95daccf633a31196564f0980404738c2ff2ce

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
17f7217ef5a7b0eaa051a79ace8de3e3

SHA1
494500652af50250b22c098f30c4a30e142bf8b3

SHA256
5d75361a08a98f85ab3f7a29564eea85d08ad29c80cf71d954cbd569eb1bfbc6

SHA512
8ad350492ec1b0150aababb8a57edd157e1e91be4f9f64900173eaebc9909b85e7d3330f05835d321e2ff4f834435b7331292554319d28c7e32b6a4bebdd69c7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
615ddf96e1483299a1cd0bfa738f426a

SHA1
2a3c039b0c6257a96e14914e8024d7e4559ec0d7

SHA256
ff7cd6bea06121b92a860236a1e8f8f0b26deb9277acda553b6aa170dc6dd537

SHA512
1936a893fd2388d81f961fd073b39abf742c1dcc4639c543782974177611257a50d9fa042d36279e9a26d366eb92c79227fd7e3d244a4aba9fb59e01ecdd675c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
3ccbcaabb9a1af5180167d85efa98f60

SHA1
5288a8ee5487bc28df3ce8fc31f80337d381bf90

SHA256
b8f2c991d0c3f3457498268b747dfd23c600f512f1f53b89b9b6e1bc19dbdedc

SHA512
1c48f229d10e8270b65e727c59d6d0ffa9ea330ad0d5ad33fc5611b47ff02da1c17b2e1007e39cf5f004e48e6a307802eb44687ed887bc3e22adcadc564b558a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
6d3c9fa2b62bd75f74c57ac17be1734c

SHA1
788e6e038915fa046674ebaaba5486867456afcd

SHA256
714f273a58ae2fcf1ddc34e0a8bbd72894c12c0c11b6430c7e90826fab5871f6

SHA512
2b498b90c4271b0537f9773f4eecfadb9c57721ff9d5892c88f03d7bda08d61e15535dad7f9bf62cae37b79b35898801a5c8eee81007aa496ced4e9df88efbb7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
78401104046dbf438130364d1e51039a

SHA1
4b14f7f310e91ceefad315aa260f98aafd5f175e

SHA256
b31383b33352ca4056f2cfb50ec847bfecb379f234b7783b912d7c7bc0d7d06f

SHA512
55b3f31f72492e364cb8a676be1586348f9568cfdaf96deccea93340b220870118a2dac17a29295b54c3f4d4452cfed2ab755987d5182cb917b28f34b8f8991f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
389fba4728a7ce620c34f47328e4513a

SHA1
9217c3c33e61dfc65454883988e6aa70e889e89b

SHA256
8418d8694a94c94f94fb5f1287ca16da0791ad6b4f6d8edd94d53199598fdc4d

SHA512
6bbf2b6a8053e0fa7739c9ced745435ec00246dae816615aee16acce0a2c24d87170cb6f7c15977a3b028dcb9fcbb26d2acea651a42ac527f6f07daed30e93e1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
9d82ba71c760a19f9a932a27d72a8c59

SHA1
21c6318c6ae4823605f0ebd6ee5cc62b7896e92a

SHA256
bd3a0176858e005588692dcf3e3a2ea048f220875d200d7282edbcf05c6ba6ac

SHA512
b0dda69f5498f5d1d36bdeb42fbd727c5263f0d1dbb8979e20f51a4800c6b316897149c605f54240d98f046e5833bb27b6a7eb87b073fa60e9210276db76dce4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
101a2f2bb0ebab873dc7f3bef9863718

SHA1
4ffba0dcd5b9ffbcda89878c4e0beaa399cde003

SHA256
34816a9dc13f5398a29e60d91d20e41f075afb6a3bb06c78e40767df19e15570

SHA512
11d709c6110ab0889e6e60f9b72d87bb45166355579c01e84addb559582038d35ae9236cd1037d2d4a8c42c6943a10cb38610c2c30087c65a2b3b6f29e32f1eb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
c05aebb2e7146953861a3791289c280d

SHA1
84fece64baa3d1fbbc20bfd28bac307814e58c09

SHA256
e79719b7a1442eb790f008a50b7cc0a340b6db508c29170f96c33a696b972a54

SHA512
1d478e0786ec0f0332af3acaaa555b6d768718a52dcddcc1ba19b74bb6de0e6322ee91ea43269aa707eb5462190e98d5fb643c7c7747e639a637411298413124

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
71dfc7c64cdc0adaa367db1972d0d62e

SHA1
3c20824870e4aba8ba0434cae37e3ffe6a080748

SHA256
74a94400325b90d30f23c536fbcf6dbd6430726944bd0d6d8f5385a3ac7695ff

SHA512
5fef15408012e7965dc9679493a65b888736902506b85afe3930624b9ec429902db9cd5618c7c3bc64fd2fa73f3db181879d18f39b7328d652fcddad1190a28c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
69d078927c67438638579d7061da1fbf

SHA1
ad49ad415f64d98fb2619745baa4203e453a2224

SHA256
946370d30987858bf640bad58c9f385c4815c38c0e408e4d779ebd47a256c7a4

SHA512
05a1a4883cd99295a868587de9b7171c61be829109c5033db2c2531e9bce70c45233f1c2bbeafeb0b2f37f9ed639f24a6c3d8efbe56e07bd5f16bc696c29df46

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
3cb1a6cd9242044ceda6774de6e16cd0

SHA1
eff9649b7bd1bb606ecd233256dbd299a50c776e

SHA256
e128dbe766342a77403735390b210ec2a14a96ec33cd8935ebee59681f26068a

SHA512
4cecd9787b4755612c7d6ec7f5bb665216a536a857c96d3c5020b6c5b67e6844c24a7c44f085164d4334b53db3d4e7dadb8caebca07c018e56a178f16201e55f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
279395f39db17ea35046f6fba51bdffa

SHA1
fa2a54fd1b68005799c71063c6f35ec79a367892

SHA256
0158fc5e43b2e57e778b2e55fb21cfa4e98cb5240733c596a7295b9ac1b0e871

SHA512
185d1ba0163a031ded8bb7c4169d0858a7a8cd8e108ba1a364dc6fe242b790133e6b5c1dfa8b4519baefdcae33405ebe05ca54d38e4868142ee703a5e078010f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
610015305248704297ce3cef5e73a1ab

SHA1
11298dea80deaf7e01c583b450def1667b079ce4

SHA256
56e8b8d76319eaf88c2413c50e01ac36e0388d520916ed012c645f3940e1b885

SHA512
d56b2bbb52f6ba9835ab7744a58126e4fdd5e86a7e23d05a695b89ecfab63f18901e938a4438bb815625d270ddb87e1175e682469e02bc613a2e181a6e8c158e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
dfec36a0a72685bf8108046cdce82000

SHA1
8c40f47e68a9d5912c5ef623689977197a813f2a

SHA256
a07f3d47da40aa6e07b1e0ad9e844e462890316a1245667fcab8580d9b43d26f

SHA512
2fab1c9c46097f80d92285a725c2e5be8b1c4889919ad858351aaa2efa86bdff2f8bd8b82ad249168a8d9d830e9ef06b442fa2adc124dff735615e3120e3b809

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
649c6edc9e3402404da1c9d0105fa19d

SHA1
58110f7f40bd1833c648af1159c674a83dd227cd

SHA256
e00d35f152aeb0185caca2e686fdc5bbd4591695c6c825f6d82de1006c9b54cb

SHA512
8e8a4ef03970a856e3b5d26715aa0acd1820d8b36470a3320ba7b962dc8058ab0248f6c423975cba79b09feaccf562f13268ba602df18c366b11a3cf96840614

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
534196153fae493cb9d4da60963cc069

