xorist | aeebbc1fedd0c64e0b65ec0a2746d35d91d33b3ce4fd8b77a321490226ff9aa2

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-11-2024 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe
Size

157KB
MD5

aa74466c958e79e0f9a14147f3758659
SHA1

6a4463024660bfaf1c500213ee52c04c7599b8ab
SHA256

aeebbc1fedd0c64e0b65ec0a2746d35d91d33b3ce4fd8b77a321490226ff9aa2
SHA512

4e5eea738e894d6bfcfec82b50fbca29efc65463048376ccd7495738e9045f1a8df686a2a9271abfd0fb837c0a46a6483bd3fe587bd9e6d7ede3dae2ac83fc95
SSDEEP

3072:h0mldz9wxNd/zXJuV+c++LTVJdbUU4pRIFqBngIZArG9B1Reuno:h0mljK/zZuj+oP1wISGqVReuo

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 5 IoCs

resource	yara_rule
behavioral1/memory/2880-6856-0x0000000000400000-0x0000000000417000-memory.dmp	family_xorist
behavioral1/memory/2880-8296-0x0000000000400000-0x0000000000417000-memory.dmp	family_xorist
behavioral1/memory/2880-9213-0x0000000000400000-0x0000000000417000-memory.dmp	family_xorist
behavioral1/memory/2880-9214-0x0000000000400000-0x0000000000417000-memory.dmp	family_xorist
behavioral1/memory/2880-9217-0x0000000000400000-0x0000000000417000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2214) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe

Executes dropped EXE 2 IoCs

pid	Process
2456	multihack_by_kopojlb_1.exe
2880	multihack_by_kopojlb_3.exe

Loads dropped DLL 3 IoCs

pid	Process
2308	aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe
2308	aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe
2308	aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ZIfIQs4FjG1hc1w.exe"	multihack_by_kopojlb_3.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_wildcards.help.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iscsi.inf_amd64_neutral_2ef24e9270d8b2a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\IME\IMETC10\applets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\arcsas.inf_amd64_neutral_c763887719bed95d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_do.help.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Line_Editing.help.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_WS-Management_Cmdlets.help.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_jobs.help.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudss.inf_amd64_neutral_330a593eb888237c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmlasat.inf_amd64_neutral_bc1469ba40fe2114\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmoto1.inf_amd64_neutral_bf4b404852955eb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph3xibc4.inf_amd64_neutral_310871d800afa82a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr009.inf_amd64_neutral_fd2ac5b9c40bd465\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_profiles.help.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Command_Syntax.help.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep00b.inf_amd64_neutral_2e6b718b2b177506\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wsdprint.inf_amd64_neutral_f91980f20f3112ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_scopes.help.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sbp2.inf_amd64_neutral_332943647e950ada\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_jobs.help.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx009.inf_amd64_neutral_d4b76afd08f308fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\atiilhag.inf_amd64_neutral_0a660e899f5038a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\kscaptur.inf_amd64_neutral_6cb3fb6811a3f83d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_neutral_14f9249844f1cf17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmod.inf_amd64_neutral_5766736c47b90fff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmti.inf_amd64_neutral_4443b423d18c3ffc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ksfilter.inf_amd64_neutral_86311fdf78a07678\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_try_catch_finally.help.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnkm002.inf_amd64_neutral_7c42808e24ebff99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wsdscdrv.inf_amd64_neutral_47406488f9e8d5b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_split.help.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Comment_Based_Help.help.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_prompts.help.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcxpv6.inf_amd64_neutral_f62ac4bd04e653d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_hash_tables.help.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Line_Editing.help.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky003.inf_amd64_neutral_fe7ea176f20ab839\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_script_internationalization.help.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_profiles.help.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00z.inf_amd64_neutral_aea50acf04a2db1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scopes.help.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions_advanced.help.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_type_operators.help.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr006.inf_amd64_neutral_40c76453575b1208\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\MUI\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_wildcards.help.txt	multihack_by_kopojlb_3.exe

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fknpcffhkkmppceh.bmp"	multihack_by_kopojlb_3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Pictures\\My Wallpaper.jpg"	multihack_by_kopojlb_3.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000e000000013b4c-10.dat	upx
behavioral1/memory/2880-20-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral1/memory/2880-6856-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral1/memory/2880-8296-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral1/memory/2880-9213-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral1/memory/2880-9214-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral1/memory/2880-9217-0x0000000000400000-0x0000000000417000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down_BIDI.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt	multihack_by_kopojlb_3.exe
File created	C:\Program Files\Windows Mail\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\cpu.html	multihack_by_kopojlb_3.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0386270.JPG	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Stationery\1033\NOTEBOOK.HTM	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\RSSFeeds.html	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR35F.GIF	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\37.png	multihack_by_kopojlb_3.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.WW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14530_.GIF	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\HEADER.GIF	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR17F.GIF	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif	multihack_by_kopojlb_3.exe
File created	C:\Program Files\Windows Journal\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_down.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png	multihack_by_kopojlb_3.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLN.DOC	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Places\RADAR.WAV	multihack_by_kopojlb_3.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseover.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system.png	multihack_by_kopojlb_3.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png	multihack_by_kopojlb_3.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PROFILE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01255G.GIF	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\WIND.WAV	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png	multihack_by_kopojlb_3.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0179963.JPG	multihack_by_kopojlb_3.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099154.JPG	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierDisableDownArrow.jpg	multihack_by_kopojlb_3.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\PREVIEW.GIF	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101856.BMP	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_super.gif	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\PREVIEW.GIF	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_SlateBlue.gif	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_settings.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif	multihack_by_kopojlb_3.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\THMBNAIL.PNG	multihack_by_kopojlb_3.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\33.png	multihack_by_kopojlb_3.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5b9c2eae674609a3d84010c9906e0bf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-msxml30.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2cb346e85f09f71c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-erratamanager_31bf3856ad364e35_6.1.7601.17514_none_cc4c7d1282795c59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-bckupbas.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8934ae6bc4a4c4db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_trap.help.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-defrag-core.resources_31bf3856ad364e35_6.1.7601.17514_de-de_2951fef365cda1de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-artui2.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_361b61ef514154b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\cd03f9386e02f56502e01a25ddd7e0a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\month.png	multihack_by_kopojlb_3.exe
File created	C:\Windows\inf\rdyboost\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..revention.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3b60aa2210b177fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_04480933ab2137b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-vignette_31bf3856ad364e35_6.1.7600.16385_none_cc1304de922cc585\vignettemask25.png	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-uiribbon.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b6206f72ce113a45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-00010480_31bf3856ad364e35_6.1.7601.17514_none_f268daa7a212eb80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-syncui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e3cf973c5244a884\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..c-style-performance_31bf3856ad364e35_6.1.7600.16385_none_1d8aecb671a2bda5\NextMenuButtonIconSubpictur.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_0dfaaaec65b0831b\bPrev-down.png	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_mcx2dvcs_31bf3856ad364e35_6.1.7601.17514_none_ad345321d7fe965e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_scripts.help.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-parentalcontrolspanel_31bf3856ad364e35_6.1.7601.17514_none_ff675a2d4d66d4bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rasbase.resources_31bf3856ad364e35_6.1.7600.16385_de-de_111bacf3e074578c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-magnification_31bf3856ad364e35_6.1.7600.16385_none_5dd25a1fd3f4cd93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_015df3e3bafadc7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..tbranding.resources_31bf3856ad364e35_8.0.7600.16385_it-it_f998bb70621dfc39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-flippage_31bf3856ad364e35_6.1.7600.16385_none_0f19716417635239\NavigationLeft_SelectionSubpicture.png	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..extension.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b3d1be8c8dcb5596\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpcm_31bf3856ad364e35_6.1.7600.16385_none_aee7333b9cecd8f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-notepad.resources_31bf3856ad364e35_6.1.7601.17514_de-de_76fc6c043e5e2cd6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..ginworker.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0a0533810e792a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-c..andprompt.resources_31bf3856ad364e35_6.1.7601.17514_it-it_0e34114dba57399c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Data.Entity.Build.Tasks\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_mdmsupr3.inf_31bf3856ad364e35_6.1.7600.16385_none_2bd80faf00659dd3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..xthandler.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3e33c6a260a31d8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-x..ollmentui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c3a194a371438ae1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-commonlogservicesapi_31bf3856ad364e35_6.1.7600.16385_none_6e8b7c84e12ac48e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..ltinstall.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_df835a4f90338445\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..type-franklingothic_31bf3856ad364e35_6.1.7600.16385_none_e64fc709d20b9685\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-862_31bf3856ad364e35_6.1.7600.16385_none_2ade0120b4e1f3b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_c985fbedc9886bd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..c-style-performance_31bf3856ad364e35_6.1.7600.16385_none_1d8aecb671a2bda5\title_trans_notes.wmv	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_megasr.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_996f7e3998b0808b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_de-de_a02b5db197af6758\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-rssfeedsgadget_31bf3856ad364e35_6.1.7600.16385_none_07861dacd36a18f4\rssBackBlue_Undocked.png	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_100033cd17b788a3\settings.html	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d19e979ca36916bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..acefilter.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6b2be19238377990\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-netbt.resources_31bf3856ad364e35_6.1.7600.16385_it-it_39e0a340df414a50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_black_moon-waning-gibbous.png	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..i-printui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_642377943fe43ca5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-w3svc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_fafddf5efddc7d12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..duled-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ec33ebd90c2f7af5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_7f7284b09b6ed3a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..framework.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7da8f728cbb29021\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..nesweeper.resources_31bf3856ad364e35_6.1.7600.16385_de-de_422835eff6be42a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehvid.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5671ae8f11f851c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_6.1.7601.17514_es-es_89d2a71d6ad0d796\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\msil_system.data.oracleclient.resources_b77a5c561934e089_6.1.7600.16385_ja-jp_165de34630f512d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-rssfeedsgadget_31bf3856ad364e35_6.1.7600.16385_none_ab6782291b0ca7be\rss_headline_glow_floating.png	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-wer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e6391fa2a32e26b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	multihack_by_kopojlb_1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	multihack_by_kopojlb_3.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LTTKMRPKXBUQSIJ\ = "CRYPTED!"	multihack_by_kopojlb_3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LTTKMRPKXBUQSIJ\DefaultIcon	multihack_by_kopojlb_3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LTTKMRPKXBUQSIJ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ZIfIQs4FjG1hc1w.exe,0"	multihack_by_kopojlb_3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LTTKMRPKXBUQSIJ\shell\open\command	multihack_by_kopojlb_3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LTTKMRPKXBUQSIJ\shell\open	multihack_by_kopojlb_3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	multihack_by_kopojlb_3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LTTKMRPKXBUQSIJ	multihack_by_kopojlb_3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LTTKMRPKXBUQSIJ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ZIfIQs4FjG1hc1w.exe"	multihack_by_kopojlb_3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "LTTKMRPKXBUQSIJ"	multihack_by_kopojlb_3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LTTKMRPKXBUQSIJ\shell	multihack_by_kopojlb_3.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe
2456	multihack_by_kopojlb_1.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2456	multihack_by_kopojlb_1.exe
Token: SeDebugPrivilege	2456	multihack_by_kopojlb_1.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 2456	2308	aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe	31
PID 2308 wrote to memory of 2456	2308	aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe	31
PID 2308 wrote to memory of 2456	2308	aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe	31
PID 2308 wrote to memory of 2456	2308	aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe	31
PID 2308 wrote to memory of 2880	2308	aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe	32
PID 2308 wrote to memory of 2880	2308	aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe	32
PID 2308 wrote to memory of 2880	2308	aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe	32
PID 2308 wrote to memory of 2880	2308	aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe	32

C:\Users\Admin\AppData\Local\Temp\aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Users\Admin\AppData\Local\Temp\multihack_by_kopojlb_1.exe
  "C:\Users\Admin\AppData\Local\Temp\multihack_by_kopojlb_1.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2456
- C:\Users\Admin\AppData\Local\Temp\multihack_by_kopojlb_3.exe
  "C:\Users\Admin\AppData\Local\Temp\multihack_by_kopojlb_3.exe"
  2⤵
  - Drops file in Drivers directory
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in System32 directory
  - Sets desktop wallpaper using registry
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:2880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
386B

MD5
1e9c712fdaef7a869fb59b950bb31357

SHA1
8e381a29a0f6854e5a826d20b2805d4a9a54e6bd

SHA256
aa1e8d8b4b6e818fef554d02cc55ba9c1e52ffc4601471546714d35b0db626e1

SHA512
4310eb844cec2b7524bef33784720967567a3b68a361f7fb59d1807245f3fe97508fb8877e9edb4236fddbe13e5aec928997494b29b9a9c2e621f3971b716b56

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
326158c858cd943581be69f75e542a5d

SHA1
20d084a425744c7c2a9262b324eb719c4c76dafd

SHA256
c27f7b324baf8b2718bf0be8612272cec1d93911c9a2bcd3bdcd6f5f8ab137f3

SHA512
e9adbf4aedac06b960c3cf79e77de12def9148466f8dfc49c21233331fe64a6e46e5a195e0947f252fa8f4a351c081aba71ba2b155ccd45aafb44884fe825b35

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
7a8583cca6092bf5623c95402dc1da49

SHA1
3ddca90d708abb2b2b0549e912c7e40d7ffae2a5

SHA256
2edd2b83e7e46b8f7e13bd86216d82fe5f5e63208960c23e2774ff74a6d222bb

SHA512
fedd076cf80740fd0b26ae606c4e4e427b8c8df34b58f0b8df057b6a3741f6ad8fd6a6a602f8fbd1c423545edf962b9ac502aeb87ff70600bebe913e744fa2ea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
9726c25a7e99999af862253305d8892f

SHA1
2b4a59877f6cd09412f3e6848f3f9bf835076828

SHA256
dfae22bf1d7e29ee295d5a9e7b78947354bae2141350706d74dd998e4e1a8fa7

SHA512
3384350c81c52e7d2fb6931e41ef1c0bd970d5996c3fa1a8d639a139cca4aa5a18b86f7a2de7925b47bd010712c12ff59101c761583f7e9037b074b30279ab1c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
4b8938bb9161d6e753688a45ae2c8f68

SHA1
a1a4bbaed19bf34490fe018f2430ba47bd75a479

SHA256
1b128c80e7d1b53416f34cabf6e7515f5d11c8e2083e3f9e9f3381c39acb64d3

SHA512
d425a33d983ba07b9359e0e13a28ac591cbeb6d31a42bbab5bdfaf05521f79d2affef1cb277518fa5f00c7b5c341964a92e511a5469ce3bcb5468d94ddec0274

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
506fc850d54297f56558b2c0f3e75362

SHA1
45f645db0cf6156f0fdcf9516fdfc4785745487e

SHA256
5e987803e0f45e68745120a9d3ba7ddc5b1ea85ca3b50277f313cc59c6f13c82

SHA512
c6e7c5c733595edede32b5c3f042cf717bb011f1283e30968861ac249e56376c6cf2f2383ae3135cc80bc11f3b856987accbf274d9248f5c0f3ef55b2dbc2542

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
0886deca3ccf85d87f4609eb360da9e8

SHA1
1916e8ed391ccdd93cea37d5c25a89d9d07bd18d

SHA256
ac340d3e4193116fff43ddf9073b0418c4bf2fe9b62b37d1d353cea8fe39e22d

SHA512
eb984b48245eb71de2de64c7725e796d6f7d73bd4ccfbd0ce40e581fa8862dcc30569cc0a492a4b719847de2adc24afc6db7641458c76606731a947cbadff7bf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
4ec773629b846bcd47de60ec94568303

SHA1
fd74003f797e0dc77b377c4f95786f7093b00bd1

SHA256
a2746d6ad4173cd99fbed31d44b31ffc6f23d0aec926787f6564016f5feef0ab

SHA512
c31d95809c81e715031dfdf43880447a89a3e72523116458afd32840971f9b2407272cfaaecd72fcdb1c7155b3330d5f244f7168ef29aa238c5dafa43b8c3015

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
fbd05bc817a72839e1fa54991f20b1fc

SHA1
7530462e7052f7aadd8abb7011ca63ad584b3427

SHA256
cc5cc808829202d84ea38d167f7532e6ccfd1f194a4af47e5a701b7875bc75ec

SHA512
9084f03e102d2444981e6f4a060b4de2f23f171f984621e46f18643fc45de29575208e28a4f692648f087cc60b0b72c9b9335462818e36bd2bb14bea64bc212f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
7b89e1bb177d970b31d7239efa958e3b

SHA1
3d2666384b6f1f07999595d7574a71cc6eeba0bd

SHA256
7c123fe78d78f289f5d05732dd63b38388429c38b6fc9c42bcc88bf30d5e50ca

SHA512
a9272f2bdf60fe3d57a07e09c6a872e89fc9fd3dca324d90d135467378778869e9ea5ef79db8e9ddfe00bba3aee4ad874824fa9dd5e24a8a84c261a8368aed5d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
32aee22ea1f7479da27b5ed4c72a23a8

SHA1
385e9bca85ca4b82e587a0add034c4bcb4ba88ff

SHA256
dbd39e477f4d8a8f752bc3c7a2155391da07802276014fe14edc9277c5b7f2d8

SHA512
dcf65851dad75d506ef63a94775e0702c26f458483cd555e18f327dda960f133d939094eca78187d082bd3f7065fbe6b85da134d1ad2006fe45cae83b9751c46

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
6c7e31a97bc6e467e4714114da447c62

SHA1
215db3ef7a5e27d65618422bd758add2b1fece9a

SHA256
498984146924c065a48590731acd9073c85012afcf50bf1774a7f12493e73101

SHA512
00649d0f7c7f9664e9e3ee3fd3a736b2307d2990349f5b441a6821d9908e405f50071e4c44cc210b0df2cfa3efa829da46add6f82f0ca90714eb318df57d1602

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
73617a4805d9a7596b8942837391d183

SHA1
c28088b4f5c9b28ad29168a76bab5b219aecce97

SHA256
96e00fb95208a377e57acd8852a62c1a40a7ce08ea73b0fbf6040e45dfcc6c57

SHA512
5282675f16adf3110262ece5d57b2bb92aff6a5b11033c83d0a36236f46f95033ea4654634c0276996e6ab49980a20378971c1aa2990d0d6239d92d1bb9971f7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
6ce46ff1890ec219edd680fa55adbe1f

SHA1
4aace5f10aa140f4938b1d78cd654f043566acf9

SHA256
7f83627fd80441cf66f0ed152b4c8fa9ab3ee61176efe8fdd744be242ec08935

SHA512
fd4b1d24c5b7e4aaaf8f1f2d04b9c3d55e682fb4159cdb8acf90ddb0bb34f2939bd118adf15d0329f69410915d580423e6631b85c2c24d77bde88dac8b808b57

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
a9e06969e96800e4c5e7e18afd6e6233

SHA1
d69a1728b9e214f4c008a82ac50adbce6ee32337

SHA256
de534a749966f16bcdde528a9734523b07ca511e29093fabb3d8d612903b50da

SHA512
8fa1cbff164e412197f12443c65333ce8bb3ab4b6d46ff69beca887a8263ceee86f4a191a3fb7c2ff2d8106a2783fad1d6764b18ba7feacf95d3d484e524fd0a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
c8ef6dc8d56ccfc4e0ef3d8f4e98e929

SHA1
5399016bb2574f6013c33e586b43e1011ee88b03

SHA256
c23209aab0662f565a2f211f030c8de39847a67bb8bcdddeec350590e3f11701

SHA512
7dbf7afd3e4fd238569fee27f69fd169ff323cbd03441d3179ad9adb66bf68c7d28c149bd40b22a1f5898f28e8182f1234b2e6b4b9132993ffaef39ee16c9b4c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
efb681cfabb7d4978953c507a476c11f

SHA1
891594a298a5288ba98db49e758c31e7cecfbf57

SHA256
1245d9b52d79e3131d64b8d66fc299e6429f0f550af75194daf6564061b02947

SHA512
66307d1c02f4e8c9be10bf5a5ef521c9d5d6da9d0ca365f22207ac174d778469eb72b9685834bc6fa81ab32843579a9c41fade581d997aaa3c4f1d6fe463f3ae

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
e228a0e3d06fb437ec2735d2242746a6

SHA1
d1d4b480bc894a3ff79750c90dc6b9065100a4d0

SHA256
2bc9cfa0aaa7f2fb4fa402caa2f3cc67f135d40a08b2f87a12f421f97a82254e

SHA512
cb88ad983812be8a3d9b0178bcd4605ca24110306cd01247bebc04f6e793ad1460c780e1c06d8c58db4f839c1c35f093a2b9f54f1d3e399fff1dd03e0b6dd6b5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
f070d0bf7dae2aea620af1ea373c6332

SHA1
5ce26e642e9f5ea6b3bb19df03028692c577dd5f

SHA256
86a6c45d0ebffb6f8b66c1cfa46199d339c4a925eb8dd7604aef0b7aa609fa64

SHA512
f8e08180c2fa42d718e7c03e570c6c1147d7bf2f01f0c48a31723fe8c7e411adb3e00b36e0fdde6d08cd568b2354f679a61419dc9e3f6a0bdde9eb12f09b3fce

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
d2885dac3ad6cb52c43562d5c2875ecf

SHA1
1a91953fc70116b3deed902f69e4163d029d8935

SHA256
da250c068e78687a3438d11de5f959df599faaf722e37ed4cbcbb600f37c1031

SHA512
e981194bb2f7f9be71f381d9015661d1a097f9fc9f179f8562fffecdee0ae814e7194e8c2a1eb5f2cd23ce2aa63336cba2f61b837cf1744537b20f582c96100e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
6b41edd9a5d6f618e26fa1151d0c723f

SHA1
fca471c345f9493239faada38c77cdeb9082525f

SHA256
d1cf3f23c2a82fbd31b012d11425a730c53766af791bd9c37dcf06f0190f0b17

SHA512
2a2762729e6f5bfcb01858eb020ae1c87fd7df38d42c7fc6b400e252c6428899c7ab29708f9035d1e95eb59fff5f57471db6256276b7bea120af0e68403ed8a7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
8bd6ab7f2e6fabc795c1b0630d090cfa

SHA1
7a6aae7d0d8885a69e76e27d32ba514972183624

SHA256
f4e3cff29d33a0248b736d2c80a9f6c926f6341f50480889b79325915db34616

SHA512
d03c2e54a85b90ca3f57ca7cb9db327034848fc555449355f87575b1b9b014b23e17ece4aec78c82c184b96f2a833356bdd638add59c3eeb67ee85f990761753

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
b2414edd8bf02beb9a21b876380e5e25

SHA1
7c79f24d63b9fd7ff91c044e85dc18586d913009

SHA256
a5ffe72000ae27c3164150765de0412d66b77e2c755aeadf9015125056918cd6

SHA512
3a19824f5bcbcf1686566e80b01c65f451b81d7450bb2a80ebdccbdf0f1e9817c67a0c409cddd783ac0fb683fcbc225c58f133df549384e979d9a4ce80387228

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
727a4b28cf01d650e84f81f1872904b6

SHA1
dd1f85e448520acfd36e3a1286de85d0930fde2c

SHA256
8c52c77469a9f90864fc0950fb3209115e3fae9f024f0135816b7f191ff920c3

SHA512
e955b685d36fcfdfa0c09738eab9b828d0ef1dca72a99b2537ab2eeb0d59170ec1b037413dac814e55dd381ac9e80e703d39862565ea54b52b2283c99cb4d334

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
76303300ab8f30e94aa24e58ae93c5cb

SHA1
6e6106f26f553b4a14ad7be312d2e468eae4a467

SHA256
50fabc16ad1a874cd5341dfb27a1fc397cd3d97790be404e1b1ff4783a38fad3

SHA512
1af104e89a1b4b2fc0acdd0e1cbf22b505791a1deceec68f34de116a02fcb309708cf9b661b92a2d3dca58479d268e4c7452cb73fa22be8044796cf9ee345e05

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
37278ecaa166a9210e5b224b72de29bd

SHA1
2303203ccd225351e346c5c310364b415d1562a3

SHA256
e5f0b0a3288a4a72ea6fcb6bc840d518290ccb13a1ccdde2079e4907056cfea7

SHA512
4f154a36015ba938bb623af41f0ae3095eae523ef4e0273b198aaaebba7171a5aa58efcda53f552119418a60e8dcf4cbee7c53b1f1d0d6020658b99a5d3d03cc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
aa733fbbbf90d27c3b77c2b615fd451e

SHA1
b11e60d9d8a1e9c7f7fd59dafa20f476cc352228

SHA256
19eb0c9290455dcd1a9ddceb0c95b7af2794c8b8cf9d7a5e8607876059ae0ece

SHA512
743226697d985f3e52529ad2b44c01027712f374a1ab5a21ff81e2e1e6519d71055fbe7ac548721f54c74e6aa1a18f0612ff78ea17e2a421e6bef4f362f8b640

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
9f7d71682a468452115d11831b75e088

SHA1
6ab1ab90189b1fe9fd5599ad78a62490d7accde7

SHA256
e9367ee6fea69d1a9e204b5cd58c3c2414152b802ca3f515c72669846d60e990

SHA512
d7ece04e2dd87e7759a4cbc28bff9f578b5b89fa480dda8a8f2b0e2719ca8ac3c589f13a050089d33d7bcd163906d4da7a23be0db26ad9e44af81d6f4c5ca2e4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
3d5daa4e30a4b5a6b5ba1686b2ad4640

SHA1
92cda73bbe1549b019d69f54567800a16fb9e615

SHA256
81305cba1a5ed31d97bc0d8e47c10c85ee84d85d0f13bfcf7c91da9a13150e75

SHA512
d9093d53ceee139ccd40063fb41f3277f68a9da48e9df55515e541b353af3e9df29beaba1d03408d3f5ee85849abc3ae5432b721482f005e6a78607772c7f0f3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
5bae85477c5541a553b4ef3650fd6949

SHA1
565714a487182c5aa3cc9f2143637304349724c2

SHA256
3238280a3d805d4c2c6f7394f0f7bd384821e2a5b06481fd3ee5c9b845ec22c2

SHA512
38dfccbf74aa5fe243b99accd6bca1b164eab2a6d9c982c993712416373be008f2bddbede33310b3b952f77d2c9f4b5b6d5c4677b4cbb16cc2f280255ab5450b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
cb298b9fe7326025ca9cf7a4282206da

SHA1
b58cd3a792127d5efa353aaae0ee3e09da63dfdc

SHA256
d1719d97e01737859d30b749e0d2589b349198fd9fb36113ca64e7bf0f8ec550

SHA512
9ca2ffe351ac6c7d758740daafc0a2d4cd7b1395088fdfe060aafc0fc0d58571316946538f5d9e38af8001c91ee865f0dd12178f719ad73f2c16cd5d7c8bb079

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
9518d16da3914e3559dfdce1929c1e94

SHA1
d471e92094f23eb0b3abae6c075aefb539da0411

SHA256
875fba1bbb63ca0a44d2189cc4f086fe5fac2f104a78b8cc8df177d87d99f530

SHA512
51f61a16201268090088039ac32f2118d2154859843ff262b6cffb32667dac7e47b155074177f95ef34acca35b37371d54b0aafcc76853d465134dce8b5c817e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
2c7c98629d4061ec0602bb8150f747df

SHA1
f0e3f906d08d7eb1177d71e18d084f8bd0f46c76

SHA256
e4f7431a809ff4dee67fc554950233fda3253bb2732757d5472b0c27855783a1

SHA512
e28a7c628ee4d16ed296ace20a628332c3667784d3be1e079b67ae520874f1e265c93fd4692a17d01ed85d0c2e721c4b1440cdb12113bf006bb2d3ce22041996

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
87a0a864efe5f8af4e0a0d1433d60fa2

SHA1
c43f632a8dfc734583eb3a934d6ad989776bcc39

SHA256
3e2aa4e9a04dbc897b4093f9b1632efee67d353553033ff366f451d736d267e4

SHA512
693c42d40eeec8a6a36218051147765173d6a3c5c3d89d9164997062f8e12b7c5e262034a98611cb5501834b02462cd46cf72ba8b2aa3c546b8ec6a01f7e70ea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
8ad7ec9c68bcaa6761b3a7274f189659

SHA1
7cbaa1d6615726b4243130b5829fa5d071e7f5c1

SHA256
204a6cf97d2b8eb2d1bacab672cf279459440247f5137588080486eb6edb38de

SHA512
5aea1406dc089143e6d85a3eae05726637b9ee75248b7463ce71c0489728cb1c34b4489f86a98031b5f6c60d855b5252cfe5d898def18e813b63589da6b93087

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
e7641f8733f613d645fa52e7ebe9be3b

SHA1
8abbbea9789a2007fa4361692cd150be6b6e5831

SHA256
0f487d477973e57e4ddff85ea74458fe84326ae9959d1c0d8504da45bd6d0b4c

SHA512
60f7c6cd6cb50bd29fc3f374553d4f4eae5e495b4d1fc88cebf67fb305f4ae627dfe7cf44683d2695d34c33b4d7a08a2bc40c8d0ef3c9fd927138b9ceeaed2d5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
8f1d94a1f08be1e8531b088e182e6bb3

SHA1
b5091525e5383f55a1232d9d8e8f3956fc425ba5

SHA256
66f8e2ba732cc97dc0f731f11e54dab6c32a7915d5f57a69d570e992937fa620

SHA512
14d34d852ead65dbe2f79e413a3ccf2373d537f713cbc9f00aa3ebe510b5eb2b0617c1b75ac9807a90040e7a66ca70cdfa24ecde3d1236619deaa259ecec76a3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
830d322622c97f9a8db7dfd0f0d18321

SHA1
53a229179f908d8d27ddbcd2f0d549a6996029f0

SHA256
24a9091d6d99d3c4d11e9d5c6674473480becdfea9fedd13403fee05db4e59ab

SHA512
b43fca9cd98787343b8829bf69a91c8261e3d37333f2da8dc9530bfe42804a82c6860578464505d6795b08fd111f75d85ce7f4548d4acc910c8a2d8206e9aa8d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
e9f69ed27c5c5911c9666950e0cf4156

SHA1
7c71a67c84d219294a02a304a17dc04db59df438

SHA256
ac87ae509bc61a1b41e0cedd91d98142f074c16c386d76687aa80ed4d444952e

SHA512
59c009726f5843b90c32320402e850e12a04a26c683ae184415c45a61d40b157d65734ba365544624a44f8514695830f388320102e32b39be59db10ecb87df8e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
3c5b9e01328cb6dfcdd6533ecf7452ea

SHA1
ec46d5361da25b1e6de907b0ef51fd7905b12028

SHA256
d82fee42c33b1fbf2886985e6f8fe3e9b0a69c6c04b937da6d5a2ed98a7fb07b

SHA512
60b36c7b5a531dd00865f9fb8571e97f126d8382771d453eed6daea8b049cbdd64cf88192935d777e877b57e2522f1bf28b831f6f39f3aa255f13ded2cc69e2c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
181c7f547087e53ae6a1a655f52caed6

SHA1
82690fbe1b9664efe3e7edefbb9ed5af81f8d161

SHA256
1fcd31f817f6fb00a1a358ad40a71a3aadcef0f7e1ed2f797e439a2b0ac826a3

SHA512
d02f893390a07cfb64960075e279a21e3e89f83307b6636e05d2812700ab6985ac1574b165bdc0277190ac74f73295ac03c7faa3b76eb384ae67fa6d194e97de

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
0848c804839fbb69926ed0dd55bddc47

SHA1
75467e85c09d7315b6a8faef9ecead2eb2b7b673

SHA256
f733ef55b8143abec90d8814c59e7e3ba84c5e7a03b69c240969d221f7608f09

SHA512
eb7d601dede2bf26ab60921af6eccb90b12dc076868f0cb6af7545c1426b14e467c3f896dbc2d18821dfa390d5511396986b3c764bb3cc7a4c935779e07b855d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
d9b760130ec4738d0dee4b69c3f27e5c

SHA1
3567d922aa9549bc977d171743dcd7d9e1245393

SHA256
7518945b87477c6dd37a6921a24e9b1a9e8c0960feaa8d63aeea85797b8ef5f9

SHA512
c072af174a2019a626562acc2da45d928ed6693e501f748d1e8a3e2d2fc810a47611e6d2c53e081323276aeb74731b0cf070b704b9890105c4d5f61fafb66f90

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
06eb084bb0192f3785ec6398748f8564

SHA1
733d8cfd8760cf35138d909819c308f52a48e132

SHA256
35e18f1f4f5e59cf75fa39660807bff220cfcd50c410afc4357b0913fd64d48e

SHA512
ce3354b05d9c3d421929b050c3639903867fce338d861852e7191405038ef81437a1c4d62b9127b3257036c06700fa34d88b238083d8eb11e999823b698dfbc7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
3f1b23a2ad98424f067ad4e0e6ba31f2

SHA1
b9146d4a7252bbbef4854b8c51f1511e59dd5c3f

SHA256
b21c4e676a249ef0c9bc252a267dafc6cd11f92c78e61aed34d59ce9f28d7f3e

SHA512
c93f8b3d874fb3cb50aedebfda7e36bc593ba51ba56898e88aef0e5efad396118c972417cf1ceba81bcfd436c016ada1ed21f4a0f3f8f8ab37416612ebba09cc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
c36c468a89b7c81ec36165a6d156d174

SHA1
a3b16bd555c41c6f93594924da628ad53580c791

SHA256
886bafebf43225815025d2efa61d317781313922fd06f230b13d10edede176ce

SHA512
6a965640a6333f8cbba7f7606eff02a4aa62e7cae8dc141efdd6e00984b9d18461d63fa01776d2febb33062b650457171e3146bba2537d557f0791bd539713c3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
bd86a7a3c5f828e1167556e071fdd155

SHA1
842bc2afe17c4e09adebc3174249d1c6da978d33

SHA256
84cf8f4e01ae6bc97b870cb37c3f2c0e064f6ca3966e1b201347b1306041ecb9

SHA512
6ebb904fc82766c9fed8ef0e3afe47c76113f91cf76c683b6ba0c523bf3601fb4eac1c377aa5c5162d975a43f7e11ffa94c0acbc74b1d88c4d3a088e68b2f497

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
4d046d014725dc9e0ae0d1954a670737

SHA1
fa3a836b4bded15f2c93383cde23442d1fdcd015

SHA256
8fab192dfcc1d76ffb64d3e40aa9326b84557d80e3a25e80b0c72c3544fdfcd0

SHA512
f15a33b231055671ce52354138c9c67855abc07f4eb1caa384d7271774cdf622e4fc1c7c58e1714fe6c0177160738d363ef450dee6847ea723bd6afa34594dfa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
189568df89f44d62c1ed21beca533552

SHA1
566c4ab40c5da9dfacf5df2ba563ca41b1fbe383

SHA256
254aa03e13af4af9d7d5ae284c2c6c47bbf72134d1e9c1c83f2e19d47a424e31

SHA512
59cdfe283b76ba7d5727d87fd509500913285e924fd03be2287e5ed85a8ef9edb270edb63842a02f3c265db6eb58913d64d811277a212f91b5194e99a2453ba6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
f6719067500c0b4660152755b9f8d3de

SHA1
a6c03ee581753d3d3d34e3149f05d5da3da82f07

SHA256
36355aa9ba9416baf62e02df44e0fd9b031744d8c50d05f036215bc6f7e1bab0

SHA512
d6942f40dc176f17a7c0cd3ed91f2d0c541a9c344ad92ff95bb9fb7854f3ebc4df0b612e3ec770caecf46071e1102c68e2c3175aedf38d3d27643d93dea5dd66

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
96168aeca588973ac88f71a9ec9219db

SHA1
f93bad3e1d44f7fbaf0d053407ed25c78f21a247

SHA256
50184c29065e7880169f540e1ddd1d9651aff6259a0e426a5de69fc7b8423e37

SHA512
09c1b580983ffa10c84e796f5d2582e7d52f5daa2f4cda3517704c0affbed5bb88b262520ad84a97ba6c3fcfaf44effb03cf2332f288aefea5ddae759c1501b1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
0590c3fe2e983fb689ceb08e1d909249

SHA1
096edf701d719fb4d9c9bff66f2c60858c1f7b8f

SHA256
8837e9ab85f72fd5b01f2d78c8a00c188ec074ca6a72268bd91e12b3f68d9b2d

SHA512
94e692b2c37153d1923f7486ebb858f7e87f21ef626e16865fe48550b01158b6111346e92f3b7e4d1964ca29fce3350f0bf174682563c2ce10c5db20d97806b6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
a480285f4cb88489eefcc746ea680dbe

SHA1
9571bebf4054d44040abe308ec87e36d0961961b

SHA256
1e577cab6693b5b6d7dc5e1158768b38d76492bc6f361ce68ba591f80d2e2a21

SHA512
4d81b522ecba3b3c862927db1bea9bb71b75d42931cd6eed4dc419cb9b7859e865dbd9a60f1cd2f0b2ca9b22eae559d1254fb188b1a2c0fea0cadc4b7b75f3af

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
6cfea7f44972f82bfb475934aa82fb05

SHA1
fe364b7110675533f195c9dcc19941123284c397

SHA256
a789b1fbd5fa593c38098ca01466760eda678ce8d6b1115c6a620debd0c9890d

SHA512
2842e740fb3efd217302635d9becfaba23e2c0d1d2fa5e4d86f1309f3861fd8b321cac5a40b838b138e38f46466f55a2ab32ce380b39d2a549cf78529107b0d1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
31afe8c36a29223805b64b811b810069

SHA1
2d9deca9fd292e0274e0d74739b6097b6fb3133b

SHA256
f99aa3346cfbde8b4d39b5eda4c9c64e8f28714da0f261914f8cd7a6263aed68

SHA512
a9f917ab2759b3ca798419f074fbe8509b325988ba99e9480b2176892685c6b2c94b31daa1a32a432ab3a9d4db484857120faa73e74a0a33333c4e634608cbfe

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
900b699d3b741206847e8750bf1aef6a

SHA1
ba66f90589022fc69ec0913fe4ee94e56e1c9827

SHA256
65a145fd74fee185776ffd3cd3521a2a29cb022d8b5cb9c6e18d824f7cb98217

SHA512
0652c57f34a9a16c4d499bf681883d1b16febc49f79028f75d2c27c25c7417f0eb955834eb6ba101f04881185275f7307bb31a0deb3e9786c0f5f8224bb4ab1e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
4e2f8116d9439270c38b5125c2cced48

SHA1
7ed8d255cd813a05282b29b97c1304b2cf478d07

SHA256
8706c3cedf4464b0c0a13552682e02eb90da5b2caea0010f609d54d72c441b73

SHA512
24fc8c4f7fc2a45faa00e579e31631ea9ec87b4a6ecf0b6337b1da4d3bc7176494a84238969b6cd75dc2d92f12114a8ca43698cf9f7dcaa20a9d502428ca123f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
460175d7ab4a15ddb9ae61bc45644ecc

SHA1
f2a63215120058f87119b71b150b36f7641eea75

SHA256
ae76fe4cd730d12d07854efe24aca2786b75ca283e228f7a32f0684e097cd4c6

SHA512
1b86fe08f62079900826717309b6314f9eff2d380327d7af1a461535baa0d37b281152ec1ece4b5eb06499ff3fe4feaeec414aa3840770952d7248561373a240

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
3a8d926d8f21422046906f8f1dcffd90

SHA1
9af675496c049f9ed1dc0f53708da9e4fba19e93

SHA256
4381bf8c6dcc3c9ed07c614c2978c5ad37d31b1891788eca2ec67508bcfa9fbc

SHA512
01e2b31cae96ff07510e83519c27c4d2c173d9f5af2b14d828259ec087fba90403ac4c0e0ff1ae417725c5d4ac583c716de50851a02a0ea4c487e40a62d093f5

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
49bb23790fcad40f55ea5a608e79a42f

SHA1
0e0d7e9030ad96fd2d2a59418ceea1d24d3138ce

SHA256
b6a6aaf46e92196cad5f975265d8d30388bfb80be2f0ad932503e08b2b5b555f

SHA512
fe8ebfea653684d59b442edc1794ba0160e81c657e590aba66f77e1bed171f817f30d9a8ebfcae1aa6c957bc736e2508addb10fe22c657b758e384ac15a900da

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
4f64ff512b780941fab45a3d97b3e479

SHA1
43d41dca8f10dbc677c445588235971e8b296db3

SHA256
a2d47ae19c4aec73bbc2a5e6f6d92c66623042c3c26ec8c61d647f6cdd7ca0a0

SHA512
a192539c8c6208cfe2ed49f9fdb8eedc1c924099d908cd9dbed44926860c412bdd8779703cf2f0de6cb3502ccc07b9b05885c54738e42b0a4c465208b1fb7f72

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
5cc3b5a6d4a53e9cdf3b4bdf3a60e0c9

SHA1
759bf0285d529c0a7c9ede4c31d1fd85f82aec88

SHA256
3bcad68e0efc5100a78a0881dd339c0c2d4836a5efb6068575577c2aa8d3bb67

SHA512
0e632c0201aa53974b504e85cfde0753497c6017c6e4d7f30904d20f98cc9d9f39efd3ab4ca5b2d138689d0743918df9911b04a9d421e3c60540aa926768fc57

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
1c4434cb34e22dd6309b6bd8f56127f9

SHA1
cc18545c6ad12b7183a2bac7c8c41fa59a40807c

SHA256
81d3e4edb9b902fc4f666f4dc060e7c39d0eb191db87d2cd2c8e17629dbef51e

SHA512
129863806394010c9807ed3efa1b467ee0aaa8cd36682b29a54d20fa848605b9d88d047d46fc58dca9b70de1164134bbd02c9585a8d52e0c827893d82ca6d1cc

