xorist | a3c19a448c24e965c3467e7dc70ac417c730db5fad66cde644bf837feb3f1935

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-11-2024 11:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
Size

23KB
MD5

846b3e30cd174661265a4c925cf73865
SHA1

78be287dfd593ec5e87b31ef20347bebb61abfcb
SHA256

a3c19a448c24e965c3467e7dc70ac417c730db5fad66cde644bf837feb3f1935
SHA512

9714acd51b2f23090169da09d3f9c5d804c3aca385de6e375df92fdcc0cd1a4aaa33c1c7e3e5904f013f002840b6f6da263c6fb8c7dfa503a2ab5aa3ae516e5b
SSDEEP

384:kAhgmZnWs/FBSPGvx2Ji+xN48gUbhFQa0h+dVkaioSSBMmVw+vNrY0BEY0177ZX3:k2gh7G527lLQaEU3OSS93fd7Bc

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 10 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1900-18-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1900-17-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1900-16-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1900-6452-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1900-7304-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1900-7303-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1900-11180-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1900-11181-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1900-11182-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1900-11184-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (3275) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0CipOHe37i9louk.exe"	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremium\license.rtf	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\Microsoft.PowerShell.Commands.Utility.dll-Help.xml	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_do.help.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\com\comempty.dat	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64\HPC3052F.XML	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wialx002.inf_amd64_neutral_71f4aacee1aa9f06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\Microsoft.PowerShell.Commands.Diagnostics.dll-Help.xml	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremium\license.rtf	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_pipelines.help.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\en-US\Licenses\_Default\ProfessionalN\license.rtf	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote.help.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Windows_PowerShell_2.0.help.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr002.inf_amd64_neutral_ce2134188ab21f59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnts002.inf_amd64_neutral_ad2aa922aa11af2c\Amd64\tsmpu002.xml	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\termmou.inf_amd64_neutral_207a02df8e9e6552\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnsa002.inf_amd64_neutral_d9df1d04d8cbe336\Amd64\smc770u.xml	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions.help.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_neutral_905772087ff288af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\fr-FR\Licenses\eval\UltimateE\license.rtf	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\fr-FR\Licenses\eval\UltimateN\license.rtf	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IIS-LoggingLibraries-Deployment-DL.man	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_data_sections.help.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Foreach.help.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\lsi_scsi.inf_amd64_neutral_cfbbf0b0b66ba280\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_neutral_ed16756f950857e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00d.inf_amd64_neutral_0600b2ba575729f4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Break.help.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpc6200t.xml	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\replacementmanifests\TCPIP-Replacement.man	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_format.ps1xml.help.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00w.inf_amd64_neutral_d4c93bb2fbf75723\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\dlmanifests\Smtpsvc-Service-DL.man	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\dlmanifests\RPC-HTTP-DL.man	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\BITSExtensions-Server\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_profiles.help.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pssession_details.help.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ras\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc\Amd64\CNBP42.DAT	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx004.inf_amd64_neutral_2cf95f307381e481\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\dlmanifests\winlogon-DL.man	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_objects.help.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Throw.help.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtdkj4.inf_amd64_neutral_c150a510c4b85ce7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpoa430t.xml	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_try_catch_finally.help.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wstorvsc.inf_amd64_neutral_d7bf942e99bb1d41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

description	pid	process	target process
PID 1792 set thread context of 1900	1792	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1792-0-0x0000000000400000-0x0000000000413000-memory.dmp	upx
behavioral1/memory/1900-13-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1792-12-0x0000000000400000-0x0000000000413000-memory.dmp	upx
behavioral1/memory/1900-5-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1900-4-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1900-15-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1900-18-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1900-17-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1900-16-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1900-6452-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1900-7304-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1900-7303-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1900-11180-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1900-11181-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1900-11182-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1900-11184-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Black Tie.xml	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\TAB_ON.GIF	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_right.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Apex.xml	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\currency.css	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\currency.css	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\ManagedObjects\SignedManagedObjects.cer	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_snow.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Purble Place\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382926.JPG	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\localizedSettings.css	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_orange.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\gadget.xml	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_decreaseindent.gif	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Bears.jpg	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL087.XML	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_thunderstorm.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInAcrobat.gif	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01300_.GIF	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_email.gif	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RIPPLE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0400001.PNG	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow.css	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\Office Word 2003 Look.dotx	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files\Windows NT\TableTextService\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\greenStateIcon.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\weather.css	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10253_.GIF	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR4F.GIF	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Hearts\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\THMBNAIL.PNG	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_left.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0149018.JPG	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\winsxs\x86_microsoft-windows-c..lter-mime.resources_31bf3856ad364e35_7.0.7600.16385_it-it_bcc95f1220fe56ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..xecutable.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_27477f891e9578c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..eyboard-korean_101c_31bf3856ad364e35_6.1.7600.16385_none_e1bb6033344e9a8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_5120bf8b19591afa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..vider-dll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e6943d7e429848df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pl-pl_b99e8db1f2c9fd77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wiaep002.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_814c9b6edd55c27e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.powershel..owershell.resources_31bf3856ad364e35_6.1.7601.17514_es-es_f46df698ae18a7ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..onal-codepage-10008_31bf3856ad364e35_6.1.7600.16385_none_23b8df272a315c1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-r..stion-detector-core_31bf3856ad364e35_6.1.7600.16385_none_f8beaf4e716bb761\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Data.Entity.resources\3.5.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\XsdBuildTask\c9c1aec84139cedbfe3731aa316c0ad1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\PLA\Reports\en-US\Report.System.Configuration.xml	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_11b07c1bb446e787\Rules.System.Configuration.xml	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prngt004.inf_31bf3856ad364e35_6.1.7600.16385_none_a0b67189fe7a0ea1\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_networking-mpssvc-svc.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_2bf2f100dfb34cb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_bthmtpenum.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b7a00c1d6c5ebaef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..rvice-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9710ce79b161a562\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-remotesp_31bf3856ad364e35_6.1.7600.16385_none_aefa4fc5b836c200\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ocker-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e5e7dd7717d1fd6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-multimon.resources_31bf3856ad364e35_6.1.7600.16385_it-it_845000fd0a08b2dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-oleacc_31bf3856ad364e35_6.1.7600.16385_none_c679af753c14c22a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..nager-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_61faf3992d5903d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnrc00b.inf_31bf3856ad364e35_6.1.7600.16385_none_3a88c62811ffe8cd\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_es-es_156345ada79c3f19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_fdc2b8b7cfe104b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\schemas\AvailableNetwork\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-recopack.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e54bb4e681c9ad6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-domain.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4990cc96a011b573\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-irprops.resources_31bf3856ad364e35_6.1.7600.16385_it-it_7880ca0c49b8d444\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..tebox-isv.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c0c672c7816227ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-s..ing-shell-extension_31bf3856ad364e35_6.1.7600.16385_none_70cb731d72554e78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4d6aa30008b38d10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netg664.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c939ba6b85d395df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_locations.help.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..ce_iassdo.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8aef539b8d387fbe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..ylistener.resources_31bf3856ad364e35_6.1.7600.16385_es-es_67e3340746b4581a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.1.7601.17514_none_35a3baeb53471267\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5646c597a746df57\settings.css	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..converter.resources_31bf3856ad364e35_11.2.9600.16428_en-us_2d659e1c6e219a91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-winocr-ocrengines_31bf3856ad364e35_6.1.7600.16385_none_ff3a08834cc21b39\krserht.dat	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-a..wdm-audio.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c799596f74501936\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7600.16385_de-de_39abefffc16e5209\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-irprops.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_323a3841ba297d90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-l..terprisen.resources_31bf3856ad364e35_6.1.7601.17514_es-es_0778e1220bffeb19\license.rtf	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.1.7601.17514_en-us_730a2c17c6cde135\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..licy-base.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c10af1bed239c523\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..container.resources_31bf3856ad364e35_6.1.7600.16385_es-es_23d3ea2d3beaa906\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-netsh.resources_31bf3856ad364e35_6.1.7600.16385_it-it_14631a80b10d227b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_roles_sql_b03f5f7f11d50a3a_6.1.7600.16385_none_bf800577fe8d01bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnlx006.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4c540fe4fba1b0f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_server-help-chm.netcfg.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a97ab7bef6ddecc7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-uxtheme.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a2a11eb372246469\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\inf\PERFLIB\0409\perfc.dat	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..s-service.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_15071abf563a7814\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_he-il_f7a58af1e8c52611\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_narrator.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a9a8d9cf3d005048\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..s-utildll.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6f8968d7d8886e75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-locate.resources_31bf3856ad364e35_6.1.7600.16385_de-de_10472eda18cfdfab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-locatep.resources_31bf3856ad364e35_6.1.7600.16385_en-us_25311841ec2aa490\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-1cb0_31bf3856ad364e35_6.1.7600.16385_none_c4662e307e0c342e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLQDEZTNMFKZYVK\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0CipOHe37i9louk.exe,0"	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLQDEZTNMFKZYVK\shell\open\command	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLQDEZTNMFKZYVK\shell	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLQDEZTNMFKZYVK\shell\open	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLQDEZTNMFKZYVK	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLQDEZTNMFKZYVK\DefaultIcon	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLQDEZTNMFKZYVK\ = "CRYPTED!"	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLQDEZTNMFKZYVK\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0CipOHe37i9louk.exe"	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "VLQDEZTNMFKZYVK"	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

description	pid	process	target process
PID 1792 wrote to memory of 1900	1792	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
PID 1792 wrote to memory of 1900	1792	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
PID 1792 wrote to memory of 1900	1792	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
PID 1792 wrote to memory of 1900	1792	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
PID 1792 wrote to memory of 1900	1792	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
PID 1792 wrote to memory of 1900	1792	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
PID 1792 wrote to memory of 1900	1792	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
PID 1792 wrote to memory of 1900	1792	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1792

C:\Users\Admin\AppData\Local\Temp\846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
2⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
623B

MD5
bcf801b9c2c9d2982a5513ffb8369fae

SHA1
606a6a0fcfeca0ddd6edaba8b2e27acc58ff79cd

SHA256
891de44d41b973dd0dbe910f873058f86b7bf64bdb93cda2e309ad302c8aea9c

SHA512
69a524210f57042b2fc7c2b8821cc3c604f7fa23d9007f391aef290c6e03d2f45da253b9ea89cabcebcc8ba1d86b53b0cf32cf4c269c77d1d3e4f9e0579feac9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
3424cd3e1a76c6cb1adb754b122b4144

SHA1
d14f471fb057d9a98cd8cf39a7244eb671d26e29

SHA256
f951f4a5de841c5069aa084e2434e05c87571465a032f9ca63e77241cb71898c

SHA512
f1c08bac9a41cabbac956d5b6462fa5bc02156ffb184d7cdf1db2ea0b13783e02d9db42b1516a1edb7c1ddb6160e2c383aaf5c70eccae02ae2c7b970f9620637

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
54be36ca29e960a145279462e11cbfa6

SHA1
ee86f94302311bc777232531bca14e2f7bb4b923

SHA256
48117e04d27b2e8967151db664a17aa7620317fb5a140d310a40e8cfd14f9bac

SHA512
cadd70f65c94bf1390994d4c2c49d839298f5806808e3f9833d5bcaeeb382272269bc359e54a1e91dbb8848e0bd113d416bd6c9d199cf31fb87f685edfe5a03d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
71eb4682b0c238420a05fb6acd3fd6f3

SHA1
8a7cee1b36c3ed26db9d1055db73e35ed7644160

SHA256
bf847679b0bd011b2fe709be795939ebce3b4c9addaa08d91bbe57a54e712db1

SHA512
3a2991c71c24db76d9032e41ff74eb0f988b617cc5f0b6460cb31f9f531a645bd36e0f8aa7bf84dfd4c99695def1a2aa361eeefd36a683b867f591c6a381356d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
41360f143cbebc465a01cd5f450a4a8b

SHA1
35004ffdd72888745ec042d7a5d6300511c98aa7

SHA256
55b4a9a7f054492be3221f66bd6daf50fd3f19f4eea9c8a363974b6f3dfb0f54

SHA512
968c16350f6e4364d47d8afa570040c4719e3a8d47d812075ae90dfbc2c5b04f868e64586444c994c4509abefaa97fe2cf16b015b0d71c6a26f9d7eeba57cd8c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
eeca3b12aeb30cf94b0218357bae2c14

SHA1
f6798ec936e6a7e9c5ce0a1af502ca2d63bb12f3

SHA256
0401519383e60aca5c5feadf5af6e5f2eb8edf2b9e00e640d3bd70ae26264a62

SHA512
6d42af4d06f5dbe6ba278f98247519e565a8e5d323da9a20c36df26987778511abe24f4147ea66c85822d15ca320539f7abc2d101494627b4be11e77e3a93ad7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
af6e7b0dae18a8e979deecfab97e9f70

SHA1
d8c9447ac8fa985d419be803ba010ac0f7ebb730

SHA256
af84bed8c0ce576379ad3a94d5ed8ade3ba7ccc3d6f8fb9f5cba31701e218d11

SHA512
18aab742fd4d58c159194fc345024ad075feb6f866af471e927ad95403f05c5e370a97978dd8bb69113956e0a7f85c546cf4620a93382159c6ad17115c84f41d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
46c738b5e43c35e8efec8dbf9670263e

SHA1
b85e637400bf1be356bd01cc5cd99af3d16b4087

SHA256
22c52e352e1e4e095f4fa460b34e0a1c5217180c81ab17bedb1683fda8028205

SHA512
18afb8bc29924b3a8ba6d3f593030aed1ad1457452708224d6910561150c2c2b3b70a5ec8301f01057b1bd05fab30350e10a7931e15764508860f9d44ef98562

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
8f761c58ad69c836ba5c7f4e8ed757e3

SHA1
7febd10e68745d6396d4723a1ae176f26273090a

SHA256
4a3fa96583225a190df12127c16f9c72996588aa7d0460c58fb8e582c74c6549

SHA512
5f04f340b46bbdbea0729c1dce3a5266e8038ce2850dc6e16d4ada6a4f5ec9225d2a9735f195567e2664347a6945da494142f0d7a28addc555f9fbbc8e5f4809

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
a80da37de0fc56afdbe13a1b3141ae32

SHA1
61f0a91fc909e27c6b7712de721193ffcc7b6516

SHA256
d219558695afd31a98a16a28e09372773422c28d68adae0e5aa22673167d03f3

SHA512
1dae51d25a39b466d9037d7ad4659734f0ce93d0db50a5259edbcef4dc6d5f639d7661bf5c8229cfa13defb4b6f7688e59801a8427d343262f707d1753b9be9c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
d4e3d7e9124580065744a0e240a0dc7d

SHA1
a982e90714b78204350764656a43bf235cc6fb96

SHA256
9f627efd55a4c9512a6442ccd79c0342b01f85b5f545ef7b2b7666f6b0a4732b

SHA512
458c15eac83de5fe66259d4330ac316ab8f35ccef1c46939fc2dad61ff7f1c28ba87f182774f8475bda65161195d3748e7513d2d127bdbdb20cb10702d3b0ce2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
510ac5b96b791baa83cf38089eb5a8aa

SHA1
aacd6a1a667539cb0a58e8bb80522884bb67013e

SHA256
2c697792117d3a65f821adb9555eb00d01ab2a97b5f45a2e60920b5ff472227c

SHA512
e556d2fb2d78a0b8d9ea19d7552019740c50bc89c0ca1f15520fbf41f24ceb6daba51d2bfb95c6bea182c93d0e1a1c59170e714337faefb4168056bb0575d22e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
224be4ecdfea7682b9c881329259331b

SHA1
4ace6256e94de468a4cfb912aaf235b884e59fc7

SHA256
f875cc83a130b98c35fcbb47abc6f8ac753e25daa8e9df4a5ee1ed353e95ae5a

SHA512
517c24a616a78c8a04847752e3da29e5e14dff6f13cadb700a797d0c5efb1478541968783b7219c4b41574ca05e0c6bddafc25f0a90fa4d39ded8e6f03131a11

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
edd8e63f854ca8a47598cbd471dffbfa

SHA1
4091173cb1e5a58c553090a269c790af90f9125b

SHA256
e9fd31fc75b98b05b1716a6a967d1390617249313f76fbd929bfa1630aefafbc

SHA512
737ff10bce491a715eb675cb9200f00e125b0d9bf0256b119a4243abbb7b93c6916cbf7122226ef1c8a93ce786ffda532111b7e759ae49f6b67e660336c77eb5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
46b73692e5a29e33c1c69423cfeef3a3

SHA1
c97231bc3bce7a6fc6511a025a35391acf3c0210

SHA256
5f32113eef0b02ebd73803eb1f2dde3634581bd6fcbe06bee8306e759da5fc95

SHA512
7c9dcb08c4254d8ba984ebe110a6dbc58f27387bd5adb632a6df287551a4d57fa4a7e88095858dec716cee824ee1b229c4bffa5cd558f05d12f6c8cfc4e2122d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
5fd5b189efd36972a8c95a714bf3a6ab

SHA1
d8b6e87efd06dc5f3c08343061a01217c0c434bf

SHA256
da3ebc7a6c3cd59e47912a34888d15d6c106159ea6fa39715ae056c19cad11fe

SHA512
5739b1c0c0f351b6deadfc2425577bd33cf3f81a78328af49cfd1391fe3a4fed43a5c796b2b19c926c43a6b56180768e7789fe9e1db1d9d69a55b914f12a22ea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
0b3ec02aa93f6334470ced44dcf6106e

SHA1
f38a72b43d233decda5a118802955d1dc8b73148

SHA256
640c1371b4bf41aa9ee1ab778b6a3308788b0541321ea1825ff01c32ec7c49c9

SHA512
52832115debd3100293a83a2c6f6120ffd6bcbbc794f5809d2e0a88ea400d4c67d8aea9521c8d76e99d700bbd93e512e5973d3d07a83cabd2167c324fecb3230

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
a467201ab00a338852bfd6fc202204b6

SHA1
403c15734f5a6d14cdfad1e3ccede5a738796029

SHA256
9a1bebdf377deb7f9e80a44de5f8ec8a0b01d136ba601573f5ac556dde0283ef

SHA512
eaabeb29f9bde33c649e343f4c1d57eefc9f758e80d3c11a8bc2dc981678029e6798ec1a606d5ad33a71eb007b2c7f8ec755f77aa36494e5b72346f5ec034926

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
8eb94c941d2b152ea99d2aec1eca0164

SHA1
32becb838802a04ed9694709b4657f7beb11aff8

SHA256
5eac75dd30d71de92dfd4c98f8a96275c52e9f949ae704ca119c2bad016765b0

SHA512
d77a45bf30295203b3984a9066a52e2b90ee193d72bda89a5004164e543de792bf9cec4d4e29b97ec5154993c548e0f4b0f6a410b9086dab049e12a2eefa1ef2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
e893d109870d81f3c14806bca8466cc8

SHA1
e1c12e575058e838ca08ca6dd19601a18da19724

SHA256
5314574815d8e31d226e5e2db58ab447a0c2da26e33da609e7bc7d34bd7d641f

SHA512
3f7b3c6b9b762ac99c02e57aeb08c5b4e271a5d1721a813c890eeea776232743d725a42991838b1463ea4e9934f80d28d30347832a836f6a529d1d4c3f69d14c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
4dfc61c394641d044521dc2a6ec38ee9

SHA1
4fc1cbe2c783dbeabe5ab2fa382efa0c3ee49943

SHA256
8b00c6bd54a2e2fcb45df7f435b11c003d13e4c89719e2fcfa3a3bed1907ac1e

SHA512
70919e74c940aca3edc9d6d9cfe9647d2f3bbc559477faa7796f171ac065c6a13679e0bc4b7c7c2ebe3115ad56bf7a99065dee9fe62f49dc45d05cc06d1e5c2f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
5ea183ec8e4c13120f9594a3df00d221

SHA1
c861f703cbc9177ee41e46b0480501b7b3278248

SHA256
c1ef2ca5fc98e05c308c5894e3778b5b785f8f330fa5b801f376dc21cabfa157

SHA512
f6d361e4f613e5c8ccc1091143d449bf87d9a60663ab29f836fc6e1d6d175a8657768fc095bce9472823c9897eed670df71f29c3a270ea7caf31f7dd2d43fe89

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
9426938c042782c5895e57c6404069e5

SHA1
55a01da4444c44c6354d36b44aa969af68da42ed

SHA256
2fe138874da7bac8122d1fe880a9564f21c680fb1025a218f1e0bc12c44ff95a

SHA512
494b584d5f33dc910c8a028787b14912ec03d4139c02cc6f1e3fd3daddcbedb5c2cdb9fae829cb2c2aab5ddd5be5692e89ca968a0f9a95850e250f81661eadea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
e7ef421d73c8203e9fe4bc33a5b6988c

SHA1
d7f2e3437262d1c3eb4efd5be7ebc13d1444c798

SHA256
ce638064bfc257c4b82d81e9b1f8e049574c5e1ad942dedd3e92d9d393974be0

SHA512
12007a2b9776b3d65c4fa05290e067d12cb794e1feabb74ee401420794d675fb23f55613742fb53f4b0a8bc324c7e46576d470b429d3998b62cedebe61192080

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
4084b33a3bdc46c3c1f8b503bff97054

SHA1
9d2827eaf6f79a243818bf7954ced86a104301b2

SHA256
2cef0dc01d317a3d3c62a0c95929bcb51e7e791357a36b1e9655b2de88bcea5c

SHA512
5351991e6150e229c147341c756fe6b908b2ec43956c4d9976671288dd3230827e27beee8d4d55a685cffff2df2c2560de8210e5413d932f0c60bc244656a6d5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
6c41508a4f4fc94f078f3f3e0cdaf9a6

SHA1
2318d3ae7d375a16fb6a61b74307741ed62db8d9

SHA256
d4cc1a8e6c782120cdd0c8be20f769a955edb632b77a34a51245231d9e4abf2b

SHA512
c7f577b2d1656d5c05f658ffeb25c5a577fd6c4948934d3b418b894ee5b00c60bb2e1757895950f12cb8ff21517b6a25722e4b5e74fece0d276ef08cd6a3795d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
7bfa5b635e40b20277b169c7cdfb24bb

SHA1
553b214e6bb4f3157d65bdde0434075e1f0a8ff4

SHA256
a606d8a6bcf57c833d556c680162e5349f6497f474dbc994ee38b1813b23329b

SHA512
930ae1b66a981f8ab38f3ef19a7f37b8db1c193211585bad10b230342d112f87fc07ab5213235903374cf5c39697756ea7e525b4753205cb36131edb669d2cd9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
637c2cce12f6e5251a2502755b654e28

SHA1
1c4bde8d48e341947b5312615345f429dc0fb4c6

SHA256
a789d5ca422f7307f0102869a22af3533e6cbe4babe84e0d104af87af5d130e4

SHA512
d3811993e66768242620b2360409422d5e4ef69dcbf76a5812b2dfe2608154365220048c9d5c4df24abc91242353a37f49be48bfa1d70b1e4562d7bcd0af4ab9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
e4564f839d4f6b6ec50ceb96af9dfbda

SHA1
317d3c1db8e381fb536f612f13d6dd8223d4b01c

SHA256
7f3536058569d686a67def6605b65f3f4da88fbf7b3ac80a1c291f532c7f6d45

SHA512
9c2461065d4d0bd3bc27b317e3cd81c2e1d82be47869806c9d0d5c1f78445c82b5d7a08c10be24979726c2a1b273e4e8dd5836eed5674b8dc769359d10b18516

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
2035df8cfa145b23b1a1f98b152c6744

SHA1
3169b07309721a7c94600dabc8505473931d3a0a

SHA256
87932b083dddc458a266bd61a038a0d92a8d70d75509e1ac5e6057206a830e14

SHA512
51f61b1a3717960b8c4216c6bd919678a47f80070e81c958773fd3d6b421ba4589187a183de53a2b587112a2625662880d9cec2b2b20a50dddb6abdf2c7ff189

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
b76bd8df888273cd7c3a39793927aa2e

SHA1
d2538eaf0bd0a407e20f9669560ef6c8c622c7cc

SHA256
00742a3e7e9b3c2f0f59e380a267e142bb9a362732718bd42128dfe7dfc429a6

SHA512
89abdedea8c03d96563b40431212ef79fe27c9b74fb29ec1f331663b2de2a0ada90b34d9738e012e03fb531e18dd111e804ce101992dbffe88f9fc8b57903442

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
f9bc5bd5a29a7313b3c5e73235f69ea1

SHA1
abf1dfb16d23f98dcd0bd4e2300e7a8af990390e

SHA256
13b1e9bfd81437cfc3fcd5fa770b41ad91a9e1bb58e9d0b268cbb3b1c6a2f821

SHA512
38145e614abf368174469e0d7171b1c5765808c9cdb3dda0e52a76d2ecb7863526482ae4bbf4591f99fd5e1cf0ec208224d1d5f76b35ee5ea7f5e25c412ad3df

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
e36a3a7c253be8258b9d65701fd3111c

SHA1
450251c79c3f1a229675aa14b810be4a3665ff8c

SHA256
8fe667db24da990b71583536851c16a804f7888c931eb77314f1f13e56d73e8b

SHA512
046ce589369452faad7e94405d6dc53d5836ee9632a2e804475ba72d9979b1f1c11ad291d48960b72630a2b562c3b288f27ba226fbeb5d3e697bbc84b07181da

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
32f4589ca2a7c8b0a1964f033545ce62

SHA1
8586b2263532346ac8a834caaeddc155b6e5515c

SHA256
4748c8573fe0c1276c0d654553860fd0ab4cc0a6d60e48ccad906a2eaff6864d

SHA512
e20d4a59600308aee8bee77b5540fad68b913e8cee950cb3833010ed5c240bd2b4e2e2f03bbac0ee71817c1f45a8d9d5b57b0b60c827d24d0f8442c9f0e151e1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
c7bca3dc29b1c4eea969a57927c23c5f

SHA1
54d5ed0eb07779a857f764bfcd1ccdca64714a2f

SHA256
a883f21de10b80a63bbae65ce5b38f70fbc311f477348d66892af8810bcd82bb

SHA512
935255512cced787b7dbf112440b294f49f17fbda6236a0a7f78717356272f607800af78ca0dbb1774cdd1e73b4e5071d92e1b9121971a5cbb9e413676e052c8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
9f58750243f408e9ef8a8f0c964f89a9

SHA1
77c2e9cbbc0733d375c61619bd56bfdf8ed13f76

SHA256
c9e85c20f4a98095a82707eb3138a338321215f4901363e6f451f54e2e93317f

SHA512
c21409a83a1d2f33f3b7ed48a7fdcb286787ad6867ae31cf8253201adc287d13a83241ba768a483b923be31dec5c2d9cb8ef794e510479ca117542425ecbb08a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
c0402f759b3e9d2974a9906cb73b611d

SHA1
d15178f8617b7226befb0341aba61dba04295519

SHA256
edb22727398e62297f6d0deabd45017dd06accae19c932fe28ea23482fced0de

SHA512
b633247fc3abf52ce27a49ef8b811bf5cdef07ed10cdea2f052106f94c3b7bbebbf46a658d1cd06f2bf9f3a43b99ac115ae8f7071cf349d629c2c042d5052fa6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
1b6faf00c926583eab47dd08a268b3e2

SHA1
fc7e0a17a7d43a2f2fb4c6043bdaf75b26a81dab

SHA256
4efc5309ba800c3402f45e784a73f07ed812e84d713e3e6bdc0e09e1dd301f00

SHA512
3f268e129010feac1c526d535ac28ba8d198bf803a5c6cab13ccb470a2b121c9261ae9146621769ee0a1a9f147b93830d59d563a9fb1f548cb1026fb12ed0639

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
f01944fa11f0c6e8cd48be212811f491

SHA1
31308fae5f0b0860bffd7cb0c174ea350f247c15

SHA256
404a89fab037fe232ebff83d88b16f201dfa86bd3edd5d82baf8f7518bc30114

SHA512
2cd67ec7cf526860e30f3134164f8801118577e49c8769919791abdc4a0a1aaffc2ebe38292935061baeaf6f151f4f3ffbb242720ebdf44d7816ab692feb4e46

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
2b2b566d0c7f53d7f7ef4eae927e9b7e

SHA1
37079f75b4826899b78bdf48f0d94d6b4affe6fd

SHA256
124a78eb3fd2a42a74f3785b161f72d9b28c0c3b6c227181aeffb521776e8d69

SHA512
e15d5bc6a94a808c8da6bcdcf31b8e56b25d4fb0d712878ea9ea105bb20d05b4c50b9d3df094a89147f5a07d7d190fb3ebca5ca8f3296e76d522e4749699b058

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
8002f64cd203fc95f2f208bb2695bc97

SHA1
408b9bd016a66d9fc3433e87cac8720b98516e92

SHA256
7f0bb4388266b3589ba1dad7a30fd32972169a3e1cd5d49911e71a341d9af19e

SHA512
6e4a8cce5522f602fa19e393bb4baa58cabf809a669b4e341cd221e0c28b4001e98dcef7cdf1e895e5f033d37c4ebaeb9121789019545d5618cb4e166e7ce24b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
7182dfe48b5ba4faff35aedd8d54cf5a

SHA1
024ad011f21b53aada1d50765b7d8072a43d7c08

SHA256
93ace69050bcfba233619dc33b429dd4ccd759c4e63246d95993ca6b43b1d94b

SHA512
ad5ef18886375b5087830dd444f5d5441fa0b99f6c9fe436506e86099e120dcc45ed2c6775364cc0178e4c23c39a2e114b7810381951af9ed45f15b6965f8620

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
0760ce8f0c9fa127f05ec45e622f0450

SHA1
d76e0061200ec08a1fd0f99047c40fdf5f234e26

SHA256
81ca2ae6453006be39bb5f26d3197a9d9241d12f615f2360dd0822d0482bbe42

SHA512
3280685722036a6c3119e1e4abe4ba1f7bfab9daf419c04b7b8b467a5d424857f2096aa6678bd0630bb122a1fb6d23d685c3921fb5653887706311b6f5e60b4b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
4c047cba2701b0c30f5544837ed2fd6e

SHA1
fdee1a11656150b3dae48bf368ad24e24b044ed1

SHA256
af11b37d7e3d515d7f1ae82f9d6bf827aa13c5e35e28a4115c536caa82dbddc9

SHA512
003b90f4934596454130487c9efc3aa2e6f3629ff3d2d0c3f55c98e81216f6bf2ba51261d8093b8e4d717ba0f44207400272dce5f850d446a14ca3ccca281288

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
b806d4e4395ab944bb2d3dc2826b2a8f

SHA1
ad0b4166ec0e7b9c74f0c11cb1baf6663766e38b

SHA256
7e960f122b45ab14114416bf921f0ca726e89c33b9b8c868f0d7bfe30b489783

SHA512
ff3eb1680d354bbd129447bd357921a3dffe0e5c12c02764bba0c2094ed48e46946de753a05cad55cf95974b13f6e5135f272895941d582bfbe241dba9ce66cc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
8e1ce537e2ec30cc502c5a819f42120f

SHA1
c07f1efee49553be48459e0f50eb93bcfa9fbc2b

SHA256
55658a650c9e5b832583439668a204c9cf11fb22d15ad508ce5cbb60a9c67f84

SHA512
bc4a14f5bea5eafe40dc1409d2a8191dfbee5a6cdc920b20d8e51c539a02c118cf369284659acf9b4b34875a859bea298259d3f2146162f8b6e59d3bdf617dce

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
b3bb6daa4aa443741753d5145c9d0b4a

SHA1
d5fcdaaaa895ceaa62af79d8feb70811e6683e69

SHA256
554db7b019f8127c69ae653424f580e72aa8c8bc2879aa3eb0a25816a6841b73

SHA512
a34a256664a72fad0914f266546a6536063ef1271431f12cae583b999a9f0c74be8b231849eb2d853afe2f3c3ca90ffc68d05eb2e5dc7413b48588a37dfbf99b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
83bcb6380ab62f70585a07dc39d206e3

SHA1
6eccbc29e7f3e2ea63897b463289a121e46528c8

SHA256
b2e3caa03bd4e357cc3a80491f7b24acef77e4c743a15e842fa530d49001e62b

SHA512
112c525c5f0047b4eaa352676831d9fe2967fb71c6b9c53710929dd9befcc0476d27990a5647062d564bff910bc9fdba86d1fa9ef4891593582799df5b92a388

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
1f26bc2078467fd3c56cf44dea362e39

SHA1
d4e08c335c2e7c35cc94d87322cfda28e39f2d6e

SHA256
bd48496e5e598c4e0c514d28f6b4bade050f9f7bbceac81d0c30292f0cd61484

SHA512
a13dca684926b19a7fef8ba2ea4f7a7019797f40d15557c861f03a73b9f19cdc525a35c654fdbfb563cbed2fe82119f58adc9be15b6df2da47ac9cb583aa8c08

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
f84f8f4f24770c7444cca7f9296f0dd7

SHA1
5d2f6df5ef24fb0591595d841a7fa0d7121f3eab

SHA256
ee9674660bc52140e91815b2462c6a19939228f4c145eb688fbb1311498f8b85

SHA512
55ba75a2c7f913c481f8a47a478b8dcab7793a6247fd8e815faacb337a2c0e7f86c887f84964909725579da65f0ee93b5f2b47bfbc63a54b1be0ff554b1ed8a2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif.EnCiPhErEd

Filesize
848B

MD5
75b29104943f4c96f195e720580e5dc9

SHA1
bcda5fc2b92ad75e4777395620b028718bef52e7

SHA256
d9d739c91df36e00e8d1f90e9c33b5c8ea4473acdf7d130483640372605fcf99

SHA512
56f3b983ab65b61f68219136b6519a069f27375f10d821ead913e7d274ee6d907f8651bc269dda5a587f608557abf71c07d99651e4e00dc8df5aede3e67454d5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
88d0fab8a27c1e1ac88659d91fa136bf

SHA1
a5b141b8157f8737ea115d87b0af0cf6d3ca157d

SHA256
207c91b0c607c0553629972cd5af88ef00366d05d76f6d15763bfa11f369033e

SHA512
b4e201033213d03897e5a29eb91f09d9312ab20950761aa7446931e999d808b482ea98b488d47d4bed847f7c043e292cabdce77c88bb2f815843b2e5ef7bb868

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
97d0cd716dc8081cb8d10c09e774f62c

SHA1
a207072ba6b7d3f69c3fa4eef9d0d9d1ef433de6

SHA256
9dc06a9ad33d20267c0985bb9114328d6fbfb58bb579a9c34f27daa2510546f8

SHA512
0ee84d67bc73ffc039492b9c446035e779947fcc96aba305884e0457a090712f0d660cb198713edb6517e33374a4c0cbe63cf83d06930ae2f08daa710241e131

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
f17a059d4e3901fb6e3c3fdc50c08bd9

SHA1
a13b58938a6f19fbcb417809b4a788aad1e1fe18

SHA256
d3d594c7841dcead0878a372111b154074767758fc22aeb4ade85d7093de6c61

SHA512
3d41620e3acedfde789f455e1928e172fc3897ae3f4b4f3bd116f8ce3d8f31b527d75b265c52eaaf7c473436ac81ec9006f14766a2c8fe56a4336bdddd5c9b6f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
ba4496a7c43fb1da69f251f45525e9ec

SHA1
1d02875f9a547abd79646d4c406f0a8b8808c049

SHA256
190cd8ff6d4bf455d11024b89716f3272186b925d08a2bcf81690749316c3aba

SHA512
11797fc1908d59d4dd2fc239a2f1d5ee9de4e55b5078094718b390f83573a3142af4833308dcc78c1fa03212e9698cbff1fde403f4e36a860d0f601d44074ab3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
7f8e3bf2295c5b914de8fc88e740dfed

SHA1
b258103483184cbf192d1bb773a6670e65094a81

SHA256
b4a63987ee9f5ea095d71111e26bf735853becaa506a22113c9151b9d2c0f994

SHA512
b21c0563adef08ea09e8e8d92ed93d0529509b9b557e4bb8e6b3e27b7392e6b7479bb169b3141db85d362a7bd41393335054275dab534b8d7ddc40ea1f5da5d2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
f0e4cfc45666b1c04cadace66d83a815

SHA1
385c0282c66c83365dabd283e31406fa42893ece

SHA256
6c4a250cc894199df541426d05e3f66e5a2d9cace2a14206cdb39b43946c4f01

SHA512
50f532107cd21d8b31347f88450838e0dc12d444a849f05c90383daea6802b521cf27c5c1055ddc5eb2f2c3a7f409b69bc4223e2a393b8a334ab3cc84e5c9642

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
ce4b558aab2216db92941ad9aa7ed891

SHA1
f1e6ed0421cc34ed91e2268a80662408ef43bcf1

SHA256
e510d4b3ada13eb4b2b8e797ab2effb217f5d3dcbe5dac18f78c27271b83b7d4

SHA512
f6cb979d4cc364de1a1ad2f8ece47dbbe6c781937819bf5616f1933144d763ea7b325347c6361df0a5409545671fd0dd8b6581cbc3dc2a3492503df0d61e539b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml

Filesize
247KB

MD5
10ddf4354182caac4575c88044fa8f9d

SHA1
35a0a31d76eebbb5e395c8f83091a07368aceb45

SHA256
730701fbb13e9daa470708944da9a535f3684a0711db0dc47bf5d21cb5437677

SHA512
24a8516447129603e1dae0fb63b35d5204c2703d5cbd0a1f0254e544e74b06d315677479407f053a4818badbeee0a22652babdc4a6f2b5d6dc7c6ac500a9a80a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.XML

Filesize
806B

MD5
2f0ea666c7a622ce8e19485290e3eaed

SHA1
86ef66c2be8dd1026d6c2d17954784b9522f5027

SHA256
2fe7e5e6a224183d9fbdf9cb5a97b4e71698f0c49ed996d1e98d03029926d89c

SHA512
ac9af36ea9cb38756f2eaf4ca63001fa5d2af3288a1941b1113f53b5880fa6c6f9fa6450c7b00b25c92391683fd4ea0bcbb495b9d4586c7a7db01f6c3acffa3f

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
c72cb6fe289da04d5722873c1a554dad

SHA1
ff9652709fa89280ab1915eaaddb310604f91253

SHA256
f8d67472a4db3ecd864a830c37b498ff0702cdc3abf94f2be384ae18a668943f

SHA512
ae03de8b71b9c9df77e04d0b44194d57b5ebc0cb45f30a22a8c0dfdf53ab10642b1fb811df3acbe5ba1bc0133eb3301026e16fa1b46525455406ac4811553088

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
6cff67f57b0b0148c17c8de5ec808f80

SHA1
5ff3c756a078e6a513a8cdf8f1d3c8f4f4fe1e89

SHA256
682e67862a97754e2b9bb873da2d6524dc0299852e7151e605dac96bc530b80a

SHA512
03981741aaf6b11e9d964d0471c45a1c620c2cbe97565f9f7ae61f23f866808afd9b9b216f6e63c5852948972357683299736213a24d12c0c75e2b2f569fd110

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
ed918ab6c67a7bcb1114789c344e6544

SHA1
986e60e7ef3cfebbf6e1d12d5d111c15191d6144

SHA256
9c9548f9d43ad928af796db6a1cf8492dd5948b8be631ae6f5ff06cb2d5b1774

SHA512
65e9dd02815af60426418506e6d176b87955378f618aa99b9637cb1fc6450b0ed2effca4bc041c1137e63a66808136ec47cccca43790a3e8725181d38a5c879e

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
1e5fd383709a895d55ae053e2f66340b

SHA1
930942987efebf71970d1a8d159dac97907e4b82

SHA256
5aea7a4720a7fd38a0928b74157a2cf5803c891a947cb8ee298945f49d8f27b3

SHA512
ebe2ec76a733108f7fcd9dd6a0b545799f8e07829c3de2cb5beb03ccd2cada2671129a68b6d213b0fb1f7d3a7e1b42823c8288373d2b12357d32cd5eed70f46a

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
6c829c7e9073fa523ef623efa016b15c

SHA1
5c4d457420069211e1b9c1ff49bd85fbd20c0bd9

SHA256
9eb2c485bbf34babca3911d7e87319fcbcb999accf3a4913ab027265e4528365

SHA512
0a59f1f8313391adf2b509086496f20429c693632cc73dffb663f1a253fc354368fbdb1f37073569513825371172d1004f44e6a7aad2f7fb0b20a27c63940f55

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
9d145d918a67bc04ebf8d6e5ec84d7a4

SHA1
a344e439b849d49eab14ff0f5a09e05a92eb3dc7

SHA256
33f95c395e6818ddb032d5a76a346f30e38e186b3c1a5684caeb9b9414ea80e8

SHA512
5bc163aa46a4caaa828320eb34ec70b855eb3f3e87d26818824746792218965d05bac3fb93453f9c30206afb6d72ba8d12e99c7003824a341d78e3f1fc2bbb56

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
f7494f79d71b53184e932823bcca12e1

SHA1
c6081b2068bdbcc05159f8fc1aa2515080f59ce7

SHA256
45501f7141ae57308f4ed72e1636515377b3b24818772498c597a63a0bfc2150

SHA512
54846d95a99586a6ba53b03f24981b1fa8f0f6f4a4c17c6fd54f43793b4225e081d3bd6f9c063cd9b18fee4c144c6bd947f50eede41bee4f2ea2e48a4160418d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Data\GroupedProviders.xml

Filesize
317B

MD5
3c6e968e666a830be2783a9aad6871e9

SHA1
c5f8e75ca22673a2111575711f116639d9d6f06f

SHA256
5e12c8b87eb99ceedd4fdad4bf2904aab04749447fa91de15869e35d2378e88c

SHA512
44da1eb78d92b8cdd2f9ff700ba79bbe195f7b3d360f09d01d1be8803689d91d4bf5042a117d2c09a7b3f4113d3cc086e31e98e9d67e1816d6801d357c591ced

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
5aaebe42d26b260bdedf079c3b2f7e91

SHA1
82864d7384552f5635ee436eecb29de10d933316

SHA256
01494e11c24bf3e0cde8b311b803ccc202406ad517329d47c20450717de9598e

SHA512
6f981d6c2ad931342ffcf2072060a96a0a31e393175792a563856df7738a2a0b071d2909349b51ee4adfd4819e1e24522ac3fb2beba6709d58eafc985dc13529

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
7ce1e7c8fe411cce17e766591fae0e6c

SHA1
e952c864aaba9af7b96dd322d565fb904f43df2b

SHA256
696fb60b8ceac6b6af27e0f3997ac718f61b5384eeda9ece2c798dc375e0daeb

SHA512
97e56adc61dfe64bd13ef0fe635d5cbb549b1f30d3c38a43804ce6f6f9288e9b3c12a58a7e29d733230a32ef6527f1f3dd3af16be965a834c515f4424a685ba1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
67df55ebf0c9aa7e11f79655f16eb15b

SHA1
a657e292b7aab306ad88643c92e8642f1305206d

SHA256
7df1c92005cd3a2eadc868803701a92c84410cfd29fb00b320f4f9be4f2d5197

SHA512
64a75674830c062ad1d62b5eb141c61df9a94a31ab3526d0becf6afa29ef2ef4a18c4530a292807674a132410e570b1798e0313f83654953a393deadc6fb888a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
0223e6993533bc9edbc2f647f8aaa800

SHA1
d75bec26bd75760c45b1effac009bc6e83a95f48

SHA256
d79a865330c22067184632e5a5f33fc2fe95980a7a6246ff7075ee4d5d6edfbf

SHA512
c9322cc11de9a19686ef91b9b95dab05c383aff07aa0303226785c4b7fe02d46319b774617d0ec7c4321fcdc19fa69bf02fb9c0f1e3047528e3a646cfb019b3d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
217d3ee288ad884cd112dfb87f98a42f

SHA1
e4b7d902ac418b846b3587b736081dae91056656

SHA256
9e302a87a0bcaffaa64b362f71387ebc2a99ce5378987c9a922f824f6eb29c8e

SHA512
fa982ec66fdf19a92aea9a1e458430241ac006ab2a520e5cce5c3da34467945fe56f2f0813e862b9a9fa5eea587e414d8a33cbf0d1085c8d739f3aea54b3f1e0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
cb72eba16284d59a0d351321e7c16a3c

SHA1
f83a65500edc3a98ac180adc8df4cfc6ae8af1f9

SHA256
bc907d3042f6c95c503a154ba01beaa9a4f5fdb17d14115a6e02ca609400d585

SHA512
1243de51e53ce0ce9ce999a6d0fe6a9fd3430180ea6860a96f7a225e70068742677c4d1018300176325b19df0acf9493813cd119c02774456b368c1d68fbe861

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
0aa3dffaf9ee74a2fb1ddfa3f9aa0b51

SHA1
8f66f55abe962ed63a561ebb96aee5d67d8d788e

SHA256
253b90b70c4d006d88e3b4501f27a0d39149df8cd19101c7564dc73d84f25acf

SHA512
279965b7614256f1b5e23ab593b541ec15886f9d559eac28579d510dad81e3d199a26f53db27eab15ee494b1f0e7070734ed13e365c61d0396a9be21e01a8b7a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
07190bd8aedfe203dc137c95a1703458

SHA1
800a42e882e58169d72d60f10da2e3ad20a524e5

SHA256
7aa35593707528a09a47cb2168408370704ae608a64168e7379f99046e5314f2

SHA512
f0f9602aa43fca8aa0e8f427d9d68abc1dd72b377113cb6d46f53a191919fb73bbea52add9f716b44dac9866862a6ad72f38316970b21ec8218a6fcd732bda90

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
3b2587aa6c24f5c5adc1058833d8db5c

SHA1
0011fcb7b14be3b54b4a292f7d3a00937c287bf6

SHA256
1e4af6e8df2e291daee74757e6ffa38c1942d29672d09cc66530249f22afbcda

SHA512
20c6088e3f3ab81a619c6701c6531b884fbcafcb0140385f41dd1cfb12084b6a61933b4c1c1c7ad7a2635d7d2be7eb46ae13010311dea598b1c31d8066a1756e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
999e94040bd0454624b382448ebd69ab

SHA1
23b66f62ab181af6685ce70e7ce97d77931c7940

SHA256
2b18fcf0c1cf318e77b7064ed406d2f914375b091dbb1ddd1dd427fe43f0ad64

SHA512
934c949fa5dba143bce44540819ab1b2f2ef0e1cafc8a0fa760bec4965fded01915753bc3432b5add022bd5d8c4d672a3b2022c46e8120f2af1225a35241ba18

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
d02b7220ce90d7c8e3ae38ae149598a4

SHA1
df318bf256425ce3bda38b10def747d53191efca

SHA256
6cb21335331e38eec2b27103ac334247dfec496ef6558453ba3e0369aafa8781

SHA512
7f6240b48497867909c118770621739c30ebc4f0d55b644c42e4d92816516ca0821abaa727adb5b183fda05bbc3ed71201f049970016ffb1763083f072a85e4c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
011444448ac5a2c0cf622ef2e55e485a

SHA1
b6647d6af86ceaee6d9950af81c179c15c9c0c10

SHA256
7c49b0c14b307440ca90cf6d9702de7afaed043c8330a7962bc59c77fb30305a

SHA512
f751ff3271ddfc1ab638cfb264299ed3bcb5f71744cae1c86a3bd71256ce0ec6678c5d6cdd7520cc3d5dff6b8a266e084e997362fbe22a06e852eb9234d31832

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
28a37c92e0e08c5ed6394ad087d4d2e6

SHA1
7349435d2d3226ce314d1f040a35af1024792ca3

SHA256
962f351967d9d86470e02f69f792b6849c248796055508b58104abcccbeba78a

SHA512
c91cc3eddfb1c20a9350947205b20f561c13dab6b013a43187efefd1d80038ebeed5f5bef1235a0a40444e1b11f9b9069b817aac4b7660e2575bdd263fe71ef5

Download Submit
C:\Windows\inf\PERFLIB\0409\perfc.dat

Filesize
30KB

MD5
5dd43089cb1f9795828f69b4e3f02ff6

SHA1
8970414b29ef138aff7648463a8af6f40f4437bf

SHA256
6ef0e39253a0a8d5a96f6f369ef60250beb4764d34a669ed38c0e7bdcceb0e91

SHA512
cd73be91f95915e7a517becf3952ad83f304b11d514ad41ec898e49aad2c5fca215ffb9e70c657af2d014f2e534cc648ea903367e731befb8372dd5af1197359

Download Submit
C:\Windows\inf\PERFLIB\0409\perfh.dat

Filesize
284KB

MD5
cf7b7f1eebbc18cc425dd7ec0e4af9c5

SHA1
d0a37a451b140000c4c794618d0ad44e95a92602

SHA256
d6b73056655238632cd2d7c5984c7e6e8f7f8af67f3598d094c9d0343413056f

SHA512
8592a82b97be8ce58df87727ec7410ffd5a174ebbee7bba774e786acdedcec8e533777222142271ffabf635bbfa1fad6ca8c93196228481e5d442081e6237b53

Download Submit
memory/1792-12-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/1792-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/1792-10-0x0000000000250000-0x0000000000263000-memory.dmp

Filesize
76KB

Download
memory/1900-5-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1900-7-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1900-13-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1900-16-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1900-4-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1900-7304-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1900-7303-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1900-6452-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1900-17-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1900-18-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1900-15-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1900-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1900-11180-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1900-11181-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1900-11182-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1900-11184-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download