xorist | 9ff94eabf0e668e21f1a4640859caf3fc0dced31f266d4292e55ac9923fff8e5

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-11-2024 13:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
Size

7KB
MD5

8bc4598159d8684738de50dcb3d6628f
SHA1

2f862cab6eb034ce702a4e44509ad27a319917af
SHA256

9ff94eabf0e668e21f1a4640859caf3fc0dced31f266d4292e55ac9923fff8e5
SHA512

fdcc981fe2c7410c91bb380f564dab456c845eb5a1a1efcc7839bc72f8b25111204893c2907074dca937a1b8e55bc9493708e155ff9f3f347676ce0812b156e5
SSDEEP

96:F9Zhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExr26QhgwCERjhx7+MUA:rzdrr1FG1WDCgmjPZrZI1Rdx7+MUA

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 4 IoCs

resource	yara_rule
behavioral1/memory/1600-7488-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1600-9179-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1600-9180-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1600-9181-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2214) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cOZ9sj1I8T0Jy43.exe"	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_command_precedence.help.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_regular_expressions.help.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdm5674a.inf_amd64_neutral_46f893a4f998bb46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_execution_policies.help.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Automatic_Variables.help.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0021\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_pssessions.help.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_methods.help.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Foreach.help.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky309.inf_amd64_ja-jp_afbb421e3dc1cb6b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\af9035bda.inf_amd64_neutral_aa11aa34552d1d4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcpq2.inf_amd64_neutral_e9784021af1f5e24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00z.inf_amd64_neutral_aea50acf04a2db1d\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudio.inf_amd64_neutral_ce7bc199c85ae0a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sisraid2.inf_amd64_neutral_845e008c32615283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmboca.inf_amd64_neutral_cc532ed7b3b5b5a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_hash_tables.help.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_environment_variables.help.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Automatic_Variables.help.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions.help.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\adpahci.inf_amd64_neutral_b082e95ec9f8c3f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx007.inf_amd64_neutral_0b796ee4978458e2\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sbp2.inf_amd64_neutral_332943647e950ada\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_neutral_269d7150439b3372\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Documents.gif	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_prompts.help.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph3xibc8.inf_amd64_neutral_c93e7023ef90e637\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\PostMigRes\data\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0014\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Quoting_Rules.help.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky303.inf_amd64_ja-jp_b054bb0d59e0a3ad\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Recovery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0007\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtkr.inf_amd64_neutral_8e3809aa77440c37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiaep002.inf_amd64_neutral_0a982dec66379cb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_History.help.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcrtix.inf_amd64_neutral_e91a5dc0655e200a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnin004.inf_amd64_neutral_c8902ae660ab1360\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Quoting_Rules.help.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_pssessions.help.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidir.inf_amd64_neutral_5b48c4b1b49ca54a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wdmvsc.inf_amd64_neutral_a2cf745000e2ea92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_do.help.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_hash_tables.help.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_wildcards.help.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnod002.inf_amd64_neutral_a10c656b6c7c053c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmelsa.inf_amd64_neutral_374f9d31af832d6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Path_Syntax.help.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Automatic_Variables.help.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\XPSViewer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\zh-CN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1600-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1600-7488-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1600-9179-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1600-9180-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1600-9181-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\QUAD\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0390072.JPG	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR31F.GIF	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\AddToViewArrow.jpg	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_center.gif	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_On.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Roses.htm	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsBrowserUpgrade.html	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\slideShow.html	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Esl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\18.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_few-showers.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR51F.GIF	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Slate\TAB_OFF.GIF	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_up.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_foggy.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_pressed.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR15F.GIF	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Garden.htm	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\PREVIEW.GIF	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099196.GIF	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21348_.GIF	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\HEADER.GIF	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_h.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0148798.JPG	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_left.gif	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR6F.GIF	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\COUGH.WAV	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full_partly-cloudy.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\gui\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\TEXTAREA.JPG	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Stationery\1033\SEAMARBL.JPG	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02748G.GIF	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\search_background.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\greenStateIcon.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_mdmmod.inf_31bf3856ad364e35_6.1.7600.16385_none_62c8fb15ff663b2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-devicecenter_31bf3856ad364e35_6.1.7601.17514_none_068abb3d15ae0afc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..gine-isam.resources_31bf3856ad364e35_6.1.7600.16385_it-it_547948cc5907e6a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\diner_h.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-whhelper.resources_31bf3856ad364e35_6.1.7600.16385_es-es_41e3badae70f0646\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rasman_31bf3856ad364e35_6.1.7600.16385_none_c89b3bc369a58c7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wiaca00f.inf_31bf3856ad364e35_6.1.7600.16385_none_9c640a1de4358225\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_es-es_be8a1256afbafd72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2d42a6783ff36048\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7601.17514_none_df1a73e82fa00c16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..ion-agent.resources_31bf3856ad364e35_6.1.7600.16385_es-es_50d089f009bb7acf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..installer.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4fca51c9a68789a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-dxptasks-sync_31bf3856ad364e35_6.1.7601.17514_none_f724adbdf8a0ef62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..ionrecord.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6edc3ec0dbbbb57d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_en-us_be19f9194580ad14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnep004.inf_31bf3856ad364e35_6.1.7600.16385_none_948c2353452e6ef7\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-grpconv.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1c02b3576c067cc5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\91ea8f85079a8ae11c420ffe5c8e5988\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.7600.16385_it-it_40e6751eafa3530d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0\9.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..lus-setup.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_255c431f3f42b4c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..r_service.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_b35e5a8cb554f3c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..ion-netsh.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26755b3cf4f83e8e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..tx-xinput.resources_31bf3856ad364e35_6.1.7600.16385_es-es_01eee11bdf6f7755\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..rpautoreg.resources_31bf3856ad364e35_6.1.7600.16385_es-es_da4c7c5db0e22add\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-credui.resources_31bf3856ad364e35_6.1.7601.17514_it-it_f0ccf87fcaaecc5b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_hidbth.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7fc032479e10a006\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..bitsadmin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2ac9e265910c0883\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..inkwatson.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f700082f5310c7e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..iamanager.resources_31bf3856ad364e35_6.1.7600.16385_es-es_241e16390a5bc616\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-0000040f_31bf3856ad364e35_6.1.7600.16385_none_650cbccaa32d721f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-cipher.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9fe9387d530f64e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dire573b08f5#\817a5a762b535246cff001d4d7859bcc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..anagement.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d84e6279f543e58d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-icm-base.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ea6a78ffcc855276\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_fbf7e0678b64a4b8\Windows Notify.wav	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_cf3a10abc52740f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3a5e8b03c443738c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\MiguiControls.Resources\1.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\2bd538d545e15452202ef3b41080e2ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-scripto.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f8c89253639bae86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-upnpssdp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_fbcc401638db702f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7601.17514_es-es_03f8897452fc230c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_he-il_f7a58af1e8c52611\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..rformance-perftrack_31bf3856ad364e35_6.1.7600.16385_none_b7c8281d64919b46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-csrss.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c330c5e7c54c9331\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..essionale.resources_31bf3856ad364e35_6.1.7601.17514_it-it_55c61b7163f1d9d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-syncui_31bf3856ad364e35_6.1.7601.17514_none_a657c784e86af800\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dns-client.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_bb763253eb8e2ed8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wiaca00d.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6e23770f811f3c23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..tiator_ui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7c4a55fd0bd43d5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-sniptoo.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f63004abd23dc66c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Net\964a515210f3bad01949e9ae4f83c7b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_6.1.7601.17514_none_2d1a84c49beb2055\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..river-rll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5ad10fe903ded84f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.transactions.bridge_b03f5f7f11d50a3a_6.1.7600.16385_none_9c6a9048b9e86bf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_mscorlib.resources_b77a5c561934e089_6.1.7600.16385_fr-fr_9429984e93583b1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-autofmt.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_86b5d2053b7f90bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-editions-client_31bf3856ad364e35_6.1.7600.16385_none_bc037fbe81d7b074\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ORLHEBYHIPTLWZM"	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ORLHEBYHIPTLWZM	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ORLHEBYHIPTLWZM\DefaultIcon	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ORLHEBYHIPTLWZM\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cOZ9sj1I8T0Jy43.exe,0"	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ORLHEBYHIPTLWZM\shell	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ORLHEBYHIPTLWZM\ = "CRYPTED!"	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ORLHEBYHIPTLWZM\shell\open\command	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ORLHEBYHIPTLWZM\shell\open	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ORLHEBYHIPTLWZM\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cOZ9sj1I8T0Jy43.exe"	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
292B

