49ddcc92129051e14c0bfe8f4239024e7e7796d04fe21366a8242c771b945bf7

Analysis

max time kernel
118s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19-10-2024 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
Size

12KB
MD5

5ebfc966e272a79926a2dd78ed2d2ba0
SHA1

d9f8118d14ce6d9fbc2f18ce7d0f5f0dda8551d8
SHA256

49ddcc92129051e14c0bfe8f4239024e7e7796d04fe21366a8242c771b945bf7
SHA512

047e53e22fddf05d52f67c8d018f2ea2c9c18ef07be574df54c453c005f7e83d912b04ca022e902a9e398f5a39a3233efb31d4877088c58862c65c3c8c3b2d0e
SSDEEP

192:y/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRME:yebFNw4Pk1itKkpAjjI2YpdmE

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2128) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7y1d3fjj3Fe8yhA.exe"	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\System32\catroot2\dberr.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmeiger.inf_amd64_neutral_492d4e047d14bde9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_command_precedence.help.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr005.inf_amd64_neutral_d140721f97061bba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl005.inf_amd64_neutral_8b56291bfd2a4061\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Session_Configurations.help.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc006.inf_amd64_neutral_7e12a60cc98d3f89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_parameters.help.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_job_details.help.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced.help.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\gameport.inf_amd64_neutral_fe5c4f29488f121e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnhp004.inf_amd64_neutral_53f688945cfc24cc\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_locations.help.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\ja-JP\erofflps.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_neutral_4b99fffee061ff26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\imekr8\applets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttd2.inf_amd64_neutral_9dcd97ab7a913b7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc004.inf_amd64_neutral_bbd3435eeaf576ee\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\el-GR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnle002.inf_amd64_neutral_c7564163ba063094\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hpoa1ss.inf_amd64_neutral_8cae09a2238d64e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\igdlh.inf_amd64_neutral_54a12b57f547d08e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmbusvideo.inf_amd64_neutral_8f9a8242d3699a44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_arrays.help.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-ADFS-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WCN\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_neutral_ed16756f950857e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_neutral_423894ded0ba8fdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmhzel.inf_amd64_neutral_1292ec506cfc26db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_neutral_1c5bc8e71eb90127\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_script_blocks.help.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnle003.inf_amd64_neutral_c61883abf66ddb39\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_script_internationalization.help.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\angel264.inf_amd64_neutral_04b54b6322607cce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00d.inf_amd64_neutral_0600b2ba575729f4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsMail.bmp	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-activedirectory-webservices\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wialx004.inf_amd64_neutral_0a3a62ae6ed43127\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\lsi_sas2.inf_amd64_neutral_e12a5c4cfbe49204\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnok302.inf_amd64_ja-jp_708c81a8b0ad8846\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc303.inf_amd64_ja-jp_b0dcc6693f67451a\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

Processes:

5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInAcrobat.gif	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SUMIPNTG\THMBNAIL.PNG	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0387604.JPG	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_Off.png	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01255G.GIF	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Half.png	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\THMBNAIL.PNG	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\PREVIEW.GIF	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0177257.JPG	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Generic.gif	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\WSSFilesToolIconImagesMask.bmp	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341475.JPG	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageSlice.gif	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VeriSign_Class_3_Public_Primary_CA.cer	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsFormTemplate.html	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_pressed.png	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0400001.PNG	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\row_over.png	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR45F.GIF	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Mahjong\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_foggy.png	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceArray.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Hearts\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\settings.html	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101863.BMP	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21301_.GIF	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_left.png	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\44.png	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\TEXTVIEW.JPG	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0214098.WAV	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\inf\.NET Data Provider for SqlServer\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehglid.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2c2dccf6394aa74b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-webdavredir-davclient_31bf3856ad364e35_6.1.7601.17514_none_f1f36eae68dec4c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_smartcrd.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e233d379b95a43bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..entsnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d338fff708cfb6b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7600.16385_es-es_45e192d8a828b8b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-datacontrol_31bf3856ad364e35_8.0.7600.16385_none_8ab661c930dca3c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rpc-http.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_53c664fc298d3531\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_436ded7cfd5a03af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.web.entity.design.resources_b77a5c561934e089_6.1.7601.17514_fr-fr_112e7f83660ece33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..nager-rll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_bc5e6aff7eedcaa3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wave.inf_31bf3856ad364e35_6.1.7600.16385_none_ce26495db580519d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..spp-tools.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_578ebf949d75a83a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_de-de_17d6e90dace97dc7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-backup-cpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_590454f6d9c9afac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-desk.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0506219b59cf98ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..tcpmondll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1d89d4a596cc0df5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-shlwapi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3c6f337207e50159\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_ph3xibc4.inf_31bf3856ad364e35_6.1.7600.16385_none_9df3f03bc8c0b681\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Windows Pop-up Blocked.wav	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-f..libraries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c065e37d0a2fe44b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehentt.resources_31bf3856ad364e35_6.1.7600.16385_en-us_fefa9ebb6be09833\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..e-ws2ifsl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_282d1900db697084\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netb57va.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6208a60b3cee8a98\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mmdeviceapi.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6a3d575c593f3ed3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Heritage\Windows User Account Control.wav	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_arcsas.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_dd4fef4d8d16d97f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-getmac_31bf3856ad364e35_6.1.7600.16385_none_67f38861bbac1910\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_remote_output.help.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_modemcsa.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_da0c6c1e86cffea2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_es-es_103af8cc43d0a688\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1e85062785e286cd9eae9c26d2c61f73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\diagnostics\system\Power\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..confg-rll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0360958b98e8711d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-powershell-exe_31bf3856ad364e35_6.1.7600.16385_none_c50af05b1be3aa2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_es-es_78190fcd3becd478\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnlx002.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b09707cd8bcb5571\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-e..ingfaults.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7662b5ee9010de8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\Shades of Blue.htm	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-medexp2.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6a8a7e29f7cf2e2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b0fb0851370c0513\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..ction-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d636c031400a8f2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wlangpui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_183b78a6c5573208\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.powershel..hicalhost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_48117ca4ed85b946\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..etoolsgui.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_e27fdf9017a0481c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rasapi.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e7972763945e2b0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-enhancedstorage-api_31bf3856ad364e35_6.1.7601.17514_none_d73638d56e089239\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\IME\imekr8\help\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Afternoon\Windows Battery Critical.wav	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ieframe.resources_31bf3856ad364e35_8.0.7600.16385_en-us_0675810f5e61560c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..tingtools.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_147ff5d716258f65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-main_31bf3856ad364e35_6.1.7601.17514_none_aa03e95c7a293434\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.wsman.management.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_5b907ba8bd882db7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-duser.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d1256a4a3c8105f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ipnat.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e2c0317b98bcf5c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_tr-tr_30c90d194f949041\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-lilyupc_31bf3856ad364e35_6.1.7600.16385_none_767d64eb7a9abcc4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-cityscape_31bf3856ad364e35_6.1.7600.16385_none_5b48f43248490503\Windows Ding.wav	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..nput-core.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a30a73446ba7803d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnsv004.inf_31bf3856ad364e35_6.1.7600.16385_none_622bdff1f27c66b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-peerdist-common_31bf3856ad364e35_6.1.7600.16385_none_c44905442a4138e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dataclen.resources_31bf3856ad364e35_6.1.7600.16385_en-us_193cafcb36ba219c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.345345	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GUSAZFMHRVMAMSG	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GUSAZFMHRVMAMSG\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7y1d3fjj3Fe8yhA.exe,0"	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GUSAZFMHRVMAMSG\shell	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GUSAZFMHRVMAMSG\shell\open	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.345345\ = "GUSAZFMHRVMAMSG"	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GUSAZFMHRVMAMSG\ = "CRYPTED!"	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GUSAZFMHRVMAMSG\DefaultIcon	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GUSAZFMHRVMAMSG\shell\open\command	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GUSAZFMHRVMAMSG\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7y1d3fjj3Fe8yhA.exe"	5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5ebfc966e272a79926a2dd78ed2d2ba0_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
10B

MD5
9b3c7082c5045b9f3d55c51062c4438a

SHA1
1b12b65532161f2101cc65935d6f244ad8daac9d

SHA256
4e0e2d35818ffc7902f4c2d1a830a460c222295a880dfed62d63612cd0f6bc96

SHA512
2eeda80b0ac829ceecae0bd1af96e0038d9e181aed406f02195e2dd461675f543f26b709e9e6d7d849ad9dd9d8ab1c6a54b79cbe4fcbc16a303cb1fc08f7b306

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
b474d3311fcd502e2527b8a6317f4d5c

SHA1
22133aa818b03ed92554532a8d812d091423a920

SHA256
94ae4ff349e43e497ec20afae32bfbb064d41bc5bd632dedb8f5df5320991159

SHA512
d26f45d1ffd40093034619cbe939d5804de69302f4a047254f9a5299b8f0f93e19589b54b74a221616a7eb62d5562b136919ba63412077f2d85f64ae39cd8814

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
b0b356dbc75bb881088befe71ceb27ad

SHA1
809df19880da7e0f19f7ff3ef50e290cc921aa4a

SHA256
7157f679eabd62d3b2cdbf58454def0cc832d00a55d6a916fd498ee541288126

SHA512
ae281ded2a46a081b4d57b06387a54763641366ebe430398eaa27651c6d85874e5e3419815ecaf278a3aa23f2350f0ac6ee57536b9133fe1d8b0ae1e787301f4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
660a4f059349e65fcd814232d55aaf17

SHA1
5fa59fcad8461aff4bfb6448d2e921b882f1fc91

SHA256
0cc8b6a2d0484d7d779fc1585550c9402eb3b9e6d33aa3032e64dacba46f3a00

SHA512
6193dc35cdb20a44a5b51428220b67852913ee1275eb82c423b0d620a62d1eda0c40f24e0dc8675caeca0e9bf64e014f198e540a6b7b367733b10a9077f6e47f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
7d7f3d20393c59fe72d482b988872cf6

SHA1
6d0b35b59752eedb0921c3ea7031bceb1b0f599f

SHA256
41b5126521003e4ed2972a9aa46a20f2def9376abb3ffcc1f061048beffd3542

SHA512
7461a0c6fbe362b731868258b63b0e622baedd1529eac43189c5f9fb7589a1c2ce2f8237745134cbba35a8ef72d8af330330275c0992eb128a32199ed74d4dec

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
f69260e7176fa928757b9d325dfb416f

SHA1
cccee0eab9d50fef43da128e25e4c9d62b4be1c1

SHA256
d5f11817af18374927773e18e31fb7908489589462f8181fc767a11bf2f57268

SHA512
16d6ab5580ddc08339ea0964daaca21a3a386ba31bb5d33cc1b70603950616a9f0106fc450f52bf8bd1beab16205fe660c174f09125caf00b7212071a6fb941d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
bf15aa57ec54792cf68fdfb478c6a0cd

SHA1
075618be01ed3f2572a0aed708b4ddeb7288bc26

SHA256
d29bed9e3c539e1a5ad42e593ce0977af3232199fa07a88181dabaa599be8888

SHA512
afbc122932852d13c102106d37020823ccbb84f5211a500d0e9b129a2b9e0f684d97a4774dbf8959d98ec0b20d27524611c66532b1d19aa094be214e61bd6069

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
5d1c9d54c986acbac524f75ddd1781f2

SHA1
d51bcb90cf3327c72917fe5178f016280f73eb21

SHA256
a3f2abab1b10bf88e54a4de4a726fd141a24cf1f98f0804f1295795646a4297e

SHA512
7d1309305aa1022132cd71d65a26c461486922a9f239f4527f65ec0dff9ecd8d307909a5efe0d0c8b3a46326f97eec125961b52d41c60bf9db1e50191d1ecb82

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
ce3f2dd48e8ed0e4cfe6dcf268f87249

SHA1
ebd0e63c7329c69aad4a801b8f98d389e8dfd86e

SHA256
85023968b0820bc007e0f962da5d51dfa3520ce5fbea33d5501693ab35490f31

SHA512
1a6c22f6d4856c96bb9179e32bf5da230679e1dbb171246a56df8418074e3b131da372f773e73881c26de283313f41b232dabe312f61440d70363ad8517aec7e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
9d91450b07b12384a0d8360cc9520437

SHA1
d98ccf2a1905ab1e69db77f8b9ed7bf07387ed2a

SHA256
ea5bbefb7e96132dede6d4fd62f04375095bed6c5d373fcfa8857b4f2ab89d62

SHA512
9f7cc5d999e5d75da3c2d822b6f38a518e7b51282918bf25827b7d045ebd5e49854d847ab8fe5a857322e908f61d5ab91a83dbb171e91e08be380e69d5ef12b3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
53bd8b35f74ff9634b4edb3007950974

SHA1
c637bd3e612fce3901adaa48418571302cf384ee

SHA256
f3c21a0e24d158884e969eb7843db8b472e0adfe312bf9d32e7cb05133dbdf92

SHA512
0a521c53955c6a799a6ac12b21ea19d7f6d8a3026d2c9cdbf32fa28c4cfdfdfe5a9b0f77f8860135b88ce4a924f8134075f50e13795721a1042a7602deb74a68

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
cbf178457476c983cc2e5af44e5636fc

SHA1
fc37b5c8457a4bac310c2ff6f61f0f8395010479

SHA256
90822474c1a7b7ec5544a3e9642934cc958315b271a5f3a2367f481b1b1a1b77

SHA512
17bbea085c26d008eea60706ba002ce4fe06e1e9e66bda724c648bd3b02d6418c07d46588955e3bc36abfdee2274979fab1817c16365044ca49aee65ef390c23

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
dc380898780f354456d55f9ea4ec7a05

SHA1
c3ef8a9e0fbb7d69768869ce2b8bdfe48dcd8ebb

SHA256
5b30f66ac72c61532f869fb8a03468bb1ea7e8756ffe710e82a849f6e9199d45

SHA512
1add3c579312516fd94fe050a5d3c98d42e81ee2163dd3a884d1dcee6a97e9e0d164dcd6f09f1b278aee2db476b42a936932cd21a236ccc9dae6e22a3534cc8a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
295491c6fac2612c578664e942b256a5

SHA1
b82253ae35e3d1f2958d42a703f3c18158fceb53

SHA256
a9c59f3777b664b52bfa460074cfcfe1553be997c8b34ce30865c6389591ee6c

SHA512
174c6032963f06f8b7b2156ea7cbecdc5e7be85724c7d994d618bc01ff22ee4a89d20efdaa5321a8ace76146233ad8b277fb2ec82560e1e5b5953911da81c3ef

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
e316eed896d1771708a76f2635b8cdfd

SHA1
121d3ef143eb6fb019eb67bbf891ad5c58bf9b4f

SHA256
bde50659014a8a8fe6826c435d8a3c2253598fc097b93b8e97e827bb9ad7a874

SHA512
f6985b4b0df6c617d89070c14a618865cb1bb11190b843ed1fb9a44750588c16cd57aa4eb91754534934abeea49cc808f3de324add1a6df5db5d1196fd2b83ba

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
07653d3b3eab7dd9b5e22d506c882a6c

SHA1
d4d0ba4b12db5cb7b861b9ccf4b9585521db2f8c

SHA256
126805f525c72f67c0f1677af7f1093c3acdafe3f5d8f47697e55cb56a832c97

SHA512
4e8f50170333c05c6ef1a3f93326eff9ab14e6adefcd473291c42c84e15eb9ebaf3e290541133c8b3ed36f0780506dc8bdb877267beb5b25d22f0cc73e47a264

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
5815d30b404237c44bbcf16dc49f6509

SHA1
b8ba1d2e99aa8dc24e51de4c11f0216d98e979a6

SHA256
840ede241692a6c35be0201ab3e20eba33b9621f703833f2a6bec9855d744372

SHA512
179bcf28879eddb84b654036a84442b3588c566dcf39705c5b542440dcc0d5dd7f8019d257b0960468b0e31a9bc217863b7861def5f76830a36f6a4a1bdf3193

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
02be18b3ba130c62b22dd049299ec996

SHA1
70c812ccf288e04454c3ec0a43c59c2e700178fc

SHA256
89160b5b1bdcfd1ab00e780c6547fd2c20b206f6bc789859b48eeb9e8f248846

SHA512
51878cf06537cb50796c7c34d6a986cea7fd70f2ad68515f4c8c132fc48d3e5ed1047dc938363c357c8dc76370c30512a450d135ab1f6e2296a176685e930573

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
d23e4b01b99cf19e17f3a3fdeb5cb656

SHA1
7e539c6228f25562515dc525dfc52df83ce6f0e0

SHA256
49c20a14cab7001ba1e7809199041063c7be373fe20765079d073b9cd244141f

SHA512
05659bd7ce55b8a071a32294569c9c0b52c5bc5ac638aa0c634abdc9d2ca589d7c7a391e5a917ae1713110e1bc8de44aa2627b475964ba5a48a61a458d160cd2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
f97925867be7a0d052847a50d178737d

SHA1
fcbe3da516abb6a7fff1c90a10622ee498f21ce0

SHA256
1b4477f46d312b582dfafa288d066eef6a1913dbaa17be062193b8f7caa6e2ca

SHA512
08eb53ceb56dfedace2c987a4acf6da49af5407df4997699ecd6df240e399c00fd9f52fa736491d5b1e0dd13a8f20b854c4659886bbe3b09e51c4b326f24d764

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
481c92056c5c90072f2cea1c8a3aa862

SHA1
d5bfa5fd881a102051efa63c8623b09afb43f7f8

SHA256
3ce161bb447a7a3e111cec854517093ce8c6bcecabb781fe2c50c45aeb7ae52b

SHA512
b76b8096d2ff46a24aaa2729b26179075c97f0ab67f3a70b17a362b0304c5f2bc2591e0255a7198f3453b0ace63d19f32edec5935adef4e0af7609c459f8a89a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
bb3af48dad698ccf716a5994485736ad

SHA1
058389d27d222026ec1e3c2ebb3e000c9daf7810

SHA256
1e81db3eb15fa76ccc8a2356b56a7d524550eb4f31c4a5b15b8c510797057a8c

SHA512
e2604df7ee65f42031880a9951fe02dab6f74da471dd5edec227896398e02bee596def149a801228167b14c1c301e582697a8b0ac22b88fb7336866b4c69e179

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
86756fd02d6dd01deb26cb84c21109a1

SHA1
45f0e87b5d4b1076d809094567e3194f5b023f4a

SHA256
01cdb63a8fa71c86dba423fb18bc589ffad2496132401d99b9e7a08c79141bdf

SHA512
5cc94033453f7fd1b6bbcf18b396db1b9b51eeef669dbadc0db5d5f0a46a98d1f0f07a6d1ccdc7eac3611c11809716d270139d2613e10671e3d711f009d27c9d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
df33279b954c8a3012174624e9ca9633

SHA1
c8d57aa42ce12ac0147092e4d0872b6ed44a68a3

SHA256
18fab42ab1a3e93c3d740be5ad4e1e67de0574dc9935899b7bd49fc4fe1ac19e

SHA512
8ca9f9be24df7b2f45527d3d8426ef7bd049813be3aaa4f8bdb3453f2e834e3e8c42242667e9cfbf19db4074e422275b979071b5052c961b877232687f9be6cb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
cb2a07eadc22559f0104732d3938c555

SHA1
82ccda979df307b6710cb2bda7de24dca96a5a56

SHA256
7c9089a8adc5cc2bc9f23a26505800ae9cbda4be9911731099bf62c9cbba1c44

SHA512
368fc599d630e53a5787dfcadfa0a75ee3b214357f55ba74581f42ca990a1c0b52e9d2d9337d3f597a27d135faec7e7322d116736106d14eb37df9274a51dde7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
9a6cdd9da352a6e7d10787dbea918d93

SHA1
07c2c1063b77664c8b4d1d248fe37ddb9bef9e4d

SHA256
2bc0faa5a86906f189c3b187ada9dde585caf00f3663aa47bf1ac22b128ff332

SHA512
5534e8a2bd0a5c64a46c675906b18ec2e7e946b33a0dd8cd8feabb8be7ffa3998f39b29707dcdd2657ba498dc5bc61bc71bcbd24bdbd884456c76c4ffa2fdb4c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
626447232f27550fd429c6279f6be280

SHA1
271aca51ec76a065ab3cbf799b83fe92f9d88eb6

SHA256
28e94be1d29494b4bc93e16f61056df889783882707669d073c6a19043d368c8

SHA512
1f0c21b24bad101ac0aa0a2b8ffaff346582e7c75d4db2fbd16391a841076b0a008b38b72092cbc4af43ae40d7f7ad79b631bd3e7f022808f74dab4cf2dafcfe

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
f3a697c868381083b34e63f8a5c00ae0

SHA1
b8d7c6235b72372d62b9a9cefcd8877d238a99b1

SHA256
78fc0ce1447a9a5c522d2ac7b26aa7577c4b8d0d7d14dfd1cf3961f9201e4309

SHA512
395f4403a0b7e0cf77e60fc1083476ad8afa3c2562001d853a6441e0e50022d77e828e5542d7767bb85bc9e8ee5d7d4a18235310c838dc35e2b8fc9935ec0c4a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
fe0454d6c4f7325f96b12f75564c4e98

SHA1
37a964c33f0c951498f265d1cbd00394d51238d3

SHA256
d28d6c5d0d63d24ad57f9e699957da912f8d5d9c6130a7cd07508ec6afac6b18

SHA512
4f064227dc40529fb45e67083984e287d778b27aa00dbb799f90dbd0c694ba0a56ce95cafdf932abbbe788670c9bbf852cd86d9523f594374a3e919d584c787a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

Filesize
3KB

MD5
18bf9bc5d65104f4ab68d818c32d8263

SHA1
0573d698668d53e083d11bcc0da8f7df1603b226

SHA256
9675a1740ba68a24b793f9569803c20a5f4f2b9dba2e53d2e3c095d1a82a5ce2

SHA512
c27dd4f081468ac9832b813e8c2af378f35744e8295a41398c30f6122345654e7d81b608b2d05b06511010c2175ff10fdd2d35236e98e44f91330490761b95a3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

Filesize
462B

MD5
6146d3de569c44e38f1d07870de91c73

SHA1
0a40ed60805c58e65422e92359efa8f502a9e9fe

SHA256
562e1f7983589d08b0691b3615a346b4c4761d5f5af3b5b29a643fc234bbdc0f

SHA512
2807b7edd5b4fbd4fd66e3536001298af41942077f3b5f78ce74e10da592d93921022d8fd603e6a008b13cf22f52dc78dba0cac265d9f71c3a748ce782d7b355

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

Filesize
264B

MD5
4d10cb64d39804ec5ad924d2a712267b

SHA1
b97835726d40a7d36117d20694b23de0a19fae42

SHA256
9b4cbef42b144c3d9a5e16a99284ee1372274920690ebbef8514879bdb5193ff

SHA512
ac9af5412f503d051f960925c1b9b78c54d6df016c5bae2484559321155bd50babdbb3f5a6a910297003b24c9b9263aef819ca5e82d74684617b4e1087d5c5f4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
2cbd0df61109047489e0d0d6a8dc9af9

SHA1
04756c08009654037abf1594fe13d70188832a06

SHA256
45f35d2092940be4a4de6b9e9080707ba35304021cf174861e00d9468d371c89

SHA512
e82df95cede0f1a7d442739bdea3e26330b30f8207ba6555d446be6e57d93a4aaf206e67700a6672292d4e5ee286e2c340fcfcd137bd5df14b28412f28b1d412

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
619d6eb0c2e5a7cf8bc69692efc792f4

SHA1
4b89f0d95c558371185b6402c5532c02bc75ced4

SHA256
c1cc9086fd04f5159d3323d76ad489702d6a18cb9db98770f99ceedaa8a24115

SHA512
84b29c952e2a3d6cd8482bcd9500f0df09e91821bdbf4b23326b95a421fca38323002ae77912f8b491d7c3d11cabc482f10efc7489a2e54fda7830ac33e8dbea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
655e9c2ab73ed4ec54658fc089f9b52e

SHA1
150a37ae1737633f8ec98a61b6cf5f1a89aea987

SHA256
001ba19cf32a61e2e8f1aa5a92dc39d04eace663cb1397ab3c26bc3a08d17685

SHA512
ca5f3c9534154c6ee52b3c2da9d91edda715d8f98e7203752858c43e5cd62728ba671376c1768483b8c88ecae0125dad8cacfbd1a93a52ca6f461cc127bd2724

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
7f3fcc5b057a0efe1043d6930a7db2a6

SHA1
37dd0bb4cbbad6eb18497d8be2a44e9717a50f76

SHA256
67c6f69dccba1aeec39300a17ab4676f850ccce1446b0a42544ce37e5b2f05c2

SHA512
bb08f86280ed5571bdba812255d0b3017c53e950dd977a106cabb679dfc1e1b34964f4ed9345319619034d72214d9dc2421810cd0ee3866f960a3d232f6f35d3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
675871b638b595fcdd8aae46b9036fe7

SHA1
d57e77f46ec37693080ecba2dbd757169c314343

SHA256
817bcf6d3c27367d6330b97c349eb223f54358cef7a1fcbd6acece0aa1ff61aa

SHA512
5174c8ca066bb5da4d724b73b3ae8d7c7ac6e7866d01781dbbe2ae51dd10609a9220bc494d43a96729f47cd1e568e9ee4d2660c009b1e1aedda1777c45718632

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

Filesize
26KB

MD5
0d8c8aaabe94d6d70c0d4d652afec28e

SHA1
05006bbea60e2963dc545ba3e892d54cc0a7fc8f

SHA256
116778209a43404bc5a1c08b848293c3c6e1eb9cd5dc09c8953742e0461deca7

SHA512
7c73f639ed92498a5ad9a8047b5c8c4947268cf4d1a58d93acf5eb011b1960ce70da94f3dc4f97be3fecae6ade026ab5f5ce13b3f946a5a9d98efa04676143de

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
a33d1e457e62fee31d3e471a8dbe9e9c

SHA1
5c12356d4465c7fed4804b48587e75ae95ae7e20

SHA256
cd34a1ebb15b4bae8365d1fb4515e07bd64e94e9d4648dc5aa343977267f33ef

SHA512
0020a160741593a32aedd620b46a4a80d547ad4f13326d8052a822e634531322debcd91cdc04949f49af1ba4b79c00fa0b60b31f333676ce92fc291cd75e3b97

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
89bd84e268d55913061c9e37ea8e4251

SHA1
d6d74fbfd4909f7d0ab61b1afcec48af5da88b69

SHA256
5de7025967c511232d6d39d990f6fbbf9b77bc097d774cea7192cfd4bdcc083e

SHA512
f94d9888c9ce3e59219cc0fc0e2938d0d1aaf2e57a31222f10a154d0959d2a115f066426acb6857f830fd05039fd259daad7c61913b15781d1819e0de2f11aff

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
090682e191566c85cbabb8e28dced6d5

SHA1
cbdf5caeeb95e8e8d1efd354cf438cc4fa608bf9

SHA256
e5fee40520ce3ceb43df647c2d6043dfb4bec4ee53d31b05d1ccb3cab34cc592

SHA512
676da227bb360a0583c54583bf426b8a8cff61bc5f68081859782da0486dde97ee33aaf256f0991da90958cd7fe015155fea12db3822b04ac1d7ef465342ea29

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
8b3fb1a3a625acf992571e23b23201a4

SHA1
1a2ff3b9d4cb6294515a3193bf3cb54a497cdf2e

SHA256
3546fbc8ce1c67cc123ee8626e0c874b0f251f17ce13bcc709b662cb04f88b24

SHA512
97ef000c2a4489c50c5562be641c84511931ebdf0c0e43c3a58cc8108ebc692447acb1501218e4016c2730f47f11583928fdd88018a9a0c0e8a8d497c87161d4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
11679b5e1ad330b61bfa65cb0f9397c4

SHA1
21cc2e39a3141cb1ab0ff1cb02b403765585f7d4

SHA256
043ed2bc5734b9603d0bb5d76f5548e8ba2f7e623a66d2ab19cf45dbfd9bac36

SHA512
c77776dd986172514f5ae21847079d7f58153cbcc68cbc393583c802428f1359390465a997c07f1cb0cc38f8e762cf36dd58d373579ebbbf4693ce072ae1ddc3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
c69dcf7ba6a35906ca6242b1f7a29b3e

SHA1
e20921f6f746fc78648193ab6507ce267d98b150

SHA256
a761aa015d79d24278504b71f5100289c24c4f26cdddd6e916ef06510030745a

SHA512
08306a8a739246343a998c793aaa8c397dda489ea3a9c5e5e1ab67f21a3219466da6e765b29ea0776cb308c285ac98c962aeadfe00f8a449a029f0a898bfdda6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
15d2fde37ba5d9c6348e28638fe1e419

SHA1
ac9db394ca504221e4f5d4f639f8c84afe53bb00

SHA256
0747eda97df66200914ee44d72c2e2fae18aab5365c4deb32f42f50ac45ae5e2

SHA512
5195e935967d082d823b618af8f8984faa85934cd8982702326492412091ea3085d6a7a5b09f4484220e638bfdc5a619d20cc3ac3b44f367d45c6c849eac9175

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
d1f05052b41f52cbd5c398ec1bee1747

SHA1
2d8153181320f20ef81f64d37fc470088a03c3bb

SHA256
83616b002df62000608eb39feb377806c342af7a12a8f4059cec1448b367a4e3

SHA512
3f40b2e9ca47ce7f0c5202343895cc358a23c8dd22b081e59de7f2ec241e9a9c0ae06b83728ebdebd0a67feab20f5861a589133b88f714db570b0322ef4127b8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
ca140a8fec6d14eb34a7683051fe5024

SHA1
d8049d31d9ce132fb9268a56ed6956684d4dd213

SHA256
06f84ab7e59c57479e0130538d8db8c4c4320fd31893ea09065a0d9f3c8e271f

SHA512
2864fa0afead7521138f7724dd67d76171a319626f151913063a190c559471e8bb301591449aeca9b058befaf17aeefc9562ca622e8669ef5e2551db93894e1c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
9a6fca7c27a8b451bc9d0769d29b7cfb

SHA1
99666ba3d8db1f089ee60f34c5ed65fa4c135dfe

SHA256
63476b5d2da16ea8b30b6529e88b94aa2174d8e8da794d36fc1fd3d2d6fcae27

SHA512
89984a6dad817674fac1b3a0d96eff604166fdb71ab564237a3825689a6db28cd3251cd2ffc11ffb280e3bc88cfac66d7d06858eedc63e58418c3d839572019e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
7c78fd19d4c3707398a2288937f5706e

SHA1
0c3ee091b742d14db3401976df83ecabb12bccc1

SHA256
c21df24d2edf20e16e70ef358fdee83b4726e2fc157f637d3862c6989c717f11

SHA512
831162889ba15930f501c9ca936fb726168ca1375e9bfc38a986552cdc93035ff4fb77c11ecdd5c9fce98b75e233c3edabd5cac66226cbc1a04f4f25bf64cfd4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
7d42b450b6155607d668690edc2f5e19

SHA1
b50e3705c2f51bda142ac13f2414be84f5811a7d

SHA256
5e493bd4279ec9fba4b52ac63b882b1632e623fae653becdbc514c269c636697

SHA512
549c5d302191cbd1a6e6ec22dc431c3d147b807b52bb764f6cb8f567e174bad3fc73324931b6ba25ec9fb5617ab686f319064b0dcb9aefbc30d44958f5b71987

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
dc6e7d972f68dc9ebef29e42bd132682

SHA1
5dccfb7a3effc7d70947e2fd43e38cd2b5833efd

SHA256
9f73e3053283798474cad8f3d2e28601c4bfa47a4277a314e6eb88ccb7331b4b

SHA512
81a83d9249b7e9a6881aa5288caefaa13028a88695d0031d749e0c253810f9bdf792938d0e1311e2e50f19003fb4ee0ce778e861045349b1204cf72c14be7d56

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
1a3e42d7626ac8009517b13059100259

SHA1
4176fa8c0c510e901c99803f807f505a2c14e783

SHA256
2911145a447961c38a29e0172950212e88234123469848c2a20ffccc3f661436

SHA512
4cf4a4e552bd50d7e135461c11e29cc6d12f939f336138d764f02ee699122a0ce9735fcb7f6e82869d4c33aa5d9eb7897704f93660816fddc31ea74191d29205

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
a0f6c7ef6e61222426714a2fccebb1a3

SHA1
fabcea1d7b17913a407d159b4c643a7d5982bf45

SHA256
32d076535eda6028059f996b89e8fb4f174fe9ae333c004b071b420d1bb75729

SHA512
ff524852145cac4f0fae8daa964ca08ae606e13790d7c54cc2f2e4a656a05479db9dbaba785322a9f6b00551cb133439844ce888c08a508674da126cc4bc5ca0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif.345345

Filesize
848B

MD5
4ce83ee6f75f6cbbb242f36d3e8f8f42

SHA1
0688b1f21706f41807f36fc19958ac2c9e220d37

SHA256
37a62fdfaceaf4c356eace69cfaa6856ddc35f1cd4a72bb922c1e92ba29fad09

SHA512
15f97ec9c83d5d5ef1033cf696cfd38f362157a56b76935a804405a3e8f38c9f2afed4ac7102634cd98a56b08f2e992616eb82d0b1555a8c565603cb9db6a838

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
950d6c7e977c85fa5fc495c16ca6434e

SHA1
302ed40c32588870af6aab1b99ac37793b6ecb3f

SHA256
e49fa5dc9cbd180bae071766f6908fa1ce6f5bc0c8ec23636522f62eb50ebe93

SHA512
bfe4bb8acd623680d62b14b922938524c7c1b7343b45d964bd3cb921782b90d44a88a2b52e1e1633673682d549f609f910cca0537da718cc6e399066dd373ca7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
e0d17de5f9b1e2c9fa75d24153874874

SHA1
08a4ae408948705b34657d687be41967747351c5

SHA256
4f40130a1180c615ad80b9da442cfcf04204b6f259e200bf39213e52f7c0d9e5

SHA512
d9562c654e780571842907c2339d4282c45c25a7abda58a433b7db847b9f16f2fe78edb439c893d9e74c49b1e34e3739ec91eb2a4323eb0ea29b605550fd8d2a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
6cf04af39dcd798743280c4ba73531a9

SHA1
c5e3f3d0bff8fec19b7ae6c4b44f67507ffdf857

SHA256
829f47c43eac808426122a65ef42cbb72ce60761d37ff317000d9726410ca989

SHA512
e6b4e7be439c727dd90b51ef0b35c5d469e83a49d399dd8b29482cc904045b47c93872e5c076a512a7f75bdf86f55bd51d513191d908565309b76dc2a8a10d84

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
0f121f89e0cfea3d044e4dafa02f6637

SHA1
56375064564df7c6e158d4834543ff5b7def9e4a

SHA256
28e86aefc18c8f82700e0e81cc5bd88d69b9772b5ab78b7d887675f1c86f56aa

SHA512
55be66fdc27ff15dcabff4c5b49e3e90cbbff6d5a0c6fe2a8a96cdf3d30f0d4ab0a8d54fda2662bac9c0db7bceffdcfc496660cb2ae42c5eaffedae1107b8805

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
70a5d164c61b6ec01fcddbafc58e609c

SHA1
f694574548a9775861e697516b517f2a786e9f9a

SHA256
3b111842ee33e12d0587a59e7054eddb8bf593398a57deab03a75b4632ef406f

SHA512
0f1b7cacbf4014283b33ee53f5a249d91ec1c494bec4d5f1407ac1109a83523c0135977312fb90af68b3a97152b2d212d8e9ff1053704646a409f1e8746c904d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
f195ebb0d658d212542e6f4534a05415

SHA1
3483ee5c55382fb0c3a4dfc62325f670d3e52a05

SHA256
f6844356caee17adf53599b76033cb4ecbaf4826c8957d7b726bbc132a836db5

SHA512
fc18160e42565edf2e2768e531f3e1cd63a262fe162e2a23caa8666f3e10481cb034d2b7b4abf6a4331351c08d22e8d24209775ef209378a3c2545b91765f914

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
edfb0ed2310790080fd3009024fe5dc0

SHA1
8301af0de522c075a38ebf718bc470c4ea99d394

SHA256
b8fd8a9110a5e13ae0e54bc0c9f2fb23d41c9a1577adbc8707f3148e304c55a2

SHA512
8e1f414a6539900513abc5778fa04de187e2b32bb1d5c97081843c710839805bc3093fc10286a55f8f0039c0ad6c816ad995ce07a62706d7119c5beea1f28c88

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
02f3f26764e33aaadc910bbc1bf9047a

SHA1
564f85ac222a60dd4f0a4ab57aae9a3828d4a2fd

SHA256
aab6a568a776185bcabb15558456b5d839ebf7f6f9185d66987cf2bc9073ccc8

SHA512
949b85951002052d9ea0845999fc322491822ee78fd084e106a1900a96679fbe8495c5fc93f2b3d331bf7a7edb06361f509e1ab0611d58e628b20a1401615b49

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
b09fbb28e48c19a939abd494e4bbbdfa

SHA1
0ad267a01610be3b3c80234e3b4c04be13257184

SHA256
7ca239c9c9db9f2c26de20d190224970bc009cb37c70afd2aa94afa867a06b4e

SHA512
0e39598e970c574a4e6e9266a3b403dd10b94c89f5b4bac563cb4c9433da09fd9189a1f7049bf6b640909765a5fd208349890c4eadb850a4d31543b34f1cdf26

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
afb027e4a89623e4a395692d82f82f1f

SHA1
0708927ae53d6c28530e1d59f40ca3d87426be63

SHA256
88fdd0e98a095437ea3b1182b737073b0585fe96c3b5c52d4ffc27cf5ab63e03

SHA512
7aba36addc2ff14bfafd0f3a8e2bc76b79cb8259b0769d9b5631a52113dfc3e3724966f7a1576ef40688af569eaa8983458ac0a5b90678a041a8563ba4d0f15c

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
917f5116968975aac65c3e60762b41e3

SHA1
95a06ebe9943a31290565d37eb8d1e124906e490

SHA256
03615468a152fa06495a1aed9c95a4a902a882648715fbb517f9e8666596f01f

SHA512
6a3caf642ac67a00b92cacedea5d63f0ae0ec388a5ab4fb1074d37e121cdc6924445db65f50831082b796a5765b002bb534294abf89f2521c331616c24f76218

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
851e25dba6274063eebd44fe0a3aa21d

SHA1
55467345d0378753dad1750d2e12bf2a8bf59211

SHA256
34be8f20dd8e1f61f607208aff270c839b883463c2a8b88f5dc0b21759ad0913

SHA512
5d1386553b4db7a11ed0612a8c7f971a3935757abefa16cce3e7364bf90b319262caeb7982da5535eaf2b871d6b6327a1e4c72a0ea56dbdceffedb28a0a63281

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
7dabbae9e1917d3932f885bf1c32c8d3

SHA1
2e11372f1d554ac0f6e950b934c3d9c28f703e1e

SHA256
cf9588f71cf495254ec754f54304685b33f971a37c7df0b70984e15f3c4f4a34

SHA512
80224b136479e8094b4ad0b5ac00b56f70edff993911719aa7e228c7f1a3c571cd6970840d98ac255371471e0ba33152e8983d9870f463c5e5c9fffac80be358

Download Submit
C:\Users\Admin\Documents\CompressSet.xlsx

Filesize
14KB

MD5
cffd21a196c5af9e3c68cae2f068f383

SHA1
6c567bd63c87a6f64ecbe6bf51f2e3b40cab9d82

SHA256
7d7cfd5e6657f4050fd3e6ff5d6d1a6e703f650433abf849c49d77458b6c7046

SHA512
df59ee1ea25930eab8a4e932d5ff50d3f21b4f9817bb0dd882cb2d9ee3e3cc99fd7e65edc334d11fed7bb77a669ec0eb90a500cd8fe4424f1ded8e79e174ed44

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
92322837ed3ba164411f35a6b91b2733

SHA1
eec0838aae8da2fe16d617e2f5b9ae2ae6fd1042

SHA256
2137488dfc9baaf94d6963354e74f7f7b977a23df9d545b5aad962250cd6e87e

SHA512
08b8b80ed5162a92f2a46618fbe4511cc88fde74d177a36b4acab2ebd2a24b53a5a834d330f9c6bfcd2f475048356c16a0b72a4d535a38abefd10aa5aed91d64

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
1cfe2093b9bd1dae05f9b51f2cd907ea

SHA1
f9f411d96e1ca9a3dae63fd98a8df3c35c64836e

SHA256
bd9d8419dbc006793ab5fcbc045d996d80e3f66d5c03ef21cc366d19903fe1b7

SHA512
51ab9daa38d55aa756b006406072ce2c5f07acf8983bad1ad2973ded859684b2bd71af50af988eab4e7ff2e17be4052789802888872ea8dbe47799e7b940fb0c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
eb96a1e09da55f28c8a4a75133394e74

SHA1
b0c380e122602fb7d9c92633a24855129758de17

SHA256
28d7d4aa23b2c452c7217f8451b418573ce803208832ae70a23e38b789250ae3

SHA512
c26e2f2f02aa163158252576bafef89ecd0667948b6a2fda9c9f57cf1258255647ab99a4cdce46e89a097a944ddbbfd68df8d24f3633b07cbde773ac3ace51b9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
46aea27d9ad75afa7bf9bb90e0eb47a6

SHA1
5402231c64aa7662efd5be93a4346fb31812a33b

SHA256
43d24803a4512cad8bc34ac0ce86b9e5759ff119ef177d2af4b1fcb870ebf458

SHA512
aa9f24108f7295345d4014e53918a9653eeb4da41d089dbb8c6a522a8a9f9b270440437639e684ed4f858563baa9397dde283510bfdaa6e0b98bfcac13b5057d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
be7d0d74828bae3187027155199a30fb

SHA1
a24447a9aadf3ff6ae6c8308b57d68e548a88620

SHA256
034fb50058a49b77982c5ac9f2cd9f6bbfe760bd74ce0c5f86a76b34449ee2bb

SHA512
513c953f9875eb7f4cac20868faa033436f8afac8afe46a897181a0d77745762d200e9f8dd2b5b3b0d482c4643751888550f84cc51e93f1cfa91bfcfcfe69b79

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
d461df3b430f1e08b9142c316f9453b4

SHA1
da5b3a26068e5faf0e7be435b12d371afb042563

SHA256
5b923e200bf07c5040e065bd129096844ac60e55e046998b53450417f85e8348

SHA512
5261a1c91482d08ae19884b22ac5441bb4fa54ac9ec7a0e44239862931afc7130042e0e0031df7dc0e941a9a3fa5bf1aadf0c30ba2e7a93868ed33382d51e590

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
ecbce2a1906dfbb2ab855be5bad964ff

SHA1
9341619d53c99f265d16509afea46370fb724613

SHA256
0f349f5921f8db8f867d85fa8bbf92f6594c0eab0b50ab2c54c82868b0b515b4

SHA512
756660cd7b5dfff22ca65d77bcbcd15ed79ce75fe24d5efb12f4293b462e0521863ba3ac820e98f4b9129f4dfe3d79fed37cf4a9b680282406be02ef397d200b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
6cd5199e0a59ede05bffed012ceba5b1

SHA1
a85a63b98046d0907999a2735228bab49e21b024

SHA256
d2a3907754c72e22e1b27e900cb4cbe47c405d38781e561f7f26d92865950fa8

SHA512
2a6b2648e67a24ee2ad2c0a9f071b460cf3fb9a8705cb64c02f2c1dbe139ae8e5d30b3c290655692bd341cbc697a1dd7a3d4fc3081bb9dfa96e1a3fe67d28027

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
5f37e2a0ef382a83cedb0cf2ad03a91c

SHA1
642fb252678ac77b44b071322069d148c6731d79

SHA256
3200a89d5ba37721850bde7e2bb3073ea9b8bccc80ed0500af25fc7b156933c0

SHA512
f1c9160a1636022a5248b14bc7641ac932266cefd7e4505759a6de177677521d20c0c87550bd707eb806f9420ccbf42e69860c29d4686131ee121ddca03c3aba

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
5a7854f2b981aef28da5432c8bb6b6b5

SHA1
e0b914ef3a7c55a433e83e64df39dbffcbc2900c

SHA256
8a9f0efd99c587b18097cf40115b8a0d284af97e155d59327a50793ac77b0f26

SHA512
02fdb76bf99ddd4ce5aac21b8b4a20a6d019efd0cdbc1808c09a441f99b81c26dfc3c64099639c4c65ccb79fa38919d439374c9b80b90828ac0a53af1f836dad

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
2f68b245538184d942e5d99e307d7385

SHA1
d12597d2af73c09a892d3394560087c3b51a198c

SHA256
1a84d36c9794d4010ca8528568314b8152b2b5127995a01f9e65355b896331e9

SHA512
b871a39bc1c9250058a3194933d39faa29f1df770240ed731e0871b3ee9abacfc9d9443c763a0257839c18597fec7c4d8c3e66c63279f855acb839d60aada4d1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
1084a654b08fe81cd8336a34f3948627

SHA1
db31bde0346f1952678213fe38ca2735f07068bb

SHA256
d6f6cc9cac408ef9ba9188aff917cda40dcfcbd73d9fa1035e8c73f6be5473d4

SHA512
49d7b802042de12fa60c6289db0692f6dc1ffd4d85b5704e316b283fc02b5cc0b70fa804ac88d068b5e6025bbc0bb8666bc62880974ba44109ac31c9ba91700a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
5cbffd8fdb19021cf42ebd09c0cb6f3c

SHA1
b8c50519df8e515afc9fd30cf740509e84edc3e7

SHA256
876adcf9765c933bab9238dff8b118e2d754b51d13732664636a866297af8929

SHA512
e9c9b83e27d3d5923f0ed2796bdc1ff499493aa84fa5b55f099f7227ba0cee7012b449eabdad61d9cb5b46560b0bc87706a36559934f35045ed9bc7af8292d7a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
10785d58f2e87df4525de0f6516bb22d

SHA1
4b6a521d46dc611002d7f5dd50bd8a0d4a15dce9

SHA256
56be9e9c4fbeff24d67b1cf6f20bc25c5b63ac51e5d3b1f5878b1476e03c679c

SHA512
cef7f782b000aba9aad3802ef2d3926cf654cd01f87432e2b1fed0653dac734918be2c2cc4a55eb6899af5f20348e8e8d4314ed449a41ab4379fd56475dd585e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
216f608341e2ad9c9a4c783e6131e3fa

SHA1
17de8668f7e78fc55abb48d9138d50e41251fe9d

SHA256
49e3a4391f97a86d153822a66129410041c71223544d7a5adb33813a89b637ca

SHA512
3a01bcf7a83dee94f642a1fcd26856077bc853c12d0306b70f878f78558903c6b2733d0ea1e21a121d93d09d5dd7939a328c130e2197d9becc5ea39746cd4d0b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
2218e4b58f176b57831aabe465c0132b

SHA1
17e2595ae6efca3a5fdf27bb2aa0f40d7cb3f48b

SHA256
ad77aa3d27c9d97d3b5f6d4a07ecd3ad6b60bc996c02e406d55110973f993174

SHA512
5b525acd8aca5e38bc185de2ae03baed7570cdf25eedc9b6221c6aa0b8959586ec7e4ed471a7b36fa1bfd6cbd31d10fb4fd506c97952f369d9e5813906cb2092

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
89319091f516c670c20f207963bca116

SHA1
bcabf58d641ad746273421c3de0c256e4118d804

SHA256
550b945493cc1bdd4fd56e5cc21fdf85f2b1e72faea6facc068d42d02122009d

SHA512
b9decca02ed404d4acd212d72a2a93901714afcb728f1e61e0a32f271d85d056805c62493306f08c1a7eabd606132b79e20e704b910288ec428c42b2bdb210f1

Download Submit
C:\vcredist2010_x86.log.html

Filesize
81KB

MD5
52b7be084fd7e72483c7523ce2f9fd47

SHA1
253c55a9b8ced1336b87aed5067cf6ab7ac1f519

SHA256
4a325effe661091e72059b8eb14e30833d7fe2c4d53a4807004e268f64a78e05

SHA512
dc362b3ccbc3e3a68ceb6433a1b86324d9774a5d5e6f5bd06ab9891e5234656a71d69c261d0efdf35120a07fef01741a9a37b4c5df86b874b803ef64a4bf134b

Download Submit