xorist | 19b605a68fdec32ef6e596bcea5fbbb8f22c84b0f43a9c6f3e0f6699d04b545e

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-11-2024 18:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
Size

222KB
MD5

8ccce69652942733ae5ceadd4faf8320
SHA1

d50c444d6959e851b56c7018b810b91ac7f9c14e
SHA256

19b605a68fdec32ef6e596bcea5fbbb8f22c84b0f43a9c6f3e0f6699d04b545e
SHA512

4ad035d016b660e0b776adaaae5e07544207a5cd4c8ae209be4ebb5dc14820e79c9c51cdfa402a3e5dfcbccc70cbf124635b000d50538073e9b2aabf6257ae88
SSDEEP

6144:WGGG+BFoqjHH6oHI4CzgtD78nfa2Dhb6vzSFA:iBFnH0g78nCC8vzn

Score

10^/10

xorist bootkit discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 6 IoCs

resource	yara_rule
behavioral1/memory/352-4093-0x0000000000400000-0x0000000000479000-memory.dmp	family_xorist
behavioral1/memory/352-7531-0x0000000000400000-0x0000000000479000-memory.dmp	family_xorist
behavioral1/memory/352-9220-0x0000000000400000-0x0000000000479000-memory.dmp	family_xorist
behavioral1/memory/352-9221-0x0000000000400000-0x0000000000479000-memory.dmp	family_xorist
behavioral1/memory/352-9222-0x0000000000400000-0x0000000000479000-memory.dmp	family_xorist
behavioral1/memory/352-9223-0x0000000000400000-0x0000000000479000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2212) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe

Loads dropped DLL 1 IoCs

pid	Process
352	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3gMvmFgvytPK0VW.exe"	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00d.inf_amd64_neutral_0600b2ba575729f4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Comment_Based_Help.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl008.inf_amd64_neutral_d225e15af1a594cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Assignment_Operators.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00d.inf_amd64_neutral_0600b2ba575729f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_requires.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ar-SA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\agp.inf_amd64_neutral_22cdceb61fbafb43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Foreach.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\com\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnnr002.inf_amd64_neutral_37896c5e81c8d488\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Line_Editing.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_trap.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_internationalization.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr007.inf_amd64_neutral_91d259640bad7d26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\modemcsa.inf_amd64_neutral_b64a610f1f09f267\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_profiles.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_hash_tables.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmfj2.inf_amd64_neutral_9c9eb67d406a1632\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Path_Syntax.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mtconfig.inf_amd64_neutral_4de24f49b5e60c45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph3xibc3.inf_amd64_neutral_1da6abc36a79974f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky005.inf_amd64_neutral_8836be987024e6a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-msmq-messagingcoreservice\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_operators.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_format.ps1xml.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ehstorcertdrv.inf_amd64_neutral_2e1cecffae9c899a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\v_mscdsc.inf_amd64_neutral_8b1e6b55729c3283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\windowssideshowenhanceddriver.inf_amd64_neutral_184a2ef2a8f57c33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_advanced.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scopes.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_operators.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wialx006.inf_amd64_neutral_ae607a72b46f9cfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcm28.inf_amd64_neutral_d3fa0f62d3d7cea1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdp2.inf_amd64_neutral_ab710894455d7b9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Automatic_Variables.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_pssession_details.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\angel64.inf_amd64_neutral_6bed16c93db1ccf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcommu.inf_amd64_neutral_83cc415156be45c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnne30a.inf_amd64_ja-jp_b2245ba886355a9f\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\adpu320.inf_amd64_neutral_4ea3d42a9839982a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ClickDownNormal.gif	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_preference_variables.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_PSSnapins.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_try_catch_finally.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_wildcards.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_neutral_269d7150439b3372\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00f.inf_amd64_neutral_777b6911d18869b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NetworkLoadBalancing-Core\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_try_catch_finally.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_split.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Throw.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\com\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/352-4093-0x0000000000400000-0x0000000000479000-memory.dmp	upx
behavioral1/memory/352-7531-0x0000000000400000-0x0000000000479000-memory.dmp	upx
behavioral1/memory/352-9220-0x0000000000400000-0x0000000000479000-memory.dmp	upx
behavioral1/memory/352-9221-0x0000000000400000-0x0000000000479000-memory.dmp	upx
behavioral1/memory/352-9222-0x0000000000400000-0x0000000000479000-memory.dmp	upx
behavioral1/memory/352-9223-0x0000000000400000-0x0000000000479000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\RSSFeeds.html	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\WHOOSH.WAV	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\gradient.png	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewTemplate.html	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\HAMMER.WAV	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_LightSpirit.gif	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\spacer_highlights.png	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309567.JPG	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02218_.GIF	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-2.png	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02742U.BMP	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14533_.GIF	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_thunderstorm.png	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_over.png	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0313965.JPG	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_OliveGreen.gif	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sw\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21295_.GIF	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR23F.GIF	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR15F.GIF	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsVersion1Warning.htm	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Solitaire\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\picturePuzzle.html	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_settings.png	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01239_.GIF	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21495_.GIF	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14795_.GIF	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR9B.GIF	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\RTF_BOLD.GIF	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14530_.GIF	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\QuestionIconMask.bmp	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_foggy.png	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_hail.png	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_settings.png	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_mdmcxpv6.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_72f3d4cf9d3dccb6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dssec.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b531a1ce0ca6c00d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..w-devenum.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9b73b5da37de5511\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a3e0ca0a5dd94eca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_7.5.7601.17514_ja-jp_4da6291c32d478f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-peverify_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_29709023f1a6e38c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..-chinese-tipprofile_31bf3856ad364e35_6.1.7600.16385_none_f00bfc645ba51f57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..onal-codepage-20278_31bf3856ad364e35_6.1.7600.16385_none_543e38cd46228f5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..essionale.resources_31bf3856ad364e35_6.1.7601.17514_es-es_75e8ec7939c0089d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..layer-mls.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a96104734a0c6a1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_a173363f4311c801\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft.backgroun..nt.module.resources_31bf3856ad364e35_6.1.7600.16385_es-es_eb07b84d53fabc90\about_BITS_Cmdlets.help.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-dskquoui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_35c01d0bf226ff78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-safemodc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_35ff1f11c7365cd5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1cd8423c61339c71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..t-tracker.resources_31bf3856ad364e35_6.1.7600.16385_en-us_81e9aa717b4d552e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netvfx64.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9c9565dcfdabf407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_0ce95442f3736a4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_6.1.7600.16385_none_ad5854ca0a23343d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..ement-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ff3a99847667f8fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_sdbus.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b580881eb5de85e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-oleacc_31bf3856ad364e35_6.1.7600.16385_none_d0ce59c770758425\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-t..utcontrol.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5e2636f1c14c7eed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\settings_box_divider_left.png	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..-msscript.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ceaabf751a874229\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wmpnssui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_df4223f3147d0309\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-diskmanagement-snapin_31bf3856ad364e35_6.1.7600.16385_none_f7f84adae4544661\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..ce-server.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_272da79737fd0c73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-r..tance-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cb744cc52d89bfbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tzutil.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2ab91bc6b479896d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7601.17514_none_61acd141e5332baf\wmpnss_color48.bmp	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_server-help-chm.snmp.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d1f0cb7ff95d6c72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\19.png	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7600.16385_es-es_45e192d8a828b8b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..untimeapi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9014d512016a6884\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..ingconfig.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_698a4a0ff29b819e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-peerdist.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0f3c859e40cf09ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..dlinetool.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ee9d0e0c5a29e375\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_fbf7e0678b64a4b8\Windows Battery Critical.wav	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\618ab8996b43e841efdcfb273393fc02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\403-13.htm	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_pcmcia.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84821fd4ce7ef3f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.1.7600.16385_none_b96d21ae9267a7dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-whhelper_31bf3856ad364e35_6.1.7600.16385_none_7127322d9ea5ce6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dui70_31bf3856ad364e35_6.1.7600.16385_none_b3a9a17817cbcd9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..mutilityntfslibrary_31bf3856ad364e35_6.1.7601.17514_none_5ce9bd3c0a8cb522\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ntlanman.resources_31bf3856ad364e35_6.1.7600.16385_de-de_eec5a30173304188\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.iis.power..framework.resources_31bf3856ad364e35_6.1.7601.17514_it-it_88185b6335b4839b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnca00g.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2e1644a9f7142fa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-format_31bf3856ad364e35_6.1.7600.16385_none_827dd459a3aa9980\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd\flower_trans_rgb.wmv	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.InfoPath\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iscsi-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_93b34f8f10d6cb59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-heritage_31bf3856ad364e35_6.1.7600.16385_none_5872c0830d0c4747\Windows Notify.wav	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..scheduled.resources_31bf3856ad364e35_6.1.7600.16385_it-it_65c378f0fb51e764\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mspaint.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bc0862a9f56ca4cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..p-listsvc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_13b239a73ae72dbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nettrace-netsh-helper_31bf3856ad364e35_6.1.7600.16385_none_f72251fe8a04e1e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe

Modifies registry class 13 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.qwerty\ = "LIXBXVADBPLAFYV"	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LIXBXVADBPLAFYV\ = "CRYPTED!"	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LIXBXVADBPLAFYV\DefaultIcon	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LIXBXVADBPLAFYV\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3gMvmFgvytPK0VW.exe,0"	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LIXBXVADBPLAFYV\shell	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LIXBXVADBPLAFYV\shell\open	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.qwerty	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LIXBXVADBPLAFYV	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LIXBXVADBPLAFYV\shell\open\command	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LIXBXVADBPLAFYV\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3gMvmFgvytPK0VW.exe"	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8ccce69652942733ae5ceadd4faf8320_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
838B

MD5
58f4aeb67b1d45e81e1d59b7b87fa0d0

SHA1
c9297adcc4cc2740d022cef18216fcf110c20ca3

SHA256
b9c900e896a3f010b5a8eeaf5492f654cd25fe3b67b653b9fbef7b6cb12a2b0f

SHA512
110faf60e2ec618831f127decf6df0d2f9e2584372db33fad8e988e0c5e7ed442f0965e8be7beb1e360ebfadd675c14948d3c1ce45b13b97b7f2561894abbd1c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
6227ba4ac6c7938365ac25d7fbdd95d9

SHA1
ca4ff923fd86cf66a871a86d3678b28ac08b72d8

SHA256
a836c7d37b8d35609bfc6d04e0b40858d331f5aebbe449ac1cc67f7b49351f9f

SHA512
61c8bd9981dbdfd7c61d4e1e9a08ac5cc99c2f41da66b505df097cf634d3e4a02b6db239b6a02d2d5390b4491b5baa8e8ed427589ab478a7ed9694135f1a74c4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
ca4f16e42236a91014ce85872366f4a1

SHA1
d57eec3f1e231ea9ebd3f0409126cef984680c11

SHA256
20bffe8e8d43c937760de420ddbca09b60985c00e1def5139446ba91e518b296

SHA512
61924fc3905dfdbb6c569e969af2991a3c47367eb2a2f25acbe58955ef4d42a466e626b2bd074722fa2d5bfbde35f6b99de78e2a060381ff826e4eb9a7e48080

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
d7713a3f1cf3ad5ae089b715629a9ddc

SHA1
06085d3fa9b485a0d1a4dc23642921ef34297011

SHA256
d2e9903bf1a1ab7b9a27f67bde479ee8408d8bff4eab21473c34fa7fbb0ab133

SHA512
93ffe12d1f7f81af39ad26c7b05e722e9d05ae0d053f0030e6cd96422b21de9120f21287e67641df0ff55f7b1b1ab0fe80f0b88fcc58835cc33a17c3f74845d4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
bac8a16043d674241e0f7f0174653321

SHA1
0f49d5e95fda7a68897e48e138d0969ae4d36995

SHA256
1eb6e39e6b69a5b988967d4e70dc80a39179d7f0f964fe1373c0a04541a3a107

SHA512
985c756f748f139bd306516869722d4ee1ae980d4f261a3fa1ccebaa6d0951b69ceb9f3d20cc43db2879d286fd27ed9051f9a41297bb2cd7ba87d19a9cf15e36

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
26c1b960d5910c6b9f991d21e19e21de

SHA1
712fd3a87eb855de8e6d1ed73b0c78d257f2c98f

SHA256
2fa6e1980884e7cd606d06c56db4db16c784f9076555c3bc2026188d68d7ab51

SHA512
3244d689fd94b7b6db1cb50bcbdcba704797cb41ce4ed66c6364f1c48c2eeba8c06fb6c69d5d6f404d74d405301999ecac2291ab7d098573c45df4f39f279ce9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
fb576d4bd29da5577ef08cfe65002d35

SHA1
8852638c8e4a806234b1369a57d57836cb9fa4c7

SHA256
24ea31184b9c8659ad19d38b686ed6fbc74825d84f5b44592b35df01cfc79405

SHA512
e863bcce5d2c66aaec9832255699469f35b6fbd69fb33eb35f8abc098134d25c98b30a967d3bfc0c8cc4bd1a29220c4d6b7dd87376747b23d75e44fc08b13182

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
91da18fdfd62fa85b6ca9f186d6b4325

