xorist | f9bc5fb2c173d461e77d3f46914cb4c8c99d679e08023f7a9cfb4ad246f8391d

Analysis

max time kernel
38s
max time network
18s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
09-10-2024 00:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
Size

22KB
MD5

27891e270e832de9e84d9907c9d2a884
SHA1

ae3449f10e0072b4c92f137ff9bc55e5aa1c38ec
SHA256

f9bc5fb2c173d461e77d3f46914cb4c8c99d679e08023f7a9cfb4ad246f8391d
SHA512

53d1464ecc9da927231865131fbd5d5becec37027d5a1cd0faa8a4f7d2014d41f756d97a067bbd5ae67daa04c55b8b406e1d968f94f96c6334150ec96694c55e
SSDEEP

384:Pprr1gkDCgSBoCqgU7fffTffsxajTdZzuXJe1DAB:prVDCRol7fffTffRZzul

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 5 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2204-8100-0x0000000000400000-0x0000000000412000-memory.dmp	family_xorist
behavioral1/memory/2204-8101-0x0000000000400000-0x0000000000412000-memory.dmp	family_xorist
behavioral1/memory/2204-9170-0x0000000000400000-0x0000000000412000-memory.dmp	family_xorist
behavioral1/memory/2204-9171-0x0000000000400000-0x0000000000412000-memory.dmp	family_xorist
behavioral1/memory/2204-9172-0x0000000000400000-0x0000000000412000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2201) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1R4S5JZR5ENj55n.exe"	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Reserved_Words.help.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_jobs.help.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_neutral_4616c3de1949be6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_requires.help.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Break.help.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\XPSViewer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_debuggers.help.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Throw.help.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-OfflineFiles-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wd.inf_amd64_neutral_759109899b486d47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\xnacc.inf_amd64_neutral_13c4e272a96185a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ro-RO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_profiles.help.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl004.inf_amd64_neutral_1874f16002601f78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnova.inf_amd64_neutral_b52d8db82d8c3be9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\umpass.inf_amd64_neutral_e3be362bfab667d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsOutlookExpress.bmp	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\com\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmot64.inf_amd64_neutral_1abbad2f29c8fa08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_trap.help.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdp2.inf_amd64_neutral_ab710894455d7b9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl009.inf_amd64_neutral_bed6224f27f5c478\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnxx002.inf_amd64_neutral_560fdd891b24f384\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\replacementmanifests\Usb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote.help.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Reserved_Words.help.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_WS-Management_Cmdlets.help.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\lsi_scsi.inf_amd64_neutral_cfbbf0b0b66ba280\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiabr00a.inf_amd64_neutral_6033065925bcc882\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\WSMT\rras\replacementmanifests\Microsoft-Windows-RasApi-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Session_Configurations.help.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnle003.inf_amd64_neutral_c61883abf66ddb39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmomrn3.inf_amd64_neutral_a87289088ec2cdf1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_WMI_Cmdlets.help.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_requires.help.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netirda.inf_amd64_neutral_93a886f96cea2847\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_modules.help.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_job_details.help.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep00g.inf_amd64_neutral_2926840e245f88f6\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rawsilo.inf_amd64_neutral_8eb7e6403ddbb7a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiabr005.inf_amd64_neutral_e14a0514f37611d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\imekr8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msdsm.inf_amd64_neutral_be2b348981b2ef17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_troubleshooting.help.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcxpv6.inf_amd64_neutral_f62ac4bd04e653d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmeric2.inf_amd64_neutral_a0575ec9ce5c7de9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mtconfig.inf_amd64_neutral_4de24f49b5e60c45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Column.bmp	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_debuggers.help.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\it-IT\about_BITS_Cmdlets.help.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2204-0-0x0000000000400000-0x0000000000412000-memory.dmp	upx
behavioral1/memory/2204-8100-0x0000000000400000-0x0000000000412000-memory.dmp	upx
behavioral1/memory/2204-8101-0x0000000000400000-0x0000000000412000-memory.dmp	upx
behavioral1/memory/2204-9170-0x0000000000400000-0x0000000000412000-memory.dmp	upx
behavioral1/memory/2204-9171-0x0000000000400000-0x0000000000412000-memory.dmp	upx
behavioral1/memory/2204-9172-0x0000000000400000-0x0000000000412000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe

description	ioc	process
File created	C:\Program Files\DVD Maker\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01235U.BMP	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21316_.GIF	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_rest.png	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101859.BMP	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePage.gif	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\settings.html	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_right.png	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03380I.JPG	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLN.XLS	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR27F.GIF	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Defender\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\10.png	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\symbol.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR50F.GIF	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_GreenTea.gif	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01253_.GIF	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR23F.GIF	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\6.png	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\stop_collection_data.gif	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03012U.BMP	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\TAB_OFF.GIF	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\view.html	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\SettingsInternal.zip	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\alertIcon.png	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14997_.GIF	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02417U.BMP	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21323_.GIF	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\THMBNAIL.PNG	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02746U.BMP	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10268_.GIF	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\bin\server\Xusage.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\winsxs\amd64_microsoft-windows-netshell-mui.resources_31bf3856ad364e35_6.1.7601.17514_en-us_ad1f7e0d511aad43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.windows.presentation.resources_b77a5c561934e089_6.1.7600.16385_it-it_5743d827aed8bced\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..r-library.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_05b9ca01587bc0a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-icm-dccw.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c4b773d77d426117\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_dd7d190c3acc8e53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..eservices.resources_31bf3856ad364e35_6.1.7601.17514_es-es_db2a5b2e188f18fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..kexplorer.resources_31bf3856ad364e35_6.1.7601.17514_it-it_72a3d14808861766\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.windows.d..rootcause.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_fdfd2d5a37627d1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-f..temutilitylibraries_31bf3856ad364e35_6.1.7601.17514_none_eb9dc1c34def72a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.powershel..hicalhost.resources_31bf3856ad364e35_6.1.7601.17514_it-it_d6ed5996b49f2a65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..utilities.resources_31bf3856ad364e35_6.1.7600.16385_de-de_dc65d79d6619fbb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\MiguiControls.Resources\1.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-credui.resources_31bf3856ad364e35_6.1.7601.17514_en-us_c040cad9b8e1500c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ng-client.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_adea57ca9eae168f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..sktopini-sendtouser_31bf3856ad364e35_6.1.7600.16385_none_64398328adc9c59d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-downlevelapisets-shell_31bf3856ad364e35_7.1.7601.16492_none_2b20f882c1c0eaca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..ngconsole.resources_31bf3856ad364e35_6.1.7600.16385_it-it_64f2dc1b8938dd3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-corperfmonext_dll_b03f5f7f11d50a3a_6.1.7601.17514_none_8743ee547f97667a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnok002.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_133a2c5738ae0984\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mdmbr006.inf_31bf3856ad364e35_6.1.7600.16385_none_c218b25e6c778a2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..etoolsgui.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_ecd489e24c010a17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..converter.resources_31bf3856ad364e35_8.0.7600.16385_de-de_bcae5270428aeb14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-certutil_31bf3856ad364e35_6.1.7600.16385_none_1179f9944d0d9973\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-usbmigplugin_31bf3856ad364e35_6.1.7600.16385_none_a178418f9aa8c7fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.servicemodel.web.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c0df2f650adf134a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_dot4prt.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e4de75d2183603a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dot3svc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_62d8f8a551894c9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Draw0a54d252#\0659bfe79859e92397fc1a510aa918e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\404-15.htm	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ecounters.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_240c19b8e3f3899b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netb57va.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8a4787db90ca7f73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-e..eady_eula.resources_31bf3856ad364e35_6.1.7600.16385_en-us_95d36ad13a0d3d1e\playReady_eula_oem.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-imagesp1.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2e771ede4247d84b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.1.7601.17514_none_bfab9b4ba5f934f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-zipfldr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_134e0f99df9fe86b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Synchronization.Data.Server\1.0.0.0__89845dcd8080cc91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-hbaapi_31bf3856ad364e35_6.1.7601.17514_none_a739b25289bf5dc4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..omponents.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_33d9bced03455871\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..rectinput.resources_31bf3856ad364e35_6.1.7600.16385_it-it_39c58d21dbafee0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..clientext.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_64bafa4bfa871860\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7601.17514_de-de_f866c80944f0adee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-rpc-http.resources_31bf3856ad364e35_6.1.7601.17514_es-es_54f053797e5dad99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.1.7600.16385_none_1f576bc4490a0fbd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..irectdraw.resources_31bf3856ad364e35_6.1.7600.16385_it-it_fb3664969865ace4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\undocked_black_moon-waning-crescent_partly-cloudy.png	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.windows.winhttp.resources_31bf3856ad364e35_6.0.7600.16385_de-de_f06f5fc570802050\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netw5v64.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c11f00aaba97f8df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_server-help-chm.saf..oncepts_v.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d919cfebffad4437\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnlx008.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d3c351224e8ae0c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\1.png	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-appid.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_34a24d8db984d377\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..r_service.resources_31bf3856ad364e35_6.1.7600.16385_de-de_65b99de8d68f5c62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_6.1.7601.17514_none_e46b048a01806891\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sethc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_40327e9d4b935204\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..rk-ctfmon.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_213ecf070d1b81e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnep00g.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ee62ada3a1e57400\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.web.manag..nt.webdav.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a74cc7593cb063b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..deviceapi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_dea9c844f5d9e83a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_es-es_8f76b875bf765005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-usermodensi_31bf3856ad364e35_6.1.7600.16385_none_d8abbed91585a944\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..r-name-ui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1557453db6f36a14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\WindowsMovieMaker.bmp	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1R4S5JZR5ENj55n.exe"	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\ = "CRYPTED!"	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\DefaultIcon	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1R4S5JZR5ENj55n.exe,0"	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\shell\open\command	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\shell	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\shell\open	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "HMGPJEUOUYBGJAM"	27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
5e53ad1ea6f1c6f8aed776f4bf09b8be

SHA1
395f19bb695e34a402d457b6a6077d242864c7c9

SHA256
c19ac6a621d65d1cb6dbfea18cec718191dd5dd06958b775c345c6ce08284bb0

SHA512
8b685dc9f58bd37a67ed9333711093ec2013a856014f70e7fb1fe7e7a8424b624045564f5b2a9bf4e2f6b5b04dc2a87ab1fbd7b195508ce08b79e3ddda534bae

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
d9ea80f982a50cc79b02417120f1a2f3

SHA1
f336c85c6c00e7ac6e0f4dc47b6a65d97961f7df

SHA256
4ca53ecde3650ac43c41496aa2d9ccaf480464e82ff0ff4f6a5f15370f716a41

SHA512
73b5e067fb191d8d6d24f809adbd8d3f954d5a294c7cdb5afb558e04cef12ec608e8d845dea2dcb63fcc659c3b998397646cdcb2691ef18e5a4e8bc2facb7857

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
74f89a99fde9394142b611ca713ab764

SHA1
c705160e40da42bcae8a6c8ffae14b85873e61b5

SHA256
39dfa28d7fa7eaf32f37d435ea5cab9a6672e379d0f1a2ee0292b6797832ac20

SHA512
6b1aa36e9a2f1167c69b9948cd5075dd2dc51143fcdd76deea28b9f4b232423b995c72dd00b810f622b2db0eaf109f3931d5afa48402e1f7031903ef6eb428a8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
94c8d93b7a6b9de5af2dabf31ced614d

SHA1
bdb08457e7fb793983e490658d2483b019d7c642

SHA256
00a2a8cefee75ff4cc89d0cb3ade23753d8d62aeb2cc657acc14af441b37dd2b

SHA512
97bab5768085b08f8fa3a4fff7c2bf91b74490488308e5e1a7ada1266be703e165e4fa5fa9c2e3a2857d57e802ca33e2dee8edf79e08e49090f37fcd26a26d48

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
61787af2ad995ce440922ac5ce5855e6

SHA1
3c8e6d2a8b7e52c5607fe62cca2119706db693af

SHA256
2f4bdbf348111ae8e8e8a4af784d4c8b5c28a92b68e4bbac6f1ae2763b08376d

SHA512
1219f131f58c18ef45f318846880b63f8a148007957ba9edd4f786913e4371c885cebcaa0aaf11730b813fb5228af6a04d350dba3a12b87b7bc1e46738e80053

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
b2177a5156ab200eb72e408bc5ff54f0

SHA1
6373926d670f2d5b6fb9b91c3da5efa6823142b7

SHA256
d2b8241f00de1687042cf66391e1d4e6b8b96aeb625967b1bfb8efff6db922cf

SHA512
baadb4d5b546bbae3b65ea83f61760a719a994ef4bf723f7d9ec6115abaa2025af7a74cc6d268ed543eb841f537aa7c6a2e5aeafe4f99c2680abab6d0aeb3ca4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
2f328d835fb701c6886e550b8cd23f06