MD5
c5927282e3e38f6c4347957efaa85eda

SHA1
a02de0c0c4144ac608c8ff25c3a881dddd35fd48

SHA256
41a696cea8b9c948ef833eb32e352ae37911876dbf8e14808f8012edf1b3b7fe

SHA512
90d9cc9a07e412b3e94bad257c1e82286c9e57d49398a4b830ddf7ea98faf079056d8c201e7318f948b7412c02cf52a182b461ea4446ec07654381eea17b5e6c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
afc7c76d9a90cb130f0d788823e4eacf

SHA1
c5fb28d5267c23c7d500a6a1a89ed22a35d4e51d

SHA256
0bda9d8b84e427f47f2726d6dd3f31647e3fdc276a30351eedc91bea7bc35c10

SHA512
b2521c1578891e105b2c7846351e6934dab4c3ebaa22b1a1f9a2a5c4039a950c66b7bcb7cf45d48212cd47ed03f16a8ae0078177601ab8e2bd2d8a4298831e3e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
82d561090f00978c2192696df0d0a032

SHA1
268499f75fb177ce87f4109c2fa6d860e16c8b66

SHA256
617e81ce8460aadd54ecc683032342240d0e72c1d9d3725b575d863a3eba2a4d

SHA512
bc85466b2e4e45e66c68198436df640f3cfb729a84608ba79e27da28d9dc064757284544d0561e1fe66aee7a0ab50851ac4b3c7eb2b5edafa0a22a2876f6e300

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
0be4769da521cce6e001fb9612cd854b

SHA1
15c54f884cd81d90c9090d105bc07f78a524c15a

SHA256
e9ee4d15dd1aef4592d86d6a6280a34ede5055e2c99805970f47b37046152bb3

SHA512
10e4fd11eba0e9bd4a18f1a0925428bc6cdfa2ae9f9234fee6784ad51d0faa9baec8065e2bb291048fe6807ac24feb571f981ed13389633ba93f21ca984d2162

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
1d9ab8b5f6254bf1109a07fe2653e0c0

SHA1
ebd87fa55b132850637f6a110366ceb398392609

SHA256
b90f6b6b1ba579430b1a1c7f35f1f08ba50cd98ea2a67a1d9e8e20ded5748313

SHA512
f86707550c167de08058419590b3d93eccf6017ffb1f28ab4dea34feee558103934f72eca8ed91278cf73dd3820570186f8a816bb3380b8ebcbcdd7e5f323f11

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
d31ae78dd935ecd1a6ebd68e2d06705f

SHA1
c4d134789f71eb5ae61fe5b7de0d18381b8006f5

SHA256
42079fbaf8223dd6fe8646feab106d810d697fb302dedfc010fd180a268d796c

SHA512
e0aa1b9c4286a4b466a133e7f06e4442eb2909fe114141a9171321d06dbeba2a520da3ba4c400d5137bf65c94fddd9d964e2b055f284d6f3f89c5e04af407035

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
2ed174b98b3210b259867d1366350692

SHA1
55d4e15db73c80b194285878f71d56f58b5d7187

SHA256
e9df1d01fb01ca82757553f4a015c470376014b4e41d2ab6e1dd043ebade81db

SHA512
a1b791357167a2f6673af3c9df6c9b10b9c766345f8fa1fc68f91726f9d10b69b4db20dbe7887d263261ebd0f0c49ec6aec7fca4dd6a49823f32f1529798e84d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
f75a5e437ad9b3710e87cd5b8a5f07f1

SHA1
1feef9ef4ee8965e42e253486f4622b262a1006c

SHA256
f8a7dcdee7081711ab85de9fe3b26e3a6bb2ef8a96ce2e094c69ab440ccf998f

SHA512
8134473c8c245aa06884eb97d9d3bff6018f356802c7a40dc14f329143a812c4d2c84d5d19797285070c16daa1e08973f708a0affa383768125d5d998e8272b4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
e74dacfdb12da2672bdec2c7ebcbb440

SHA1
d716773e829d84db4a034bbefa2e94ae54b3ab14

SHA256
903befae1bd3d3d40408cb1ba4f999d09a322072cbfeed73e80d39b7efa5d8c5

SHA512
ffd5bac9528bdd292c310cd61b7157ba12813de7a44c79999d335c9dab3979b9477462bead07909258dab6f141c91d5bd6e5ba83111a534e5cbd70b962e6564f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
ee009117c39592a8b34d8d245e09ec8c

SHA1
07056891a44711adaab48545366bd8f164a879ef

SHA256
3d2b90e17cc4a7ded47835a831e007d53c5fd6fdb68c1ba2900af416a0e60e0f

SHA512
b50ffb7a6a7faa9ee088262a3d357cd95908ea2a33350f037d740c116b2e7fadfc41aa1d73632d0c9cbffb41089ca6faa1e6c1185bdeecbca390eb03a6b8b83e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
9bbbf4cc2941397e2abdb4663162f7fe

SHA1
f8d455e46d39013a1654012f08e6c72177fc4dbb

SHA256
3ac92f1be98bdedb871cee8b57d0bd0d436a61010c55346c97d477e00c25fc8b

SHA512
e6b15cd65b966db21315546e4474aa772df7c7148745323a2e6150073792d1e44958b059da06bb47c0bf6dd08a945310273d6d51b4039aede56275a901ea1c82

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
dd52a8f440d89ca4b89ac4523c800ba7

SHA1
1a3125e651d2d6a86e1e3e8cdec9eeaf86fa04d2

SHA256
1e0e82d1b562a87db8e6f4a4e972eb0575b22828b7361ac511d4964bfbcda3bb

SHA512
024aa311a617aff29017f710201ab0b148932dee67d12c78af2a47673c6152bbb84295262aafed0ecf3fcd623fb01fea41a6b547c3e00453af13951b81cd0452

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
991d60d1fd2f2f0b26c6ffd9df792521

SHA1
918193d4967d3744ec441cf3d8c93bdefd482d03

SHA256
073295589f3905bde9f5f5d7e8ac24119a0cd4cecfd6c16114291b30bb11cc76

SHA512
b8c6cbcea12a6f001df6bd589f8700d6067329f8d1bc8b215b645dbbef2ee9c5e7c23f65eb93a31689cdb8f0432d4415486fa6f8e1f579263c18ff3d1705e46a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
9813abc56fba81bc8b05c66738829107

SHA1
5164fe583a8d52735a307b933b56679abd29311f

SHA256
6baede842d249eb58d364ac8019766b5768e0041d4c71586e6a1d679525412ca

SHA512
4041b6fff1e5184b04536b39bc397398c808851a25b2cd11c12110415ad2629695e5906352ddf8528fb80493496e186f071da7c0d06a6da0e7df91d848ab605e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
367aef24efbd24e83fab233b462d1e57

SHA1
76dda913ca1b53e0fde761196b2fd07f834ae6a9

SHA256
0568df0c3c574d92dbe4b8b240331fdd223e448310d51f7b32cbd385079b8f02

SHA512
8ec02d9518f5dd667ee488afbd5e2d48e675b4f3d965c34054f3c594fb30ceb8ad568b94414b3b255f7cb5fa1890c055a1a3eab3d799e1d85ba21db140fe99ca

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
49ba80cf48ed759c8c6852144a3fd22b

SHA1
73c3bf098bcf176e164079a9e03ddca6e911f365

SHA256
9f1b9f373759e41941783ac377ebed4abe9f875611885bca6ce4e93ff0aa400c

SHA512
624fd916ba556e5e9a5e61c5fa810b2c1b27cfc85063ba9e1c08d4abfc8f9e4a4b83a5511d61d64fa88ac6583c5232044035adbd6d9779324cf300c5dda3f7aa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
7f7fd764e8308719b90745ace6ab8304

SHA1
57267b832a8ca8c662026a98d08c003ed78a7768

SHA256
0226c7f23e3f348321c226c7a395d65523f4ef3d46c9edee62e948502cbc2e7c

SHA512
f12ee206b05d3b6af2619caba29aec455f7d6522f93930a199f683401bff1afb72a29f19c9f5f9f17f10c013bfd1a41e1886c88240ce1f569742e3e3cfd1473c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
56b408145a610effd3504fe3e4e6c290

SHA1
c922a75e7aff2115539fdeb5c55a78ad426c7abc

SHA256
a561a92381f339bf19375031e820f09f2c9c93aa519b0028d97bf6df12eaeb18

SHA512
50e86a385f01d6dd384965154fa8e9a84a837d23f4f6879c1b5387c7738eb7a2481621c62e96e9d2569a74fa927ce543ee1b75f7aab550d6250217ea09b7696e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
e611a84033a06c9a6b0566014322c9e2

SHA1
004c25395b34e27e55f9115692d2697a50575972

SHA256
416580a9fe119a4181bece8a6b50bc7542523a951772226987e8ed6af32279df

SHA512
e5fb43f182ff9784f4fe67049621e308c865d515379c8b921be5076c5f6ba4a858adb9ee308c19adf7f5d50725cfaa45a2e35d714ca87b22594eb48287244eca

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
70073dc73c47b0b024779623df5e3fdf

SHA1
d3b0695510398cf8dfec6c98c1e5949cb7962df7

SHA256
26660a222f62499a99912d0ee548cfeb37ef1aba4ae60b8303a02d56078767d3

SHA512
f1b84c29dcf8c83a11c7a8a2150324c8a990494fa5cb8f0328360a9498a18cbc90f7c5e60718ec813c91ce36fe1c26109189eee179abdd95de06beec4c883625

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
4584be8f4f9eec205b83ff0d47fdacc6

SHA1
8350e6193dcb5c8cebfd59b21d21ab0847a8f93f

SHA256
0769bdc3f99740a3285746002c77460854f6f97f36414a415c27066d0d72827e

SHA512
9006a528270fcfbd718097d215ee715b3a9fa9945a25d81360fdf757fd27777d369f9589155d552c7c29875aa2af5d1194ee73b4bf6c28a0a6559d8c1190b978

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
07bb008e656e19ca9157b400ffa61671

SHA1
5e4528773aa70877fdcb1dda5a48f472069fec01

SHA256
2b85d7c065713cea47f230bc36402e2ece221c6f553f45c5a58727ae78c8dfa9

SHA512
98e86fba041f0f2676cf34acb6cad77899d7c8d9dbb5e4539f708d45524633af8b90175d6c84762feba59a8d2e59e0bbcc808671c5281a03912aab7b72a71884

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
2e595e0feed7b40cefc805f409982e89

SHA1
97cfd6b6c51b468a4e25c3c5af8bf4f55e720a38

SHA256
20888ab574475defb12c1dd98562ef54bc4c78a9f75c65fbe10b0bc22f8d5c34

SHA512
dce0ae5c996f351569522cb87261ecd7d5fb4dda096b09090c72a02d8bf749e511768c94d92fbb2d6ad39e8a0ea66587e05ddd72399dea47444928944e6afe7e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
338f2618a70755320e268711ca9757af

SHA1
664980e9bd89d8ba85934bc05bd208ab1c965961

SHA256
5d07e37a1950675edf17d6c28b3e2f9fdd5a15d94e3fffaf914776e098c6f692

SHA512
f138534377ba7e8cbe01d9181e6e474ab2f6194a31662a5d25200c4744d93a06d102b138c5d2df8a6af639d26f47edf6f89b02c50e579452fd4730bb07d67872

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
9ae030060871c98e7cab163de33adb77

SHA1
4c19388e7a657eacb9a7a15565ac0d9716a51219

SHA256
5c173dbd991a940a258c5253d36cc8a4e571d6047369ff3c46e22abc0a7a21b7

SHA512
a53bf6e809e1e954752d033d74904a1dcb65773e15218f3ce0660febdde798b1ed38a4882c5db8e79d3d02a4f3f2bc9988d1ea9deeee5086ec5c1c4c562589f4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
504a55bef5f49f9a8e9dca0f36242b17

SHA1
20f79885cba79397ccd4069a9a48a0d165287365

SHA256
c3929ac7ef4d31f18b3643e8f05485b6d8c9043b59064c288550c9f23f1f089a

SHA512
024665321398118aba2298f132649d5fdb640a0135e3870761d79e5f79cb23906f288fa71140edb8d305d4d15e5443b30ef749bf051b656c56906eb3a523bce7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
f54e8557eac6c52c6aacb90ecb96d1fa

SHA1
91050444cdeca9d3cbed0ef19bc22f7941053da4

SHA256
bb2d39212260de57ac1f755bb4015753e221dce32baa32d67c1b8d0547f7534f

SHA512
00ad0ccd1c1aa3521c71236d4b43ddf3de292419f5febad3c59c0357152338d21f47518582f5b93dbf325a4f5a9266436cd435f3317d9c2c3c8796780c9c2d6a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
3ca2be71ae5a88150b9fb76262e82310

SHA1
286c8b06d221c0ba7b583424a43a9f7a7cb7bc0d

SHA256
fc10318a8eb66160e40ffed109229d9d2f93b6058ab33f5cf49c480061c7f3d2

SHA512
b5b6749336151b250f554568289e6c1eae1649501a6c57808c48269330d722500b3a2e6e4c017d867818750baae375c7e22331d746f79b17d5cb64b49c7cdd13

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
34914e5275fbc24bc2960e7da5670492

SHA1
e72d48c99c9e5ed5e885d6b9680aee46d17d61ae

SHA256
eb1208e63cc6a05953df3ebcd2c0286c2d36a0464f7f151b861d3278ea9b006d

SHA512
b475642572c1c1284dc9b59674c4f7054f992cac44ef5cd3acd48093eb4d3d6f1aca5713339e70819545a2d9bc63498c1576ef62cdd993cf7ceaa857ebe47b61

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
fa84794b7465b6c64dedd22e69ccd823

SHA1
69fdd53d3617dc68640e6dfb2121dcd5c2f1619d

SHA256
aa3b04771514c3f69cc56329a91f4ff012a76a6f7c04b1df6e80804b71c222c6

SHA512
e4ea9223dd05844a5689b8e79c4b163ee0d4379b19832ffcfe075a1ad2ee1ce75b336282866d0c4c291638d087eeb1f7ae9b8dfb1fbab7ba186583e622e4726b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
43a255df5c3ca2ff5eb557a318efce4d

SHA1
92762162d903c6f1e53f138ffa8fae41519c082c

SHA256
1c8bbf4861f2235d25d83b60a097790c4a5486815e620699e7129e15240ddb79

SHA512
1d37fb9f78478ab13569a8ddbfbb8c13d2de88cfeafc3a0bf8621f029bb53de5202cfb1b5ea07dbf27a6ee65cf9ad59ee6cbfce3722e9af3f74d6e89178dad30

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
64552cc16ced1b57d601abf7e0a2470e

SHA1
669cc62c65d42527edd4794a1d0c2c126f20cd87

SHA256
ba4733642122b47cb1570e5ede012cacd1fe5acaea87c58f7b62a5290269c685

SHA512
bbc9be79bb59986e66d950dc284127bbe7886e142899251bf6686ac7a05c5cde16620aa01310d565611cc0125d416697a038f8931eb34aa3baee09d107984921

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
4b7f3af9c6b9bdf36d14e9d90090e91b

SHA1
49b293a89c8f6a72745b63dc8b95faad13d620c3

SHA256
fcf314d7cbf3fb0829ed512461f4186eb1742f4f16d363c616d0b93ea76df777

SHA512
b28064d0de9d317222b2f0e7e6bd346ee94471440cfebb80af89ddb54a607d33b20874a7e1b4d9d7facb923911d7902afee7345e0ff3b37feef270a695427508

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
a700cf63ce20461bf7fc3d10f01e276b

SHA1
f858e6c6b165048359267f37783841026581d4a3

SHA256
ff52e2806110b95dfa496c5cc2b7da6a57d725dad025b26b9791c2bb7f5ad0fd

SHA512
e12cb88f868287da3aec1bc538db121bd88bb2d08aad6c80dc7eefb821a4b8109cefb28ca11738c01dcca4d564d59ef6f8452ee15c90b27e4e6fbd562f6154ea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
028abef275246d3be07d04d581f1c21f

SHA1
d141979977b71b2148e75fc39e19375ff9e5a1fa

SHA256
dbfe73828be8e25850124b8a3b72333298b9f986c322b5a5cbb1dd3761e72c98

SHA512
36bbb3b0e0bc9704adb545c852f6446392ca01a43fc592cd739cab12de9e09326cd8278b2735a6eac1b79b6342aaa9b65b0901db1803927b57e444133ae03103

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
3c3c9b590a56ad2f726bacbfba47216e

SHA1
ee8fcc47e6464e3b98c12c95616905fc5a3db6c4

SHA256
61bb10964ad53de041ac755faea0277be18cb07401afb15d11bae2b249e69808

SHA512
6998ea8c276e93a19b0704783a20631fe4706c04680a49a12a06f9f35960726ad1073e9e24804e30e951c5cf2fda639a8aa0ca581bbe5945c3166de4073b3356

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
57d6584fb7ba40ac6503b919af1a3390

SHA1
df6eb828f37b60d45cf432acaeffbbbfa0ddec3e

SHA256
f73cf557e5d23da5aa09659ec54b718673de396108a9f550906f3ec5ded45699

SHA512
d88c819785d48f447629fa4b42d036ccafdcaec42f3a7e87283b70cf9799f661921575b2db2bd2d01271410d2dc01369c76b985e5b9b8bc2bed74a7377ccbd04

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
8585963f70d6f8192aa253f80ef56b6d

SHA1
a0f1bd53bf69be232afae56114dbdf5445d362d5

SHA256
447df39f3df48751f93f34feaaaec292662c99fb1839d373f85eed1d5b25771c

SHA512
26407b64265a83628d82bbf615c931cf58e6cd29206fb683870d1b04a5ae3f4eb8c031f1b744adaa9387b447cc3d4c8a7c9abef9ca5771c36371b4a4e28d25ac

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
b8ff3d98d39cf30b895119b690435165

SHA1
2b5ae68ccd4b0ad1b958be109fb3d1d90dbc1829

SHA256
c7fa8367d80e225562e6463013123f24296cc3cf4f19f117fee69f2d1d5e4243

SHA512
1e58304615082f581f07934c65a06741a83273a741dfab4516f72113c79f6762c9c58d8ca81713bf06d5648eedeecbf4be2353d3d9e34bfa8338a54c63e89220

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
dbd73b8625ed9eaaefb740de2474cd64

SHA1
f46fa6c6ceefef0b664a46340ba46034b70c552c

SHA256
726d8590a89b611fa68c7dd41162c1d08b8c16d64fed65ecee87744ef910ceac

SHA512
1581bd9e6941fef4c0abf20efe081fb4138a83a9075a3a9eb3068bbffa8178b544522a6bed41d3ea161b6320f6672b6001410923b7579f86925ff0da046f3902

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
b7012ec15f9fb48e74dbe3fabb7c1b73

SHA1
0665675bfe2aa7ba7ecbb976d291823eed83df58

SHA256
8c2710deaa1e7f894a9f31e417f7f37fa0d8bd011efcec854bf672c5a91ba756

SHA512
01d0e4633eb47ba43b2e90853ed0968381fd3a5937dca8308afad8ee531723e2e7669c2a9af462257c25f5ab0e31c19efb56aed0698f675391add8762bb334b0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
f5c8f0ee7a720e3f8dd4e160b2efb5b6

SHA1
19bb18f9aa6be39454c66b684f82202137a9519d

SHA256
8c154a693e968353aabcec9d71786fbfa0fe4e65c753cdb5b5f927b43d6e9310

SHA512
1ef9887aa6d9062bb29d270244379d3d5a84834a6ad51a6f6975a5a5384c48864a8bf8d6911f7aa11d475d9d21a3f95b9c40a5752b75e4cb20b51acf51b9d323

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
b1e08c4309468ee7776f3e7a76b2dd5d

SHA1
7704dc46b7624cb6e6f07463081bb4928d61fc49

SHA256
b4f23e2ec57af05768d25b54fba99a8dc8b7c5b5c5778d2c158838814436e701

SHA512
decbd7ffe934c90c95dc3ddfe48e8422adea6af1e2ce56ab84e9b01633d22f79d538994404c503e8188a6118c36025dd198c468b89be9f39137b53720704d29c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
801cb03a812b7e8cff302fce1f9e8faf

SHA1
42bacb3a683313a2ebddbd3b0690d98a69d8c6c3

SHA256
4ad088b4f115655000314212d06bd2b3dd01c87ff1f26bcfe32a95e54354ab13

SHA512
68a4d1de355f0db4fcee28f62c57ecb8af2476f69f5014bfd6130dd812502f4848a2016cb3a81be4df2f01618d2dbd2d34c512487f6e4bd324aa297c2ff8ce86

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
1b7570325996e35b9d443d67cb2d48c4

SHA1
2c86426878d174d6ab5b102b78aae72707451547

SHA256
2fa1c31534a590d5474fb6e731333b9b0b733a8e771025537b052d67262e85cf

SHA512
24d8dc6497ef160705443f781f99578012d2a9eaa6b6fffd2175327c0e89a22102f950966ebba2f486ef7f50872d6b095b2acdc793f17475c7966b704ddc2d0b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
410b1a0e1e573837b0c26bdf90073a00

SHA1
98a86c183b7f7def9b7b43402a794dbed0b40002

SHA256
ae4ead1117af9aff6025b54b421958c8bda6eb68f2d123143472209cbbf52be5

SHA512
b7e06453ad3b70fc1ea35c7323a35b575012a8cf835639af1c523339a7548e10122a5411bbdc07178557d4815f1a10aab846989612839a746ab0b34e71e170e5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
e266ebae63818fcbdccf32cc9c107907

SHA1
0fe0bf09c54624cbb38436073e7d2711252b786d

SHA256
bc2c8bcf293f6f638b360000281bdf7e848c4727620e6293455e2259e351446a

SHA512
0b21020916d0f4772f980de7e118e3f53d0f1691fa45713e13051616b8026854e934f522173b56d179be92e65fb8103e71400c3849571375822204264f8231fc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
bef036aa6ea6a8fcdfb03a8004f54806

SHA1
ffafc5e3e5b54668fa690ec4862df3b7b0de2c54

SHA256
3213276508fbdeaeb1d9db535898cfb8c52eb852db9f9d1cc7c04775a96f587b

SHA512
bcf9076ca7514993bb7ad1b5ac58d10e235d5e4494766ee492ab8a0876951a149cd42e73be04acb6975e530f842083c652646844fc2ef8b14c9f7eea9e43eac4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
0fe2c6222cbf8e5686852749d86fa9b7

SHA1
ecd7b949580c415e623b535fa142776d1b16f71a

SHA256
cc74bfb4839a4cf1ab2e0431774661f988baa19b3200fd320b4cca1978787007

SHA512
3f53521393165e406355206a1d333bae8ebf729be173031fc9c7388be045976b04d5d3c48ddccd8e207599c73a9b7e949b8a4f974a74ef38779223c611fed93b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
569fdf970b378ba4de260ccfe6153b09

SHA1
a3768abaabb7b0bbb493e1035200054da66de792

SHA256
82d34bb4be7c3c686c724549a844191bdcf5d71f598c4ea5c0a588f7c5033c8f

SHA512
bb18fee233163d3f67097d80127af3bc3b2352c2c845f9b577796c0290029871abfd13c12ea323ae6ad0b1184b737fd63a226dd28ec57889245d91136ffcf7f2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
9b3fd04f5d6d1aafa504dd7c45857f82

SHA1
effd6a6738a70f09c9b0e938f31dd9945ba2deb2

SHA256
07eff1344fec71a15190e3f979005f0bfecb4b5fb7d87feef600b941c27294f0

SHA512
bd2a77e9177c7196f4017eb3b17ebdc7f5ad9653edd7bb67a7dfe58ac9944ace16b37ac216f4e3d4599429d6f02815d3468895f7a045e1b89dc3ecf6e1bec207

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
308b2355223e5fb4419d8b172ce3ed31

SHA1
99603ab42c9dce0e6c265b5075a7b7918e844219

SHA256
ba8bdcc46ede83b126bc9ee4d5f775506071fc85235be3e3bda9f51b9d7867eb

SHA512
60cc0aedaef759c58a27ca9e70f8e17230ac6500272f0103f8456eafeb147f13ad15b1df724a6cb3ebdaa8e960c9825029375a1e343b0ff7493a8f2b4f8afba1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
15f8bd97ccef792834a86fe1881d6713

SHA1
357328a575aebf75ea2bf0e29639a4e853e3f9d6

SHA256
6bac44be76fc684e9e96bd0623a2f234dfce432bd3282d7f3f56f9269c7323ec

SHA512
d888b9bf4c4e554a3695c4f327f5a06519a3cc3030959af08f19d4b4c5499e834ee0041421358f9a5e893dc4a572207e9e1ef5f70f70e27615ca6d250df8d214

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
a37d419ca4b8b0cb3769cf03ac8edd36

SHA1
20d98ffc7b9bbddd7b77c24dcf35a5485a45d8d9

SHA256
24ab3f6fcdcda948adabe43443f2c32b3bfd6b86fff63df54d08bedc9a4cc48a

SHA512
1fc20b756db9b1c2bae0eb9b38fc8e0f5f2e492d1afddf4fe90c66d0b2dccd12a26df32ea3205ae29243ef65c40cd9789e7fdf2b06f6f4cc10987b69f73d934c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
2a1508c06058977d273224b7ceaecca3

SHA1
39a6d5a35a23fc3af3ba1a10574dd976a15cbef5

SHA256
52accf8402122b1bba2e5ce7af7c6dd2dff4266127112e8543b9d30ac079125b

SHA512
1e336cae65f325f4a39bf86b9c356bab6d2b3f48e0100d219ab32b3bb7aed3799c615c08f2b8f6f82d7bbe3d9b9d80834a78b0bc6c55219f4f6f36f521ac3e52

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
d61b7d1efef1fc3193396c497e715324

SHA1
f192e66ff3cd49fe8f98a38b786f2a7c5a2cc445

SHA256
04f8a8838ff434864a007a4731069343ee4344eb05ab40b4f11f57f4c42d2277

SHA512
5327cabc79e94ef45cb9418074efae80018a0ad4faddbcc3fd6f2a324edb7d1b6b0473f3adc2d3a24b778361d9cfab734d76518e74134a49a0fff0426e458606

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
f7f3fc79368b12e3f6df91a5fc852ada

SHA1
280fdb8042d66ae314c6fae06b9fffc75f1ffb27

SHA256
e3ffd5027fea8f0dd815512bb104ba1d548798757569c176e978bc77e9f56f79

SHA512
284174c090bc0b61c51dac73e11444c5c42a254df1c7cae18a77c53898930b2569d4f857635ada99c1a301b583bd0672892574de77a99f240dc635099d9e4919

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
25458868ae48414125406e559abc232c

SHA1
f44ac46b5b7a1a9f2e91e8d01e5e8edb59645713

SHA256
6804079e65f882e7286924b5ee61902187870249d5f0cf5a0e0d79cfa1c0e6e5

SHA512
a90415f7623c5626df3c0bc6815fccc48fde5cf3c15f194bb929519282cc302241932553e1eb29c50eb582afa76a84d53ced7cae603d735597715f06fab18fa3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
0a524f1b25c499444b2e88cb53544a02

SHA1
2a30fc88137ab400848cb0911094cde5b942a2c0

SHA256
e4bafd433fe43ec931044eaf67babf8ba1210ceb5c725455423125e95fe5edb7

SHA512
b4b4e4addb4bc0432734de152c56c8fc069e94863507be4d45cbe0cc461783bf9723622b6ee76a822c36389d25289e329f57fee187e83302605dc4e76c81af51

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
fc762b94f4d1dbd8adfbb8bc82393c61

SHA1
6e28bbd189efc8f9a57773043be6229ce9988d41

SHA256
1fca296636db71e3af4aa640ca8c42910bdc72ec04052ce88713de533ee60c44

SHA512
e8e21c284aec04b071d4fd8f8987ae31419c28402de81501558f181b0e000896d333bae7487a390c9da50933f0c5f0c8621f4117ded96b9c26887d1a783f6362

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
99d6ab65d9cb37514accd615c840a8f5

SHA1
dfdd67dc8d3d133f21864ceb7cb690fc07ad5104

SHA256
3685f9afb14580e11bd3a5fa6bbf430c4f8d70956abbf6bf76606120662263b9

SHA512
97a77d003f10df6d7f138319f7f4adee1672fc73b78ae1f118dae86e375869663ed81070b1abe67cb7820e80fde59489e28c851ccf649452e71c310a15ceaba5

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
e9d6fd52418de321b96e156f0c9f8961

SHA1
7564a1e7077b8c8b3d0586e11378c3463af59f79

SHA256
bf0c36631ae6b215c85bc42f63f044d6eea80743447835b72462dd1c7acf96c3

SHA512
c6e20825809b1cfe8f77e32edc2e2a8b746a0162f2a11efc80acd815a933867479447527a39da24664ad69e3364c71541924d773def9561e848cb222308f8e1d

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
25dd5f1f1436583c9713cc99f16d49a9

SHA1
2137d76035f697de9e6287a19f39df22d718e4e6

SHA256
20def76be3673575ecca04b2380de53f0d1bfaa71fdfa6e9e968ffc943339971

SHA512
a5575bf26df5b3607a6ab630fed9cb5324589d386a2a8af906d38db3e0aa1514a663db7492b6913aaa0a2ffff5903d8675feabd059ea52114bd1a4cd8766ba98

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
073885ca4de8769522b16423cde4687f

SHA1
43b405705a0e18fe73735d891c08f413fe2475db

SHA256
e13f2db9e83bc375abaa528c40ea593c2bd97f39e038abf5a74027333be0847b

SHA512
20852ad7f1e5f6cce03d3100ee8cc184bc77b9f4f9417718f75cc4f2ef72db522946a5db04d78a65ca09db2c555c05255b51ae77f4703b8e034ecad2be6b7625

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
6d67e7c339d13189961f8c3e5a46254a

SHA1
afddd6fe7515c570c592ee3cba7d32041bad4c2e

SHA256
d14dc3faafc2858e91f7596e46a46c610b3524994eecc147af503cb4fb479d77

SHA512
d3095a716bdc1cf82404c9bcb74b0cfd67432b5e04d61d341a3ff2cc31d8743201e517435e0bf739bac2ca8b3f4d8a0f06f64941450814c7e513624dd618bca0

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
ed76d2284d8ff15a658269637b23c207

SHA1
0989afd0cb4c156021842189582e19120c43423c

SHA256
54b53e6c37f81a4350c2e4d6b96e1c30063ff3fa7563b2766ad79d13eaded65a

SHA512
2d5463558042e3c978c8ee7b223b594950e34de1caeccbfcf12e07a99756f3044a77d37370af905f3f6146b55e4bba06daf0d7f8603b679bfee982dda45c5e20

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif

Filesize
49B

MD5
2fb408fa4e066829075e6dfb2619464f

SHA1
70c0f86d13275c907454c37bac1299f3034d7bd0

SHA256
18d2e0ca13e6b8d7ba690d203b3cd2fce231301b59388de6da59cf697c331450

SHA512
e95a3ba73a2a432e51364dd4dbac30f568ce8b39022c120012ae7fefb94e0a922a39897c8b7861b8cd5ebcb5274ddfaeb1d18ad9c67b7eed8721b28417388a04

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
1f34e081d41fe26b8796d8070edf592c

SHA1
ef9853736c4cb12171b8f078e191a19b6d39e424

SHA256
6858cbccc61a6ee681555fefa99c2f389297e32494c8bb88d7015f0309c6de9d

SHA512
7730af7feea46d37b24d4ce0e6c5befd4e40bce5158b76db301256ce4105588176656bc546f698a75d28dbffb57abfcfa6dbfdeb5116bc612c5e6a490ea2acd7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
fb31add2ec1bc8b5a1b4a17a0095cee5

SHA1
752401162484e3d88f656d06ebdd983444ea7275

SHA256
deb284e3f73f9df70b8e4e0d2a31ebc40b6cc71308c3de5eecb7280f15526d6f

SHA512
73f26fe9227726061ec69fc8f4bee62240649f63e5d49d8c6ed225cbed65df20cd87f006c360cc7218f7bcd06e7b530e0a2b3c8414bfbb8cfa73d04b9ba878c9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
1c4a8aba0d62fedc79cbb08edd6dca8e

SHA1
bae0d1136bf0532f2f6821b4d954ff303d5332b0

SHA256
e8408eaf37235f518ea6fabc0abb277496e2e5ea09e737c81aa6461c2155f51d

SHA512
8573abdccab6a00113654e3aadd0e72430fa8aa2e6df6c358120fd74f1d495817201ada86cbac0824dbe5df87740395c1e8ff4e89b7618fb27674f356a6961c3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
79c96009b0d3c4162d95e206c6468982

SHA1
a91069b1a081cb2009e3d836b1019ff5e16b845f

SHA256
e34e7902383e4aef27531edc38e653322d14dad35885080ca44133f8ba597419

SHA512
64cc40c8b03d563b55b14e95ab0a0a538d6a444bceaf38a41ed71e706be6baca4b34a0a4dabc2b6de9f6830c03f8d7a434fcdf5fb26d7a379c199b5d810561c1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
fe7c8fed9db2d3edaad37c0bc401e4b0

SHA1
be2e5cac9d60a4412a6444757ef6405c5e7b33ca

SHA256
1e1457ec1de8dd6bd60d5114a65685c8b78e23e76492d0df48604b636894efee

SHA512
79f6b450238dcde71b2a121f5c09dc7562f8ce6bb7bf0b0c60c3b02b04cd9a84492327fd022df57f6f54fcaacf7617fb48a7b4c40788155d72e0dc6f863681f8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
ff121f8a9f14d75fa735d8e25b576656

SHA1
57909b9f4b97bf89e506381f98be8b2ae3014e91

SHA256
360b9b280c447e4d3caa012f71c6dbc20c9e030449b43d57ba5048c0a0613b0a

SHA512
26ea5fbc26516a54352a5b212badb651d94f169c284245d49ad45c610fc093cb8522a3ec8f6ee31cdae242921462545f4157435fe5597971a456e774020c0556

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
99b8fb45912fce92a1a0e4ffc82d07f2

SHA1
1790d3420ec9c77033688b02d637db307d7d5ea3

SHA256
bbe3929f814485edfa668952d732b2b60a5f3bbe36d7e222fcdd254a4f903db3

SHA512
461112d58017750e7b0c02b9233f06d7a7119a1caf1e9133e1a2dfc7ab7e1951312421bd6c7e9a58fa5cd0506db03ddd340563ce4100f6eca6a5004bace6ae51

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
029424b18267dcfb455c4e15e67b3cc5

SHA1
0547dc93f7d4c227b4da6c1f6acca159d4453f50

SHA256
853e606a0de674ee833daa5de80ddbdcfffd498685795fcd969467678ce97430

SHA512
53c202c3dbb58e866c2af5849ce661a241d06d05f0e339b545087bbfe70eca9f6aa8da4889a094455db02fc071bcde259d1e1f8833bc2d9ef9791c827d4ffbf5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
fb70917790bdd2ad9d91fdfc475e7ce0

SHA1
f6b7abf07612bfdfe1fa098097d9b258d88cfec2

SHA256
da85c65bf738a9e9b6752b864b3feafd63fa25332f2294edb0668cb150bce49d

SHA512
b1b281d7fcc6fc47b4c7631ba0b68e7468687362c4b56d4c0f7681bb9dae27c1b931b9655e821a995d50e8c093efbda8a91a160e11c311c8c6cc832cbada3422

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
1e471acc5fa3f54b7108e04bfd54135f

SHA1
10d88e095a192f3dd877da9ef6bbc99a710fe9c3

SHA256
bf49c459d776d9b8739b06d6059e2d546e385e49f9e0526ca3602d7aa81739f1

SHA512
1ac5e50c1fa22fb15ffcb7116589510596defc3eae1cfc93075c9a556e3a49a86a8522a2e7d1ec0f1afef792127e05cb5547dca541cf147a08438d4ae735c5c7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
a46d9f60765f684cadbd4c68a2a83d00

SHA1
9fc7fa609358226423730e861bb631278c138c3e

SHA256
48610737797929e82698d5bd3243f2d49937cc39c3b35974b0b828a36bd42003

SHA512
893b6311fbb8b642e0868a6b28104a680a9fac4554405a4ee1850ce5257eddcc52a1daf0a980dd15ea9a9707dff185f004bde8f750aa7c326cd9ff32b1e519bc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
920550f1dcffb0eb1afa8adf30720a45

SHA1
08c41e9cde0d0a1f7e3f48a53ade65225d2dfcf7

SHA256
abbc06a8e909191b5226be0ecb84b321fce702fe6b03f710ee37bb73ae1c372f

SHA512
db787348c05135face446dfb1037083a07c064e288e1368d2f35f4cd25740ff613dff6cb0d085dbbd2408df123c5deb595fae7e5ad6a65c1492dfb2a67751794

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
044eed9337187ff27554b075ba1e415b

SHA1
19e5b25a60e2334b9048319218162392ea3a0bfd

SHA256
05dea4091281218a42d688985dee3d0e47c9ee98009d00f0a162f9430f664e3d

SHA512
c09d269ae46259364fcf4ed5dbbed8f2b3a6773134d31028b619d428ed11e2c4aeb69ee26a153cb48f8537ab5538ab1a9f9274e9019de84b1acae673f6f1de79

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
c9206de6160bada3ddb6109a0a08a0b3

SHA1
d29c949ec0ead16771867d7fbf17ce6c60e7e1f3

SHA256
f15285d8fe4cf6109c3188afaa474c8ee799388a157529684f153d491d43a2b7

SHA512
769e649084ebdd031f9975fe455243a25142ae08bbf835f791838c0efa11584f63d9d2f88eb864d021b525ec3deabf28dafbc62f9dfefbb92dcd329f3c9e9da3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
2eca37984988b3b60ab64794cf379704

SHA1
1c5d395c8708f426db6a641dcec61a4b8eadef64

SHA256
d5a379a6202e654f1a239125b09edb1f25fa864d7b788310c71922c4e5c3367a

SHA512
fa63509b059ad83508d4de5070edd1c51b79bd54cae65bf545ee142a198e0041de873fe4d084a708718d5db912aebd276884dc33e9a7d11e143f281fca62c319

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
56ea64bcf289c7a8353b9192bf29c694

SHA1
36545e62fcbe71498e4035d8d2691df0ace52541

SHA256
ef75f1dc2d07701d3cd86aa569ad41e31e81ccd0cc342d9341077dfb296b2f25

SHA512
9a64d448dfe7cb8983e9349348100c39e4ed3e4608592e1157331180cbf0bac2f7a4ff5f1182ed44279bbc1eb2b2cc23fb485574fe766fb413d28a4266e9794f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
d784d8464a8e160a5334ec9ae516c44a

SHA1
17f607ea21c7483f66e63b52dcf16ccaac78624a

SHA256
6591406b37d56cbd00ebb84dcbced9741de380c8e2f8a95f3d0c53d321a5e0a5

SHA512
8d993cf178e52ed2aaf8de62cfe054d0e9617d359539bac553df288c5df37d29c3bc812cd289b65dd9708c4fe5884fa7ef698c422dd7702c1543f5cb6070327c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
f1858d255b149dcccbd35cecb3530b1d

SHA1
eb42d57525c56bb7e6f49ce1a340642a39f1ff4d

SHA256
86e0e2cab6f7bceaf15088836c4d99bf8f48818f5256c15dfe1c5d1b41b762e9

SHA512
ee27a014184da34d3740cb499d3ca77ae790128b1ef4bf2ea45dfeebd028385f65e1a8ffa6cc35f8ddda773678822979c5932966ea3925199e1c2ca806361f64

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
b85d55a8a5fe27b6c1df4197d14a6dda

SHA1
2ee73774e92bd9d9e745fe256b96948f78035a48

SHA256
c89f4fb08b770546c6ff7590905e18e08897ec62104315f5bd02c69c4f30fca0

SHA512
d6498943493774c2aeaadf43866557e79d9ab7b7a764fa2bf5871d8bf0cd3b2f5bd281b56b03e52b838f0e341117697d9d0b12906d58566cf938a31b0dfdaea8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
ace78e10923548fa251e4f46679ceffe

SHA1
e8533a01373f867405e907e4b13ffdea720b4a94

SHA256
0f16860ff08a665e7403870fb840750fec45fbc4de89edeac66606e5cb604662

SHA512
83a331f0beb883458e3aec29079b49a01392b3902cf57e1a2133832c47891514271d50e22b6f6bc7f78665f53505c7ae5be4b2eeb4bdf0e122a921c4af1f6eab

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
e3149a5cb67445edf519d14ffed90587

SHA1
53bd75fc039334afe395e68125d8f140aa150a98

SHA256
5c2aedf6bbd39e9835047593a61432771eda686b8d3a30a9a0a2facb669d02bd

SHA512
6b482f7050907c15233d2be492615945a32391efdaee99ce5b7ccc55c4a37e0c1d1d89a22baff5319ecd9a0919e73207b1c5a5fc0728fb60099f1ec76bbce984

Download Submit
memory/1600-7488-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1600-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1600-9179-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1600-9180-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1600-9181-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads