xorist | fe7bba242f3e8f051684eec632a0a0bb66ea4bb69432a9998cf413e90942eb42

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-11-2024 23:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
Size

7KB
MD5

888c9c3d4ac8113c9ebe6ae8563d0e26
SHA1

349dbb63c8b41daf91c7f5f52488ac9aca4de1d4
SHA256

fe7bba242f3e8f051684eec632a0a0bb66ea4bb69432a9998cf413e90942eb42
SHA512

c3a8bc425654d05e96cc24c928584cb81ccbd1e4b16a2c033465c0b914f2eddde96b3fbf1e8b74a7e68aaa2f2b915b5372030d514eef7ec2254f250731260019
SSDEEP

96:lPZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExmPiRxQyWmpp7RJ6rmQN:pzdrr1FG1WDCgmjPZ+cgmZU/pGMUA

Score

10^/10

xorist discovery ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 5 IoCs

resource	yara_rule
behavioral1/memory/1796-8039-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1796-8038-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1796-9180-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1796-9181-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1796-9182-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2205) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\prnep00e.inf_amd64_neutral_edc631ff41a34218\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx006.inf_amd64_neutral_cc725426972d1293\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Parsing.help.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbug3.inf_amd64_neutral_7617862a9cc286da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky308.inf_amd64_ja-jp_d90af802b607044a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc003.inf_amd64_neutral_47e09b7cc0d9e993\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ko-KR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiabr005.inf_amd64_neutral_e14a0514f37611d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wave.inf_amd64_neutral_7a0a0b166f55e1aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions_cmdletbindingattribute.help.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_escape_characters.help.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_prompts.help.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0009\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sv-SE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_providers.help.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_While.help.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpin.inf_amd64_neutral_2415474b9db0a888\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep005.inf_amd64_neutral_f2fbc5759618d8fb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_script_internationalization.help.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_History.help.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\XPSViewer\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph3xibc2.inf_amd64_neutral_7621f5d62d77f42e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnok302.inf_amd64_ja-jp_708c81a8b0ad8846\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\WSMT\rras\replacementmanifests\Microsoft-Windows-RasApi-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote.help.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_type_operators.help.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_data_sections.help.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote.help.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00v.inf_amd64_neutral_86ff307c66080d00\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\pl-PL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\spp\tokens\ppdlic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_objects.help.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_prompts.help.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_jobs.help.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnis3t.inf_amd64_neutral_857ff0fa9c73850a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nulhpopr.inf_amd64_neutral_e078ec466987bb3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\v_mscdsc.inf_amd64_neutral_8b1e6b55729c3283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_providers.help.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\hr-HR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Comparison_Operators.help.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmar1.inf_amd64_neutral_b8ebf59556c3dbf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_parameters.help.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Ref.help.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-msmq-messagingcoreservice\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-COM-DTC-Setup-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\lsi_fc.inf_amd64_neutral_a7088f3644ca646a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1796-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1796-8039-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1796-8038-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1796-9180-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1796-9181-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1796-9182-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0400005.PNG	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15136_.GIF	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21318_.GIF	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\DataViewIconImages.jpg	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_settings.png	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseout.png	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\settings.html	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Casual.gif	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsPreviewTemplate.html	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_up.png	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099196.GIF	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382966.JPG	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10337_.GIF	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\CAN.WAV	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\QuickStyles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_hov.png	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\settings.html	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_left_disable.gif	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsPreviewTemplate.html	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\46.png	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BOLDSTRI\THMBNAIL.PNG	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Program Files\Windows NT\TableTextService\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent.png	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\rtf_spellcheck.gif	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\TAB_OFF.GIF	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider.png	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341344.JPG	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14755_.GIF	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15034_.GIF	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\icon.png	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\settings.html	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\31.png	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_QuickLaunch.png	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatio1c9175f8#\7600f870ebcc661f412ab16465a64647\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..ingfaults.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d24cae564895416a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00011809_31bf3856ad364e35_6.1.7600.16385_none_e9dac4a76e3682ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rascmdial_31bf3856ad364e35_6.1.7600.16385_none_2f9c0cf36f0a1c97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\ehome\wow\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dskquota.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e9a46f0543779d95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..rtuimedia.resources_31bf3856ad364e35_6.1.7600.16385_it-it_690b104007e5d376\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-runlegacycplelevated_31bf3856ad364e35_6.1.7600.16385_none_6d0100c50efddc3c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wmiperf_31bf3856ad364e35_6.1.7600.16385_none_9f706a4c13ab6b41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_brmfcmf.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e68db482264e806b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_45286e597214a485\500.htm	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..cywmdmapi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0800cd5d0f2c300b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\778484606fe5ad8f7e93e86cb07f6078\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-hotstart-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_92dd14f5eb72ee5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..-binaries.resources_31bf3856ad364e35_6.1.7601.17514_nl-nl_103dd0c74f03eedc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..iles-help.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ebd6917fd6440ec3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-shgina.resources_31bf3856ad364e35_6.1.7600.16385_de-de_90e76b784d2b2e4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.data.services.design.resources_b77a5c561934e089_6.1.7601.17514_es-es_93c826fd0070d2ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-photosamples.resources_31bf3856ad364e35_6.1.7600.16385_es-es_85fdbad80651bf4a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..lprinting.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6e640f5c7b3f0b5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tpm-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_956c2bae516ca662\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.1.7601.17514_none_9fe23e2588fdee38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wlanutil.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bae0e56623488a05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\inf\.NET Memory Cache 4.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..st-common.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1d95c249067150c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0d1d19267bb4cd72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-snmp-evntwin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_635a4ddd4c2e6785\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-r..ry-editor.resources_31bf3856ad364e35_6.1.7600.16385_it-it_edc5a21f1afbf6cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..ddriverprovider-dll_31bf3856ad364e35_6.1.7600.16385_none_72679d6b161d690d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_igdlh.inf_31bf3856ad364e35_6.1.7600.16385_none_f3e7064ea3c09a9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-acluifilefoldertool_31bf3856ad364e35_6.1.7600.16385_none_49b88f2dc8d56917\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..scheduled.resources_31bf3856ad364e35_6.1.7600.16385_it-it_65c378f0fb51e764\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab\image2.gif	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.windows.d..rootcause.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_8c7bb675fe9df80d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-winbio.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ca81623c09da915a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-fus.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ee1b3f6707f2bb0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..oledb-rll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d36dbea01368547a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-appid.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_3ef6f7dfede59572\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-devinst-adm_31bf3856ad364e35_6.1.7600.16385_none_a05b761f6fef20e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-peertopeerdrt_31bf3856ad364e35_6.1.7600.16385_none_b5516027b4ac102a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_xnacc.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_19e5dd6205b3ab29\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_aliases.help.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\undocked_blue_sun.png	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wd.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_cb1a0bb19b05928b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-mingliu_31bf3856ad364e35_6.1.7600.16385_none_170f5b78a1ae6145\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..r-library.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ba46212576a4acda\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..rk-ctfmon.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_94f159b342ce8a8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\26.png	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mdmbr006.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7737d227a0161a7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wiabr007.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_72121bad08657463\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_bth-user.resources_31bf3856ad364e35_6.1.7600.16385_it-it_59aedbf5912a46a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..orkclient.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a22cce4d9a8c1cbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rpc-locator.resources_31bf3856ad364e35_6.1.7600.16385_it-it_07493824f6cf4cc5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mshdc.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ca67500827180f21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_00a382ef60882478\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..splay-driverlibrary_31bf3856ad364e35_6.1.7600.16385_none_7985d76e9844dfab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_functions_advanced_methods.help.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-btpanui_31bf3856ad364e35_6.1.7600.16385_none_6c660c48585f04f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-mobctr.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9888f58453005b6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-irdacoreprotocol_31bf3856ad364e35_6.1.7601.17514_none_462a9e44e01787f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_wildcards.help.txt	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XAEVBKZRYEPYDNY	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XAEVBKZRYEPYDNY\DefaultIcon	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XAEVBKZRYEPYDNY\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lTFMbE460hA71N2.exe,0"	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XAEVBKZRYEPYDNY\shell\open\command	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XAEVBKZRYEPYDNY\shell	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XAEVBKZRYEPYDNY\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lTFMbE460hA71N2.exe"	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "XAEVBKZRYEPYDNY"	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XAEVBKZRYEPYDNY\ = "CRYPTED!"	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XAEVBKZRYEPYDNY\shell\open	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
901d31df6d6d7efc404af7e514f1ca3c

SHA1
d6d7c626ee0233e7ced83b9870d2636178ce081b

SHA256
487037970d332ffe71def0eded5d8b4cac907fd0c55b73384fe73fb91835e0b1

SHA512
d90a9d5d271bae07e2957f0583ea6c4ad6c20bbb39032cbccabc63f985cfdfdef8adee536ee1d7ca0e91e2d073383c81d31ea27174bf1b7096d3c97ffdd46ab0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
d6ca44202c55a71bf272acca10da1fac

SHA1
4e85ff6acf9c89ad9b5d72d690f7706a1bad9d58

SHA256
64ddcf1ca5cfdec899a698948567c094a6305ba2b3b7c1a46a7675e7e317aa8c

SHA512
6ae4b1624808a7d12bbd3ef09fd56a25d77b00297e05fabebeb04a3be847ee038eb3d959c2462c1bb90d58876b9ab97bce4f992a61ae083f0d91f67d8c9f47be

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
fc60c13aa75ed60e965571c233d06554

SHA1
b8c9cffdc058c4c60fa15864c60ccbb6efcf4e75

SHA256
191ab07529e4c5e7c82ad5c3d287f5e7ae1daf08e6a28c756b75d5a79796e8e8

SHA512
398a4c358ed1fdadbff81db5c003d0ac59a2761a1c8204c03b65da3c54a88a5fb10de115fe67bd5f2646255e8d372341dacf184f28fb9efad9c6539512db7bab

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
b2e942d2f03b31093de26c2b687c5c33

SHA1
fc8add59197d65485981474f7b25ff1218a474bf

SHA256
c4c9f04f2dbb87ef1b7cd3f383937bd7b0cbb53fc0671990c49403f8c6256e82

SHA512
5fb4f0ec2c0d0b3ed1f8531b06bcddf27a58663b981a3588eb831807baea93b90ce9467cf606c2d7d9e0a9b206181864e1f20d9fa8eeab19791a17dd85d0db39

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
92af4a470fc78de6632d42a4605677d2

SHA1
4f9a9702fc58f73cec00126d2ea3c9acc9f79294

SHA256
7361045e5208bcee0e23ab1c49be8bb31021405c7bba58a32d41cc0abf93c2d5

SHA512
1ca107cda032b8a844bd3f7957711a1eede203485219016ec0c0d3510014b49db51e6de6a3a8bd2383ac11105ef1900e00924722cfbdae6cdf6161cead6b857b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
16bfee6439aa8e6608a2212d5bea87cf

SHA1
6e09c28dcb6e9e56bc70da6f01da8efc7a9dd7ac

SHA256
161372bcac3f6f8b3c1cb16424a7b9cf3c9888d6527eb07ca0b166db8940a00f

SHA512
61c6936bf8af06dc9d545bb423cf8b861bf7e83a878d64ddcbe0df563a714cddf4d3fc4abf5b5dd20c0db851130689e5f6445166ced689ba3e8ca52353ab8855

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
5f01361249d59b8b544b1e9f6778cda8

SHA1
aedb8995ae5e53c89d61e8fcff0af59360e16109

SHA256
ef805c18ce5b492a57043dd43ebc285e56dd3d977c3c24f78589089a7ec4ca45

SHA512
a3a9218a532f5d9f981e88271e78961e2fd356edb6f0122b72ed845e5f229aa816b7b423cc81b478263680cb749ff254424b54322ff196b7405ce4f928ab1b25

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
382cb58fc26ddb93b56b6b59536c728a

SHA1
9fc749436d85fb74d1fb8293992b82ed291a8b37

SHA256
3e902f075ecc374e5951fba893ed7910d8481b765e59f716715aa63b187fd1d3

SHA512
6444ce208d606d12f61ad7d1c288ca42e366e032d4e24a24b13a7224549233abad75de50fa804a34355e61bbd384d0b8c0fd1c4c18c4a2fb473f073093c756dd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
069d7272880c739882b63fbc27fda477

SHA1
fb41208eebdf8d3adfed08c64b0c718da507b2ef

SHA256
77ad0637ed0cfc80a0c94c355543866f78842547ee3e75b2f040d63dffcea365

SHA512
d5242bada673b19fe35b048823b183b912b32a3c28d36080d74e3692e57f3204db57ea73d2b58ae53177434c47f5a60d90d1fd4a5edd42afec0ce88aff5df7d0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
caeab1f604ff9cc90bb70e59fb7fc711

SHA1
1714372066b1cf5e411f5a818a54bfcbe16682ca

SHA256
94d3c7436c7646a9d0f7fedb3af65c04bd8b3e4fdb50f88f03740ce3a33704eb

SHA512
b8ca3f2ffd02d4448d9036e3c77df8e3288b9ce5f443837993be9e7289135a50f7d39326ceda8aec1ad710690ecbfdc657cc51e24f5215768b9abe815396485d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
b3a300c6cea312f8682249fea5bb5974

SHA1
17853af4254920c6767483cbfe5dce2b7c1b3f75

SHA256
9ed4018653ea5bd295615b21143d48825f17de7da2fa262da6d89b9de46ef273

SHA512
aafe371f7f9779ba0dfd1c3e75cefc41f2f67b0b2ef3a20b1018c9f0f45f41e824b7919f0d22b7ac1195be5d4aa213dff4c89e173077e21a1a346f471ec7ae6b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
a5755260187e8f7b224a893a11f85550

SHA1
f53ee9df8c27f7b836166ffd100436d26c5a95e6

SHA256
d528dd458f114bcc8a6cd529d8dd4811eb5a0467f8da9440b1669cb4467c8d0a

SHA512
118f7f3ba890d9aecdd953e16f3fbb587e3d0330ada1fae4cb9fe1919043e388f40fc62a83cccb0b0b2db49b2ea768bafe9b8654e684223322cd0fb04f15e675

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
7baf55fa616ff86bcd0d39c9cd809955

SHA1
59a35e40b22f6de2e44dad47a09c3a21dfde4b61

SHA256
166d92d19649d6e0b60ee617555b1e5e9da04d0d68270fb1f0cc51615c2a42c0

SHA512
f30f9c5f88c9d136b51d6460b5432fb2f853586efa3af5c49d540faf6b4ddba22247799572adf8897ab857cc6b3f8417c8a4ac9cb3f753da26cd21dc76a667f5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
e85ba185ef14ad0d4f4c972be9cfae8b

SHA1
0ccf35f21f521d814be196c24ddd6633783b961a

SHA256
495e4dc62129493939f5eb24617805d7d0944cfca82271bbf538e143e6ebdbdc

SHA512
4b5d02b9cd2d648df00435e560e414df6fd586b2d6902e4ff58b4a75756aaf61c54a559bb6ae0d1476ee21cc9da46ffd6aa6d9fef62d2cc6d6d6f8776779965c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
6458796ce7f9c3583b73a5f77fcf9b62

SHA1
8cbf5a0895fcaa1cd4f76cfaee5e70a1a63999c5

SHA256
d57beca33c7ee22943f558e6c43582a24269f2d5744098036f1657f6e3b2dfbd

SHA512
2c9413e55263b274417befd3e4c27f21de202ec056fca10c216e1aba80d34bfbd5c0871e6a1a1b74d215aa1d7093c42fa4cb7b7e3d5f8c88de06af6826ff9973

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
f90da658f1c72ea0512077b002ab7952

SHA1
2dcdcc41eaeaa6dfadb20a394fcd7c55b2fc18b8

SHA256
99d5ea874e2898bc7f560ed708fa6302b93a5a71c118ee5f39286fa72327c2e8

SHA512
d52ba0875493562e109e968e38f45a9f0af4234c480a5e0b701240b667294530b60f47d865787dfb8e07d8df7ccad9bc3770aa0a7b5244444c1baaede96b6503

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
d9e832c6998d799e4b15e31170e1828b

SHA1
9e5091d393e941d6eff36e9fb8ca95c5e93659bc

SHA256
8c3d55e285741b36a4a6cc2b116a8f0be6f1bbabf4ce50ea46832f9e8e7fbcc3

SHA512
f0b18a07e1fbb49a04f54900b31ef9f7b9c5832ccc4d3854c096627e3b2215247caa786177f2c94a12ea9d92c90dde6ec5c64072b43ada1a9c59120b64e31fc8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
d46c60238ebf8598129bc0300d68b7c6

SHA1
d9ab50f17a6921537dfaa83b6c99f807d6097e1d

SHA256
19e2034f1675c771b18894b049f1766e74805a20c45a09264e6c77cae17349d1

SHA512
747dace56e74a87b05dce88fe58c7333208bdf9a654723b3ddfe10a24f10b14a16689f5c92464dfe8af2550f2aaa83f64644e38fe21e455044fae4ebba36a050

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
e48c3ed1cf8627a8e9c0b01a23967b21

SHA1
b102001141e90a00dbadaa7a01257d4da31defbb

SHA256
22aea1ab185a439cc3c55b0b25fa5b313b804a04dbd552ddaa75734b2dd3a87d

SHA512
6fffadc3dd097b325a38ce8b0f7631184751dca51dbcfca18ea87abac96797611a7fca655f4910edf130c14314025558feaace4ef1edddca1595ae1cc4654a6e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
92c5c3fc19147eafeceec522f2fa43af

SHA1
a2215d3e43c25fbd0f63623469fa8893fd023465

SHA256
3259f5effe345e01c58ccdc833d836d326e4a1005714fa6d1243c59be9cd2785

SHA512
8f85037b39461a9070dfa23c589be03358434ded558f80504ad2906466a9ab056653e99417d22605776f4a67c64327d1c91bd9245aca8a3d06309b5a48cb508e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
a88db36ced6434bae975abbb6d0d059b

SHA1
6ced5e60d31d9e05fc4e35aafed19781ecedf08b

SHA256
564b4ed660da50915bb2b450c068103b19bcbf22c9e06a0d456ba7678968da86

SHA512
e03fc1d8006d65b0c75bdddd5a88afd38dbeba5e8484aff789566a813af344ca55de1fa676638b66d6deba00a983a5675cf4fbaed268be1f2589e50d6da5fe2c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
e50ff77db6b78958d06a97aebe42a283

SHA1
bfb5216b60f92c756ee03f65df5f9dd2985b0dca

SHA256
9813c416f8a544996feddd2ae5ff64dd8380a64c32c81375fcd6882318f898f6

SHA512
f3e484a52f16a2ea12580244c9f38f262004ab5019b33936eb3fd022cdf9a1ce931c9a9e5db3795c02b05a3dece03e1bc3c56491b4b82a5ea5df3ae1bc5da855

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
4f94ec5fadad7e474a45e5e0c0ed31de

SHA1
f25e56971b6ae549bbf0acc0762ae8465abc3d36

SHA256
4eac438a87bb4112a25c0102dd889c3654b31a8558e1b5043773d4e946e4a0a6

SHA512
11d51e3667b6e557baf19fe3415e2d83988ba2be6207405cecb2f3ff1e2e5fbcee880bba53031350c6c7a15333f4bf07624404b28beb2b50af04f8063dbfbb4c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
516ee074a481bbe0f5528fedc21ca7e0

SHA1
ac619d80a6398b3e612cb0653071630cdc701aa4

SHA256
1725990110a3abe5935e15b816028416f672ab6a31f7616539606842d67e89fd

SHA512
f098f2a5b3f1eb38ec0a3c75ab6a479a9c808f5896f7d9fa144079bb27b791396da155a520aa43b9b71d7f1f243d934e3ec74f74078ef5eccce5b635049a4f55

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
d2c655e29675d90b2481cd88e8244981

SHA1
ccf9b3edca10d4fca766abaff5dedc91ff4da26b

SHA256
0c833c61a50b3b4466c5af8de01bba741adfb12ab730afe73d607478d42b6400

SHA512
f779f02744921d0f1deafee6d620ffb14f9d22e9b8f6062eaf63c7ea97e2aa3c73424ad6346cdbaefb0107e938a86701d6a5ec44248e80129889da8340273558

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
84838e37245af9e8de384ece82fbb4b8

SHA1
5d876a3eab90acbb9dbbb145f56a37f180e17cde

SHA256
851160a9823ec32d97f192bdfac076e6287ce793d28c5a53cb3de49113d05828

SHA512
846c82e9277699b9c49372d0c4283a35e13dff121f11318159b30d50016320d37bbe8a127ab06a9bbfe49e2c8351a360566ad5ca1719b0c02bacd689900ddb4f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
34a712ceaa3cb52c4a519c4aa6ea588e

SHA1
cc0f581728477e0d9a01ff6b282448d6c18168b5

SHA256
4de2a903f241374748ebb8856850dd4ddd3dcb55ff9f86512c6a5b440a769c9e

SHA512
48de42f891589c96df48a5eaa2b872179e7c92b36180c98754d680695d258622a4bcdfbb2573b81b5007fd864960bf8f9bf2b762dfa593e509fb9cbdef8b250e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
0c988cc52be51becc0f6b7feb8069e9c

SHA1
f7dadce9916e9145d7482801a24696dfe92d64b5

SHA256
608a17bbd2ff9c788b125e42ac1a12c478b1a7666843a06a97e9e3ee0f637a46

SHA512
afd594d5e5fc9fc770383e3d2a6c4996e9f6bb0cf3d902c902e63fe6d010c06b7d7cce0396c86af2a822b05d7bffb5aa331f5607d0f8ca6720dfb64a00c6f075

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
a0099a458bcc4d12c95e728118273afd

SHA1
d921f6aa5e77b4371dfd31a3111bf30b94e2d373

SHA256
44352644d12544bfea91d8a136691bed3b90f219cfdaccca58d3bb1dfbe5e4d6

SHA512
acdd4b2dad48753843e1bfd106435035474db8d4edf5fb01966dbcdc8febb5429a2deb118518bd50421df5d41d88851d9d2e05d2095a606a839882807f9c5531

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
192015c836d9b7130946ed8bdfc05f8d

SHA1
b165039e2b86766ff68e6aac222b1205c0a786ad

SHA256
2497538fa43070b06961bcb5d7e4966176c712c46aaae1056fdc01201b565f44

SHA512
9d4558095c22e879122b173a457371512da67b8c71e618f1630c87acae9c1d445487535e15708e9a1f984965c15a50dd15c388cea5bd8ce0310dfc7147efdd05

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
084dcfcabd20d16dd26d0affe07650e6

SHA1
e45a9e2b97ee66b88095b89d286e7039059e0f60

SHA256
4fbf80ae0c294739b2d8c7d6e3f2dd92a682cd581fc73958a369de433c4cdd08

SHA512
8e02a3c1c98c6802161b29ff7ae99fc94bc7242925507a312a599e93db1895f7832456e92cb0c3009d0360897c384c7866244326a3519dafecdf72ea2b324fa2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
863e0476496ec6869da42790987efe14

SHA1
67c336c37e87b8583004086e2669cbec43f3701a

SHA256
470091ac89b756ef5c01d010aca5ef04ce1cac0999f0f1375340f52412a4778d

SHA512
dc888319bd4c2f6feef97e3521b8c0e86e7a8791968b3b54d41b708cd3afb80e6cb5bade576c9837b128dd46c5d25687fdd4ce0183d348170c6a840a94756ea2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
151a0fe8b7cf1ba89d8d84abe0fa4f64

SHA1
6a359bb3075df39d65de7140f05eefc9919f67f8

SHA256
195d3afa63aac66a0bb3fea3092a8ae08fa6d76867ae4f123108095e077b66d5

SHA512
35eb49e8dbb4889683e3be6c8b3bac7c9d561a09e81faccff463f9b2848fd9c375539480534142e36e024297f98beba0e77f03e5ce85681d7297cc9b1d5bc170

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
214e6461c1090158efa1c4f7fae0763e

SHA1
6ea3e4f5ea84b5661c20a4bf90f2845fb1429968

SHA256
8775ac54f471c3a1f9bae83cdefdb811d12a2bfbf4ffe9b9695f0dfcdbd24899

SHA512
a1f9d96976d63fb0347534352aaee8476723d5b9e253180899d2c98bce171f71f0832efe1d20bc98a2beb18c2f0f6a491c9bce6f2ee4c7a0c17a139097505345

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
4c8fbd48268a5a6b817c2448cda9a903

SHA1
4cd765d8d802fc1af1ecedeafcfb0d4387900d3f

SHA256
bd0a22b487b0044e004423f3213886ca8672e0e311c7d2696761726edc57a9f5

SHA512
93943f463ab34909d0b8c634419c8a93da66ad74732a00d7e9737014e4797b0f6ed3e35cbe8180bdcd06c14caf57460545a0b58fdc3834535cf30e8c6734e739