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
b2d502ec0d69e57eda3de37953861c25

SHA1
ba2174a7f5b6dbcbd626b1a6509388c411bdf939

SHA256
2671468406a06fa54e9709f2eaafc7ce110ab050774ba7ad7ea97c705a629396

SHA512
cfc9cdc7d3fcdea3b3ebd6e2e6c623d1a875e9e6be2ae9d64ada1f6eace8b544ddf74b75dc5c272c16fc013714118bb1ff2f24b2df7bd88b995d3a44e0f18325

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
19643c68621f4f23cf75cc4c6d4c62d7

SHA1
dd4de00c813bdaf87d444cc88ee4ffe4e3b3f6b4

SHA256
f5f590f6ec216f969574f2c8cc13ccbbf14965fea3584fe9d6410aaff47fdfda

SHA512
d23b4132afe988e97b90c755f7ed0a26be47d09597d737c6a9366b2c244a78e871634cb808891f0228b8ec219c5bc9e2e8e05710a83afb0cc78c9bdb3aa6239b

Download Submit
C:\Users\Admin\AppData\Local\Temp\multihack_by_kopojlb_1.exe

Filesize
105KB

MD5
65f0bbc1cc35e3d170addc7f98ee9f08

SHA1
7fec758c39f8e6c121ea841eee7fe16677051481

SHA256
3a4517a8b14f3baa2f2363d09fdcddedb13d2ad77cbb1f71bac4e454a91c141d

SHA512
6c91e8f4c46b933b41440944d45315a47255fc2e4edec5dd00004e5ed340938bdb66271d88ec59cd2a9a02acbe8f64ec81a0b1d6bfc41232cea284e65dfefe36

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
b20996a51221f24a9d721a04b58a50dc

SHA1
c9a8f8a6fbf3ccb3b44fab9edb9c07f93b569ac2

SHA256
cc7462b6e27057726669b8f734d1d7754eefcf57ff63c28a33ba1e104ce77787

SHA512
2988e6333c87927b6ea38669bed476fd61bd0055bf7baddd2094f479eddf54a5752cc35ce191efe427a3b783521eabd89c7a9ab6f37ad9c6c7afb10c5855c8f7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif

Filesize
49B

MD5
2fb408fa4e066829075e6dfb2619464f

SHA1
70c0f86d13275c907454c37bac1299f3034d7bd0

SHA256
18d2e0ca13e6b8d7ba690d203b3cd2fce231301b59388de6da59cf697c331450

SHA512
e95a3ba73a2a432e51364dd4dbac30f568ce8b39022c120012ae7fefb94e0a922a39897c8b7861b8cd5ebcb5274ddfaeb1d18ad9c67b7eed8721b28417388a04

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
7fa7432f4b872a983279486e628b47a9

SHA1
b4a503d178b7e01828c9ace1eb632ab5c78071b6

SHA256
f4b0f839276be735c31cf92783829f7ce74226aa51b29d1a1786c32f7be16935

SHA512
e22ed4fa460e1eb9f043bf8e6b69b808a4aed19b5dfd1c8c8ffab47a13929024e55039ce77b4795f64e3e18a722f880fa1dbaff123ce5773170d25ce53ea1110

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
86ff3b5c4474409495f8b37f67b587bb

SHA1
e2bce980ec70d75e5ca497976a9280b892798554

SHA256
12b805127b8df00823e291ecd8dfe75ad6862c4db97a649a81f2d1378a9bb976

SHA512
da95698e1d77f2ec360c124e8837531d3a119878ddaab19220069e9711600892e697fc50a1caf7e9bc911a96f1475e79e9e14b5ac709db0a15e02a6accab3c4b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
cf24395670aedfb35bedfc4757120db6

SHA1
3499478c7cefafe5100227d5c406108aaf225af6

SHA256
7dbe83012ed09a421ca91ab05cbb5f503de7a6be77a5f01fd6262620a8a1e4ff

SHA512
bfd11efa77958e953e1e2374cfe24f52b6e04979e27657aa8e23c1db259b1871f28b0c6605048b2b95e6682e85df0fdb002e2c4ece15710418db9eeaf8da0f44

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
6ed8a78c35bf37c9a665e2ff825c75c4

SHA1
48f2281c005a3898be6412d8b3c0f936a4ebe720

SHA256
359034d4644ac6a7342c36a95d9b93ca67698038da9772dc151386ff9523ef9f

SHA512
88bf3d3cda76e2b5c8372594c8cc1ba542d89006b04e686a8a3a320170d417c3948cc53ec104f602cacd923ec9847ebf2eefcb8d34b9366bb1cecad214d39eb6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
365241b1beebf004bb77bedd8e2a018d

SHA1
1dae5b4845028827884cb41943c062bdf9730f33

SHA256
5fe9461ec072386657247e9b3b57c35dd9754a3b3cba562b94bd71867dc8b71a

SHA512
673b3d580178b96a4f48093492c6c001ceac25608e7d363931b4fe96ccdc837d5f7d6c65f7f338beb06357fa21edc945e24a9edfb7a4a0a7016211d117c19775

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
e5c24dca66e6a3475540b72180038759

SHA1
2acacd191f293e0a35f82bf9d46e3dc5cf7cacd9

SHA256
38dd4600c045c33f732c2825516283c1c1a923fde291e68dffb9cdf9031d5231

SHA512
fa189c365e3952667c5704babf31a9664dcbfe53de1e81b7726060ab81f0f61e5aedd627bd98eba32265183d9c5963c898ff65074db784a423fa01034a666615

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
3a863fd419e0a3263c3d914012e040bb

SHA1
fa3574a18803b653111a937fba234992bfc2f4ca

SHA256
6ceaf4edc9b3b1d3eb3c2c7027dedc8e688527f857f33c553de5d77ece1296e5

SHA512
293cb53e495bfaaf8c9e93c3789a657b96fe4ebcbf77696a6734a326d3f40191b269da4a9dd4c9b43a961da11dbdad2e8cfcf8c5964432a7992ab1454a75f164

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
cf3765da5878c20ed7ea289393ff8119

SHA1
d3a58bc26a168db0c88fa10dbb9cfc54c681952d

SHA256
d71c78ee656df17214bdb737151b1d7dad7fa552415e4a834331d8e3b96e4901

SHA512
a74234a79953749a21bc5b010ab60b69bd8379b69d87860ca3e4388b5f5b1ead86973afbf04e15b4514ea9a72c770d0f809b532820c4ad06c6b9cf592ebbfae1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
5c9052ab7d95ba55537e549174844556

SHA1
336de9400f624a28654aada3bb6874eac171a0fa

SHA256
0c2592cb61b1d45412459505ba6400925bf8ae14ea089c1a21f28058c23709f6

SHA512
95ba07eb8b52726eb22751d9ab144c8ad1d78f460bd0f8c074235a7d39954d94f659c76f33315d541dc41c4b3e4c516aedf494493a59f59b6e984d2bbd962d77

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
da6b33b95b79c9e26e2e9d3cb6702e44

SHA1
a058e68defef2fd0e44943a8af821a54652be79e

SHA256
366c8d4310055e8c5a1123e1187ff4938a480b9092f28feb8232f3c5f031cff7

SHA512
f3348e48dad7891fabe45a72abf164f005ded627abe071c6bd8616239d017d52c214fcb9fc62a48567a81e939591144edefef735cc1808c842dc33d80b4d72fd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
387e814300a7dd86bc91a46fa71ad193

SHA1
8e44f6d66dd00b1e848e5f91530a6f850e43f757

SHA256
e964ebe81027675fddf3553b473274055c5923ef66fb33ab30fa6e62676c4739

SHA512
39873969c7267eca37bef4625b8f6a043f0df37ea4a2855ec08ef3b2eea9b9f18ac09666e742620eff540ee5ee704d9c4a84454d9aba833784e3e842b5028a7b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
89c55bac38376384efe21f163cc648ba

SHA1
db15dad7724483a5622e5fc4a6c8c023807930df

SHA256
e55f643e28ffabc511e7e05046f2a3346072a96daf985070675736422a808539

SHA512
5788ec388a0c90a005efd87327a9489eb1d78150f8a840f324e063de177076d1065c21514a2fa359b33f0b45c8c00cd7f51298df48517dac3c25c2760b69cb8c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
f53f87509a68083b42959bd3e009f7d0

SHA1
03ac53a5fc9905ab38e6ee85fb287ca0b475b805

SHA256
8a383bdd3b9bbe1046e3cd702ae0b0c9e0ab2a64cfe6d833a14cc4c649159a56

SHA512
ab56668f2a596b3cc3bc1e03d43ea97e3354633af3228f942f5a56529f4becfcd4ced897886d401ced2027bd337911ceccd37d3b691e4be0cdaa6b85154a2cd0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
62c3e16c029836d1844fb976105802a6

SHA1
5c0e4dc7e3e62f41260aff562c396bfdf72d794a

SHA256
60e55a1870580122531fee3671e4028724c07a56ad945adbcbd8ca4b9932a1d8

SHA512
4a5a4fac797b5764b2d22cc5dfe10bd7e5da5ba6983c3fb32b212377130aa0c1706fec2f9142ff21ea10af80a33a91bd4ab079c43ee7b885a1805a0f862b6be3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
e5c50952e792aaa53da9871ee882cbda

SHA1
d617cca8a99fd12d6ba91cca8f208148aa961fc6

SHA256
2c5eae7c9cd9f66402faefcb547d5f8c0b7b3662397a5056511e0efc64a7ead6

SHA512
bdb901402fd1188d5260c1481d9617e7ec6ce8eb19d871c9172989d163c3560cc425c1f4f6b136fc06ff60051b150ea70e90715a18d6d38d627ce4c10e84818d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
1d600ceb086d9f438be58c6ce52136f6

SHA1
e459a197705edcd8205b4f6c0f6fd3b04348b15a

SHA256
b6e530a00a013df37c986e1082b49826eb966d75bb5c0969dccf78ec4f31a790

SHA512
4878a558bbb15fb64337c7b8f511bddaadfeda2254f14ad2bf6d9b977114b5faec58324c312d2ce4128eedb945563fc4d7c02f99369fb884f41e478368abe81e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
c4478c2ec07ae17230ad54b518990fdf

SHA1
d4e574d8115941288f0cc17df27988e9323b24f5

SHA256
de900d2f5e2727f91b3462d891c7ff859f521ecf4fe96442106d80a470ec5228

SHA512
2d2d46f1b27fa19a7d6f1a74ac9d7977b6da0346b99bbd747b5b4eaac462e21032ffea127ed0a268c2355c2facf78793fa775e78461844ad492a3bbffac315b3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
8257da25f3fad906e5d16b770dc27f79

SHA1
5a4f94d47e1d27a733f7a770d3d0601b94f6cefa

SHA256
18db08c9e7dacaf863ecd5a66f03385b0c1718bc76515992627f37c6c93be514

SHA512
edf5c2582c10db38841e489aa5a014a6bc12d32542d40886d35ae94e1402c162a044b2d088d1f5d9ff8882535459533bd6f8eb1cc89bad4d1f84d93e5509d6e7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
a42f04c793862d40f6c3c55ecf3e11e8

SHA1
8d49270bd97a02490fe41a588bf993ba65a6aef3

SHA256
5bfed776864d6d1ba9d8c6cbe4094af4e18c5683969d8ee0e5aa42e2e6b00750

SHA512
133edc35c92df014714e50dc1c4e088d05fd500626b9ecb997e57b186bba9d4e7510354112a04f07f4df8919d5e4647740194690e038e85df27498ff3647b524

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
9694489621bb42726d3911b1ee6c706f

SHA1
5c05057cce8beb7d270dd6b910c5de399936e253

SHA256
2ee0464f4b0c5de72c7235c949f0c24dd42d24a9d484a8f77903b50a45317d62

SHA512
59a95cc3580b23e15fc98f36908996d726d1b23cbd9552241ef42589e82e7992042f130ffdeec50d916c9637ad27e0117d7bc5a8e609caf9987d21cf7bd59be0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
b457beec7b6aa34e1f03fa422c9cd0dd

SHA1
4783c84fe60865546bcfd7cfeac199d3decb9c58

SHA256
0a2fa20a720082ec06e92b0ac3e85d0fada1b45969d689053c1229da078580c3

SHA512
5aa9ee124d38fc5c1cdb105392caa87936a4f7dc48fe8e08fd3c067e08e8fcdd3e76239b9e5896f4f17fe12683b18c25f9a47d6ac0ce2d6c1589e7f12c2f3fcc

Download Submit
\Users\Admin\AppData\Local\Temp\multihack_by_kopojlb_3.exe

Filesize
52KB

MD5
f3fd6d815ca6cef81c9d88d118c2a5eb

SHA1
a296086b213d0d15927e2bf4109563dd29a92980

SHA256
e7d401f35028459452ca04bc049cc9b744df5a2a2b4da1b6be019ff472f30a82

SHA512
a896879be6d397c6c1f05d67396b4df15ad4d3ff75b58b5dc06c316aa5c5bd5e35cf08461b44add2450de6fc08488b2d9772286d52bda850eb04b8a2d4f67014

Download Submit
memory/2308-17-0x00000000004F0000-0x0000000000507000-memory.dmp

Filesize
92KB

Download
memory/2308-12-0x00000000004F0000-0x0000000000507000-memory.dmp

Filesize
92KB

Download
memory/2456-27-0x0000000074401000-0x0000000074402000-memory.dmp

Filesize
4KB

Download
memory/2456-148-0x0000000074400000-0x00000000749AB000-memory.dmp

Filesize
5.7MB

Download
memory/2456-169-0x0000000074400000-0x00000000749AB000-memory.dmp

Filesize
5.7MB

Download
memory/2456-7521-0x0000000074400000-0x00000000749AB000-memory.dmp

Filesize
5.7MB

Download
memory/2456-8319-0x0000000074400000-0x00000000749AB000-memory.dmp

Filesize
5.7MB

Download
memory/2880-6856-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2880-20-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2880-8296-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2880-9213-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2880-9214-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2880-9217-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download