xorist | 676903c100dc93681f6812043ad2c4b1481680d18dfe36e27ed21a052150a9f6

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
15-12-2024 16:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
Size

7KB
MD5

f4c61dd3244e63b3a19d97a893e0cd60
SHA1

9df83615080a3bda80f91135a4d345e8055be5e3
SHA256

676903c100dc93681f6812043ad2c4b1481680d18dfe36e27ed21a052150a9f6
SHA512

9ff12f990bf81d0b3896e47a60704400b1581056e40a47debac6115fe0d9e45731fb6e28774eac4d2108c242a2ee9b6d3d87c1c4458ed1a8fa60e91afccd06af
SSDEEP

192:Ewzdrr1FG1WDCgmjPZLs8xqE/5eRGMUA:Ewprr1gkDCgS2kesMB

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 6 IoCs

resource	yara_rule
behavioral1/memory/1712-7187-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1712-7188-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1712-9175-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1712-9176-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1712-9177-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral1/memory/1712-9178-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2205) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\08Q98gse50wrWu9.exe"	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_neutral_db76873d4261eb11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc004.inf_amd64_neutral_bbd3435eeaf576ee\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Comparison_Operators.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Path_Syntax.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\com\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnkm004.inf_amd64_neutral_d2aee42dc9c393ea\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl010.inf_amd64_neutral_46f466c9e68abb4a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Automatic_Variables.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmlasno.inf_amd64_neutral_c86d5b5e5fa8b48a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_transactions.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rdlsbuscbs.inf_amd64_neutral_351e56205fd4c200\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Variables.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Return.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Special_Characters.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_eventlogs.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_job_details.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ramdisk.inf_amd64_neutral_798b5d4dd3f22a07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_neutral_7499a4fac85b39fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_operators.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmega.inf_amd64_neutral_f9c441ed24f00358\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_If.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_job_details.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_locations.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_WS-Management_Cmdlets.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Throw.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\faxca003.inf_amd64_neutral_5b8c7c1dda79bef4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0416\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Parsing.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\com\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmeric.inf_amd64_neutral_27c5b45728cc9ed0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions_advanced_methods.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\averfx2swtv_x64.inf_amd64_neutral_24a71cdaabc7f783\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_neutral_856142fd87f1c21a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc303.inf_amd64_ja-jp_b0dcc6693f67451a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_transactions.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Line_Editing.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_blocks.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_cmdletbindingattribute.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wave.inf_amd64_neutral_7a0a0b166f55e1aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Arithmetic_Operators.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_types.ps1xml.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_pssessions.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-activedirectory-webservices\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Core_Commands.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0010\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1712-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1712-7187-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1712-7188-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1712-9175-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1712-9176-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1712-9177-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1712-9178-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_settings.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0400005.PNG	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03425I.JPG	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_TexturedBlue.gif	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR51F.GIF	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\calendar.html	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_FileOff.jpg	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01179J.JPG	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15132_.GIF	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\background.gif	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePage.gif	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DissolveNoise.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SUMIPNTG\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImageMaskSmall.bmp	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\PASSWORD.JPG	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePage.gif	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_over.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\PREVIEW.GIF	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101867.BMP	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01297_.GIF	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsBrowserUpgrade.html	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Casual.gif	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)redStateIcon.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen\BUTTON.GIF	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Peacock.jpg	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR17F.GIF	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_AutoMask.bmp	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_docked.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_disabled.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\Office14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\LAUNCH.GIF	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR40F.GIF	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-langreg.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9ff371248646ab61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-shfolder_31bf3856ad364e35_6.1.7600.16385_none_4b125fb438c5a314\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-healthcenter.resources_31bf3856ad364e35_6.1.7600.16385_de-de_46037ad069504038\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_arcsas.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ae7fa716cfd0da1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992\Windows Critical Stop.wav	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sysinfo.resources_31bf3856ad364e35_6.1.7600.16385_de-de_175b770a4cc0a786\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_lsi_sas2.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_90768057f6c09008\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-r..orage-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8fbc28731821b714\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..nager-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_332aab6270130479\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-fdeploy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0d70be959d80ac53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\SrpUxSnapIn.resources\6.1.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_fdrespub.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b4b9b2ce2161b0e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..ingwizard.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9bfc805bf0d8126f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..s-service.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_96324fb8194ee294\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-n..etcapture.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b0dccbad39d4279f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7600.16385_none_ad296be10150c6cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..ssmanager.resources_31bf3856ad364e35_6.1.7600.16385_es-es_df30ea2c57d47f4a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-windowscodecext_31bf3856ad364e35_6.1.7600.16385_none_ef86be13d2568109\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d158ae10876efd6d\currency.html	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_zh-cn_a8afc467a4245c19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..unddriver.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c4eecb770476af3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mchgr.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9f94a4f6159834e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-csrss.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0937a971000a33d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-e..nt-client.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e58f30d0701d3f88\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ado15-rll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b89bf23ba3693785\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..ifffilter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0e7ec660f42943f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..services-remotepage_31bf3856ad364e35_6.1.7601.17514_none_631c9722c4191077\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wlanui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_82efffc4fc376e66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-opengl-msogl_31bf3856ad364e35_6.1.7600.16385_none_fa4180ba207482f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..ork-msctf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_49be57d30d91fb04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.1.7601.17514_none_9434f03c300b9c9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..onservice.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f39c7dc580011c1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wiabr005.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_203e79926e853ddb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\1288d7e030bc0c5d8b2cbe5f33aeed7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Activities.Build\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-security-spp-ux-sppcc_31bf3856ad364e35_6.1.7600.16385_none_ee126e948f0f7b95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_pl-pl_1f641766a12e7c5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_de-de_1f63cd5d3ae047e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_net8187se64.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b387d63633f489a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-vrinda_31bf3856ad364e35_6.1.7600.16385_none_d2195f0f72f474c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..lpaper-architecture_31bf3856ad364e35_6.1.7600.16385_none_d99106b927aa7782\img14.jpg	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\14.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-usbceip.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9bbd54de7ba953bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\WindowsFormsIntegration.resources\3.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_dot4.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_836ad24e2754808b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..e-apphelp.resources_31bf3856ad364e35_6.1.7600.16385_de-de_39224f16bcadf7c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_type_operators.help.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..rectplay8.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c5606b264d36ad10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..tional-codepage-950_31bf3856ad364e35_6.1.7600.16385_none_ceb3c2f6fc8d51d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e59f39d49b771384\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..essionale.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_9bccfefa9eaf7a7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\UIAutomationTypes.resources\3.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Savanna\Windows Logon Sound.wav	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-k..container.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9dc161b41915dc3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnlx00d.inf_31bf3856ad364e35_6.1.7600.16385_none_62689a3eadfe9b80\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-recover.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_91e9acaec89be19a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mdmbr00a.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_344b463ca3d98840\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..-security.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a9f6186c5e6b7f98\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..ntrol-rll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8c48a0cb5e48b35e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sstext3d.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b81414340150dd32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Dire5d62f0a2#\74935b58bfe4054a47e71f128e498aba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "GFEGCEIRMLCYGWQ"	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\shell\open\command	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\08Q98gse50wrWu9.exe"	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\DefaultIcon	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\08Q98gse50wrWu9.exe,0"	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\shell	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\shell\open	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\ = "CRYPTED!"	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
d73f236bf71e8a705b90aa3c11d3d8c4

SHA1
b895a9a6eb2f84c91c9234d538b46316a87b6355

SHA256
45318faaf124888cd41b3f151d29369effdc27e360ae4fa33dffd9ff4fb89d0b

SHA512
b4dccdadf2e210fad3b73b73c53eb274910a836e0e8d4ee4bc110aae44dd649e61625c3aa560f35f48a2f9721c8e15be767f31abd4d429bd1daa3cc46b33fc1b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
c4919a618832780be66f26fd50586cf5

SHA1
a968645f1165464f397f6921e87535beddff57a1

SHA256
27bd42284973026077d3a56d5f4e89999f958afef021447498ba3fd588277ee4

SHA512
e01ff24816d08f3b470579f7a8e1d86b3ef8868698ccb3c2ad51994ecddba9c8d29adf2877c026e54e7c1825fd88f0e317093902180f288d06db8aebff5fb935

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
d3d3efc2df7d76678eb5ea126ae2bcc9

SHA1
2a29ec8c166c947e9f399e5f6cbb4acd70de83ec

SHA256
74d36f55a5b7586ff85a1563e60d24c1990d2bc2766757e44d38a5f43d3bf733

SHA512
eb401cced72ffb3a70856be0f9a2483ac6b9bcdb1a08dc456a0511ee61f3d203a91fd827ad0bc7a47812d713768dfa57d17bad938ac8b7bc3904efbc8193a319

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
901f890fe8fe08852e5186cab3317948

SHA1
b6463400c6168dda60e4d752c215a97e0ac59ba5

SHA256
d1ea46057124c41a4630e1af81b3a98247a7fd7ae1e839fff754c387c9e4e459

SHA512
bbe48af3936269d42e55c4ee36983bd1071e7f0e6b199d2e9f0cc6a4918603e2f7c7fc89b4680c6fc904fda1ac89bb6e944a8141a3cf2e4bde272233c785f39b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
ccff2049448943e5b1963c2b1dedd0f0

SHA1
fe8653b6515dd80a750434ea7fca6125fcac7670

SHA256
3739b4214909d12705b6346f6f14fa62d72384ce67b88d95d2f3812e44ca9cde

SHA512
6adea22a25982fc262ecc1d09f9648d828bf01e2146ba2a031292786339243b0b7b6c1f2614355caa4ab1c2a59ea09e141afcf39044e4c80d5853e562c191a55

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
3b99c25d53830ae65ba825fd61e53b83

SHA1
811d500ca9aaf2b968de7bc670c942ac8935ffa1

SHA256
69d5539270d67d441f51d5995a1cda2d2c095db35baa1d67cadf7a512fae6b78

SHA512
69239b0fe973d139115ddc34c23a49f884df0a4c459fc581d7ff26cb2a1bd857ae825a0172b45e92a2d4d8ede5165c7add7ffc180006dfe77a594d7b2655ea48

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
c04dd893e1ff9100be004604ee4a5c3d

SHA1
7f4f15d898365056ee7c7e851e7abcf364b69375

SHA256
7b4869ff112632267166e063989da908977a75920751466c3f0b1a72a11213c6

SHA512
f71667b23d1a35b8f968e07fb8a2ac251c73b1a3c32879928125b301480201e7ab8de3e58b000c8f5d684f52c1784951aa38acd134d53c4d3de54ccd44be1ed8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
2540e7a9e567b7040ffd5bb4bae75333

SHA1
3a8b85b6f197446205a5e28fa09e5cf040665557

SHA256
70a64d4a03fe749c68fde08ba751aa0827222b7cd50b5076ec35cc96e2217cb2

SHA512
77195c6a3f3d7073a8303aea5a01c84b07f27ad17ed22730ab0604f226d0ac1531714884bd0ee27a268ce13513831c6d5fff6fa8461fcf2028730ac0b045cc89

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
6fd7b52a55e6effb3d3fd4799fe7cac2

SHA1
7f0007f573ec5e87e186c4ba106f4fbd945d40bd

SHA256
2cd145329ed274d8777146de09690a4fc2566dd392e2621b2410f006b4cdccff

SHA512
5a7fbae0dc700741dc33b55bb52e085bf8646cfb7f2d993be962a50a96eaa1c3eb6fd167bb98bfa2773cd357ff6aed14c6e2cbbfd6facf62b5a23e11894995bf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
b6f3e63932e4ff85d5a523c3b42fc423

SHA1
0261fe0d71c50d0aea491ffde84db3711b112016

SHA256
069b5f59f4ba2cfe5c2ad20fef885303f2d01fbf997a8756336a985d2d6388d8

SHA512
6059d5b8b0f86773378b7ef95d88a7ddc668b5a02ac1fd7094339c9f6cae7817cfc9f9bc05756d07f90aad000a4622947445d5358cb255c0558078645c145809

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
e65eea3e02ba0691a4e14185ee2c2903