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
86d2b85eeb0fab05aa248d86ae7ecc5e

SHA1
6dc6aaeb2c2b997b2edc2ad5d1e4d1acd36a4bc6

SHA256
0939fed76726c819d1a4599bd638b488baf7f9c42a4c2c8f8a7dc68fcb03c981

SHA512
5902a6e1876b3849947dc59cf06bbbe238546d72af798ac639d3c6f0f0fee58ae73a7692e007dea960b4278596d243db13e2085d912f72c78ea660f2a19e736a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
fad2cf4c31ade26ea2ba5fb4d3ee8815

SHA1
574854d13076e529128fa80a541a8801c26383fc

SHA256
a901adcf1bed0f92aba0566a795c23c767c59e23fccec2e3ca34fa365a1d32fc

SHA512
7c45f0cf5811350ff9e79140b019ef35e072a7fbf3dba2e48a20952a69d9ce77d28e006bf0551880c89370a02d86c5ac922e00034d20f0e6b9ef607c9d87a43e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
8d6ac09a2af4bee499762da1b673ef82

SHA1
519d3fd672a924c438edc0d8f379e19c5212a74a

SHA256
58f5d68e6a4be9298fd0720d57718e385b50e186481290a9fde7e7493d6ebef2

SHA512
2640e6972f91bd8d29ef946f5ffa777f54f791b0757fbc056f01d08664ba531a5a53128e399014c5770d8e0da39869c93a358370f5660ba4a2778f4007ac55ad

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
4e9ff0c73dddcb2d484e5c6af0b8e19b

SHA1
2d54713087bf4c239cf2b3a0e2a93c88e9c6a7d5

SHA256
07f754ac0f24d83890358131a433edfa33ab8d11031c1cd863c852eeacfb2154

SHA512
2fb480e68667af4bb6a78c1322c002f5fbd2c272571ef3359b334eb1bd2ef7b90b1fcd6323b1c9e25edee15b4b27bf8462d38c0408c7c3bf95704eadff782ef4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
17c82c8f8539ef2af2f2a392a391213d

SHA1
c64e51f728dce1e701ee21b47ee481b56c465c60

SHA256
a364b119b9ed10ae6efa82510180a6ddd653d55cb8c7bfa5130afdc94f86f889

SHA512
6533b61b857207fe9c44102ada8d1aa4b29ca01c2b8858fe96e518aa2ed98cba4db0e51889d8873b1bdb5adf1be657f76b171f915f50edf7a9f6ded83e0a14d4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
45029f20df7a0c7dbfe157617c3fe266

SHA1
afbdf3b3d88eb2fdd16ae081c4e54b5893b07251

SHA256
7f8047481934a5f0bdba0289ecf25521835000403d6c01195686c71218cb7182

SHA512
5487fe3e9a48d10bf3dd12ec09759f98b86e9df016287ec05c4b52c9feea2fa6170e9a036f2e351576d16bc819037c605cbe8ba62fd07adee052586e1de577cc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
86dd1a86d97ff0fd6bd991cd735e8540

SHA1
411e618ff3c08a437978234b6431247d95309cb0

SHA256
bbd8045271fae3b684775c01c198ad6dddc0c99ab6d79aea611e0da1b5201fbf

SHA512
c177f8cea402a663081fb8a0635dc9d923d10fd641f86bf74374944f6f74d7334ee89c84fb7fa14b7b5beb86d812823c233fdfd05b804e151ee5260647dc72cd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
221f9626b122186ed4d2076868acf0cd

SHA1
000eeda6c63263cc7b4a05d67286f88c65811d34

SHA256
1cad59a94fec4bd8662deedd85b2d9eae83e82a04032d27bd581b0c67c361cf1

SHA512
40e7c2bab93f99874556abd88045650172261dc6c3300d9ec9958210a89437834977541df39421658f317892bdbfb2d49941690d66f33f2dda1c6de7bb5a079e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
ae55dc545054e8c69d7a2a92ace93c09

SHA1
a72409a45c042a1854391021dbfc949a9cb4520f

SHA256
7c6836dcdba55f216c346894952930760aed17fd474446c6155342d9d8862a9b

SHA512
b0ec2d04b3e06a813ae04103f17faa8309cdefa8647bdd836c6c816b1a68627f964c9b361657641e4da868253f435dd2b867c68f6c8ba99227af065d96dfa21d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
6868c4a05d38e006942a2e34c2647d93

SHA1
1ed59ca3e66e6a957124caa298b4b6c9b7acf4a6

SHA256
b7981262086c1d97cf9a36f79622f6345bdefdaa7b7d892f942e1f077e2bd764

SHA512
14460f0b06779b4b8c36c157f8b1f855583f5ebd4ebe1791c1e71a9d8e80d5d2d428a73243192ac54e7bcf122198c5e7158bbd8aa45cb5a12ee1f48c92826789

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
504a6e96523dc3591fd45569b931c3a9

SHA1
e6648aeacddc06961e2e0f6bf9a33e66efbf0962

SHA256
f1477558828002f6f5494c212f85b606fe84c8214c188b6d478ad1112d9d8176

SHA512
f880bf23bcdfa93093b8f7065f6dc8ce2e7368b986c7692353027e00753980b0745dda429be9156bf314b16c5f954a35823baabb33a42b69328488d6537d9631

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
9c22b7a69aaf2ea031a776f6c78e8119

SHA1
124c40a69744235a4d0e2813108a7b0649ddf27a

SHA256
036d7861af2a9a7de040d7d5a786fc406d92816d8753dc9bda107f02ae58150e

SHA512
a8ba00f9f555cf88fdf9f3e45f06cab5e6b6fe4996b6dde170fcd5d0c19c849775d17b12401ea8d3abcbfb5ea3b3b1a556d46b129bb5c18587531b07d082ec0f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
97969546b5b1255322e77ee905296cd7

SHA1
88d437a1ba8a5f08ac20853e4c7fd0b07d43ec3f

SHA256
7c52664c3b1b4db70aa5adcf2d40b69798ef9613b14dd0b2ed57c41c27315400

SHA512
f4ca96332ef09d8fa3843e9aa7eb0d41c414183be88ba934e00e6d1c0813ba29c8a0ec0bd678c32208270cdb082dc55203d5d01536ac027344811d83f289ff5c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
7ef94f398689ea52392712724c2f4638

SHA1
79898fe597973772f156476a680d0a41cf866149

SHA256
4cf681cd5215d7da4e4ae056e25ba255d0b984feddee8188cf4167e319f7aa98

SHA512
32711cf74eaefea1577bab6fc6b910798a6fb82fa478f692d605bd2f2fb6390dfe67594248ad7376a43e62cf3fb07cfec3133b92cb845d8ae63b08c057884b13

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
17559b1ac53ca611f39e25f6efdc3ed3

SHA1
6c1856f8a58a13a93f514f3116a216c385056f35

SHA256
c9057ad537f93642d3109b1fc3b9767cb47025482bd1f1979d680c5258813082

SHA512
05d48240b5fe5c24848751e8324b0697441742f407ae5543f013d228f0e28e417cd3881b8187485485c5bd7b6ae236ac3e6a84087d118169b68fae31c8aeaffe

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
1025c63e2584da6f5700efb759774dc1

SHA1
9d524178c8bca4d61be89b33c4ba92bc5de8558d

SHA256
dc46424aef73e32350e06c03ba4d6938b2ddc47e580e26a886e07128fb15a24e

SHA512
e660d118f64c3810af3b6a7bd2fe0b7437cdf26d6a7169482255efa338ff0c27f8062adb4cf10367797cb9389596e46c2b22f4be4e39ccddb10596e337f7a52b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
e206afe79949fd346661b3f757bfe7d8

SHA1
7b7f32b50c73dceccb0d4eb051132962abf513ca

SHA256
f56467dfec06073576335796188a7865f7676e6d8b2f25f03e19dd2ce8f696f6

SHA512
0842232a660816e31b2378f02ff13ddbe21c97bdf1b69690e68853416cac4d1f8cbddbdd419a46b49d823d780791ecb605e96669878f64004a1b7794e44d7fd9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
053b7c261d4ef95f601e1c60e866a876

SHA1
e16757cd7f6fde385fe64c676e82ad054625a369

SHA256
98457d6069389c4d2ba134bebc7a0b9de55b129ebeec8b4aa9fabd37c3f6cbe0

SHA512
c83f44a208dc88ed3deb7144628c4fb47854a430d1c304cc1126d6167ce58b2e5b005c8771ede73409ddf1fed5606bd51b75678fb2380e21c4cb990fb0da0644

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
e42f08c6ad4fcb31242a57851bd16ad7

SHA1
0c0869f8f33c3ee8da0c0f5a916c270ca2ee0543

SHA256
facabbac39c4575c35fcd691257a9392654bcb7f2e13962f415e17f4dc17b8d0

SHA512
9c6bc2050fab4c15e073be242fcf7a465531ab53526e845e966bc9b58e77f36edb5954f1c3f978ad6c6e172be5b22f32645321215f446e3d133189b33c46d628

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
e077d429813ad6aeef3b54b29109ea23

SHA1
88241b32f804a1520408cbb7c3dd5be5c34c2be8

SHA256
bc72dd5051e3f78c80b33d2e0abffee10792f93e59e9a36ce9f3e8fa98752102

SHA512
88ed4d2f04a8df87133952bb6c5a1dfe5d99ab69ff6e767e7df827ba6a53d59f2dc41d036394b46026ca0fd29a4bbfc9c02025982b3a32e34f7d813fc39fdd9b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
34311a4a03820f022bf2533fe7f9cdf6

SHA1
e638e4a0a46d7c7c9ff8df5118fc5a32982290da

SHA256
57f8d28b3d2b1e67935ec3a7194a39658183f857521e21c96dc9679483985e86

SHA512
0ff03c941e44ada751992e84f4ecb666e22c00e220e53f341647f555a254729832cbabbcca1501ed025c7e42e8346b738aeb192f33c8b2c24b3d9cc62f58510b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
aea6ae064b920197e941ca2f406e7970

SHA1
7faf5fe28631c241602ccd528ccba88faafe426b

SHA256
105084d17cccb8b5170e2120c90169956fd6a9d7a10f1236b7117d8dabfe86f1

SHA512
d744b0ef9680a0cadb393224891172d37521c79509be5b61c71b4514203b7159b637e6081f025ed4cbc17621225a1f91c2337228b25bee68d756324c097ed13c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
1ea3af47deddf539f6fac2d2038354b2

SHA1
d6c40de9b8182ef48b6bf2ca24001ebac7b0c926

SHA256
f0e797330e01326cc9514a5c2551919288244157cd5ccbe2f832caec8f41317d

SHA512
7da534dddab9c7734a40672ac217c4c842eb3537c5928f16f4f3dd430b3e87aa14c211d6471884f844bbe102d1d11506276bb64f1d1b01a4dcf15fd5ce89d137

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
0341912209d84b4389154bafe67762fa

SHA1
875d6665fd9e945c2d29ccb185ad7d565de1e7ea

SHA256
6ee7f0752f66ddab52ea7a747dabebba5200bfcb614f89c7aa6e238c9ff1632f

SHA512
883eb411d91a1369b7e6f26273b28601264aa6839470103a7eb35613317a172da4dac85d7d2310e619426bcb428a5da8e8832a162319b6a115c30489c0dc62eb

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
affede4f6f0209b5d48df13344daf509

SHA1
3478d151cb673f300fbacd9cf23f43a066636e8a

SHA256
646e11ccbc0a1178bfc18907c99d7a2ffe9c319d2653b1008d6ec122044bb49c

SHA512
9b611e5a92851ee459f8f5f6de164f24d70e74c9a597fd5253bb049484aa49d7d906cb620c24977491fd48d81409dfec685129e77a8cb23d393cb9c226272dc3

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
42c378c0c285ea7247de4243d85ecb3d

SHA1
80584b2c1fa58d81d5338f1e1ab378296da5a4f2

SHA256
7f2bcc761f66c67993a2d4ce6617ff5666306d784268d59fc3db7d3dea55c475

SHA512
1761955ec146e9e45f692829db6fd94f6259dd0902a533c1d4a90754d2d211d189e9111081e5d60a7668aa018071332329b58c0ec613115d7e7aacd963368d3d

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
c5dc77ba10bcb508593344b0b892c5b9

SHA1
83c16b5e5d9d9ff032bd1355ce0d3692ff3c4d2e

SHA256
ed9dd1b5966ed806b5be806bd6210252b742e129190e74c11fba8482bf6dd5af

SHA512
3d9adc78184b3d9c30b629ea3f03f2cba60c43701dad9a9a44e033e2ead206435e90ad18fc0b35da29fabac9f347b381e54bb51152c045b1b00891ec1604ed11

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
c93603f2b1e8db7873b712e0e7079ec3

SHA1
cca2dbd91b4e299ada0d05621f9a535a546a8e9e

SHA256
249eb22a72d1c699add25d1e4d28eeca7fa0032fee773fc71eec8d49940b58ec

SHA512
ba53433b39d48bf62e162a6404d1dc453beadf80bab8cdf5393d79fdd3c8867cb15ef1ac1d11995e13c5f2e4fe93e0e65d54ba55d5eb0d07736c06e4e749b52c

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
2be3b2a812bc050021d97ca91f3177aa

SHA1
0cbcd39c031b9988738ab91827065d6ae2d0b4e1

SHA256
83174cb978b8484623cb6a49e91eebcbe1ddc5ffba6c554c2b35bc5a34bc62af

SHA512
e9fa78fbe25fe6eed1715fd147b639f86bee42d9aaea8195f375ad57a6a30dea590328388c05b6a1906affedfeeb0aaf7f62fff82f1fe4eda62b393edc58e96f

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
e8765b468b1d5311043a5230796c8e82

SHA1
30e3fa3f956713a4fd02f7bff2493396f5086d1e

SHA256
5ebe9fd8bb00991a483fa77a3f67fab6db88612d0f59aa8aa25db44e029427aa

SHA512
1818563470edbfa2f993a757e791bd5c96f256fcedacf8b2b12d0f240e574976c4c082473294837f443fc99bf47195fd3ce915db3502c73045a6a04f165893a9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
fb33d5529ca832faf310ccf2f818c9a1

SHA1
9fababed10573823f836bb1ceca70adce7f4edd2

SHA256
f46faad59dd49e2957b5247b8b70c56f256db99bfc45388a30b2e67a9d3b6930

SHA512
250f59bcbaeee2002a4fe16d964f2c368ee2b14e4a90dd20ace577c211738c0e27cc8f7cca45206ff52872df350400d022a10ab6895f2f223b89f22a1e7aa6eb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
a07a895e45bf0fdfc144f5b8c6c2b00d

SHA1
184deb60fbc9bb6f044d2bbf2e8c9ee9ac5a7bc7

SHA256
631f9668b71a1b982362cf2168873869f2276d2b5b2b86973d5f78e16b0c5b0d

SHA512
04ecdfe76f5d14dbcfddb7fa905bbae34fecea036c2c85784d406ea8eb95236de8223bce5a130f1cd6029a835e2faef3dbf2cbeff430dc40d20edea4c45147ae

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
7e8f1448984706c10cdeac9786c388f9

SHA1
18b2a638290331b16fe77e8708c08b874643d182

SHA256
af82201ec334aa89a225bb2a90dc0b3cd3a9cdf6cd5af51648ad1815a66ba407

SHA512
952f6a0270c930e753223d016e50743bf34c3987baa2dc460a044b8159f47efcb3817e0a41fc43d76afaeb0ec07da06adb3e42bac7c45e1a964aee7a337755db

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
dce3b3bdbda0bd154c7a5ffa8b19ff9b

SHA1
5b572cf579bca6ed863c579abd38da2a6a15b9f7

SHA256
231364c6e171bdd3409ad9f507e0bc0e82d685d8779d400816d8c988baa287d3

SHA512
7101158b2ad3153f10726f70b232fba0220ce0b80f8c98009d9f6af724197c55c071409f2b6e57bb51d4a0a3e1f4cf8542650b12b102aeda7f80464c3fce56ce

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
a781b55cdd05eb48486612b9bd9f6f7b

SHA1
337815ac6fe1087c541b1bf8484b7fd7fb6f5772

SHA256
b0735c50be905f6814188df60c992c9e01d31ca2b8d5b470aca0bab3c572c40f

SHA512
5c5f076702f87a06b3b539946e1532cdc5af2d46d20bc9785fede43ad40c158ec5dec777972349cfb3b224ac1d682bc397569b7a4b5f58825f507e21d629146c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
e23010c686c684ecb2d63fbdc2c4ffb9

SHA1
3fd05cec4a37baea827d2ea501d4ddeec89f61db

SHA256
5b4b41b4528ccb4144177ca4badf33372419b8579e3efeff9a3aa7ee448e3d1e

SHA512
8543e46bb5be52f9d397440b5bcf9aedcb6e8e9b930efe6c9ea78fa2e9e02e68ad1496e5561fbe537c894a08e115823c108de014a5ab2681b11b8bddda997189

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
fc877f8afdf1fa650b3a39a0665328d2

SHA1
5f5b9342c649e59c3d98df3f7be1457f1d24a9c4

SHA256
16970ecdac85642c9a03c6d184e9769dc4fdb2fbc453a6c31d89d6b527f34576

SHA512
2577bee18e3ac588c03f8bfdfcc6fc42eb213f40221203053b4117923db7ec42e8ee41304085ea20c6001111e966994e9545643b69d5992dabda1ea8d7aa33f2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
fcc3127c47793c568dc293af82c85e49

SHA1
bb5634ec00d546fd8f6bfc9e9e3389940b1f4109

SHA256
4b00dc6a4e432d3b0b716813996cc408f789e701cf6d4290865d8ffc28388346

SHA512
de04f286af2f82cf8e719f6d1a8e3f39fbb5198a9208586e217c38b07296e9278b0826ac2726f7d8168983f0034337888ee130d80e836df7f5461cdc550f95a2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
71acf686c80ce31be411b8e67aa6bea9

SHA1
b04f42f3eaab70e59cabc1fbf05b6a7d9060611a

SHA256
439d6132be42451165c2ad7bff719153303b5608eedb483045ff27336f9ad69d

SHA512
e3759fdb3725df169aac96ed0e0e1c90d68aee0f238bd3f7088c797802803029fafce75dd7901e0e1d0ae7cd62cecf009f6913263cfbc258aa1aced7e646e688

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
3e2f2064298f7c511ad93c3025b15e9d

SHA1
b799be96aeb18ea59f6e6a19194b74098a3d6f25

SHA256
6cb147412e4390fa7a7e24deac25d232569a28445be0a6a54cbe72773263acab

SHA512
82fc0adaec88287765baa4b43814c43f01b1aa24a8673634c2847e47849e44481e132a0200e887eb5ca3242b1233ec86338984c51b6204bf26fa89ccc9b4452c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
1f1b9394efcb1cd877d5bd4ed63e9d2f

SHA1
c02109d3e832ffcca8ef59b8381ba5f531da0c3a

SHA256
60ab6f32eee13787b32d359e9781104a90297c3bce9a3b921f716c5cca9fc8d2

SHA512
84badc6225a540f2f191f32931794bd3d492995fd2e694467a28d16d43baa7667a99a1da2b5bbb3de3fd28ef64153513adcc32601383db6606603274427093e6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
cf2966218168404de2ef45c2853eb907

SHA1
26e2dbc757c19e77e5a2c90fb7506c262ba4b473

SHA256
20cbee3c4b0ed49fcb52dda081c309c24d6d7dc51169e8e34a1f968f56a9ce1b

SHA512
a9265763e1375cbd3861a8279b8a6c9b7dcb0ad4645c640ff5bff4b79e319c7a3fe6ebc26bed6e9622f9af2f97b1976f0286959eebe45134e904b8ea76937373

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
97f6b883b2aaba57470d2d6e13ec3814

SHA1
0c4baa27dbac329c08f4ce23b72170047e13f2a4

SHA256
c58b5df5d73b6a25daa536cb8c1dd47847c429d4b2ec7bb623f9455a91d644ca

SHA512
6f077d71fc158d775b2ad91d3a04dacefc16091dbe5f8c96f913984578102ab47d6f3adeab88d36278e2b0fba16e746a856cdb2965ccce51742ba9cd23a17982

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
ff8301f63edf33faa04445bf406560b9

SHA1
79519dedead6dafdd4f2a2cfbd586963ee95aad7

SHA256
9bc3cce66af9bbe3b0f1b57f639f6d8eef2fc66f47167075b23c7c5212616c55

SHA512
b4d92175c99d9050ee3d02e98c676ed8d355d6871a3f06719b3f2bab9f6a598b8e5053b0111e3c26cd2ebdb15a19730d3999a4f3a4604366094649416fd5a19c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
a92fa0bb8d732dfa83c835f090f1de0a

SHA1
95428f8f6be83627f5625575ceaa4c32ffd67580

SHA256
8f67a31dc43b5000eb7a03c73140ae5f2286452dea6fbd230b0f643d085be462

SHA512
4788edcd98171195c2aced40bf9877f78492fc4d6b51385d957cc6a1b20f451c38c9b30885d90eac1ea1cc01f427e99efb164389d20ee3d8133bf37066061bcb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif.EnCiPhErEd

Filesize
124B

MD5
838b57c2281bf72d723093e6a0753a6e

SHA1
8d052e12c52bf39212087f2474a9b67ca353cdf7

SHA256
00180ef549b968a98a714be9cfd5b51344e6787d4cdd189a8f08970ece30ca74

SHA512
3b3e911b69012232641abc9794ff3386ee829d49e930bd3ea323409ad23d4f1b2811eaac2a51418378731c350d99a79b7d2787905d56ceac7f4cca41389bfba9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
6e508458e3bde95b6f2b039b8d986e6d

SHA1
82b9a7a83be07eaddefb9f56ab9b7221fb88d4b8

SHA256
b5c3cca15aadc1f8a629c29fd5e7e297e77e9a8c1fb3ce13c2ed86ccfbae43f5

SHA512
a93e6d4c4d3669c0857c9bde6ea15ccdb6296f7e52769e1e7441a0b14246bedbcab2916b697469531599d4aaed8fe91da8c513692f30128924d2fdea310927b6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
cd6bd3a593ac1e07b647580a59ce7560

SHA1
1703ecc2e8b238f0a22de63203fbfd8d710209bb

SHA256
25e982be8421503330f30a05dd83cf6d6c6b372645e0e2b04ae6e0b79fa39527

SHA512
44235bdf2305b65bfc528d9227d8de3433081e662290d53bf4efd0db636c004c83e974e0acb608dcf3ad7712a415aed988ea23ac2fde8f8facafa2f91c4814ac

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
f634fa87ea56a3c1cfbcd5e786cd195f

SHA1
57a5c9dfc2eb6e31673cbd3981b351a35dc483f9

SHA256
2cc83cfd8178966d576b0e26279a9c0345179b69d8c0272b1cdb93cb2e55b532

SHA512
b3cc75b30d0b747c9aa27e28d00fa86c959ecd0148279c973508fb6df7e2ce1d01cf5c4f657032a185037a5f161fd4727e1d99db3e7c7a46115d5d9b29795b2f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
580f5173fb25b7808233dc2ed3bb933a

SHA1
e794d573918edf4434358f3298a59d6aec85cf6e

SHA256
6911a70edf8da55228da3448534809d1c4a7813bbbcd1c659d36c84b36585bee

SHA512
a081e1dc70e65907af7fd233f24ffb216ebb7c7fee967deaa29c5b38337870c36fc3355df3524bf8e0beb87b7626ac8995096451712579da07346391dcd9f13c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
813f30791b16de3caf3ad97def132197

SHA1
67fddf4b493683fc30302fd95167840720720861

SHA256
694041d0e85d0770e5e5e71f6838518f522d2589907d7e5710912831b4cec029

SHA512
44a5389809dbe09e70ca96abc23797a4b2b0abb5776dbcbaa8cf1d6683d7269a03975938120f026eea8bbca36481ebed28124b139217d373c8715eccdc6f2505

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
7dbaaa4c95c00196e6280a295d079c85

SHA1
e1c20e7a8d8c1f4003ff3888ba78abc92ce70ccd

SHA256
b09ad4782b87ca5c9b0aae6f72afc9b6576d85811eabccbf09f6d881c91a1ce5

SHA512
60fae5ed0ee27859f28a639e211d3e986e0834ce069131fffdffc38dfdc76d4a0eedf5d0781433bfb69290ffe06b22bca8b60ccf5fd9f8e7784c65336ca00641

Download Submit
memory/1796-8039-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1796-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1796-8038-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1796-9180-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1796-9181-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1796-9182-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download