SHA1
808f51b79948e40afb092592829b97a8ace85808

SHA256
c8f4856e339958c9e66137fec941dd8b638423a5b9a7ef4b341275bc90e0bdbb

SHA512
bb6fb4c90e2fed894624177bd6408b1ba2196c7cfbcfc2af47b41bc9ea8f6f103b8778e523abeabe5ecf12422f90e59715c35042add3e510a78e60bde864c196

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
b73d889cb849941cac034aff05c02d1a

SHA1
d003b7c494d7c3348da6f779d9127c904cb63815

SHA256
fbd30e4c0dc785855c5b243d012fd4472e13eca311727dfb6d5fcff07d7130ba

SHA512
69febe18881a27f044bebf3831085ffb42a2434248f3315e97b8b94cf0497ebda3df4b57f8be7bcc3a4f9fea3684f7df871b19071c05c6b5c4fd863c9121611e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
3ae8beba3da1e208d503d68969c4528d

SHA1
4a1c5f7fa631e32b6b01220f4ea9bd49161c7c79

SHA256
a533baaa506c06074b4466f510a0e9147fbc4f0ffb395edd7da943e42bc608f0

SHA512
35790fe69e38a5775b6a5f4451177bafa81b9268f0277dddddfcf2e63c43b4d7c4b52bcfc046142312d996801412ec728266c88caec3ec2bd114423f15bbebd5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
9241d6a2266346bf504a0d0c581ae096

SHA1
f51f3b290f3a58097f6ba75d6816c0a2c525f08f

SHA256
e420f4741cc81d60b08aeb9d8d4eb74bff4006fe4aa44fccc303e69b55fec475

SHA512
0c99735fc4b075acc3367b11bb15f8fe186caa0466f3a4d5d39ce9fc1c6a9857b91db4273800748388d7a924ecd8f37ffff7415f6010e338f064e0586d4be0a7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
8d23c9f5731cb5d771cc235b228fa134

SHA1
4a389f21abeee5d09d46cea3efe2a89ed7a2a466

SHA256
4a37cac127a334a1b5a562c6dab6f8346b6ad16d82270a4d6c6e526c8eb7dc20

SHA512
66e06bf92f3811d1ea361ff5c3d11c7ac7843f5f1e4dac7a7732d8518f6e7fc12e8e9d56f39c77cf5946af00f76b8e1af29b195de97d8db284a43b4e989b2b8e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
8a9f94415c4e5a25e77ea7fa113f5770

SHA1
3813b5d224c75eaa13c7479213456d78e15f9eac

SHA256
d44c96d5e3d4c74a8cd159223f7bd8c0fda046bcbebbfd8224216f907c3fafc4

SHA512
17113d192b3da1d72ebceefbf08d8266dcca3b7284eacc47054d3c93e46388cbe13e1d4313fc9d00296d8e7af30c2f17c5cd4152d552e251cdd7548af5a48382

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
c3c6f7284211d9fb22af3c15a069d5ca

SHA1
8fd37f5c21b3731f03a63249f7b3590308d01fb1

SHA256
5918546d6ac45d09b99c64db0b92e15badfb066afb3e0843694e118e2ec074e2

SHA512
3ca24e86b855c3cb252bf59b977ec8ce94519108b0a0fca51eedfb5ca597c4ff1df59e1115de8c1240cf34da2da8284fd35cf44ff43f4da0b0630ad614731b5b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
70419add2f90dc225aaafa3d84d42ab1

SHA1
3d73c3b3a133c19d8e1db8e9c43e37973c3ec5fa

SHA256
5431c8eb205152f4a51858d6f31779b4c64cd334f1f2fe579655a50f67e24a92

SHA512
d40158663f3bc64f45bbf5c8f477a00b654cd384a1fb33f22b4a7e2e27e1305fce037e1f3d2c34945ee5ce6933253b326bb5d063f1c6b2bebdaab83712089767

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
47400c963562f769faf7bfc4a574d37e

SHA1
dbe3f781608bbec1580762655769f797b83a7dc9

SHA256
81704675ef39635b8b97f17cae03778b7c54fbb9517e037a69aebc5710bdf893

SHA512
011635c0ba886e630800de4a1aa4f49a3d0ff6d648c690179c95b5f87a79d33d98ff62c6d064a214dc6511381cdc1e01adcffe05fe826a5c6ee3c32674f2136f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
2307d5674197217ca605db78374b8a89

SHA1
fdbca3e1d5728ea6d19177c30d4e6b4e2a2a8355

SHA256
06a2826416e449028bef0eafd57d5597a8c386439eb2aceb093ef6302feef054

SHA512
c83516d72d05ae6bf6ae047868d08063342612fe2ae910dda5a9f0d93fac1f4799f4f9215eebcc2f7a03c603783e85b2f68096c464c91f50521160c27c67224d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
2197b5c4adcecdd5da213ff6d2cfc91c

SHA1
7baa7ba1187f4e6e4ca3bcb24efcc437c2d41abf

SHA256
091c3eecfc81961075a02a03b764e5d0e6b9387bf2ba5c1306000fbb6f8025de

SHA512
9518691c19149f80adf351a7622607d0c1c797f86806ae521bc1f9ff7ee89ba6666fe8ca742230f6a178721f5070cc4ac8ddb72c3eb3042c14332d844b7ab277

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
bbd0d92d65d16db509a5519b72a8b5cf

SHA1
03a949c3494ff7e91f82c7e09a72ff0e307180f5

SHA256
b770566645a0f9c2ce26c6ff96eec0d333894b09d48c9e0c55906bb96a2c5990

SHA512
c701cd8dcd663e1b74ec258db587b6589e55319e18615f0a433b413705e2b0e6be939156577e699fc3a8d13f3a7e1cfcc5b8ba5e2c3338a6862d25ce3897e3b3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
c5426279bf70f34aa474d89052dbc123

SHA1
9175b7b84665c7a07079d20d12a8624e2a51cbe4

SHA256
5de0467c42146aae640fc150661f8c05d0d6ff3020b46122ef8f21011e56f061

SHA512
6cb39b3aabcce6c7f76cd93d28d163d083bd99ef0785a90eb088278aed86fb3f44152dd0277a1ac85f175774e125cfb4d0f53557998899d4204ab4f8944c8f32

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
bf2dfcd86fa83e3ec366a73d36ea5dbd

SHA1
cb64ed7849926761ec650d8a0a1f3855b2045a64

SHA256
166157e355f8f86d72950579f46ac1f8f6c6889b6698326cc0b4e7d00b7f395e

SHA512
715310183a16669b8e8a3c0f943ec0a64b8865aca7597ccd8a91e2074560f0e6527d1f63b74188d0d0da6c9470751d942dfe8f5b20265e45d50a5f296ad6294c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
5e2c96c806048b2c392b3dfb36a15f3d

SHA1
685ae56dfdbee52cc47322f4a76a5905d94caaa7

SHA256
75aaab6b3ae604253048f5a1a382c02bd0a4d5983ac70e1cc6bc600eae95d66c

SHA512
5ddee9578a8d07b6e3a247dc8e1142b53c73e328aad0a2972f35f6d15fe7af0dc65e5c0d9dd44da20890b98b635ff448c2e09479e8e14335246539c32c3da732

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
e527b931ed4409edf1a11e4bb3164cd1

SHA1
3305c8763dd567698e5e6b35cde8eddd664f62f4

SHA256
e58ed9ae6e53d4af8bfbd1d4977a0bf876a60d513f4aadab10242b7499b287c7

SHA512
00778fe83995a3da0127b8cad14ab4c21b526347788236769593384ad0dea9ac79e322a99312310fccbaa8cb5a31514486f1fb661a869cfc8a0b3e8c0f3eef7b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
8f3d837e0695394d4510223b1994c611

SHA1
365de5e3a88bfe7420552ce8f41e5fcc30952b1f

SHA256
fbebf6e0d3477a7bb8c26d89134959b89803d2eb0b6c5cf1b2793ab937d105ca

SHA512
d3ea40d4cec82286d7634d4a74cd30a1776bec611448976587c453e0214868b69abb0368171ab1afd96308091321e2d7b011826b4e14d5953f587c6479876cd5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
ac240e06ae8b5e9df060f4988a67ca51

SHA1
41bd5c3a6cefd464c68a74fe2129e16af8c82292

SHA256
d509dd9d880ceb606f9aa08e75742828123af32a72fafb4184eab63fa404ad26

SHA512
1cd8e1af290a1914f51f3fff97429538f11cc5cc09fb51412a79fc9ff25821b365cdb179a70fc64f90d4a0c6cf894a683f8e53cbdc15989868ca90ffafd04e87

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
1e3dcfcab30ad8bb9879846099dc61bc

SHA1
3d0978b665846ed342ef92d8ecfd6c306b079b2b

SHA256
d4470b698122c0e31b0ac328181baca3ec2efd68302346ce6f00b2eb24474401

SHA512
8177c91d021c37a5bf35b853798ac069e5a1b1c1e8b8fe26a2e3b2ae21b6660796084da1db8061c3bbfc59696a65ff7773dd98dd67cdba71616195b30b09d5a6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
bc28c55eb4495337e3471bfcc661f4a9

SHA1
8929685c4b4df9bcdb78592da9fbb4ffc43deb71

SHA256
4a3952eeec0afeb4cbee85871258a8762f48289cd2bd0e14bd40bdb59c04228f

SHA512
482a7c96db2c61aed1bd29a28ef70839b98be8ef35aa926e41936c0fb386b47598672b3a0583de169d651a1622ccaf2df55a92852ef7f30ffc313ec8609b3045

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
97684962eda2f96ad63091bf1c07a63d

SHA1
b769745684c0d5bc29596d6ab0cfd911012301fd

SHA256
a698294e13b082c34b494142c6537487425ecbf2528dcf860238da767db43846

SHA512
9565caa6a950ebbbd53ccf95dd720556828e9163228c0c5212d68bfa3efa785023f6e83a3aeecfdd04a9607a7ecf7a44afa8df6ca0ef1248d856fe91c98a30aa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
3f7d203ec25e34324ed2a4ca057cf2a5

SHA1
43c3de40c58d6fd0a7d9194ec7abc66b69a8f879

SHA256
62aad6cb30edb7fb287b936ba41b691970563f2486987569d51a706a49f152b0

SHA512
4efa5e0f3594b5c48026f712b96614253784943799dbca1401da544239a94531bbfdaaa672e7761e2dec785445780f10b234cb349b491d972368febaf1be82cc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
1fa0fee45970374fcfdc310c959fe670

SHA1
bb11a14c1831209d022bb20812687d620f418165

SHA256
08f0062aeb531d8e0b80167ee016044af6c06e0c8320dab0f2776b018cf81531

SHA512
5fc946ec69d1095784b372d750d3a6191e760e9962aa42e2c45458497a9929754d2f628fd1d8950bc0c39acafffd5b7c8cc5a7fff26cae25f3643838c393b5f5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
69186cbcfd6314596e75aa56cab1d297

SHA1
393655ac1de130377461abc85f67ce80c4cfbe84

SHA256
93848159453d28dfc143c328206575d578470a0d923f13ddaa2969e26a2d91f8

SHA512
3c93f6128c0873e9e3ff2a22fd6463c7ac9fad8c52385ed67b22a8cd2e518ebd85e52df42ea508816c3b3c374eb3c85ecb559f136db7a84b14b33ed32c56702e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
7989c8db85e134bd87394fdb1ef1ba07

SHA1
1654d63951fb3c2c1b7c6e184a8cfd31a22821fe

SHA256
00ceadc37630c44e243c055afb990e510d9c9c8f76f26210a668048eff660e5f

SHA512
8f40f7cd3636959625ddaabfcade3c534044ac7a885538249e89833fd91ba3b016d270551d96e50188739ca3a7e93cddadfacc09b093e086113e2478eac9d4de

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
45f86f302b5cb0a9760486c7dcb87256

SHA1
7e79bf037c147e1cbc3b990f6d66f8e20201783a

SHA256
ccd4e55dd2f888f9fdd6631e0ebc2fc341ff3fe7494e2a2ff53a90ec14e719e3

SHA512
e2e2020e86159a3e5c8ca267b0b01312f1dcf2588cbb0bb2738925517cea0acf2c61d051cfea712de57e9d59c5450ee7d6f04f57228234d6d3d3981694d46426

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
e9c4d729bd702813d7b69f262479274c

SHA1
e616cdf18531ac82ecaad414c6df504ec94e00c5

SHA256
24a539032c6eb0cfca039ee2ee55145deac85647c2bc6cabb6ca37a27480f067

SHA512
0866ef09bfaed8e4f4fcc8ce31040b284b46ac713ee1cd7a5518fd6875279fd76e7fce1d02eb10c544826eebea850adeac0824a4a4a085ab6bb11cb0fabb1caa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
927decf076995c2cfd5c2e5b5dee84b8

SHA1
ed016454d18486167d4d2cb7207f5a5b70203a87

SHA256
45fc1ca29017de2b15ebe1d167ea859c82c0ee33833dcbe0536be04d448c3977

SHA512
5c4d70ee4898d1a918a66fe63648595acf7f90ecc234ea8d3fa3e2f4529b6b1973e60e61c2af2b52de134dfb8876b37706998fc2aa71efe0d1cbadc48afedb24

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
6f822a00c36044527b5871c27d53a43b

SHA1
074e2c727b1adf3f5be6c980af2484366d8e11f4

SHA256
1a8ee0404dd9f2eb7141beeee62752cc080bc94f6fc98a9b5ecc8dfdab252825

SHA512
65cbb61b4a79975238ff5c8ebcda0bda1b9cde5e3b4c0cb105d19c3411a9e41ce68b56e3c815be1f0847a8b6d9c28a568b0521c5ebb0f2724799749c31e42198

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
691d7ee28a2489c5bc75e68c326412e6

SHA1
0e3918eb1d515e711370af6e676d56651a27a410

SHA256
ef30eb1a2c768fec8d6b49f14cf9d38b6a5a1b26d2b936d159b8352b3c0aedb8

SHA512
ef4b2b1f1b0490f9b58f0cd690d72e6aeef35c07048261156c2275c73dbb4f76ca8cd10b9ce1b5cd7cb18edd3f722d34dfab43ee22cf6b7578169850d4e8e16a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
c1d6ed3a1f47b370f22bfa2665ba4682

SHA1
b13ed977c6b279726ddfcbb0285457347ed1e522

SHA256
1642dc0931d318004c324063b0f88dd1822da7368dff84518e3da342967f6c04

SHA512
3ccd5009c71a057bc7c2a7fd30e076e302fd9a8cb325710388d12fb14af8387194a465f1bd87e079cbebae210b5b5d9264c46b276fd5780f79fa40ed6825be0b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
ee8e65a93e621f851fe6992e77f8343b

SHA1
881f6dfe06e348f554a16ec25269551c588c3f4a

SHA256
43f9d246fcf26b5e89dd9d5bd38c5fee7624216ce74fcca697222e0d234e7224

SHA512
90b75c21a48b6dee32c8ffefae83bbbd3bcdae187b222d126c3a71474d0de79cca359ded19399f344eba4b8748c645be7f7c9eadf428bfe7fc77637f851d0a0f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
27aac48e459b4d434e5c8bb31113c946

SHA1
257d463e0f43832d62a429b465a2dce23b700e23

SHA256
6c066fce2216e94bc139faf7c9ad1bbe8d08b47221efb99260d72cf625570582

SHA512
040162e1d5837327478742c13dcf49f794da83f196633db150ba2ff127e36f9958e8e284d5348f20afec138caea67b9f3bc0d312ce44f7f65eb8bdd3d56f42ad

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
d08f314e71d1089a6aaf746c60424f3b

SHA1
f080b4b7b04b90be88125aa438503d3fac76588b

SHA256
a490be10a7c239fa4a266fd7d55512e2408edfbc7f39a82b6c8baae84e67cbe2

SHA512
6265fd06441227e4eb5d9e10561c5586b75d7878233064a6aa192e49c6f937f89f1947774be9d91734255d5cdcf60c544c3e301ba21b098b9cc0050ff8058057

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
933e562ef56e3101b0c785d4edce2a63

SHA1
341c0d19467cfd47344f3c37ec06ae96d905a8e4

SHA256
5c20de0281ce9c86032a240d5096ff1c452e19c2abf8563d74c14eb15cc4f377

SHA512
d3288008fd6ae281a7b08a3542200f6d54a17fb32e78ebb1aa45522c7711922e664b650828c917b5562cebf50bee58b7d6c9338714a8c52b2d45b1fb1b0fe08f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
f3086b941956368dc60fa1c0c6bc17d3

SHA1
68a36792d45ba77af49ed05867cd7dabe3e79a9b

SHA256
39c9509616f704697adf39471edfad2d89d7926f77c7b5da1624468d4347bd90

SHA512
8a1b75396d6c0b1c0a9231bcbae39551c79112e8d4c5824bca3a8720c956a97b18a60b92b822b5f274caf8232a44bf68d648b190a5d2f3399b6381ac0a2ce27d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
93e6c9531666951bd9cd18e15ead0ee4

SHA1
cff97220f6b7ab260099ca67ca28b6b3f86d1a8a

SHA256
2f15f8f20a455c60c74d3bdd3eaab3645ebed0621bc0bf7ffad3238817f3369c

SHA512
4e3ca8cdeebad94400026469fde17f2e3295e9838a20ea66b4a8098fdb22d94fe54aba8489e919bde9e5d05b8f9a108d5c7fb608fb4ff8267ef776d31e187a3d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
c9a8c7e4b75fda305bcf89b469ebda54

SHA1
8d60135ebd1d67b848653029d1ed9a2e7ab7e032

SHA256
3b92da8ba4a5fe9c6966723e39dd1e304f2adcfdf7e7cd86f2558661fb4bd3bb

SHA512
a9234295ca270402e273202ef35e45bf10af495ce7af20af0c0c20138d53756045fdb2b4f1a963dee5f2c958cfe5c645507d0e00332dfbd8a245cb442f42ede9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
c81df888794b013e77b3867adda0aca2

SHA1
95882d13b365bca5c9f390a912dd7f96869c0f00

SHA256
16fec549a0dda78df277dc510a038f914dbbf4d22ddbefc08e4de3c4c74a26c4

SHA512
410ebb83b572521755addfdb8dddf1fa9feba5d154eb92c704fe5277879480c79fac0ea1255f983d2a3737a9a412ce770915483d531598a3181f4da4d11e280f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
f10f66fca2048624e273d64104f298bf

SHA1
f93db5b745fb52774997af35fc9d5e9f073e56a9

SHA256
dbe0e8934c2d9e8979a6bccf1d5da5c0a49c533266e6a06a440376960bb0f764

SHA512
77e1419b50036452e054a545abb27264f943ebb10fe53c1243424d7136d6125071493ed06de09a68f1f2c16de0bd86efbc96c62e21e1de605d45c81662dbc41c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
e4677c0c47a92e8799116480cc87f761

SHA1
2c258e5c762cf33e917407d49c027f5c647e80d5

SHA256
00a436ac7a682e9067ecc16d921135f019461f37f97d76049331995a37fa1138

SHA512
090511b28a235d63c496e407add91ae8df2df8dc171b32895236e6bfbdcd0915259bf9def31dbd6b0f14c75d38cf2cc4050ed8595c90581f00c49fa4bf9e03b4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
a904bce9adfd66d5bb26191e3ba02572

SHA1
a05664c1379c1d592833f0252c6ee45b2a0c31a6

SHA256
33fe7dceaec39db8fb0f64f78f942ab0bdad8e9a1f8101b5c1c3defca3e8d54c

SHA512
0fb47e47bee6b93b210f848e304212834c70d7445f638b4f077a046563efa1b2045e4b969d18d6687c5eec57076b65dce10dee1a88a86e71aee95f9afa25cddf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
028fc565605d92633931a14be7fb733e

SHA1
7344c710492bce18f63e23ecb06dfb86077f4ba7

SHA256
d6452b7228c63736252df44777070d0dd547d9bad65f75d82852f034007efbd3

SHA512
ad3ae554f1b05e0ffb620768a941cfa7336ce3b164de15aba6a1333e2b28315cf5f6486b125f2f24868be677ec2091db339685c3ef134bf24de82a2bb4e667eb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
52eeb8f31e884ecba301e8451d290095

SHA1
ebf63da589cc4388406f3911ec2a1bc2d6882449

SHA256
0c542709a0c78e2d85c74dbcbec4e46483adf63940bca913abccc83bd712a932

SHA512
bcf6866b955db28c8359735264ce330ab73297eaf6bbdb0914b950da72d6c1d61cd2f3ed676fdf29103e9829c821a114d422436f6972b80d60b044ed65c76740

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
24576131deaa63d50ea6b181ee05c4bf

SHA1
ec240c4cf604eb901bc3f50a3a241a785505c632

SHA256
3c33fc73659bbd610fe8a6a6650bd546eb4d8b5a3462141cf03880a7a139a790

SHA512
f853399ef239c59cb539916c2100f0e68cec48b27bbabd87d09bd917ee17feb92ba45d9e8eebdd625e99d87b6a4acfc35fb6011bd6a1e27bfed016bcf1458e9f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
ee0cad7f9a3cffd9051522282f71f61f

SHA1
775fc578dbfb49f2e469d742a0c510b5251e129f

SHA256
05c560fad2bd389740b4f0f42d1499ceb818d9c87d401a6469cdd77914af4838

SHA512
9b0224cbac425a4fdcb6714a82c5c7a9aae53cfe1555da2689847c872c9f351945a52ce92b96e48f63ce877d60e9e17d95af9e3479e3a28b8352801936da0389

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
2d57e7a559d2f2e04300733099de014c

SHA1
0c9d296ed7ae8c23ddd3b964feccfdc52c5cc103

SHA256
da736938e66d9e0b117754a5c1dcab98fea770b87180f071c684a2fe8651d970

SHA512
685b2690dfaddcb66d728302713b7bf55353e170ebde14cc818b3027aaa872fbe74fc72be1230732d7eb5f140cc1233affeb93ea33ad6c37a2a938fac11b93b1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
70d6282fb091b950a7db8ca754ba9b85

SHA1
321597c93461a585edc1e923d7f6addec501f5a4

SHA256
9e625cb195bad3ea326b7a65b317ccc2a487a120d8d6f803e304d1e4444f53df

SHA512
bd3baa254467abb64810fb3bacfc577aceb49e56b7816f4a880fa46ac811d0fb715a702f43c245874818a37ad093ea0be2153a47349e52648d38bbb8b011acda

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
891ad633f1d23e18b49aedf1848d6dc5

SHA1
13f0728b2fab44e2df68dcc463bbdad5332fdf47

SHA256
827d07ecaeedbb5d064a8abca93417d449010bd49c27a019410e2bd9833b59c3

SHA512
d0b5fb8af38bf476d57318ecc09e4079244b4945575c9b97986cb4d53d55759779d71a54116a84f59bf7b6ad249fa76c779b5d17fd3cfd1a734979a97152c38b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
463a97bb7223d00c74e4b29cc28ed91d

SHA1
4e15e02c7c0d83fbf139992da2f1113bc653cbf1

SHA256
cc78a0797a7e2f22d247ed7b8363bac6e285dd8d128f038badb634ee8d84a963

SHA512
02adce8b0bf8a9d794f511cb4f5c61df7c5bfd3c684cd7a1144666187e267e78c9a9fb538158df3144cd6825323dbbff9c0805e75224f4518e4b43de37461f28

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
8484d84772ea875477cfca9fbe7ff1c3

SHA1
ac0f053e7b9369320736502560b167a7ccba4950

SHA256
78891f721844b94043ca1234265cef0a1c17d592c3475887fc71a8ba040106d1

SHA512
38f6845bb27188075e0125e54570d87281568f014304fa72560ddc1507144f9811f43942c365a6de9504529a85bb13953710a872e5087fef5572248c04dbde5b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
152c8331e9f18162bccaa60120f8635c

SHA1
85a8df8d71954011a950709edc375756ebe1106e

SHA256
ff3f90a9aeb553633e0f4b28932b084f723f90feec0f71367ec0c147bc8f6c2b

SHA512
d695eaa23c74053e2f2a8bfd19a7c55862ba0c70537e505dfe549ac48095873b6404e6db2162780739a80cbb39c7af79046d8d7f13d65d3d030568ba541539ef

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
ade158c1c752f0165a5e8a1a14b8ef10

SHA1
074edf54d4a9b4e5da80a760e4bc7e1062ca142a

SHA256
6dc33204f36a4430b53ac3a985fddef89666abd14a79ab12f9f2c2af0b376ea8

SHA512
f28c2ffde7e616d6cba487a0691adae607c262c1e2e2c02350a0b2539a93eebd21f032dfbd8c22e1d0d39e534234213ae8c9a26277d54a7e03eac96cf1b64e35

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
6d7fc0a320b3e124a67b8e30a370af67

SHA1
495aef024b6350b3ad91934b39752ca82b079d26

SHA256
8c39d217ba0f6f3306aad51df98bdd0010c118f4124af16c711a9efd66002a74

SHA512
5e0e18926edf2addeecae6ab9b57952c63d760b6edc6591276c340f50ecf9da4f0dc753114aa72b13680f31c3a050cc9e3d057f71139b22b49a22b1f085dafe9

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
6f3d33d01ed86454456dbd7311bc9c31

SHA1
f0126b2494b382dc58f4cb6b5e441c5c0afd7a12

SHA256
fb4ecd971e5ba2773d3586b8b7bd1f1ac99ce774494acc84c148178272e5534d

SHA512
40484d860d811680677e58e9ea50c69e399d8a7e0981cd13a17a78f77df2acb15a2c68df2b238c7e40b31f179538e70540c068936a454c9fc96bb8871f43b199

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
c8fae1bd3b7243f282ba2a5b7e7e4db5

SHA1
10ab86411c7cb2ed54522d439b1731bfcac78f17

SHA256
7522e2845974d4142e4e6b60d3d6bcd350d53a643af31b78590fac5cf5061af9

SHA512
8d0a34091f48a2b531c9a10ac3f6f717659e25f474afeded460f82f1944db6b76c22b7f4aef57ee0258a88e513707490e1e3cae980b90025489ae4e298e56fe6

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
e8af76a3919552d137e7612d59c92b33

SHA1
17a67df70ff30138e4ed9f4ca52e735f45ca2c85

SHA256
f42f93e2d7bc3494cf83f4a0e6a8bd663b9ab5937ca1aded9e30d0606a14e9b6

SHA512
f8bcf84a64e2a910bf3209a9a095d306a2d12ff58b4f9356c6151aac575bf66e1add1e47b0177507b9a6dfff9a16a03d24f44464f48dbe9034264472af1861a0

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
a5e06c40b3d491a7f0f561dd67eaeb0b

SHA1
08cc0e8a893e674404a81207456e5f15b11744d0

SHA256
c33273037878401a9fe1c3183c2601d6f5c14b20e743b40180e0b370f7498fc7

SHA512
b51b851c84693ca3e2ed3a74e4138f0a159ca7af97310e6b6b090e44d368ed630383b8d08140c6f69f69eea906c2740470742c57a1233782f61cb6d23c489ffc

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
a38234ff321adfa6df601f807ae0d5c5

SHA1
6cd05fd8a4c6c1c16408b90d885689bcc765cc75

SHA256
c3be318195fad4f932c4c1a74afee6c6fa0c9e049e69f434d84d339e7bce6730

SHA512
9a6a999cd30d7788b2105b460fdf3406fdc26912f4a293e62e834cea30a8cb9634ede434d754e2a8c5f65bdbbf82955a39ea85c92318deb1bdb473dfb00d82c2

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
f47fcac2ec1b9eb73e5b7adef8d0c966

SHA1
34d6c52fd0de4028c5f63f6e82e141a770710eb5

SHA256
690666c654b40645b94dde0ab783ee9358f0578a0ae2f1a147a5d3ed3b27cfd1

SHA512
037cc754cafe6c0eec1ff2a498c7fbe2b55c60400ea0d8c7d6f07ecfb7de2099f49b61b747d248b1db561af060e9cebf2604735d3909807c0f69ff825364fb18

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
40124aee464e01a84ddb73ed8a151796

SHA1
bdcd48451ac208842420110dd3cff431983f1c39

SHA256
d6e22527edc821ffd4b2e7b719bcd642447dde4e5ae573f1094a921691aeec00

SHA512
62d09dba01493e63047da44ee436da15d1ce8e008c9e232bdcc72f25deb4b8269a98f4cc9e7ab541a3d32810e6a2d915f0e711f81eda7c76c731cdbc0cce21a9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
a7a7b5a8f490449e6226741346381c0d

SHA1
422a50cd22265207fca4193e93d3c8e4354102cd

SHA256
90edcdb703080f54fd250781a552ca87ddcfa3f33200877726616774aadf16b5

SHA512
30c17848543e6079c2bda2c2a0bbb86ab50ee2d79a45a949f4f918d142a066d91ae335d8d912853dfe87158a18adea12f8b4b767a1d13333ebd04fda60bc7a8a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
032317d43638d66c8ac7109454298bc5

SHA1
3db688059c61a3151f120a1cbd49565ce9547566

SHA256
161b03c5535ef6164ce31002f4362d0cf545898909c141d91cf0b748453bcc0b

SHA512
39f90d58db78dc7baac0f8a11b0346d68e3d14fa7ab35c04e9cad88790730fd42413f92254f2925961c810c257e9cfba3cd5b5422716d2d8a6d4cc3aa92253a9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
35924118b5b4c58cecc1b1a2bcd6bc31

SHA1
11a4a78b111ce44839a6384d6b68a4d361036368

SHA256
4a4c522ad24852ed03c9e6c2d915b783a3fb732bf66766a9854c1293db59fd47

SHA512
d54b7b903550e20c7f8c66acbf2f9f42d0a707e74b62eb4b129f29b7624db227a479214eb63145c884c6fd5fa3fdc276799c86c02205212889abae9048bd6975

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
18c42bfd8185add401b105eba68f51d9

SHA1
6292d3c085410bda377da0fb8e025c69f6931178

SHA256
21bcdf4b86c297fc291b18e801466fc2d1c0a707e1e5f5a6c2f72cf2b9fe304e

SHA512
5d151a005e949b441e9dc763036c9e38f22eb90c32fd6f33fd943bfb05f781cfbb00dfb41bd3218ae0dc608fbe659fb4595b5c6f15d4643a012ae04fcf2f7edd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
7a7bccabeb1f04301ffe213e5b073dc5

SHA1
195a85a50c2abecf83882ef0822a56c5f9537698

SHA256
04a897746066741c77fe8a6e901f390a5d1e41a1b3c9b1f11727f450983f7787

SHA512
a4ace3e6c717e251f6bd8094f5b2d736e98d50e385a94a691b9e20d5870aa83e9633c0dc7d917e1dca5a6adad81d7692b4216588103e148d93550f13d1608f78

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
2bc72cdb9c5ebeffed0eb458bae38352

SHA1
e9c45ddeb8c9c33d5ec26e97bf458387e5d1e2fb

SHA256
356ae95952e1382fb0d5b5ce1ca4fde92dc3e224c861bb6fb152ed0b5129f818

SHA512
8aac91116451a7d34c080b4840399b22684a8159a678f2018b5d06b0b600f3204c61cbab20ae9d35ef7a091ffa203d391946088a819249944c067d157671452b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
6b0793ac67b0f41dbafa1f6492b000a6

SHA1
bfaad91bbd3ebcabdd7f586811afdacb7398dbd1

SHA256
5ed45ad2f6d4444874b90349079e38caa6c5500e9bd4f1d65556df93ea7bb795

SHA512
f720285c5608c1acb143dcb0f5aa6bb212e852aedfd5ec39b1f757bac3a63b925ca6043fc723f1be8e461d63bdbf3d7dded35525dbf20a7bb1aa815b7aa338c7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
ea1d848481ea576ef5f987ac332f41f2

SHA1
bf4a0bdc8671cd7f1fff754da6882a3bb03cef5d

SHA256
1d72c1130a5526f2b93d3719327fad54889287cca5a26ebc719f30a7da8d2887

SHA512
26fb07f10efb5761a44f64f7e920aed676e399ddd01a09fdda6a0773e0d8b7823f43c08c2eba5a093af24ccd4ed5c263d790af9d10922d5c13a8381bd4ad359a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
3c07623a7b2d7a92d590221f71e5b9f1

SHA1
8c13944c6038806b67525fee7122768aa6dd720f

SHA256
21cc4b2743bd646de3228b7a92485d0351315266a5481e9b27e1c76ebd80e3ff

SHA512
274cbccb7871d3895eb2cc3777fb78c268f2fdaee216769e0db71d83e95c008ed091195ab78042e33ffa57b9bd08473ca90f63b993fdf986003b63d20c57ad5f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
f670abebf8e3dcd27909b2ed8b852fd7

SHA1
2a2f6383e62d0fef6aa81f122c365eebc32f6b8c

SHA256
37a306bc8a1a6a9fa09aa36ffe9f03ed7485c620903bb56b4a7773356435f8d3

SHA512
0b5e54d0a756c2dbe71149a144059ed921af623b28f76638004c5ea00846f64118d31af022f62a5f4b461af7b2b52adb2632ed3ae51ad36990529a6b8278bb3f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
2d3d980855c20dec1d7ab67230359ff8

SHA1
c57299f5be65db3c051831c8937a02896fb2d932

SHA256
d54911c10f1ff9fe9ac450600d7ca1ba118ba118e782e235aac729ab0731020c

SHA512
0e9757df0f4eddd1c2fd9ef848f011802fc740ecfb96249adba121cd843f45ac171f2635cc914dabf11402cf5da38160e0ad875d4f6c598554120db315acf5f3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
6c5221ccf5f9bcafa4c6029770276d8e

SHA1
a81d0b5515ef1c6fa60ab1dda27936a8eb1ba492

SHA256
4075dba8034ee6ed83c502436c06b66a75f885e81b7df663bdc507eda9fb0e07

SHA512
a2e5297a740e061d4d02d8ad6f3c1120d3d955469cab6f08c3bc3c1fce7e250fbf7ec2f67cbd9e96323d2e0bea0086b627b081751c72ac5f9a9c8414c3f7ba41

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
5791498c09fef71fee683bcd2764578e

SHA1
09962e9c3548ffd3909757716c45ea4f330b40bb

SHA256
e755c6cf391dbf6e5e7cf4e274b97f4fd48d9dadfe9a8d1a02450e0a898661dc

SHA512
be439caeb03ddc4bff27945b4213c45599e32f3d66f2d3fb348724cb76ad59da5e1a5734ddf6e5ede604f41e366123502f5407f5457e5f2194d96b28a04ac74e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
5217703e86860e4fb2acf21ce3390c13

SHA1
56350d3e80d269551ba14e82f65f4c3a33940a01

SHA256
4a862f2e60374d3d179156ec867511e8588beb56d696f772469c27e10cba3ae9

SHA512
fcef4a82c37d9dcf6a4a30b78b6caf0d0f7e79dbc151b84680b415e2a2b41e043e748d54fb5e79808d18b32b16b9610f886a850559d7dc99f39fae59968dbad3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
0fadc0dac9e0f101c7ad8a4265029835

SHA1
a235728403c15f61771a5993f804251220726f4b

SHA256
32cb863b088f4202115b53b44fae0a31a5a7792150419a6b664a11790ac8fea8

SHA512
8d95aba942971a90e6ca13399b7866c74569d9e477aeacecfcf3c6c93ddc037245b483f180b9cd90f0746a6522aee8be0b15ce0d9b14c7a1a9643b7f076049fb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
78efc593c20f42dab73ebb74be3aa8fa

SHA1
101e7ebe08ebd65e1dc70aa79a5f5ed50f5c219d

SHA256
5187348174ef1cef04e1a0079b83ddf24e7461f801a5f1fd0f18c52b3f71fc88

SHA512
532aef0bf3a2f77061e5b4255287c2bfc6f57bb6e2eb51fbe6a5a4ba0bb5e80ff5a06e3728639ba9cf4e408b80eb016d12d219012bec227b0b05f450ca25ba00

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
8e6c22c6a2df4ff5592aed6c62955065

SHA1
73779757fd880328eb21a2708c9a404e0981468d

SHA256
2fddba9ea860a4b1fc7aa22faa3e1e4248b9e27c76f643d3a314ef1ea512854a

SHA512
757e0589d48b2a87b32e42efa4f6aecb8483b60b24862d9f31689c149e4d43919f25d233e9198513818a8354951ace59f002e5d03235409f3233d6cadfbbbfc6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
73146a5fefb0cee57df379c41b42fc78

SHA1
58d56cc1a4fea394b7d774f45399da2610d96a1f

SHA256
481ec55bf5b5125af2845bbb3628bb2d51f3373e31cbd69db6904b0be2316a53

SHA512
62972601076204553991444968ffe6f1cdb91f170f3b2048c8e1056c26c6dd4d95c89b2a13cd15ece49b52d62e7340de2a4ede15efd3bc684c451ec0fcada209

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
4b3e99d3d8bf7ce2c90160b3ddb5d601

SHA1
1a9286c33ff1a6fe32a887ab7fd05ae76f549899

SHA256
b5790a75bb9346dca68c2ee5477077a7bb68a550887320690f5ce1e38b518245

SHA512
fce3a67d9f70194c697b03ca1bb5544760ef4cee48502d7a79bb9539f4f7d933657e06f2a2ce2a7f0d25e74030ada1d7d74123f4c5edc2850fdc1d166ebfe5b3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
214471646000ab2f0d8875703f75790e

SHA1
c1d6b6e67ba91c8dcbbde0aa0a73b1779af501bf

SHA256
e84cb87d5b9603f0855263ecea8335efc9a4e2cc9df0e774c382fe8cd62fe943

SHA512
7839f339ba8b4eef8d8390e6e2af35fd47d51ea26795da985cb7dbf6687222ebc106f5b19884e0407829e9e52b2448ee3fe40d27bf19c11197af2e03f3d9a878

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
277159690676dfe4cc55e30fb220e5a9

SHA1
d1ad5ac15635388340ebc2e6421361008d6b75f8

SHA256
e1674c83493e99cc615c8150f8a5f5d6e3de11ef960a97c553d48b9354cd8cd2

SHA512
df0465edd644c6c3135f48bb6ee1ba57dbff423b1707229d41d25a5af2a1c7941a92869ae2366436913755f9a956eb32de6f7dd0ed3ccf6920ed75482642a11d

Download Submit
memory/2204-8100-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2204-0-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2204-8101-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2204-9170-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2204-9171-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2204-9172-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download