SHA1
ee2c8f0bb8a2571cbab5a1290a8a13da68b9f219

SHA256
e23ce4fa90291d1cf8974fbc65cd2bd0bd251cb34e633b8d97ba39651fac232f

SHA512
514ae8a73a3bf973ba60e3d1b5a4f4c130d759409ab9554ab2d5fc075c9c725db622f108a354dae74653f3fbd1213febca9b23f3c2c1c0997f5f40a412f69888

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
90b47be3f03b2913bce566367ef06537

SHA1
7a57f8c84cf4177e07c3b1dfd85d4b505217c2b0

SHA256
5dad93aa2ef7fda32ee8dc9a01e018fc724ac2ba8b869195d8401b6f3e9f3b73

SHA512
a51619b4976f3e12e37a4779ee4f7ae620a9e5067469ac15e896fec410fa35c09932f1baddb8d84ed0896852864f99585003c0fd0ac7019cb8c36604598a86d4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
a3d2a13821d7df9d85ba89c45ab979ff

SHA1
43827a2d6a3bd9680702f8e965822f5eee066a85

SHA256
60630801864e167642990f93fd640b7d6e25578d10e3d811cd35a00718497a5e

SHA512
e205e3442cdb7090f5448f9fb589beac2234d36f5ff2524044b69ab1af34a9f385607f70a5ed0a1f08be17ad467bab720fca0a0bb9497c8c90c30205ee47ea30

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
a8964dc7d77815a9b88021ac0a67d246

SHA1
4f5dd6d0860e75ca2f4dedf6d9782ebcca87dac2

SHA256
623fc85e097be08d2569810804883c0ed0d1502eeff77f2bc4534544e8974d44

SHA512
c8c11a835e53fa15508bb651802076886c967091e3cc7e8826b1d1b70be89b383a50f8ffa835f19dc2a8c105e47f195db3e7dcdc2eee24e38178eb3f4d0e1fd5

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
f4bf9ed9ce44d6c2fc017a1f652f8768

SHA1
febea72798291f6eb657a405a9756ff1c22eb7ec

SHA256
098ed64faceb0443fb082ae582c41c8f4ff23a4b4abb62dfb9900d5785faf158

SHA512
d5fc48d62ff9c5c80c3e4c0b1ba24cbe796e015261a571a5084c5a7e4b27ab346a0ec0dd7ea465cfacbeebcaccab1d97ee62d32b45415bbc4e6c63c5a63a3fb1

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
08cf650e00f491b3f852d6a5b3a7d576

SHA1
76f2c2c2de4a44acae4a0d1d1e8bde1450e81490

SHA256
627c8d4f95306f9b93037445d6b6689bea624870b6220c0ecab1239b65563c62

SHA512
baff66be66da5e36fd5a9b740719fce39a723138c9434cdf1166715d9c6dd90c4148d8c4f88178e4e2a68ce5f8f086236402438c5c60a5b247fad8f2a8914d4c

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
6913735caac2c938f21ab722de79ee44

SHA1
3338e3d352057b0ab78929627ee3d07904bfdff5

SHA256
cb6ef949d55a4768fbb911e71152551189f2e4876171a42a39581a27d8c4a798

SHA512
2960aaf550174a6cd61c87b9bafa234f725d5d596035062239003ac396c3eb1b644404b1e102fd4c2285e22d48772ab0f93fbd338c64230b53c7157d32da47b3

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
1c017fc0b644cdc4dd223dab51cad760

SHA1
55ebfbf6407254b8e39055307d714d262009e3fa

SHA256
7b5f47a11389d4def86d61d508fb9654e0d2c3bad0504f47896bf58867a31ca7

SHA512
f17a7e2f531912a8464a449d808a23fb80a6666c4ff6110d65e1639bb81da2b4075bf6aa57ce2f8866e1aa9912051e2f77ec47ec5db49c7a6366a8fcd12a5598

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
80714a16b2db2ca8098207a3b826d0e7

SHA1
986cba599f74213eeda0b2f41a813908b4e18dcc

SHA256
559247355e5f8822488e7bfd82d21a99ccd80deb638d7eaa09101e8f046ecc92

SHA512
fa48ed9e8473a06eb78a774b2264a2cac46b5d27c8aa7171b094b7ab771e71da33f577a985cfb725ff15ed50aa19130eb069bf15f70966236856ec078b9164c4

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
609b8a230a311b7d7a7d0738a9fb7d14

SHA1
fdd5cf6e332224d3081ea39ddfa97e89551ae647

SHA256
5dc6f7585f5e94c15a202166c78c95e08f97401f5ef37bd56886b2e3cba7ece0

SHA512
33332ba66ba4e054eebbcf9fce257aca7fac516291f77fac0f98705c78759405868c85955c6e5261cc48177062f1e2803951837f767a8def49684f023dedb4a4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
32bc12fb1a2a746e3a10c76c464176af

SHA1
5a1582fcb66b21ba1b62f62f8e2971e7608f37f5

SHA256
5236968035aeeaf5b575819b2c94aec8af098f686b80339e530f2d2fb84a8b03

SHA512
fe249080dcd56aa51dd5eb26f930fc5559beea0186ed2235d3005e6b5ac0869a1237c211be31435d8d56f42ff41cb384367a37d7417f4ffa40ca13ffcf016890

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
10647c42ccad32b98abdde7f2c3e2e1d

SHA1
b8bd97aa9a32a253d8aee4d6a26e49afc9a01b5c

SHA256
68eb3e410399590ac06cac2df2de357fe582ece04d33cdf554256157a73556e8

SHA512
80b3c7d1063e30a6c4c9b69ded3de30a02190066553096e492164024831836a0cf226f0f3afb174dd870a421b0b810a2e9e113a5cbf0292afc3e71ca8beb185c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
6a087d2768b22a79d83d4e02d4a6347d

SHA1
b0245daf68b939ca67d9dda005139c53d2fc8408

SHA256
27d6e66c51f17256899a951d59f5b830f07943ce7207111dfe2e72753f32068e

SHA512
17d670a882016ffbf6320291b9e35ae335eabb17163951f533f7c73377e5f1789b264f79271bb17390df4d08594fb294f0a71d6d74f09aa8cd977da6e2750aa7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
074cf875f5a13034f323c50331100cb8

SHA1
f2d4fcc732cb49774fc7cdaf7d46963df505ff7f

SHA256
e06b9770bac42777430af86b313b3570522ceedbfc602c4d2af0f511fc96d2c3

SHA512
6e2409f906c6558690d4c9ca2839e62fb33f0c435a4011e3849bba2f3052623a48c0e8ebef0b3496e39f017f87f1c4696ded0f4deebad6660ca419afad4cc942

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
2881ff84c2106d4bf9f316d3a9fcf6a5

SHA1
60db9fe3906c9cd03d189a0af9222771458aef5a

SHA256
555c79b951c598176705eafe49062576b976fea88324449027de5a6228587728

SHA512
de7c14bd9a113e9ac8de5c3dd3b617b6f4e115080e584e59b578ebe5e1df68de63259917d7c5121dda134e93dad8bf70fb61731a481d08e981899f5872df3170

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
bb84c9237fb2d742484ddfb12435ddf0

SHA1
40261156cfcabe7b2fe9aa01e30e3662de182c19

SHA256
a5a883e51fba8d979b9df07f752928027a98334ffa4cccb97f8ce5a123f893e4

SHA512
d688cabe519eba38027e32315c8021ca4dc19bf858a112e2d522766d897986de3bfdb591a67f6b23d7f79ed988296aae63b0e572f25848812b76ab7aed02e4b7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
13d2ed4461591e2bf3d2468bbacec0bb

SHA1
7955060aebe6489def22b40126f1981657fe28af

SHA256
7ca84120708b1471fa59cd6ea5f380cbd2a68c70050caac9746fccf9eab1e0c8

SHA512
0266eac9d17416bddd737bb00f7448f463bce00c9261965a10c64797c445dcc5c4cacbf80ac1abf0a2fe0a7f78bf99078855bf9f8a2a220ea3b30cc61ee988bc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
8bfaee9a92b9adee93011123b6053d7e

SHA1
c561ac7777d6bb6bdb8b192dc16a982754b2544f

SHA256
bd8cd78ef55735e7581b77b6420e547bfe164c76677ceb6802bf65db20d8080f

SHA512
4c6bdc4301217f311437a5fc0726bb4a6413bd7dd5518c85e422a0e33973bf11f8b31a76441f89203ae81287b51bebb6865a962a39971666b6824a5456f98b85

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
a5978275fcd1e73b2551b12d412f5f36

SHA1
6a4e5d4442cd792ff4878bda6f176e53ac3c12ad

SHA256
82a5d49a4921bf6d514d4152922a58cf366c789b6220ed04785812ac5bdef849

SHA512
9d5912eb6ea18af1a8f24849f0bee3076fe109ecdd92ea7e8b4256fb99dc072e30fce8291e2f36e74ee275e48b3fd3a58339593929deea9173d7f5d7c68459c9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
589dad413fe18c4fc83aed51be27419d

SHA1
6a1e3ba4de34432bf7a724890937c12bb35d5577

SHA256
a9b568e854845776fd727107e98ec0759c8ad519e5d8dcfcd2dec36288fcf99b

SHA512
98315a8b6be00deb97e96bc62e49b88075b3c94433159197e8dec6f967cc0bb5e0ad250240a6c760d5ea912e2556ae3cf484f414a6a8c2aafb8c48a8066e665d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
70834545f35c89299f35866ca5d06c74

SHA1
788014ddf8199b1ca0494db252350561b7df1e61

SHA256
9e250a4185c97f2ca887ac130f76336367c1c4f97cea789b2c00a42120a5b433

SHA512
67cad31d45a0be59e32984ebd9ab488ca7bc7f6fa0a33df1a8a80b8a8601cfd1104e37f7f1979fa2c2c5a9ef6d197c10bc73b5891a512e488d50256312a8a983

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
3d2bd36e4b5eacd311784b263bfad2d0

SHA1
5ef7fac83f3e3171f9c5091bfa011a4c17f02ba1

SHA256
bb9cb48db83f101eb8e42999fe10c483ddd937225080098c3ed6dba3a8b64b74

SHA512
08fc97537ddefa80fe1615950969c0774cd8bb7ad7ada3f45ed9c226c390a972f8b58a081d26aaf5a8faa48e691a3b2fdf68a897437077fede3196aed8d630d5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
a95d634483bb07ce59bbc9b366e3d5b5

SHA1
62087319500ab9a6456943b137db01f961e104a5

SHA256
7d5d9dcbb8c4abe8e1b93934f72e9099854e0abe5625fc77fc12c596362b3945

SHA512
4b36c349a06921fe4774821f6c639174a86d0aba51d64522e46d1f088541744d68ec37ff79984829083fce5badb0f8ce3924dcd90b037911b746c5b395851b9f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
060190848ae3385c809a04b6e23631c2

SHA1
7ce5a1c963a906fc430b543ba269c8f2a549b7fb

SHA256
c5cbb1e00571f70102d3c26271732117b2f8af8b03ab8d82b66eb6d782f3c54d

SHA512
1dc327cfc5e4a91666c40e0dbe1f29ee60854c0b457b68b5e4aba397fec85651aa610971b97154720d2ca7d0771e59a4ee1faed0d112ce14db3ff4cc82fc73a8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
a812e6c9024a016fff2eaf0b52977497

SHA1
36bede67deea9505fe23a4ff5dbb05210bb8c0ac

SHA256
015ce02b75b140ba1a55374924914339a8695983398aacb93db1fc81b2f24c2e

SHA512
fdc44e50c6e54e85f63f4ac00e2b650b1fd26efa0910a53f54820c1627fcfbb607726a9f0dcd3c6d3862ec3ce5fadb3db1be62acf208b7ba6fdc98ecd4f5838c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
639bf073b6c3d3c7a731f81147f79ab5

SHA1
91c4f909e83586b7ecb4d179baf7bb6fbe24b02b

SHA256
dd6bc779eff348df3b8b21a25de2c6a2e09fd78d11f88ce1058b50b8eedd1602

SHA512
96a6b3e45eb008a860459846f3eadc349c7a9e30910c95baf367cb2a748d1a180ae2fb7908b0b70b063276c2147f5c9fd2b3dd084c5d381f209631d7f5f43a43

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
0df8bb82b920ca406867e6f7f2d07ba5

SHA1
31c889e02cfe7a00c19328f7da03f97cb31f5611

SHA256
ad118ecd5512186671a4219457a997d3b246d27a3f921004db75cce8fded9e62

SHA512
910ba746e0831ffcd6882155c3353399470da17d6553938aef804dcc37d572db380337e3cc5f083aad7c50e1ec5224ec3e85918fa32acb37027c0f1ced43f7b3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
b386d9ef3afc1b0d87fb111288f0a588

SHA1
f79158197943aca05a935e656a8dfe223b3e148f

SHA256
ea076e16d729ed55ae99fd35b73b707aefafbd42d2de72ad49d5ca3222ffd212

SHA512
a3e4c4540e2cc3104ad6f7ae6dfe019a373db084c8e8d89fe9859f50d5aa7c88927c661bcd2106dc70cfd146f6343c9a2cecf3b6a869a9494ec14217e043a21d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
d7110f8795641860687aad9dd1d08405

SHA1
4c24cf6a75d0a54276b14bc0d8e361f0301ecafd

SHA256
fafe4f51509a5f8b859e39a738f3949fa4baec2f816827aa816984d5e05d781a

SHA512
b3e5bdb3cb179a800fd7a5aa26f195699730b0fa4708c61a03cb095ba23518dfc1a1a953e89aa8a3bdf092f5a4e525566b0886711af9b0baa8e8b59e4ffbdb18

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
1fda1663952614686eadaa284703b633

SHA1
511f067073f2cd76bb5c213d0d30398aa056d8c4

SHA256
2c6ad24bf5bfc377dee4f1b3c351cb329f53f64c86448049dce9841fed28954b

SHA512
b5ee7641802041cdd818ca7e6a0b3a8983322e2120df551037e1719f955b4e719c317be05a0575f8ef2f3f11f44842df070b8111d5021c1f34fae6ad7d85fefe

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
4f9308f9733089f569d1d9c05c9b98c4

SHA1
085559e194b96be85ed6caaf6f973ad4924741d6

SHA256
fb3d6eb935bb884245ecc852fa03f64c1bcee703bcbb05077fb6d974f51219e1

SHA512
11808ecefafc9eb59cade71a674f39d77c7e8fb57024dc9bc8834f2504d4945780f9e764ce38ddb3cbff53a1148a6918dad6d302048c18db1b74c723c424f36e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
0a49713cfca3b65ac60f07188fac998d

SHA1
3df0f9247dff907abb266e0c9be638e99b2993f4

SHA256
927374e40bb72e4fce3ad7b80b37f00a955a2c275616f8017eca84c590d0c506

SHA512
abff0c0da03deef25a9a858dbe983944729697a995fad9cff21f37158a145e3921299c2a8f57ed528521209b4bae631493c5ed5436ded63345f004bc142ec368

Download Submit
memory/2528-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2528-8961-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2528-8962-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2528-9204-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2528-9205-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2528-9206-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download