xorist | 45f63a47b0eb91b4884412f2f1f43958cd828da8150e24eead72304a27bba0d0

Analysis

max time kernel
144s
max time network
18s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
17-10-2024 19:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
Size

28KB
MD5

5372b5e73bc8bec52bc1abf0eb4913e0
SHA1

9a6fb679e2502ac036c09fa753267993bc1978ef
SHA256

45f63a47b0eb91b4884412f2f1f43958cd828da8150e24eead72304a27bba0d0
SHA512

77ec783ae3c1bf875ebd26db6b59b131ac1a734cd503f3c9401a89db67295af4a8cabe545ced80c7f9babb88d2af45cba5a0f8dd820a976e92614a310978082f
SSDEEP

384:z5prr1gkDCgSpJKtZne80rVIDOqVEM7ja7RPd/5+2L13cU5kc8T+pfBkB:zDrVDCjKtHhOqd7oPdB7R3FdS

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 16 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2608-1863-0x0000000000400000-0x0000000000416000-memory.dmp	family_xorist
behavioral1/memory/2608-1866-0x0000000000400000-0x0000000000416000-memory.dmp	family_xorist
behavioral1/memory/2608-4549-0x0000000000400000-0x0000000000416000-memory.dmp	family_xorist
behavioral1/memory/2608-6367-0x0000000000400000-0x0000000000416000-memory.dmp	family_xorist
behavioral1/memory/2608-7377-0x0000000000400000-0x0000000000416000-memory.dmp	family_xorist
behavioral1/memory/2608-8647-0x0000000000400000-0x0000000000416000-memory.dmp	family_xorist
behavioral1/memory/2608-8998-0x0000000000400000-0x0000000000416000-memory.dmp	family_xorist
behavioral1/memory/2608-8999-0x0000000000400000-0x0000000000416000-memory.dmp	family_xorist
behavioral1/memory/2608-9000-0x0000000000400000-0x0000000000416000-memory.dmp	family_xorist
behavioral1/memory/2608-9001-0x0000000000400000-0x0000000000416000-memory.dmp	family_xorist
behavioral1/memory/2608-9002-0x0000000000400000-0x0000000000416000-memory.dmp	family_xorist
behavioral1/memory/2608-9003-0x0000000000400000-0x0000000000416000-memory.dmp	family_xorist
behavioral1/memory/2608-9004-0x0000000000400000-0x0000000000416000-memory.dmp	family_xorist
behavioral1/memory/2608-9005-0x0000000000400000-0x0000000000416000-memory.dmp	family_xorist
behavioral1/memory/2608-9006-0x0000000000400000-0x0000000000416000-memory.dmp	family_xorist
behavioral1/memory/2608-9007-0x0000000000400000-0x0000000000416000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2171) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\urnL5qLL1q2l61r.exe"	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr00a.inf_amd64_neutral_e7f3f91e6832ef5c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Return.help.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_parameters.help.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\lsi_sas.inf_amd64_neutral_a4d6780f72cbd5b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nv_lh.inf_amd64_neutral_bc69f20e3115af59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_For.help.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00y.inf_amd64_neutral_64560c72e81f6ad7\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_neutral_548addf09cb466fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnsh002.inf_amd64_neutral_42b7a64f45c7554c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0019\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_scripts.help.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ipmidrv.inf_amd64_neutral_1cb648411f252d13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmoto1.inf_amd64_neutral_bf4b404852955eb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_operators.help.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Comment_Based_Help.help.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc005.inf_amd64_neutral_31e08a1c2f933124\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\qd3x64.inf_amd64_neutral_e8903726d63a3f07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Return.help.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidbth.inf_amd64_neutral_8a1323fc68ad84af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmhayes.inf_amd64_neutral_507db5d34d7acddc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00b.inf_amd64_neutral_89b555703683b583\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\el-GR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtexas.inf_amd64_neutral_7572473d88d69307\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_neutral_c239ab5d36a3b3e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_pssessions.help.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmcd.inf_amd64_neutral_49212f5920298e45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Throw.help.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky303.inf_amd64_ja-jp_b054bb0d59e0a3ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_output.help.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Reserved_Words.help.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netmyk00.inf_amd64_neutral_9c0c35afdddc16d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_trap.help.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\lv-LV\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_methods.help.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_neutral_59c2a018fe2cf0b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca003.inf_amd64_neutral_8e91d4aa9330d2f8\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Recovery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiabr008.inf_amd64_neutral_27d1c9a28eac4eed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiacn001.inf_amd64_neutral_b7a0b2f53d745b5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NetworkBridge\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_providers.help.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Assignment_Operators.help.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Continue.help.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\com\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\es-ES\about_BITS_Cmdlets.help.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\it-IT\about_BITS_Cmdlets.help.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-DirectoryServices-ADAM-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_prompts.help.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_modules.help.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Redirection.help.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnhp005.inf_amd64_neutral_914d6c300207814f\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

UPX packed file 17 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2608-0-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral1/memory/2608-1863-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral1/memory/2608-1866-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral1/memory/2608-4549-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral1/memory/2608-6367-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral1/memory/2608-7377-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral1/memory/2608-8647-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral1/memory/2608-8998-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral1/memory/2608-8999-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral1/memory/2608-9000-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral1/memory/2608-9001-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral1/memory/2608-9002-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral1/memory/2608-9003-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral1/memory/2608-9004-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral1/memory/2608-9005-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral1/memory/2608-9006-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral1/memory/2608-9007-0x0000000000400000-0x0000000000416000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\1.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\flyoutBack.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0386267.JPG	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02028K.JPG	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\TAB_ON.GIF	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\WHITEBOX.JPG	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099185.JPG	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01244_.GIF	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21296_.GIF	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\redStateIcon.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePage.gif	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous_partly-cloudy.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\settings.html	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0390072.JPG	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03205I.JPG	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\HEADER.GIF	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_right.gif	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\TAB_OFF.GIF	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files\Windows Defender\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\46.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_foggy.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_right.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\spacer_highlights.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14582_.GIF	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_choosecolor.gif	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Slate\TAB_ON.GIF	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\settings.html	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0216153.JPG	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01839_.GIF	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\DELETE.GIF	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_pressed.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_m.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_dot.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\PREVIEW.GIF	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\System\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14801_.GIF	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\QUERIES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dataset.zip	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_down.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..ng-common.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_55e7e1458a065888\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-s..ty-spp-ux.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b63eb73e5ab62c04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-c..dlinehelp.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ffc128978cdc00c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-mmc-usersandgroups_31bf3856ad364e35_6.1.7601.17514_none_62031a1b9887a2a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-adminkitengine_31bf3856ad364e35_8.0.7600.16385_none_1ac56f0e58e69506\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_932b83ab7f6e52ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..orerframe.resources_31bf3856ad364e35_6.1.7600.16385_de-de_067ccc311d759f4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-securestartup-tool_31bf3856ad364e35_6.1.7600.16385_none_9855f14806fab3d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-hlink.resources_31bf3856ad364e35_6.1.7600.16385_en-us_cad24e0f4ed91300\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_11.2.9600.16428_none_ae214da780801b0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..t-console.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_079c517e4822f969\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx35linq-microsoft.build.framework_31bf3856ad364e35_3.5.7600.16385_none_3e476b319efb3987\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.WorkflowServices.resources\3.5.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\undocked_black_moon-waxing-crescent.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-u..rsalcrt-apifwd-win7_31bf3856ad364e35_6.1.7601.23175_none_aa31870f3e3ad077\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\btn_close_up.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-diskmgt.resources_31bf3856ad364e35_6.1.7600.16385_en-us_844346d4b571e6c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-newdev.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_718373162933d652\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_ql2300.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_54d003ea204bbf0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_server-help-chm.devmgr.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9916058fba4a6e01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287\AppInstalled.gif	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_brmfcmdm.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_050e10a0a2e4497b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-basics2.resources_31bf3856ad364e35_6.1.7600.16385_es-es_36e0878e2b9a3448\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-networkprojection-adm_31bf3856ad364e35_6.1.7600.16385_none_f05570c11bc2ffef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-win32k.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a959af1877ef6c96\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wmi-filter.resources_31bf3856ad364e35_6.1.7600.16385_de-de_199a79fb26d4d837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_adpahci.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2b323c2a285c28a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\405.htm	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_bg-bg_22a34e763adae493\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_iiehost_b03f5f7f11d50a3a_6.1.7600.16385_none_56100bff47b890a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287\WindowsMovieMaker.bmp	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\Web\Wallpaper\Scenes\img25.jpg	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..integration-support_31bf3856ad364e35_6.1.7600.16385_none_8429bbdebd38db4a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..tlocation.resources_31bf3856ad364e35_6.1.7600.16385_de-de_634e828ed5dc0229\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_windowssideshowenha..river.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4a634e0fe8292e19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.1.7600.16385_none_a0321d263a2c32b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_el-gr_84471a5db7df79bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\1029\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..eady_eula.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c4a3b307f7533c7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_black_moon-last-quarter_partly-cloudy.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_securityauditpoliciessnapin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_24eb6f81cf8ad15b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wmi-filter.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f15b982ad2f8e35c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\EventViewer.Resources\6.1.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\inf\TAPISRV\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_Command_Syntax.help.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-00000850_31bf3856ad364e35_6.1.7600.16385_none_4d1dc856b28f6326\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-taskmgr.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d67dc559c08dab90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_1394.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_be7b3c3c3bb78fe4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_gray_hail.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-grpconv.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a06030ab783fe2d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-imapiv2-base.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d79373e6165fc7c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_WMI_Cmdlets.help.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnkm005.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_52fe3719f15e3465\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-udfs_31bf3856ad364e35_6.1.7601.17514_none_049f9db233833b25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1\prev_hov.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_nl-nl_5babb207a1b28455\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..c-style-performance_31bf3856ad364e35_6.1.7600.16385_none_1d8aecb671a2bda5\Scene_loop.wmv	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..ment-core.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c3debc2d5eb92b3c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-keymgr.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_90b47c3b9464c3b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-jet-ji32.resources_31bf3856ad364e35_6.1.7600.16385_es-es_543603e382e505e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LJLRJUBOTSADJMQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\urnL5qLL1q2l61r.exe,0"	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LJLRJUBOTSADJMQ	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LJLRJUBOTSADJMQ\ = "CRYPTED!"	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LJLRJUBOTSADJMQ\DefaultIcon	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LJLRJUBOTSADJMQ\shell\open\command	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LJLRJUBOTSADJMQ\shell	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LJLRJUBOTSADJMQ\shell\open	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LJLRJUBOTSADJMQ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\urnL5qLL1q2l61r.exe"	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "LJLRJUBOTSADJMQ"	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
928605187cd12b63bb1c8797573b6369

SHA1
4605e66d00f4487c1bb3e0b9c434f35649376858

SHA256
a295cf1e03cbcab1d78c1774fd923b6b77de6b6576d0395f273641a35930a7bc

SHA512
70fdf201686cba889780d3ed775d446a62f6b801c14365e64be4d95c3583fdd648ccb269c0578eb6809341ac28ee74ead08cd400d01bced1511b6e552ec72804

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
1cc936b56b1a058511e597cad846275a

SHA1
bacaae542c29fb650b401c391687fcb219394814

SHA256
0121852d5a54fd01a4a35c3d015a15d4a700afee846244ce82109b571decf934

SHA512
e08e6829905e35043dfbce5412b29674bdfbd1823076ace090a3b519168800eb24629ec6d454e827a87ed4ee53716af9773b8f538749588fda17edeae652fdfd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
67f403f551e6d54a9a5291868ed1c02b

SHA1
91417699fcd5ef04b42c611ab98141ce9ad7955a

SHA256
bf0b1e044d8c6d8680b34136c0c6f9a90a51cfbb2f13ba2ee16e488b305b934e

SHA512
79a6847ac174c060d12deeba4acc9579d3bfc728c9544ccd1a65647d6a5938a82012c7bc6d8297408f3d42d644310bc67249d14b127f07d41f2e242b9125a206

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
d6cb192de09f46f049679e36cbac78ba

SHA1
4b1e4d97d663c04c135bf1bbe4f6a866b0e79d2a

SHA256
e5d1965ea969b1caec44f6205f508eff74ef1cc85e53bdf3f1d1f739486add16

SHA512
ba3c30bc53c7c0e1a9618927567ccbed8cb22db13e7548ecee05f41b4b8070313a02bcfd78ffe2804985466444b5b50697a468d1e6feabdea78925cf6e9b9a09

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
d594c3c10f25f05d383a8b238d006f28

SHA1
f00e0ada793dfab57d422cba0822342ecbc5f20b

SHA256
56eebcbb237e65987af08ee4c41cad1afee6b0b1c2ce28dee84608b34a0814e9

SHA512
7a1733a34fca9783a2fb1f639db2393326aab3084f37ebb41d81c858e046aa6f86ca3d16295194fc641fb066520301e9492550d3e1773775764697da5b1caa94

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
5273b29902e0dafcc0efdb0e8d8f6fe2

SHA1
6b6da6db5c11cef93554047bde7ab0da1078d4ee

SHA256
9b61c79b8d75cba228bb42636c4ee2a50d5523876f246f8a62a57c6671c83fb7

SHA512
9266c70367e612c0da40b2d2d0f024639bfb63aa4e44e9984a817b718e777fa69ec14e0963a5f267e6e8c04aa91f454f90bdd796675b03ab376c765f3a1d8230

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
3243a6c5d028243cc14d6d84989c90f8

SHA1
69ca785d562b3522fc303bd735dfdf8522af908e

SHA256
426c4895decc5b30b16c4ebf678c1dbb7b5ad9ba485870af842cb88d93b99d62

SHA512
2b33709975484a10c9b4fa4141e34046e21b34fd682ecf3e8dd0068e9c73a789f8cee741a634405a91b713cca3f5bf3b871f9ee4015e90797797b9669735a158

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
25e0ece95a5b258d48b305180c7f0d75

SHA1
8f3eb954c65130a02eb6fac4330aff1c1971dd7e

SHA256
20dd557a3007a394220d212ccba534f97082d97f8e2b52ea0624f9c2fea4f555

SHA512
c9c9214d615140aeab856bea61ff893afae70c5538f685f16e019cf5bf2454f0e786d8ceaa7631432f0c7e68d77e1df203803dc529c7c0aede07480e1b54033e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
f0a06ee443f0006bf2d93fdb4244ecd2

SHA1
b654308fbc9c07a5ac3f119be146c84c0102fbbb

SHA256
7339b8117e4db056ec497a3b95feb14874543c01f0864c25a0f49042eef3a3e1

SHA512
4a958531cfee1f8db7986f42449ea5df1f413837a4b9f2b06fc9eb9c8e2ffbd5bb1b7d8aefa241797d88a59c7cbd05d9b0f86f210a6bb4b29d89d5262289dc50

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
8a02d424bd9af9103258ea80673360ca

SHA1
67a96e079bda9e27b709f03649ced67b7b7e8a02

SHA256
7e3644b7b6a66d64c143fbf40eb7de29988f1817804dea97e1d99e538c260b49

SHA512
cf46ff17d91904091d87d9ed306ee3f749e5b0de99c07c543667d4e4ef99c656395b43cfeb587a0e6898f144982df4d122c166fc5950ca9d5e144b3ee3c6b916

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
87279e7a5a123f913660cecaf87c9c1a

SHA1
cbe347bbb017d6eaf89338644981919735b070d8

SHA256
17a0e2a7dc752602b428a82a3d28ae4de017373e00e2a594044c0578cadbe463

SHA512
e39ce298cc533dea442c940d67938c6833afdb18b7eab88dcf44fce28539b87113d88e21863caed69ac416592436e6bfd34a8107835d4f6d39e8c544c16e1a4d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
11a91eef9a1627d02a9b4f68f675161a

SHA1
a7e0709a260e25e24035b990a7373f41c063bdc4

SHA256
a333e54d6d259925b09b4416db0fefd30a01916b7dfca34b2c1df350ffda85c4

SHA512
b1be6e5e573d1a74437a5a1078aa1511140b0013495ee9bb67257f78ec92206b5f7624eb8f8b30418b11a6a6b6a5b6ce8fa53f47b686cd23f520b4079c788094

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
17b2a8d7947616b4c84e03a618948227

SHA1
2933334be0635fa7095d1a0619ae6c56cfabb73e

SHA256
aa9706fbf1478d85f081a84bbc73aa84ea30f83babc069046fee5d66a8100d9c

SHA512
3c806633401364743136f53b531bf23ea41b4e7c49f2ad9f85015daa475e7a545ed44e93366ec0b62a661374901ab438aaeda86536a0483439732586dd81a0b3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
24173b40a2d7d0e1337819e9023c1cce

SHA1
dde7359dd42d60aa917d4c55d2ac445f4ba6d635

SHA256
4251eb3fb9916ed89bc7037a819539486fb5eefc6c98c1363073f973ffe90d9b

SHA512
3076b55465d46b9375b95981b8d8f0bb922fc08d7b9996efdd95243c043ef253af78e6f519de360cc8c9a8acd3935404a5d203a9a2612d08eb2ceeb0e6cb9d6b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
b78325bc45a95db0a7df6c34b43dfb67

SHA1
b53ea4d91f67965110c60453011d09ad0a16a1e3

SHA256
ed328df9173d624b9298f0dbb06de2e7e815010610f73b4eeebefb1e473c7e50

SHA512
bddf66d678474e101a97c90b635cd8f41c9c3f8ab6fc1f5ae677a28477934d0219ef1b5ac2cc9ec0bb8f9dac20e59187e498c23d809ac3d128a1fa0706d40112

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
3f0e8815a4a1ea42e9cacbb89fe50f5e

SHA1
c0297d40531561d0ede48f241390d31116a21be3

SHA256
ad8e9e96995948ab46ebf6162d0f6b331f2f5b0272538e14b9ed2611f0e3e588

SHA512
fa21a3f69bc707a503ae20d4f09f7f572c9e41a2512705bbddd03140a0521f394e3d6d10b116ed02a8fafb55c8212a0ed0de46aac66625a55b5f34d803198e68

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
6bae67ce11ea60df9419da647f3cdf7c

SHA1
93921d7813b9301a059b7208bc6ec707de55694b

SHA256
6152205fea3b63f5eed30a7dbfca45b9cdfa9df8b25f77ed16fe82e6c63a02da

SHA512
793646b63db5b6c8078a1a1fb3b32fd346f3866bda676db09284ee67cae805c0d66979bf52d16316271905fece4db39384024ed682d5fd97ab783acd913aad74

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
0f111a7dc5c02c41876fc40ab9bfa3ec

SHA1
b698c3f008faeae1ff6947b1cfba70013e42fbc3

SHA256
f3e52742e4c407bd2bbe25d2ba516d44a509824dbc64aef009667cd68e4058c9

SHA512
8c7975d3e503fd3811f5bb01e5756f7e12bd2100f5b71e68baac6486934269db5390b4bb91d10c2d79ea3f7b695dce97e26c1a71a6ae0582de7dcdc61d4accc6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
6e8e555f9ff42f2582c5ae93b5cca2ac

SHA1
a0e9f321ad9809f879bfd863277060bf040fab18

SHA256
5dd967bd90811406c7e60d046a0237f2677d0321bb3b8e5548ef55df0970b451

SHA512
519033a1d94208e2ea83ade9efd9d0013ed43c7d018fb1e081c6cebaf5c8bc396513d3716e0010132ff5171a81ee787eee67efef4fc5badc8ad6bd1ab9248705

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
057ddccdc044e5a1719914948ddb898a

SHA1
33f9f73c15874732f2430b74695fbe15a627ac4b

SHA256
7386a73c4d3e3c19b76f604ce3933f1b0df503488c442f9ea799622ca5d3e90f

SHA512
3fcac3b85493e55463da5e052ffcdd0a62284d6bb334fd1e1df8f2b125d3750bdbc4af33e8887040a3ab7d36817842a3a119750054587ee27f6c8101849e9ed7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
c00bf92dbe4b50ba605a365e88f97504

SHA1
56f2464162f31f48bb149d4480cfa1379223f594

SHA256
6a0a627c920edb404fc4c60d6d77f2bf2a1a15e90c300faff8293324fb842491

SHA512
a93eb1933282876ce5c0a1c6ce294d7c1eb4fd4f542f58f8545ae9477b59236773dd28afb3d4b6445816403e09a6f112ca7e092fd5e54dab34157fe99e682e48

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
d0eb4905223630929381398d9d90ba81

SHA1
f8c6314fb4eb1979b1f4f3bd93a4115a2c0925fd

SHA256
9a67938b8cc10961f5b2ab900a7c3fe0a81f32191092128012498251b10056e3

SHA512
71af0a17dbaef5ffdac78bbe4635ddc31d4d6b2ae59eb836bc5d5c7df40c385d28c2909a321fa2af0e7b45132d5d68482f2ee78c7bfca30e3556d14cfb3f9898

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
feee1ee64abfbac74e6a1b6a4d511c3e

SHA1
9d5655ddc7ffb88f5e5b4ae917720c112c98dd96

SHA256
c5bfa838ab988feab2316d2e639b86ccfb6348bc3d4d1efcd9c061ad54ca59a2

SHA512
cbad76b325f9749eb9568236a0329fe6eda6328437d62857e8dda8194c9f2f39b6bbafbead0de6894359fa040e23dc3b5cfa6eb22756ab831b34a86f377a721e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
29fb2bc4d779cf1dda7479d1b4462a07

SHA1
ae86889ffd6c47031de6e9c20dc3ba46fabf2d53

SHA256
0fb4ac374f5ad1322ed7cf9f64987afa51e424bd5f940c0b406fa5970b38fdf0

SHA512
7ca9910f5d021e8511c08ecbf0c42974d09e6a34f439c5daa097a603334d1953ed94242e76a0e258bff292bef0b27bbd67964d93244b692e0f26aaf5ce90e367

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
ca6cc139aa4335ce838922d91fc31cd8

SHA1
01e42c97652848d372569fe5d11acd9de1cc40c3

SHA256
d4607688b7cc2ca187eb41e6d27c62e5a1b226320e22be8211dd3989addeb2b9

SHA512
40377f4ab929941455126d65e096be0e3a3a0b80b39125793bd9df2afebc4c4636f9c62ec033daf7cdefde15f475e05d7b29903e7ab27fd34479cd0904bd0c0d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
0bfe8fc64b01d15f213be079ca00d85c

SHA1
4f52744bc0a11a18ece6ebab16b78375f7ab8263

SHA256
04edff85674df5952ab491aee10e2cbcd01a6228bd7c7d4da872b1fabcf0eefd

SHA512
2248040186cd19cd4e564b89cc7b943765d86cfcb93e5dcfce90aa3817cd2672a8887552bf94970a798a4939761ad4a95d80aa6e6abafadf0accf6937204203d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
fd1bfc418542650a1375862a01ae3a4f

SHA1
e74fce43c1abb7defb626bbd8564ee359f5f183d

SHA256
befd54c5c8dc2637688914760dc586edb42d354d0a4d8f50f1a8f759ab9f9a31

SHA512
1aff9fc281069aa765074ffc71649ac0e97e390fb3494640ca243a587bd1329e28266a104edbac8e1e7a14470d7fce10609f41bc0aeb3e9f1a9ac61764aed7e3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
855228088903a8c9cdf332a53452d124

SHA1
cbe3f76561ab5cbd49a7bfc9cdba4c6cacffdba0

SHA256
2403029d7c24d4887a26a2ad952748b17a83570a9f3e901e9b255775eaa9b713

SHA512
8b4206e398ef2309aa88d6992292fdab9415cb8b47e11719aa497acef6f1fff095cdffce1abdbc6f99217bcf40fb4dc4b685e544f0960665d2af6d6fd2f663e0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
813562bd2eb304e44335363a2e55f5f7

SHA1
65f9789528318742aff6ef70ee34db91cf67df59

SHA256
4076f2c478e84cc7d98322ace78482373b38640cafc6b267f557d29edc9cdc68

SHA512
55a35215ac68a950dadd990b3038528fcc82f5d2ee3a7f512b149dfa352688462c8fe59b586e0bdae074e068ec317f85e80474b0f9a2bc479ba24b45d9282ec8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
7483d701c2b7d01268b18f82d7422517

SHA1
27184aaa9e107a9c832333367df71727fe20f048

SHA256
2323671fcd0dd3ad9fb3ea4783101475d8800a342a4cdca4897d012872adcddc

SHA512
7b7ff50da33fb5e96f17d4e1c9ec53bd12da371f455c58e09bef57a7fb8c98e878e8bcc0d4284d78d30f4a4737826fbd1f6453660a2e570dcbf2d29cf2746fd7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
22ea03a6ebaa30405d9f11a02cc2b64e

SHA1
c9b809393ec5e920c4fe72351cb49fbe59387c77

SHA256
2facd8d846ab0134557190e92bcd4481da64527de730fcc74470ff209ec214ce

SHA512
5739015bbd9e623d0c007c7650a800f0fcea72f5e897d3783fd337b8f53670a22425921c6362c58ded84f21fcd817bdbde7851fe7c7223cd6200316b666e1d5f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
5f9abe5dc9f88850bc945845040ccf29

SHA1
0d30d957d12631fdeae12b34472bb3fb5cf6652b

SHA256
50f7ff692fc72ca3462b21d896330a4f1e371e44a2e58a7f14f9dda6c6671d1e

SHA512
d70c4d12a98357b14b7e6d65628e8488217f7a9fedb8d5ad82bdedd78b4ebce9475117e5cd9c28597766c727cc7f3abbfa55c056f4f5bb0920bcd59ba9b4bb15

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
9dd41ec0751486701036961fd1701d60

SHA1
03c86b90a06659d6b30e83119d47e7fea8fdb818

SHA256
2c1efcea8299391a7b3769a856f0547455e467a2794c75960dbd765943fb1b48

SHA512
a363075fb8b3e0bb0cc2fc3422a7fcc10089d47e120da10ff66e3c2cea517a52deb2738b4eb732e35afd62b3a4b9fc2eae0b2d4c53be029227288f6ca300b308

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
d73f653fd10c30b92e6160224c903a2f

SHA1
795c7b21e6d52640246fdc116ba594a6c7d32094

SHA256
e8fe434517242c63eb585b738af4111b3dd659b87db7dc2266187624af098884

SHA512
5350e35ae9070aab5734fe9774b151668662e4fdeb54ea516949f8d0c3074c70e25ef4483770b4a227675805a21dbd9cb03b1d1a49207c197f11f805bdd2f00b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
3940c6ef6f6255a206e56854cc780f58

SHA1
cd5c35c36c2db3cf17e0e6538139174a0a00ea24

SHA256
df26d7c7954ba6d94b85bb8f7660412bcb72110653923972a0fdf4e393e7d878

SHA512
115363ae1dd7b5a6655454dac594e6b2bdaadd7eb3455ecf18cc93ab9a201d058354d563d9e3ab6e503abd60851578c3925286292b9b05c8ac3e8e3eb102796e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
7a511777eb4e18686afb082e3a2bbc59

SHA1
97bef3361c29bd4a949b562590f66535eae47057

SHA256
7db3c0afb11980a90313a940e803474a97484aa13e24f96d592dc5a5bdecfcc4

SHA512
2f0baa4355baa7b92263b6f25e9e4c4aeb792c8695638dc9165749a9bb98b3f9b57eb14b1cf7cbb60dc4dc0644b9e49c0203c1a5d02cd0fb63e8182f542d816d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
549f0fe92ae2c2d7bf95d9d2252691df

SHA1
3331c0a6893a1e4849077fdaf0bd70d16bf3fd81

SHA256
1a20226d4742589c93231469430358672776947c23031ce76c3c91e71b6f4798

SHA512
9d00cd937cc455e113b0203f1796bbddf09a08abc9800bc3500492a466bcdb15538ca6fb7f4501f527b24b7e151044694b7e3bd67461f7b6612a760196e613a3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
1a92d0f129f2457039a1dd9233ad11d9

SHA1
f41556710b2d825843600705bf0e3f2d472a1d57

SHA256
9d80d569fbe13cd088fb8086a27adf5159d301182f9730b2a33aeba73fafbfb2

SHA512
1d0bbce53fe8dd40b34694969e69818808a1016a33fad807f0b8feddc0012387fdefe7cc1ba842fa55825b895e9f295a610c5b8915478309685407c216dd2161

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
3f06cad6f9e0f3719b0c63295a4cb224

SHA1
7bf14356dba4aeebf07bdcf89aabfe8d6e9b2f32

SHA256
de26fa5313572ade0dcf55fedf011e313b54c42049a360fc03cbbd5e2cec5b75

SHA512
0903a7825fc71a0b1579cbb917f582569f1916424c2d757460987e401ae4f88752ecee275f317dca548ea5b1a6bafbbac8092e64c94f3dfaa1f80bf34d8f61c1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
36c92d62d272fa0c1989f38b2b240f10

SHA1
6e4085f66c4b7143b60d5e42c332a936b1917bbb

SHA256
acafb58c67655e1f2bd4d1edd9f89fe82c237e82b000092ca6a334b7ac74282c

SHA512
ae1c13c35e17dd3f5eee6812c59a5dcda0512111a36cc1742e76249cb501966d0623a748b8d76fdf75769134e8f28bf649761a10e809168dfb1a49de67225fce

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
fb0576e38cb6d2094746f7ee3bf45303

SHA1
d51327554dbd7aa3bea7516e849067482a90a547

SHA256
9b0b64f69d1cb3fccd1d5eea8d688973bf71c10dda563f1650605945c9a8e759

SHA512
39681ace53215b0cf8ac0361c2d09680166d3b2276b1505d59af6025a87eab53ca1a8aa6433869c78f37ce1fd93f92d1ee934f8f360af16e1023a911adfe74b3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
9ab2fa047741616734a54df72291a93f

SHA1
a4d1a808b728a84234a9c220009bae4af437e074

SHA256
2b3377ff9c51f82c67608c0cc0926b611d8c89f4df49d22ae78f1edaa61c6f5d

SHA512
73e9ee057bea8eaef557ca949fb29702b4eb512fc6cb75e593acb16f929fbfa3b318c658f2e49e64bc900b407fe184d6207ea2e0bed7bab9b4b389c700b1dd3b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
bf0951654b2f43e16d5f888ebb9c2ec3

SHA1
817fa0945e1b3086bd4e7d822cce44685ae476be

SHA256
b50361f061ddab9bbe2bb0175b3a190175e44fe7eca951052451afede7e25542

SHA512
938fd6b4356de6cc97bacfe7e694050443495ea5c4e4792efb2ad6ae806ad762e0b545d6cc82352d0ae5cd9f3db962c88746acdfc64cdba4bfe3033cfd8a0b74

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
5faedf2dbe9e869cd37942012ef4a975

SHA1
831c6a2201edd9896839efdbb277a9206e6a6f42

SHA256
9c04f88f89f23b17e4baf770d4ca7f95e0d90bf89e631936d428b29054f95ae0

SHA512
868df57edc67e294d284ecdc5ea1cebd6505f4ef88f4dadd514040291152eb3bb705699702608638a2c8f18803fd1c2c7c521f4be4faaa5f848b57291767a2b5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
63be8c5a9a6eed0e1020715ead5ac53a

SHA1
207309995134f9e70858a3fb3a5ba0b1ddafa472

SHA256
d3b88c071b0c8954628ec345644ceb87d13f477ad948bfe8e863fdbf7ddd78b7

SHA512
5239d9135d21db25efa83fb9234da104ac06c94a9484b35b86efe5d6510d016c737c439c9515fc5f17dd49bfbc8529d80693925a825467b609d0e8014f3b6ae4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
dedc243240d7e20b56dcda0b5c4a7a1c

SHA1
73190bd7f7b104ad1083e318cc4bac5c8b92cb38

SHA256
4b9976d30ea8c8992e804ffdaa0b3fa771406cb6a4759dbd2e518a9df5b22af1

SHA512
0992692868139782311901f3be6fd606b5349cf758fe9a5662aed15c1fed4fb96e5832ec72303337859111b648deaa3dbfb978d564d9b9855842e554e7cfbbb3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
39fed8f02d20e95604ad56a1d34823e7

SHA1
0b2593ade15e02e5f22f30f44b0e16cf6591bb78

SHA256
c916ff45f151f6542e4fa9a0e5f927008cc8d342220de9d908089aca916686f9

SHA512
c974a4309fcfc6c3db58e8da06acb01f923a0b7d0cc809b9b34c17ee9364ac3102620820d0df7662c4439369ea227a46b9fec78c54337fa9cfddd65a8074d05e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
95940515a1c14847d34b299388aa9e17

SHA1
2b7f3ac7ea8826d0a7076b2d4ed8509486b8735d

SHA256
21875cad70a56ab3064e94110ca7a4313f2e303d125849eebb138e919c3c247f

SHA512
ff0a6d3cc97200f8821426217f9ad7cf192c8c8bb64f6385e4177c7f7b8bb0b722f23c90cf77e8906cf3f2816ec9f617fcd553a35451fc920efdc015822a3c18

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
8691a1557831a09bb439dc2bf27e0757

SHA1
4c0cfd34cc3e31935aaaf7a908500d0d19f21ffd

SHA256
2da5ad8957987bdb4c6902be1071939325bbd46974bb4265f726773105ec6644

SHA512
4da390e24f6de522b19a297c5e383857e1c2cf0707a31ef1abf934b9ddc3423e86c9c31e1e68433dcfbafb40e484ef4b4704555423b11e888ec54ae52d445e16

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
84174b69f2d65c05534c7168a3b5052a

SHA1
bf84547923e82ba07a54ea9cf3fb1cde8e8747da

SHA256
5f2127240244c833efaa1fc1b60bddc77d86521ffff174f4becd2655bcf71cc2

SHA512
891e12673da9d410c0875243bd1b7bf3487eecd9d7851fcd3787c3f2b2f5503e128c981fd396d55563a3abd3d68a187692f4942fc8f4892e6e20a9d32bc08dad

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
6f53c64e20aad2e37799854af7648130

SHA1
b2a7d2319c1c42e81b12e521f5eca1b368445b78

SHA256
48af865713d3d33e32bf7b8175c66e2384359dffee3d83583690441ab602a7df

SHA512
5a4ba8be7b1fd675fac03189c86e0098f12e61765f98cdde356af28f491e20ceb077ad07621dc670f1e02dee00a09cae180e4b99c68ac302ec9b255da377a83a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
ebb838b5d88c49cf2bbfc7c172658e0b

SHA1
7f5be9d4718ab39db3e2093f7b1e5458902224eb

SHA256
d5292b33c134dbcf41d81766b63d7ec3958743f460ce1b516ce75a1b8b87424c

SHA512
c17658dd645c092fd164936ffbd79e0c78b5042837f827e07452d7d01ef7651c3adc1b27baef606143606e4239d9c58a2097fcaae11ba64dfcd03c3d674ac867

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
8c3ea75a096786ea708f2973a4a38efc

SHA1
45b5566ce73975948a9955e7fec4a3de47905631

SHA256
15df49c8497e5f4981fd93a9d8cb4a40583b59a2070918833c8e1e0200a5960d

SHA512
d86ce9519771af29fecb9bc58507c5e660523c67c603015c38e5898beaa35e9028ac9f77b82694ac9ac85eddeedd7ed7e85985f140ac1119e8f2e233a8229a5e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
6e9c1b3603d5b90d989cfdbebda789f0

SHA1
fede4de4b75b348715f959369033a6469e554ed3

SHA256
1a77779889a6d3e9547a62eb661c9ebf7c5a61c6b416a9779c696c0a156ad6da

SHA512
a273462d9e4c4559c618426ce5770a0b74dce2f7fe5d24ef740386fbbb5a6a14558b3e182c3fb99b9ac5728b2488a9166a48d1f4597e89f255fc3f2cee755b84

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
6fba4b3d2680c07bd7832bfab0534d68

SHA1
e42b630a3c5ed32fb321112f15c37f3e1479027f

SHA256
5a5466bfdd7022b43cefb24a0209e12708de2324b819d0e5b5dff08be9e9bcb2

SHA512
7f385aa9866748af7a6a95d6318c05a5508c9e182a97b3b05d05cb75c3398cbc84f83cb2955082e6d1247cc42d020654aaf6f267a6a9a57795913eacbd2b4b2a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
1a3249403c3a480d2ce602f3ba975798

SHA1
4ba5f7b74d354193ea12279f91335a6a5f9cc40f

SHA256
b5e18a868118f2150e0502993f16373cdad26d0641e4e4737bbd7ee53596b82e

SHA512
5657678e37769237efed890e1274b2359027dfa02688f3c9f17fa9278b5b314cc56b85b835cad52bc4915a83fe57fff200929d4ffe5e73790e59fe3e470b3a2c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
5cc8b1de06c95c59d0fdb7f87a176011

SHA1
eeea1f0891a1e5b6170c06523f3362b3992dfcf2

SHA256
128e01176106971a473767e6c33cdb0bb687c282365641279779d8b8a284882f

SHA512
cc63dbbbb1881c29e786d2f4770e745dc00c9ad7236fda74e72a0f5bac77aad4a390599ae96c6356e4b8e65be3069f9cecaf6dc0320a2bc6d8af305f0bf8fb1e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
8e41926a9d1785f57e3a3fe868265788

SHA1
b8b46998fa4bdb41f762a572d3f8d71f8b3aac5c

SHA256
1d232ee1b2028bd85851d38bc999107c378d141b45c7397edf0f2cad88aa0b3a

SHA512
da34a2a94fd2e8f883a278fa3553ecefafaebeef7f51e9f9dab4637c301be3867416156bed9a6007d2ac332231793c9784304c529ef65232ddcb42d907fe15ff

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
131b41e9dfc0888085a474545fb0842f

SHA1
1e676d17fd5f1c6a96ee4bf8a41a0bda88ed0dcd

SHA256
473f21d597c7c3f020e71bd9fd84b1a3b96cf2c04c7b014392e466982209f180

SHA512
9042ab69a8a20ef924d9f90fbc30f8d703b308bf1afd1c3335b6db41ed72190faf3b05f614766d2b959380def2f86ce671a4fc75036985fff03504d70812d5b4

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
db3ef8d08646de71b1673d757ba2cc0e

SHA1
06e24d88d162caa454538e542b750c082266bd30

SHA256
8b41b916ee469b5b2c7fc54db0a7710c571d332627943960cb63d4a60f5b5997

SHA512
c22f93e3d37de8db17abeba91dd34b2c398113ab13260b4c54bc99bf1ee58a39c87da099c38da34149eda86c491f0a448ab85c993fbd82b2d0bf61141763e004

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
0ea7166ac798104aa4cc33a04533b2a4

SHA1
5e7232b41fe244551d0ca6b361e8cdaa9b2e0e7c

SHA256
d62ac21581ad228e4a9d0d29d3041cbb3aa34530a06cd61d60fa23ce7ff25ecf

SHA512
827fa9972b86f60b5c5ca66ada919c8a7a4404a6ee4cd82a7a6e017daec7756d744234602bc8ff6540848178061469c5b0d9c6cfc8348ef87b49bf53d4b1571f

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
7f682c6f7b677355346e15b6b1c2000d

SHA1
458ddffbba862ced4dff35891318d2b860280238

SHA256
1307df4b07b5d1335d89e51b94c96a55558ccaa2bbd4cc557e6b5b000c751c76

SHA512
e1f1d8e46a041cb7614e431bc2956207c5320055df2bab3326b5c0fa3e8be7376cb9544308b995da2d549e4c1c5bb9cfd5ed6342860edd5412b67fc6f68bcee0

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
b786f6eb8078ece7c1b8237729741a25

SHA1
3cc0d3145397f8ca9bfe4ecfe000bfcb474da49d

SHA256
b5b3074ab37b87aa8d881df921f6a0f0bd485866f35d18d2cd23b26e269c27bb

SHA512
6a19f03439466d955e076a8488c3ec1fff97237406662cef006461f6920785164a2d879ebacddbc4fa4ac50173155b93414b08c167f6a73244b120f7530c0db3

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
577c8b7c7721a8be39cac26efb3a445b

SHA1
cc40beadf719f29dd4aac862dc7f67767d130fed

SHA256
34fb2852700eecf6497242c2040e8f80734e413a2b1520ed3bf6c30837a207c6

SHA512
7f028b77a5f447ff459d7fed01cafba60f2d56edd0c8ce9267e92e143b6c56bf62002c3d7b129a59860a86aff7fa9d77ed62566b2cdacccb86e44e9777047a0c

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
1ced8abe15a384263b3a477f8a4f3b73

SHA1
33dfd58da5232cd5334e51806435f0be865a35e1

SHA256
577ec103e3d58f73c15536c1e1a9ddffbc1fa004ee5400fe822af86f63126816

SHA512
86ecd2c5a707aa92e14d49c10896d5184c2c2b42a766d567bff38f26985b1c4b4fb966903ae94ed7639f949a7a1806201e4ab7cea52cd8581241724c01692472

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
d51139a322addaab8d869dd8e27a2e16

SHA1
8fbb7e1204b78dc3f81c1fee66760402773a4860

SHA256
9ff525f5536240ec215dc51c6a7a27be9ad8a8ec43b6a665deb47890a5846d22

SHA512
f7ca2744659074d7d37a9fc55a9f1ce4845b4e23ceca6f1d21e4f21a4f90e6f44f3a915110990408c53afd7799c47470a3fce01d60429fd2bf68aec55900a4e4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
29c629f6204194cca700ce6d6579892d

SHA1
6d6e33925750e639052a0d8f2d23aae30d714627

SHA256
a2eec0a3b7c9ff53d15c5c143408dc05603cad0527ff6efecebf432b6f36c606

SHA512
929239ef9fdc175db55c255b1ad1d2e5149c6239398f2b7fb4aa22e26a4017caa245e2f2fdab9e8524f10a4f033b98f01304d1fb469e390e57ee2b080dbd598e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
95d402f96e73023820e552f153c30bdc

SHA1
3b2a90f6fd7664c9de72f447c12f4bf0d8a72e91

SHA256
2f6373c9d5ccec2f1cdf737ffc8d62b03dfd27a0fabd34456d4cfb0e26141c4b

SHA512
6e006391320ff37eb1489d1e94ae91e94e0fa41e1ae979959693515df97d6007341f561ac4d244ccb7afb0c6cc886f778c6b7687729921fb54a14506265ca6ad

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
7d44d98851f5aa28be4598230805735b

SHA1
7561a12c4462178813496a2325ee443c0d0a7d9d

SHA256
791129171a1532efcd1232db7ca268d61843b6ca5025d091f470702ae7ee22b8

SHA512
dd62a1162eb7553f25244fee659a34e6d921e0af311b7ef6e271f42212f5eb6c16bb230714e77007194718059ab9034c6c4aa36058c135d294d3ea19a8afe86d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
cea23f256b0a6fa0a0653b137d893755

SHA1
577476c0c63e8cbf6a3c3cb3bab8427dcbe2bd6b

SHA256
0926146f32dbaaceaa7d8822ae7360a337c893edc17215e9e0015b8c774127bd

SHA512
f029f34011a0f6d781ee637d8c8bde23d84a84e7d28dd231a96893c7fc6046d2954e8c8f63c679b381bc610f76480b914207a0b4c0849348dbb6b93518ddba26

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
de539ab224e601f9bf904410c001c646

SHA1
a0d8f8f8240193cfaacdb2d7059778a493e43fe9

SHA256
cec4f450066ddcd39fba40f2ab84c28e49785b39ab92d7597c2a36878e3ada89

SHA512
23ab3f9811dae43a607296c6c93711200a69c9a7bfe5c51ea9e2dd8019f750306fb4f1b098d02fcec5d588179369c5d25be08637a497b86a965991ff5ad88ae3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
dc6f209a46be65a3ec46b8c8f7709f5d

SHA1
0e9e192db1cccd7385274ba1c8ac60f627d7f3f9

SHA256
1207875a2bc86d0062f90304413a58089fb36daab489a16f35a48fce2dc935fd

SHA512
f4754ab877a0c6ccbb14c95c43bbb6bd66541c180bcea34a304ae2354278249e7396838a46a9674919e3d64c8eb1a194b750ae3b393bbb82740d0304544eb7c2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
4b063239adfca9845279fe4e04624c93

SHA1
de6993b9ee105a1ee5a7393be4584c657023e377

SHA256
40d0f80aa42a08699b9ea089c82a95217ff7857df5e34d3e2c22f8ab88497e74

SHA512
121db9f3726f1310b2632fca26198c9086962383a626f1ce321915fe2006c7574fefe85ae85353fbc0864b5f76908ada724b9476c021020f6a4f79b542e69367

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
2458cdb67a87b8b6a994272b0c93afc4

SHA1
997b63433455a7eaae248209fcc1953f7cab53cb

SHA256
0b61addfe094e1124364872919c838e1c6c24c08e362dafb96dde36414470157

SHA512
e209d2683d7b754b529f822a23b0bbcf9fc436389e1b318e53801a18f7c45d7f785a57dd4d898252c0210b4678ef5debd29062d643dbf00dd586f1d0cfd2d906

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
48a51978d0ee21a1bd4b5a0c73015b4b

SHA1
512d8a7c7f809dfcac44562785470d59f6cc10c2

SHA256
c50cf41ad37a14618f9f8a955a4737317ce43246e39b8fe57c99f908ab8c3abe

SHA512
a8eaa5138f74afec449288560d530b31a2931beab648a895064a0a73956cbe34102a4388a68278deaf5d2fbf43bf9e989d3bf6baf1af806d897b178dcf1a008c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
ab49ae6762c8bb1819d96f94355e8362

SHA1
8290e6032efa2bba7ddba310f37327f6f09c8b14

SHA256
7829493081dc9ca218b2828a6401ec2a044f127e3206840329b1f458cb9cca77

SHA512
9e17a88273719f7ae26a570f1bfc86434e1e52b2eb01b00b1e68530a978adaabd7b23da1c73a877b2be38989178780b2381f838ec00c5168b1fb975a37542b24

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
6adab358171a5ea8b40c9bfe58396e12

SHA1
c427966b320178b5ed7d4bcb2cc3be9826d3d496

SHA256
e368822565a728e24fab8dc4a31b0eba8d52be5c1802801e213c90230d5b9fda

SHA512
be63e963286244809db8567810d8d11eef80621f9acd496db2edecd1e22c8bb7e6d70eb28d69e73257be77e12bc545d8650405a3798c49495446564a193efa4f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
cac61b2f355e28a4516dc1fd47e90f77

SHA1
b5255a94aea9bbb2dd04ebe50403fa6b11338f20

SHA256
2abcb677c302842882f9a01ebe4183e6fdff3baf153003beb04257563501249a

SHA512
312cf470482962654cd62d00a280ae3434f12f50cda61db3e896932fc39a0dbf9c39facbff5d0392bbebc22381e9b1f462caa5c3a3a40987abe879e670fc7cb9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
8532f0ae12e165c3fe3f97a0a03f8b5d

SHA1
075acdb74f6ae01078b7958897a366f5891acbf2

SHA256
a52dc6cf4e7c4f386d16748272f29a7200d902ff3bdd5a3070c1562383cc2eda

SHA512
741ee801fa8a348d487e71c8f983d81c1a3e6191887ec3eb0270811b98b19b23d56242f948345047b3ba30d2697a97bcf9207b0ffe04d0e661427d0df6221132

Download Submit
memory/2608-8998-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2608-7377-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2608-8999-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2608-6367-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2608-9000-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2608-1863-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2608-8647-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2608-9001-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2608-4549-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2608-1866-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2608-0-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2608-9002-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2608-9003-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2608-9004-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2608-9005-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2608-9006-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2608-9007-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download