xorist | 8562e60178ec470e8147d73130a93f2f568264048685dfc8a6258ac79f96d143

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-11-2024 14:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
Size

7KB
MD5

a285e1529b2c97577e6f8b4507e745c8
SHA1

d4291f7ecb371beb3ac0c35876b68156aac392f8
SHA256

8562e60178ec470e8147d73130a93f2f568264048685dfc8a6258ac79f96d143
SHA512

164c1529b3c9fb973013c37de9581c4d1aeacfa93314bffaf4d9de1341b187717da248e1e68b5907ed98c9f8c7fb84062610451e3c1d7d7930c6f746c5d96cdf
SSDEEP

192:Ozdrr1FG1WDCgmjPZY/mPaT7EWf7lK8hU0MUA:Oprr1gkDCgSeuyvdlK8hPMB

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 5 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2136-4395-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2136-4396-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2136-4397-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2136-4399-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2136-4401-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2196) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Drops file in Drivers directory 1 IoCs

Processes:

a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe

description ioc process

File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3esHJguC1b6taym.exe"	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_regular_expressions.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_script_internationalization.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Windows_PowerShell_ISE.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_operators.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Arithmetic_Operators.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Signing.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_jobs.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_environment_variables.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_For.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_wildcards.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_data_sections.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_job_details.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pssession_details.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Variables.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Documents.gif	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Core_Commands.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Language_Keywords.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_parameters.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_logical_operators.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_execution_policies.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_jobs.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_requirements.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_WS-Management_Cmdlets.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_requires.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_join.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scripts.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_pssession_details.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_objects.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Session_Configurations.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_environment_variables.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_script_blocks.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_command_precedence.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_providers.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_format.ps1xml.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_scopes.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_scopes.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Switch.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_aliases.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_modules.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_logical_operators.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_requires.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_troubleshooting.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Line_Editing.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_execution_policies.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_jobs.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_hash_tables.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_environment_variables.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_PSSnapins.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_operators.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Reserved_Words.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\en-US\about_BITS_Cmdlets.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ClickDownNormal.gif	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\oobe\background.bmp	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_trap.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Comparison_Operators.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Foreach.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_type_operators.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions_advanced_methods.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_output.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_profiles.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_job_details.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_wildcards.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Arithmetic_Operators.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_WMI_Cmdlets.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2136-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2136-4395-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2136-4396-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2136-4397-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2136-4399-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2136-4401-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\glow.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter_partly-cloudy.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099150.JPG	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01330_.GIF	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR42F.GIF	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14533_.GIF	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR2B.GIF	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_down.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0384888.JPG	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143758.GIF	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10268_.GIF	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\rtf_choosefont.gif	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\settings.html	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePageSlice.gif	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\symbol.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10255_.GIF	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR4F.GIF	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21377_.GIF	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\TAB_OFF.GIF	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\spacebackupicons.jpg	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_left.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_settings.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382938.JPG	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0390072.JPG	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21310_.GIF	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR46B.GIF	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_bezel.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PROFILE\PREVIEW.GIF	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01750_.GIF	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR36B.GIF	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_m.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\1.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\16.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\43.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1254.TXT	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099189.JPG	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR40F.GIF	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\WSSFilesToolIconImages.jpg	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\calendar.html	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\HandPrints.jpg	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\flower_m.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1\next_rest.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\settings_box_divider_right.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_679a6ba79b07a3c0\triangle.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\404-1.htm	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\403.htm	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6\DMR_120.jpg	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab\selectedTab_1x1.gif	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked_black_moon-last-quarter_partly-cloudy.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Calligraphy\Windows Logoff Sound.wav	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Heritage\Windows Information Bar.wav	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Quirky\Windows Information Bar.wav	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_679a6ba79b07a3c0\drag.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_black_snow.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..c-style-performance_31bf3856ad364e35_6.1.7600.16385_none_1d8aecb671a2bda5\Notes_loop_PAL.wmv	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce\chord.wav	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_hash_tables.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_black_moon-waxing-crescent.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\401-3.htm	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-push_31bf3856ad364e35_6.1.7600.16385_none_cc073ae540855a07\NavigationLeft_SelectionSubpicture.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-cityscape_31bf3856ad364e35_6.1.7600.16385_none_5b48f43248490503\Windows Pop-up Blocked.wav	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_do.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Calligraphy\Windows Battery Low.wav	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-sonata_31bf3856ad364e35_6.1.7600.16385_none_201752c112c5078c\Windows Battery Critical.wav	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b\usertile34.bmp	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\greenStateIcon.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsat.wmv	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\11.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Characters\Windows Balloon.wav	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Windows Battery Low.wav	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_Break.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-sonata_31bf3856ad364e35_6.1.7600.16385_none_201752c112c5078c\Windows Logon Sound.wav	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-huecycle_31bf3856ad364e35_6.1.7600.16385_none_810df6f57d9f2a73\colorcycle.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\system_s.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Cityscape\Windows Hardware Remove.wav	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_functions.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_functions.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_Windows_PowerShell_2.0.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\settings_box_bottom.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\Postage_ButtonGraphic.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_PSSnapins.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b\usertile44.bmp	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_aliases.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_remote.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5646c597a746df57\settings.html	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-pets_31bf3856ad364e35_6.1.7600.16385_none_d0d7ee773d711005\rollinghills.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_Continue.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_scripts.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_environment_variables.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\6.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_WS-Management_Cmdlets.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_properties.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_Switch.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_While.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_format.ps1xml.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49\Windows Balloon.wav	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_black_moon-waxing-gibbous.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_blue_windy.png	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\401-1.htm	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_Throw.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_Switch.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\SoftBlue.jpg	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_functions_advanced.help.txt	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FJEEQNHUJJIAAHT\shell\open	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "FJEEQNHUJJIAAHT"	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FJEEQNHUJJIAAHT\shell\open\command	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FJEEQNHUJJIAAHT\shell	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FJEEQNHUJJIAAHT\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3esHJguC1b6taym.exe"	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FJEEQNHUJJIAAHT	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FJEEQNHUJJIAAHT\ = "CRYPTED!"	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FJEEQNHUJJIAAHT\DefaultIcon	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FJEEQNHUJJIAAHT\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3esHJguC1b6taym.exe,0"	a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a285e1529b2c97577e6f8b4507e745c8_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
08165a7bc7353260c041f9c5b1bc68d8

SHA1
83057dc45a5c25c0a693e82ca563480ca71f0ffa

SHA256
b57e04a3e3b575a5a6c46e8a6e59fbe5cf27c2fe6d00fc9a2b3dd841498ea482

SHA512
97d0ffd25c28a2cff8e92e34c6eb619f66895e2f065ee9575007ea6c40e1eed9789aeed90a29a86da0c5146ceafd408df30b8e36cc136ce427bf7a1bff7641ff

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
a8b57a2b427b6a6d99d95d2f1a4ccbcd

SHA1
307fc0e597c56483ec128de44246683002c703a0

SHA256
46ad97123de0d703eb4dfdd346e7e411d9989a5493a98b8bed3aa1157d5fb829

SHA512
0d2e2c23a3e32a4caab404d37607a14c2e90b9ea03cc0ff5f8727c1426c29ac9a017c15de15636ed86a0e235b5f80b790c94402250eba524a542c793447edc61

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
983897b536aa8029d100d0c69c057bf6

SHA1
cbaa5544b507f432808b7c20dc9679ec1bf12764

SHA256
7e3b80479430ddce6b5acef887c47a9f95f9b1e75fd5f0e6a97d19a97e80cb2c

SHA512
a9b1aabd67d63fc1129bd4c186692405da9176740b07edff0c4b35760935631063e4faac4c4b05b158eb8c64d3e9da04c1e22723e57774f3c03728e61085134f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
1b0c132d41c0ccc196aec943009e09f4

SHA1
be123e06986a9f2904c404a0d2b9f2c1a2cd06b9

SHA256
cf637dc16013679a3f5a15d58b93502ea83791446acf76db38c180429dbf643f

SHA512
fdd71ebbafde10d8719dba27eb374752412787e8f432bd06821bd8238893af88dcdda64707722342c33b069cfd61e132c850a6e24481a90decb5053e18e0a675

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
b5bb520706c32119f2eecf560e18822c

SHA1
842dc7b100c4db581f196b5ec50de9c64180f11f

SHA256
9b50f2b8bc876311a584dcc564b400e4f73fd1b3c0cbc2e48003d3c2539b5870

SHA512
781bfc20825d75ed0fa5dfd8eba4268f7b6534cf90586e4da16fa9d17a5bfc7f498112eb7cfe8d32fe4ca90da87012f43ec5d23823dba89926d5a5174283d2d7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
04fb301dac1c6abc971fc088a108abc1

SHA1
a5387462af81bcaa56b53bdc9c2da17e41a51cb9

SHA256
f2ca5f66bcec36f81f0c3a4d46a030e8765c09bd53445bef3940b4de152e017a

SHA512
7a7de3dfc2f197d56a40cd329ad5e0e59ac4fd4c225a72c91248b7a668e186a975bb2ed5653aab28f254322ab417d20b89d2eca9f6488b5881bdd4c619bc897d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
2b89cb3aea09e7aa516a07522b31ce9f

SHA1
58ac38ef8e94a06f5482b0a96162ce398b63de47

SHA256
558854c0039124b6dfb45131e0a2a39b560fbd8120064cb09a59ded117cd3200

SHA512
43cb228493e2e78e5c44817519893231ad0f0edb7e15e30f0131da651d0fa5aff83cd842d48b5fe0215def76e55662c8deb798af0af6f6ddb952e8b2a393c805

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
f7d517f14c56fee938a2d020b637af6f

SHA1
9c21db2fe76d7e3cc06faf350161521e1a33fb49

SHA256
1e46db8f7054385f708db5bb6120e2c5cb7c4237d23918c6a3da941aeca19051

SHA512
7eef4f312a0f8fe7128a988cd4284871c4341d98249dd1c2e948ab60c654b77e2140badf0fbd1ed5231dd1bcc8e3440fcbcb568b37ad79d01e0fe9dfd2b90b5b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
7d97c01e4b9ceb977f03c58f8c700482

SHA1
7827d9044d7971423d4cf2d71d52422827b9dd80

SHA256
115cc8a889f592f79510f87a4f48e0aa73831000de9c750ac7992857690b890c

SHA512
cdc95b7eefa7bffb5e062cfdcea22c14c9aac53c6894c4b6f008f5d1180717782565851c0262ed22b668263bc47f789301be1c17d32a8b6c3fb41846e9a5adf3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
01ae917812bc39672c2d42a2eaffbd0e

SHA1
4c3027185d269a544618500f6095abd5f51296fa

SHA256
7b6020122a05b1428068424b08c7258ade26ac000f7f838f827009a554cb208a

SHA512
a76d7506f977746ad1310d55cb84ae569a3921ca8269b2fe9a24728aa2724d8dd49cc27d396cc8aa37b2d61643b67c0fa8694d7073ef62e2884a54f7d4ad37a4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
511515ad365c525ce8c0e6282029d29c

SHA1
79c6192aa75272efbc1e1456bfdf3f6f09e6043b

SHA256
46a88f4b747c9bd170edb0f7f158f5e7bf5de84cfbf93102a6ddf43b721bab0d

SHA512
9f076b0e8aaa0b6ce66c61fb299cfdb0f7ff64fbc137f32da3b72098d315d1c711e255332b92c16f77aec39f7cc547a507968e1b4a250335cb47ce53092a89ed

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
90ae99d7887810331d4406883a961893

SHA1
c3967d37acf293948fee538b68af6be18edc7fb1

SHA256
57ddf634a8b7f16708bea9b7beb6241f9218420ba707a4363b6dd302cbe20079

SHA512
9a18ab658ff610a408486e95f6d0c77b983521f4d8438eca5fa72b2441672b88e65e6acb31b769d5fd646664f97a8d15df0f6ca867adcedf358523a10b001fe7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
69b24eabfbbbd67432223d4f66921ed0

SHA1
cdc144f6785925c1ec994462b2df951f8f05942e

SHA256
077c57a10e45a1ccb00ab126c1a10d203ecbdc6c8279bb826eb575ea8cc7ec79

SHA512
13fd1b745b80f22bbb6234879163c87907e352fb2be62e7ac84c380dc6605ad0748c1f8718f84bce85ee93872a148a2ce46ed54a6d8d2ed92eab33fd54fc918e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
ac5c5b917dc9d958d0c4f2311c83aafb

SHA1
40bd944cc18c42f92c6d315aafcf9f329d13f3ed

SHA256
fd3e9c0526063786e890609d40f8ce0c6c9a39836b82141f7a3d65e9304a10ae

SHA512
2bd83d9334dc8512e7851d82e5abdb8fe567d4a66757113353c70549e1301ff20664821b84d17d87e30d405833d3adede8c3ad81826789b409e6d5998f1f0af4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
b2eb95a42438828c3ce3317f14615a1d

SHA1
628dd8398ed7900f628d9e33a2077f8c0848c63f

SHA256
52a1a531ae40cbd082482766320af431ecc35553365ce452e91d160e3b7fdab5

SHA512
3b79f4914be66130a478d002d03ba8f1c0dd2a56c86d2c6839f3951e2fab379ca198bf95f5388ad80528f2d26ca1cbc4b491ff08371ff14c34b685a1b481b77b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
5cd26cffef917adbff6af6003263880f

SHA1
f590a9a07b55989194400a05bb7c420ca25ee989

SHA256
b7e473a0dc93feeacb76bf5b4cbb861946aa9563d328cd70247fd207dae7cbf4

SHA512
82bc140dcc0df9cc7de2f75392dc86ebdd1df234a12626c75ef44945eedf1df5b6c6de26662b6108ed4ee2968ebb0eb99f01de49ec946c83419d15201a748799

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
c132fafad20158dc6520de97bf008181

SHA1
f7b5f8ccda48c797b0493efb74fabb78cea43bd2

SHA256
3508fd6017c9d2dc1556cf29c05b80786cf7bb1f4530dcd30254fa5358417a6c

SHA512
a511ea659f9414d7798b66e5e029f73738f33f0cbed62e7bc5233d8b35717632eaeeb4a959d9c36d617e1cd273f808a56bfe05b57baee0be99ce9524e36ac619

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
5ccd01826044330277e957ee072621a9

SHA1
8d4f84b91f1ad04151121bb69757e30521e3f66f

SHA256
fb73eda26bb18cba191cec76d69bb10d134d7a636737b0f870e0e5ab24ab94be

SHA512
c2dfbd59ce51d88c8726476d31d7ae014c529871958fb4194efe9e3c6e74e8211f1070159ac2faeab43544b834ea30a9ee45697d6daf641abdb2a4e8d392729d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
665a54cedc031da5f4a916c8600eb58e

SHA1
10dea1e8669389c3a3ca382ddf59a116bc3b3246

SHA256
0005c9228cc9a580e8e494a02ea4a786882dc025af5d1e5ab6d06210c8cedbae

SHA512
c1fd84200be4afd5b40395360e18ebb42d4e9468448b1455bae083f4710bfe3a291cfe1a5cc923eeb3d2e0c2d21e3123212d825d4985b4f4a2ec1c26a0db9e82

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
3b1f8a29fea4e05c8c0b7f2baf6a2d0f

SHA1
16d19bd2f8f6088a69adb429b452a7f6ec8bfa62

SHA256
dbefe112b03365d303b3da320c98d7359e6fe4c5f976c3a55cd32907964c4958

SHA512
1fb18a408d6f6a794d3f7ae10a49d660fd5c21af00328cd850131ea512bb7368b903857dfa9da5600f2f8525eb7250f2f859dbcaf375e461bf94a4cfff18188e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
5eb7d2c3c6d1fea39a37900fc619f646

SHA1
079a17a718d324483f4549e48ffb8febd7729ac3

SHA256
e5b3736db78b15a53e21542a67198137ece5561abde27ab1eb180e5ca2e820d9

SHA512
26bb1204bb63577e8bae9966a970a5d31b8fc87e4b12a461b2b793eae63be66c4d654fadec8bcaad56bf3ae4ca9fa8d910215a89139aad47829f76b2a7414d09

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
c4b54db3c868953d53c5cef52a9fb0a0

SHA1
f92024799713b98c2ab9a71b0d351c3856c72023

SHA256
91e605b410a5dad89ca4e05b3251569e430c324a40fd7a56a81b08b803b58227

SHA512
09ca92b41159114797afb2158bad56896cf1736e832c02ebe3225504f1219ccf33bdd03ab5a6b3f4986ca2884ebafeb24ca7bdb79aac961d9f683caee784d075

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
7848c41479e0bc64339eee1bd53fff92

SHA1
ee6e562950e1a113e9b8411b4d356f53264ccb6b

SHA256
2b8981d8adb2f34230a291fd86b2743c650f2ab8b4642d0b1097cd86c15e3820

SHA512
0b911e7f9edc04cf95bbde7c375045e34b036d4ce0dee7fe68b0748b105244a2527b9aa1d24d8088ca4d2b8ea433cbe077796a5c4622af268d22d35b7ae8e420

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
f88c44bc62f7293ee6c608d8a93bf44b

SHA1
a6214229dc00ceaf629657c06ea5c6aa0cfb339f

SHA256
93fa4c74baea0f989916b8f0dc3cefc9a8b7394fec25bd562eca781347f9a77d

SHA512
e59741037685771e7fe55a2ab1237d0aa15090bc92caa13da0a4377ba7a15822ec1a8b61ff0d5470c775aafeec684d1745a181107713b8f71714e94765bd346e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
5feffd74acdee430972a7ba3feff6d24

SHA1
513be736dc98b56bdca3d29701b20d47ee7bff85

SHA256
5b97ef92cad6ae256a4db6bfd9162fb07ad58c9d534564e1f10bd84dbbeda6a6

SHA512
878d9df19a241dde4e5d4d3f1e05337875f2ba0f84df3a66858cf161668b45779bf60a6c66cae4d725555174a2272202df1c73aaaaf08eb9274d85a7521e52e3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
d432ecbdc2a72beac979f2ceb92ae25b

SHA1
52c6f54c607caf09f1f0127ca24f21375eaec3de

SHA256
54db2999c3fb51358db8a4d9b1e3be79885d1472b4b00a84e4a7dd063ea70b99

SHA512
04786ad06acd9abc9b00eef2d175774ec3e4423bd1bedfc9827b15f7e693ffb5a363f6fe5b4e05a2ca2ddb1a8956e5ddb0da1bd8977924e0fc700f44bdc8f560

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
74b66d29ba895660c1a4bd74b0e8db97

SHA1
4d1dff7d10284dc298e2e37adc8538a603dbbe2d

SHA256
457181a3ef3dcc30eee93ad65af854aec32cfeb6f2ad449e11ff447701af01ed

SHA512
0df9b40ba2e53de405191bdf953f0b18f7ba85b286ca964773e47bfbd98781ebd239ddcf306b46c999a203c03ba00baa06e4a6ba375602e287a7c20204a1d59d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
5b477a3a9c2c61c3429329b1d7ae6c81

SHA1
16f33e2d22974bfdbd4ba2b602d7862272a1d591

SHA256
868cf22eb6f979dad73a98d4b35fb3fb6a7e7a83eb9a1a436e4765ee8b5426b5

SHA512
cd170901fbc39cb425054107bcba8230b0802e5cc9a0624ca2c536abf4421a7b869e79617d09f5eeaf7fc3608b2e981acf4ad681693909aef1687a640911c470

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
d17143983086dde355167e92b950e21c

SHA1
9960f7ca98da7eb3e01ddb0d59ada6cbb4a59fbf

SHA256
f8d1362a5702c6cd65738afd29a29f26efd7d941bbbe843d915819d2b399db18

SHA512
0eb663b6566cbe94ce158d957f46b4bac15554be58ee7142e795a938b31340503f0b8ae00e80aa5a7a6779643e37c5c73806141a4348402d57546165f22899cd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
cb0e93ce2fcb901bb1fde97266726d10

SHA1
d89f7a81e08f934a090e4c26827334c8ecdcca89

SHA256
6eae95d8b80534b1d3ab25633b9b22281003d7f34f5d365327f2eb5ed1c36279

SHA512
59cacfe0eb4e00851898bd6d091bdf3a9d1e80d634af849f30352fa0f9bcb5829b35b7cb5c6b2bb5c82d4ce7cf2a6684af2e6e6fb760eff01fc3fa3e86ca8c05

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
9559ed8e2abbf3b0531e04f94011476b

SHA1
502bec8426d94ce356d6942a9d133a08a63f12e4

SHA256
cf6dc2078ca34e5c212d82c84539571d452d36ba75b64804933c560ab8a36b0f

SHA512
8cc8eb2b1fb30af3ebfb99c643a20dba310bbb995f6e30f54c59b1719022c444491f3c8424af518fa6c65721bc076c8498d090f08dd8d629bb5a530d6a7e2b0b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
e4b256df6b740fc0a6abf21eee4da878

SHA1
b7818e28034dc335d3283924cbaf2ad566d05410

SHA256
49a2e26f234a5afc0e1fddca3375564d32a7485273bb5e4cc6edb87b0332bc18

SHA512
9cd8c596f1a9436952fbff7613a02d2bc77caef150a5a3f7750a1c6cecee2fe793196f00839f9864ebd2d768f3b205304c6362deec6c28f88723d7b5c3b61cb6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
450318f3eab2ce6a4a04bbd6212fa9eb

SHA1
ca118d30746a7a111b83537f6072cc8c8b6fcb58

SHA256
504a24c4c782b88b6bea1eaa6ec638886c7c14c7105ae4c9f7f88ae8255f24c2

SHA512
c017c5bf77d82e6ff861b6ebe249036e3a975f655852a5e5bbaed29bf0938825497ef441217bced82fe561c0bc0ebbb4d1e0e63441dc5b5c564afab5d9fb3d76

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
19e437f4077561918fcae537f8326270

SHA1
21fa2e7f2a1fc53bd1044f88cd601670095b152e

SHA256
d6ac3d23dc785871eb2b7ff606e5bac8158bdc9184c2e127323a8a6cc34b71a2

SHA512
cf3d03e484336d7c54f600eae10987dfeb31e5fb17dd6abfe1729902153e561294d8cb7d3359cf8571d50ec9cc12ceb91a4c04dbefd6a79299fab4269bb0fce4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
3cae507e24257d306d1b84d01d0772df

SHA1
867a09282067bc40edf70eb187622e5826b18b27

SHA256
9785b9160bb99bd5c23f62de538d815bae994a7ffebbc29228e53ec069e51197

SHA512
14fa1cfb51a0650ca0ccb3f1d47fc3edcf3a2e060c1fcbbf3d4e4d623ecaffce1a9e8f7768ebd11dfd61e765d9f065c4ce39f27b293b2934bb40b15fa9f88f7d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
6d0445ac8fb9b4dd3c7f3fd22c020afd

SHA1
6ee22c0f9821d62928f0e120acb9c4672ad044d8

SHA256
519c2f3dcaa513b77f72df1f6ff21c23a41313f3c33e3258fd211a7de6e7e7bc

SHA512
7f6518980becf26dd1e500251d505632413c034625176442546f2cdb7c43e5a6ffd23feb0334e93ceb322bdfae5ad9412782233baa0bb083c360a4ed4db65e27

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
a844240d45cab5185dfdb1d8ce3a3c93

SHA1
65b7282912928a33bc4c169ccb26714985fd2326

SHA256
6cf50ab024c766c7b9f1fa2a56eda323420350ee220727de3cc0221ed6fd015e

SHA512
c8bb6a542363e98415d5169e6b7e81545280fbfefde43ac86d8c4818112f0f0ae8cff2155360e00d191ccc7565158de099f84cd12325b51d233a452fafd3d99a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
86e55c95e408f010d46ea6088219a435

SHA1
7c21e8925d4dd5df333f669a8ff5c9a1d560251c

SHA256
b31bf242212ad33c3fc7fc87637e264099d9db59239f6c5c0f684a2254f12df8

SHA512
4af6ac10f3937dcd8c18e6bfb58724d1216f06a75b912b00950c13aba5652623e28f64d21ffc04f5328db7bbd7a261caad26199c20501f8e42d1d6cbabf8bbda

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
b349c959347db51a49027dc0c8ade360

SHA1
b742a14f34d6fc5d01cd3c42f5358bb163c86009

SHA256
25eb682659207ceca5019f9483392c98f7af108a75e38f5e5c452f9cb0450495

SHA512
48caf8ff5db1f21449f6711574e2e368f6060d651319f73761b5f1f488c418e193d9d263c445941fe8e03c46584b372bde5612265cd2dc6c014e7a0c18697dd7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
a29528eb240a0bddbac2aee69a9768d1

SHA1
42ae36a24ee5a7c131339da9dc858314a35afa6a

SHA256
bc8b9e878e355cf580d2afbce47c5fea69f76aa65edf629ca44624d4ae27dfca

SHA512
4c7019ebc86035fcbd13752f166e6c049cab76efe32f63c7968b360bfa7ff9999469e5e84b596ef8b0eb62832e7c32ad1a3f40d14d0c9228231fc612dc88164b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
cd220a3df6f2bf03430fd48d8958b833

SHA1
8ad556e83aa221e82bff02e5479a4f573331be52

SHA256
1c4d922f433aabe18a9e2567ff7ee66644d4b6c5177c3525e8b557ac7f35aa1e

SHA512
f19c16d000429b07f584e98737a59c1718f2594d426682d6d2295ff2ceb4fc0e27450322190adbbef5aac4f61cfacb3921dfd53e99a156a59d9f08868cc26aaf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
2b92b0beec8624c9daf6127f668b8191

SHA1
60b4fedf82e17214b22f0615064be67e109387ae

SHA256
869d254bb7b0580df740d551db28c0acbbf1fab34ab83e7bd00d86bddba25481

SHA512
20ae8e0c5a30ff89021b0541ef3b4ad9738d3a9ec6464a0fd7a344d6f57d5f51813fab4e984cac5306cf36bdae3dd940e5ccbf97dce8c89c9ffb1d79314c8bd4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
873531fc4ad8dc2346b4817f85a7497f

SHA1
b81a06b9682ea2d687b1d8f222dad48ff9366afb

SHA256
915e22a89d268b3cb8f7206674700dbac2b7f3dbbd6c4ec92e049ef086ebecf8

SHA512
1f456db29191193a1713ba4de7a551d315c6207f541424fd253f00f3286a8896a64d3572e805a67af4cefbab9d7ca3ad5abeeda7d01bb46f755268eea56a9e03

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
7254745c5198644f38b27a4f342cdb4c

SHA1
eda4e279304b1f60d842b8ceac813f20dbf214f8

SHA256
a57a929254b8e3aa4bee56c7596bb1360b59af6e71aa21b1f43801b4d602a6da

SHA512
534f32483c17736ed32926cd5f5ecb5622f41d3d0e76ccb8a530dea074b2d16601af43d37e5a0d57f193b28c6cb3e036ba4e9e6d8714349308ff8cb1c086a13b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
b6aedaf03d15ba120a60f0664ff8ae51

SHA1
8ad8e33aeee1013cc089b01646e9d247c469b042

SHA256
90a892490760e9c71f697d0a98bbbb72fdecba56f058a5fe4b0569c14fb9f2a3

SHA512
487de79557f2d8d5a68df9738e320d3cf31ed74b64ea666b01120b0d3f409d06a3bb10b07b60eb575de99f8abc4fc1849d0894b1ec31542d2859271c1e625e14

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
ad32c7c8b1f38bbc91efd62d576e8d92

SHA1
c2d5c4fdfdee45af3d0619108a3f2feaa63222f9

SHA256
8b94402e41cc72b9a47a20950ab71558448b2ebf2e89135775fb818aaa000194

SHA512
c5016832b6d2597ec5fcc75cfadd4b5e2354c1b7de49ccc83edffa9f91ed55ac7d59187be4209b777bbfd6087678133e758e653a29c1f1a6f2fc1d3bdd4c945a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
9dc9a730755d79a51cbc526fab645878

SHA1
3fda44c3762e4f6bb53208be583f37317bc54d3e

SHA256
c2575e962c3c7b864186f6d421bd488ce6c0c596a44a1557e65bc5615f9a141b

SHA512
3555e97641bf551747d076c84e0c48b81a05ef14fa1dd879fdf5221d28b9bb24ebe54cde8898a8db47baa105e922eb2fcbb2db66314c3886d56dde635b3ecbb5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
590cb382974b250de37cc34e6857cf9c

SHA1
f303f372216a5d319eb713f7fe54b843e954eab5

SHA256
deeb4f439f69cb768dd526549e58bcb9c95f7194f478b516ab9fcf33f9630ff6

SHA512
31a20b57b4accec9ed12572abec7e8381265c4c8b2fbcd02b8383238869cb4f5fe9f8d6fc0fb80b8c836101904565e0095d99d894914e8eddd606701a683b111

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
8fc9d749d635aa044bd081e7913b8ca2

SHA1
45d10e209c1753982e82ef124179269c0df0f47b

SHA256
85f95aa1375770c0758f7c0e1caa72806030728f40e075f8e3d23a44947648f3

SHA512
31fc31bab34db44943ddb064c4490cbeb6a24e714d96b6b7df22fb091c31922db278fcbecf2603957b9e4997a0c0b69c22f032d9f27ea04b4758b440678be925

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
9a1c3f9207f1aaf4793ee40994f2f443

SHA1
271035612a619f91296ae9b9a57f17ea8857aa16

SHA256
95b4f2be4ddbc6e880b07d06adf0fbbb3888718c0d78b6a610fb41715b55e80e

SHA512
f07e3ac4ff5be1d93aa08529c9e1bbabf6aaf73beadf66186c185cefb6976ad73cc289bbaa97321b5a25843b701bc7bca9ea06c822ec34d8106ad6cbb462de48

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
dddb658173ddec8753138357884469af

SHA1
5ffbb4f7e113f4f8dd5c8ca5f0c2f2f2bfc2cf4f

SHA256
a3983758dcd923fd5f624709802a039b36e2117b86547c739610309637d90ca3

SHA512
25e2a2393bb9adff9fbf14e0ffac028dc81235e1c1a499588751a0b8aefea48c0ceff34edd7346e11badee34c08a78218a308f3759bcdae40fd6ed29aa99e6ce

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
90c6638fa25674f2c7b90e088815664f

SHA1
0165e906d2b89d12619def4bda7d692fead4c353

SHA256
7f624054c781f47737fd552003bdc4b1eb1919398864ed35e2d67d2f88eae6e7

SHA512
1a65ae3aaa1988fe37a3f35aeba5122248fea2b2c20d274b1cf465ba249a89ac31b791b1005b8fa8935670f050deb0b24c52d04e266102fe7aec41337084fe10

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
4c0a5d7903ae5148b7ff5ba492f4b5ae

SHA1
3b9e532bb3461a01b92d7ca8ab5634412761a67f

SHA256
7680f457050c4e9f6a5e8cce63e1c4755a10d49c1487f3bb9abc2834e7fc5e23

SHA512
903b41bd16f96f05464ddd51816057237b77125c371ba2a5fe3147e7393232e2c9c2d4549295aba165043ae8594ab770b7ae221c2056c350f8bd91d0ff7fe6ad

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
39d8ab1148bdd639cd87db437cf2f530

SHA1
afb957e3875565d7775445adaf119e6010b649a7

SHA256
60ec4d32f7356d0ba51533b4956ce6a13ae52aedca1579fbe67b60be985cc5c4

SHA512
04dbfad2b9b9486906ff87b9eb37b868e7215d2974ea996913c28a7e9fa6573684c44cbbe56f29c8663cba12230add7f1f23f1bf2e985e5addc0c02c7b538bf8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
ce3792a2ffdc033a4ce05863c7423e5e

SHA1
6e4e9e1b890f27e699780db7e417c51f749772e3

SHA256
8e08b86d3615d1dae4909d1e11b77ed00b6760c2852f6d18da72b7aaee0dba40

SHA512
fda3b31f34a6fe675477d92cc042fb28d6ef72190a4d7bf7f3a8d14f2d9b51a91af4bf4d0bdc48df2e171cea1f44696d5d0e7896ca77880366a9dba6c91472dc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
821f6187b6c73e07252c675c8d6357b0

SHA1
4f79c335dc7432ae6492a0320b99d752bb8b838c

SHA256
b34b697d7b50380da7b324dacdd4d7146649d6b3473b2b2c6aab4d7ba967534b

SHA512
ba1897a025ae72864b7fbfce646710112344f890c906f50cdca8ec34bb4516a8053bcb6e33b1842506ba85dec1ec7ab7a60bc49b2980f639ffa4618134c5c2e2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
94e5439ba8e9bf9c5f53056d35a8ddd2

SHA1
035ca5bf4ae959ee5acd5718e9c0028348625389

SHA256
8e77563103531c75c2d0e921e4cc85bb10788ef2cc3680be97143948ce7d2d84

SHA512
bc3627e87ba4b66732fcb8dba96fc855f82275872b04f5d0c2b9d90896afe9cd6960224b07317915b80c94337d0d50ba975c4203ec93d35ce78d7cfc70087e92

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
b71391bd37d0a3a096822b0e9460d2b5

SHA1
6a4a795a36918fb6819a3901d60efe7764496e1f

SHA256
a4267fc3e1f7f71240547f6380015e5cabb10427b41473f135bf15ac256a8c38

SHA512
a3a8e9f940d2d0a6b39525b50e49e3629d237247e500f182733e4d0227a9ce03975e901db82f85745467a001dd4aac7615d5205533c2b3a273cdc3f8eb1cb971

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
226b755e3a22543c61dd9e979c3ca67c

SHA1
4c9eeb20d566967e6e91c48cc04ce5e0a431dd5b

SHA256
e5ee9ee0b0a5b452c273459d0a5a6e66fefd7c2184095200284d7cc3b5f7f2e9

SHA512
dd4b92b4d6cbc85e78b734ea024d382d59661f3e47e1c8c9319e8f57b64a77d8f73effddc4a9e33de4bcde9390003e2517f94d5b7686d57fe78f353859a7cf01

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
2ea5d2fa9820c905465cb99deabcf91b

SHA1
333be621e2c2f71297696817fd4d04ff32596b79

SHA256
9640a3ce8b056c21b1fd547976bda587a96eef350fbde44ab6038083fa0bd846

SHA512
ac0b6f7505fe52d5ecd26eef9bccde5fa3b0b59bff8139672cc6c16bf908abcbd8faaf5bc4c2f8c586719d341278192ee091e943be28d7af41a3a0f69a05a6d4

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
cdb1c556c46c1e176943efcb31709968

SHA1
90ae5d5a703f6e2a3fcb71a8d970c5af279043fd

SHA256
b018859480a3b3025e17e05d1e7d9705636454af8e8780f260fb5cda4cc6ca49

SHA512
496af8ef234e22436eab9863d4ed848b95626a63d323f42bcbc4c7d255b8e4fb0cdceb7d429b28085d84a774aea8025d1188d69f8d702b9d9f56a565a0e61359

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
92fcaf4921a92b5b3ac26d8bbe3d465d

SHA1
ddb56ef95f94ad8594e0cdf3aa2e234904d90440

SHA256
7c2d4150a9c186c9f138eadf7f968dfcd8403ae58ec99f3a4ae3e8075a9a3f5a

SHA512
8e6bf8e385326e5bc4a8f148302a18dd5a1b79209b9040424db1dcd3bdfaadc0cdaf1b1bd70ea648a2ef3f626b24f7bcb82532240873d18947961e21cbced1f3

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
a5a8e803650bbe1ee0ff25616a49bea4

SHA1
e3ff5e9b549e6e465af722eb2b0b9cd43f32f3d3

SHA256
d43c7de68cf9c242ffff833c03dba495a7aa9202d2a46872f76c03b3b19dd3b2

SHA512
910262b2ca36d0bb52e5751bb0044c6dca1bc24ffd01f449884aa851c88dd62e0420137f14d3a3bdff55f9d4ade410de2f31a8bbd7c077a533eb4c471b37bdd6

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
bc48e386a25a81b5a76119ca94551451

SHA1
661f3bca59e46a26805936aa174198f2e74044b2

SHA256
e62c2a33330db4a63ca2efd904700cdeb2ee17b3ab0396a8009d5118a7967b6f

SHA512
633ace3d10065457a678e172e64b9185e8b9bd276a0c685368689ad2cc1fd9ab76474b8b3c07541aca0bc59166655f599cf091c14dd48c24dc48d38ca1a9a255

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
a8ed08a74de9e7703a5166887f16d5bc

SHA1
9d06d11b8f425b7e0f3db57e9f39c7624a4a691b

SHA256
ee7b67db5bd2aee3ba7a8bb1186b58282508eda39342ad0397c667ae11f31299

SHA512
d3246af4ba9246418ebd163866769e8e7fc4f33d13a31c3067ef7038851fb877ddba17e42f67abea61e90ad87309a6a08f6952938803b8eb286f8fd69e0aaf23

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
441e6cc5a06e3a79f458c1ff680f1df2

SHA1
4b6c8eabb69fd3cd580ebb23bf54b2400adfad95

SHA256
9bdd4b98ccd649fc025227f6a4e87a8ef0569ea582dfa16dd64bd30da134ec09

SHA512
80c599bb1fba6de89cc7ad0d8d68b393014a796c6ef0888d45f767ca11d0a6dec229d4ef8b6a900c4be65e1096b53864d113ee370a86b003530c8424adc37af0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
2febb7e20d0a08d224d5083b9f9d8ffd

SHA1
0322bd11fe6c7a2863965caac691bf8f8a66374f

SHA256
a709d636398c00fb6c7b90be571192e75e0849271a884184960f9997e89ca88d

SHA512
638343b5da62e1b41110582c0a6f27173e1e737d76495a0f9457126e8da5b38032aa80b1c2961e227c76d7fc9d9aa5e259d51fd3c80d32846cbe8ab6e51c17ba

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
0443bdb2d1b41f567eb7ab17a355c97c

SHA1
b1f48d7feb454b2c092d86bdc3f4ebf337d2a32d

SHA256
eccffd17490722eb12e016606c1af12329b2e86f8b9718f970619610ca9647dc

SHA512
8d7283a0859ac560c59912ae9259ac6b3f76d745f9151575c9b68d8f203047dcfd1ceb72a7df87a8d72b88c399ce8c702b80502534cdfbc01af4adeba56c240f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
98231924992936d417b4eeba03f4d59f

SHA1
6825f6f082e30b7f4b8d127565ae2abd441b5ea4

SHA256
89bc89a90a3230f844582d5860e3da394449ad62c48225dfcb8a364684f2912d

SHA512
56f41f38ef37c402774c62c4ea0a1852268fa9819b67354564772ff866ee384b67f725bf89c4a8a63c468d6f7172ad3eaae8429e0747aefce71f5f137fdda256

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
305e687c2d5123b20e5058992b311322

SHA1
207b2e04766420e4572f224013e68755755127cd

SHA256
a9ef5d7e94a7384dfa8aa5f1b9971945bc6e3addec4c3d53ab407585d1c2284a

SHA512
09869e941192ef001d07f84d2321d7c0fb7e0253288993c6d15071f67cd18e0d094d649811b65d882f3a6db2739ca97a6982ab9e621d0aaf36afb67c3ce9fbb5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
7509789983f5cbe385c5922795075785

SHA1
b3575db78f2c6b996a9060a6d643fd98cb88b405

SHA256
2cbcae3f53d1652691be57244ec79b75618d448c66aee710a4d9a85c04c11412

SHA512
c5f4a87f41e2d1343c54c3c6e6400d0e7e06beb4bac7b990988d40310e7c5f72650c142d571966ff14c14e6cfc458efd323f12bde37b68ed011a25b64090ea33

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
57453f65c2517ed1817afd9fc4b95ba3

SHA1
e23aa6cbc845c87743a3f05ac20382f11a85cb86

SHA256
2011192eddf4ed5e05148c85b62a613b8d0b709b6a8a57561e5f3d482a952d8a

SHA512
16b13eca81c29edd8874c7c9f7a7a6c75fe2d5a7fd6075d3471f449490221763ad0eac54055e68cf92a2da19cad803e0b7dde3bae487ba65ced2d96275a19388

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
f6c7c9310822faa59e08a288dafbe7a3

SHA1
f52d0c0472577b3065782486c6580ca99d90aa1f

SHA256
f7cf1b57483c34c1ae03d680a2e2a0be7f250d2cb4c8ddfc2f64e7b63a843ad4

SHA512
68c4972245560cb59cf4a4dd5254aec4b43944050a7b364e591b10373b5cbf47d47ff5334f244be3d73e51cca8a7f1c13d52409c95d02b00c1f9d9e0a8fba912

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
9f1b8ce2b6fd3d7f875fc926ecc75244

SHA1
f6f9283244b1ac940070d8c3a2654e793b2a07fb

SHA256
f186a78942afd678a5f3f45f4b3c490b13fa5d3fc656dbb6c22decfab58ccd16

SHA512
e226988b522d44cc06d493bc6e3f802de84a7e7d5226dfe16577fa19dbd37ddfc7b39b865fd3d676ca19ff4731282ac490abba82dd28f3e324e047930b3d7f61

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
2603e406d853d137252a2373c4047a2a

SHA1
bade16cacec59bb053b610d6aa1f2a253232e5e5

SHA256
70dd3d28d1c06d43892be2637318eae821b8711c6f537317c979e86f65e78677

SHA512
a4679b7b440a04b89c5a7bd3280617a4b65020dff7f500be4a8bb5ef27e9bbfb0cd2d131bec96c3296650b055028c7c0c47581fdb6659c3373cbbfb8fb883037

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
bd5cfd216a418613587866bf629267a7

SHA1
44347a22722dce2c8241291e896b74bdb3b72563

SHA256
8c244172cd38963f200547f5faf3d9d9effbc6a554053ed72d054bf23c04b68a

SHA512
d4f844eba3f9c04c598f45e0a8d63af2836c58f5a26c7a6ffd5ff391448930789b54042cf1000650c545071e70e726da0f69236d0a91757ba932297a233d896e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
4b2f9e15aa408ba4f24ef345834bb493

SHA1
6f8ca1e97eff223e12fa1a6020695e7039510035

SHA256
8d385ddc3a3e05c23f7a6798fc6e7aad030ae642f2d5199a4add1e1469f642be

SHA512
78e2dc732187e9b06199a00ad6166629b49c673016339310d1bc625b0c42c00af8b7b52e62b4c8b46ef1110325fa231cd511169a77f5d585b9d29cb897253bdd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
f26462ab94450a4cfe40957bf8df91c8

SHA1
6609a981dcc2f653f6aed333d5f6f1bd6449ab43

SHA256
526db618f80b3190ac973bfe5e44e2c7c6587d00c63131b50f19842b81b3aaa8

SHA512
961aab642ba61e36c49fa0ac81362da3c609ba9379e07b8ee3cd515a747be1939bf0cf04819ced991f73f7fd210c1d87025731fce62ed2baaaefbf04e2560d46

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
530479c4c53d033c5d96e1058b0dfd09

SHA1
63dfa22d9eda45ae750af8097969d02973335b48

SHA256
f352609174f11c8211745070eb4d6370dd0eb72b46c1c134b8ec2d4ad451a8a8

SHA512
73a01ee4e0397f37ce80c1949e2e6558fa2808eace1ef27599096e05685d11f8b67879ade30ab0418f78fbf8e1983976b79aea47e2e668348ab73383fd44805b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
eb8ed7be66f1f109bc4cc0b971145177

SHA1
a35feb5a7dfb5b16b2143a4cea71923f03d69667

SHA256
5b2dc8132402cfdf15a809babd2a57dd670b4815b2569d8d5c56e256f7a97bce

SHA512
d2454d66f72ad384ce0642a4ba9c0aed692d708bf02cb3e2fbf708facf17d9e7b37fc1f2639f0c40a9172d21a059bfd61a3ce0c0ac58e33e23b97b1cfe117328

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
1dd5b890947e05f820bc23c2216e60ea

SHA1
ddcec80c975691b316a9493527219cf697eb2091

SHA256
935b2266f1a4c52dd23155faeb21930ab73c4eaeadda15c5445645f67db6f0ad

SHA512
1ce9135e6e1fc8b9e812b7d8219c7709c60a436cc3670b6784aa7c3202b1fe679f34db7d8b088127fc894aa9d70eb999131278763c2519efeb1eb702a5d70806

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
128ff22f5e93563bfc279c51daded192

SHA1
b9ace17654d545605b87356ab84537a40f1b765f

SHA256
c84ea3af6e19fcbc83dcc653da973b0d485cc30d13428f1cabc70cd06873b1da

SHA512
739f366a8c6af0a0b37d945e4e494937f86e60321f1c6bbede4bc4d30bf8961307e645aec7b0c1ef55565cbddd71fe88aa3eaec3bbc0a9568def820f2b7bc4ad

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
16a5243e0d27d8f0f8708b4e3ddf0ba5

SHA1
c716eea5b3a034e65a88c7caf75bca1a440e38b5

SHA256
0dd84783ce89c55cac538bffb2afb53789ea03c7f59890ba45715f1ad002be6b

SHA512
a7cb4e43db4e1e6efc57e05e75c062450fd28bc8015e3ed6b9b38ab48b0d295daf292876b97fdac29c75cf23195e57f759d8525fd032ef27e68ba8aef598767c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
71032553ba00949e73869d1c270fe267

SHA1
1f0ef3e918f5a0fc4f747299042fe404e40a7e53

SHA256
ef31afb1cb8a7ff111cfe56eda5931f972dc2f8b4083586d2e80bdbec7fa00f6

SHA512
bda45b85e267f40c97a4a1edd5e1eca3bef46c898f9ef2f5d08646b6640e4efe5b16a848e843d49b5bccf12dcea304ffee3911c22933f303c5cd245db0fd6bbe

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
529b5e6140754d6a0e886931f6a3d5a6

SHA1
7b18adecbf6aabb7e6b0b8eedb56959bda1ddb1c

SHA256
d207e6e8648fd4707c9993a8327b7797dd3faeab332b756f872d8b5e300e6072

SHA512
ba2220dafa4cac40614e25e052707edd846b86a7a45220a1ed2f96267f146aa8e9def3db817b67171f9ff6bfbcc4478a5fd92f5299e9891303256570d55a07e0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
74215118520a1539335aae464cf2c86c

SHA1
8a9614b77c355971c33d22b162d3f83c5a2ad6dd

SHA256
bc617e751b0d94ccb5f7595ee42a304e09400d539f300a0a2e67b7e789f57e58

SHA512
8744e0335bcb8d2fb397f849945b92c3e79511cecea2d9a1510cf7130bc135aff41b3213d52544f156be4c145d0fb04f1fdba2fa65d6fa44a669f3b617f41733

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
fb8730350a2023a4c7cd25ce4e1e92e5

SHA1
8dfab2ef5e17d0e9bba3e6e205068a7be6d2a2d2

SHA256
2fb92888f1ddbf2452f7e55335c33a9ff90fa35998b09ad0b4425384fea1ed23

SHA512
d29628a97fec460ea1e98ffd1ed3f2476d2e6128a83f3dafc36343841f4ee7e431330b2ac59587e1c9d4b1cd8b8c6915d71ec1d80177f262db99dd99571cab1d

Download Submit
memory/2136-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2136-4395-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2136-4396-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2136-4397-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2136-4399-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2136-4401-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download