SHA1
13f4b3a5bf06886cdf52b886c5ff64eb53bd931f

SHA256
f1d7001f41b560e71683811a0bb9397a52a50d5f2debd5cf7c0dfd5c22ee1906

SHA512
227e068263d596231856b459ac63e688d921773653b09e000d40ba7af2781b639ae7139e15763f505e6a66f1cd7b93fad7860386b0c49de50d1821af33d39cf0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
c90bbec0bab1ed1b4e79f6f4629be326

SHA1
45906a5e51d4f2cd903fd3b0459ce1aea7b12983

SHA256
68788317919e81a72e63d409db2e80ac95ce56cff1f4bb16f5de77c907335aaa

SHA512
283197cccaaf9f70d20d2cc365a54b61c1ed72f3b196768a4112b23e8397272aa3961f5bcf041d1a83f8cebda6f671afed26338515969438b36cbb802dc7b9e6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
1be2b5d2b79e0e8b2e5b040fbffd0b44

SHA1
47f2b4a72b2281172c99015fc91116d2c5c15159

SHA256
7374552c5684cf789ba2522e8f7f5c7acc8faec0987d38d49c34db7269da9fed

SHA512
652d476a73bc9df166d20057599c637795d2945863bccad24759409061915a02790bc9a03193ddfeb5e1ee05e0f8010fe6006076e3152393a92c9466d54820e7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
13e8d65e12702c6eb46ba2c2bf32b0e4

SHA1
a48884e964b9fd770858bb1113a95c6318297059

SHA256
7a9fb3cdc03ee9e5e403618873f2927645d853ac185d24fd70cafda4e0d7c7bc

SHA512
71e390187dfaee43d89198b010ec71ee396071b654ff4ed399fde8f3295df7d5f5a3f225902d50b78b88b881004285abfc55b13a130aa5cee9d4337cfb238285

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
8877bc13919687264729ac25c8db1337

SHA1
7dc38bf623e976c98f058b88ec7422a07328e0aa

SHA256
a6999ae38f5f8880edd00d9d05191007ae3c0c157f5d76d8e3e86d80a2b1ce3b

SHA512
47bcc65b71aa52d6cb4e8c3a5071f4e790794ea5138e24ff8af7f28946bf9599701d242de7314db12f40d43523d7de865faac7218c9e738a9a20bc9f4f5b30a8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
09589a0d2952cb89e55d787352748584

SHA1
b3d86fb5202151bdeeb750238e3bd85865558481

SHA256
e4ca30f11f31f102e4f97ddf845365ad944cf0dffa85fc9dce6416ebf04bc698

SHA512
3b92f3fe7d15b83bd128dfe5c4f75ebd78bdfedc91ddb6853dc33bc7bf76f8a34eaa2ff09db397090468699a75844252fd463cf8e38c1d80485f87ae3e792ee1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
597a4b02961c3ad4e248db9fb50bd066

SHA1
11718bb642818600adf12d190cbc8b21dbc52753

SHA256
ae46472105e2972c2c79792e46b47d1297786861f63d528df9f8a95f5840b404

SHA512
d7e31d9820e906ef29dcd821595b2e42792d5e6d3a6e0f2fc84524af21dbbd082efaaa58d1007e22273d0ede33e0b21374431c73c6368171cc305280687d2d8b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
ce328a3ba2b9cb6709590d997c8cecd5

SHA1
425b697a507be25a36f6a2cbccb8a08fab1b1b0c

SHA256
507e91d23c02e5529b0adbcfddd372cb8441d4c921ff50c028396fb6d07b1603

SHA512
91a691bd0026daf6be8c8253b26151bb2d15c00f3bfc8ddbf5079bd5ebb245c740046f6eb6ce5a2f9b0f59add0e43aef73941efa15a826e4d8e2d1e5f9b46fa3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
973ecaaa14938d80429f34ded5009a01

SHA1
a849fadc177bf162b8b9e988cbc87905121c06b8

SHA256
7c4f21d9f2b80345f2a7d1c798c22603282650517c8f5c08fb267ad8c2c000ae

SHA512
6527e698a0b5d97d403565eff5d4a78121b595241d14c00679d757235e24cdd0ca7e016dedec0264f9acd1b8ba1dde9ff0a4912bc96c78a006bd526064188786

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
a0f9bab922a9654a401f028aa697329e

SHA1
4f731ab0e4d64c0535a18b8a27e737f8f2c36353

SHA256
8883ac16549a4e2952f89816687b37c096dd1854089dc54ab3bfe5f498e47df0

SHA512
86a59c88fc2c0506bd9ca098417b1a603c38f6be4d0d814d7dfceb2e569f3eb20cc878d030b408d570b4bd268a1762b311067fbb276478b8512b1ab4713d3fd8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
2ddb70c6a695c61afd8421ade672de25

SHA1
0ed901bc774c6328fce363c2a782fcfdf59891cd

SHA256
d4fa363f52c351768b3353b93e530e6012585ebddae63f4f6f236ce8ac3af91d

SHA512
2793619a4ecef5f44a88c2ce56f17346cc540a4a0256923284eec6a0543dee0b636576eaefd892bc0259fce86c94d0accc4e3919b09f1042bef06ad647f1e32e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
b43fc5e876037663614084e127cd15a9

SHA1
d60448addeda029a640aadbebcceb6eaf3eb25e8

SHA256
26c6ccc911cf229e1afd0fe0cd09895ea7402c74c4a1be12fb91e12a2288ac7e

SHA512
e750648c1c371c94ab395557eefde0eda89139f63f2c57f5c49825794b69baddae5bb8a6645298c6783cde57bdca8275f5cef8be8625e8022624b960c2a40063

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
4aef3412a8a8010246c321746be2877b

SHA1
335082f9f84926bb2f31fc0cfb88582b63926289

SHA256
323b7c88eaf19940801c3c2c7a2de1edf83d2cb0070dd01e58c77d005183c93c

SHA512
c673704b29aab15a3d6be49748ccf93d7640cf3f310e5d8234e3bbdd341eb1e3968d9cd80728e46c0c0d828361fc65ee3fbbdcc1a532142525e126c144ae3a97

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
1526cd42ce6388d61d7d1a17164a9a3e

SHA1
493d6575b00996c20d4480a8f52d97cda61da933

SHA256
b97b3c82f9d79bb64bb3fda937f869c52a206037704de2250441e3dc311ec6b4

SHA512
321284afb27b6cda4ae005354b0bcf769718777cebc785eb745308df0d81da9813eac9d8a14db9c9710bb4b1d92ad75b1304cd2dc89a2318f999334929c986fb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
a6de60a26f442740a28939d339710d4d

SHA1
8d0fedab3d7f8ff732d4b91489b04bfc0b54e494

SHA256
b81edfe2c705fb6f6027fbda823ed0865d473233ee8d108c71d8114c91b04d81

SHA512
bda04a5746697cf87302de0a2e3877f8a218b556581fb32b9a3161c31df8ac9e2eab91f63f220986b70ca5919e2a5ead850990eb3d72691b0e533757c71d7607

