xorist | ddc65ddd5ca018e866dee73a108495e2fdd9ce2c89ca39cc5714b98f285d52b5

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
30-10-2024 23:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
Size

40KB
MD5

80b156fb3106a577e24eebb566dc92af
SHA1

ead6b12a477fdd9d1fe254fa20b6f62adba79ee2
SHA256

ddc65ddd5ca018e866dee73a108495e2fdd9ce2c89ca39cc5714b98f285d52b5
SHA512

4a42bd8ee87f3a075d6406dac757c9d872c99c6db310cdb5b2b0f9b1a943ae43e6ef9e3b8ecb1e5196a8fa21b62f0e1a81f92ddbb739ea37af0746d69d7ede81
SSDEEP

384:RebFNw4Pk1itKkpAjjalrwxjeAqYvjS7kDCgSEEk0BG+0MB:R0FmBkpKjNheLY77DCUEBL

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/3044-4-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/3044-3046-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/3044-9057-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2166) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XclWp5W9KAI6fNr.exe"	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\mdmke.inf_amd64_neutral_3e4daa83122b1559\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky002.inf_amd64_neutral_525d9740c77e325f\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\v_mscdsc.inf_amd64_neutral_8b1e6b55729c3283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\et-EE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Failure.gif	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_preference_variables.help.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iirsp.inf_amd64_neutral_25c14d33af7f54f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc006.inf_amd64_neutral_7e12a60cc98d3f89\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Foreach.help.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_While.help.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmega.inf_amd64_neutral_f9c441ed24f00358\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mstape.inf_amd64_neutral_c2bb3ef1c45cd5a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep00a.inf_amd64_neutral_92a4c727cdf4c2f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_troubleshooting.help.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\lsi_scsi.inf_amd64_neutral_cfbbf0b0b66ba280\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pssessions.help.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky005.inf_amd64_neutral_8836be987024e6a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\catroot2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnkm004.inf_amd64_neutral_d2aee42dc9c393ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions.help.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_trap.help.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Ref.help.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Signing.help.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcm28.inf_amd64_neutral_d3fa0f62d3d7cea1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_neutral_b71dd3dadc5c3e27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep00a.inf_amd64_neutral_92a4c727cdf4c2f7\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky009.inf_amd64_neutral_8e54c9ff272b72f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnnr003.inf_amd64_neutral_c07c33bfb5764bdb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netmyk00.inf_amd64_neutral_9c0c35afdddc16d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiaca00e.inf_amd64_neutral_5a376e6a7cb007d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiaky002.inf_amd64_neutral_b898f5982403f3cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\AppInstalled.gif	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Foreach.help.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmot64.inf_amd64_neutral_1abbad2f29c8fa08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_locations.help.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced_methods.help.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_aliases.help.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_scripts.help.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_neutral_c81780c5dcabd0a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep00c.inf_amd64_neutral_f0d9ddf52f04765c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_scripts.help.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ksfilter.inf_amd64_neutral_86311fdf78a07678\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_objects.help.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMETC10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiabr009.inf_amd64_neutral_2d7b3edfda95df40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_modules.help.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_logical_operators.help.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_transactions.help.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsun2.inf_amd64_neutral_242c76ad2e288fb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ts_wpdmtp.inf_amd64_neutral_daa64ca27846aa23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\umbus.inf_amd64_neutral_2d4257afa2e35253\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/3044-4-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/3044-3046-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/3044-9057-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\clock.html	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\triangle.png	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\4.png	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_thunderstorm.png	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg.png	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\settings.html	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01749_.GIF	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02116_.GIF	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\QUAD\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\PicturesToolIconImagesMask.bmp	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\BriefcaseIconMask.bmp	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\or_IN\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new_partly-cloudy.png	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\README.TXT	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21294_.GIF	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous.png	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\calendar.html	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14755_.GIF	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Program Files\Windows Mail\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewFrame.html	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\settings.html	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\README.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0178348.JPG	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\HEADER.GIF	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR26F.GIF	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\TAB_OFF.GIF	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_h.png	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_m.png	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099166.JPG	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\GRIPMASK.BMP	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Welcome Tool\IconImagesMask.bmp	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Chess\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01255G.GIF	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14831_.GIF	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\28.png	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099162.JPG	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\winsxs\x86_microsoft-windows-m..ents-mdac-ado15-dll_31bf3856ad364e35_6.1.7601.17514_none_0e384c71cee8c9e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..on0viewer.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5158da7ce1ae703f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-u..files-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad65cceca64de633\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-fde.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1b089b21244b00ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-speech.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_62b47e898b8361ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..on-common.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9ffe6e5324f405ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-festival_31bf3856ad364e35_6.1.7600.16385_none_121f20b55f0bde68\Windows Error.wav	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-terminalmanager_31bf3856ad364e35_6.1.7601.17514_none_524e7eb2b99a5a7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Characters\Windows Navigation Start.wav	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..ng-common.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2717990eccc05928\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..xecutable.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f8773752614f7967\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\inf\.NET Data Provider for SqlServer\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-http_31bf3856ad364e35_6.1.7601.17514_none_0ae701b82f7a7759\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..ionengine.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4bee270f6639a3f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_arcsas.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ae7fa716cfd0da1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_script_blocks.help.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_da155bb41f19b59a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..kitengine.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_2d787e81683b5f11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-scanprofiles.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b75db8646af67812\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..cognition.resources_31bf3856ad364e35_6.1.7600.16385_es-es_399f182f4010f2e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.data.datasetextensions.resources_b77a5c561934e089_6.1.7600.16385_es-es_e2824103a40f944c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..r-name-ui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1522a221b71a5bb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\undocked_gray_snow.png	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-msaatext.resources_31bf3856ad364e35_6.1.7600.16385_de-de_575d11530f8c44d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_Comparison_Operators.help.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\UIAutomationClient.resources\3.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..-ehepgres.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ede51f36a916573b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..verecover.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_5215533d60239ac0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.net_b03f5f7f11d50a3a_6.1.7601.17514_none_e65a356f3c45080f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..favorites.resources_31bf3856ad364e35_8.0.7600.16385_fr-fr_aa2f4b7be84827f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-w3svc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_233cc12f51b871ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..ingfaults.resources_31bf3856ad364e35_6.1.7600.16385_de-de_29907b7959904400\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-10002_31bf3856ad364e35_6.1.7600.16385_none_80185a32e25e25ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnod002.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_7145c9418d473b42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-uianimation.resources_31bf3856ad364e35_6.1.7600.16385_de-de_94e0f5a13a65c9f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..qlxml-rll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f39682d06355d9e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-openfiles.resources_31bf3856ad364e35_6.1.7600.16385_es-es_78f55c28dac4a01a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.Resources\1.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_pt-pt_e93415d358c6c7f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-aero.resources_31bf3856ad364e35_6.1.7600.16385_en-us_963b743473b55a81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_rc_dll_res_b03f5f7f11d50a3a_6.1.7600.16385_none_bcf3f593a5955958\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_fi-fi_297dd5f02986cd16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-u..lsettings.resources_31bf3856ad364e35_6.1.7600.16385_it-it_288e631d37460d7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_acpipmi.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_db43fafcb97b6e75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dot3svc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_efb864eb1b8d487f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..lications-clientsku_31bf3856ad364e35_6.1.7601.17514_none_7d0125c85cc31d2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-sysglobl_b03f5f7f11d50a3a_6.1.7600.16385_none_2dd34bce31fcb3d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..converter.resources_31bf3856ad364e35_8.0.7600.16385_de-de_bcae5270428aeb14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Web.DynamicData.resources\3.5.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-privacy.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1fbdde5288a38c8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..-usermode.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_10ebf64ee4a72787\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-a..wdm-audio.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9f5a779f2074245b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-f..libraries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8aca445a5126eb01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-twext.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e4d104ead16c965a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_17234946d6044386\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-deskperf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0801bb7f47f750f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..plication.resources_31bf3856ad364e35_6.1.7600.16385_es-es_35076ab9da607b9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-access.resources_31bf3856ad364e35_6.1.7600.16385_en-us_08194274c2e9166c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-performance.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f9b78bc742954cc7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1b8041b95c81582e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_black_moon-new.png	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_341a55f41ef1be52\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..providers.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2c3b936d3d73e8ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..eoptionalcomponents_31bf3856ad364e35_11.2.9600.16428_none_e410f56f6c4ee930\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "UDCILLEPOQZTSZC"	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UDCILLEPOQZTSZC	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UDCILLEPOQZTSZC\DefaultIcon	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UDCILLEPOQZTSZC\shell	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UDCILLEPOQZTSZC\ = "CRYPTED!"	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UDCILLEPOQZTSZC\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XclWp5W9KAI6fNr.exe,0"	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UDCILLEPOQZTSZC\shell\open\command	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UDCILLEPOQZTSZC\shell\open	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UDCILLEPOQZTSZC\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XclWp5W9KAI6fNr.exe"	80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\80b156fb3106a577e24eebb566dc92af_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
612B

MD5
b1e89cb1602840cab5a72e9f8027b4a5

SHA1
365ce96db523ec7af6fd133965f59eb1bab515e8

SHA256
d6aa2633aeb94a577901da646d150941253534702cd5757e0dbe24def133e1d9

SHA512
c8fcca52af576c201b99b2f262f7a2875ce862511f28ea97ef1ae75661734da9564a145cf320353c0b1ee1303284321c5f35b43a1494ca3330389104a57c9f04

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
5a3c8834f40585056d230ca9a0d2ca7d

SHA1
114383c942d18548b349e9f824f2ba16471f1b80

SHA256
c0e1b44cafcfbc43a8addb3d6fcd1974c77c5a9068f9669f416e309a679d7dbe

SHA512
9652941be6af7b5ad155407fb92ea19b0d25abf6883e0f0b913eb2916fa23fc828fb71301711a8d318cc7ddb6ebb37a031854cff452d814e25b6e600a51f80c8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
9c5579139ddd053fc30cbadec2f213fc

SHA1
234bd6d901551960ab38b8fbbbf49a505e5471db

SHA256
8806fc643a29246bd7b9e34040f39d7100e6034577911079e989ba410df9a642

SHA512
fed1f5ecef9dc6496bbea3aabc401cdccf1508d9b94fc6c4a9200a4893e42d24c71dadcf698996500c7019019bc6c10035052e63ba06a18c730bbbd356c64103

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
4ef64aa8055dfb7bbae6af376c823a29

SHA1
4ffd01ba1f81b132d7755a8f5802aef9c8d724dc

SHA256
8c4db26118b8b31cc775baa0da9e7409c4f9b7b3a3f1fab853b2f05c83f6eb63

SHA512
ed499d9435bbd3bd4a18072752a840b667f27400aa6b6f1aed2bf316f23b6fa45bf9274d0195a82c76c74269c2c41370f9dea9fc355236a92eeb74bd2628394a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
a0f76248ec9c5a29297812d3ac3960aa

SHA1
b8e984d424de214388c4c4bd0f46ea63454473ac

SHA256
342b2c9699b8b700de43f8e418d8cb89196576a98034b05fcccbb33f0290273c

SHA512
bd8559dbd0c6f54ea560beab9a37c1b9112f4309c4d83c01e81d13e74b1ff9adaaf5a4700769ee815df7bbedcd1a93aa8630cc65b1ee082fa654dc4e23a6d105

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
8599950f345907fd402ac6a23b8a3075

SHA1
684a177e92d8c74780f4df433f5169a6c8a1e324

SHA256
a2b081b646c63e4101b3459fa911aa8b52b6e32c45eee2de976961902e551391

SHA512
3e458ccc69d85476654862993b5f8fd4614807d0ada2b95d15565dcdacb264de8df7bc3d18411dbfc0c1958d89a7b7d09c864a83d20d096e791dbc8e2127917c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
972c50bcd7a47d458fa9cc527056cd2a

SHA1
b411dce5e9e0be465a491320e429d45e289f7cab

SHA256
a3b7eec2857d51491284ed4a34db0e140553ad8b99cc248a3414efd95fd078ca

SHA512
df41dcb3acd7a399a3e55cb5f5529e230eebfefe1b371ba9e61f067d3109623ea5cc29368f46a4de6e8d2e240b5ad4eb6b010e31089335e7b8ac4b0d40fa82ae

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
cb11267037456e330c350a81c8fce56a

SHA1
51b582adc023760de4dfc5ad92b64694e60c3c27

SHA256
45f9d6693b3851f3a2afa2afbc6979a1dfb943a4dc704098830a609c95ed80a6

SHA512
4bec13315ac7a9c8792241fe08b76606569dae3328b61d0b57467bbfc90a78d5cb1976bd41b20fcd3b543950d54747cf742e3a4ebaddb9c0ceb4efdd1e2449b8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
b06f2a3f64d16af0bb00dbb75ae981ce

SHA1
731468385495a69c6b34f57646a4689dd8fca46d

SHA256
ba881c90f236a1c873b35ba896de0f46cdaf950d693d52a422808f274804829a

SHA512
bdbe24a842fe129580b2e700bbe087bd6055694d0d8c74048259c5a61cbed98b5ff7d9b0bf90e1df165adaa14373bb306c14762d93e83669493f3d5af747e872

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
a538cb280e7d95f1a62e507aac2a1a9e

SHA1
62281927de11d19459370e03602a48f9dd5ee417

SHA256
b5ed39ffdbda4eaa4e6a68d3794d12290461ed32bb676709ae74dedbd5189628

SHA512
f54be0e4081d34788d18ccd226c5b12f734307d123662b890791b557df4d55b4fd4a5e5d499d28c1f97ec86b8cf2489cb30051e31c56562292506aeb08012bac

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
36fe2ed094ab5eef1917782f22af0b62

SHA1
9eb320f1976ca018ae4f98e23a6707059d503189

SHA256
e67563cd1897b12124ec4cf78f99f1e5f98bf10480ec28882f9edc94b13c7b33

SHA512
60772789589ff6c97b9bb404b2fb6c87e5c7e8a3975ce4f45169605226ea7b2a527e04d466502536bb98391e03753d7df275adafb918a6769844195257b70e5b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
8b0cbf2679ebddf81bc747d9e2e550a5

SHA1
ee6ab9b4eaf88e709ec8610df91ea4cd1ee96ae6

SHA256
f58dbe96c64ab36051d73eeb16d5b72e3021bb91897e6fc2af212774aff648eb

SHA512
b4094d1ea93a4b8d7c69eb16ad97ede81a010028ee074cf34c441c5bd13b6576a8682baa761b82a923ca6649599366c381467d00d9eace35e112aa34038c6463

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
b6a0887f45fe2cab90fc02d79d092483

SHA1
e0346db39acd814fb64d2614b0d8bf529f1e042d

SHA256
d0b621bedbbe19ae0dadc0dcbbc5bd98a93af680d028f61929e2b6f56709ed38

SHA512
0ad13429e4e6a97c142afbb5e1ef681799df14ca0ffa58454eaacd63e5f5873e6c40b3e64402449ebed824ae23f2f1c3c629f8008dfd86aa2bbf75d3a1d56771

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
4aed6b258109cd1db98e3f6e53a7b465

SHA1
f358e75963f707b26ee8aec359b9cb8d1662fd7b

SHA256
f5cfcf2fb4876d7918ede57612f12915da5f615e4b32fe0aaed3c8505b6108c4

SHA512
db284ac9295762b04527944b2a1c41996e23a967be2e962a1f776251323dddb59487a19a956bbf0360e3320eaf990c3a83f07adec0e82b23741829c60493ea22

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
1673b25d2e74b5415d2c6361275fc986

SHA1
d49c6aa2ce9ebd0b53bbc36fe823771162d97b6f

SHA256
fd4469f696235e17724185be1655ec8d84c155d392027c307a88ecdbf7cdddee

SHA512
c6c2890621abb3de1ccb1f9fae9382344b488d12725acc6af80ff19de429c28fc92346fbf4829d65b858b3005f6dc5f9af48ee07ecd6b2fdfc73016c32c14ade

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
ce223042986904539752399f40b4088d

SHA1
3f7917beb66bac9856e64752431905a6b6674ee6

SHA256
155d93eab7639fc83aec1eb54624d2f9e92460a3e687d43a87aa80783434b1e4

SHA512
2f74a32816cc348e86f211b1e3acffd197d6ff03d109471cf665f875a53a6191e82fda950e98b30a2f9b3189fadea4aa231c742a24a43a371cabe1f86398ba3b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
9cc46620b194ee3e7cb910a1e08fbb30

SHA1
90fe096c95627ab2ecab53dbd416fb4360e9bf1c

SHA256
864a5a22922d3d986c0470d91e8c1d77300461baaac040b8e66afa70220bfc58

SHA512
cb666eb36e6cb9c224a723acd1c308851662e0fdffb1cde8adb2515f2e11150ad892a05ca1db7a906c2404b016577ac21e78a36bec0965d6733506206f8233b8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
1dbbcffe61593b19bf15a627d333f51a

SHA1
b95c578037e7b0203364d690eb1d1cfe30bf6a41

SHA256
5e8deb3bff2048a0fd21c5e8f47419a3307dc48121ea605ca4812c66e4b9591d

SHA512
1297b280d5754c76597711d2a3d185a69eccf0cdcc7411aa1d2c1cac017edd17823c2dc46ecec26c23d05f365afeab897a3c4f6b4a60e7686cd1b892fe23ec32

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
a2abebae48b550d5fae5f4a39065f1a1

SHA1
9be95c42932148883f8743c1759023cd4b8208c2

SHA256
7e3b7394ce8a1991f3596cfd4d2946b23d2964e49a7181824a4e42974a61ad67

SHA512
b3988ed87c02905e1713e9419fa2abd99a8b807a799b528275c5d4ef7e2abfa811c5ab2546735b163e85dfb97cc2146096e3349067817fe5ff6f405020f7b895

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
09e8e363e853961e942758158c15333e

SHA1
5366e9be3a6679975442c28cfa92a06e896ff4a2

SHA256
bbf472568f111a59dc00da3329a4c1930e1297e91182b7da41a0304090ac9c5d

SHA512
eee00d7aee111c4cc09703b7ce906cd0df428e9694a928b8c8effca4f5d2716e7ba0cfb59c82477a3a4b3b1431d257b4a738bf96e5fe3709f669e0d0e80bb55a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
63da809ea0fbe4c7df8e2b48b31b0da4

SHA1
f39f285a342d215f493590934d04917b171e089f

SHA256
7bab70db11e085ca6c4acf749b2b4de18492e70c948db395cf6c398d98042076

SHA512
382417c37ea96efb9dd3cc38ccee371b81b2a674a34709f1eaab42dd8b44bc33a51f4ac2f638a16f4118446864756aefbde7e9160429ec29378b2fe166e71b95

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
3c0cd4fad14e43f326f7edb219833038

SHA1
1b813a0ed01c509cad7c6f08d436f825d5c1fe51

SHA256
c0a40af395ce5452e982e1febea32c927a687dab5eeeeeebc3c431c5680f0e76

SHA512
a2053effb5ccfcc5c07d1d3a402bbe0bb4981bf7f76c66c651f952e6a5a597c55a17b8d694a5437ff5c7db0f3e05070ead335e941f069c9bf87aee8576a7b777

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
1a990d30a97acd2d1f5186bb56124e2d

SHA1
452b016b24b9d5592fd01911c6008aba92ca4c3e

SHA256
acbd99480b29deddfd4c55835f36b63c8e9fc9bf36c684bcbda83bb824567dc3

SHA512
1b58e5a2d590f67606ccbb50905c7a145cd7c73896f9531aed7745381011daa0413b1bc177c9191a2ea5e3f25cf812cdb4f7b530b598b4dd167c2b0ee41b2704

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
6a36a2f49b2c8b27f24e67850f56935d

SHA1
02c45745f5cebd96ce5dc96e22522cd3e9e7a0ae

SHA256
2e3c3939c0797abc36bdc9b6f61a9ea5c4f0d43b56b4f31ed650ce5d567ea232

SHA512
53b7f551837d50c622650c3333921aad67ba891a55400e95529b37192661130a8192d4f7f5ad7da17ea5b62daae7188f59b3db801a134297433bd927980d68a7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
49fe8f8ca313ab27f7d8f21a4a22a9eb

SHA1
8c9912699d868886e5743c4a3e15bad8831df458

SHA256
d878485241b5fd6d57becd452ead6d0b427e4717c939417082ec195f4b044e2d

SHA512
f29f003a241397d7dc0fe6fb907d01c2b57f238a27282c56197e7b3ba58f35b5e9a05682ce2d6e7efd4b332413adfc9699cd5b088994f3700d4c03345f97c95a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
49721cf5d144679c4b345b3616c87a17

SHA1
9684d435f20ff89147e4322ea46c098faad40d87

SHA256
061cb94c7ad6a259487addb0bc3bf4c7f8bdab652bdb7048d2cad8af3f36ad4f

SHA512
db9937d438a49096485aaeeee366e2f10d2b9475266a7e5cb582dcc14b0bfffb8b8c017ee75250aabb662c6ee4730fe4ac951a0146179f5fd264b1c7bcc41b2a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
524990b5d2054d950048d727302d407f

SHA1
a014bf251565b1109ba4d94676e35392d229d61b

SHA256
6c2033bbc6382aff23f26877aea8259dc932e0a79a10e9c2136e41a2db114827

SHA512
0a4e60eb50f600233d4afaaca77b1efbe4ba2e0cac328f0cb7b5c4313567f4bf8c7a36cf9ebbf12e9e646f63c2bb41d5e9f67cf052029ebfa6c1c8eb8739e20d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
086db06f4d066245272a99f5a15f25a7

SHA1
ef8122969f01791f404f083aee76764a2857aeaf

SHA256
a90434551db9d43040fbc3bca741d49fe31fe87f6a090c8b84e99569c10542bf

SHA512
f058e2400f2d34cc1c22d9a5f840412caf718d14316374cb21a0655130b350d7257b3fcfb9d67fe430c7690b5cd6b6a71a14fdc7d2f5390aba82b96e1639de02

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
7b0c952e1352c9761800dcb2c744b280

SHA1
ee8b00447d1f58e081f552a2034432a971b83035

SHA256
a1e142c4d0a5a49b034f421635a98edcb1958e0330e8becd45599c25ee26e231

SHA512
195d518c42c1adbdbd96d5129b6cd5cf0742e84c9e793a9d7a9e92d6cb5c61f9f72c329df6fba87d255f4abcd0f0f8b445bd6bff9fd6baff3b75e647e467a9d2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
ab4b179bc611a66faddeab8cfaa9537d

SHA1
fa0f9cb13695705747784f12e2af9cff8f7f9f4d

SHA256
045afcac100af334df5c7ae9f22753929f9a90d0813d251bc5e7070295d2b99c

SHA512
88d64759f4049c146fec0f73f68d80043cc554900f06c29e80a9c73dcc58bda53356a624fc7be73cd92e817139292cb40d6de901f68904eeb1369cdf178262b8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
10a7db0882b6da2ab365989ff71700ae

SHA1
f325a35434d0947d40573be0b7fb11113e49cd4e

SHA256
8a93b6dc4185159ee37d7317c41c574713acaa135b14265c9aeadfff05f99b9a

SHA512
67cf050559d43f1843e1a11178556c04acbbe38fffcd5e79895a3c0e9892ffd1a8c1408f11ac36a76a4db3343992a7176231f9293bde2554027110b3af1411ea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
ebf3f5358a3aa33d248dc1904c9104f9

SHA1
cf2e990a0b570b2e09152cfcf02cbf16d4a00e01

SHA256
903b7e5b9255790e9f79f0d3ae8620d951f6ed2a05aae0d22dd07d9ca17f9689

SHA512
134e8a665b98181585e8126458e796b9f11ce39e43a7adedaf1c7b2442d3752f9390c8aab4cfb44a98802d861dbcc302d46c5f334a9df51f8a172710c29297c6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
4ee0f79ac541fd697553d50247619fc8

SHA1
aced68fc8314ab8b6b38c653a09c79fd5076c044

SHA256
25abe764a72674a78c6311258846f6852ca7303743be641cea64c48d8ca382b2

SHA512
3895cb885cd219a643dd1b2168086029c90249a187fd73984502a18963256e7dcf0eff4603a66ff7e4d5b36fa06a0862b27ccbd60b0836cdba2d1eb2d6722d05

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
bad207c23d048d3ea9970bcd2a5364e1

SHA1
be1d834375a496cf78160f10b32e8367d6a2db8a

SHA256
5a49147c5c5fd9dfb0db4872af21d17272602f621a7d36e63b3abf62ad18c8e3

SHA512
cec1f6aa2c8124e094ceed53bc3678369198c858d1447f340a647ce8f27ffbc3dacb81a8600973ed4cfc8eea4056c533954996d95a7a4518e3b03efc1946fe4a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
ac6932f383a0985de2afc9b7589dd038

SHA1
a57a1252e0c67b6420864384ed138c2899327407

SHA256
76cf937bb507935670c372ad9853e4a1150e25d10bbc7d8065de651a318ed834

SHA512
32a743a713af7c91e06ead90b9f3179fb76a1d74c74e34f7701cde2a062d28fd70f6059b6bc2eb7410feda79422b42abc3b1aebbd6bec39f6b2b00a2d1e194d7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
3f3efd3fade8bcbad8bc79d15e030160

SHA1
77297eb18f25f8b00229530456088382b43cf680

SHA256
a5845042a43feaed0b9a5d2dc08d8433217774db340bb3fbafcb2ed97e39198b

SHA512
133bfe7b99aa2a2c8e635249e947083fd9679712a1743876413674abd4afc879d15537bd61b5409d234b37637bfdcd4d958a28ef64e3498ce12fe0dc9987fddd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
8a47ce76c3af0dc9cff3590ddaa44ce2

SHA1
ffd7181a229e991b9de9f93b6e1a39d83b8bcb2c

SHA256
065185561c6836f17d2d0a0f2da5227704de86ed2b85522fa59194f909428d2d

SHA512
396ea6e90f0c96b1667af193b4dbac1643420413ada27af34c95638c309cb37a757ceccd258bbcbec97d490e5b8bda3d0cd47c4d69a39017004156fc4a653544

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
5ed694822b0ae0f743f7183708c9079b

SHA1
2cd866b141a35d74a8083645106633c12e8194da

SHA256
ae07afa0e7099244f661b4ebdcd7a9e196e3ec69b3b6462966c79f391d56a71a

SHA512
20ec5ff96714e2917b5721f30d5057eb9538bce7c1b5d37ef1900ead4339ec3ddcc6d44bd8a3f3d28ff9be9c75f5f57ff889075b1c6754947f96e88d658703b6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
653f8525626c509bc4ba2ee6663a9bd2

SHA1
c3428cf6862eccf5688b0e77bbf6e9334a44911a

SHA256
7992cfe9bd799d2f5455c3c782d24d8260593eef08565aed567c0b80240a4351

SHA512
88d6981c25e07d21faba1ab21ed7bc5e333c5b08702202624dc8c0357cd6ba334ce66fa96b41d6b4d74bffe919dde909e9ac2f93dbcc47781b35f04dd6845c5e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
1e8950c6c445508213a91a264aa4775f

SHA1
97e39da8e681459e96e6602f7279e128e484ce8f

SHA256
d6c3a2fd4b7db5ed23bf6f51737d499532812a3a5011fb49663e688a114cbe28

SHA512
bea8e163391c4f23844682ebab5ebe524616af1295f7a06a9e5cab23aee0950eeca3baf830681e6535600fe6a9c1d71c1637bab5a58554f2e4a8f90f077088d3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
9530c91fe4f8d786175c9d2b60531b9f

SHA1
1b55d1abcf72b96b7bc6063be4953247cec429f3

SHA256
0cf2313a46b99ad5ee1527bac1b416be37d357f5573ce81e6a303d78c48e0b92

SHA512
81f43122859fad0d164bcc1a0fdc0e59a246f84fb45f1e2d41f831e25a1db7779ba1171fdb0a2fc8c8cf03140a8ed82008bc110a2337007d3981168561c11b5e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
cd6ccc32405ecf28a748e627fe65d71c

SHA1
e91575d5cc91dfa142fb9044a4f7a6ea2d8c5da6

SHA256
8bb1c31c734bc6e76ef4237f8e4457c0819be3d6e29e5d971d5f511ccb1d2b4d

SHA512
e4bcb68ae843c1d76ab4750c491d658fe6402bef90ad1593ea97c189f43198d5f5a32db55c4f0e412c7d25758562f6c331332e0363bd1198501fa746df731d12

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
c43e335a0bc2f22893216de665e5c3d0

SHA1
e5f2b1e53dfd7963736714b479a02755537689bd

SHA256
7a2dad8505a03029d9093b57bd43c303fb23cfd80da269c2b8f9486c3eab5e80

SHA512
555997bb0d69a2e1b3ce90e21a07e30e502cc75e2337458859b91b2ec6b224a1e98a5902be3b5cdedb410bf8ee3f96eeb897d32d6873fb35d1b0dad7228a7fe1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
45d95892cf6b5da51772d8893482615a

SHA1
8a0a0eb97f5b8cce4a49ed19100e9a606f01fcf5

SHA256
58ddf7cfe9da9e2f408cf9376098189bf5afc1753c389925bf9ec4de9083b02b

SHA512
6a93dd75eca331fa3a1e6ecf70c8641785a30eed03999da4aada99e9c6072ca7ef0906190af43c2c6dcdeba6aef1c1d68343e2f780abca70a5f1460239c1a8eb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
2fa22ffd7408bc5699c9293ce33d79e6

SHA1
5584ae446598dda6facd1bae509beb73bd9faae8

SHA256
0ec729df62a90db8fc7ad1e4a15694a19d52a7c872442121be06b12bf5f11a8c

SHA512
cac944bf0e2486dde4a04a6179420ed1fdaf0f3ce1034ff593cc203722f9423e37260ec484a5655ece4f82ae892a9ad30859b03a3ef529888d4c2f1decd36a24

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
fe2a6175717228e1b1bc306c72d58216

SHA1
ac60c8076e495a6fdc4fe9f2fb7e49b7d78d81bb

SHA256
92f2643b527c713d24e9170c87c591bd31c068d2f3000bb50ad4b3c833e7cdfd

SHA512
f27e2558db4442887273c3db317f76e12985e24e1af34205dd7c85d3ea556506f2c7db851e80afa9a7f84ba7cbc2e06f9fb43f5a6ce31dbcb5ea3241a94e65e9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
64705402ec98c8d58ee51bbf25f972f6

SHA1
62464ffd00c35591b2fc1e5ee3cf47edb5488f26

SHA256
6f8503cf7bd5e0fdcc62752c8c85ad4dc5fb342432dd4f81a82d82edc5649ad3

SHA512
f84662fb02f05596621aa6d66c71936e14e00fe5e771cd88cadbbf0cde2ff16e32fe0d9d1f92a846e271923190512f4ab7c69dcc8655e2c55dc08a08c814a68c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
a390e98c7cf5a72ca3ad5ccacd10d748

SHA1
9e14087335d4d110262832d1088d04958a0ad926

SHA256
6b4daa05889881ebd84bc07651ae321e22e080d177179d42d121a041f6193422

SHA512
e61a6b02bb8bd7a7cd3f7fcc386c8d2c62ef9f3290d84d188ea1fb4aba03550a26969bcc7c765bbf68d467f18c9c13f196a32baef1a89c8044951ee77aae9620

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
cd64104ed9c0f1ce3f95be2291c51816

SHA1
ba830bd260e1f632a2f4b5a1ef8c873ee8b1c273

SHA256
a70486884365a9993492f12bb6112ffbf6f32ab89867f91ea3b419f8687e7420

SHA512
49034eca5b099197d1efbf7f34803b7b45ed6535a584fb1e5097e6d1ce6add4948f35ce2384d23dc6f749860398262bb0316b0ca1a7166c0295d613028710c99

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
4b5dc4511f565f0547a36ca6cead7677

SHA1
d60e6f1995e4002a6a58b7e67c7d804a978f7b13

SHA256
360a1863a73b6a6dd84ff6d48e8d6c2c65b6fde2b19b0495a2bde02c94c7cea7

SHA512
b0209f52f29f7b32d11e1b1764122cac0a3f490e029b918848dd5b83910a92144c13e42bb743279881775f7cfb3ce9476c7109278522b25fa7d2103f1b980de3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
ca34cf139cb766c91edb61f348b183d9

SHA1
76ffa6d8e8032804de34ee009e32ced763eb7a89

SHA256
471a72c297711698fdc0e4b4b7a04254499f63ad52e3c7c0602e659763d74e31

SHA512
365585ce6d96bf2b8d7fa4c3ba7fb1c45ff84a42702c97cb5d3589b8db55c439b5bb0d580cf468e6bf0b8c0cb0ca403fd87b4b9e3f6038e104e534b9fae9daca

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
82bfd0d3c08b7bb8452e10d75b543b4d

SHA1
415ab42860beacce56d0924ba4d80490e7307ebe

SHA256
b3223a90d0091350cfbd74165398e9f680bc6992cd48656e262f0122ac71d3aa

SHA512
02d9c4978e66711832f4d0dbe705849086ee25e84fb4762a31d61e9165cd8bde5cb536529d1de2702e10f7bac7347a9336234a1aef7b7599ccb1abf59dfef530

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
e869a1eea3c5b58ca8d69f367ff51f7e

SHA1
6276af2ce3fc9c93ab2c8c2332f5ec233cbbee5b

SHA256
24e2c987bdc77d6c02c96140b096b464969cab1e2a7f19add983bef077a1cd64

SHA512
0e879ec2cbc57560e25f1b12ff712f031673db68a8ac5b5d9f5fc6ff5a7fc9f7093b3d0a3090fcd971a0617e323d26cbea89d90384ea68f3a155b8716e9eeb61

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
9bc344474116dc52f4bcb2611406b0e7

SHA1
e0249193cb9e3b03a4d5cb4a1426176426f272e0

SHA256
07720e2e4f029b8cbfba78c7cda42f073fcc57bab3ae0a90a1a87640576ba2c0

SHA512
f86d4d7c5de3921a94d5e9f9b3e697274967e1f67ba07ae3ce65cf5d482ad53be8676cf8cbc298447d6050bdfc25ed06722190ec12f693fec72ae9a8fb090f61

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
fb9b0e6f91be8a95bcff4020d92daeed

SHA1
f6f294c6353ad6c826437ca0aa0c7c852795c705

SHA256
5fa8d0134ed1ef8c7b4a0842f4f3870bd0601753152b635c6a7652aa6612903d

SHA512
ce9adcd056f3a556ae5f76932d6f26c36c7632fdf5882da4a4a1cc86fde6a78bb7d44139c42c09b0846f880dad6fb7c726fe20518ae4ef10393a1b7f2a18496b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
8c94312b19c907c8a1716f40eb2ff3b0

SHA1
d8a4d3cdb8ca28ad913d8253f48e63993714da9a

SHA256
7adcc62291747e95662c8a0360f25dbf0f45f5e4d212dff5427e8451086ee0a2

SHA512
a031e7125c48a06e8959f62b13e0a10e4c8aa0f5d86cc48ed23f132780d0f42645fc3902281ecd9faa425ca1522a913dd9a0b06d264c420c50a40ed82aab03de

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
6f3b7c5ace624933cbcf1b8151bd7d7b

SHA1
5e8eaca0939273a4fde5d77a54b40bb21fbb996b

SHA256
68ed0af5da9ea9d6932e5e1b89b685f1bd59eaa1b8a3a22797ca02c05fd0d1cf

SHA512
47975aaf0063bffe8d933599a79250d9e29f138780cc64649016e18172ced7d6f1c68b5ce1acab64b5cb2d4d8b4d2acfdbebe78105e338d9ef7466b06d562a72

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
cf1eea09e9365f58bb2067fc084a6c0b

SHA1
3e97fddab1b41231a24ff503c3b088476cf0126a

SHA256
3c07fb51321b94371a3d2e7b54df4fbe9126e78d8466cf305260ee32c43fdf63

SHA512
b5c1f6127f67ec52acd017ffeacc26f45ee68c33ba286558c28f33aeea640958a33954a0c3d593d1c12c14437db94f82dcd387c77b22818cd361896b93cc7a3b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
594cbfb85b19b19fd06439f5727a0eba

SHA1
5f7adf5cbc2359211ede6ad722b8d352770c7282

SHA256
b1de7257b402d778abdb95b5c0a593bdc36a8a834bc68179ab5ed209fbd0d3b2

SHA512
aa95470322880b2aeefa4e8ea7568850f336fa2f9076ff7c4fc581f396964bf2d24fde1beaf43d91ee3b01e9458911cbc0d4ccd69ae6482c612f6bdf02368477

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
2e5a10b1cdd592f05b9789422dfb21bb

SHA1
9149b7572481fe69eaf049c87b6fad3e22862f28

SHA256
ff23a01137e3d61267c8d4627585de4dc1930e402492707288ad36cc7e1ca1c4

SHA512
3bae8873bab418812561ae621bfa6bf2b160418e17e2dddaee5a68f81397bad32f1b5dbdbe64971992dc52ccc7c2049745f0f3524639871778d04efc3d45c27a

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
943ee7174185930c40155bce08c33190

SHA1
11e61c59238dd2bd9de050d824e08bc3f7f7e9a4

SHA256
91e8acec197098a599818cb6b35ce4791c78cabf1c6cb6892d2096183ef6552b

SHA512
b60658094f570e1bbe358e649910ecfe7f2dfde9909fb1bb73aaee4a2e6a5a550ddfaa34743dfaa23df5440ef7a133236bcf379265d06ddcdfe85b7724e499e6

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
bf6bc215b50f70e0b6b25dce7e1111f5

SHA1
8692c46d6ab8705c1e974075e913573d9f600a73

SHA256
0b078127802f2672ff18c251a74e1397413d625164a27fa73c8d9b5af7c254ec

SHA512
e0845b8134352cc31bd8b775b40d8a3652f6584ff325305f418ecf99744694ceaffc6d5b6f4ff8f8a50ab5c1148f42cd94b80e727d9df5ed8476047f471b076a

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
7dce950c903c43687ac82a041fb77f48

SHA1
4ff6d377111777fbb214ea818c689403ce3efae9

SHA256
c8536abc43f316f5d7856bce72755a3a6aba4745293e5a0a76699c535daf80b2

SHA512
b17a966b04d03adeafb04af66224d6594bbd04d064a319b2bfd9f9368ac42a6f9d15fba9c6636c1cfd0b67b0698671d5c8f9751d867dea1a3850f30d92774c25

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
b0a1243c09f8308bb49a116a10ac3ed1

SHA1
fe5862d73850a2699bd8ff2f65b07f289fadcb5b

SHA256
e69c747de9d1522d257b58fc785fc9c079e6f38abf959347319b6a398e7ba896

SHA512
103710594eb11130f76aaade8927df9b00d4f0aead5c85fb76836df60e5c0bf6af7a073f55fd6d995580c93cf4b99633c573f231fb4d0e49b30cb2f77df3a917

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
d5452a470d2ebbb2b50c434fdfedfc31

SHA1
97c96b8076805788b3c94dc8af2bbc5fd486980a

SHA256
dc500307f46157719b58ca3cb8019fcc4d7f06cee64a1d5498d25e7726d4078c

SHA512
dc47dff6f67b8d438a87a89df0165400c03c688d46008a1d5c52345863fb11e60439f6878affd9a7c504cb1a6fa80de34ff84e7e0021866d1cc31383dca9e0a2

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
d4da916df8acefaa7954a11895222cda

SHA1
2785b30641e5ac088c6285b37829762943250898

SHA256
9dc25cdc50bf28cd9c375c86d23e091d113c58359e1a1f79321d3108820faedb

SHA512
cb79b997b4e973880ed9a2c795294b1cd0a3043ed9969a6c409ba06bafb0227c78f7eb9155fc03f73d9ad5906515208f7be7df58f46712580a3a37800bb1285b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
73694c2cc2c38f4c53e7c14a9bca0e4b

SHA1
a66dceb7e3118acc59e10c1fc1bc6236308ed93f

SHA256
0080c1e34997f178d5627437bb73bd0eea5caefe069f68003dbd8b5354422b63

SHA512
ca094cd61bb7b5ee228e559324ba3c5917dfdf74b0825c70580caa125fcef288eb1386411d9f208204d8063a036137f1f12bfc807fb054f1f33f39c2c6bc7525

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
f2793b7665246f8c3a8b78dae1d34adf

SHA1
bfb8450163d49703d50a54676e2a793f168cf01a

SHA256
1933abff1a607e73c34ee4cd7696359203091d80d677edaf132dbb7a4f038100

SHA512
c7b922a60a3f08ed32e56b4717cea630659af1bdc414c25df5689b9d14c4ee100cf4348de743844ebd096f945cb0dde2383a773f3a03918fd28563a300067568

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
4f9b0f5125261e883b99dd7292a19de6

SHA1
12b28b2c16f74064f5274ddfda607bb0d367f783

SHA256
6f088800af995a74d533f21850c3d585dbe25ce452330877ecb4b1aef8895964

SHA512
c11882bcb6b4c4c30daa7fb972ae372e43bc4b054de073d8fdd1dbfc9d2f1eb8260141810741d911dc9c104cb5b7a3b7b54ddc1f94e3a411660757b2eb1b7801

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
bebc0fc167b4241812666fe8b1b85c54

SHA1
22f3036d5ec282b60d90ff21dbb3bc2dd6d4d1f1

SHA256
8629f791f11188c17515a30b0591f6159dfc8d2f2f56cfef2ed6800b8568869b

SHA512
8a772e005393a47db2e85086911d219c5d1db0b53c127add9d24ff3a2204ef68334f65f7e0ff15e525d20dcac366c0b3c0525977d3b5393d64bb00d36e8c5a2d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
49cf41c4d36650215f13d18859ab87a9

SHA1
959fef7cad1228a62f81a2f4e32658c5c001858a

SHA256
752fe23b08546dff5d7be5115e6d8b8309b9367759f1df5fa761446811db856b

SHA512
537fa6759a24fa84d9a9b2e660c1229d2fba9923485de530888cc63dc8e966bba52737d97f2ab7386d54372c7bec5ab0f259a7b5c01d9a98ee270fa97f6840d1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
d62083a5bda49c670148ba33511a48ed

SHA1
dd4f745b61bb0a12f155918496c1b04608e3fa66

SHA256
2bf0408fef9c0e4e57100355330c799dfec60d380be093f64ecf8fd65de3f1b0

SHA512
0de05d6a575da2e4bf2520f09950197ad50394981871599e4c8af53b9c31d3884fa56976a716f38e283fe74e7013e52d3345202ade68f6e94e708f50743a9612

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
72046d9ce2b319185af8e439624582f6

SHA1
46fbb2926f66469ae85f39082fb46dc868dbedfb

SHA256
fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd

SHA512
17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
eca3bd06305e340d106c3eb6458e0dc6

SHA1
3ca070ff75de6651b48a8fef78a09824544faa68

SHA256
b3c1a74df08e5ed2a0f67d625cb53eb34f610a8b1644a613e6c6ef0b537a9c10

SHA512
060c2dc4987d83ae3da4bfe7e643e28723538d4716d03bf3e9ab4f1b1c5c8f7cc77bca069363e7090145cb8b3a9c2a9b059f85d9e718f0f10823f8f7563fcdf3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
b5ca45fe75d7640af6e76a9ba508a789

SHA1
b00f53c5462ea99f5ab6e90d66dadeaa19215f6d

SHA256
c6725adbf4fbf898ede5b63443f6af6c4f54ee68f2fc96f604d31aa30231c582

SHA512
f92c9a82cf3241c5bb54eaa65ea6f7da2bcbf88521ef5e45a491c160c4cc70b1c591e7a76194342f2422ac4ba79e5afe6d9467ae52a2a79d0901ac98c9a31f2d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
28d2541d78d041dbe11032c073f66e71

SHA1
a9dd58f679dc3f9314fe7f625e4af690e7547586

SHA256
31d7757ebd3ec742093c713491578b04628312fbeb6bd40b41ea124c942c0e14

SHA512
bc2c6edefdfb160dd791e1629948a20c1c21f7ad850450d0a741cb0d961fb1d6d01fd933090235d705aecdcba37e5d608d80965205597f90e0dd9bbf6b1ac83e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
68d8f1304e53afeacb25282bc4bb6514

SHA1
f4c1ff12c90500da861c0d11d601f01b8955c9d3

SHA256
1b4122ec2fbfd1514c7aeceed51ddb95f7f98c2562eb168a7b30240b9bf1a5a4

SHA512
b6aee996e60cb167774a064f215991750b5c1095d045f1e44efaddae94d76f41f6aa18e7408012893e6fc546b5ed105120e6eb481bc6d5582318b127a71782d0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
5d8ae7bbd9146346f666bb6b851ff031

SHA1
81324e7d6d3a024143eaa60a1a99eb853bc0bbde

SHA256
6d2c3e5255674c81dd8773d3d6e7079f3d52a041265ad61edcd81d50f8ce870c

SHA512
7f86f0234a3f5ab475beb7dde6172fe83df6a2c6f3403e270462ac0c2eb0f186709076c3a2e14de6ba38c9c8df83e92be1ce2f475ec63ae3ee17f36fbc4e298d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif.EnCiPhErEd

Filesize
162B

MD5
c96d636d51313865177bfda5f5064d7d

SHA1
c8e1a6da84801fd38a80c5aca46d475c577ff3d0

SHA256
e05badabc4d61ef759d2222cddbafc02572d9a57a0ff8db578c1159351311f18

SHA512
22bc3555845dde78ee1fec95439fbd6059761088dd91750d7db4d49ec52a8d805ba8af921666ea5b52e52d91e289b36df885b01a608a6d9cf0ebe98d38a03ddf

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif.EnCiPhErEd

Filesize
586B

MD5
d1315c98252dc6598c6be422fcef6eb5

SHA1
9dac757509b3b37eb5c263aa0948dcb8a439527e

SHA256
0f2267b6661da1ee4c0656d45a8824fd89ea068abe5b8f4ec39475e5bf9fc207

SHA512
a15613f73c38b35abacbf05ce4e31de3073f37d647cec701374f74283b3297f16f4b134ea5cd7432f7018f498d87367766367456371c3cffeb9ad35a174def4f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
6c7c4cc35baa5197a008c6c793a70a60

SHA1
615b29a0672d3a397fe7a3f91b8dfcd2c270ef0e

SHA256
b78d04d40e5b924063138c1e0e61f95c4480a28b6005fd64e90db37e34fa9c31

SHA512
b0326b25ca8c8d8b41c1b00ca419bf2ee955739042234759f6e0f878f02223fa66c507c0d5eadf8b7c2a2f5c69bfd27cc1dc007de24fe0e9419f5179214120e5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
88d2669eeca06adeb94ea513b26b068c

SHA1
9a72439d25c1d473a56c9589dfa6f212c357b652

SHA256
0ce4c066ac75c3a34b5a6da2f4eef9ddbffefbf5350ded9adf3d52963aee04eb

SHA512
ea3896a23d54c3f9bc0f9baed4d50408a503aee1fae7b25477fe4c15de8f5fea28f6b42e87dc31d021b9c77b55d1df3f0b9fd92e5a98b768a2c6666b1814dba7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
fd12b5434f0a726c16e0f936ed10a557

SHA1
3a0bd8f2e52a3f510ed08a85aa25addbdafbd0df

SHA256
8f1156d8de52770e7c13953db36fa8b8f3f78921f0548d90d411d36c6c324f55

SHA512
b3ea5ad22e33f3ae635d74b37b44cd6ea88a84a3ea24a59bb19643953483068001227d46a8a41a2083fad7357e8eb55c2995a0f19a5a6aeb6d7025412288be5e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
dc18e6abf9831c56912bd27086fdfdcd

SHA1
b81cbab69b74de16fa6254cc60a003d6df712aa4

SHA256
07a3140332d0bb96996c48f7db38121793ffa8fb2f3889986ea7812180e0700d

SHA512
c6b08969bd4aa90e2fcd43ddc40a47a529c1b2a9d39c1cea174545cedab9b8c16755c2d8d27c5e5230df1a2ff99dc149b3303c4125d051c3bcee24fbda65a291

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
51f6e5e27135a77521038ba58fcd8657

SHA1
1ffe6c12154e2b09ce51b011056f1a49a858b8a6

SHA256
41be78bb26f84d4556a6c15ab0bd9dbfa7fc21f118e5b6e9afbe6c482e551c83

SHA512
a041c0074a733d6b445824acc7ca011446e623ab1be7eca0eade62170025bddcd460464ae53b15035d281a0a57432a37878d37d22204f6463bfd93d478d3c92f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
85812d30d5f2a1ab7d98a21956ff0a68

SHA1
c15064a54045b65c3274da9256be83ea0ec07318

SHA256
b8bddd9d408f08c7a29f72414cde78821c652ac95ff67e42c15e70435eed19ff

SHA512
1ffd5df76be8ed11390aac773522df86ffbc3d48f81e00f18d3521905411bb83fc0c7dff58e423304d8d56a1104b507be5f995e713be913ca4ddf63ec86731ed

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
40e2e213542f1daf20b5f55766dee53c

SHA1
aa4161bfc0bccd31c94926f87d381ef99a10129d

SHA256
f100ce4a8d1da029b0ecbd821a57a7ad165fd370c450f015a347282752cb1b81

SHA512
1005d8516e62473de37a2f58fcde5f172c312e3d1037725f105fa0d4ef1a536c4629a5204a96431b8f36e63a2cf908fd761af7ea910e34092fafbea82f5a9957

Download Submit
memory/3044-3046-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3044-4-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3044-9057-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download