SHA1
b8b0b90b01ebce08dfd35dd4f10aaf6e682d2282

SHA256
46b105c3c72fa4b632492fd8daec4dfa3dd796963ba7b79e20b49b4dfdb99c51

SHA512
f707f67378e0a91257c218214f2702a1e87b64134f2f0b4a99ebbffe2f6d95e31ab8ddf3829d820ef27e8f68241388baa59a000d6e6bd18651a26ebab1ab17cb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
0e421f53fa0a579718ce76943294e2aa

SHA1
2c6ae3d04e9060da8952cb2b7f7c339b4c9316cf

SHA256
886c43bcfe6a60e13067376e6e0a1c60dba2080a1421a06c11204352cb720472

SHA512
568965bdf13d9a392e6a577eb542d41a223d9a92d778fb6c662f55a4fa25062cf72638f4a4d69f84f39516ce61a3a79063db94a698db7b88140c0a8cf9f83fd3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
8eeba62d6e2d7d5aa3c4d442e803aad6

SHA1
fd3f1b4326c3e09ab91b323b9ead017a4f363830

SHA256
56e2a22f92e8a3804e8b582409b73529f7bcfab1cf591f816ffb6e8fb718e840

SHA512
b014556cce8ec58646f54aaba3308611090cbbfdd9283b7364e696140091522278be2b7d0a3f525aebe6f8646d11201e3abf3fc1a9d0be763688051703b100cc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
38f0861d2b726325d03ee9100e620f5c

SHA1
eb2783402a119829f5dd79f6f98898620994762c

SHA256
f72ed422d13bd34f05ba2e9278605e8e70d4273ce0009aa6402f9bccceefd098

SHA512
849c196bd3d56e2d740f7b45ec75ceffb61bd89c684df284cfa96bad8f1889e0576388e26571781972c7c02a593cab73fb3df2249629d74f88fe65cc0142131f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
c3077e6395b6ead3e786b7da6582feb3

SHA1
6936d2a5c98e5578c8b39d8fb5a346d63150488c

SHA256
2c927cb3e0aac24a78e6c8e551ca6020280d2a6bda514d5cb351d538bce18653

SHA512
82a4d9e1a613debc243be5131fc6538a01906b3f9cb46edac232dd1ca841eeb78862464911ebf433696620029e10d0f0e10cd5e77345ec8200ef5dae16283dad

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
9c13c30bf41c00e00c7de740b7f04e61

SHA1
a135507f93d49d42f2d48b8e63c29cd659e3ced6

SHA256
b92fb1282f9de4607a040e2a2ec564ae3278224d38f41f7892f0f2c963a0120a

SHA512
d53287aeb4b1dd5208b86d99105e77bb0f2f59ca331b8e2fb6110a6be5ecf42cc36a804c7e8fbeafaf747b45aa051097830bd01a38d9aec54dd12b816b1a8a58

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
339b8dced7aadb19f6954d5bc8442c23

SHA1
ed49426b492c5f33850b8c1baeaf5e0de129fe7c

SHA256
c7e9c0e4d68c6120989ca3919e59094722d390d99475ae0b7addb85cad173763

SHA512
88ea602ff4916bdff48b6e82297278f3bcee0cd089b7007b3e070f6e8fa9c963bfe366a0d26ad83d753c46a52831e7d52a94cb681615f48a4c031d1b4500e127

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
e35f23f2bd4523c1f01360b02089b662

SHA1
ce1e51431107d36d1870c7085d20a3f703a5ca61

SHA256
ee844917e7459fe30f6953f8668b163b98f3d79fe6150120b2164ac9c63eadc3

SHA512
56eb9b50246439d3597dcb13250a0ecbef405705621ad8ccf5a99513fb0d1da5f1d1ad605341f7a6b68c703106d32b4e45e9292c3aa7992a7efbfe7105cb7bba

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
d169a271ef7826b43260379ca82cd042

SHA1
608be5faf517a6a2d4e35453ee5b8c784f0054d4

SHA256
8cba13bf3c8a45744586c1fdfe5a6ac9535e5e5b16411b087fb7813d0fc5f06f

SHA512
e87be9cfe2327f5741e7e218444a84d00b782f222543e1b2f485fda6367bc48a905345750e0782ac9e965b9b67ff4707d16cd9f663be0adcb9406f3972d1e72b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
0e86343f9c958483c8cf18b58c502c01

SHA1
fa090cf95f299d66520960a3ee8d1213b28d4227

SHA256
360b8c8881fc293216800ec805fa5f336b023b9108e1aa8977ee79f3cfbe969b

SHA512
849218269dfa89b8c8b8341e5bdd896b919d1887bfa0282f8eb75e50368647a5161f5fe8a127d6eff04532910e196171bc0af0f83333019aede140c333d41429

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
56d0235eb9e6ea4628a2eff3109de0bc

SHA1
55ddcb6c75a3d139850a619185be389e8fb37b0c

SHA256
2dbbd4790f8428633e10852390d4c5d74c944f91c99e9cc636acf4bdb4f99f79

SHA512
6cb047104c1ba42226b5e88e1997b3b9ce08334d9984365884e88fdf974830ef5681ccb93637ee9a51463440254e1aad96813bce4272fc7393a349844fb3ec23

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
da6b8b6e85ee8580b61aa91232c9f07f

SHA1
38070ee8b2b12409b44cc1e24983ec0809a06afe

SHA256
15dfb758c7c0d00092de6f135d441c3a9fac9962c3007b0216e3cc78e8527530

SHA512
be733c15124025582ac28c41b8f8d02ab6e068704e0546593fd5e3926aa7a55c487a2571293c2c9a0ea144f8be66a3b8be3220f9f8027ef4c7c982a5ff24e1c1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
bf96dfc8a542fc719ebfd63ed288365c

SHA1
8ebc59b0990c39e7ce382e9f0fc194c906197d31

SHA256
f99c8fb15415a6e8314f9e5b1d3ccf518962eabecf9fab6e305027b34cbb3d61

SHA512
022cfcab3f242421af172f7431505775f80989d48a254873159abf866e01bf2a72e2502624ab2ee500889af7ea7221fb40e86c5d37c2ae611cac2dc26b6f3161

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
b92df143d0a6116977489e2879439230

SHA1
40ad51a5a53c63f795302fe1be769fc477d3b8b3

SHA256
5bd5b15dc1a98cc89db62edd83fa9264ac2e49000bcf08aa426fa7a11ee65ae4

SHA512
f8098c33a1ff805cf0cb6505af9424b445763f090884178e461377d854659ed2a2a358b0fe9a2eb2fe7ae22c7d5ee982f7920e1946305a87d13b9b2b92bdedae

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
5615e66d15c61d4d0eb6cece2ea897a5

SHA1
2b2e4a29c624a55f9aa0c2272d989b1f83324443

SHA256
5fbc4840de26a2915e6555a74045d48f52099eb65bab9d18bfb9ee77098ccfa8

SHA512
a417942d835b08873036d7069681ae600f2851c963cde76e3fde85c23b3c55f641c75c87c34868d0f43c27dd52cb76d15da6e2a2c30baf6acc0a0e9e4f8518bb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
ad85efff748a9a7f3712868225cf58e2

SHA1
014a2620565543141feaf7015c80913b86b5ef34

SHA256
a96f2399b8802f44d54cfb47e201b22b7bf799dca7f2a149201a3ed4cb496b63

SHA512
75738b0f68abec64d8c35bbca9b5440f3d24a8d2977898bee668696894d345ba46a0f5aead3b3ec28b38c639d8a6cae61ca762513fb244927acc2857c0537e14

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
9448a89ad80d21fa4b04b01b952c7df3

SHA1
e7e9e0f62064f723ed48af9c1893eee8db0e2367

SHA256
3e3027cca4af2d2215afa8fa6eda016916dd338396a9efe97ca6a5f9d8100976

SHA512
aaf7959c4da181340140bcdadda6ef84ee92449e7bf877cc687b638c4986a635a6dff1d7ad2d9e3f1c3373fe48f6e886a023b9152a0f2c42986045d0fd1f4820

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
36c2f135b43762ccd2d266cf3a456701

SHA1
076c680cba0902f9bf78fb3ba7e134b48fafe462

SHA256
d11546468d691fac33057aa51b3b18ffb41357c4014ff42c2501152110342547

SHA512
469317e19a92d7858cc96314f5b6fa52a3d34dac656a05bf68c75070192b8627ab412b375f2ee979a0f2556ea5f9bb3ee0661b79d470e2b0c8aeeba037cc0382

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
f9481abd954fb2d394f9e0f16d628ada

SHA1
13e75eec46c12eb8e88fdffcad7337646bc17cdd

SHA256
1a2713b6335c3007502653f4b3d44ed1c384dfc4bfff12413a6bef1bca84b2d5

SHA512
0eedb29cf6f9dbbc8038ac0e49ec62dd64860471bf6c3c8d981048a6e148a1fb1acac431d2a60a5ca558e0ed0115cf0f0cfd96f280415ffbc62a002616708b9b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
1392016631be4dd3ad0509ae5cc37ab8

SHA1
26c11d59f1220e190fd7f53413244ea15e3903b7

SHA256
f0697b4ad71ac103290bd013f9690b90109f4bc6aabe4f5dced4316e73193523

SHA512
35ac0f0e859c99eab06b5ecd931217232322dcc9d68a80204d4ec8605460b0f05879e5543d91499256369748348edca116bff7a45315462b6eaf9bcdeff3680f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
336a001ba89abe540bca6eeb8e3e4652

SHA1
9ad0ffeedd8071feb9b8a23f8c8357f086d5ce9d

SHA256
d83430d679afc4e5a339ba662b53484a0bdf3c50ef5815802605b8914b945731

SHA512
815cc8dd9b305160cf58947b97f1d139383b3a75fa49a7e049224e18af46bf4e59ce267374047cf95c131d16327713cc070ddaacb2f4b575011862ceb7a5bebc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
e03dd936f4a416a446080f27c8999440

SHA1
72dd400f1ca42262c823f8beb51be8748a9bc86f

SHA256
48d84881c4e77b66ecc6a7ba867873b27e2d6bb0c992d750adfca95b8929c483

SHA512
8e232f3108b948bcb81768ff9f2692b88376702623f51048be6d7456ab065e5fb6460770ed5ea9d55a217fe37b1e2fa950bd83dcdb09dda7e7c4e9385b7d02b0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
843c287285a45ee2b4255daefb4f8636

SHA1
acf5148050b7e19d1c42876fba000964fedcbffa

SHA256
3b1760adc2c6b778ff86f99dcb8d78a74db1475c89c23a2a11703d0d799a9baf

SHA512
39f6ad697efb8aed147bf59eb17fcccb408226533761c852168c588b5c2ef4542a38395f2d37cec7d52f3ec202a394616489ab4f3e757f440aea22d0395f239a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
07a2c4ee8118a9400a2d82f22ca700ee

SHA1
27ac45a83d761e2deaffab764701a99e5f12497c

SHA256
53c822d9061e3ae3be616573ccc1102402882803d031c5088040d7e2226f4a74

SHA512
977f65401500e030b48ef26a099392bb9d5fc9711b41b846715c9434e1625be2e831796039b19ad198b2504346e62a5a566aac6e063c33aad7a9a69d19c5b30a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
156ca587c7324155d18036a1b33f11ee

SHA1
b79363d3e3510c5db7a9a4026639b24a93809cfe

SHA256
011a24694f8a14c73821f4691d7ea4ed6b214167d3453074bcc8771cea42136a

SHA512
87667cf9e78ac67cd038aa0434a0f46576a9ec5516d5273bbf937d3caeff66b66a68d17d24b0be9fa5cd79df58586cf9ce0609bcb9ff5bb82acc84b6cbb5cdbd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
b36025635739ab3dfff8e6c70c9afd95

SHA1
eaf66a53c309745f91308764c6592b46323a2ab1

SHA256
11dc43b9fc6c209d5b7e27188c12e65752c8d2df31fbe1e8f881689a9f0196ce

SHA512
e91c851a2f265326ebf13ccdd92208f16027acc57d1dfc21a9270edcb16af23163387549084ea065f6828fbd68a5a6660628754d3fae7f1f56d59b5ed721fe81

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
7bb900dc804166a7cc1e851b7c23477f

SHA1
7f7fcc2e77106c528347551b9fbfbd2c82571f6a

SHA256
fef8b89ca382006a0f392a415bdb63935f2e0f0b9349998695349fba9c78f29e

SHA512
55c62eb3816122fcd57e7a23a0351cd6f8faf28a9c66a913c990624a1e265dfddeb9fbfe7cced3a82f7e1c91b27874a52b94675f530622fcb0c68f10f161aab2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
a3f8f4c43a96332fe6d5e78a116e55a8

SHA1
ea9e175d529de9eacc73ba40fc30f4d17920139c

SHA256
27d7dd44bf67925fdbda6be8c8a36d155fb457b2e9b60172b6f2afeeb6ed1c7d

SHA512
66a3fb2cf36f532526ea701f7e4c59c2b09c9f6d3fb1015e3218ebae8831d68b0466ab09892cb85dd0088e32e42d56cc6907406c241e6df6dc4e544897d32aab

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
bb5e7eeea868d3db4e1fd9d7c0e34ebe

SHA1
27fb52c4e52bac182f7ba41196fe5db47ff4268b

SHA256
ea838e74fe019396f7cd880142149d880851d9355a8e5adb2808f3bf9ed0c2a2

SHA512
0334af2ea55e7ca9d5272b725f7f9dd0dbc59189c633b4f0efe562a71c2766d13ceec6708880dad623bbdc2f465e66e2a688e641dcff93cd853ca7ad7941569f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
7c0fbcbf191a442bdaec72bb1c9cf869

SHA1
75eb7ba1c0f753f4dd786d9f38040fcfe776fea4

SHA256
f93447cfa2ab9546cd4b5ac0d8547daf85301b269a737e246f04bf4866d9d3ce

SHA512
bb752333ec1f42c45e7a77446516363643616fae6846b26c96082e42a7a4291a4bf62b7a694d82294ddb0878eecc5a5210136765cbf8551b114bbbbc460625ce

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
9d63c8c917781064379d55b6a5122e1e

SHA1
ad289f0937a55bf8f32a04c4111abecd2edb7118

SHA256
d98ff130492195774ca2aa0d48a3f1264cf1d11747ddff867da573683a710834

SHA512
e1385b97160395d2750c9b646fc877c71a3013d3024e6c57e26325c2c8890b2370113611f3c97e6042fc35725f40e4952af8f18d2985b67d2c927458fd4f58dd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
5225b6a31372426a5e4f4e3cf8f55523

SHA1
764287513595c9de863d49eba83c5ce8caf7a249

SHA256
ab38c9d39cc25eff15d0c003d9434a097740cae7c0211e444241f33511d89c61

SHA512
d4247037cabcda978ee8bb428655f6743f2b7d83f36c2777ed909aa1a41b0e2ba95d27d7c0ae3d4bedd93d1711b188a9edc22de3ded3d85ba033a36a01527e9c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
327ae26d104a4bbe218a03d11b499015

SHA1
a0c270d5e5356ee2c7b68c579588deed163fa6f0

SHA256
18053d583bffb1b0ef11be2592e802bc60aa5985d78800e1c89f767679440035

SHA512
b7c05e4c9a1a532beccfa6a5896bd56d666844dad71ad49e1483d590a33d29ed7b76b3147fe653faedc953c53a8ce8fac3e250905a9f858de647289edddc61dc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
41316b8109750c9cf5c6ff54c5f262fe

SHA1
e4b29a5a3dfcf0ed81b6bcde497e3d03682b8bc6

SHA256
8f7c32ef0ce2cbe261570186719e190febb2727ba300833d78c1747c2bf13205

SHA512
b01ac8d9b378c770460b2d379dec3146e3ba61d7dce50b3711250edbda142cd972bcf6fc9ff49c46cb956134d6f61d1d3cab5ca7b76d73494fe72672fe1f37ed

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
cb96e00c5e2d0fce43c3fa5a0f8d45e3

SHA1
84cf00cf8d177e029247c2eff5a7cea33bdfd8bd

SHA256
2be1efbe81eff3dd8e508061615091222064fee731c9e8f51542be74c1da9ab4

SHA512
0832387061fda573fc407f2277981bbcb4a7f77f5a60b7fa2d01b95be17ede2113cafab62343d4295cbeac2daa69a2aa12fff1cd538d8765a7e9745024ee38ac

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
5ee8b90e8bbe8075311ff531a5d2b690

SHA1
3090d4d3c6122dcdb7e14d91a804ca02790a65d1

SHA256
efc508512091156aa044c990011b1c0a187521df3a1c76bf2f7636f7da92b1e8

SHA512
120a0a4838df30a36a8257882b6ee77a14e9c0b91c010381dcdb956b34b56b4d4c881bdd19bd1e397fd83fa40087b6059ac77231e41b5a865369a9e23a2b5dc3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
9116152c06185bce43f8c02a4157c85c

SHA1
5a2e20095da69392ec96493fa2186afc04c3c091

SHA256
19f7ce2e5f21f628f197435517e070359aaddb82d3e4fb9a2a5600f026584920

SHA512
5a4598156671adbe58e0a046ce145b37048edbfaeaf306a1c006054b75b8f5e6467c3a8350153272252b2abafcd4f45d02b3dc16b102251653821e23a84d4078

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
eab44ecedb228654df19b3b238bbba8d

SHA1
1425a1a6049cadea68679707a002445707e541f2

SHA256
5311ea6f5f76d08ac41f8fbd1747589db04837050a6a23488f569dcfed2e2d77

SHA512
d7c3228a280d8b1d7d4a44e00e40c5a4bbf2ae1f661c604de151fd1371254343965af13bd521d401c590b2305c4218246c7cdd0df54658b7310c0d434805473b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
ee9d26e2642146c63f2f18a0c1808070

SHA1
5a1efead39542553c1119957006381e71fdc8069

SHA256
2622dbc3ad72fad08309f9a90191340946bc5ace6b1c4fa3498e0f00a0a0b369

SHA512
bcf67bf1e1123a425bc88ac6f362b8c540b4d6fb2c8802f74625328d0ebd0a212d612f1eb3608fd80b7db9bbcd5fe0feb30070c9070dfedc8c07b176204da44b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
bf4fc9d2d2a66e4936ffe07fa1b1e7e8

SHA1
46060e84ba4d5ccbe9977239020a6d000a472724

SHA256
91696903e01770182dde6882bc5cb4e1dc1d8368d219d9ce4a6783ab9f2e4a4c

SHA512
77996d1e10ec5d7652f5abfe7135e275eea30608150104e858506b2592449bed645e077baed5f18f7d998dcbca91d4d51faa250bafde15c49cc60ad8018a7ce4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
3836a9be43c86ca850fbecaaa9dbd411

SHA1
f84068182e7430950e80cad64ce31e294abd2558

SHA256
9f2756ba83ea6b7121f131acc46142cd2b218a0f3d356916d1cf770cc14fa7e4

SHA512
ad38dca1d0f1c2d474f03bbfd2918ac77fd4fb8fd519d84b8a6a00145f8745531780927eb9d83297e341c358afbcc447f40f101902909811058f73400c677608

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
0b126962c96a69229b1a956e53c9fe9f

SHA1
4fbaa61e5032f986e313277cdc33a2d5a031aafb

SHA256
7b7e96d993b7648d23317f36b7a7336a3d51ab83c70515b7f0c4cccaac974613

SHA512
b88a58c150aaa1c2075ba4f66249e273c480c63b369b496daf38abf10d05c64f527c5c21d1d674ecf1af1a79c3040bb9efbc7ca8bfc4d835f5cb2039ce67facd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
633c4dca57d88503b51593c8ff1dda9f

SHA1
926ef33dd50d08cc182dbaa158137613427fc24f

SHA256
ed5bec85ab550cb189c9068a2a4ce48f93cf437c6218390a2c92406d5c170f63

SHA512
7e6c8fb24d5a8297e14809641f3a62e76bf3e0cd4b8c274a11617cbd1d00ab7c4d958bc9ac7b15a9362b58a8f2328b9d540a8afcdbf2c4a1a63c7fec4a1e513a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
88087c78c1796abfe61b7a5ab015dfb6

SHA1
f201ae4cdf776f8c918618deb1717907eeafc11f

SHA256
04c3d878bfc34ffd6dd58d5afb57eaa0d2ceb1b5a4f96cfd9020f8590399b221

SHA512
ab8ddde06bbbdf838123121f7a8e65847117f338571e757ed992994863520f4321ece3a1316a26d5a4b16304b428ab9f668413c9565527e12b7ae822b88063fc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
11f02dd0b1d6dbc6a34be355f67db552

SHA1
f206ecb35abc3f200e19c53e36808f2cddd5f313

SHA256
ed1b716004ea4dad8282e1aa90fafb53af3537bc6f034ac440f6c3ef65d0a1a4

SHA512
30273ec10a7db654b13062f15f6e9a2155504f8cea02239e003de12ce30ce3d121a509df43d575adc0c59067117576ccf4f93ddb586cd91c9f50ee14f338cd47

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
8acb97eb4c092d754d100eeaf7e5e343

SHA1
75ab7634cfa0bca669959529430b4c4d6749528a

SHA256
85238bf5a1778c35356e6d67c42a5220c039a007f5399cfe2ac2fe9a6461ed85

SHA512
1373d58442c6a5b8499eaf05f30736fdc1840b73c37207ed4ee85423aaf63cea892b2dca17944d0738ca7f2e7b4fdd9c05712d85bcb1cc6233a48bb06d8fa1d2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
41363234aae18138f52a4dff94f82ea0

SHA1
610249a76f6451630a666f45281495ac9c6f865c

SHA256
590e05e7c32bb6c901361162e78dc7107fdf8ec8a5223ed28175cf394a9ca14b

SHA512
9a6eb50af09cc335172632697d699b2672ef8afdc3d8d7a6904b2ab0b4e401b932cbc3bbda3730b4cc39fabd5c043905d95b76a5b6a67f92a898914e33dc6760

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
1b42902b376de582a9bc730bac149949

SHA1
1ef0b42c874accf947c5ffd1bad3dbd4b67f7712

SHA256
096c6f93148ccab15f039a3c6bab0909d4d892e2960487f3d8093676b204a9b6

SHA512
f8c32de373ad40b363e57348e024b2d5c5d9cd791267a90c133b7f33d9c28302c91bd2515d514ea3a2fdb496ca8f2745309ae42d7c7507a4bbbeff197f450333

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
9f09b6d166a29ecede86f9ba80083cc0

SHA1
d2b76f02b88c0ff09d356741b9844ae93e754a1f

SHA256
fc3d2d62f5e54e2a841a5b604b4ff82af059196e50d4c08accbd1b721d296563

SHA512
301b5d6584ade0913b97d38462f318bf09d79bb7601fa30af3a1355170117241aa16ed852584d9285f9e52bc1b9b73e51727130e0bd77b227472a9bd6faf3796

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
f37bf0498aad855494dc266e7eda0de0

SHA1
024763d50d425efd64a3847798a299747984b936

SHA256
3a7524014f1d24ddfc635c49ab22ef2470aaeff21349b163432bfe78842d5b0f

SHA512
1232daaff317e1fcaaddf474811360ca5d5088381b44712d09631059e0ea24dc7dbdee61662f6f1181a9ba41d3a029ebdf766b25289ef7148c6337e691e54237

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
c5d7662459c15113c4a867939e37f415

SHA1
d89783a46aeba3815c0090cb3b4e82e1dcb289a6

SHA256
53ce44277e1e2466ae50413f511fe74f4e7711eef730e5d3b602b32160d4dc4a

SHA512
cd214ea138fd146c631f92c54e5571777d4a5ec8af0282decb5360edeb66bc38246870d50bf4e90deafc863245e27098117f3df45389d0d701a3ece5dddae57a

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
d39277ce9f5a888baa849e890f2eaf21

SHA1
c6818c751d8ffd975a30f80b4836064ceb9eae61

SHA256
e99dc5e2ce98110fe1044281ed8543eb8ce3d575b171ce1a86f0fd9c1dc06ddd

SHA512
5fcede64ee105a4b71f47db11e4cafd1fa38a7baa6c9c2c9d1ecd92b718d3f74e255d16a61ac2292aa1bfe21c86b6023dbfdc67e14b2f1a124bc3a1a28f709f9

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
02cd4cd93014081aff28201e3bff2a74

SHA1
bef0dcfaf292ba46f07e3e7c6818fcd36f15ac93

SHA256
0e340b0572e48638914691aa0c5c106f09b8df75ab5d804a079af9d447d2c3cf

SHA512
8e4af120ec766a0cec23ce741f4fbfc545504fd7a6b0408ec8ff38052fce0e18be0d0d973c996df2a72b1cfd76df828e9d36a06c3f7f2534276cb1876927e390

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
b9c0867d3d6833f99f0f1ec62641ca38

SHA1
d00bb162839b91e12c1e7b089e78e20bcac2cb3b

SHA256
2965628ec47343157053ce0a69f4fb65e4882af0831edd6dffafc0ba2f90f40f

SHA512
9e394ad5d1cc21cf9cce74e8e034cdbaf733408f74e641ce22db778565ca65f218b05b8584d0765c114212667f4d2c04352c66575673b8e05a8c90a6cdf36c82

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
68267afbe3e819edc02a2830a0bd5c63

SHA1
f8de658c1dbefa0efc385cc6d52ae2ea33166e38

SHA256
dc12e6e39806f7111fd498bfe84b96db478bcd4890097e99ff53f27a6ae7330e

SHA512
1e7ffedec2f3277849093cc2d1223a39eccabc427f6a4de8e33f9ebbe1a51500e9d9ae208a22c6a97d5d2df08fcea81160377e750a1f4a94dfc16fbd943ebc9d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
acffff2fc981468736703be53ae1c00c

SHA1
f0ebbe92604986aab89e319d967a104f53638c1b

SHA256
7e7b16e583f7826b703c53e5250e33c70d86c344a229eda44767218f76f8c12a

SHA512
48e084ac10ded5dff51ab8f381dc08326456ad1bf3e10a7c1634a585e3ee981f750895a65a37087f12a31213d3316d76a99b889330794f7e914a81586054fdfc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
3f24262ca8ddee3883f81f4c4aabdeea

SHA1
9dc0b51abc16f284d502fe9ec78a59b7337bdefd

SHA256
5c84c4d45841164c872ea0aec6b1f4b48fce4f79ae24ec5234165dc6416bb862

SHA512
74a2558a4234555ba172d9f465cddaa463bda439e24aebf76ae756369e6a9a80c93d089af7e331046967b5076ecc1d5221eb06f7ebefafc15178b3251c3e69ac

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
c9d0194a676209a01f1c1704fe2341e0

SHA1
fd74738b6b79e58a57892d43e866caced6486eea

SHA256
f8d6187bfd999cfa754d9dfc4c2d605fd709eb4b73f32b167fe301fbe2bb3d10

SHA512
939edd047afea6a1ac2f9b6e5a96b0e41da6e6a25a3db188de79b5fdc6a8779dfc11c46cef00925da1e886a658b96b508059966d5eaa8a87abede8ec89aa96b7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
34587bc90464ecd08c3b6235929b88dc

SHA1
5528705c8982fc96eaf65c867708f25c9d7042b0

SHA256
ac80905f9ff5ebe4325db2ebd9c87f8e960cc490c3b700798942e06863551492

SHA512
2993ee10b94794031e4bd12ce801a10f34de3e9d365abf976881ddd49bd59afaed00265ae291fd8d420a7d8d0131e549591aaeab46fc5a2756a48db3c7ccbe7d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
227c4f134d5bbf77cee8e0d5d2444d7a

SHA1
5b9e86ad41d936bacb5ef11ae484cdc9c43756b4

SHA256
b529300a3b34f09f2d563efe1caf105abcdac9b0d810b9b9121f93973b978b6e

SHA512
7943c6a615e0a0509a10e6d5b0d8d41d58144d27d89b4a7bdeb134952d3037703c243f89977867e871bfdd03d4ad07d49504e156a7a3433b426c77af338ae0e8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
4713f1e4c9e4ee9b617ba02cf4410e92

SHA1
9ab0e1239cdddbd3e44bfc8363e1900a890152bf

SHA256
897d4fe57b1586c3b425c2c8baf13bb25188f529c9deea2871ccc4b83c86068e

SHA512
7285e0a5afbec2a1e1ba7dc6727a91c9bfe063bd3d130f8856fa8212b009b8490c74f50a891ff2280260d4df096b07df9084aeb01b380fd45700e0eada1802bd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
093fa11007ceb5f2f29883ac5cc02dec

SHA1
1cf1aff3e24f4ed34f60ffd9daa9fe8299b71451

SHA256
ca1d39bc42dbf20f57d630da6e3632039279b2e8de4638e57c64f3a3bc5a106a

SHA512
d0c61b1e06394bcd080c1c7542192959dda0859c72d24ba4320a1fcef0e2cb82e5b1234146349916c5f676031b45b132f669e6e78bb900c6dce0894bdd8c6235

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
6fa802bfde2985901fcaba4a22b962c7

SHA1
cbf1cad6d2d29f4159aaa5695eb5f102601b5bc4

SHA256
d148c239edfae63deedd85081789104e6503bcdeeb6751c4fc6a2ff9df358555

SHA512
884e83bea426f120e3d1254a0a853f30e865cfd66c701b0a59f81ead453b6e7253c1bfee84527dd52c5abb2746fe746bbf77aef61858eb8ba1cb6f96ab82b438

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
f4e7cce015586213ae252ccefa83d75a

SHA1
1a37487cb53826d65e85fe989ef2d2fdb40c8bba

SHA256
1252568a3c4166129871ff99464746252f5f2a1f2a10d12edbc88db077a07fed

SHA512
dadb624740ceb43e0c5775304b39b34803549c9f4928e3e9cda04842d099759a1318e84666fdb5150e8f07cbfe524ed0c3dde75e1aa7ea18075efa24897e5ec6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
15a1c4f08413f2965af8f19715eea8e8

SHA1
d6bc5d1fa3e14b47f4263e6415b29e9365f57e8d

SHA256
52108c1001d6efc54861c23b9899b5ff8c59574754dc42e27997172ae002a737

SHA512
2f77ea172aa53296ac1117c93f31559416b03fa38cdc9a10895a395dc3ae5d03610be6233f1148733d94bb25b77f4fa52d09cb87e098431291ac31f0a0c19318

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
e0b11c77c19000be6d39dff6f07320d5

SHA1
fb9088e7c3d868b1b890148157f1446575001031

SHA256
0f1835d8c27e3ffc97849391c0af80051189954d6003f5b8b394bd335b05cba8

SHA512
b34bda203a30664becb4581906f9f29767083e9c5943976b8006bbe119e474f0123e492b105fba555c83b19856708ffd43c04a24eabee670fe299d6506a7f327

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
4e2247e8aad9799554d53d0f70a5a1e0

SHA1
6f645d9142af5a198d5f5cc039c7c7e3d2e981a1

SHA256
6e214c7297098dff7770143a985e65239173382ad055d24f9e02894fd2dba037

SHA512
36cb53dcd5d056f028b63aa1b762e97ab870576e4c51c135345c718e9aca99d440885357c0c8686fc2613087df84814507eecf6059652a5cfb2117d367279e40

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
c510ec173c655cb54682dcd2cfaffc74

SHA1
605a0c1452b3eb7904befb43aa3d47579c9fcc86

SHA256
3a7dbc045a57af1d12dcae93a24a0022e61cf85139967bafc483627db3f6cd1c

SHA512
2fb3a9fd493f71b5da998f920baf0747257a211b0a87436ad682264dc870f1102d11b80c326d189e39e308b6be7b5ec62fdc371eacfdfb5f51a03f6ddeece0ee

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
0b24dd757dcda13d7074533330cf85cd

SHA1
939137735d3e552276273c49efddffbfb96ee9c0

SHA256
fe4bbde06891baf820409a01d81b347dc4edcee0f229cb1c07e6905fa37cf495

SHA512
5024500a865588e79970d11c170ccc911cfcb4e9991bb3c3b8dcffc1c5f0662c31c0233eea091a0d4c41dbca23220476f0dfaf6dfe4c6ede9074d874dd531d09

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
1c37c1f663e83afeda86612658b8848a

SHA1
615fcafe2ce8059178351fe45c35e8eb150e7cbd

SHA256
ba2ada9168ae979657629fb5050e9e9aed2d4f35b46e423a755b1c0f45f0fb5b

SHA512
274f1c43ad0719d1e5f8d47af5cc5a82e26ab4a68a3bc3c62fba05e346d840d366acd2dd21263f6c54aea353c08365db2e0a58a8e89d9131643f01ef54803418

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
c7ce26eb050bbc99c3dc21be2e4c1f5b

SHA1
ffe1979d12bdd334b743c05f4b47dd76ce056735

SHA256
29a975e146f28749a7dc28f134f242d546763be37984e63c9ffd3680b92738a0

SHA512
d586777c02b77199486116a0d797dc85c22b836c1b60000c0cf661e0e66d6ff877e98214c4df330a50db43bd40a85b1b5ab2f2730a0427e9634dc8e3eabcceea

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
3a354575e757be2b9915747f7ed615de

SHA1
16372e342d7f6cdab76b9d57e322c00eb8c73683

SHA256
15b828e42ecf68571e7006a347822d76f1021b37ca83885167d8577bea5cca46

SHA512
f47131bf35b3b73154d9d4056db238bd63869a9c86766c567facc51e379879afa388f5dbf42e3a89f0b832493db45f5683544e93fa35b7201e0cfed83eff149e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
57d0efa2b19aa2f238cbce9b667ecbef

SHA1
289c92824f2f4493abd20a1faf69c7cfc2b3b5fe

SHA256
386818a374c7b1d5729ee2151d954bc9e46b9d97924b4ee66855c92c9df6c54b

SHA512
872c392bd6a756a0ed5985d9a7a2f445b7851251c47253f7ba4971be8ef4542cd70ca976a10194d370368e980e92928ec516596ce38e349fa673deed3e045134

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
fe96e7175b1aad45a823cf5671721cba

SHA1
8713f76d307a13571b2c8a623896963327cd57bc

SHA256
f6a02e700bba7858118d821bb205afa303dfab29e45bd1727893c27578d146a0

SHA512
e03f7c04b28ba2a4afcd7c91e31466a523ac8c1a89d647916158600eac882e65eeafdb681d428315d100267f523a746a7512722c238ab7f10ffdecaa985fa413

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
09a6ae85c2d7df71ec78c590915e32cb

SHA1
76972c8b0c88b6cbf24e72283670438ac940e1a0

SHA256
ccbb169f05cd1c29fe3b68034351afeda3a9b4ed99bdc64505ed9247e42cf8bd

SHA512
175d0cc1aa34d60f19ee715887022b52572d261034604935ee165ee39ae3372f4d1cc9a84eb8d36f15cb95dc3128997a56883fa83f375e183c7a95661d04de08

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
5797ac0a5e6a1abfba899efbc1f052ed

SHA1
bacfae6482383834b7b182e37680c00470ab2532

SHA256
cd69d4e7171917d1f26a85041d8b6e35eb42331e078d63db6751cd16cd307c02

SHA512
05bed8601e4643b37fc975c334d233c8bed7fb34ffb7c1f1dfc2f3fbbf0ba84eb54c5edc1f4ec38ba579352d164b6981965631e9ed5634fc9ae4865b89dce972

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
e86e6008232457bd7610515da783385d

SHA1
c9f237ba03ae72daeaed303021ec9c77a52f35c2

SHA256
c2ac0d7a730ef56071ce8b5bd28556dcfbd23d07be78369ada2b754d1f73486a

SHA512
b9473aa5f2cea3fbcce967ef56b13f49d6f22befab0611a3b7c4dfd041ba6c265c5da349b16951a9eb5fb27d6bc4793ccfb5220926d0873ae6c8e19f97076342

Download Submit
memory/1712-7187-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1712-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1712-7188-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1712-9175-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1712-9176-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1712-9177-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1712-9178-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads