xorist | e08793edeeff4a558f72ff3601c50b9660c3673da5db473d7fa6c33f1d4327af

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/12/2024, 02:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
Size

39KB
MD5

e961e8fcc5e0debd6193b1a5b1b2fc2f
SHA1

a73623343f6a6fbbbdc143d27ceb8f5a748aa621
SHA256

e08793edeeff4a558f72ff3601c50b9660c3673da5db473d7fa6c33f1d4327af
SHA512

80d975a31e5e4386d0474054346d45758a7f4a242d2cd358836c2663411b55377be889d42a8d8963f85a64332f490a2b354c4b66d513c3ea335d51329cf359ef
SSDEEP

384:5ebFNw4Pk1itKkpAjjalreewqYvjS3kDCgSJZU/UMB:50FmBkpKjkY7fDC5ZOB

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 3 IoCs

resource	yara_rule
behavioral1/memory/2112-0-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2112-8208-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2112-9180-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2214) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6XAXS8k77olARHV.exe"	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\InstallShield\setupdir\040c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Language_Keywords.help.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-OfflineFiles-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_WS-Management_Cmdlets.help.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr00a.inf_amd64_neutral_aa4f0850ff03674e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnin004.inf_amd64_neutral_c8902ae660ab1360\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky004.inf_amd64_neutral_5db759db19acd3ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_WS-Management_Cmdlets.help.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\agp.inf_amd64_neutral_22cdceb61fbafb43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep00f.inf_amd64_neutral_a5f6001b957bd7e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_preference_variables.help.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_operators.help.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_parameters.help.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_preference_variables.help.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\WSMT\rras\replacementmanifests\Microsoft-Windows-RasApi-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidbth.inf_amd64_neutral_8a1323fc68ad84af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-msmq-messagingcoreservice\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Quoting_Rules.help.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnin002.inf_amd64_neutral_977d40799168c216\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx007.inf_amd64_neutral_0b796ee4978458e2\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ClickDownExpanded.gif	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Windows_PowerShell_2.0.help.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\atiilhag.inf_amd64_neutral_0a660e899f5038a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc303.inf_amd64_ja-jp_b0dcc6693f67451a\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Redirection.help.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnod002.inf_amd64_neutral_a10c656b6c7c053c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnok002.inf_amd64_neutral_616c1e9b7df7d5a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_environment_variables.help.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_trap.help.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\catroot2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_neutral_a7f5d9f34b621dca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-PerformanceCounterInfrastructure-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsonyu.inf_amd64_neutral_45152a8a9362fb82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr002.inf_amd64_neutral_db1d8c9efda9b3c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_History.help.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Arithmetic_Operators.help.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_jobs.help.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttd2.inf_amd64_neutral_9dcd97ab7a913b7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions.help.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_hash_tables.help.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmar1.inf_amd64_neutral_b8ebf59556c3dbf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\LogFiles\WMI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph6xib64c1.inf_amd64_neutral_68c99681343e9b68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mstape.inf_amd64_neutral_c2bb3ef1c45cd5a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiacn001.inf_amd64_neutral_b7a0b2f53d745b5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_neutral_9d0740f32ce81d24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wdmvsc.inf_amd64_neutral_a2cf745000e2ea92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Break.help.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr006.inf_amd64_neutral_40c76453575b1208\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky309.inf_amd64_ja-jp_afbb421e3dc1cb6b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wialx003.inf_amd64_neutral_db618863f9347f9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2112-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2112-8208-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2112-9180-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Basic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\More Games\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0175428.JPG	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_down.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341559.JPG	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115835.GIF	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\J0115875.GIF	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\WebToolImages16x16.jpg	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down_BIDI.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099147.JPG	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\PASSWORD.JPG	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01296_.GIF	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files\Windows Defender\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files\Windows NT\TableTextService\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter_partly-cloudy.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\TAB_ON.GIF	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Solitaire\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\4.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_rest.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02756U.BMP	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\BUTTON.JPG	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_partly-cloudy.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099199.GIF	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana\TAB_OFF.GIF	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTaskIconMask.bmp	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382927.JPG	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14754_.GIF	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\TAB_ON.GIF	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR45F.GIF	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Earthy.gif	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\settings.html	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\THMBNAIL.PNG	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01242_.GIF	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-quirky_31bf3856ad364e35_6.1.7600.16385_none_e55404efe49bb9cb\Windows Feed Discovered.wav	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnkm005.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f58109fce4573c6c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_ipbusenum.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0dabd93612b32e3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..stant-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2ea24157ca3263d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_el-gr_e065b5e1703ceaf2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_es-es_92a65a18e6532ae7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-babyboy_31bf3856ad364e35_6.1.7600.16385_none_f13596916b261f67\BabyBoyMainToScenesBackground_PAL.wmv	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3dda7497011000f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..-ux-sppcc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_dc11668d590a14f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-a..ercomtool.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4b6af585fba8a1ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-e..extension.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4441094abf1c13fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..splay-cpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_94814dfd77f08539\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\inf\.NET CLR Networking 4.0.0.0\000E\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-efs-rekeywiz.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4419988711552355\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rasapi.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b49b20fca1133b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..enter-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_67907df25245514b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnxx002.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4d6cbbc8e10bed65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..idgenetsh.resources_31bf3856ad364e35_6.1.7600.16385_de-de_79e0a6d881e7ef84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-pets_31bf3856ad364e35_6.1.7600.16385_none_d0d7ee773d711005\Pets_btn-back-over-select.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17514_none_75d78dc0bb37c026\Stucco.gif	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.wsman.runtime_31bf3856ad364e35_6.1.7600.16385_none_1e4e50354e5b15b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-c..complus-runtime-qfe_31bf3856ad364e35_6.1.7600.16385_none_6b3984a4d9e2684a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..andprompt.resources_31bf3856ad364e35_6.1.7601.17514_de-de_34b70daeb9abb188\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_fc675397c4309dd0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-taskmgr.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_79353b58b35fc1f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..figwizard.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4670f08fe8a98da6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..characterlistapplet_31bf3856ad364e35_6.1.7600.16385_none_dd67cfae8586b8c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-smss.resources_31bf3856ad364e35_6.1.7600.16385_it-it_cd09f3344310f0b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e74b416bedb49d7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ehstor-api.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_210cfcd024bc8621\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5aff93fe857d5dec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..e-ehrecvr.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8ac5cd329c16ab53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..zards-mui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e2734423061a0003\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..-localspl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c347d344b4180fd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnkm002.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2a5a9b7567f974b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-c..c-runtime.resources_31bf3856ad364e35_6.1.7600.16385_it-it_86558b2879657e41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-perfcentercpl_31bf3856ad364e35_6.1.7601.17514_none_66748f1a52774c2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..ionrecord.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6f10e1dcdb94c3d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_en-us_423613549dd6c74d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Speech Sleep.wav	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_amdsata.inf_31bf3856ad364e35_6.1.7601.17514_none_aa92dcaf988a9119\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-c..n-comrepl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7a43d94b3ba04b6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..oledb-rll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_774f231c5b0ae344\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\system_h.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_aspnet_regbrowsers.resources_b03f5f7f11d50a3a_6.1.7600.16385_ja-jp_bff7ecd2569a521e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-r..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_it-it_bac34d28499c12e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\diagnostics\system\DeviceCenter\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ctx-directinput-cpl_31bf3856ad364e35_6.1.7600.16385_none_ed74ea7e48da75bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rpc-ns.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7266a173a5b0605a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..chrecognizereng.ale_31bf3856ad364e35_6.1.7600.16385_en-gb_e3a447542ad2c5da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.web.manag..netclient.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ed73cf91cf007c56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-0001043c_31bf3856ad364e35_6.1.7600.16385_none_06d626f19699cea6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49\Windows Logon Sound.wav	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_stexstor.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_77de2215ffcc00fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_filter_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d77998142ec36c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\Speech\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_WMI_Cmdlets.help.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-playing.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2642d40f9481d427\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a10d2391378d5e6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6XAXS8k77olARHV.exe"	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\ = "CRYPTED!"	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\shell\open\command	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\shell\open	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\DefaultIcon	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6XAXS8k77olARHV.exe,0"	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\shell	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "GWFLJHONWDGKAMP"	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
6f1cae205e26963c4e83325d40173073

SHA1
e6780561abdc8d363ec8e292ccdd46ef1fc64f43

SHA256
19937a8d48f48907875ecc841b7459c6746f037d4bd1d940f46cf17918b5e25d

SHA512
bf40abf976792e69c296d6b610914c478044443e74be49911d1eb09f6da8f7082f96f043ad8f9427095d354c8a6f837107b99c734d6615e4258add2b79ddc03b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
20c5b4782f0ff56f8d8832d19b73704d

SHA1
89fb32c1d6d74df5055a13a05588bad8f5850234

SHA256
94a4bd938354d0bbe655eb5ad7c224e6c6ac93242a32a84448a67d0991240d31

SHA512
f34fab1d3aad3577381b5e34eb1633a0c80e860a78f8ee79366170264af1c0b8116c216e599a1985b5b1382a5657f9adb95c8ec798357ccfef70947fec90ea31

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
dc7f17f030e2c51fe41e882f880b7585

SHA1
d883c19d7203f2272ab25cb18c9fde8bd0d7a468

SHA256
4d6a38248f1b02218a84f0970fcc83bff944dacb5497124ce784da2c8f6cf45e

SHA512
f9d853b6940f4a40a65aebeb43fac79a7d02277144312fe37383325fae4bb73b65b1a9cecb3749592aca5840b7067cca2266992898840244e26db19da702ceb6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
4e16329e3e6a299052fa6ac567716c7c

SHA1
255477951c3914fb7976642b567e2907cd873657

SHA256
325176b13c5eb0e5cf983852d41b829bd99f27f53f76a870d2d93373a118913a

SHA512
067587e956c4b017605398931aa1ba46e731bd304bae0c9dab2956accd0253dea32cfa6efec93880bdffcf3b6faf735e8020c723e15aab3d373df7f232679160

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
685bfed5f88d68d3f90e054b2d42dc05

SHA1
c49c1e7e4a97ca80ea500b1751d18d8ac46f01ab

SHA256
950fd92ef5dc7a896aa840058ac301980b65adb61339137828f39403d134e590

SHA512
a253a3d71c4bdd62a8facb8fdd3bd209bae029fba8225b7e252e2ea806bc672b2d5e98402c751241588911b8d6a357207ff1ee0daebf7c39c660083aa540e229

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
eedd4a4e03fef7c3a4638abd4468bacb

SHA1
1a6a5cc310c59a8135c70904fc05b7ca4f9dfd9b

SHA256
77663bcc264a93efb3eb302c7d53bd56ca13c029fca9602e44b228e28bc05c78

SHA512
598465e747c5c5f66f0848ec70b77c846a551bc7cbb3707b82689f23412fe7f21fb485621e23c6c02b24a4122ebf49d5b31d8185056de9c8f63fcf133fc98f5a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
4a9ac53e54cc13c58563106b32f30434

SHA1
9b8d1a013041b6dc2d50e46d7efcaa18f2b8d5c0

SHA256
3827462f048e388550b820d46e184e54e9bc46b287cf37d9b0ae0153b9e32fc2

SHA512
1fb66824bfe8850ab8744c58f61246085db35cb84edf4e3ed119e2f62d262ab0cc8e6c7a1a39d180fe3415e148840c785e70082e0626bc0680cf144ae7b836a2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
4cf0a0cd7abdbd6534c28457d9830f5d

SHA1
c8163467b303ffdb6365c03e395eafb06805cde5

SHA256
d04f5a88aa5500874ee5094cdef116266dfe4fcdec0ab31fdd9c26bbfc1bbbbe

SHA512
4dcc6aa8ceb02f238a2313e6f748a3f592f8ad9fb70425a9432668cbcc73821b3069f3784107ba292ca63d6dc3c32509e313d928ae8216081be9015dca8d1d1f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
6c89757b1f2b356999c7105c29e954c8

SHA1
d12c4802fb9a030a1e71eddb34945ae1fc3e33a2

SHA256
cf05f68c96cf366f62795e31b516bc25eb5dcb053bf93a66725f9e8bc4bd67dc

SHA512
0695d6bc44b7a48029a31886f24e8ffda52cea912dbf6c73469636a872d4b0b6a18f4adce9f69ba930f45a6ddd5647a42d241ed798b4a0fd5421bd1b22ede7e4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
3d8e38780910a1c77d860785796eb0e5

SHA1
7c8fb26b38e330e58cbf2b67552e050dc789aa22

SHA256
a955b1fb4b1fb8daeff9a775bc4354c17d24dc4725b802a0c56a512b831014f1

SHA512
5ec70a5976f99947cc55e5abec635a63db7e728d863ca16eb2d2dbdbc5be3d16b5a4680867af89f86a543f36880f3cfab99576ac4aec8db7e4b6999fb8718fc7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
801330a7a03b5639a201a4ae7bd94e1a

SHA1
981f5ec751bb7ede4789e9f6ca33df36349469c1

SHA256
eae7e5c58180b267314f99a6a383479c67286cbdbdebb04f373aaaf7209207ed

SHA512
67ddb7c5cc89473ab9368af01dc05aef205bcd63c50ad55140519ae62e6cdbe49dcc6f105d36d3e0b45c70b47076f6e8d82041060f15a52e605e288090b8ce47

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
011abfa241cd312ca382e96de5aa042c

SHA1
8ee925121ed3a4544c9150c325353a577d869d2a

SHA256
4b79f706e7b7b4e06a3f649141943ff034c0033ec08a39340ef45994448671f1

SHA512
5becd3837a76b7e02957db6e53036c39122109b7c3e459fab0922423d39d857b64488ed5cd7b1f06f7154f389f2e3df22f9fc2c6faf599873ac7ee2532836b84

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
1875a4dafae01485c18957b0a47d00d6

SHA1
65cf680ae7929d2f4cfef9ffb8f8b0a30dc8739d

SHA256
ec14d11f12746a3068e6c802ced78737841000e7083762225b28ce153396a573

SHA512
b0d59ae6c85b39578ec518aab24c641ab3d41717f24cb8247e56be8590f404f1ce6d965944ebc9f7636ec5624e0145f14d93ee3a3b67ccb0fa3db3b0f3de502b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
d4e9673c317036a52c8c11bafa6c856f

SHA1
c1837592abb4ac8551fc48db4ae28eed7b2e446f

SHA256
f100c80abaa784387e0cb2262826ec11573349d0946eb1f0a4b0d8fb0c11f992

SHA512
375d658bfcd1a057419fdf0b01c0fadd0207b06e91bd3a067c3831ec8b1209bc150146ad7325dba217ac1ab53796def44db02283e312f3e9034aef8ef527b9b9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
fc3d57be4c87c7987fb430056db66577

SHA1
8b6c82e6bf4da9ad2f6d8ec5661f59b094d81679

SHA256
bc4979a84b05869efe9013d3bf60f336313763e3834d7ac812336fd5f89e01e8

SHA512
38f9322a681378ee3c391fdce0285daee5f59dec153852b56cca47658449eb0eba4b40e92c72e0634286b4c76d3254f898ed90dfdd107532cb74f65a56d9596f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
eb1ff1c7a89dbb743efa52bd27a6232a

SHA1
a9780667a9bc2c2fb3f4bf34dcd67e96d3a2dd16

SHA256
6d432c6c3c575fbf2309fdd4fd7581739d9dee563bcbcbd7db04456a9090b369

SHA512
95b4c0e503b94d6f6f216da8c50df64653cd2631fbba92cbd539502eae2f603b52e3681be4ceb7ee51253df22a53ab54e4072a646e666698e6be0df422227039

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
2cf5de2ae2d42735459f88aa3a4593f2

SHA1
e62e7881d49f3eceb90782a74d92b04d8c034c42

SHA256
56e351061dca737ea4642c82af3da1fc1a20ae88aa9da3053a4793e0e7bb81dd

SHA512
fe149c47fab13753cdccea2fc60d4f71e5fa1e863a6cbbb024c44a8c2b2e194f6c2b124c1d5953c3f66a3727aa6ad3575cf7dd9bb8272ad43cdf69461ea65db8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
dbc12d4d07e185e69a1a942933a5584a

SHA1
42dac385fba7fd4b99bfa8aca49f940ebc9f3cd1

SHA256
a05471531de56bbb182b0cd7656c37f85c59e808f43e4d4822de4d7e16bd9aa5

SHA512
c67721760c06577df973f00c66757a8017880015989555334fa2c1e2f88524d8837b8dc937ff213d2538f1265869f0a09ed58f49d282c17580e2db619aa26e3e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
5e0382869cafdc150f164396117003bf

SHA1
44ba5133073f83998d08e30e93cdb8aa10e89ea7

SHA256
23f5e5e1f2ea8aec935d9210e944c3a0f93f1d9d82d97038e19391a66206774b

SHA512
a8ea9a165f41b0c03cbda152dd9c2e7969cb59f274b821960ccdc149f9cb1b7c9d9f24a37d40fda773b3feb28716f0f335892d3272d7bd08bdfa4bf1c2a35fdf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
ff0b3ca23747ccb5f43fb9e8512dcb3c

SHA1
95a265b930ed78d90c27e7126f6134765a6d61d3

SHA256
ca8d1ed782d947aa8bad78276a455a87819649a2e35799b14b4b3b230b8821c1

SHA512
a39d4efb7b201ba2275190a1683cc44824b808b771350b5b552274db2445c560e082447fb61a102a692818ac6c99709e15ad4997df329bc0068e5a240f520b5c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
7d26e35fb3dd4bf0b17800d7f1528795

SHA1
59b1c6d4cc21351aa60f595358c2732face044b5

SHA256
b382e7498259452407e599bb54cab32efa0bd4a727811fcac9785e45f63965d3

SHA512
ee442ca6b845d1201c1b7e0ed3981d06b9745fe9d3ad420d3cf915222a088d0363324b27d9038d4876abd6702e8ce6e4ecf9b0cfe6a9724ceeadf8abb4681aba

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
62aeaa088f28756261fd48ad686aa255

SHA1
29b0faddd63f88fe67136be323384ddcacc19e68

SHA256
d97e15ce76b7936b447afebd0e7faa596fd08ae60ed776650c43341bb4203df3

SHA512
db5a38ed3586c3a281309361021273a4f9e5b841159bcae6c72713dd4971068139488caf9fc8d1a85f971266c8f8ec1f5c352f278e248c70a326f4c0eb5008a6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
1dce8aed94bddd4cc091b99d748d712d

SHA1
8aaf27d7d6eef1530d0884052e724af3bd1e6250

SHA256
c294d5a2d46840886e5bcbf10180b516d452417cc303a5982f1e5c44f0704004

SHA512
ddbc03df06e772c63dfbb333f44a5e9950a318d457fc023e9d2878b3fd829c0e8455aca7eb74cec7bfa0ffc2263406606610804f3cb43c7e4589852ab12e4d94

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
be303e48eb7bab4b1f2603e6c428c31f

SHA1
397e45f77944a6de76d9c02f78ec8bd98f2f1242

SHA256
aa9486bf22ce813781a23139a523602e3a0cbf28b358a3175768de0279f30fc4

SHA512
70bbbb006aed09ce68f7154548f6a711c3275dca5512d4caed39494e04170ea3161398eb648057896f1784f44b145054381eca0fe0d68bb7885964a1c150212f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
98ac54a6cca6bcadc79d0dd8cd2e740e

SHA1
367634fb521e699660dd393ce5dfaf8f5e130b78

SHA256
2643e67327f1ab03c351ba709e47ec9a6775343d5738e56d720f2ad8d926b045

SHA512
d03a3b30f6ee0320f7f55cfd2c6c31a72efb8cad0355248b40c897b3206bffbba29413a26bdf57f307478de32b7885cf7392e726808855090bb7bc256308c742

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
12e3b76ac92a8c2631e9471f59fa8f7b

SHA1
9906f058ea901da2b160898dc27bdc91f4f10e63

SHA256
62fa098e6606285adcf80aaf5836a8f6971f2f7924d44dd9dadae6871e36f3f2

SHA512
98ee30fd63df26a25c23f5c44e94d59311709b7212ed9e1789b73b72b157c6047b9e5e4a5ee50730f639d270cc95b177e0fc8777dfed1707e5dfc29e81fda2cf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
2fcd3770da73f343601ede1d6bee3600

SHA1
b84b64a266ca062f861235910d77ad6e43f3f5e7

SHA256
796be3e46aa6001b512d3f42237d9709d82ff38139e6be775d569481d1c02c90

SHA512
7785438bd4aea1aa24f615c0c3a038d7ee69b54802013b22ed796956e5174dd0033bca8291a1cfbbd2f072a4067b2689b3f41576bd3923eb74020182e7da44c3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
d8544b1ba89f7f8eb805d6c8eabc7c26

SHA1
def471a79905d8e8b813be40f1854fc835b6a944

SHA256
32d5a0f2b88499714c7e3e1c12ec467cacd6c112dd3554733460be8e6b0aeaba

SHA512
6d07f8ecad73d20fff7d01fe1a11f3de2e3473dba95d9baf19fae741cc4065be3cb8a103a38ed2112fcd35d9dd0e9c3647cc4b10ec2036d5d16e6262e27abf4e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
40dd2bff6441b04eed56e39f919c51b6

SHA1
f41ca5aa7275b0a5bed68768a25dfb739e77eae7

SHA256
1a96201fe2c9e2b2f762f491e7134dd88a31fae13c12d93b95d5e4f75d010fbd

SHA512
1a2e5ed1450d89d412c081fefca8beb549f4490376ab4bfcee05b37ea1389ef66e717ba456c35a8a57a7ef16ffc28162a34b32282532d94a6ad82a7ec741cdaa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
0117a93499207684280b5b8fbfd114f6

SHA1
693f63a6c9dd0ad5110c82534be66f6b3bf73d86

SHA256
791e60cfa898acd566afb9351b256265076a6adeef4f450dcb9353f025aa15a3

SHA512
d38d0d39d08235719c7ad938e219fba8f1d6fb7b226abad3ccf56510985eb80539e4358375b13c166f560fdf9457f1b7cb885ef4b8e6ecb9106505adefb35ee9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
d29b9fbb90beab76869d87104f8df2dc

SHA1
e2ee8cfef36577817f8fd8d1fde9383d76273140

SHA256
816fa45cc22ecb4bc7d06acd420fafa83a442a65f6658da73353c61c841cc367

SHA512
4b3a404156832b0e8f528d9aa2f60fdcc65acc2affde57dd3b2b3ca0443b3a1a550ab826cc0a8e63a9f3b1add75c6cd1fdc897ba4bc39ab636baee564be61904

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
8a2940a339745769e152d33fbbb619b5

SHA1
36a68877bfdc6129e3001482c1643775cb72f81b

SHA256
fedb8b37901e967e24ef9bffdf995ce38da7db5391435e4c33f0427a0cc1b5ff

SHA512
281ed7062b04942fc425cdf85f5417a4e065774223c299ed64c2be195be0e8c63eb6b792afe54f82c79ba2fd16734347c6fc2145300a04889a8d0d7152779e00

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
07f15421cafa63b323d65b1fee9b73f0

SHA1
bb70d2343fef79d65d8156f74dd288fdba6de372

SHA256
03bc9b9ae9639e2417193f42b73eb6962df5d4a664ee93d8328d8ad1de1ee09c

SHA512
8766c9176cdea69beea5e2cda3edc62e595706b8a814b4a6f07c4106e99c80181418d9778fb0ee94013e2312eb6281931ebf8f3d6cb36099b576cdaafb173eb8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
c5d09780b8bc399b6a04c92f5445cf1a

SHA1
67f213e977c4fc4ba4559d71f149a13ac92ad305

SHA256
2b6b2d0945c3fe22705eb7d9d03d79a6253fef855b256e36d493c3868a4ccf3a

SHA512
d8a86b2b1d98f53d2df16566ec41910dfacd850cce8be8589abc7e22caaee19b59c07abb7f7132b48bd1fa6c3666327f2cb2917942ae10338cc2424d437bf040

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
d9a428c0506c29dcbf78b38339b658a4

SHA1
8b7c80dc298aa0df3b996cd48df063e8a492e508

SHA256
2f6dad6d6dd82b6c301e7b303d183a94a6f2a9aa8225959e801052bb36cb9206

SHA512
c3583b9729a4f95750409e0e033ca7c1093c7a630489be3f514189dcb91647634b4a8da2fa1e3a7ccdba700a260df2f9283acdd7882f47b7a612c5799cb3de2f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
85d699b18100c18648ebf5ec55716eab

SHA1
03991526ebcfec6402e68318e853c31553fbe500

SHA256
88475133491145b77be280053b5a351a506248c501a40fdc4781300f14bd9d1b

SHA512
426fdb62875920576cdf25c2d288b1ec872d2034f7fdae0eeea2c2ffa7ebef4b6c991fa97979ebdb200c5c4172a6053b2b3fe3be0d74b5834c8c4f75e2db487b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
ab34d02b7172ee6cead1dee463fb62b2

SHA1
1e83d02aa261e9b6d449ba7773a036adf8f50a34

SHA256
147423fc118d012ec96e2ec7242d7e5a18d99ab87aa1097189da1bf77e06e3a8

SHA512
644b6b7a89c40c61ff1306bb53ad0d2cb9133b2546e0e96f6766fc18374d6f8b74512b858e71060f14442ff4221f3e95426c93a7de028ae85a2b5af32e9b96da

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
59a18ad9cce0bdeb6444d8036f2531c5

SHA1
9e92d922f3f6a37e257072f840735e63cb2aa5a7

SHA256
ead7866df3a41d696d71f8c6459918f9c8e05ba15418b0225fb524f535bf86bd

SHA512
c8fec71743bbec1cfdd85433d35272b856186ce325d75c30541066b00553f6c5c62cdb18311f4c5cd50a4f799fb1a548ca32d08ff484e546d76a42b77b9ffbb2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
dce041d7deda95e1f6e21e35d6ecb59d

SHA1
fc6ba8431c15da64f8f2a603185d2fd79c99b49b

SHA256
3ff64ea53d6b57c2eace147b96e7a81d49def8b467bfc3f3ef9b8bc4b14a2a1b

SHA512
f1ac2f782d3138fd4117411c3a4f03426b4580ef46d0b1fc410d36f47b9651746f84f5c0129beb44c93ec234a2dbb43ff15472bc7d4b267161688d79ebc8a258

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
8858bb9bcec3ce2bd7a279a74050c1b7

SHA1
793d8bbacd9926a939a1513af24107c917fffed3

SHA256
9be7fdf904d204d3b1d8da6bc57cbabda2869edad1cdb0547372f75972dd4efe

SHA512
efe1dfe0d16f84dc1215780df083d09120b339a11c173e03a1b89ddf85abf925f2001b5b2a7b3a8441f13efbefa8eabab6981a70217108f18a2f87351049615f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
852855d9ea645f5335f35d17a1744a81

SHA1
095c6934218f15d4155dd171d55764a204791a3d

SHA256
a4a3beda69e3fbc11bb537f04bd59efb5befebfa41b1622e2d33cb224eb7c9f3

SHA512
ada3c92e045f345bd82d02a385b09bfdc967ddcf31cfd06fbfae8694d6b4d72771065460c17d205cf8742f922f1716e61b709929050469099b888926f9711b61

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
caa8c29459fdb62546b84798a1e1b486

SHA1
f0f5e7bc444b6a66b0d55a6a99460bddba287579

SHA256
30866af0fa5419de864b4632bafb9e066a797d4bdd770ecf50d0b83944dedcc5

SHA512
f694ee4d6473044ed9cc61b3b72fc589ef31fa335e1b36b1db6c5c892d8230c0792dd3657d4eb54266137a41f1dee3da0567cd554303a36f6cef08cc8deb4ccc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
b3d80ee7536efcd4add05b63a00b58fe

SHA1
daea82c83734043ca895336b326b89986b760a45

SHA256
76b7542e13754bc5ebd26ad3b2801d3ffc16586f13a3b161c4d04d31d413f9d4

SHA512
d4f4c7c81fe6af98e87e7f74c0ac63a53e50e70dfcca66c55117b54f4262526e81290485d0cef64abeef75af6bb39c7bcf51e73bb7d2d52d7aba0085d5ec1e3a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
617b59269d263dd9a124ac312e7f99f7

SHA1
d9e3b37c9d36f0e0ce8ee554aa17a8406e670cbe

SHA256
2dc76174eef9b2d030f086b53f739e7e684c16b9ae3d2bf72c1262e87fc01e41

SHA512
9d03495b471cd321a21bf365f6947f86804c9e5aaac022c5bf54735290f3e62563790c5dbd7bc1b7b9bec2378d09b26fb19fafb794e077ca43ebaae05a0a2dfd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
e5c19a249870e5224c07c0dc1d496e1e

SHA1
9d42ae34ef20dfcdb15c56238d6bae1b0c21abf4

SHA256
320f4cf0fa08ed92dac75517aed5c7b41643b9c721df842911c2f6efd7e81eea

SHA512
ca42700ec035ced75df29ef75c6f8d5755c7549d5b801ac995a61059c42c41d933c3f309efadaecfa44b6080ec7d95a7a8872bdafa1b814f153f4d1a0892c817

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
b109cf4f53c36c62ee5f92f26c04007c

SHA1
037a779d3022d673ace4197a8f9f98536570a7e4

SHA256
2e9c61faaa61f004b55c4f262a33cfd74a0796f5c29c6adf50e610b8a86e9003

SHA512
e7e2f9addaa1563292773c8ac893fbf683239e9f932369b206bc451989c422d6074578e566b50ba2d8ee093b350514a6eb4411532d43a9b3d14bf4a1a303b357

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
dcf97a7ec94d85b3f8b2f32a712c1f15

SHA1
a596802b7e3591850e8b74b9ab8ff7d3e333b7ab

SHA256
1896ce4c18a0f0ae755889b764e8da4b65739965aa39f1e6b606f8c5ed44116a

SHA512
c7ad783d8ec549e1437f6cc26a090ce1901ea8bc28583e74888295f0eb258b4c4193f15dc9ca4b5ee98319a91148ba0fc69672277491304690d4f035e9325378

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
6634e5fdeb945d6fff3ee309c60e3256

SHA1
5b5423bf90e44f565be6b0c58e5fbd8c93fa8ad1

SHA256
b0164879748d399b216eec59e280eacfda539dccf4fc067e61b8aa1a4932cca2

SHA512
6780b9ce4061e1e108b326311430443cbf504151d6fa3196f048096314bbdd662db458974e57aa3d6fcb38e0dc4699e762abcf2666f6481575ebfc39bd9f13cc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
8ac4acb9060d4eadf4cd2236e127966a

SHA1
4facb3c7afc6458769cabde63ef0bf05484d6a3b

SHA256
c16fcd17cd769b558cd5941f82015cb87a0ede49da90315c18b2624416a30c15

SHA512
05ebd064fdc58e3c5a80b79248a31dd5eb9713a31d2849ffe0c27c3eaf60e5ae9c71d1ee02f52f9e0a66576185b3b524a8d69265585f56aa65c84739fbd73c21

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
12f986a9c95466af45b73181638744db

SHA1
36f26b81d9355485e3038416575548ff9a2d0780

SHA256
dbfada931e4a1a224edcc4d19a50aeb60d71ad9ab08dc44227cbe3a11e9aa556

SHA512
8474063feb826515d4363d5eaa9f8aa7de0ba2b8f71004209047c03944c13e4064203650acff614138739c7aa8f599f6ac45a7af5ef2b1a9b33270f700ccd551

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
74eb3106ad5a2f6c5447c2269ab2e0d2

SHA1
f6fec31c24737ed0b19703c158c6780e4942fb72

SHA256
61ca8f4cae09c5448c8cac94e9b47941d7a5241ac48aa11a78c9af7b5018185f

SHA512
5446947cf1c25a22ce604748e66f1657847f66a2509c5b087416d2f8a55e9196a390ec255df160c5468bacf1ee943c66a69bbdd835184de4a7008a1d8c539f80

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
edf3b10f3d98cfa81f489d1f62e4953c

SHA1
c7ce072d369e01cfdf5425abf95ad63d8fb32aa6

SHA256
349aab6333f34107d3881a97cf192868793d80449d4915d001b04a973302a8a4

SHA512
37783ea46427d3c4583674cb781f4a7e6249cbdfebb52e70d31e7a51150ef6538521bf6fc4f69370eca8218ededd5bd8c89c4117ee091a1c7ae9d4c07e10a44e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
85ebeb775839cc05301baf868638e0fb

SHA1
13747bc8cc0439b7f2787c1d2f45c4558a70e7e6

SHA256
ccbae6a23cf06d3db3483e4163c9d49c83f154c5002d7fcd92ac66a02aa6864a

SHA512
fab14b2b2ee7a642b1d1edade531c70fe5dcdc94b3ac931f1dd5bde6003ae56dc94fad0cdd82c977c253cbeb89c92f5c6c309853eebd605e5fc9e67004669175

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
c044aef23ed54c2ff2091dc61ac1902a

SHA1
e1555a18dc4f74cf32f4a72f1c74b4a684e914e3

SHA256
26e999f0cfc38ca60b881c624d89592e408a40c3011592cf252304ba12b51cb5

SHA512
d5863fec8f6de9bd94617cde33ee2c4de7653602f771182b0d81aafaee492ef9b93945ceb5075085cabffe1965cc4daeb3928fc2b1283c79d81fba9efbf270fc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
1e6d56c8b519ec941d4215f7b60fe1bf

SHA1
9eb944a900a4b63bf3e44378edd991c64e860a8a

SHA256
1a0953895c6b348d4cc563ae1eae6133c214d533be923348a53e140755f26cc1

SHA512
796be12f12932c04e4dd69880ff3491e3c7b967e7b4b4193d10f1fa37a99129651c95c121405e17e40358215ea5b7c4d3028bcc45807d066da9c3cb75f4dd594

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
263427500f99a96bbc1d4b45cd10cd31

SHA1
e0c377634891aaefe0dbb7e0f3202fe73a0cc6c2

SHA256
12b6a703fc6526cb7cea3be897c4356b913f5455846741a14639ad4343836f7c

SHA512
e01256709f7cac395dd02fa9009a8260f9894b84749dd646f69b10312e4ee0cd35c0455e22ec7468071e588639808fca443a68a08185d01d609fb99aca9bdecf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
178fc159a69f3f89e44ea45e9f28d76c

SHA1
d5c42d2572481e985a15822ff9fa8b91ca28d917

SHA256
96cad5e54b43ba68cfd2e392b22b8bc8ba41b6b4f29bbf60c3f6cb5f655fdc21

SHA512
d00c990ea52d33ec9700e4a16dfc7a7c5a84749dac648ee2d5ec54134792e0f85be535a48b8910538eabcd4d515ab20b9fd373667e7ab3ff624e654e2dabda99

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
1aea5e1c125c0caf589c87a15c9ec7a7

SHA1
a956b516c26941be53da9a16da3144619803aca7

SHA256
742ddef3f1e9fed8440641a3148e1d4f3f12f2f6bddf46db3fee72e10b21e100

SHA512
5788f2624343840928532adb24b274f00ddfc69f1a1a270498b74899e5b77d33c0aec40d77ec2d385a5e9388737541506493f4ec80af4c2289b884fb71fea660

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
f88492e36b3883d0259c4d5ccab6bc2b

SHA1
60f24fd1b969e034b9eb5477fc1f50233a5679a7

SHA256
8f6aa5abe9e5dd36bb4d91b5449898161cfdbb673b31efd880b980c03e4bb91b

SHA512
ceee5d62ef357cce14fbc3bc8fdec3337fff47a4339e959bfce9fe5d2f14f10d206d6e8a3fb29150a910566b80aa794209d7e4052db0c49b74a7d9661c1de926

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
c12c8b0fe235be625aa731c93175d08c

SHA1
240d056c8f0ea58301216755b30428551ddb73b6

SHA256
76afa9785ba19d3db7657e9b4ef7f359f9cd3b6a1c6f7abff68090489daa9245

SHA512
5240f728b3c3e1a60e732d3c51d94ff7d8bd33f83fe1f97bc77f6f477af172663be774b379397edf2ff48613daf1b11ed731b532c7fc8ba4a64b4a6542c38a5c

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
ca828abe1c014fd04083e16d5bb7ae10

SHA1
0836c51a70ed64467d427b5242aabf44a0d6718f

SHA256
6bb80244beddcab12880be0b4e817aeedde94a9bb034a8304b68104d886690b6

SHA512
df4944dbeb6074d87f8442b4156637cded931c54d66b434102bfb747b581bedb3004be89b500a814536be7c205f6be0d44afe800edaa560751e5692bcdf6c36c

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
db0873133a58f83f5d62efbe0c8eae5b

SHA1
d6319db8eb820594a375bc2a9c2490e1c511d743

SHA256
72d6216bee8f925380b6cd785767e9e278fa1f3ad178c734fe48084149b7478e

SHA512
37b5d73abd0c63cd32e167c67282aa99829ee348b9425324dd67c2b6f97bd96804b508e70ae05d9680f604804c5d82718ee93f1d8ea8cb966f93418f857d990f

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
045fc59eec9da5a18ce393fe523c6e3f

SHA1
ecc15bf2454831dc60dfe3c488afc6f70d3e87f9

SHA256
f2853a7c356459f145e1a37cc017418c2c29f63e688ae01358b61aa33aeb4a28

SHA512
8f0cc74a6e31c1ac253cbd84864fe045e362397ea52774f0cba19ba9178b99437343227c4af90973b4cdbaba5b6a8afd99a15ff6108b138d1ba971fe682971a8

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
a5057774738214698befd293820041c1

SHA1
b030b21c9b9919c120e75926550f24b3d330c262

SHA256
cc582e68e25dca99ce80567d358b60d39c811980a7a57f65190f8c916393bd3d

SHA512
1817cdeac7206e3d7a7b192b99b2f9c9b93541791b28235eecb0f185e7b0b25e69d32c7c4404ef75ce7f7bbbc0db7c320fb15ba9fd7519cc6fe8b3edf9892e11

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
4efe98759a8c9ad285b89f7a46d8a780

SHA1
39841a37556e622c70acc2f653db7f6fc79668e9

SHA256
cd8395320979a44e4887c9a6c9da8003451d131ca3cff0b121bb28d17d6cc95d

SHA512
c31ce893727b954c1df241404571d620cb7d00b36bdd6cea024e359766596f3be9f09a12e945a885be184c33f11974285fce7657fbbab04dcc2c0659e36c11ca

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif

Filesize
49B

MD5
2fb408fa4e066829075e6dfb2619464f

SHA1
70c0f86d13275c907454c37bac1299f3034d7bd0

SHA256
18d2e0ca13e6b8d7ba690d203b3cd2fce231301b59388de6da59cf697c331450

SHA512
e95a3ba73a2a432e51364dd4dbac30f568ce8b39022c120012ae7fefb94e0a922a39897c8b7861b8cd5ebcb5274ddfaeb1d18ad9c67b7eed8721b28417388a04

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
947a4a0fe815441767e049f70143f8f2

SHA1
1524f8da80a0d71a84ab02a9a4e6df49abeee48e

SHA256
7cb6ef44a5809befcef4265c70b43036bab92e2c2e9d4e17718b1dd4a8cc0c2f

SHA512
76dc58f65aeb05da7a5f19e5f4f6f81913eb65837e268a5c49de783f08d267c74486f0e9987f820fdfeba487d3d4f14aff61856755b852b3b0423dc6a13831f5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
9ecdd20668c6d92185a03a4f79cec53f

SHA1
5aaf6d9d606ff80c51a8a58fd70e23d43ff34add

SHA256
03647040afa09f73fbcc7606e33eca0e99426d583c63460ff6dd6d27950fa2e6

SHA512
7d11ca04501ccac9f61f0604744541613d6c36c69a03caa9979ef5ad4317f11a1e73128feb7a252e33de14f261179cbfbbc4fc3917edb349e270ff00d7559353

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
d1d7ac62bb5075df17eaf56eed6febe5

SHA1
72fc3610d6b53450a3eef4ddc93746d375524f89

SHA256
a0ae8eb5cc2b1256769933fe525c47765f49784e0c9ed00c22c081d31ea712a0

SHA512
d7abd1ea092a99ed47b8d3a7e939e3afc3f74a83f661d9c30e373f64e8bda3285a474c51b8a7c4c461e26fe74709faab2091092af6d768acbb6e6a2a78abed2b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
d1a791029b83d8da27fe43a35279938b

SHA1
b2cd78117984a9fc813422d0aa21fec365b96d33

SHA256
0ddd3a0e112256a87ab18960c7ddc1a7586e3f439fa553796fdc6a03527d8e80

SHA512
432c107595d4e6accc440143f5df10edb20e1bfc399962c138f80488b55ebc948cbf144f1ee874a418b39dce0dc396b07c8e3dd45bb06dc395372927adf6d191

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
ddf1a5fa2827b0c84f82cd276eea32cb

SHA1
da7561a6a6b6344d84c9411bdde50332384cd37e

SHA256
6dc03d8081c0ca8f8f9458bf6c9eef5d0d02c617349c305538d32276280b6d0e

SHA512
42d52c6bc8649b44da6b5de0af93025798c8310aa6d55ef4b69bb969b3e1ddecf0032dc3844f71cbccfae30f0bed4007814c7a5b9874b0dc6b087da00c21d4ee

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
c3045c4ee7348bc98228794be872f497

SHA1
3dea5d7fa7784a05ea29cd2ebc8c3b779a90dee3

SHA256
016e471cbbdc1abc6d3ae65f034a43165dbbda8382e7a0698b917c811eb3f7e1

SHA512
b0959331adfc5116b92da9d6724300e9d43cbc439cd01263d96c6aeafea3d1dee5f0f9b07e180f928d009823e44a4d7e4c2f90e6723498431205f0fa331dcc9d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
d641e337d80a94b8fa44d992bf3891a9

SHA1
c7f6f20881c96aff72cd0e570a191d63ecbab0ba

SHA256
9a42409d49df92e5250e6b6fa348435ee413014202983404974e95aac96a336a

SHA512
18926d3827696f32db8139bd6c155a95c9c62328b0074b584ab2911c8e33dd7554e39607430713856d8ba13fa2afe94103b7002e704e2a228f8d8c2901a67638

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
08f47d182694c2d910cefe47a6ea0aa5

SHA1
f65efc484fd55492a65835e24cd0aa45b28b8898

SHA256
5da8bd196cf672f6ebe2e3e01d285b1a25399076e9806dcc30cde53f17e2e4c8

SHA512
8dc74b0399d9ffb586f573537fce6b761327d11dd2acae9a8307d420e6dbf816a881301e1bbb887cafb0cf358ca603e8bdf04c1ce80382b43c8ceeddfe43bac6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
238cc1d5e43d13c549485348868a9bf7

SHA1
a5c4e86e769c657bd1d8d33f6f30e6877f676f85

SHA256
73ab39777f13f27b3b5cbf5be1cf49d65f0a7c82727c7036d05f545b00dcd159

SHA512
f7293d9cca5c849a91ca4ebfad4b2cc92ee37944e513d95e3402c4e053750222682fce5b5f37f1169d4b6f1a7d756ac6608629bd10fc571a693ae603ebd7c8a6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
27273d8e7aadb7053bd3210ca6aeec48

SHA1
258507ce7cfd05a17ac64501efb125515afd1173

SHA256
90142258a448972a34f3cdd444255f4575e8f0a38a145effb20da5dc2a24da1b

SHA512
0fca1b363628e10100142b83c6a21eddb939e2656417d9ffd815cfed2a45e45b8597e238f9de88f22820ea9897cde76fe0127929143c1510691d6192bd7e4f05

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
447fc7255ecea56cd576dc22f946bb21

SHA1
6d9171cd906bd1908116e444ff7a56c069415b36

SHA256
399a5d950b6eab9865c2fe0cc4832ebd78d72a29e85e5bb2fdcab8b93f647ca7

SHA512
a2078f7bd33cfbaaafd1612cee506bc5ef8b91757bdd9602d344ab21d703cefb1e48a0674d32044a3146817b7a827b696d16434d9e334ab10f8306343a7e9793

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
b829d80a446a52752ad96728c90bd0b7

SHA1
27b3e4668ee3a5864efdcf5127f226edea55f606

SHA256
d112c262cde2d05bee9669e90630eb132ffcd58e65f4b52aed4503852235cea3

SHA512
770e372d0e552db094a94ffa84155a62ec9956d297a9a5dd8a47639aa7f7c4269bcbfdd54c0e2a0113681283399410ce7af95ced5108d87dfb22a8968a0c68a3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
dfc4f34c1c3f1925a39af4d3685c74c8

SHA1
ff9f153337c65fe8ec4bc8237d99be4673d52222

SHA256
fca71752406b02417ba52300a3cc974cf069d56cd88e80107e4e9a54761379b5

SHA512
e1aa4ed2a45ade225764b3c54381b2aacf0f075de92fd78d013a59b8c22e4f0c2f6ca7d13aa7432907a1f7c3c0f1e1d24729eceb6ac12d14a240e0339c5fd4a2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
bdfd7b4496dcfa51859ffe4b63693d18

SHA1
7aa3f0fb67ade65669096b972fd7caef887b7d65

SHA256
054386416c410ce1055b30a88cdaac18ec3ba219a3a16a03dc1f043cccdccfe0

SHA512
96987953d23d83a8e6fde9b883a006befb53c1a2a9e49bbbe4148ccdeb715933340f9abcafb485583dd5c0dc48dbd03be13a43e01fa8ee9f4bde35f544af59fd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
2b2a37d3dfdf8103cfff5656d76d8fdb

SHA1
a58e837297ec6eb999019c3dd1c3be9fb798d00a

SHA256
f96cbd181529787ca4dd012b0f7829640bf04ce28f23c4a24193bc5178ee8f90

SHA512
3343ca22c3f17ce8e19456c953e840441573f3fa460731d1093c618db73951dd3276ba53304e3976f8bb48fcfb5f1f39ac31da3535f921ff31074fbe81bac86f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
381f4e7b18cc3bc148cc5167256c1549

SHA1
cd8bd17501d3d0a3b5474b46628ee940b0fbbdfe

SHA256
074387eb8cb8a927ceb3ddc276c263b68b0e20287dc2d14bb7a8a395fba3ce48

SHA512
304f8b174544181fe48a6a86a931afdff47bebcdde232e8c12181ef26c2a3879b5c8f39c0c9a011403a68805bfb63ef6d7cd07d2dc3108a3cea1429f58533519

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
eb883f50f5bdb5c058850d06d16ca89c

SHA1
da06d1ec551f1e67a118591ce04675b4be8fa782

SHA256
ee573a202d86563ed98b874f6a511338910f7cfeab46408d4b7637f645dce92c

SHA512
96b2d3d23b6dcd82f5e9a330f5dd73d7b80a8ce2ed741dce25e46a8a5b175bdd5eaaaecd442225d84fcd3f5fb176e0bb76e368c7d195835b55e66ff9d45255be

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
61671c37080b9364a76d0901c194b7a6

SHA1
6635d66aa6f33e56e8df3dc611efa23d48c1f74b

SHA256
f0b671cc27027192688c9cd545e80de3e047adada805ac9d8f417096d13a72d5

SHA512
47a0ccb93f5f5a0c44a78b42ee370d280d8efc07385d6d133c5fdf359a81938d9dbdb3d9487c5494b682fbea4f102961ee753fa477414f9b7510c741dde82254

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
36a7bb6283b9ef82cfe7822b3fc80a1d

SHA1
46819f405a5f6231fa719c4178348a4012978ebf

SHA256
8174f2b565c6a828d499bf3f8f294f2530b2770ab7ad067727fabd6c686546a0

SHA512
35192153895515d8ad9581b05e1f855f0fb6d1cbaa5aa421e5f1d996c6ef15bf60f68ad4fab3e783bc5aafa6f42fb61d0f32684c61287ebd48e70fcae1014aef

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
2a12227b497d9d9c58661950282a7f28

SHA1
d63279e0cba6fb04cc28b02ccdd9a3d9f2b9c99f

SHA256
1cc0dd904ad1f4888cc8ebf2f78baa3f0f60762f5f9205d1ec60517e7dbfd0e6

SHA512
2c12221e1770ae6ee3f32de4385af1f78c176e4c9478ce57ac6187fc214c668050e18c964c2ee5dfad48c481b304dc90f824cfcef7dccc5b0c7dc423b3f22f1f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
d4ef2734e289db09136ed25f79c5fd28

SHA1
f99602b7121f34a6526c4dd561653140c40611fd

SHA256
7023371f6dc55381b5f9682e5309e3cc0509f5dec6982152348c6eb649489474

SHA512
0b2b84be8f63834740ed0cdbb1a32eebe296adf6fb381741bf25cb9472595d8dcc8d8b4982168528419c717ee345d599d4605a3cfa8ff45a34d30836c658747d

Download Submit
memory/2112-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2112-8208-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2112-9180-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads