xorist | 5f8cbaafe10f4a87a10044b42fbeca780cd901b09a0fa7f2909c2f2276586647

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
30-09-2024 17:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
Size

7KB
MD5

026c928e0e950ff8918429b70da11216
SHA1

4f1c38dc42dc65a35428df7ebe90ad94f5daa2bb
SHA256

5f8cbaafe10f4a87a10044b42fbeca780cd901b09a0fa7f2909c2f2276586647
SHA512

c3bbac4cffbf65e5e885b65457f13f71dc4d5bd04fddb0be05648709914b4858e929b9d3a174ee706411347e328b093c2b2a23d7d5e23d6f520d17d683d85cbe
SSDEEP

96:lhZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExJxjDXV6TLIQi9z+LRMB:rzdrr1FG1WDCgmjPZbDF6Tlgz2RMUA

Score

10^/10

xorist discovery ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1760-6853-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1760-6849-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1760-9037-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1760-9038-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1760-9039-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1760-9040-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1760-9041-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2210) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops file in System32 directory 64 IoCs

Processes:

026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcom1.inf_amd64_neutral_96c22c683482d8bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr002.inf_amd64_neutral_db1d8c9efda9b3c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_properties.help.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Break.help.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\da-DK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_neutral_c70e85b87ee4ece9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnkm004.inf_amd64_neutral_d2aee42dc9c393ea\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions_advanced_methods.help.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Comparison_Operators.help.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbw561.inf_amd64_neutral_fe42c0ff14d5562b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr004.inf_amd64_neutral_a78e168d6944619a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0009\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_operators.help.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pssession_details.help.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00b.inf_amd64_neutral_89b555703683b583\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wd.inf_amd64_neutral_759109899b486d47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_jobs.help.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netmyk00.inf_amd64_neutral_9c0c35afdddc16d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\000e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_cmdletbindingattribute.help.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_neutral_269d7150439b3372\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky002.inf_amd64_neutral_525d9740c77e325f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc303.inf_amd64_ja-jp_b0dcc6693f67451a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Throw.help.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_try_catch_finally.help.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_neutral_86bb50f34c49ae71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnova.inf_amd64_neutral_b52d8db82d8c3be9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\megasas.inf_amd64_neutral_395276dd9b7a7448\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiabr004.inf_amd64_neutral_b1d90b3749c5e6a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Continue.help.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\crcdisk.inf_amd64_neutral_d10626d1f8b423c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-activedirectory-webservices\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiabr009.inf_amd64_neutral_2d7b3edfda95df40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Programs.gif	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\replacementmanifests\Usb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\faxcn002.inf_amd64_neutral_3d392ccc357e04db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudio.inf_amd64_neutral_ce7bc199c85ae0a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_methods.help.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scrawpdo.inf_amd64_neutral_4c228493af8567bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_arrays.help.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00d.inf_amd64_neutral_0600b2ba575729f4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnfx002.inf_amd64_neutral_b6dd354531184f64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_objects.help.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions.help.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttme.inf_amd64_neutral_ece4b1cc5aee6a38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00c.inf_amd64_neutral_510c36849918ce92\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_type_operators.help.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudss.inf_amd64_neutral_330a593eb888237c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnkm002.inf_amd64_neutral_7c42808e24ebff99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1760-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1760-6853-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1760-6849-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1760-9037-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1760-9038-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1760-9039-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1760-9040-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1760-9041-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR44F.GIF	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR8F.GIF	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02748G.GIF	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierWindowMaskRTL.bmp	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382948.JPG	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14711_.GIF	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactHighMask.bmp	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\MeetingIconMask.bmp	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\InfoPathOMFormServicesV12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15273_.GIF	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\CLNTWRAP.HTM	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_hov.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\31.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInAcrobat.gif	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Portal\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\TAB_OFF.GIF	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PROOF\1036\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_up.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21348_.GIF	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsColorChart.html	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsMacroTemplate.html	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\0.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0175428.JPG	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_120.jpg	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsOutgoingImageMaskSmall.bmp	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PROOF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseout.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\zdingbat.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR13F.GIF	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\logo.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Main.gif	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Solitaire\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01748_.GIF	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR51B.GIF	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099192.GIF	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14582_.GIF	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-accessories_31bf3856ad364e35_6.1.7601.17514_none_00c7d91b5ac4efe5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_fdrespub.resources_31bf3856ad364e35_6.1.7600.16385_it-it_41991f13eb65acc5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..gssystems.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b7c1da4bf2d2a2e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..elsupport.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_54fec495dd085e6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-directshow-asf_31bf3856ad364e35_6.1.7601.17514_none_78e385451529fc1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..r_service.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0e75d0c5c59459cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_If.help.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-network-security_31bf3856ad364e35_6.1.7601.17514_none_359f1faa758b2445\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..-vbscript.resources_31bf3856ad364e35_11.2.9600.16428_en-us_96146216ccc71f7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security.Cryptography.Encoding\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..oldertool.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9e1590437154bdfa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..tion-core.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_cacddf7f88d7cf75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_srpuxnativesnapin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_506774b7123f2c62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netrtx64.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_25e312cf77abe199\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\Resources\Themes\Aero\Shell\NormalColor\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-dataclen_31bf3856ad364e35_6.1.7600.16385_none_f67c8b94f4c94f5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..fcounters.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9ea3ca6616706631\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msident.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9733a5a400ffbe57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-s..iveengine.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4fd161061134e728\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ribbons.resources_31bf3856ad364e35_6.1.7600.16385_en-us_fb40bee7e88974a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Idena7b556ff#\be9fdd1551bbe5f7d893ed6bc138b7df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-blb-engine-main_31bf3856ad364e35_6.1.7601.17514_none_4207fb67165f731a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..e-ehrecvr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_fe1b0408d1ebbdce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..ation-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1247a0df33590949\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..idmanager.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4afe4488845b7426\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_Path_Syntax.help.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.windows.d..rootcause.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e82523a10e946298\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_napinit.resources_31bf3856ad364e35_6.1.7601.17514_es-es_7b05321b22aeaf48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\WsatConfig\9683999d889dc0b8782c782e2fc1aee5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..cognition.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0c8567fe44d28f66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-utilman.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5f5ad4d6e4612081\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-console.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7df7d893a3a353f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..foldersui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b6b4ebe95ded7990\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\btn_search_down_BIDI.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..nts-mdac-rds-ce-dll_31bf3856ad364e35_6.1.7601.17514_none_63f85e7ea00148c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5f8cc8189e9fc533\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\hint_over.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..kitengine.resources_31bf3856ad364e35_8.0.7600.16385_it-it_8b52ff7475204d36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-phagspa_31bf3856ad364e35_6.1.7600.16385_none_cec462f31334afc8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_679a6ba79b07a3c0\base-undocked-4.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..ncywizard.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4d7b1d09275868e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_45286e597214a485\403-19.htm	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_f59a25aa3737acc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..panel-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_dd63019c9efb6c77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_de-de_758b27dda703a6cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..linetools.resources_31bf3856ad364e35_6.1.7601.17514_es-es_95e59d7704cb7b02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatiob3047ded#\778cdd008b007e2abc066f000cb5b1db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-devicecenterdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_68ab4bc1ef499c45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\novelty_s.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_crcdisk.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b0cd2293e5f54fde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..-binaries.resources_31bf3856ad364e35_6.1.7601.17514_lt-lt_cd37305567da84e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-r..-resolver.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8704d3de2e0856cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_de-de_265add192f6b24d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\inf\.NET Data Provider for Oracle\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..show-core.resources_31bf3856ad364e35_6.1.7600.16385_it-it_37989fb821afc047\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-o..tend-apis.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_446e6768ae6ad106\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wlan-dialog.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_817024346cbad720\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..ls-ksetup.resources_31bf3856ad364e35_6.1.7600.16385_es-es_147df6421de0136e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..t-console.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65197e9b5529f162\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f373b0f039fdf6c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\ = "CRYPTED!"	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\shell\open\command	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\shell	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aFXN0DIM6rU85R6.exe"	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.123	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.123\ = "KHHZTHIQEAGIUWJ"	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\DefaultIcon	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aFXN0DIM6rU85R6.exe,0"	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\shell\open	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\026c928e0e950ff8918429b70da11216_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
7384fee7a61c90c761a8fdd6b590ea92

SHA1
18679083553f7cbb78777cc69cbac7fef13a7b7d

SHA256
ecf77e0851b9334a7a52e3f575729b09b646576c6614f5ee3ac07bc99535a6ce

SHA512
c37b411b95c8399e3c11a7d0befff40adb19df30d8f935cf8fee4970d2838e071f7c28fd93ecc7939ecfef992f6a69e9829f5519f9ec801214dbbef506aba727

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
48c576d0c422db4704238f4c22a2ecc7

SHA1
13c7c1567be42dcdac32443ddc7a5d903654c183

SHA256
fae3bb60036473c3fe24bd9c032fd2302790833356367129e87d30e6a11c60b4

SHA512
4a0c300511200d34fd669ccf440fcd31717bcd7d04b08c04ebb188ba5dab1aea59dfef673721ae25531afc3cdffcd32868d24ab3d4c751517a9a36874ea89fb2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
d6bd92ceb3b7804e884ab289fdc4d38f

SHA1
87ca088481f89fe8e658ba0b0c0c1d1420a29687

SHA256
84523d08f8e5ab978ff619fb5c5043231ef851a72f5e7fdcc30a976a03a0a5e3

SHA512
647e2a20c68bffe0635ab8edff8cccb0dc6e4b10e8fbd426a4674261bc7f4d5476ea5db4c290537a06eec2d1d7fa570337e1fcea133178ac6221bf41b5fdc197

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
34ba4e29b2771a3bd85b0158fce9a016

SHA1
b25fbe3ee23a50dfa462c8d687c7558112c52b8f

SHA256
5ec1bbc202eb0dd2c04714db044bf7424e3b255809fbff12be9d2a506c30ca35

SHA512
80f97a06f9cba2123e46ba45368ce5348c195a86ce45b2a48fd8f7255acab7dbc78881424fe6f14e10c0ad5d9336bd2e462967892aa838da413c3f7d67057eb8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
11783e79415fa7bf8740546a9246d1c9

SHA1
1150be5680f0cf38d3a56b9d0d444d43e3a44e30

SHA256
2766baa7884978bd806aef31b655b97ee27d893fe5f49d64abf870472f197b21

SHA512
e125be9c2700881ff1fb85f2d858b6e611661b573a4519e6fefa7c63b75037869785acb1127ae94eb321b3f660f9575240400325d549144b1a754d845bdb22aa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
ca8e465aec6de218b00ce2c1dc74e0aa

SHA1
5dbd08c79fc617e2668b29abc8a7729618f4402b

SHA256
31a330f0da03b502ed59252355060f1ed76d1c90fd78205d7c4bc539baa71af6

SHA512
7087453d92de0e5c33e859ffaf7f0d575c75c5a3d0b4dd726d84ac2ee0be17ac994b6a2510406f2a298c33834458326c117bc67ca461539d7d65c4f7efd78f38

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
0b4af83479de4a6e20df2343f1ade568

SHA1
ecabdde59419d5eeb5df0ce567f36dcfc0c3131c

SHA256
7d59d87d7ad561470ddcd0c8a0b050deadb2634cccf24ad8bdb5f1fa1940a7fd

SHA512
25183417dcecc1e441ddb6e9ae4925c03bee3716c3ef0470ec6331de31b728731c747798510feec71dbdabdea380b13ebd9da0e7c56f8cd88bae380b958fb8b0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
51240117771b6d74cb643ec589fe480e

SHA1
1155c480f67c5395f088fc7853e66e34957fe84c

SHA256
27edba5f36cc5664dafa36bee6300016f4e663f4e4d32a412b0f6b289a44955c

SHA512
6aac52566fc3d99c1cd3a0f78d40fc2f11ec70993aadd355041c0be528d93ac993b2e43308b46cf91be0e62c2281c4494cb6875799819698ac4301c2787c1e56

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
2a10857278cf13b8e834467bccbadb61

SHA1
b2177273c9402b0878b7c402192f058b3ec7d0fb

SHA256
816906d939281e56b133ec58f736f9a8e8cd627581762df5e8f0420f769feab5

SHA512
542230d8d2b6e910782b6eb832f50948fdea088cd5a2b89a08d7b54269c0f120838dce78f63489c55aa3cbaac59cac62fce078e76a641dd2cd4428d5aa75c74b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
7e2e3432bfbd4bf839159e74297e8e19

SHA1
c7109ffd6713836d853726f6e75054580724f6df

SHA256
1c5f4dbec58c6eca34899d9d280f09ed04cdcb515dfa1f94f2d1a2adda5b711f

SHA512
5f3bacbefa62c6926f8038b40309b5d6b4e21a9da8ed00eee0882e973033f9b5fd19561c10af981a57ecba737141e5a1b66d86f32c9494af502aee6750df7a15

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
dd3360b8f227de24b6645c5fd0b19359

SHA1
75a3b4b9e86ad728c1227a9dd186f03a8c120ed9

SHA256
a4289fd7912a6676894e07bd40b6658357809a9d9f6efdafd9e152638ab7deca

SHA512
f037813ff9395e84cd32886b37b2d3a322ca72c94b406f475c23a5fc8a38d9dbfa750fa30021b3d50ccd1639fb475520e2c5e11da9bcc8e7656214cfb67d76d0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
44a18d6920d8fb7a0dc4303b7e9f4e1c

SHA1
d5e4349b7f10add64c4032897dcf915a7c94cefb

SHA256
af455ed31702885b609602f4f9848ba7a0962a4f5cd36853c315f1f573e774f6

SHA512
765aa7fdc873515c936da3d292e54ed310917eb43f1846d329acec37dbb7ce4aa0e5e9785b3a6b3653e543ce9feaf9656e73249b2b650193e433bcf1a17894f1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
eb2c279975791469fa4d28218ba81cb6

SHA1
c3bdd5871e741ad4640f4289a45066eb6c218dcd

SHA256
7a2546ff94773087be4b25d4b0f4da45afdfff7c55c4f0fa48e47db072b9bdc1

SHA512
2f385453dfa2091066016e792b12c15990c7496fe325f71efc28ba1c8dcbd260bbf06061ae176b003a59c44ce429d2a7677ccda88597b10c06684441dcfd3270

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
a51265a39bc9f91b103a09786a82753f

SHA1
b14971e5e38f712c947b1f40db662c69ec528cca

SHA256
99daa8423df4d829df53b693419e565145aff3fcb0f008acdbd8e7db75cbcd51

SHA512
c17a69c063cd20c88a45105982fc4028113c4e0fba8c1a5d23c39067dc99bb33ff1466b403f3f1441aa3a6d70b65c4ee52f9537ddd01e010c03a5f93b5e7f84e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
29925c064943baffa0bf88732503ab0f

SHA1
7185b1e537c7c7e45f9fe36aa2fcdf10dde79d3c

SHA256
0e091502212488473ff65de9bbad439f47f9baa7cb5dfc8253c83f1c55210075

SHA512
0d3eec6f8f18432989ea1718bd747ca12e3876152a31207df7eec1846fe6b9afe6d236aa03dcaf3dbf6374818a724fa91c64c2e102889266a464d794119bfb3d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
0caae463d81d922f355636c628f6ed81

SHA1
af14b19889bc654070012f8a67f07ebe2b90352f

SHA256
63b163171ee7c257b157820f13b444f82858064b483d55dcc809dcaee4a559d2

SHA512
650727918898d927d9ab19d15e98393b2ecbdab97b44d42d898dda58874abe57d59638d7197b7b8937c3e8e7f86d80b8b729220b7abab6651ea34583b8c4cf25

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
5ca45c84de99feb12e53fd1bb5e1272b

SHA1
9628c2969cd6358e869c9f2b755c7fe4237ed3b0

SHA256
9ba793111bb04181a8ab36707146510c1404dd82984b52ff8f8cec4b8c245d70

SHA512
d74f042c5ce3eec2a2b4c27f3bf6a543b8ffee7958f20fecdfa73283aa819ddf61ca3fd2ea82cb4fa985a8152cf0b831d1813f12d6655dafa653110f1a8c5389

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
8b665b37774aeb048d2e251c966b2374

SHA1
5a4ef12be638b07b42aba309a244905cd14dd614

SHA256
ed2e40e44c4f7aab95df7b944dfecb535488f10ad91953fc0ec014b4aab4fd65

SHA512
7bbb8db4e02a853be641017dcee78a71c011edb0cbe388fa5de7244c57f3db58a20e873a6d899b3e92c9af9722e65edfbaa725caf48dfcc9d72dfed16a8e6330

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
c73f65fa2a4dc9ae94280cddaab06709

SHA1
812e5d5093892fcd16a86b6c64f28f55f7bac01c

SHA256
087da84d8cb53ca6a151071dd7c8625fe6c28f8af64327f25343a0d2cc2d78fd

SHA512
43a75364a905250ff4d123fff02d5bfdc5bfaef2ba7e1bdf79b2bf18a625bf565dfd931c03437fe4084e634ab66f172196a3817f10120467292bdda36199f5d4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
5abb198da099eb9cf1cd80f876f18dde

SHA1
1896a2ce18766d3b175b410bc1547152faf6dca6

SHA256
2df5aa0ba15802037ae89332c3fa9a4faa3fc6e0c310d02f252ea99400844d06

SHA512
52a0123145172ca518a68bf31cc890a9069afc75c8baf7dde2011c4ea2e9803d2b936717c2698b3547a46316a7a795f0d1f5928f9565fb34cf1dec1ec1770f0f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
24e2c71b4c39b12cbb75e47506b2449b

SHA1
bcd53c1570e4dfefeb90a9ffb6130ccc1b9e557d

SHA256
c76dc50d11a1e0fbef202b3904e3d5c71b559bb0a88fdc4583d1d6c9b16ff5ff

SHA512
a60b9c41c349be0ffb655f061877eb37a5a36be36eb4e0e57b4bcab20bc1fb5ad7d510e024f8b5306f991840fcdf8b04162502b4b33f190595314c898dc85c64

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
c54fa9a689ac62b1f6d22c1f88466ad4

SHA1
8590a645618db3fc87ade0e903cba575a666ea6a

SHA256
3d26183f58319993a3cd62fb04969040d6e19247409eefbc7c039f5edd398eed

SHA512
75e87abccc03edf5a44fd1d6a621ee1786204ea150ff70d0db3158a6041b0282c3721859f4558e97d2f04ff498f84d47e49e4a839be3254869a900ae29c24a65

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
93d701e9551310160f6c3fcfd8ad45b4

SHA1
41f390f1c147c3515e6800ff9fa691cf6b558ec0

SHA256
bb82273d2cd9cf11296fd80b999cdb00fba180a1f91db4e12b38f5687ca8949b

SHA512
71911656874086918f4b4ec85917f36a04cf28ed288bce4832d49c1f9121a239b64e6adc04930cf419da6f15dbc9ae67c8a8c9893ba964488d8a73073590656d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
fbfc2f2c6ca91adc91d72305200fe916

SHA1
4e225cd94037f38433b760a34020363936c9891c

SHA256
9c0accd651399c404cbb0755dad7d1c334ef460438976af429ae3357f236f462

SHA512
03b290f03a2b0c1c98045138ef6ccb1a9da870a805fdc4d7da1e7c4e3a456dcccdd6bff6bb95dc82295e4f94c7c7632327a7ead8c777376d86ce753f6a98eb6c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
d6456ccdf702a3989782904c33680eb4

SHA1
190d0b4aa52646617b39ad0d94f0e987115a865d

SHA256
a4f05955d1c1d5cbf2c2fd573ec075450846a1c4cfa2302549beca7329bb6fe2

SHA512
73b81e3dd32079dacbfdcd96f76f384542f4da29696950a7da090be649a9785db3084a992f794151e9fbfb1007a0552c38af21074c547f970f774fc304044f15

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
2f831d469fb8ac05eb2ef5ed3e85b34d

SHA1
aab471d6e3434cdf9acb5bd30e5738cab455293f

SHA256
99a217791aa359c8780730072611a7cfd007f53eba9a53ef19272ac84545a6e6

SHA512
b939bddebd96c0bfd9f68bbbb24d0bc85706ac5442292206299a90360183ed6b09858102804b109610ba6b0ab0924e6c1c8cb94730b0db7c08693f588f0fd20b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
75f6a4d9a54b629d77cf73d3b7f46085

SHA1
4e1050c2bfca9e44c92a8302a65574f3acbd6511

SHA256
5ec1663497f2ce76a5190ef54b074339cefc9cc6256ccd42a920d61a923ed2d4

SHA512
1e465bfff9d63c71817d3b57f5eb2d0eabefbd7040de1fa496de84887b9c327d3e70b23748be17ecf50c5b3b1620810fa21589316c5a661fcc1c277b222fc8fb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
3d332652140856405fa5d8edc1f6ffa7

SHA1
5a11dd225ed34f5e2ff43b0221a95bd50f6f2940

SHA256
3892fd892ef5a85abe811bb87957b140103cf2774e72c8a76e878fd45cce5bef

SHA512
4dda4bf1d9165abecf6adb86cae5afdf6ae6bc877c0f1ad114caf8840118a93e413d26a37b972a2b924b274b3df2fa86196dc82abe33a6d8d03fac6b3bda8730

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
61c8bfa73c7580f78b6b05b89ab0ba41

SHA1
8526a4555cb57fcb7e452369533e3ef3285ce739

SHA256
a47a0b8da52ff091d09e7e0eb720681068ce66d7e85625e5b703e4f13b077276

SHA512
64eb12fa8adc415858d227682a372f04cd88e19e1f185af4046d21a102a7135ed65ea5726cd367b4a7c18641b427dfad8b87d1c5b9e069c9cfaae0bd22af1e72

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
553d416e2a73cb24e9c09f90b6df4029

SHA1
a228d52ff97d82b241b416c0cbc414e921792404

SHA256
5430fa738df978de7ae526fa358e3866fc227a62c0888940f5d106d0d1bee019

SHA512
3dc4ae9e6b0b99a9757b14e4fd8deac2a0996f198941503f41951787426e6f6dd8fa8c0184a2892df613d806792326dcce98c5347c84021ea00d2ea5c019d040

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
d63c21f3fd2e652667248bd162082a42

SHA1
5c0c2c557251368c09883528767fd17167f01c36

SHA256
f41c95161f75d38f1aea174f6f7ce53b7bdceb5f63ff9ba92336b83073819cc0

SHA512
c21874dacfe42faa3e1792526ed6f28025acc805ac377f6068a1bb372e0402bea50d3c4af0fb1a512b552af9745e91c949df559dc338df4bc938da173d8d49bd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
d6bab7bd129dafe67bb1c01741a7cfc2

SHA1
90fba8e7c795f66bd0048a49d8bfe78cb95120a3

SHA256
a6390d52acc28058fd223f26b5a452749ba4246af402c46130c0f1b484fcf16a

SHA512
e2c618a4d90e518f8b90a8491ab64cea397d09660804eff4c9940ff96a87a8283b301cdf1dfa69a90c21cc16627c676dc0cd11722f66a2acf7db7b969d71ac47

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
f7b8306e480bf44f68eb1eb5414bd435

SHA1
68647ab7cf9938a2c3cfb33b38dc7f51da0ba10a

SHA256
9e226dc217f8959d6029e37227022669017c6013758d9ffadb6e4b99242e54de

SHA512
8a6f80df7e31aa686ece7cb0d38b1d74bfea7740689d57fea4efb593a092ece330d3dfb9e0d7364476c945ca5084652a1bb0bf153b729141e475562af4104c0a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
7ec1188f055bad25494c334c94dae172

SHA1
5d993888774dcf0a545424a49ff45487a1bdc028

SHA256
387b63322508792cafe439af9146288660a826969842baf1d7e3f92b544efe54

SHA512
63244c4d86208892831fa98d052e5588a1ccf9e3a42560e99e1fa6babccf0e666bbdb577dc9e0a5e01cdb5385a4918ad2db602f7c856264f0fb653a8a62208d4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
f6e817ad343cd85afd5a9bc94f7a819b

SHA1
7740feea9e708a4e478237905e7fef0b0de2a1c0

SHA256
ac59f75c909f2edf4a62d0ed835f4bbc63f299daac5e109a8223e459f0dedccc

SHA512
c0e113f7b6c80ee707d1d31bd1abf6db25a70ad5eec4ab8f2898064af69b5e4543b803b9c813c31bae4bdeb5bd9477923d6c64f58379c39c98cb25fbda2a6e8b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
83bf96afb1cf62b5e570bb54dff2e63d

SHA1
30affc610b220d7a606662625607ce2511e19a8e

SHA256
be879c0fb368fedeffe35d03adb9951a7d0cf88c2b39181a19425a8671395c84

SHA512
beec06bc7053bc674a18ba566c878404255032b751c85eb3d1a1613c035be7206af7c61a5ee70c661e142eae5035ac9c77df99ddccfd7497d965381c7c7993c8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
b10a763615162848ebbd6ff8b87498af

SHA1
8b66bf62db3c3367d4bd094594b0dc1dced76acb

SHA256
ef2baa7186e9ba08c37786a42e00cb6ea7638b0ac967d582503d0f7943cb74c8

SHA512
448ea3484f59eb0204d470540d2e03488a8eec6e6fdc55882558e519d905c6586abaacaacdbc7eb8723bd673e2c8bf250b99930521fe442a78e26259f2beedc5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
3328dfe242794279137b6c4c43143d18

SHA1
d2bcf822a2532b175377a16fe53414acb1381de2

SHA256
da367185e2f6d3141dc963f651415707343748212aeae3761c52e2b534426cf5

SHA512
ef8ac48d0fdcb4f5eb095ececba695cf30a56e0e4b425af5cac04e96219b65cadfbf95d761097667613ce6656a388c18a87d56d2dc3f933bfb7f463b5a7aec6b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
a5269f29d3122538ee10d32c66727e36

SHA1
ad4d2986619f2e0e8139775e2d510bf9284ae0a3

SHA256
cdd6334bcd2d41d1c9640256dcd88eef619d5f5d4fe7d30a7ab748aa162bf068

SHA512
9fdc837d559afad37820bf2aedba311f52c5fed3da8b9c26b0784deba0e2d09425c2367ee7eb858d2be294f4ac5cc49e1982c7f647a40e505eab5fb202cc1c5f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
3daee2a81398d2949987214551eab0e6

SHA1
b4df81a8e2a04fa6c256c7118a99af16580e140a

SHA256
d239613c39094b54be93cbe80c5cebb06fbe1f9796744f86e45045283414b930

SHA512
15a58b56520c4a80f45587a90379c0f4f1d557ad872ff3385339be6afad3c0206f68c3b8df5f66779fa652c18784cbd22f2fc88235e33a65ebdd22590a64c8a5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
5dbb6f208ae80156642657e7c67f6005

SHA1
c902631ec73231524c8b69c79449e1e001dc586f

SHA256
b2ba6e4e535fe6c28d0d0e2913c4f9633ea37c493291913146577f9299db3d67

SHA512
27b96b4ec5e0c2a74e3fc8191c97479c9564a5ac5db4d4c7537f46ebb24499e183d621acd5a8d34345ee590aa0f6fff9c9a75de82333487a450a9d626a083630

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
73f84ab20e0ad325c8fdc577a5c3e423

SHA1
50740538fc24900fce300be72bcdf29bd3380594

SHA256
861c910fc022bd981afd499cab331722f808eb9df75fcef03e9eecc28fda95f2

SHA512
4c672c71388e2fb7459005f5a26083bf42f0b12898f7c62de30a7ff53efea28dcaa3c67db32a429868e2fd7e3c9f9d4b36170920b1eb679634a1879ea34e98cf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
d26f9120e869e68fdf554bdb31fc94d4

SHA1
3ae4cf9934a06909d1cdc2f325303c3f9d0d4e97

SHA256
a04971b244ed8141bfa1420db478c6f632ea34409dd46d5bed7127a73f969934

SHA512
5e8bd94530e99d6e7c3c819df553e54ba6c3d209747a93b40e3418b7e3ab2fcd056aded4ceb010ed62a1345af1868d648fe7933e73bfabcbd023b11dde297254

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
b34e4be6a6c796594d00d7852da85ea9

SHA1
7184aa5228fd6618e41440c0e597f26e7b9d294e

SHA256
92c094a6aca72d074c3aa880d1f6ae67f7e2c49ec83f1b8b74fbdcdf3fb3e753

SHA512
3f4edc92e2aa800791641e2a760e5bffb615b8320b673c5e4ab146821013b218b18b103f2fd33215b5017fecb7cd8a5259f87f06963c7c31d124c493144a2936

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
41f1f4641dee60d15a3cbc0fb64e38bb

SHA1
57588ff2b5be1744a17c739d93b07b01b6fb447d

SHA256
8b50924e5e2afe6fbf5aa68b3fbd6673efad049f972541ea075ae8b64e366502

SHA512
161438da477bc5e32aa689c3a7f96fc4b611efc68a9262539cb92a0175de2f1cd58a922e6c578d921934dd222515d505f4e3845fe1acfa6eb35ce64858e9a199

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
9b2d1104fb4e1c26744f98b1877f0f81

SHA1
08dc9ba247a0650e89a5b57a7bbb40fa2613d170

SHA256
0fa499ca03dc99233589518b4776423c55a70fff4c3756c35e417fdff8d43415

SHA512
fa91f1f2dec98142733801e3ddc3ade6ee64f7b5f6dd4c80457fc9c144dafd256f475382e10b29e3b08a96be6d7358626d289e9eba77760f1962e3b1f6f379b7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
d948b428f1625c49014b686bafdc5e4a

SHA1
60d95d597b0d32aa5fcae4d59c6db48213d22961

SHA256
d8da575625d5b2ca4810293434541e764829296f97049a7ef769658d246ac9c4

SHA512
80f2e99e85621d76de1409c64ebdaaad62455547c3b3e39912601b3c5b5aac8e576dcbd38776528804808becfcb5a0fec07deca423b123c3a9f66b1d29d86da7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
ddfb516d648ea9b4f3a84750de5ac7d6

SHA1
d6e14b4890d8f47706b2bd62f11559eccb4e7e74

SHA256
4b242f2ef5c2492354aa86ba4ec8ab46b0d1577a071d70214cb7171b91b97ccb

SHA512
f195198f8f2b4282d6f9e10905f12842f278497ba86b4cdae76e71c4657779f2caa97e852fbd05bc3f85a08364786f862ef9f6cf9242943ac878ba140e3bd752

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
143e09f11ddb88b1ad7c8f3dfca1350f

SHA1
41251e289b9f41295e19c6e049ad6b6a3d31f5fd

SHA256
6997fced3e6d3841104c40cd11e64bb9eee0e1791582a9b504fc0be931e34e6f

SHA512
73df5f29530b7626f391a2c9385b50022bac30ceacc6ce179a5c06c98c3a0498de414698fbecaecaf3b146db8e5ba4fcb2bafb5d07e553c159063cab25ee2b78

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
8b92854c4e3f3b504adbdebbfe3799e9

SHA1
baa6b86aa9c0665105c4fbea3f0a0f181035d019

SHA256
a469bfc1f623f31760f479dc468532a8d24814945ab6454844af19fee987c995

SHA512
4abc8b937882652ed3357943ad059b7e8ec31f30be065b98eaaa79692314e6e06652c1ebaa1ff36d206f82b80c10be536f6faa1f683cfe0b917cea1f970f12fc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
3e594400a50e8ed3960559c031d32214

SHA1
4cabc9dee61f769659284ee32edad431ae45a96c

SHA256
e0efcc4a7a992138a61300ca2140b45ba689ae10d6f76ed6b369c9a57bd02500

SHA512
1d799c44c071eeaf95d082c404bceb513c3b37078db7478dec4ac46a4f76db6b634a3558302b392cd40858a793b793d9dd4320c50e5199ed3c7e7fc7e24d3d8e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
419ab50acc05ff18dc10b2ebc738e314

SHA1
0588cbf8d2d2d619911d9604dd8f7ed674af49bd

SHA256
6944b9343abe6204925593a87a9768e043a820bf0e70a14c566f0ed0404d8137

SHA512
1a6c637ccf099b11a684961c9e8b474a684026dd903938222c53a9833c8a7edc93e370444b9400c891114312c3c28765e335d6b5d96036a917e7a0e26d2fd075

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
c2bdf8fbcc4d209b9f11036415515714

SHA1
78985aedca1a6c847c55b450b96e25050380924d

SHA256
b55cba9c5ecb9f94c81aa0f81ec68b35fc1ec7be40ead933a62e6be45eafecd8

SHA512
945a86f991198379d8a0003379789df6d271577b0abb81d62791531ce3cae8c9588e33beac7f94d9ab09aed836a2ebab3810431fb91c5fe0c8762724952f8609

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
614fe3fa325082bd80648c933c8d4f85

SHA1
9a78dc9d2c73c1c69e8dcc01124152d8fdab8367

SHA256
60f6ad29674e5a1d2c3b8b5cc5e91e67c77dca61d6f61d52da7d79611e81ac42

SHA512
dfda48bc4aa9d0e7ccaf1ec2759a88bf8049acc1086428f454f0ab868c04549ef4ffe01544b4bbc2e2b14195978daeadff807fa260a7a4bba89bcbf3697735e1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
b0d0175aa3b5624d921ea1a8ccca4df0

SHA1
1939be30989935e34101002445e0b17db7c7cdeb

SHA256
235d38f9b62ed0468f1a02fefb33a4406e82fa8fdd0087b3d290dd11db04f22f

SHA512
92a2a4a1bcd4092c1a56ef668041e592df3ee0901f49e136bf50c5e805ffd56b11489c4a9a8c63931623f161ebeedc99f3de0a2adca98233f886d3b6c40fa37e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
1afad1e734979fb8a8fb5a2f821789fc

SHA1
2f0dd46d2f84d978fe7b91422a57fd06aeafb67e

SHA256
123366d1426c6a70a89ba2bfdad4b95dad9b5511077683a0143f853e743ea14f

SHA512
ff4b6a84ffde239d4b955d569956427b75680b30491582f11363a6df3573d5d4a1025db7f6eddc3552cc8b64a3440221f42f00fdf97fa43251b2b84b87007511

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
17e4a29ed8cf2ad341f33738c472030a

SHA1
c6e1e4dac678411244c085083be40c96d4c82b4b

SHA256
d50c41917a4eb4966f9f9071247e86b5d7124f819813cf951705094fb90c347a

SHA512
e22217b60fbd6f5c49729fbfa12fd7ecabb2245bfd7c7a044c9b7b83b995cb79b0b3171d93dc902e0b1570db8dcbb3bea3ec11f252ea6ba3f3950405c914ff4c

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
2bbef98ad89d5860409a24d460f9db87

SHA1
3f77719b39dbf5b91ab339955c502567593a71ea

SHA256
2a6d4a398a57020f924e7f5b269dffb5d57cc6512441544f409c710794ee68ea

SHA512
936749ab42dc445618341e9d7fc1a1e02efed0b11dffd5e6a0a22d2f081a322d835688c6880830dbb583ad63fa5c91ee5f93f120b642c351e03ba08ce482e8bc

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
b6e59df8c3f454151ff904c534079a36

SHA1
50eb21758252f9b213764900d28ce2d24202b761

SHA256
4677c8243878405c0581f1134781e06b1eb1cc7f59e341d4e73b35375e8101df

SHA512
205502941bf70a083fc0592db912729457478afb62bdae74620f3003c2dc5aa5f9c836881f5290ab7c8a36fc25a37b2245bfe85839e90e5ff69ef0df910cbb4c

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
1f6fbe30059baee054493f8a4af83add

SHA1
2904fa26bd910773bd2ebf55ca87a4cf9b86b4e5

SHA256
eb247466b0193976ebf8d2ca42a67a88caa48f096c40c76282191a282ce44e89

SHA512
844a60090f0b7c839c7301b4b261ad6a7999c7167d4e3e2a468bb3bad7a007799055c8c45154798c3470f00ef07e66e820e887d6cc60c0a04790edc916f325de

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
57468a465b26bcfcd50569990bcb8ded

SHA1
ba7fade1c85ee66ed8c127fdf56eeb176705b08e

SHA256
0f7b97fe2a56313a3c664ce2d6b2363be38e3f72396b3dee288e77aea840eb2e

SHA512
557eb6f4b357177ff524eef2b9cf65822a2f62d03b940c5e22dae08e6015cf9088dddc360e7362c71b7550317f8263deb88af592569368b9f765cd440207f008

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
5961d55f427a13ba42981fadf6480257

SHA1
ed2db1e5092316845f6faba68aaa238129bd0e2a

SHA256
ad8ded9877eb41d4c7411d34d117f6e6bcddb887ebbb671ce214207591830176

SHA512
1faaed15389582b16a82c00516813c4bdad14745c3e834c21f04054f1222ccaa05e10879315953774ed771f5b4b1bacfa00aa3cd9412c720eddbd1dba5423a0b

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
a1c52260a809238f89ce5472c542f937

SHA1
a4e26039f151767d0ca1de105ecd0ed6c6f78fff

SHA256
9a4e609109025b001472bdc5be7a8af9e3c49d8c4082d1438764cb1f13630cc2

SHA512
a1e34dc4c5ddb0b9dd0bb94fecfd9ef4da00c48e72f11f6f4fb047c6b216a549514bd1f4f81aa9b7cfa6ba76c723c339818ba23eb5554e320e6db55729e31f94

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
4ac27bbf5e491471a227f7cdf615ef25

SHA1
89f659ea44ebcf0b167ca7cf14b2dd4875de8e6d

SHA256
bde843edf55917280286b7449f6cbe11f433a85c2113a023b1320daaa23e1769

SHA512
6ed0d7d042ba2733f708ae8e492c7947a4cdbf7784513dfcbf0019961572a5e38aab98b2f7525968bb56d4570c1d436c1fe2b3457c22a77124536f9b3f55b831

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
479e268e856d49608cd64b96b1d75083

SHA1
17e1dc2811a60b27da139cc95fe37b3aae5e571e

SHA256
24cd62ed09519ebb2fc7b98024c75759a8fca10957823ff24fe7dee1dbd44afd

SHA512
3f7f757b9fc1d305705a56e41dc8f2b278cbff2a00b85d83846f101ef56e82095418acf897c72548de8784ad6cfd5c201e929e8b2ff7d866a4c656506f9e1e15

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
a8e9f3f24de59f96db21b07b72a2590b

SHA1
89084a9997ffd06dcc2a3527ced2730e528d3f1b

SHA256
81e91f4373c634cccb5ab993ecb660c8bb228fbf315f427fba86aa0ca9317960

SHA512
cb447c4c26de25188ce1062e74dc28ee030e55ca978ed21b3dde8da572a4076608153ee5664bd087758c8cbf49fc649f3f0796c377460062266053a80ddad73c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
c88fea2da8b926923c7bf2437ba90445

SHA1
b2ba67f325eb40acc48e0972b641b005d8d9657a

SHA256
6d1bd75fcebedcac314c72aa628429ced554b7b15674a709e4c5ad7ddbca023e

SHA512
3cb432c99639458955d33e4dca7191d98ef990b492ed3fa3d1ec3f7a128bc5db2f9835d7fb4328471ceb7287b25b00959f2f0d78bf91cf49f161f0a69c2163f2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
b52226c6552de65b4c796df5b4ac4217

SHA1
c539d1eabd814b2299e65c65882cc496431597bf

SHA256
8228afb4409854f2c25df3df610da7d5f1c4dc66b01ef9d62110d8ddc11033eb

SHA512
6681a4fd3308713b788bf9329ef0b60a01fa1eb888c4b46bb1e789fa7f1b25ce1221802c724f836652ab9910ae71a36e63bb5e3c0b4c2e2effe9b70ef6b1b1ef

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
88fbc082b9384f748a6024576d4c0370

SHA1
99251778a98ba67e099372810bad7d0c184e9558

SHA256
4272cef6b75a0879558fb93873df8a2d3d5aa7beb9f254f3d62bff2bc3f2ee6b

SHA512
a6f96b9b4ec3ed00deb79b5009804fa6e474699b7ef949e0f065c214916d0a71849337d49733f88dfdeef76ad98e8cd065020174245bcd277b691299ca439462

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
51c3261c8c8e4b7efe5f208795f1c746

SHA1
db94157f501a72a37ff7fc111437ddb5521aef38

SHA256
4f73d683a8f4f9eaa39b1c686a8a7944812534ed3b25244ce685060e408b8887

SHA512
582bd1d395422ad6a0392584aa24f5600d42d08764e6b8af1ffdbe7344a279bcae33ffc1e724dee5b49c96bdc10fe49fe5201698519ee25286906c211f1a9da8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
b2177fea092e56d6033a4201994f508f

SHA1
f50ef476cefba307ffc55b88c2fac4aa47f836c5

SHA256
0c354388ae80b010772e708ab612517dca2bd6d03d073cf36499397a9643af92

SHA512
fc743341b5b4125d97841000763ef755344ee26e1c7071cc24d05dd700763dc540cc52b609102761c0dd7edc3ca2360ff70b769a5b79785bf1c1b26cd3b461e0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
79a63b611afe4d9f70d305e530585421

SHA1
379c1604973be50884ee040749df87c3978c47f7

SHA256
610f5e7a59d3a3044a06f20049d499790c3b1bd2d358abac5542002884c188fd

SHA512
6b4e94c1eaeb0f510e9c0bd2dbca993e4658097b7c0684a63ac791d49e32c7bb18dbcf62ee311e9e3ea85bb403621df2a99a1ecffeb33eb00a6a5a58e51fa1d3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
52bbe62ea7e2c3d412ef98bd844d4c4d

SHA1
9264595f15db7d73e6669c4b380dab2caf975278

SHA256
a5d806a1d318d15f137d8ffbbb19a108eaaacf7b274d5f473052fafb981073e2

SHA512
715d651f71e817d0c3bd0228708f824bac3f1af8cfc1ff8ee2bb1aa83f8cd17a44bf279be7a08dd6b71c0ce0b9894c157220f2473e88abf2ffb0085eeccba30a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
51c96f5acf81d3c5b336e08d1f713cb1

SHA1
5d8a482ae9c8fb13536085d62138ee1428fe0696

SHA256
aa6bc8fe8ea6a6df3ee879059bfb8787cc96cd8a2ca32de0a7e60043c5f98848

SHA512
2ed890e8fac67acf4fbebc61736eda6fbc2a82c85e7025cb8689de9863bf1b6d72b2a9880d1cbbae96ea73356025afead0085f8497a17a3695b94ed04dd3a5b4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
d02b7220ce90d7c8e3ae38ae149598a4

SHA1
df318bf256425ce3bda38b10def747d53191efca

SHA256
6cb21335331e38eec2b27103ac334247dfec496ef6558453ba3e0369aafa8781

SHA512
7f6240b48497867909c118770621739c30ebc4f0d55b644c42e4d92816516ca0821abaa727adb5b183fda05bbc3ed71201f049970016ffb1763083f072a85e4c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
bf2786131cb3f3cd4cf1c68ff912b0c3

SHA1
0096656a94c6eb20f4a9123c6f4b4060719f7056

SHA256
bdd074a88d9966926e52a8904dc22a33e876640caee193202a1c80b611537548

SHA512
09947ce7f2d7d198de965d44e5022d6d608622c775acd84edc5a6cc4ba011b24260a33ffbe7b061aeef5f3c340cff9ade8e1d90c758e7dfe768a01e60966dd7a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
02fbb0eedb9cbf2306b3c479956d9207

SHA1
a86c25a3e2b7b6743c9fadfb5a9c64d7dbbdc127

SHA256
231b6a7a15c1162e252dddaa04d673fb6ba7e9647bdba01d0399ed3673da1e88

SHA512
2cfd25bb78cd18d3a9fb29e9bdd2f62f775eae676f1d278964084e37c8a75a617deeae98feea824def9cde40147b8d9aaceb007cf0c282535d9ae59b9969719f

Download Submit
memory/1760-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1760-6849-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1760-6853-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1760-9037-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1760-9038-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1760-9039-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1760-9040-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1760-9041-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download