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
ec5458dc5a249752568bef436f1c1fee

SHA1
8e28cd808e8bad93018e639c51ace1a0aa2afaa7

SHA256
a8e9c9f2399e26a3892080fc4ccaede08a0513f1556ed33ac157623b938f3bd7

SHA512
3136eef687811b32fb7688a316c078392587f5498b545afa283016a36d342e7a508ab45afe3979901179395d116794efe605ff1e5d2ee1ccfe74e9ac1c63d444

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
94f15a51ec0555d63a3d648d83aeb813

SHA1
b461efe5cf08a0d312f2b39fd063701e36a94edd

SHA256
5ce78c3d2e97ab44bfc77e4e83d9711bc949d397607425bd1be817eb8ba04031

SHA512
e1459242997be0258e89c2a75328100fe7814d5516c08fb235d492cd1081b5f1f9e08ceeefee69f2ed7e9fee2724835eaec40adeb787f9d03fb1208160abaed4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
68244489ee277554e2544bbe880811b1

SHA1
22df988d147648d6739bdfbf32ab7239c00b7b5e

SHA256
9a3dc58b08c3181ad235e880a30817ec5a0a42d5714e0197f9f40b166ad05960

SHA512
a405fe718080f7b759dfe3e869ff9dbfb8381127a83c53a83badab15eb05212d8b18c123aa89ad62259602f10708c8524b0c06dc6c04b1c66761f33170150bf6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
c417aff68dbbf32ca8f3ea4f6b227645

SHA1
8346ab58823c97b4a0b89cce82d1d24401b305a9

SHA256
dc454d7fb6ce0eca1a10a760a95b2ffe2499a6eb973fbf316aab66cce7afafea

SHA512
8a1aab7bb0a4b0d0ed11c7d044f9f1ee2901678b4256abf9baa34b9b4b343c6fef0a2b2f802dfa27699c376d5b845a2a86964095d51340b69abe77c651be3ebd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
aa676c9f42e18222805907f347c2a685

SHA1
caebfc819687abbcbd417e077493f93dbdbab9c7

SHA256
3e21371f3a301c9e8bcedbba5b76adc789680f366343f521481d1ada34603c05

SHA512
e19d6dc3ba842943c390fda8e376bb3e1a6ba9dd92e2370ebb94ea57ac0b500d280d3ca1e9cf1ef4c76a0ed4606b27048eb7b9d20e903221ebb44329d1ac61c2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
829995aeb2bedb4f67fa1adb073fe8c3

SHA1
3c43c3108cc8a08f7da75162378494bb22cf5605

SHA256
82a83460d7055a511e805d23901204155efa63875a07954c619deb06c8654533

SHA512
af82732a5344a05d1267ae6ca2d18d43d3073cbdbdc05ce53eb7f92bf766882ac46f067b04c3611640d4a8e65f3e6c545f54b7f48c97906f714df00b91cfe652

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
603c43124c2892d94f359c940d7ecb62

SHA1
dab883cb31c8253365df2d97c27103c04d9ccf4a

SHA256
2c017fe2b1b10a5c27a070faa617799b3f64f175f6dc16739efe84e1b6fc1dbb

SHA512
7544222958e6aafd5553114945c839bd6b3030329d484a63fcb1612910a92baefc82177e70bb971afcdd37f8f1a393a26b24733dc90f79e0a3aa4ef735da2d17

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
8b724f022107f45ffad8c22515c0fb63

SHA1
2364b0a6a2b1fb5d9321c2666a4c0f86a6eed3d3

SHA256
ed9ac3c1b88d317f1d0d02ef900bb9596826aea258112c6c3cc11e652c9d28d7

SHA512
352c11b5e0f9ea21e956574064836914fa2b3093d6f1843dcdceb2cbbb18ef08e5cb213be1bb5a2c2b5ff7f7be540ff8d6f8549e0d2401b821512340bb696f1e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
40796740880cbbd2996e3db937f4b573

SHA1
5092805e443d3c2bc1b1b232c823ce0e7109afdf

SHA256
069e7d159b8e671085ef1183b4d5cf0a541a588228e338411818e0ab7468fb73

SHA512
282dc8bfefc41fda20751b6614697c016440ea9cb872e79c7cf5409333960d507a43968aef44622c3e6d9d342b5c34d71d164ddb95f4839b3b948a18a46bcd10

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
28cd4795956dcc490ef29be5c961c736

SHA1
7db9525329e776b16dd4a9738e6c5e2f4211c0d9

SHA256
4d0ce27afbc4d4672dc1d96108e679e7b1aebb1cd11c7573ea0dbc98ecb68e65

SHA512
5f51da70c210ca57657b8d40e7d19802ec00c82331c6c1f2c4a87449856adcbbe570e8cc467d987063352f89508e3b38960517f412d1b37bf9e9555b32607bc7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
c66d1ac16b37d6ab22524706b5fde93d

SHA1
b0a43d43adc6fc09094d70e408c1f9421e89468f

SHA256
4c71a71869546a72d98f8a5f29395185f986edd3726fd29b33cbbc9400f99991

SHA512
282f9ae29bd65583b8285cc63f1d65cc0f24ab4c14163f7ee21bf6cdedfa5becf124548f920abcb1c46a85abedde5cd83372304267f9f2fef829a42df5ef4554

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
e77579e1d76f0cbcc4d1420607760237

SHA1
e07e2964b76bbe52ac8070cee5e14be9d25f368a

SHA256
ec1aa9a0e184b4a458924d4341358ae53890f1ac26607b353729126558df629d

SHA512
ea10585e358d90003566e5efdbacef7b4009ce3d967de8f087eb66bd28c52582bbde0e71990870e0c802968915171831c3522fea7de76205d0c14afc8d10abea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
1e15a26df789ac3340adb9612f930342

SHA1
c2946204338f91d417a1dd78010b355efe658f1d

SHA256
1c1dce756adfddc3f03437c30751e0fe5049298c646d37d9dd6971a433226c2f

SHA512
23b97055152eb9c5fe8ceaecc65862059d945bf21e2fcecb8eb4ed77b28561089d06f31fbb4c633da993002f894707877ef523111649c84e3a5639e4ac3b1ce2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
afb29fcd789712ef92fe4b11e730d98b

SHA1
c5a2f8f268c995bfd676e54daabcb7d99f429571

SHA256
8bdd1e0302eb502c17354fbd6d0e7125d1db0957b0258de88595ab4cf3b03152

SHA512
10c68f5e445e7f46aa23c7f19f377a3476b37b72656f96e1e6bc18e90face47f04a160294c85d8d6cd0e1ab21ac0841ee0958a96d99fbdd174a292f6d9710e93

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
2e07e921fd43107ff599849b7198a0c5

SHA1
4b577b54490bd1e272b8383757887fc310b18b82

SHA256
e6d70deb27df22bdd2af1ab96c2b86babf6fc3f19a5ead4686a76e744b7172e0

SHA512
477d213c01f6fc7b912bd90a8e94fe37036e61aa72df5e2e5cd26a2492f2767b91b4bcb1cf1c81b3ed87f71239cc9f72e2246684936f740138ff4164dc6e6871

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
b2406ee073af4abed4e5494665363d9f

SHA1
a4eabe696259cf3530de989f3f83068d015d48d4

SHA256
408d46f0767a989af8bd4663c58a1616a25ebaf5f7628e8433c8ee95e08b2d77

SHA512
6432e4ee848679b455701f9bcaa517507ae1e1ac577f0aff2b48b18eec139b078b06976b9cb3049a1aa4a3d8cf2778557399f4b433593bfa7bc7881f6e74fcfd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
bd7cee1a4584ecf5b8aec5fabd2cb5d2

SHA1
b42149c20711a91a5babb2d263503ea82daf1b5f

SHA256
9ada4ced8496be0c321e974dc3c67e03098f2ff779acab2f5d758534afb0f938

SHA512
9121fa2a647e1b40e0b965b251056f8b73c667da04e197aba7f43e3ed2791a9913d6b0a68daca76c0d94122493f1b54ecc7fcbda162cf9ee418127675db8b053

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
b803081b56fa5e3c7373190855a671a5

SHA1
d9191d38d9651f3d1423706250eb3efb2227cc7d

SHA256
fa4cdc754dc8263986934d292426061a4984b71677af641f27465d412329ee1c

SHA512
b5e69b9890beeeeb5dad8f910105624789fa3f893e2cd8f841639da253be1388b32282d9d684f8ff45585617a6b6aac9a5f938be776b153d6cb4bdf4b1645cfa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
00e876c4bec3c42c5bfc48cbce5906b3

SHA1
5c524cdb68cda5316f31d38ea357846c9507ce36

SHA256
081e1a21294ecf309fbb7e1b3e716c2be8a5791560605cd99d313d3ce375533c

SHA512
45c573b7a6b134869e8cb230dc8b24485da9f1e98872984069e3b0ecd1e8de35870dc5fb49af0f4a35f9a5d301d81af458948f1d819dce69fa6d23ab524622df

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
19027272fa9e602c95453c87a4c8e34c

SHA1
a32ad0f5cce44e2c4f4ef8630c3d11733df173dd

SHA256
82454c742ea60241a5727252190aef9cbdf42b7be49dc0e53e277ba7c04473f7

SHA512
8acb7d210145c27ea4106ffea728dce639e95ca5fa14e1add9b51ea7d2f1381624c0c547f308161abebacad10729c5510e2efabda033a8a6de1cee87000559c1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
eb1f2df6c283395ff253282c0c8116d3

SHA1
9709c5d605b1de79e8e769afbd3f8500224427a9

SHA256
7617ffe580e3e0c9a0c005326cf68f6a5a4824d00e045ea49a271b711bef05d5

SHA512
d8043412deda3be53082dd2db580469452bbaedeca12cafe77b51dd043d30868a8332df3b67980d1158ceb3970bfd6695fffe9d437def42998362ba039946110

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
2611910e7a5b043faddec67fbb875582

SHA1
3a08d1c3a04d1b928c333abfffc39c70a8973acd

SHA256
31c3f04265d1d0eaa53d080fc8d452470f2c8f3717e8ee6f5a489dd82141030a

SHA512
d895e26fbf40dcb0d9c1609990f4bc7d23ad7ac0cf7fd42b125d98eb608570defe18d0e34719a81b5c35613c4e160ad2fbe409e713fae690df52ece9de532798

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
54e73ae88417dd4fb356fb730d0a2940

SHA1
2288deb6b86d2e56279c83f903190e2520cfa1ec

SHA256
552acbc2ce8e03b8d8c405e49a6f1455843a97457f492f7bdda6e7538d343aff

SHA512
c8660c854a28e6e7ed15cb588756c74dda57456ab51b690e57b1725845f5e82523eedae6d20d364f356f57ef91a3d0a63f36d097240a3eb327b52319f7170898

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
e2b5e22a302729993d88e74815a3aa2f

SHA1
db861e9432d13ae72b801ed367a5efdc784ea5a6

SHA256
7890b8ef2f0e446ac14386b3ebe54ef50d33c40b17d369920cd64f6903a1e645

SHA512
770588961e99806f641fcafe786d4db6c07c8d62974bacc45e83bc20c0a6581798cd791be2a61298ef0642a43e3cb1644afb41b816a4a84631b21f5969e19338

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
0d435fc4ba3a93c13ab0aa1ee34356db

SHA1
48e633070f50530b78eb7518888c716bff70a7e4

SHA256
122811b4dfe0731c81bef91f7c1d2e397895c1e9d2bf8c13f1768382c3bb4444

SHA512
d977e12689864255bc47e20acbb49d820566d0ea15aee180b7c03a267c142f4450fcdb5bd57afa6863ca86507ab2df832e6911a2466cffcabced06412516844a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
3b8ccdbdba9ea5a6dd7a728bdbf0918a

SHA1
720a71489dea166ad50fba08cf1f2c0919f26018

SHA256
dce020d95095d93b1e6f7acbe21d01056267d29f0d802c920aa772bca31f368d

SHA512
643435cb3e6f3bef7d0be3da85bf1397af600af825a9baf2dbdbf156998f878947cbbbec2e5803c67b62fa785ead1b3e27369d19b153c1a26b686299420f8e27

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
79d614301a9f55700af80ad712840d06

SHA1
30dbe9cdfd50fee69d182058642caaf01c4c19bd

SHA256
6244e7fc455b07f2d29891612ccd8e7edadd6c292ec4090b4968e74e2d7148c8

SHA512
1aaf7a9d1c9fbc77f592688f04e513f4d1e34de478907d0aaad6bf097dbe411b8ec131ffc8dedee7eae7e84419dbd60d6e03d84e0a6684414ef37b2cabe473df

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
fc99634a69e59fa192bc885e4600c234

SHA1
587c977cd343e97c348567bbb5a1214693de765b

SHA256
aff78fed55cc5fbb3dcedd47742bf85f9d3488171c6cb482df1e8715a3cd8e03

SHA512
87c7d6ad35712170924a5097f4ebc58ac1929f5f57390c8d83c58b06058026c2f2789867dca35ddbee299eecf86339f6eb0287f891994c1824c7854dfd041148

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
bd69f9fc24f605cda678122128e5bdf6

SHA1
743bd9c064a04ed2dc1f0b6befa57af684b3f936

SHA256
b4ed1d24f5abf9254e1f217befd0fbb3a6fa5f5714b7ab2734be1d629cf699e2

SHA512
3de03aaf1ea9fce83f689730af68c428dfffed0274e8dbf8980d44a4c7d317bd9cc41bcbf80b5040ef34cdfa130b1e4b9b2a1d3e0556bbbbc48b9c7ee1219880

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
7d70e9549c34093e263f64f394af5fd1

SHA1
b017328ced6eca6eebaecd0902c5b531b5b76df2

SHA256
4233f02e66bc06a9d25e3f1f5ee32c701c73eb961dc140e459b66053f5c2b7e1

SHA512
b1b56e8591c9f7c15f33b324201794e0ed76e9c27dbbbc3f552fdf3d8b359e8d9b0a4aa6d243f826cce93911a122795aef5fdbea7dec34abdfd783d5963c8632

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
c0edc0b5abc29cb09ac7ba15ba7d9b95

SHA1
74fe2a5083ea5209668313af0cfdb0d7b9f2fd84

SHA256
88db045656230fb71a4d15bdf7d0d4a4c762dfc4b1fc2526209af0c8905c933c

SHA512
4b49d8eb092ddf3d80b6b4c1a35535d9566a5286d66f232d0bf121a3c25d57939e3f0a48f8ebc800722074d14de3abdb48406e4892c7464f2b79ded05d2418f4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
031b8c02e0d1b3431e307b48b63fbf32

SHA1
0367ec5103a5db2d37651b4556d0408b2c4ae980

SHA256
9ca3ed461bf0f879d438d85df3d72df51b490dca6ec4f6ce2dd9d6663ce34bfd

SHA512
9b5f265ba5277b2e4cdcc09ddc6bfbf0179b3249a5a8b75c2899af016e54ae8ebda4b8bc5d7846704a6ab1682e735e8c972674a2a7522dd08016dafe5a886220

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
3930a865098f3dc36c13a680a1c7e574

SHA1
4774e02194db3b8f6e267700f826cebd884188f0

SHA256
97ba988c10d321c946101f44d9b281fb7895d165d93b4cfe713001ea8983dabf

SHA512
84c880b26fe0190e5714da581d7d7de5655ff9100478cb2fb5ce2adac8341008acedfdedecf24baa8ff59035b855eb61574e27c53498c215d0115b5c3f5378b0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
706ad43364673d6441963f15116d2a41

SHA1
9242357be28536b5ea5184d8b56f4007525232fb

SHA256
d5b8f6ae4138937fd75c2d7246e5e7826fc0d51931d8cc21b574a08d7b6607f5

SHA512
87898ef2b70a0ad5a398e6b7742e72fb7423ed0c25679b0aed2f6d58f8849e54476cf544ac9293e100f891d45ad5cbd57c8b36a3a08942b081fc26ce41e27ac7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
02258757e7efbdd2a7eb7d4865fd7fd9

SHA1
be59cd39d5c884cf88db405f14f302446e88ff35

SHA256
993f478af35ccdd78a06fb657df098edb3885c1721501311ce2499d08e9335f7

SHA512
e8491f868a3afbd479bc672a00158e38d19d5c96a6e54f7c982705f96bd65bb4c76bb287e51cfaf76c2a70abf52da9815885add226337d11530b643fab956f42

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
87efd5a7ee42af7264eebd0103a6acf7

SHA1
b178c9a8fdff436a4de324e06eb033a768c32735

SHA256
bfb41470f52b3aa8d25675955f56bfdf6b8027f34ffbe439376f9bf9398df1b1

SHA512
19dd77ff0faba99676de743a55acbdc6407fd0266e12c31aa908bc8081702a4a90d6e0a3c51766c5b82fa6b8f6052deb65daf4aca4482878fe53cbd20dc282c8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
ffd9790c80ea2ca199e0adeb9c843c03

SHA1
8123639fe998b03eed28f64c3be44c46e50c0c17

SHA256
c86c759085a7e84f015b0e89d4760c817969967c47fd93527425af5a46cf8992

SHA512
69eb24b85e665d7716f3d9d0850a15745a5c1239afe4e2fbb1cfa53661ea0bb8f7aca3ad075538290234f723a8944463105747f6f7572b55940b9c8ea51dcaa3

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
f83b9c78622705b5b549b5b1e39415f5

SHA1
d7de737cdbaa3c25f38bccf0b3654374d599a976

SHA256
dad2c4714fd59f311d8ff5a3dee07a3f96b6f419828980010261a9018eaf07b1

SHA512
6cf0fe29952042babf496a9970e12848a981b27de55f269352fd59112596c2628b19968351e65a912f598ebd2129b4d9b78bc1117a4f66a0e770465cdfc2df50

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
5e88f4098b37cd2e4e9e56b80ad0fc98

SHA1
2d1c8b0dc02f1ad6edca4dc4421099d0485a1772

SHA256
ebacac15a81b928512d4f92619320bc824d0f1ef001f3eff7dffb0dc8fe7eeaf

SHA512
f1e9eee0f963c88b1fd93ad4fefa8aebd90c173f3377f6958d882e09943d074aed13aed6119a4e10421f4ba86823c1e89df206a4601fd1a3a5fe0fddccc663a9

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
107c552668c065c9031322740bb97ba1

SHA1
c3933653477bfa981260844922f62b99393f04bb

SHA256
10c65cae502304e6afd822284e5047d9938d6bb2abbac548687f8d5feda6c0f9

SHA512
15ef02c7b5814b624f5b4de6241fcf9bd09115587f76ac383b904e13603151c29eefcb8caafa6694d22d43da58e60d9fd1888e51e4c8187da08629169fd386af

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
608f6ece5bea7f419327bb8674552303

SHA1
7e3f6d868bdef64ea21234be02e3f25616fc9e9c

SHA256
dece77351ffea3e8faedf4a6f8223175dd983dab331beb8d20234b4800cc3ca7

SHA512
694543912336086e227ef2bc46d5a7f3b273512d3c40945776c44de648578b219d54ec8c2f3090c9ce45da09498dcd3ea57c35ffba6f1d8217eb2923bc15efc5

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
de83955d4a5240929050f3af3abcfcf4

SHA1
036e7e27da0ddd181a61cd031dc04145db23da93

SHA256
d8c189d52d1ce1161393106a8c5aa82e606399fad34160016c1ed18fcb70b0a0

SHA512
597a981143baef1be2d595ad1b6b572c38e3c2cb91f8673938993010d108879c468fe4fd0cb66445fa425872b0a4ef53e46bd0b93a1fe8ef2a49e433b86438f5

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
c051d04e8eb00733b152b3e64a02a94f

SHA1
fa8425dc95dbfb97f2774747fa8d37ff4d2265e8

SHA256
10d21d54ece5d530cf92cbd153f48d0b75d7293757964aea6b08d75e626dd786

SHA512
505c0cdf79b201bf560c4096e058358d555e1484ce81f01ccd99eafc06c6716ae283a951aedd707c77cbc0d54019d63a55b35e1ebacc4e3918bc9e07a14c2149

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
3115d4111836e16eb6f460c990100bf2

SHA1
6ec971060c1e268812b7fd080ac97d51df9898da

SHA256
67eb5e364ad2ad81a63b9fb44b07d53165b173c975514725b2a0ee5fd15fba66

SHA512
0ea7fba4a83142eec07252d0f4b75aba10e379876c80dfc3a651abc4820f4c63705b7be69fd9330b42444dfe6d697854fd0de9fbba339686de3df2e2a03604ea

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
60c581bf44c7aa738b9329963cc0f36f

SHA1
58585fbb2ab85d0617266f0f5c7903878ea63516

SHA256
6d88eadf6ccc8d4161c124fb9ad9fd44fda645ce113a6f7387c36119fb9a2255

SHA512
961b035c9b253c01d9c2d56eecd65799f4e3ace8a55976eb4e61e9c26a24b2b473e1a762f015d4f8c5aef62e2cb898c2a78a1a56df858060842b82053b5ae2bf

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
45cfc19ac58afed6ccb58322a7ae95c4

SHA1
88882e95ebbcbe004e4645ffe02695068f0fece8

SHA256
48db3c6fa7e8ec472e8ba87e43e8a778e0a9d3bac52c4bff92fd5da06153af2d

SHA512
d19f27b6d98a0fee9d1cb4cefb43d7c86d5949358874a3bcc6d512e3e7b58bab494942503d3edbdcfe0deda6d01bcec4a6e5355ea411806614068298b50cb4d4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
7abdae92c435305037fead708eab218f

SHA1
3df8e5538b16b5d7040f68db6ae5656626b60531

SHA256
9112fe4e22a498c7f5de2dd25932309dd6128cabed51c17bfbebfd5226105662

SHA512
aaab6467f502df29a648413b7d711dbdad1fd786a22bf1b752b46ff87c97134f86e1f1db5928392a73d199829fcacf3ef547b5cc5796a747c79f136da6c659b9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
062ba26c2e33109e4328102b2bf80de7

SHA1
5ea396cb956235309b8791581c44abaab2fe09cf

SHA256
3fedddf0f0bfcd44fbc74ee6eb1b517d996ba96aac59017564e29480b3811a58

SHA512
a15054ca7e0f5322a1efe9fafa3633364fda2847d238d7f6474e500651dbd87d6a468f91dd3b7817812d35348b54280d0f58ad30bfac74a37bdec9c5d4bd55cf

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
33b107d02db1c0cc774d9a10ff64c83d

SHA1
5e5a7054dbbe570c4c4ee81463a594f752a2c7c9

SHA256
495f03c67e5289c735d745b2426c0d3d75bf9324f6b92191d56fb508807de9f8

SHA512
563ea178acfe1967d46dae98eaf8c70dcd580b821eb6cd5e924f69c2de76ac935d0185684b9cc41a4ea9c93c8eb7caf673c659930c401afdd0d6ed61d269c511

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
857b1adccbe63b849e1692d3d6f625ed

SHA1
09375a2ed5a443c2f2a1503f0b76f7e3ac3fefa8

SHA256
d3415bde12b8d84da8ce1b3661a3014cfa458d85038d206cf141e19ae7cda54b

SHA512
d0fca0715a35466a0b76a9ce306205fb20295a163adbad1196332b94fcc6199bda97309ce6844cdda37831a33cb9ec7feaf34ee830b3b5b2b28805ae0d321ea1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
b183320af29007853601c6d1e6a222c7

SHA1
562dcad2c84db141f10e97e0b1d7b8103c2cd79e

SHA256
18abad78d624fe66d0175cc54881ca54477d205635574e418ece20a4ceb92e24

SHA512
42999353ae08836cc245a555e99fcab974d60191af39012a86b2dcc476516055ecbee3ab40a54f9cdc23a4c4af2b008bd285ea084a7e858b39de2c341ff36572

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
d22230ff2d1626112160f409e94eb301

SHA1
7f16bde147a00d3d3c3c1f5a8b7a32ac080c1aa6

SHA256
38ce3d1104ca49bebbb819689fe6828dee4b46306d311d8f6ea027f6af1606fe

SHA512
d1452ef2e2ff85a811df4b3d0c6dd4453b0ec534fb8a05245c78ecce80e6ee289421d53b69f6bc33c8a91b27601935d834bb78f881cfefaab443e55a45eaf55c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
c2e56a6b0793d500bcd3ef4b440d1b60

SHA1
4a3c68971d4ceb1fdd62199e63b737aa8acd153f

SHA256
53feb81194fb6aec5393ffb67cd660ff85e6fb04564626522946c0a31a7ebd0e

SHA512
c1e9580ac45c97ff1ac28bce71116c67c808e32ae303968a57d0979ad6bdbfb94ff4c6240ae7cf5e4bffa8de5ff175262b1c35aa99285136dafa7440f66890ea

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
5250dd58f8780f67cca64483cd6fb856

SHA1
e74997ad48a89c6d7e074d6b2dfb744a1ace008e

SHA256
8e72e415a8febd0ba203932f304d11aa17e40ffe601bd2a31b7a4ccd69c99669

SHA512
4832d6268d03631124f3033dd363d147513e10d9ddeaa0c7ce210706d5164dc15d0f857033008309acd4d674a4ca0c7206d411bc312be6643666f4116aa394f2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
b0fd897a7333820a5637912e740a70af

SHA1
0df052b6a90a4008f39d50089f8c7a405938f010

SHA256
dca2cb4387e58fbda94ca78df21b85330c0a53e4ac88783f65aef2351226942d

SHA512
cbdb43816fdb6fb0c33959d876059947b70709627705552016fd33acf1aabc8435bfa89b9fbaf099d106d3fdcee7f9bddead2b1673ba9e0b5afe55c13071bf1b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
9b8f1dc301b6939ca705ed3f65b68a5f

SHA1
0b5bdb726a353af944dea18a2d577fa487dcab13

SHA256
0b6852d5909be17cdd45d340bab6c3d1d620ebaa6fc4cdc9c03cba254358374a

SHA512
d6b6108abfcae69b24febef5d97671247986b995d72dc33d184f2f52f02529ae5dcf4390b21b60b7ec8657876b7ca1e1ea79caa83a1da2c0364192aa3dba4ffd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
8f584462ab7a442e413c45d7c412b3ae

SHA1
93a0b383a03b91dc32df0c54cf5b4a494c210745

SHA256
8d353a6e0c9ea1e7a08ea6c6b7074994d812768e1826ba2f286c6f8c186e9dc9

SHA512
89093048e42b3f683a580edbccd25d110d181851208be299b23c35b2e34f0498b45a26ba16ea6361581f5b19499ab79ca79de1fb34e0d690eceabb4c4264b0d7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
f7bd77d9d20a2ba94dd3f09e8a169948

SHA1
a4f9a91cbbefc335fe458ec637dde55c142ff841

SHA256
92c440a5b2448ec7b3c1ca8e8a8a1a36f5057e140f91a52d7050bfe60cbae4b1

SHA512
8e83e5061f00caf0df4f99003aa5c55d6421d0723939d7665f34dd196b04f682c14d8ff23ca551f29509a374e314302291698a893fa5c9d610230e858fcf2086

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
79c37558ae7f4e1700f20e1823979395

SHA1
d5efec080f500ca67ee1f108164d04b2797220e0

SHA256
f4518d6e240218c5a451b5db92ca966f6982995cbda07958a1f758211738b514

SHA512
5f37efbc97ee0ad24daef40355a919553b9a51b2e63b7096967ebe6565c713b1673aa1a19f6a89734a923333c540bcd9e52b8ab0b671099032ae543666d6498a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
8e9c74fcee19b9c1d2a097edd43494ed

SHA1
8069a463591f853f92716890bbd29479dc8d613f

SHA256
ad641b74c12bcf0a56efa03419f4809feb4e2d25cb42a293877fbaf022b21b32

SHA512
b33b052de4636ea25c46ba12bb148928c91ab25ce7a612495c2fc94a73bad874dc324fdb11b6214832505723fa51cb91ee2f257167918a27cb92408dd0dad6ab

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
de1593e4ca12504276acfd15c4d7acd7

SHA1
8d9779ec7f12868a933a97cb445b60d6cd0abcbd

SHA256
07f22465c89342e7e42cebf75a0a6a9eccf77c74384bd0a1ef12f0ceb595f691

SHA512
129d3ad6489bacf13519823c9f36f8d596586ee770dc035c9fb787dcb530861e84bd76b45088ef624d3a97af487b60f9c4b9a0ba360678786a838c92f027b5d3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
809f6b56990669157ab83cddc4948c45

SHA1
a3f1282c5273af93c038572c78e3616a7cf74a48

SHA256
29c6b8683e6065ab7052b9eb33c19af5fe89f0b09782e3d055513a414295b512

SHA512
980b24a3d02e161f30915243c43528946ec24ceeb76de06c81c6128806bc9375078606dc2265ecd28716f4e718fa1008e1e84605cd2f0a533bfd88180fc14532

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
567db697ee193608ae94b7b5f8cd6c19

SHA1
836d1a5caaf748cf5e5e563304b4767849c97ae8

SHA256
7727ebccbd37597a64d994c4cebf1b2229e6a1f0ba75507ee3a11c08a8877bc1

SHA512
a4edcf3dcda545baa042293cbd9d27ca42c30cde6694b04c1f405c5befbeddbcb29535f8f97e99644b053777051e0d71601cae651c04e02fb3a3a7f50374d7b2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
58c42aeca1d2f807ceb39f6889fdf6ab

SHA1
b53e5dccee545eddc269a5246d86555386e9a923

SHA256
ad8ba3ce32f22e8951fbda33d5226baa00f196786af66a8fe29b311259080aea

SHA512
b5e0d0b46a504562a469671e4723d43e8c75d8ec5552703a014b4342b70c5118214739ed87c96e57aa9d31cec2ce275557b0f0631ad6f93c79d9a642f48badd0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
fd5352ceb9ea56704ec6fd91121dffb6

SHA1
ea8e0f0a628392e6ec178888f12c0961e0ee5771

SHA256
ba2d92c5f00953387608dd67b02f257364700a1186d41dc8fd50ed289220c376

SHA512
b9b331b75685da4d8d957c3004ab9baeb93a01af27dab2f5c5c0ba4185caebbfffff48d88caf4eeda7611f9c72154972bfedcee3c79184e2dcd01cd2ce692eca

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
fbb167313aa80ae0aad48d3466ed12c7

SHA1
24b817e8442e2db30d92d0f907d4bb7ba08719b3

SHA256
471d5ff5947603730193eba4a16a5f818e99a521e5041b348057d91438ced599

SHA512
d1970101cadbe1e820941b5f1b4b6ea879c3445ec7b90bd87d3e93a666ac85f8acb7c8bba5750977cc765d2466e404b3617fe3ad513e6ea1244f25e306720b0d

Download Submit
\Users\Admin\AppData\Local\Temp\libnspr4.dll

Filesize
10KB

MD5
28a57355d9583b66e51ad978384c159e

SHA1
b8fe4ddb6187cdee0e89c02bab4a104f406d16da

SHA256
81ed76156df0de1caae6730a091f29978493881b54a2d6fbfb43c47153b6fadd

SHA512
991a288ed0f033eb8f54e567a6264a6111f795bd61a1cd600e210730d7ed39c89e735480dc6f0e4026eafad730ae8dc23ec7bc7600a14a2ac9d652638c02ee3e

Download Submit
memory/352-3-0x0000000000520000-0x0000000000521000-memory.dmp

Filesize
4KB

Download
memory/352-4093-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/352-5165-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/352-13-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/352-7531-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/352-12-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/352-11-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/352-14-0x0000000000340000-0x0000000000352000-memory.dmp

Filesize
72KB

Download
memory/352-10-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/352-9-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/352-8-0x0000000000520000-0x0000000000521000-memory.dmp

Filesize
4KB

Download
memory/352-7-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/352-6-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/352-5-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/352-4-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/352-4774-0x0000000000520000-0x0000000000521000-memory.dmp

Filesize
4KB

Download
memory/352-2-0x0000000000520000-0x0000000000521000-memory.dmp

Filesize
4KB

Download
memory/352-1-0x00000000004D0000-0x00000000004D1000-memory.dmp

Filesize
4KB

Download
memory/352-15-0x00000000003D0000-0x00000000003DD000-memory.dmp

Filesize
52KB

Download
memory/352-17-0x00000000004C0000-0x00000000004C1000-memory.dmp

Filesize
4KB

Download
memory/352-20-0x00000000004E0000-0x00000000004E1000-memory.dmp

Filesize
4KB

Download
memory/352-24-0x00000000004F0000-0x00000000004F1000-memory.dmp

Filesize
4KB

Download
memory/352-26-0x0000000000500000-0x0000000000501000-memory.dmp

Filesize
4KB

Download
memory/352-25-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/352-22-0x0000000000510000-0x0000000000511000-memory.dmp

Filesize
4KB

Download
memory/352-21-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/352-0-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/352-9220-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/352-9221-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/352-9222-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/352-9223-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads