xorist | d1caaaef83891f6d7b60a0acff4cea5fab6632942efef71dd8d53df07ec67211

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-10-2024 05:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
Size

7KB
MD5

0e23d1a8ca65a4067e50718305cd8956
SHA1

3d85d49bc151777e6553953dadd798fea00a8d15
SHA256

d1caaaef83891f6d7b60a0acff4cea5fab6632942efef71dd8d53df07ec67211
SHA512

83ff6076fe686313f5872371f3ca719d8fca460fca4f83e42c458b6644ae605bf7e36c0e7a9d9d473bcb86cda05c6c4953a493d79e0a5e9612e55e43389b9eba
SSDEEP

192:Szdrr1FG1WDCgmjPZUy9mNIFM5wQGyMUA:Sprr1gkDCgSMIFMVXMB

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 5 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2380-4-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2380-9056-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2380-9055-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2380-9082-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/2380-9083-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2198) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\e2I44i200Tf2UUn.exe"	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\prnhp004.inf_amd64_neutral_53f688945cfc24cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_preference_variables.help.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc007.inf_amd64_neutral_2df575afa0f7d35f\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc00a.inf_amd64_neutral_565c5d04cc520c48\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Arithmetic_Operators.help.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_pssessions.help.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmhrtz.inf_amd64_neutral_10affee00545fb45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Assignment_Operators.help.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_WS-Management_Cmdlets.help.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced_methods.help.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_prompts.help.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmadc.inf_amd64_neutral_62d6e6995428f9d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsonyu.inf_amd64_neutral_45152a8a9362fb82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\et-EE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\angel64.inf_amd64_neutral_6bed16c93db1ccf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_trap.help.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_debuggers.help.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Automatic_Variables.help.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\manifeststore\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky002.inf_amd64_neutral_525d9740c77e325f\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiaxx002.inf_amd64_neutral_fbe080a7dd77c4a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WCN\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Path_Syntax.help.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Quoting_Rules.help.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hpoa1sd.inf_amd64_neutral_caaa16c52c48f8ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmracal.inf_amd64_neutral_857b8ff74e5a7073\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_neutral_24c807694f614911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\averfx2hbh826d_noaverir_x64.inf_amd64_neutral_da2ba9e8a30dad14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\termkbd.inf_amd64_neutral_e561157e16aa2357\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\Temp\{522f6bf6-ae20-0f66-d982-a746d010852a}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ricoh.inf_amd64_neutral_66b4504d1fb1c857\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_CommonParameters.help.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_neutral_4616c3de1949be6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_try_catch_finally.help.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_environment_variables.help.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_internationalization.help.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_transactions.help.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiabr004.inf_amd64_neutral_b1d90b3749c5e6a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_split.help.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Arithmetic_Operators.help.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0009\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions.help.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcodex.inf_amd64_neutral_9bb71004e7b8f7ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2380-4-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2380-9056-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2380-9055-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2380-9082-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2380-9083-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\4.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\InactiveTabImageMask.bmp	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\settings.html	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099167.JPG	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR14F.GIF	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\settings.html	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\DEEPBLUE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_down.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115864.GIF	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR48F.GIF	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\MessageBoxIconImages.jpg	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\currency.html	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382944.JPG	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\CONTACT.JPG	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\RSSFeeds.html	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115839.GIF	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.DOC	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\DataViewIconImages.jpg	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_rest.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\currency.html	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\AUTHORS.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099147.JPG	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341557.JPG	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ADD.GIF	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Portal\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.jpg	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\TYPE.WAV	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21370_.GIF	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TipsImage.jpg	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\43.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR26F.GIF	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR22F.GIF	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\inf\MSDTC\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnca00g.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f87aa5873e0b365e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_45286e597214a485\403-7.htm	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..anagement.resources_31bf3856ad364e35_6.1.7600.16385_it-it_52ed2b7403f80975\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-21025_31bf3856ad364e35_6.1.7600.16385_none_ae46ce08ffd37c33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\photoedge_buttongraphic.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_net1kx64.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4c90b9dd39073614\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netg664.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2682446c93017f7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Thread\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mdmhayes.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_319c855b08369670\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_6.1.7600.16385_it-it_051cb38514053e82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000040a_31bf3856ad364e35_6.1.7600.16385_none_58806e9270399981\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d8e8a9095261f025\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-msinfo32-exe.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ada03c0393f1ede1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..qossnapin.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_30443fe1dd894604\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-stobject_31bf3856ad364e35_6.1.7601.17514_none_4c2a5fb4b3be1db1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-qwave.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a55cd3631fd09044\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..ment-core.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c3debc2d5eb92b3c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wdc-events_31bf3856ad364e35_6.1.7600.16385_none_d3d56c8ea90213c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wpd-legacywmdmapi_31bf3856ad364e35_6.1.7600.16385_none_5980e766d0fe239f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_fundisc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3a2c653dd66a2461\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx35linq-csharp_31bf3856ad364e35_6.1.7601.17514_none_7551b4792ac9630d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..onal-codepage-20280_31bf3856ad364e35_6.1.7600.16385_none_55063f5b4598b45d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..idmanager.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4c283305d92bec8e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-dns-client.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c5cadca61feef0d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..integrity.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e1d43b7231367ad9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_9ff90c68df2532f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-scheduleui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a1c631850fef164e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-webservices_31bf3856ad364e35_6.1.7601.17514_none_6ca25da84551ca13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_Signing.help.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7600.16385_none_a116e710cac6dc6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..utilities.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e32191a6d0881586\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-takeown.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b5da002c52680f4c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-appid.resources_31bf3856ad364e35_6.1.7600.16385_es-es_91ead78ec6b2bd15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-r..nt-v1-api.resources_31bf3856ad364e35_6.1.7600.16385_it-it_16ced99585f8095f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..tivexcore.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_746a89639016e5ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-00000401_31bf3856ad364e35_6.1.7600.16385_none_4d8bc044b249822c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\e1a68d2a01e132ebc60a5565a771902b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-defrag-cmdline_31bf3856ad364e35_6.1.7600.16385_none_2370c162e00680c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-performance.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d178a9f6eeb957ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-packager.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e4fc0e70f8414613\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ja-jp_3f3fe41f00efb443\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_Comment_Based_Help.help.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-a..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e4c4f869097f6d0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-winre-recoveryagent_31bf3856ad364e35_6.1.7601.17514_none_bcd407cfce259313\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\83e2f6909980da7347e7806d8c26670e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..managerui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f76b7aef3ff93a13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..environment-strings_31bf3856ad364e35_6.1.7600.16385_none_54770154269f6123\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000044c_31bf3856ad364e35_6.1.7600.16385_none_596321ce6fa80913\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_it-it_40c62b25b8bd3ab4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\Installer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..opeerbase.resources_31bf3856ad364e35_6.1.7600.16385_it-it_63e33adf5cbf99c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-touchinput-adm_31bf3856ad364e35_6.1.7600.16385_none_3976cddbeea7650b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_usbcir.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_573915e060e1b3d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.22091_none_8fad227618f5bada\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-themeui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9dca7b0ecf029c4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ced847eb933ffee8e1a2e738205916ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..snapindll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_faa53288b11cbb02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\next_hov.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..rgraphing.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ff84ba08a32b21e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17514_none_75d78dc0bb37c026\Pine_Lumber.jpg	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0ebef5f9b4ac9b9d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-unimodem-core_31bf3856ad364e35_6.1.7600.16385_none_fae1cec5229fb80c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-c..tasp1.res.resources_31bf3856ad364e35_6.1.7600.16385_en-us_117a2d73e4f54b47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DSRHMQACJKQPLWP	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DSRHMQACJKQPLWP\DefaultIcon	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DSRHMQACJKQPLWP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\e2I44i200Tf2UUn.exe,0"	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DSRHMQACJKQPLWP\shell	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DSRHMQACJKQPLWP\shell\open	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DSRHMQACJKQPLWP\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\e2I44i200Tf2UUn.exe"	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "DSRHMQACJKQPLWP"	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DSRHMQACJKQPLWP\ = "CRYPTED!"	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DSRHMQACJKQPLWP\shell\open\command	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
294B

MD5
42f460dcb4ef90dc584477c676ec027e

SHA1
e6c32a7b97966c18a9fe0061f314bc3b80afc33b

SHA256
081ec37b52c13e9ac56cef23011a65ce2846f644ef5bfa723f79be61ce97a52b

SHA512
36c53dc3168516abc179748d579e62c64c54e1d5014cb8fcc327e7662227d57495ff4e50f5c81f2b4926ba2acd752674d2f3a99ca4f5690c2eb0ae50b6186d68

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
c36a8d3177cca5244ee3d4047461c5ce

SHA1
9904aa52f91521ab7cd509290073a4c9b6a3296a

SHA256
fd24927ca77f43e0d9049c36713b77d8cdb54c3e3823ba63ea369af4c81d5cef

SHA512
994ee15bb21b53f92083d4ae7a1b4c438d33024d4a126c1f135caaf5a96ec244a6557c033cc0f390dace5262dcfe9f5b3efcdef628ddfc350092356db384c587

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
60f5772a962af8d54f4dbbe64edc4e23

SHA1
5d51ecfb1f7c8029c553194865dca93ad2efe860

SHA256
67349984c1a78bbbd1da65e5cd01f1cc4ab1ae219d98c6fbe12175bb5437d5f6

SHA512
1812d077a5fd569265753167e1c86eb6f2f06e97af04d71837cc5d4a002de7e867ef084a363caddfd82abe6c23103dcae9f0acd8817b0d0f6d2d40a58a20c9af

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
3dcbaa12d891bb7835e9c216ff0bc2ee

SHA1
9b8627f6a8c7a61135211e3a6000d9197348e698

SHA256
e4ee8a24d35dcac7a11cbf9523334af6bcb5c91ffc569ca3a7bda52bc125a142

SHA512
e4da5e927f672ef95455fa38e229448436b0ae9aeae2209bcce86ed444d17c884cab4892c0ebf8582db29378fa69c9d7dfcef9dd60d18274df355b57ce9fb97c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
fb058bc1edcdc617afaeddee6e6d04b7

SHA1
5b93866d9e2f56a4c694bf66fa45da7f9365b896

SHA256
76154eb03ab281c07143ea07a80b801572decdde986f327fd45a41f900d39e26

SHA512
dd3116ee4fd9d1e3d767311da990fccdea1e3dd4f197243545d9c8fb149ab5a5e84cbb2d73ae7643811079bc2bc83d60d1eaf7110044396aac3b95f9c92f61ba

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
33fb34a5cfd2a921152417d5a2df34ed

SHA1
430a31c08e82a679a878ffe2c20f9f46735d45ea

SHA256
9bafe3beff6ae7a769080ea86a7a2ba66c5648d79a710b867ba424043ac09eaa

SHA512
0db247f9fab3b80456fcff5045e73fa5413c1f1c9b6e4a38324779547db305a5b03ff3e1998f7f8eee92acffdc7df47cfdbb881df1f90a9ea4e0cedac8aa86de

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
032d146e9b8a1128df957c9cdad0b291

SHA1
9ec3e98a65676daa9d8a1c694743b88718242dbe

SHA256
0a1e4ff6c01835da08efacb53894460ff148ef99c79690ab093a7b48fdd06fe0

SHA512
2761ab82425a031af83730fc8f7b46f092cd2684ed09cf152c8821506d4ecf826393d8129499d9706d8678c09693a2f0ed8f67b0c74cc1ea1dd9cdca699e7067

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
b43893282d20760cc2598462bb6d086c

SHA1
60f1d7dc45b258a627dd862b5544b881a707fad6

SHA256
8545a99d1ca22d76283976edbdb60ef3f03f1cd5c366fa42950a4d28c6cb4ee3

SHA512
6819a76ae5f77651a25a57218a5ad8158c4f38e8534bf36403515ca5cfb07acef22fe32132d1ebb8665dd060f6b3e5e2a5340137f669078aa3da640fcc4b1656

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
33212ac86a70d2ea470ff3cb458ba763

SHA1
810e6cda301c3861d5de697c3244b55672a27ea8

SHA256
d4e28022d4cb16bf6a4a485df7009bb06c90250afd00b63a827bd96da7673cdb

SHA512
b4acb1370ef765c798bdc79efcaf2534179bdf49c1fd20c9d30f8debcc619f2728c1993004517d82597ef3f99067131de3569851406054b968b6ee35908a85eb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
f2565c584c4270ff9de04c17fe0148cd

SHA1
fd73544fa3c98bed4072a9fe81165b6401c81650

SHA256
da2d8580642d7f789aff303c0300e632ce0c8e0def300741c95e7a717ded6f16

SHA512
ed7262fb01e864ba7de466810fa5b0b36f4f99d73f4d2b68e219bf06b1758078f8bb548edc2399a1cb9df8a1a2541a390c352496c3f17bc61aee1b607c7e8bf7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
a9c255c6eb2390e31af18feb23c1bc98

SHA1
bfb9683d192491cf6070f9ccfb20379d188a9685

SHA256
aba54c5aa58f4a96b6da1e89a720bf327973a1226fe039d8ee545c7bb99a9127

SHA512
20ec709e14b00e80919ddb1e2a43bc901694ddab146fb2baf26926e41abd654b93f0742051f440afc1304158bcb29b9278801202021552be7a45ebff7af9d147

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
20e6efae40984999f272816187327ad7

SHA1
a05f676c6d43bae553b5ab2ed3dc9bdb9a225ef0

SHA256
7d87e264aa9b19debdb92e4a01977db9c7242820590168942a678578ed9fe66b

SHA512
e9a8ab489a23af7537892ee222aa64369c75c0571b5e3f634afda4c44ebf734c27b2a246fcc5ba1f5b51129384e304fae2caa3960a68455c9dba37101ffa9224

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
31c66b31e897b74cbdbc5ed3d3531fd3

SHA1
6b8b59fb38433c7541de30b6c08db80d4f3c1fa7

SHA256
021835f0cd7bd77ccd71cf4f92b8970111b3229f02cdae7b1f540f41949f100a

SHA512
62feb96f2ccbc6b8cb3a3a664aafc9b19ea05da2517e794eeb9a4cbdcb2e3c838c835b56ea9c2a7c887675b3e5495befc588177e87b4559f078c2648c73b43c8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
7d99880782b503fcfa359e0292e798c5

SHA1
0ce9bd6fc404b9df834a4cc7325c8cbe4ab379e1

SHA256
ccdc2a0de5f1cd9cb40579101c7d2d84930aa81b0f8861e8d138ab1ead924763

SHA512
4a9e6696b96027da59070762afdf42ddba39835be4de617eb1952cf2b10c3608607bb0cb951f36580a9c9e7f62ec9d407545342ccf70c749590d1d0688ced3c0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
c92c57f1bfde8b30b5f4c1dc9f2ce4d4

SHA1
7a9bd2e93a791c08b21c6d24d333b7d800162613

SHA256
526778e7b7063127f60db2b7edb2dcc716bb3d214e037a2e1c5cdb04fc3e0232

SHA512
a042be6dd482eeb0d4eb2b29e05594e8f70dd5f0cbea21270fdf9b588721ee654d80ce5e1786321d684e608750e5238213e0478f4fea22a8d58e8ecf51b05e9b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
07e64b28618507eb8a955f3a3796c2d1

SHA1
431327c495ad843dda348eafb169c46b1b7dc90a

SHA256
e0b6fdec1448f1b7d89fadfce540c8a705710659936d8bc906d98e04f75334de

SHA512
7d9a68e3a3d472765b4c76ce5701d964aee85a18fabadac3952f8871f1e0a289b663411cecc40795b3f63547467de7fbc29ce072706d0c8cf8b709bf4da352e2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
39ab0fb5f6802edde4d631b886ff590d

SHA1
55237f414a48990c16e9f4869f70e440c5e0248d

SHA256
6a7a838e2f9c60ab67d28791b6f9bf98c2870ad681109ce9248bb1c768d46942

SHA512
a23669dfc6aef6b43a14f71c1b0aeb0356aeab9c6133ef334a66be0e780c311e5a7eac6cbc1ad13b2c9344b6ed22315765d1d4a877ac0474e486e2124f47e8ce

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
b0f08e8a11f42d947220762392dfbe97

SHA1
1315e124ab8bbda40f2f68864f22404f412c2b1b

SHA256
63e65bbdb177f800d67060cf44f9373a5ef18b33ed8b5fab21fdaee4ead62734

SHA512
5a689ad78ba3f5123cd4d3f3c3402bbf68158c846e62841a717ca8dcabb72ab2014882f124f3be620d408fd9b08cc3d53611a3d9b41c67774094d5f771e94109

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
b0f103c54d526eeb65ad4e2c20b2fe78

SHA1
d7fa5d4affe55479e2b462cd2452a36f4ce3bf25

SHA256
43e937c47d2b7f5aa2982e06e084eaef5013ae7808ed3865aef68bf96d93626e

SHA512
6eb74577433ecef2d38898805ee00a50ac86957329ff7bd966b3240e1b0d539a761963ebd2d6e5acdf2495a74fb4d956f50bc47c76bfdd0575935ef476e32b27

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
f92eda30bedaca08e2f491f450b2fa45

SHA1
b099ce0002af40b74d12405d10a4baf7794580db

SHA256
110107abe2a17bda032eddc7518aba6736a498cef2ef17924c8a44377487679c

SHA512
85e72323e81bee36749986e49724373f42a2a57d1bf9bcafc29cb1fe4fcebc78d27c2d2e0fd7ef49bff5434217653109cc8fbd25abb5875e7f478825a5441739

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
1712853431ec61f9257c0094ab04dc12

SHA1
8c7a03134b4a5529659f72ce5e92fde9aeab55b1

SHA256
85aa079bb46879e6a7541eca2bb96ab1823417c7318da98f3ff2251f19ba1a08

SHA512
96c9a0d82df0aedf442089676825dceaf661ccb46dd550f14aed94e840a0a6b2e20e63cf449fafc372c97204a84e3c0ab00eaa3f7eb30fdbf51c3c2742037834

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
ca521f3da184bbc5348d998783c18e91

SHA1
7571bbf4b0b77e66b3a988dfe2c0604bdfd60e2b

SHA256
dbbf50b5b29ea324163638bee4308649cfe563414968fd1f463ed50ce2f255f4

SHA512
886cd85053b0401aa32358ee4a04c004f35ce74df2ef1723869192e7b4e7d147f5fd664ca83f54923a10c3555fabc6c978ffa4042818595b9a3a4a728844bcd5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
014662f8656e9e172b3f9025de6a96a7

SHA1
4a445dbbbde9ef4fb623a2e8cc6d52daea02ad28

SHA256
f714d98c49e53e5c14a3b06fb1b8118fa9dbb5886ecd330618006a3357a4355f

SHA512
615623a97224958605303564f707c80b9729ecf298fe72f6d8e7aedaaf68ae83a1e6783bb6cf30ab6506ef688cc29ffd04c8101b3c6ea0df9908714d0bdcd0eb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
36a3f49f69d1900f810fd23e522a9a62

SHA1
fa025800c6a18628d79ba96be9c3c1efdde31df1

SHA256
f5bdabb23f21d52b33907efbedf5da8ee8f4aa449107adefe640d70b0bb9372a

SHA512
915591ea31b283ea4ebaa5b0a917303de84f557686ba59fda390b93b04be45764e214aa99d7ea8938793e92dba3b6e60da8da249e499acf1cc586b1fd87fb68e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
e9f9e857f1742ec86fb2d5bd14e61d5c

SHA1
d0afc2a8a094056722a0b0c0ff9d77e3dd1faf15

SHA256
3188b699a2cf500d54c9692ea5bea19ea9bd1aa67b8e99df7ea2ff979d562f50

SHA512
bf4cf899fa6a18994315d64e73230a8e160938f0ef9c4740a2a7647b1b5c8c8c6d117f7e149b25f47d148f8115c03e2d4cbe5fccce802d3b61c8da4337a3205d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
99d837929ac23f626145111828d21cd1

SHA1
4bd82fd8c5fe2d0e7caa8343419a2f2ff41fae8e

SHA256
16ce3a691602d412bea2acdf8e5e103b881011d3a7e1361397cb36f84df8ca32

SHA512
9367735c37ba851640b2c6ce8e4f92a21890c8d6bd6d94a8b4c761bdfc294ff6ef2d4a7018f1111d65d45a986e997c4116b8808fd400b6507e8bb14f0faec6a3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
2859a7300fa0891aec5f3ea1a8e6c450

SHA1
6f0c09124b9d87c6bdd45f4164676aeb3eb2868e

SHA256
894fa14bdd3adb2c753796d1435030f5dfb2ae63550234ef6486f9555bfec92d

SHA512
2c77274dc6fa37fc662d3a684f070804405273ed0f8ea7c1118afcd6f33c68d1bb8a967752fbdad9bdc3e73122d355cea64eb8ff0d8068814f4d5848c58b6e8e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
220ab00849098824b26746acbf7a8598

SHA1
7a1f399fedb8986a8b89e79bce151c09952637b0

SHA256
c3e0cbfacab64d712de5cc7560b0d97fdb1e16a7753a40b6551f3f8e5ae9ea55

SHA512
53b3732417c5653b62d70fa2aaa853be80839be82697abf88d449cb40a8ea10e600317a8dd393cfd1e9a4c75d736191cb8bb32357b70712c8673200d61b725fc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
8149b56df05c7cfd274f7a41e5b1e8ad

SHA1
50bdf650c832fea9402921e51bdfd97f30d83263

SHA256
ae24b23888454673eb8931a3283a8d3f219c1ef00ce3b99eb53c8866e683a026

SHA512
17dbf63f80e7cecdc202cee484a1d038737cfd3198f1d11880d04268cc69e5dc9a4b0d02d600668b14b0e48d1d1a491de6c379d87a68bccc54499a6b9e7bbaf7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
ed41e13d165873a4262b1c210014fe07

SHA1
7abc433b713d7008a6040172c40f776561b66f3a

SHA256
dde5547d1f3dc0c91aed0b500de981e0ae73ddf90dcc3cceded81f50edb30571

SHA512
299b9934737d23def979b55e28ed934f263cad3c9acfdfe2376466090a5f9b051b4d8cfaa50ddc5af90e18456c4185a2298b0be57fc4b971f2827a735aebd102

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
90c877b07f30fd39b8d074c61a31a05c

SHA1
037e89015023e6420c0593117fe0d6866b8c38cb

SHA256
6e6ce389587cfbf16f342bbec3cfd83a8a53b689f7a077220edd900a51bf9fac

SHA512
f19e18361fd12b195a688ea2c51ac066051b54ab020996449154b69994c9d26cf69dbe88b0a6595f4a1ae6add58116180a89367e3533c5c435d8a417bd37597e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
b35460fb53bb3ea8a7da1dcf43a86239

SHA1
e97381596aed5b01cc1ec8ccd052bd32fff3cbcb

SHA256
b3168d892099e22bd22a5e0f7708206a86c5dec1435385aebf308639c4d53632

SHA512
4a2bfc002187c91c69317001aafd66d4b7400c3fd25c59e978d1c6aff0c5e9b97a9b9ead79362b932e7e250131f70f1ee66a8a44ad80ba8bf5e9a856a8b4b5a5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
497fd043840e2356285d110ff6484b94

SHA1
04f9ca5f85fd7fdecaf219dbd92e6f38f7cbeb0d

SHA256
e10c090311f1e4ac573a431c640ccd91c951e960b28c217b173b4be339c68ce0

SHA512
fdba9a1eeb8b516ac14d44ff2c48642cf8965eb240f3866ce07b5f271f5b881ba71fbd4620c90dcf8da7470e135daa701307bff78b0bbf915915f14796c72047

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
c613e5770c601074633410752e15d1a1

SHA1
de4bb6da7d53852d0493ad10c1b507762a2b3d7b

SHA256
819b46192af4e64182764fef5073969c5381a9dceb7bc3db66b4ab0f31bd47ba

SHA512
4a9be99ab1df56b4a877c5f13ee2d76197fb041927bccbf60655077814ed373babb07cea969446591a9a69f2e5cdaf5849c2f66dbf533ad33aa334d7f192f079

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
88e94708ee9d6e88029691656a9269da

SHA1
fdbdd233d91bacb4187ebfee60427d14979d5b8e

SHA256
3410ea3d90afdcb6ce4b1707f3a693b4f3197862e0806239a37887c4fdbd91c8

SHA512
7fda4425bcd71e26a729818b016a5236448c01c820145f7de9d444196be8355eafd44774cc140c0a19db33eaac69bb901012fd2b09a1f92a24188e695bca276c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
e115736c1e9117645b263050a310d0dd

SHA1
b0e715b6b5373fb8f4945ce90b9483c40fe2faf1

SHA256
fe3f6f9f22d490af4499c674bccc2aad41deb40b8446310375a967e73578a405

SHA512
a6e5a26f71ff1b94a180cead34ff2b3ddc6b8691283d1c830788d011b1e061c749926c5c379672688c13bf7828afeeb730869f85989f9a5972ca52c588a742a2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
3f391fa3d157b300cb20f10f4b719862

SHA1
9504b7866d28d0777f02dc1208ff0e76b47c6fa1

SHA256
01da7d2a45e997c2a143cca76e69977cfa25075da9464ca91f8fe330dfd3662b

SHA512
0330189a04610f9e8a3f222c9e0f48b0d35660f195a6fd5231747434a78702d8716a4b3d0da1086fd06d13ee2268be35fae9f0c890cc61d36d975c75d9a26f80

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
2c0698f7f7270bd137e43461132ce58c

SHA1
004e710072772ee908ceeb3e2edb944d2bd4899e

SHA256
277423033dd92669a06f0a4d695601393e0f26291f441c2b2617c225a6449b21

SHA512
45917bce636f042b585663bf2e28c5738af1f6fe18c6e53d52363d473a4ce602b3469d95c12d6859820adb2876e2d315d1ea05dc7d7ab5962ae1cb6e97456d1b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
60b0a07e2358ddfd6a1d254e390bd27d

SHA1
471970c4aaae6c66e95ed47d6b69f4c45fc941ea

SHA256
00d9f220d1cc195eff5ffbfd0689d2f6babd33c3f09a705f94cf5ab6ebd2d812

SHA512
8d6f8f83b8d2d7f8117e9e712a1503d16a9f9c970ebc52cab4173f75f8a91270e988c919cf9b5b7660cd2745ac4c3ccdae01767d64dd462bc86bff90bd81a78d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
d3edbd7195c2f0dc5998e32f3f8973c8

SHA1
8fe77f7576c6a04fa5482fb387a85562c7379813

SHA256
cc8e0e0dafc1e2a0e9d7819adda01b28d1296f1a5cce2e63629df46e2504e5b4

SHA512
934fd36acfce1e2628dd5f2703b80acdd092ab2c77267452f48d218db77e1fdf17aea3417bc8e7e5bf1370ae7c0cafb4ae1fb8ca4ac3b2b0a4ffaee4b2994753

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
da0af4d575f0129ea6ee63c02bf86acb

SHA1
e2b687f52bc15913b05a182f4ef0dd0192608301

SHA256
77f2cff8f730b9ed353629c37f894ccaf4c8c2aeeaac5d392479945e1b229524

SHA512
1675c1405fac19bd3b46d9c1042cfba3062e94d250cc2afeb032721ef5025ba32f8482b5464f91b75876970dcbc526afdf6b6cbbdbe9d14eb9971040b01263ab

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
93ba32429711aa122ec292c56cdc6ebc

SHA1
5dc90d17b06edf034c5098e41daca548c9033af4

SHA256
fbaa54dd56d82f5f72670fab17c0ddb62ebebd71b98ef4cc44cee1021d8dae84

SHA512
a9dbd74d9084b52a8a6ece490cec46accb094fc3ceb2af05cda73636e79427030b7311e7fc763ef22028aa9dc8a68da4fa83e723ada66010a612574a415a8e52

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
9718d6845ee3f43a3f1033940caa8e45

SHA1
40c3dfb281d3ce02fc38e63629d123434675be7c

SHA256
55aede75c483fb4bcd0627c4963cc357fccfc4634cec084474f7a126a2c2f496

SHA512
bd066a56c66a0d0dc899a6468e0a24c99f3e7c639d8300d7c757829816bced32c4c9c435eecc0145882baee9a8cc149a2fb9b55b3a7cea9ee881737994ac63e7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
5f8df0532b4e3fea1b6a030257ae6ebe

SHA1
4b3498e38b2453fcd5d90c041cccab2772790049

SHA256
a26048fa05aee1aedbcf928336af78adde31f4f73ad22e6939221abdf027bf17

SHA512
51366ec8642f30a1514c41c9d54902d584923dfe2d100293c6bce6e6c058da504103f45510a006fa35be51cd716d54d5b265ff4f56c65de11d5cb3a0d0d4ae77

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
16164bd8d9cbbd93f55dfa52ddeb9922

SHA1
da3f0efcab6480eb2865fe4767c0dc245ffdb32a

SHA256
037d3330bf5eeedd30a438e41e819959cc775af79329a842bd60a18804727c11

SHA512
42ed8ea38ccb4ffea415fb80ad4ecd3b8e9dcfa3f8786f75eed5c0c76ca8e6eacfcb3ff415f17d6a620ff370b80859341abd4182a6f76a3f1b1bc35910c6d4a1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
d67ae62a22924d2e6ae8fa3a3aea8357

SHA1
a976e9bcb80d9e902d7b6e37b6a651af71095793

SHA256
d3068e3f24633bea5e70823d9d94cf6243baa874cc57790126f9ee00a0e0f1cd

SHA512
689d8c6df9e2d098402abe301a0316bb2783cc1de1538f54b154f0c39443d7bbf84728c71717af89fe9ea237f6ae25a56c4be30d9042cadb609edf21cd80de50

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
f6ec6f5ecb4fea6570563f70b655f72b

SHA1
b9f8728a5569210cfc06bf0ea30ba109159b2fae

SHA256
98fb962abf6f52720973262c9ba6a5e9142b9b0b4939243dc347b9c258d0b80c

SHA512
82fd1b43feeadba442ef261fa35686f8046ba7ce1357f92d9fa134ed0f5aa8f34bd1e9ef43b4da9c664d8f2bd84d537817cdae8836152e5110b46bcde6f16895

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
e6d53fd938d900e50554b40f246b1b58

SHA1
4e2c5420c3d119cc1f5796b3a4bef361413c7b0f

SHA256
73cf3535018e98b632547314f6aea29ec561dcd3f0059f587f1da0d4aa479371

SHA512
1b82aaafce440059808f4da8faa3af9f8d7f8f3ed6f2a56f9e675f2b5c3283566275f7c449270ea812dde6c742cf94b04e7171041a7215c4435b150c413e7ad3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
5395518bccdc86224f798cd069002a00

SHA1
41257773758c91708fdaef248639029eb5886a24

SHA256
424787335b79ab52f00e8385d488aff2eff517ae09955ba8f468591aa5d1c4e1

SHA512
4ba4239d474ffe45138109435a24b0436c9c315764c0a8ab73586d5a5ab7980cc074bd2144ce2cedbed0172f5e06cf74013b8877fd5533b54aced23007db5a10

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
81b9407a5e246fefe7f15bcdbda50a1f

SHA1
45999e423d1d4d0589f12683b7c46ea64bdec50f

SHA256
e49f332aa64209c0fc3f9e393f865bb080099452d0dc94acfafbfdc6fd1232c3

SHA512
5e1e5f6c8044cae16fae68b00a6a2c0d8113fcec30bce0623379320fc995cd834cc29a077de93ebef22c1525fbd5ee56bf9369c298d3a2ece261142e4d1917f0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
0be49a5949528e74612b06220012e364

SHA1
5fd8e769bf5e41dc4d60fc73875dcf251a4dc892

SHA256
f66819742e0991b6650e10135bcd9898c4b8b8983bc420d9c3ad38a0d786ad90

SHA512
27b8b170e1c2a9029b1daff0b1a601c91ce66083104e61c1beee3fcbdcb131820e5ce6c04c60f6ee7ce3d4aa4dfc0bd6900ee4f8a91836de69f2dfaa97c26259

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
9287d5ace870794674d00aca0b686c59

SHA1
f5ca35ef8d12a47046b3d34fa8d0d436b0d71d1e

SHA256
5e5c7ea25bc9ee6eefe8b0acee69fa650c4e7da186ff31a9dbf0dff2f5f43a96

SHA512
ea03d8eaeffd4f076465c62b38e72ca70604616f64106e27fd45fde418a9a5853d3de5ab0659b03d08d87d0dc8012af5130460c314aedf8024ca81855858ea49

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
51210492399c55fef56e2fad2471266f

SHA1
53702ee63d61ebee5467576a75f130bc0ad8de2c

SHA256
24d3dd0a408d78fff84dc8f900fc27336d9860d288da64b050d7f38f20092c28

SHA512
99aa2148a65d7ff06831127d0919d213fb87ae0ee2660fe0af4443c184c90192d73422490b4b4f054813e37915fb3e2f46edec006cecd014482174c9f2427665

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
68b9e1895497813bd6174a939369a97b

SHA1
321a97f88cc0673355fdaf3b561b7560741510cf

SHA256
d984a1c01d5bf8a5a49d09c25abc052083a9fb102ad12172cf064f3cbba333c5

SHA512
ae1f63b3c5130c47260154513cf1d9309fd799eec8a3e4710ef9346b448e62f3beb490bf6a950bf03d2dff7dcf043059311d12a37779cd5429930111bde35569

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
bac50c3176bd0ee82699accccc3ac841

SHA1
76d71f91eed08146c15cd314755de3bf9632036d

SHA256
ed4d1332c67f6233f23114fe2050328fa5cc88777b77fd67f7514b950a766ef6

SHA512
aa7f5ea87753aa6c9574a590b9c4ec2cfc0dec72d5903e8cde1777878e758e078d7d3e673801f4f208513e51966b0629e57a77697a3fe0607dff11ad4b6b87c9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
303412d6f9e8a4a2b8e4c6d9f4e022b4

SHA1
80ddb479225a24dae1ceeac0fcd02001302c9420

SHA256
fba9969b38df3fda3a06736de4e4a3b64f01dde084412541d9d1a180a40a935f

SHA512
c5f9ea23134a3f49cc10295f3dec84197b016b0004827ca5ade23ade6bc0bccc2a3292e9510b3d847637dbc819a165e6da7371ab5c74052ad5a6dd57065dc2d0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
c62a44069ba5d32dc2fe27fc580c591b

SHA1
ef8ac1d7a9c6d543c26c057a7fa9dce1ba031d72

SHA256
21e5f55be965b1f91fc4ddce590d941b589c859fd85f348873e7bd6f0452d49a

SHA512
290b2785cc95062e1430d8e5fb577ea24971148c15748e774044f1bc8a9ecedd35946da908808e829d9a3d6203607d86b4fbb144be223731b07f627ae9290993

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
8a4b943146345a9cd2ac1bd3164ab4de

SHA1
83d3fc6b4c980bd9f056c5c4152beab7b81ed3bd

SHA256
f3a0852263a676459265cc278f3708effbe1d8978909ebf6ede2ee358011b686

SHA512
e027414b71e5815c3cf2868cdc7be8d9b78f8302103a6090ca20b473ea0ac6296ede858b4f9425e221e051201573e5b4b14d3c5a914ead7f48af80074a50fd10

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
c267699cfe1955e9fc94c31bae660046

SHA1
4569e0659f4d6bca692f69b88d2f711724c64815

SHA256
8f0af2862d36bbf5b6c233e4d95956760ac9997ec8f7236314be2cd6615e6f0b

SHA512
a57ed4b2ad125473cb41df4119742234f5cde88797aa81fd644cf7bc71bad86a40661f25c91b8e7a2dc436329f5d708bf8e99bdc4d42d4715440a96e735cc0dd

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
864d4bdc98b5ad7948d84cfa058d075b

SHA1
e8dfe2f6fc443ff03181dd691e928bb533877f10

SHA256
f74f8d9c2ac128c1b26fd527a1afcaa1857a837bfcff3030ba3c8029562401db

SHA512
9af3c7585072defd0489d4fe1b7376a1430febf8c0a059decae8353f167c9f1aa91aef1e3fc401c9019cb6552dcc77417b34e823c956ffa05da6086c4cd75f7f

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
0487309fe6a430ee4881453bea37f229

SHA1
29d8a85d9aa7c9954ca5caa5e57c3d0f468ef82b

SHA256
e1270003ea2acd6dea8de128c8ab459ff06401a357c596d5140ee916a36a640d

SHA512
c75b8f0fa36f816e6b3cc53bf04ec18f659beee638f88734e81f00c3c6ea8dc7e6b339053c0c0f1981782f65a942cc9d746087eafd722c29560a481d21f0678a

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
a83a3f76597e54287e8c0cca71df2923

SHA1
4ce713998c2cdaf98b51cb543c32b56d43eb11de

SHA256
6db5401731f0ecf5a041d9f85419f8874fd4a5b512202b908cf3e342dc7db8db

SHA512
642c55fe81ed0a3e98a3be18dafbc049ac430647c33d74041807470132368ca75402deafbccfcc8574e0823a9d95c367943c335d3f3cbea419367fb5600e726c

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
a52ff9c02921aa753a1ed5e9154a2e8a

SHA1
9fd12ffae8a1e675db40495ef16b6ce3b996d235

SHA256
d003cfeb016b60f33ebd8f7092f106e2bdd2c7fb3cfc71fe0600816cb5a81978

SHA512
f20d7652b49687fce71d22c628ce211616c8e91846f4dd9b92b6a4c52ccd8334afcde16fb646d2504dd2a2f030cce07a29347feba259b5be2e769c5724fe3f62

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
94c74b8f9e0172ad164126cbbcb15ba3

SHA1
20fdf2a9a6aabf94bdd432854719bd2deda97566

SHA256
f8b18fadd34bb7155099c67a6f55fed043bf136f8e6ce3b96e5463b591ab3ad4

SHA512
ecc05a5bb7bc3f2b73e157bf391a1c2ca59facd4a12b8a07a628dbc8bfcac5c03d613208d4d9fb95f279cad9d1ee8827a8e594907eb71e0a9457f29fd37cb85f

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
ac29bca526a7888d8821f22f91bf452f

SHA1
ee8665e1c8df6ed35d51621f1831064281afd39f

SHA256
d8b46d8f57dfaed3f40ec6b5c4ce2888a37e231d1663df6585622a7de8029e9b

SHA512
5b2a96f839019d959a72404b815703c1d362318ccdc40ef8770aea158cb78b97d664e8fdd2659984b448146da9c87c35b732d7a48eb3e092677834b42cef8117

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
465c3a785adc8acfe877487039d0e0d4

SHA1
5becdc92a5c5a6f7a6d40335e379d32f9a074205

SHA256
ce6acf9bed23a0ec35134fbefa44ecff72322a8cde1a263e94cdb4bf03c0aac2

SHA512
dc0985e39e575ddd32dfc01c358ac8ba7075f0ce960620d26d41e04845adb254a144bc73dbdcfa0ea91f1e36d2d8ad5f3f3595cb960e9241ee06bdd51493c097

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
1299d7a82778d1fd469f58dd7f40aec6

SHA1
87814bd41de9e534fc768df5f59d6392426b65ef

SHA256
f6ca778a2b1aac07d0cb04fe55e5e89c14fb72e80c5afffd717bdaada6a57f98

SHA512
c60190d7b07c7d37626b05a68efde152468b9a0b303ef881eb1ca8ba33e7783d024017b8cba92456c227fcd39a1fec53cc0022bca73c73e9ec5c539ef6cfecc7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
6056cbb2f00698f01437a6f08522124d

SHA1
a26bed9153b36dafc0a6c03623b0409814efa9b9

SHA256
8fea7da83cc467c797aaf952e60edf068d2f16331363c8ccf52cdac0e1c46f29

SHA512
939bc9649f9c12f163e7515535b678e2397d68683aa588608990200266bf0804169e251715b9cba5923d555171aeada6dfee5abd1c119c4d20d79171cab9e76f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
82975b048609b61dd5973cbf34750522

SHA1
b99b7ec672d5ee43a8c53e14668406402012d243

SHA256
fd9227b5cf074e26294828049ca5401e76ed1686493b328fa08a32216e7019ef

SHA512
75ae8e8117d6c5ba8cbfdc2cfd690b04095bbdbf011bfabbfc5602b1ac45bd78e4333d8022f91421a5edc41d1162cf2beae64118e8ee761e39982bc2a66e4868

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
d6d8fa787408078f6d2c18ead7d6d0f3

SHA1
cd9ab4e8d5724000f3cad7529b86f55246f7e95e

SHA256
14d646449c981192a46806801b353a9051ec46d4ae093cff50d3da66496f2f28

SHA512
a8aead0ef50cd10aac9ff3db8f0349eb469c17cbeecb668efc509df6162cab47f6c9808c7aebdf25accba52958f78cbbb6a27d33961aacd052c67a2fdd737ef2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
21686c981efe974fef59ce39e3ba9e40

SHA1
ace519a36586da105b205e6b09990bcbcd979bd2

SHA256
0c1ac31989b5f22b697fe5d56876c149d3bb6e117bb900ce84a29f7d2ddd5eeb

SHA512
7f2ae78b795ab0188b0c8f42425003c89f2c68e1966f44801dbeaf7016f9e3ce62c53d3476ec2e2d761dd97aef8978736b8dcb8759b3b6a2f1ff2bf8f2c5f49b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
01225d10447ab15f55735cf1b654f96a

SHA1
9842566f8d4aaef617707d83a9dbccb9015d0d3e

SHA256
24b02b59fb3b2bfd208b70ea1e24e5897885c5d0f8904f2bc815cdb324e11257

SHA512
1b03ff812532a0296659b993b0041fbf53b48b176252de2fc0e9112173cfaa16ef4f1bf830643bd06280f6d4f0efe0ba01147b2254e9fcf10c51c0e4f6774e9d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
337d6f468453510719f04849be2b3abf

SHA1
b2bb13104108a8d5e2025b3cdd95da012b2ae8f0

SHA256
4eec38672ad7e90c2c058d428d549a2b8808fb1b1f2e06f2f7a92dd78520b695

SHA512
d3821b5db63f434fc9642f9738200aa6239692d610a2223d7ec10528c80ee059b1703d5d51b8a77dc1a0d2b35180e15e96456f8f286911f058eeae1a668e1692

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
8a30bfb289c47e8a027bfe8a3782fe3f

SHA1
754e5ae22a9c595e4b964ef7cb46dd9453452587

SHA256
2147547f3ec9df1693d71af4eaa473f621252a793a0294134256598e013523ae

SHA512
8e1e5d678c3106d34f88846e37a031136ba44e85b8d9d459ae868b9f879e4d83f93d8174fb6ff3f30a6daeed0a5c42ca8a344c89559d4a621d6281bca2deb693

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
39c437c108986d0c722c33a34ae58983

SHA1
d8513abf4b0ea4c2d44c06b0609bfbfffbc74855

SHA256
c89ada045f83a12d76c01726bc7c11e8d6e8241a3f8696b87fd3dcf97b7f00ff

SHA512
6ae31d07cec8182e28a28f64028341480a7ef55d7803f93a78fff5082b5286539b775af23b96d69f07ca2f799ea03e84a47d3e58d08df359abbaa7de6e7c9e07

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
5c1d61a36185a799c362f5de56d74aff

SHA1
61b5eea90287caaa0721904baea69866e7d99d6d

SHA256
1746a8118be7464bd163139c443718eb4430312bfe7c44eece32b42303b9da19

SHA512
736676dcc5a1318e57554160cd65a9dd067c962959837bf4acb2376045ffe8f3c1cde815ed30cfc1abad095fa442a6d7f374bc4650e770471d2159d9f88d304e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
9ff17548cf53661914ba2171a9945bf9

SHA1
5dce6b911d3e653f4d1136bfc63e97936f0d672c

SHA256
6c20280ed150e4a245a511fd5afa230b7b2de45d92bda3e6d1939e480000b5e6

SHA512
1301db8335193d6380a16bff906e3d611814825c4216e763518bf33ed68a6b66d9da12f48f86c6add90123a59505ebe6c51c91b70bbc3f3cb0dc6e3892840e2a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
cce0e7ec0a66cfbe65898ebb43224cef

SHA1
3d250380bb83acd9f79b8b050d8b2aca87d16418

SHA256
a7967fb0665a27e74f9d4bddce4ed1e97a1171cc1ac4a65a80597d0dbe1b8f5a

SHA512
941ce3c04814aaaf86d987e71e18bef35b8d65562ca8307104ddfcce1fda0d56a7b56352ae62ea242ed9aa12b94d508ffde921e413eeacda482d42a951f0b36d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
f620d9ff4a0bb9425ad36c0343375572

SHA1
2fe7aa6cf63a62c9a4d7bfa7426a16d8d9411343

SHA256
dbd0fd9a19210187743e3e67336a07e0c0186135305276932c015e946beab836

SHA512
dce7a005d26cda8badb732d4989952dc06031e97df5041df7289dc130a3bad27612dc260a7409099c90e5085850128a5dc7e80d2b4ab3d4c01d0957481454a88

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
832f9bf4283edafa71418ecc6cc8d526

SHA1
e50cefa4bc7f23f318558ff9b56bebcc0472e0a2

SHA256
7b1670cc20d39d5d090a731fec7c1630d2c5f3eb709c5202ee25bc23d4ccfb14

SHA512
990e40ff85c4ede1b7614415a00260b66b482b2b1fe99fada8b4363c05ee054e87f938dda4de631d2a9820cde681a023a9671cd2334ddab02510f63186302623

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
c1b1519631cc3b14dd4adcebab0d2be1

SHA1
bcd43c7ac5c1ed98e2498afd132c8bd355731d28

SHA256
61d9a693f667338ccc5d5eeaaa8276892686ceea36a173e22fa98231f3960f34

SHA512
eea7d4c592f742feb68e7323135081dc16c16e89a17e607271703f73580bf700448b1114262acdb23f587171985e33792ec95d4fb77b53d534e7965e4ad2ca38

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
e76afac7f58015c6204e4e71671cd32b

SHA1
928004becf534a947517a84e03f71ff4dfface66

SHA256
e31f3e216e8c6e8f964717eae739508a4339d9dfdcedc22340001799aaceea05

SHA512
57eca6a36b85921092f275002442d47f55727f3de1a993805e871ae4db904f0c244e87f8ef59b80c4fff45c440ea99489ffeb9238da1d0df36b4a870b1080812

Download Submit
memory/2380-4-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2380-9056-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2380-9055-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2380-9082-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2380-9083-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download