xorist | d0f0f1cb764de7a366baa6a5dd8fb330557728e95f8c31e8a90d749983f5983b

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-10-2024 07:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
Size

7KB
MD5

5b8a07d4d891c996d088a41a04bf9dd5
SHA1

8a812bc22eeb96c6252006480613b04793a62b36
SHA256

d0f0f1cb764de7a366baa6a5dd8fb330557728e95f8c31e8a90d749983f5983b
SHA512

596ec5a51e01b75e23580c0428fb756744829c51fc586d27be87036ac00f49e94a5c11d97f8bc57dfb2a150fba30e5dd8b795c552d8fb02bf686214dfb613e83
SSDEEP

96:W+KZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExNm/PuaVAnPmaMUA:2zdrr1FG1WDCgmjPZN3aVAPmaMUA

Score

10^/10

xorist persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 5 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2332-3-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2332-8969-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2332-8968-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2332-9201-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2332-9203-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2216) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gcM760HdBdXc8yt.exe"	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_locations.help.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\lsi_fc.inf_amd64_neutral_a7088f3644ca646a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpp.inf_amd64_neutral_a9cb77fe1985cd2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vsmraid.inf_amd64_neutral_be11b7aaa746e92d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ClickDownNormal.gif	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_pipelines.help.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\com\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmirmdm.inf_amd64_neutral_fadec14b0a37b637\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Arithmetic_Operators.help.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Continue.help.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsusbhubfilter.inf_amd64_neutral_d0615d6fd67bad03\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-ADFS-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\averhbh826_noaverir_x64.inf_amd64_neutral_2fe3b14136d6e46d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_neutral_8b26ad5d0cc037a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmminij.inf_amd64_neutral_7c300346e830b2dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_types.ps1xml.help.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_troubleshooting.help.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_neutral_8693053514b10ee9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\th-TH\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rdpbus.inf_amd64_neutral_3b741ca76444b9c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Automatic_Variables.help.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Assignment_Operators.help.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmct.inf_amd64_neutral_15bb3ed734fbbeb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0816\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IasServer-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmusrk1.inf_amd64_neutral_19cdebd3e1182874\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnnr002.inf_amd64_neutral_37896c5e81c8d488\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_For.help.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnokia.inf_amd64_neutral_a8e9a41983d33a0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep005.inf_amd64_neutral_f2fbc5759618d8fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnnr003.inf_amd64_neutral_c07c33bfb5764bdb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wialx002.inf_amd64_neutral_71f4aacee1aa9f06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Variables.help.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_For.help.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00e.inf_amd64_neutral_0a4797d9b127d3a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_neutral_82f4c743c8996d67\amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnsa002.inf_amd64_neutral_d9df1d04d8cbe336\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnkm005.inf_amd64_neutral_c03c9e328608873e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\crcdisk.inf_amd64_neutral_d10626d1f8b423c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtron.inf_amd64_neutral_1121c7f92e9e3001\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_preference_variables.help.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_parameters.help.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnnr004.inf_amd64_neutral_3319ff2548f89fd8\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\spp\tokens\channels\OCUR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_advanced.help.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2332-3-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2332-8969-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2332-8968-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2332-9201-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2332-9203-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sw\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\PREVIEW.GIF	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143744.GIF	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PUBBA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382960.JPG	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21364_.GIF	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115836.GIF	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR9F.GIF	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsImageTemplate.html	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00516L.GIF	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14793_.GIF	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\HORN.WAV	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.bmp	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15274_.GIF	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21318_.GIF	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Mahjong\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\PROOF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10253_.GIF	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\SAVE.GIF	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_up.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\RSSFeeds.html	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382957.JPG	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PROOF\1036\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15302_.GIF	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR43F.GIF	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATERMAR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\background.gif	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR50B.GIF	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)grayStateIcon.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files\Windows NT\Accessories\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..-base-mof.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2b6f64387add725e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..tcard-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_157cb486e2919499\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-webio_31bf3856ad364e35_6.1.7601.17514_none_bb103f8cf552c4bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.management.resources_b03f5f7f11d50a3a_6.1.7600.16385_ja-jp_8dad64bbf76a4677\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..container.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_52d8d57ff909b6c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tzutil.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d3a9f1bfa3579532\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c2306efe3c8d60ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..rvices-registryapis_31bf3856ad364e35_6.1.7601.17514_none_a65991bd803dc65e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..omplus-ui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f4b02bcc7062a17c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dcom-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_46d88025a2b0f28b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-driverquery_31bf3856ad364e35_6.1.7600.16385_none_f217bd1caebaa683\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-auxdisp.resources_31bf3856ad364e35_6.1.7600.16385_de-de_22a8d3c4623b892d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ntservice.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c36607d86529d1ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmpdui_31bf3856ad364e35_6.1.7600.16385_none_b8c681a01b93db95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..panese_ax2_keyboard_31bf3856ad364e35_6.1.7600.16385_none_22f14a2a1a13b4f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-photoacquire.resources_31bf3856ad364e35_6.1.7600.16385_de-de_391ee1fb79b65b5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_a6fad1d3f5b2f99e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..entsnapin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7b62ca2a50cdc8cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..ty-syskey.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6fed4296baae9d1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-c..ent-indexing-common_31bf3856ad364e35_6.1.7601.17514_none_08bb77b635526b01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_11.2.9600.16428_none_766348d0ba7b2100\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0da30b38f15a6f99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_zh-hk_44e772ded4a0a71f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..ovider-cimwin32-dll_31bf3856ad364e35_6.1.7601.17514_none_2dd0f6a01caf55c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_Core_Commands.help.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..xperfcore.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2f15d7eba16c3fd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ciphersuiteorder-adm_31bf3856ad364e35_6.1.7600.16385_none_5094a717453be501\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_do.help.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..-checkers.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e808428f5eb5f0d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..e-ws2ifsl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b47a8e54a5b667dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wnetvsc.inf_31bf3856ad364e35_6.1.7601.17514_none_b5443138e61b56e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-runonce.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b7dcf51e6cce5753\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\inf\TAPISRV\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-hotstart_31bf3856ad364e35_6.1.7601.17514_none_4ec9fd208cfdbf70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_uk-ua_f10effcb5278fffa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wmcodecdspps_31bf3856ad364e35_6.1.7600.16385_none_e344e0de5741a951\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-bckupbas.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8934ae6bc4a4c4db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_8.0.7601.17514_de-de_f27a1c0586ef9a07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..foldersui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b5565a500943f2cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnep005.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_85c370ffcbd9c91e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\404-3.htm	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-kernelceip.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3a93155862b96772\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..ceruntime.resources_31bf3856ad364e35_6.1.7600.16385_en-us_39c8c211c8571ab2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_locations.help.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..kstvtuner.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1f0ce7e58519dc05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..plication.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_640c560c977f8955\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.resources\6.1.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\86fd874752b7cca432941e9f482c3590\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..s-service.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ff2f11062d6c5d92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_sisraid4.inf_31bf3856ad364e35_6.1.7600.16385_none_84373bc2d1df49e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_97bcd9bcab2b9b3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..asks-sync.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ebe6abced058440e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6d7d60ea24be809c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..rityzones.resources_31bf3856ad364e35_8.0.7600.16385_es-es_88deabdeb9f5e7dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_amdsbs.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_554cf6f73c673a4c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ddf81a85f99d6d20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-icsigd.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9f48f39bacf9cd33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msaatext.resources_31bf3856ad364e35_6.1.7600.16385_it-it_82a4062394347c28\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..er-client.resources_31bf3856ad364e35_6.1.7600.16385_en-us_208878cf2ae655a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wiaca00b.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8937ef5e212f1458\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_hcw72b64.inf_31bf3856ad364e35_6.1.7600.16385_none_b2017fc4229ff517\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..tiator_ui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d8344e64c458a035\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rundll32.resources_31bf3856ad364e35_6.1.7600.16385_it-it_356b3d917d40b03d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WSZJGEUNHBHRSUL\DefaultIcon	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WSZJGEUNHBHRSUL\shell\open\command	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WSZJGEUNHBHRSUL\shell	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "WSZJGEUNHBHRSUL"	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WSZJGEUNHBHRSUL	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WSZJGEUNHBHRSUL\ = "CRYPTED!"	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WSZJGEUNHBHRSUL\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gcM760HdBdXc8yt.exe,0"	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WSZJGEUNHBHRSUL\shell\open	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WSZJGEUNHBHRSUL\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gcM760HdBdXc8yt.exe"	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:2332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
81B

MD5
7bbeb31754592060d0da1861d183a124

SHA1
1dbd081953b57cf3bd57f3380af78296a784f993

SHA256
49473dfc4acaa08f8983929281d000da8e3845acb5bad54ef564318fa210e416

SHA512
d5838145d1acc89c71f58fc7864e59f821e5aafaaf204a472b658391e68c6ce2530bd178826d2d44f1cfa4286519796c8b958be30690cd5b918be2559a24c524

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
72118adf83f39201e5f4930fb302cb48

SHA1
2ae55cdecafee4333328bc5b8671dd488647808a

SHA256
745a0658abd3d626d04b43b6d2be30ecf2517b236fc349a5d5819ea63e65ee95

SHA512
aa4de2822759bcdab4b06ddf1e53470def7bde9f6f0ae165ceb6eee1e3dfd57dad4698118c83a4828ba673ccb7ae094456307a193136567074428b7d2467db0c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
1709ba5abca09618534c4bed3e6a35bf

SHA1
18284c69951f2f4e1e8f4052ccb9a14665dc3de8

SHA256
7e6ca5c0c4e3fbff710861e35b871fbbaf622158b0ecb67b386661aacda8028e

SHA512
27a7c83c51ff48fffa8e7b80a87b313d471a5c9afe0f3a9972d1079aa647fa3a327865b92e7026d14b9d6bbc0a1c3597e20ee27dd3c68c8b2a86ec2935c277aa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
0483e7286e1451edce5a3c66d93e3f50

SHA1
ae2e8ebff5e5877241bced8b9a1e8f28fed0b97a

SHA256
2422c28a7bf5749deed41d71d71e8c6b5e95c2dff60988eae5f9fb837d872919

SHA512
e1cf691f2bcb88b291200534e2b550b0d834f8e4c025fa271036f82563e877dc61c4649e57de76761e4cc5bf283c9417d586a37f5356615d89b0a0407fa687d6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
f2899211d2fa3cefa8694f5804fcd6fb

SHA1
5f342457f36bc85209596803ee5b73e279cea57b

SHA256
4f8a9cd93ea0055948f3a352e3c8381a6b58a3de9c8b992cacdb34e2f14766ac

SHA512
1a40cfefd1d40a9bb11ea8e240e74c64f9b78ba52d41067e8011864494731d6b2423f0821b65d3813ae98e9347b1080cba06eb38fcb024db80a15ed6c3936f27

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
07cc033abc251cba46979b2fba6c5bd9

SHA1
815d0f6d3c414135f4d66e7fe725ad3657413856

SHA256
4636a6349bf36917eb8b622a653bd2bcb7c3d2c72d5e5d18065f42e4a5f61db5

SHA512
84204d66d3ae16e403abf37b5d46ff08c7d7bbe33983962a9860c4b04d7c7cf5e2cdb9085dfb2845f4ceece8fcaf018dff67097caf64ea837519ed372e31c9cc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
9a4fd8f094361e2a23fb879b0750e9bc

SHA1
120b06d0c2cd9f6025d4b048afab4d2034454be1

SHA256
79fd518de787663644326fe8cd0807109ac3f07d5ee1293b5bdbbea95c2a9af6

SHA512
64e7fdca856119ae1a6b122f5a64e2a4df99a513bc37b519243a5db89552a4561edc3108d392f5e0e67ee74f02be0d6bcf00619d6d05a81830e3825cbb3bcd19

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
c91ee3c5c8294920d82bf0f9dde7b359

SHA1
53d8c44da35d6c5cfeaa0f9ae2c3c83e7ecea513

SHA256
ef060ea1f02ea225469ec7a66d9d5e9b5af4317b762a21fce61971ef3af6a086

SHA512
2f3e2865aefea1599d4fdb763871a0111196fdcce1a52f236c52369ec19092646279e6ea406ea1fedb5cef5994a5c761bcf8ce25a8e302b1674291e1ef9e3fff

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
6fb321df76dbd3f319c09fd6b7c06770

SHA1
00069ea4122a5a28dd5881c386caee48f4f48e25

SHA256
71a8411826d0e3a2cab3ec59daeb43a6a6dafc62447601e8725b3276dfb0f405

SHA512
cd4559957cdc1f6425bda9c845b78930a2926dc5da7c03eb3e944575fecae53aaed0d31b574f76c15428f5fe46eec495bd06b2b4a263ff44189593a15e924d9d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
92c34a7c6fe26b0e2033ddff5c97c33f

SHA1
d07d33f2cbc5361c636df580b7181a6e2899848e

SHA256
612ac6d53f181413f372d45cab61bd43c1e5517843db340f76fcbe703e8b2797

SHA512
bdb2fb00465e13af1a01916e4934f2e9b6c1bf501180e12ef57dead485f5543726cef09f92a1cfb4cd65746848799a8e2941366723dc74d6027a7fa141aadd25

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
d05f7be48779ec3c8881a598633b6055

SHA1
a56f3dab9ae1e863aa0b72840a3f7b6150157e04

SHA256
a4d8f3a50e609e4fbd45e60aec398f61cdc273a063e437d4c0d3de326f87f8df

SHA512
f57084a514abfa166fc5291b73d45332cd7d5496c62961006141b7d107f95143f8499d8f2131c7d94bfb6f3ec1828ef9910463b6c9fd4690e75b55e5a4e915cd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
94110bc0bdf86a762d32a5cc4f11ab4d

SHA1
4ff3295a836d796458a24163254fee3db27b7b3f

SHA256
7432d23e0a3bcb3470b2576c94dafcdc030821b7f7e2c4f886f729c843e34027

SHA512
127a7d3af348f1083488a66608c6d4ec7a64c89c008bbc975895577b5e4463a145348fe0b32642cc5075891a7f95072ed111fac1538554d54af3840dd7b46895

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
63be72f427385dec13aa0a581419e62a

SHA1
3acedb8a1b0eb3d35b880669cb70a3632ca68ce0

SHA256
4e26b7ab08915ce6f838cca75ed29a1bcb35529fe077812e72f9b75591839e92

SHA512
c03cc59b0db147de830825be219d1ed715d36782fd1ce2be8897046d42898dc7413369ae88c6f076bfa572b6f64691a25ed6462807c71794b58da3ef90e2659e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
4c883a83f5e5f3aae4c04bdfee86af8c

SHA1
80d0e843e4609f048949b38119d29040948d9361

SHA256
ffbd048498c7defd4d2fd0aa30468a5f22e017e2462a0b95bf8230db17c75601

SHA512
1a73bb71475c76fc9849a4e7a680d270ff9bcbb0190873e6a628d86f778cc099b507ea7e199caa032b09a9bffa8e1a7c3d25cf15f1d7575fd7467c2f62d35099

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
ad0945e6a65d25716037597e58c25b1d

SHA1
ff5dfb3c2d240890cc0c90e2030129951ff57b45

SHA256
b20ddffc30242363acd75922146178d06f0ca1a516ed6df588528c533a089509

SHA512
5141e98257a62b253f6f2dc8bb85b11ae74d04935b8c8cf77dab6ca6b945097577a56f760191dbae6000ccd949e2c19bd8f78035a939081dfc67a0ad1c012074

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
379880bbbf20c6b5779927f3d93c0561

SHA1
b993e9703994bd36601d51f635ec39f43ed6d787

SHA256
7ab4f1cbf894098623b5a4ce8f018ec0a7885bb56962f8dee53ab74c77e05334

SHA512
e34b750ed036a5ac7f9797cb3cb5d41b2c254609654ff373f0ebff61747bc79ab099fdce1a3cf9d4fdfa4035a9b100aeb70a1c5c893b7251dd6fae707a3bbfaf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
7a15c5d483a3a9555b9e51da9fd85967

SHA1
767592d1a2afdcf26a31803704b118e56375c824

SHA256
aa74594ebf401a62af59f06095158b5787862eea97d0aa29bf31458f0f1615a1

SHA512
683334e0b1a0797ffd3804c9478b98634f79e5756eb9164919a1cb83921e2d3e17695e443242168364d5d149800c3895d0fb4769d7a97f7eb0bb91bf7aa7b86c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
cd1eec58574c1ca2a81c8159f9e55403

SHA1
50184b88d865c5d8f1bf18c8affe2e977fd08c87

SHA256
0e9ab874aa704f5df6b73385b559fdf4e58099532c1342ce0ca0ebbe0cb318cf

SHA512
20e143837dbaf335ba4a839c7c97b2d6708c974dca23ccc692daed658d520ed1c9cd22763d08798a415aa04d0b66fca437b17621efc696458cab2b28bd02894f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
b777ccd7af3290780e347e1a903f894e

SHA1
2bbc1a07da85f3c3de429793d40867b93522688a

SHA256
f01530814b1d63596ff21f9f46f36b8852573f9fbac5fbc6b4ca0ed3c7aa1d1d

SHA512
abc3cef221b0f5c8557788524302d0c540cfaa734da52f3f8747c10ec6b5d05928ec80a8cf0eebada40e1574490d2ff4c93dd8279054282731ecc7db2fbe3395

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
edd3be04738d0c108328511291575f12

SHA1
1444b268beec660a089175180fc8dee158c93fac

SHA256
d00eb6cdd8b12e021086221063191c83fc99d0a601b38e605f36c7089132d952

SHA512
8317a4f65158756c4efb097fb03f931907aa82a4ef90e95962e4e455ff40ed664e3efd3250383c2035aac67cfc136dcfd29dc6a15c68b35a5143a3a09ec6bed5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
6e5c0358e1819813bc04baa17103ffb7

SHA1
78855222ef180954984ab3157b3102a363e8a7ad

SHA256
2e3f7c190a7c8d7e6669ac69a4b1cefe4b5449375c53c90d9a9bd7ae88ec0753

SHA512
041b9ad7067c085f02ff1297db93dc7d4513ecd26ba1953ca5f15aa7b72732e21df798621837e3cf67aba5fe32e4795f5afbbf20e1853991e142aefe9ab07669

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
e42f7c7d31aef86b0e912f9f134d9586

SHA1
4604f2b57c62636461d380a7f67beff660987cce

SHA256
f185f2eaa78e1221bf32e9fdf64478168d13286a37e9c34566f7c4e440d37902

SHA512
561fbda7813587d9b8296a07624215b1c8036c773bb9fd97af5f8d428444629347c61a826540b4645d9fb4a2c579307571ecd9903fc71810acc2e6fd7cbcc341

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
a58a5ca99876852a4139651147417404

SHA1
e7d1e7c58e8dbf9bcc6224a722dc64216f55583c

SHA256
46153ecc8029c10038fb8477252b16eb54a0983ab5e10a19c2c427eff5c68b9e

SHA512
98d6b407f5f93f2de0ec6d3f87c255a74b69b78f5ffc514e50edf56d5924e580a5627f68eacb7fa0d77ea8c102a3363fddaf980fc4a607b21b95d2ef08112e87

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
93637316fef1cf0db3e218246e5cdb66

SHA1
67c14041c29b420ca1bc9aca28e383ead8e85d25

SHA256
cbf00c17fa60ba308da566526919bef4e7a45517d7ee3e18efd8d59f723c6689

SHA512
bb055151c7f387268714fe7c850c8da6ebd7c630e31288c7d9c12b9296da59a9d442199fb055a616dedb8650e33a18df0d2a3ebcec04add2b89276a86c074c0a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
6d1e44440ea829830d24cae0251ef8a4

SHA1
b2873b23b2408dd5b8439bda9812724dc1eeb892

SHA256
68d7c8667527f53f329ede81f02bed618d5dd49f4d9b07bdea640cb166b52e16

SHA512
33964cbd14de7e98086407f2725b293d36078fb1057b3c0bc3ebd23cb693f94b9dae857aa39bf55d99801e020c4ebada1b393683d9d9ab483b4d32a0c8321d6f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
e53bc14c4c1dc951538ba131d973a720

SHA1
ecf9a13687370260f51beb42aa6bf646ff92fab3

SHA256
26729852ab4bb2d98b5ddf2ed978667868e26b9fb59d1f8381de00189b0aa4f4

SHA512
51a04f2fd7c85a2c7b51a5f80ce7a8f2b5320c529f8bd516e02326a473b7ac4dcb2560e79178d2d6d6e3ca415df9abf8abed7075af7bc4075ee791edac7a5f4a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
1754ac192efee915fedeb94a15856e91

SHA1
67d902a0232db3e072d107b9f82e4f2411ef14fc

SHA256
0d953fac530cfa2339b0e575af2997ff411ea40edcba3fdc53ca95434d74d01b

SHA512
c2fe7e33a6d9a9c531f7002c93622a7637383b00da294a7603e345f8a0f4173032bbf50e87725bcd0fcba212fd7b17b1c910d9fc349f4c6aa687031ce4a194f4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
03c6c2bd2f6e636c7b9b9bba296bb35d

SHA1
74167addb3c0488b432ebcd888ad48380184823d

SHA256
301a9212ab21e11d16997c944cec156e22cbf702bfcf4d97d861edd2bddb643e

SHA512
26b1684e5057a4a8aac0043e9b59705e988cccc413ddc77919a8482620b61aeadaae427329fa27114ac0442e11b86bde8386cdf437d007e674e32523c89ad4ff

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
5ecac6ead62705cd2fc662c28956d8b1

SHA1
e0b17d25b512b65584db21ec1ec98b332b74aa89

SHA256
68089609b8e669bf4b8bacadd5424c75d208c2c84863aa09866d9432d466926e

SHA512
c510aea8fdcae64952fbac8ec94ac59d446ca500ce9cce36e897c7734d170053f939be4c1abe11208fb131772fa049e80e3580becc50dfa60e57c5e8e3e6e6d8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
240d4eec1d47f74e4ff998a56b07a03f

SHA1
c8628480f7886060b70b696f722862c970172f3a

SHA256
99638d5c7e03a721ee0496d1ba554998a504ecc1dddb3da0e04661b2d837d8a0

SHA512
9b93f97c9a3511dad82f31627996a23057748e590b11601265e14ab09320271605e1a57f589f5d3a331e12a6aeb277bc8f9b5c0a02b964af704246e79c2c049a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
3faf0947d3027b71c6f7a5718c58c154

SHA1
2373b3168abf73ab4e7de9813a1eac4ea60459ee

SHA256
96ff5a29ce1c07128f68b86b8193493687dc3a203acc01a9fd2280bfdad359d5

SHA512
5d8376710eb7cde01ba2289b7a84119a042e8690770f4e284b33241a9be3a53f1c47f5efdb99a77068a2ba98c51089958239586ba178f8451d7d6943d7a50f27

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
80e16b1e212f166aef312ee1e6e13600

SHA1
bc75a7835704cb1c0a185460f21c23f77cff9da2

SHA256
4994466dd0d6313a38d8ffff29e9dad6cccbb68170b5f807227c881e94d9c868

SHA512
6793943de1dade19956346b824e751f633558c682a406ce8ee8dac18681047c49c4600e639ca7f4dd69dc4914904e7b833ce3d009b91b8daaed1e0f5ad377e21

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
d5b060c816d720ae74f1a25b0d0da1f1

SHA1
edf7590fefaebfb086b392c68443c54510381375

SHA256
cb475a414f8376e50e185f39462cbe056bd4c4b539b97ebeeee50d8e91786975

SHA512
5e11adc490cfacb4e464da4b8f1cc8ca684aadfa2758988737b6d302db443265089564f5191e5ad2643a56ae407f36b766cf182e3d84c495dc511111c99cd11b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
31cf2c299e416524136b86be421525d1

SHA1
a27b0cea5cdbfb6cc03a822cd54a273440bcf4c6

SHA256
f0e5c4e47e2b776a9f451d2c437b052aa10f9ac8f89c876fa29df859bae72b89

SHA512
777939e8fbc588a3d92c42749a8c75c222a10928c70db8d64b7247e7aee7539330a71e7b2ac4b7f8b3d5ad6974ae7cc697fb08584b7be5b08a0192dee7bdcb31

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif.EnCiPhErEd

Filesize
6KB

MD5
0c3a6abd588fd6043b2d45078f23dd2b

SHA1
9b3c00b00c8f8b9bd10fc683bebdb79d790ac02b

SHA256
deaff333b22d7ca4995103b84b7dffa06715b69ad6ee95f8185343875cf1b1d3

SHA512
695453408982bef88f36b96c3ccf23aff486f93e54bb30a00e0d83290029146f09c31046b2f28d1acb8f122c531d4613ff0ecfc973829d39bc7f5b81369fbcf3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
df283f285e5a4884ea346aa56ad428cf

SHA1
f399e26f716505cb90c0358042888dd68690921a

SHA256
84e66e2606a1192c6b7ba6cfb602af7c764cbaad60a5c17618af05337c4b3ea0

SHA512
eef4d219f27b85cee7586d28aaca11c859d3ea7743c686519bb9ee8520383bfd7c2bfdaa924872b256b893270173f5813146e58d9207099fb05539ab6c085914

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
8f34585b0db9e4e667cda32a3f2c5a4c

SHA1
8b1661e53e62cbcdb306433d70fb22c8cbe20fcf

SHA256
312fd1b8935027ae4f9b036c0793e516f8a8299b18e9541454d9f9eeb8b4c638

SHA512
fa71dcc50432a826a92e7cfe90695c8eddbf2df7f3e6fa03e1c83b975a4b3784e580bd6636dd02a5b3ba4a911808da5005da82e19e2e51a505e6a08cbadff2c3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
653728c7f3373e185a7b056115f7f7ae

SHA1
900566fde6bef4736c1881614b406e372c765820

SHA256
2ac4aed166485098e50452b336a503380616388e413fa32c2c5bca3d60757a4a

SHA512
999f01cd621820ee71a458e918ca4fec2256c0d6a572a33be4682490da7c18868560a3d4465590481286d459c71e63b5bbe98a2a309dc8bc62649f3fc2781155

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
16da3dbaf1bea2d711b26b437db3427f

SHA1
9e984c64e841294934c79cb029edf51076fc41db

SHA256
834c68ee7cf8a4c1232020410f35e5db118816f45c75319c4929a8d0996b4609

SHA512
572c5c94fabf4fd2811fb4ac230c08fde7aa60f4d10aeabc795f3c400e3eafd59ff1549c0b74904f8a81503a23b4825a0a1a2f6dd5947faeb7feb07996cf6355

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
d0e427a49f2449c13f24eaa047a3345d

SHA1
ec65a6da7c11879a0ca23c41bc999caad08cb9e0

SHA256
8b878334bf2db37cd81d8462e5d2418c794aa67a5f2477d6e80f3e319afa913d

SHA512
49da60c48497cdb7115be626c915494fb07d2788ae0635d1868ea80ad3d3c79cbb8b86f5ba4f05509c109175f95dfb0dce09076f2f5b8b90e48e4be281a358a5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
aed9ddb1ddeb185845a5603c75534100

SHA1
aa7dddc31ee5d059af86e7a3f86a201c99bf02dd

SHA256
990b4f8a8f373f9e0c4aeac4fdf900ad7e3fbeb979ee35ee36a2ba6fde472125

SHA512
2096301741ae2143c9387a532042836ceedf2363da4bba33d2810f21a86859e2995fcab96ebde634f5c07f7c2aaf9075518a59d0b82e9d934e12a96759b6ce15

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
d6596a5c518e4e9aa5f857d05fc0f73a

SHA1
aace268d40337f914e09bd50295c43c2436c1026

SHA256
52c020d351ba3c27548687c96043f26d33e2dff7fd8fcf26d512e7d300fa7d93

SHA512
05b2e2b39bb81a171530029695f1d148670cae5a186d5f66d74397132311b3b0223a8cedbc5e63e169992b4a0299091fea71ce1079fd69df6e7b5fa03ace5a3c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
6f0d7c70b9824ab0820717d047ea08ee

SHA1
37b4e0595edf7f19d1185f97b0cc6fac8bbb33d6

SHA256
6a5ca3676c0f3624043187102ae65c60c119104b39420ce17c773544913bea15

SHA512
bc9f6b0de7807c03b82d832e24455d0f8eba5f104ac3be1648fc59f6b03956f61f5ce847018e6909e939c5e481bc13e14fe2ee50c20975edb6bbdd0429e095d9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
8a00f3168ac89f42dcd7d39d207ebaa7

SHA1
55f874bf6720f3de8b6b4282b0ffe5923474fe71

SHA256
f34d53779e45c5dadac01269909125fcac606999bbbc5a4a6027f483692829e9

SHA512
2c4a02736b9afc7ef0c799a4b3a60aa0f31a5d13847458ccbac788792b66e046c1eb289bcd3f2c02db95a978b4c022434216276fda23317966bf9f70840b339e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
44b0e3aa145145e8e3f41b5e0dc612b6

SHA1
79ec1f249035a42a2f171d59690005603e32ac8c

SHA256
2d351b6a65633ba51914cc4d0147018bec80e00a6275bf3690743e1e7bb3f3ff

SHA512
34ccf594ee4cf45ee295cbd3e524bde91af1f87ba1204bb3b0f3eb9dfb0038f6eb7bf39b444626e74c990e7a0c728ac912438980219e409b0fd7d4040ad42e43

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
5c450a556c8a2f9951aa5e187fca9c6a

SHA1
582f3cc6cd439eba31563eb5b7403e6cc0facf5c

SHA256
bdbf4dff0a747b7fc36d3de732821632064c910b9b6f49197a155d1a6f555e35

SHA512
8d5c8add39222e0765405e7fc9513feabf2801edf25e9a3bcda127c0e863dbd4381b291c5324da2b23dfa601c2982d4e2725ebc8b8e00afba0e3d17f1b54f7e0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
63487b425b4061066d8900d9f903807b

SHA1
a77ba340a7c10fbb149aa06fe475199be3d6a996

SHA256
55136f5277c9d7d1cf8f45b646a6c06cd9c221466b2f95d29baf4a1a296df643

SHA512
daf110b216c3d2afa763be7b3795cd33c27fcc34463eee05a76768f76daf9c82c6b1c639c365c7334afaf00bcd7ba2ed191ef7fe1851440935e47f4cde099a92

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
5d998633edec93c83b82484ca82ec7cc

SHA1
90f05e7d6bcf8aae8d2c31cb44ddc1cc3e177cc5

SHA256
b65734c6dbab460aebf94192772eaccc0eeca4d2a02e3449c87293054bf029eb

SHA512
bd04a82ea96a27babc05d172edc585758a41ec4cf76687412284475693aa47272901bdfc53e169181da133407239fe97a2beb9d3c9bb82a027c7863e8485239c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
bbc69cece2374f37d57af0fe3ad98d48

SHA1
46cca4a9e53f15ebf076089124010dfea85ba615

SHA256
35808ac7b5ea5a97aaf265408c0ab9d385f9e33b2c9436304cd5f1c51a8a8898

SHA512
76d39693571919dc0f8fed134102aa33561e2de530894500d560d59abbdef3c30d2d762fa430fb20e87cbb9910449c0c6c7d6ed973347367f96cae3e13a80cd4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
b8235b32e8fd437d849bb368cad9c09a

SHA1
b8a2460edfaadca67945642b990de1613911b590

SHA256
58c9382ee7de3bd415e18d892f1bab94e320a5f2bde9e3ef0e1932473c8f5471

SHA512
70929fc28658761d160c60ae8eef3f745961874d47df7b511eb237069f05105a3e036c69639dbc1a49b8d0b150ae894ea7a5ae99b88a073a4f20a56d788a24d5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
1f0ff7d0d332b1998cbf0d7521b7c9b7

SHA1
73d7f1e5776788f606679700c49623852a6356ee

SHA256
2783e6718be4416518e81b140cb45144a1922265876ca60921bb854dd928c841

SHA512
226904d42e13ca6ae449e068a983fcf3a2c2c9bc60d569ea75c6ae2e9fa135c2ece9b2daea727d13fbe226f57609843bb97cbb2bc9b094fc9886c1f2756b8bd4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
eb28b7fb7fea29eb56305afd1c52987d

SHA1
a57e53d0c5745a344b2de7caa21531f8e541ed55

SHA256
9434b857973bd85e1c1149fab5482e9e10a11d007b236436e58c05b3307ca4b4

SHA512
6e0fab9ebe54eaea48c8e298fa7dcb858f6aec36d6845549f645059ec2f421f02625c70ed2d1e8372e059d81cfc417dabb977837a320244e1da864f00d1bbbd1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
c08f4c0dc3ca5f4bd95f61d8164fdb19

SHA1
82de06033b070682ef75646b122631edd71670f6

SHA256
6aeda22402c1ab1abbdf64a97cfccd40980ceedcda4e07554a6d1ad2aa6c7847

SHA512
200d746f8f7e88f7ceed23f5da4a2ee79b6a9ab618505ca253098ce49f0717e006961708d8dc0193a260eb6ca95258119c23e67c3ac41539572029c37b29bc2b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
3fb712383592076d36d621ff2e0a5de8

SHA1
f06a19178163a413e9dfeeb6a2b2d96251c80835

SHA256
24c539edc3f078329194e14bf22dfcc7d8f6e4ffe0f7b352b1d992d1075080dc

SHA512
2cf2a641376bd2e633d3989c5ae2107fd957f312e4068989815ae0d30d1eb4f67afe3f19b643a2e017b8a80bacd53fd16d1856c6b2ca66e198dd9c9d67e7a0af

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
907f660f0814e5b4c3ca7aad9e2f8155

SHA1
6f3ac2293573da42eeb26111c9689e867e09e53b

SHA256
565df639b3bf4b0ceb9bd5ecd47f7129708e25e14cd2e73c0e775224688b4166

SHA512
68c03376ebe0e4a66b6151d3fda02aab77a4a7c8516ee1f7e6649727057a17c56f4dae371916486a9b534afa103103f82d1deed95fdf453afe915ca5d158e789

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
aec0e55f2d231a1423c64ec37c15f0d6

SHA1
be60e164472f9ff63c9513cc32892d3999b09407

SHA256
31e4f852318cc2a4353398cad0e104f2e58f3e215e780888eff39de99640daa8

SHA512
24be8cbe06fb2069c460e1919a2c6769813225da7402ecb54dfbae64574a27e47eafed8789f168c433456d5b702911f7572ab0d070c24fa10cef56525d87ddba

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
66a996496f9ab2032fb88af8a42aa44e

SHA1
a49c0b002da194c145aff4c59199b0a3b2a5c654

SHA256
caded490acab126304639e039570ed15b51307c293614915d86185b30416c005

SHA512
3c4fdc6a05c6b5f14f5f8337ddb7d843653327d733956401bf014b06679955db91d8971b56b4bc53b57a6f9a5584599a560c206951192585b57b8b2922ca431f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
a54f549a08c359d9a0d404bd7f5b6ae7

SHA1
8a5dd25888fe98aede95b1f443c8a09fb774ef51

SHA256
02d07514dd548e53e49d6447ddc89011f0375bbd46d24c73b324a0158ae5f0b4

SHA512
0f1bc16c71bcc29ba47ab5eb53b135e565978dcd950098bc2d34153d7d2a639faa7afcadebb87f7f1ffdd53fc118fc1ab75a47d5321ec53d77b74709ba69645e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
2ef21a9379ebcedf0c06a831e72325ba

SHA1
629d62b0e6a603f1bc06715bc252d97f02ade8e1

SHA256
a3c1f8dbad752b6fb8f06a5d07cd03781fd13dbdd72efb09f7b20de2df333ea6

SHA512
aa62a17d1d2a0983bb214aef4a734fd109699300e51e1fbacbe07c3eb5ccae81e2629979108a456f77190541fe17e9a82dd3de2e713c740b0556d737748a9fa0

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
672fae322925ebc89f14cb55b101f4ed

SHA1
5952cb997770c17f94fc583904cacc86ddcf816b

SHA256
6c0b481258661bd30b761376125d8bab21eb5e93c6e66546afbac8f52f1a7e84

SHA512
f21e84674bf4c6f30a7110d9f48cb440d9787f491a98ace3d9a56396be9a86722dc2aae9e64b56b11b270d442ca2608313a0d1f8d4d2ce727123e081e27e3214

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
9b6dc545d9a7a6e0dcc8f89f6927ee61

SHA1
6050838cffb604359be2a767669076dc39a676fa

SHA256
d70163da33cd78af00138aaa80a183ffc21e7de8cccefa4a2b011bdff688e2e5

SHA512
04160e9b567938e36b84d91ff1dda13cd2ac7b267cb0cb254680839677996693c191ef1294adb461527093c919511ce0408ccf23976e981d47124acd00ce6bd9

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
17524414221970b075566a0a9b4b4cd3

SHA1
624800e69179b2f99d52993663ed8d8c2f599903

SHA256
b023bc651aaf5a1853445a959a958923762eaa0c46a9d69268b123ec9fccd218

SHA512
939b8c4f5dbb87780a82ae22eeba9994ba09c2aec51d706258a159a11366777020c37a92265a72cd0c6062cb3f91f063fee4b3de5f0d987c14148831ad011026

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
53e53e7aebcfae560787e5666643785a

SHA1
10143478cd565df7b46e3f517b14a001a05a7084

SHA256
cca0d16375c99b672632cbf0b707a67a28fc11ee1faad80a28d59043887a51d9

SHA512
d4f3758da4ee3a3c5afefb9b5ea93bcfedd10862169375e1f65a2b0bcff6dbfe29493db39a610999fa922b48087b8898ce328ddeccf0474a89943bc33fcd9407

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
40027b70f139d71b0305f8853b01322c

SHA1
3fa42b5506c92b5e5045e1ec17e64f1334195ea3

SHA256
57175f6ee1ad7406bcccc0910d5ad44c8b28204f6bb6eb06e027df0dff13c72f

SHA512
80beb6f5e1f5f0f5b8f601ed79e03d002aa332bd0c9333c6364840ecd4ecac277fd16ba31e74aa7ee676fcc56b51ea76a93c68cf6cbdce39704755240ab5c636

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
ba763425ab080e101e111b3675b63832

SHA1
37b48cd27e5b1acf7c6f98ec3ab3026dd59d688f

SHA256
caa6ea523710a63f49618c39f75fdd2d62841a119e01a406217427e7aa472dd6

SHA512
196eaeae90ae8faffce446fa9961080aecc4b884ed26b7078afce394e47419d231fb789eefc19039b61d2abfebd108be0a1fccc7f8be49b2b1b078ee706d0a64

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
6aa9c1c4e7ca19fe9e3e7ede3665c367

SHA1
95812f9f64c1c6ebb806e0f4bd9e7e332727e3de

SHA256
c6fb1e0ad1d9b67c97ff028e5b63cf663259e362e0e9b2052ef9cbe765514262

SHA512
96dfc3c410be28454f676502e5c7c9eefc1a8f5c89cc0c31ca17bc78b3ad0130b413775493c53299b489872a78b5dc029d60b64efbec657a71e949c26775645e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
91206c8ee503f22d609e6aff2e868837

SHA1
9596e66b6351b03d433de07a708bfd0870886283

SHA256
1bca10b42789dd66199483d9592acd7888b4a5dd35a0482a0d669ef7bf2c6b96

SHA512
d0d557c29e6b5f34341253fa67b144b9544ecdce326e0af592226b4ffab703add6a2933c1f20db74616636d65feee2d3f84337360306bcc6296a82a870219905

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
6c785bd1dc06df86da6e215fb87e907a

SHA1
41cc96b07a1091d8e1b4c27b4516b51cc419aa57

SHA256
1f6b85c007728316ed9ad8d5e8658655a3cfae58d9d8f5cd966496046e577533

SHA512
348f06a73f2c3f5a8899aeec4366c52a72301eb45f10c8511d3f2cb80eface9d8afc11fab01e6713a7bce9d14b8ec991416c3213439d76be0e880076d958af31

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
7a4ce811bd24e8126a25896c28e1ba75

SHA1
e78e9b733bc16b291154a07c526ba57ad7e68a53

SHA256
4e53764c4e356d32d96bbd990193a8cf9c5667d7618aa7e6aad0c241743c6e4e

SHA512
9336c44360e290e94e8f5f26041031da1a75004918f1be72742974d22929719ccd82cb318cbf159ed8c5d2f4d3840d8127ead066f5dae0a0c8d1d34465e84c94

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
88f1972be97dc5896d0f2b49bf1020c7

SHA1
dd022f6e0f0126505add36025890c1101c03f6b0

SHA256
5192ceb9f839b057e0d8e1e4cdc9071a32a0528bd8f903cb86c82bdeb499be16

SHA512
11a78288c334d4beb0142557f10e324c0653ea494ea99b09ba518e7e7bdc2f4279b2bdb65800cd1e64b735fd3b2cdcd4c8e459647357de3a4d389b5b85553780

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
dea4915e462bac42e3678692684991fb

SHA1
c7f657676c2ef61160083a35ae7829a3ccc40801

SHA256
72062b3ad96c65bc7d03c33a7533fbde15a719258f898738b06409ec5a797228

SHA512
87e1f94fcaaa6fee60fbf6a85136593efae5ccd61d125d4d0b63801d2a39bfa8c2ad2a8c406b2fe7b55b8b9c0bc6446021264117a45aae36828e4612dda68d60

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
d91d769e3aa9d33005aa2a9ed13d399d

SHA1
1f9735d9ce610af515b76b80007de44e0097994d

SHA256
52636533f141f58bbdf065c4ce9e356acbc0414c663c9aca0c12eb54f975cb4e

SHA512
d05e9947c5c9673a0253a67f0a7739fcd5757708083371844a72e0505b838e728af08bb1ae559497f1cd2baeaa3413bd3215342c498b5742b26f4bdb9f0cbab3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
3b9ec5041b1d7e801d5874f00b0645a3

SHA1
e32889ad4849ed8875b5beb9e2db807940910b98

SHA256
e768eb4d70a940d14ae7b4704aeb9f8ba0d5c81d0dfab898bee09326325f0172

SHA512
1c799e28c4aca8c0a2275279cfd8c9a784606a4e17603dacae350f4c673631e3bad7e1d98b3e4582d2c816abae34ce7cf59c2ed83b4308c7f6ea8955cbf94242

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
670558cbbb418a909f84295040e778b4

SHA1
8f6cb48abfd7c324a31f6121fa3ce24b4daf084c

SHA256
553b45c875ddd67c613bc49f1974308c4d7ebceb396275d2843063dd05474fcb

SHA512
27ff2f53077b2967f6ef1fe63e5aef9e49d735490925fa56f81304531d9707cafc76d5072e554da135c3f82a48ac2de21570cbd4c15e1df0d021a98e80b80a58

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
4e0db5f14d45144ad2e22c97b2d3f776

SHA1
89b21b2de288b6a1f7b5877587e59a4fbab7e7ce

SHA256
3c3b9ff835fead218c9e8eaf1bb13e87253eb3dd01893ec747bedf156f106a88

SHA512
7a3ae6d07aa3dbbad275e07f3e08a972887ad87e484aeafc35417ad872e00fddc720755d0dc9e25ad44742c9743657acf6f994cf666ddaffc765c6208509895a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
e72413846b4bf5c8374409339ed7bb00

SHA1
4f7e1dc64d5d74d3992b8920f2a17246bd063360

SHA256
4749fbe18b0f41dfd84317010aef56b35d6201095bcbec17e9291486333bf46a

SHA512
0165ff8cf19f683d5fd28a65b91f91b1a18a56763e7aadb52c4487f37c8421092cf4b26f01ec41c5c734351ba34bc80a9db353c97d8b07bc10cb68d66af1b648

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
000db938b9b98e8e2f4f91d59c617a2f

SHA1
125c9a8db1f9c56e5c1a22d4420a65167b270706

SHA256
d381541ec19188ef872b2805d0af3caf13ff2fb7825320fd66baba9d88ffd0dc

SHA512
b7748c7f24a34a71d2826ecb00d8bbf0b9c550fcbbb10bfec09af6d7f7d0921fcbc8a30987be4db8c73a2922925b322c7f2fb572abe97e769adf294f808d7454

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
bfa3b7e9796418a7973eeb67de908c3b

SHA1
f2df0f56e306402de60aa85d6a15f068c5dd8099

SHA256
3af453df27485d792d13bd06d23527ee9f6a10b84fe9acc0d58d05ffb2f28c12

SHA512
e81b7722947271f2125166c91a659ce1b2a8fc85500ac8316027a2338f3225b4d506e3a891ebb70010fbcc6e4966af89aae43fbb1c3eb651256f8db7604d503f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
f74842d949fdf4ac605da245e5c61274

SHA1
e19ec1fa17f10e02a27327f4fa382c7936026ac3

SHA256
61b11ca4b4ae00ae1f487cb21142a58ab7891ac954a7e7f9a1df03e43eb216a6

SHA512
088121ddb87fff8f7d45102d21fc1f86170fbe466a51e3cea0760c46d1a1472ca63b09852c7da4204e67a6f31f388c6008dffbbbda6eb87d1f763c3563790975

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
1d9206e08769d139d44ef03b61ee734b

SHA1
642c73303b52ff23bc5270b214143991a3a1c807

SHA256
b959d93851c91ca528b733b1f871150b002021d9343590296efda55c154f5127

SHA512
8f0674c0bd84f99a6757fbad82aa11d7ef137f48b14c13d4cfc5fc8c518d81ab701c97c5eba594c0a1f8e03c91599703f23d48ce9919fb59e930006d98d174e8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
2c420209a21e66587a1b02faffb49010

SHA1
f1153cc00166de43f3a8ca6d2fa9da60c6947dc6

SHA256
1ea1a7d77d4a9da3af3eee27d5698019a33f7aa9b8ee1b77af58ebe0e50b0dc6

SHA512
d62e5d14a82887cd570e8d6805955f352ceff320676f0e12d839f30c012a28c88032dba4594941820886d65bff1aa14b3abdb6e417bb71eaf0c36496a7cbba5f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
0f7f8aac88795e8afb7efb2b55441ed3

SHA1
28b4e8f422a37f27374e13fe25d23e9bdef0869c

SHA256
c806584b8e2dc9a8af0ce8450095f2622c85207f5581c0fc71782f8e9492990c

SHA512
65b255f0c89fa673b5e53373a44845f11939c71889f868af96c7b9516b93299d23bbf8a248e4de0a61fc6a62cbae8b2ebf100d7fd8627b4b3a62428f5dfe55ff

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
a9d8a5414351e9af627c37d327a98b4c

SHA1
04101337e49bee1209274d9fd367f9bbc1b27dd4

SHA256
b5839c2004b32dd67de1aa11a48d2b316bb85f17cc9272083cc778c29f5939f7

SHA512
1bcc8e4c6e1761d77fa65c9cfda76211ee8d077c32f4d0e446c69f3ba4db63f47043ea1845a759004882f0a6957351c282b7cb4136a8a7f1dd48c4e1315ff25a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
50512b649e1af1c50f92dbc383a9fa29

SHA1
8fab99f173d3340b62d027cb98fbf9b53fb6cb22

SHA256
79f18129062b2c7c64fa89775510528543567f63fc0840bd6be42104a51cea6a

SHA512
818317cba9294a4d44604b5cd0498aff8490caec4d3c7896c1433a8e1799c139febcb6588c824210e28392a208161b5a2fd6c9bde0ccd68f4a422666487ed6c3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
27e018768039354c98acf6acea44fc29

SHA1
dde14de71b207edb5599f9cad5617b0be7687f69

SHA256
f2d86a66a2451624a56718882e544cc33a3cdc9acfc00de8afd653c09d7225ec

SHA512
291a029f71ee8159f1e845cc80c182ab55e5d48db72097344acd0260d8332864ac45af744752784d601ffbd5a0cbd7626c4fa569df8c12d9afbb60cd2c7abed4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
f2cd0edac69be7a0e068ed4b9a0eb621

SHA1
ab17d4a63fc4da787632d2eb8a0e846109b6dfaf

SHA256
11332d0fd65673274d078beffbec3cf09dee85ccb46756d37829cf6c2443c653

SHA512
29eaec99463755a062817b0626a9a9a3af1e15fd79178a04657d3da9f07ff06f273ec0fe656259efabff7656be06f9cd410fb0683635836a3140895c89bb1dd3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
40249f77e6bc808596812ac741ed005f

SHA1
23e3dd17a7972b85c786e260fafef8bfc57f36bc

SHA256
5da2a8228304a3d9415b8f3f1e526b06e6b706a5cce447331e2d709c716e316b

SHA512
1bb1ed204a8747205352fba5425c2f7c7ee421fd2a6408e12f8948211edceb010ce2a841e7caaf7945a7cca246755c17bba2fef19240ab90cf58cf6b09735742

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
84af608fec9ad8b93d4de718c8e6b27e

SHA1
d712d462f16c8ca7502f3e7b8b597228ef39ca63

SHA256
4150a7dcda8c1a67fb03bc36abf449c92b367a7cc02c7e3272c25168da0e2260

SHA512
df31bf547dbd73127263635cb2af0cf205714ca90298ed857f49b10332c1412b769e37f6323d0ed9dbc4131119b51302dd3837db4ff53eac12aa415378cbc65a

Download Submit
memory/2332-3-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2332-8969-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2332-8968-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2332-9201-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2332-9203-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download