72f9ab0e73104cb19a765b7055ba58e74995faa36ed24bd7c30db9ec568a8eca

Analysis

max time kernel
100s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
30-10-2024 00:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
Size

12KB
MD5

7d3489a0ee9216a6b4ac6c573bef5d23
SHA1

23988ae6ab99186a74119ad2ef401af506b7cb64
SHA256

72f9ab0e73104cb19a765b7055ba58e74995faa36ed24bd7c30db9ec568a8eca
SHA512

27b4397f5af6f7ca3c8e8267c044feaf965ba7d5faff433dc3652fbf47c6c170d6debbeef4015b96d3affaa2df8b3de37ffda1e35118a639393d702018e49001
SSDEEP

192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMFUUgN:eebFNw4Pk1itKkpAjjI2YpdmFUU

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2153) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fTqCFLk0Xrax5iE.exe"	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_properties.help.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnin002.inf_amd64_neutral_977d40799168c216\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnts002.inf_amd64_neutral_ad2aa922aa11af2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\000a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_types.ps1xml.help.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nettun.inf_amd64_neutral_bd24fb174fabec97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_objects.help.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_type_operators.help.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_methods.help.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hpsamd.inf_amd64_neutral_84ae149ecc9f8033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnkm004.inf_amd64_neutral_d2aee42dc9c393ea\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_type_operators.help.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr008.inf_amd64_neutral_2cedaac353c381da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_WS-Management_Cmdlets.help.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\zh-HK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_requirements.help.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmega.inf_amd64_neutral_f9c441ed24f00358\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx004.inf_amd64_neutral_2cf95f307381e481\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\adp94xx.inf_amd64_neutral_4928c8870f6a1577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Ref.help.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ipmidrv.inf_amd64_neutral_1cb648411f252d13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mpio.inf_amd64_neutral_0c74c0f95001b61c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\AppInstalled.gif	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Programs.gif	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_arrays.help.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wave.inf_amd64_neutral_7a0a0b166f55e1aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Parsing.help.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Reserved_Words.help.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Unimodem-Config\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_troubleshooting.help.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_advanced_parameters.help.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmirmdm.inf_amd64_neutral_fadec14b0a37b637\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttp.inf_amd64_neutral_18b899bdc8a755fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_aliases.help.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Command_Syntax.help.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_FAQ.help.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mstape.inf_amd64_neutral_c2bb3ef1c45cd5a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnnr003.inf_amd64_neutral_c07c33bfb5764bdb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\spp\tokens\pkeyconfig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_neutral_f77725472d91b1d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_neutral_f8bdd2cbac28a8fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiaca00d.inf_amd64_neutral_2c3623fa97b0c28e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

Processes:

7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01235U.BMP	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\TAB_ON.GIF	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\clock.html	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_down.png	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\calendar.html	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143754.GIF	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02073_.GIF	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_disabled.png	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21519_.GIF	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactHigh.jpg	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\trash.gif	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10308_.GIF	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01296_.GIF	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\4.png	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382960.JPG	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR33F.GIF	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14578_.GIF	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR44B.GIF	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down_BIDI.png	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115841.GIF	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\drag.png	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_hail.png	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Esl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02028K.JPG	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01745_.GIF	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\header.gif	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145707.JPG	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099156.JPG	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ZoomIconsMask.bmp	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\1px.gif	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous.png	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\row_over.png	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00516L.GIF	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..onservice.resources_31bf3856ad364e35_6.1.7600.16385_it-it_804746ef4a2c09a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..rolviewer.resources_31bf3856ad364e35_8.0.7600.16385_es-es_bcd01323951a79cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-remotesp_31bf3856ad364e35_6.1.7600.16385_none_aefa4fc5b836c200\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-irprops.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8e58d3c57286eec6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\inf\.NET CLR Networking 4.0.0.0\0014\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-utilman.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ea7e5bad59dd9f72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\5857dbc9f0d3cb3364728ec72497ece9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-ntdll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cea9abf2aa5aade0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b\usertile32.bmp	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ffc0b7eb29dfbb61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..epremiumn.resources_31bf3856ad364e35_6.1.7601.17514_es-es_6bb9b334fc977631\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.workflowservices.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9bd578afd031f835\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_logical_operators.help.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-shdocvw.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c63a861166e5ad51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wpdcomp.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2ca950a644fd00ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\b4c60dd01be760ee0452df2c040de8fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..p-service.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_51042fffb23762a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_ntprint.inf_31bf3856ad364e35_6.1.7601.17514_none_9926a270d1526b79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnky006.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_79cfb2879b6148ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-a..xtensions.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_052cbec07ddb0da7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-compact.resources_31bf3856ad364e35_6.1.7600.16385_en-us_cd993ca7dc92d5bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_hidbth.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_28b108408ceeabcb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.servicemodel.install_b77a5c561934e089_6.1.7601.17514_none_3ffe90b8f3817748\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_it-it_952b5672749e9ea2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..e-upgrade.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0203c8fb46325492\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ntfs.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e32a01076adf4ec2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mdmpin.inf_31bf3856ad364e35_6.1.7600.16385_none_cd27d545ef083ea5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..-security.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4e0c2004a5e71cbd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ncdprop_31bf3856ad364e35_6.1.7600.16385_none_afaaadda29b44241\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..ls-setspn.resources_31bf3856ad364e35_6.1.7600.16385_de-de_04c41f3178dd819d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_tr-tr_f07b8147571c2a02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-mscorsec_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_9e8b6c6f9c9684f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-v..ure-filter-tvanalog_31bf3856ad364e35_6.1.7601.17514_none_cbbb4f7d8270f34a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7601.17514_es-es_50ae722cc54a7480\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..nputpanel.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_fb8cbdeda98b1fcb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..helibrary.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2ec5b41c143dbbae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7601.17514_none_61acd141e5332baf\wmpnss_bw48.bmp	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..kstvtuner.resources_31bf3856ad364e35_6.1.7600.16385_de-de_474bc9b5d8f5d0e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mydocs.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_df522a4ba5f37da0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\Boot\PCAT\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..presenter.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e337b625fbb72d45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_262c41f9b117d789\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-o..sc-wizard.resources_31bf3856ad364e35_6.1.7600.16385_en-us_102a16b698e56faf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..p-support.resources_31bf3856ad364e35_8.0.7600.16385_it-it_464c91d7f43a97e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_remote_jobs.help.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-keymgr_31bf3856ad364e35_6.1.7600.16385_none_1035859c6656c89a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rdbss_31bf3856ad364e35_6.1.7601.17514_none_b7fadd3b7808f9d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-runas.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0dc7f90218cfa125\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287\WindowsMovieMaker.bmp	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-a..ecore-acm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_598541b265502297\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked_black_moon-waxing-gibbous_partly-cloudy.png	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..emassessmenttoolapi_31bf3856ad364e35_6.1.7601.17514_none_e5a5cc0555dc7cd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-packager.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e3d21ff3a370cdab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..eprovider.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bf0e3c342a8bac06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..gbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_779c465a67fcea75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_pipelines.help.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_zh-tw_c622c1b2dbc95119\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ment-core.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1193667222b66c3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..extension.resources_31bf3856ad364e35_6.1.7600.16385_it-it_caf590e8abafa3cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ng-wizard.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_384cc2fe31d2a153\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.yap	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EKFBOVDFXZWGXKI	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EKFBOVDFXZWGXKI\DefaultIcon	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EKFBOVDFXZWGXKI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fTqCFLk0Xrax5iE.exe,0"	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EKFBOVDFXZWGXKI\shell\open\command	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EKFBOVDFXZWGXKI\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fTqCFLk0Xrax5iE.exe"	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.yap\ = "EKFBOVDFXZWGXKI"	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EKFBOVDFXZWGXKI\ = "CRYPTED!"	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EKFBOVDFXZWGXKI\shell	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EKFBOVDFXZWGXKI\shell\open	7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7d3489a0ee9216a6b4ac6c573bef5d23_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
274B

MD5
571bb4177764f11f766b6afa4bd8c2e4

SHA1
0a5fa41c8b31b7d19f7be76785bf0548b02b9300

SHA256
c52186e0dffe609654f6628d592cba8889a7f10d493226eb2ba21f655b5b4409

SHA512
bc7b9e17bd8839637ca981943afdb68a8cb811d840f9846f80da299b61f3aa265bde16f668df98579bf7f252e91a9b647448691b34355b5a092f60a6399a943f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
fc9f2c0e46683bf421af88c17a6f2a07

SHA1
f87d09813591eda1eb71231e01c567a708d88995

SHA256
64f04cd621435d1c1dc912d8c891651e95ed81de54ff22e6b20cb93e8dbdc3cc

SHA512
d93d0edde083cffeac8fae4922722e750b54d7330ddd7cd669df8454ff10b0d6fd3de25da1065cc3562913c1e92296b359d559a48a389c2fd1010e56a404af7e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
d36a8e5246f8e4a5830096b0a733139f

SHA1
ccb03b42dd1c4e5a4e3f00f898abe61e57b8337e

SHA256
ec222a9d733ee725bb2c24ec02ab50004d4cc1e62ef04702c9c307f03f6a0cf9

SHA512
594b78e02a7f706d413aa3d70cdabf78dccecce6e01617279031e05258a96ae12800a6b778945adfbe1b695c44d917dd11384d9aba6166861b3f6210209cae13

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
feac6b074d731d53d99c982fcac1a83f

SHA1
1d63dce28d2e8748c237d785f8e1a9378caef6f5

SHA256
754a6d86b007208f893e3f455aadfbd56cd066eda4b0d5950d1711b2df6cbffa

SHA512
65b973dd341a9420c87f021f3cea0685a2b5d2a84d7736b83758869a37e97622524e0c221e6383b563b34e60835df127890c19aa50bb2ed1149d07ef13701123

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
52b6fb413da10989991d2be5556162c7

SHA1
aee624e7334e1e5b69d2904b3dccc99e3b508990

SHA256
d2f949db9e8e674f749d49edbf62ed89b7ef8a321c249f13eb7d0731b27f5f3b

SHA512
b5caca99f6c92bf39b9748b9538de293618291b7a1ce977d591a2739551956dfb8d2bd836b359e4113c044ee43360693144d06ea05bf130aeb1a3dee6e34d079

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
1ca92df70b72729c28ba51d167986629

SHA1
8940990cc7de9185f4ca4a90b881b19ff4b326d8

SHA256
48daf98b3e0162a9a62886652ff37519638a319164477de8204fcb11b9db6d17

SHA512
65a8ad88cd0d32d423331c2e79ccfc64cb7cdd3967a8ae8b47a0d05afbc87c60c908b4677fcb51c87ab86b068562ba2eb083dd2fc051290d15caa9efa11a2253

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
07ac03689b106a1f2998246082b832d6

SHA1
08eb488bbe5c40cd75e4534f042c4e86e4f430f1

SHA256
797a18b986427db371d33164879f879d78752a1dab7bfef7c00c005600605264

SHA512
8684fa3b776d3dddfaed78d1d074361e90bea5a263e82970e4949f398e2839b6fd38e763064eb7aa71b45c6a5b4d7a734ec65b720f191c8e84bee613a7f958d9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
a3223719c9cc83200a357754ae6c0840

SHA1
bb5a75292a3e7c2104f18247df57e2a5b36aba89

SHA256
6d20c9b80b4c0b7dccadcc07713528ebff5152437402b12928218c1b9fa69a07

SHA512
c776dda754190249c382773e8e6b5d6d2a57d1eecc1812cd5fb7f68239bcff65185f5faa779c92fb1bec77224f07cf4920d5235cd830045e8f1ab7b6b3169fb4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
7d780495f853a8528993c73103a7e093

SHA1
b5c725f7ccec10ed45b6d3a121f45151889dfeb7

SHA256
6ac1481bab7ef2901de1c5263fc8053530ec929961668eeb1feba2cc7f9716dd

SHA512
8033c08ed17e65a5bd532e66029c04b658da16d6f314d1b29025a30c0bb03ebf9396c420257aeed38d1fe09ca91673d445ec2b932ab5f99b4cc3ab86e6a4faa4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
5888ceb175439801e11fa2efa0a72042

SHA1
4ab02616ba90cd00c888da337b4d98d157ca8918

SHA256
a48348d09188f358fe691578f0befe41076c897b0bb238e0dcce87b8cc9f4812

SHA512
2614fdaf8629cc5959891100a7e3bad1c30f9ab087918ae370718eb033ae34a2c4eb1033d83d8e1c836c9aa7c699d5081e3474f7c3a97e16d6f3a69d3bad1ce3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
0b327ba671c9daddb01b4b0e2baae9cc

SHA1
2ce8f12e99f45e054efb9c87598770e4c14aad27

SHA256
309e6f7ece606e604fac4eb8c43f8db20ca2fb48abcf5ea1a0bc26bac2cc426e

SHA512
09ab03fe5046b598dc1f8304cf0d9590dc1f458039ea827ebfd3e9395da9307d310ff06029704a7988141ecc71f372d10b64ec60a5a76a71638e78de406f5784

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
215969b357192912052dc5b5a0afb629

SHA1
31911ead75cbe7e68357ad321d2a4ba392cbe172

SHA256
b1bcc9e391b12d4c5ebd8a9d9297fd0f337c5cc66a4266b865afe25a8d384f4f

SHA512
d9015987f5ecda41f7aa2e050323b286b6712f467ed456f8f5e8aa16d070bb6a3f2eb5548cf34239a7643a89934a6dcdf7fae0a36dae41a0a15aaaa072187e26

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
d26d0d8d1c55fbf85aec84627c1f22c0

SHA1
30f3813d2e3e4841c67703ee5d2b1dded7494bdc

SHA256
d89d9452ab600b35c1ded4b6d8fa8aa2cea042ea5756f471c899700e6f0fa4ef

SHA512
628ba6a3f47038fb2b283731be82355acbe41281e65dfb247520e8a33ed8ef793af5ca0aebba2cf386c6ab612e245f0710b255985edf1c21d56be86bd326d03e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
c3eb5278f61e4f4d68e513a759ef698e

SHA1
f528a346b29ca6bf3f2356f1a6e6462f71b4746b

SHA256
c4fe6170acfc8bfdbd19b30bed3466987bf9e0c22c9298f7f1068d01edf565cb

SHA512
6093f6feba0ad82176799365a5af9e3650cabc09c6f6c32bd9cefd84fa6b0f945436103116717ec996a694654a4a876e581bab88c9277783b0aaf5a7dcbf3cfa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
af213e02bb16bac94f7cf2b3e2a79685

SHA1
841acb1d3b7f449d615d9ba0c0afe796b82649bf

SHA256
3d6da694d356efe3739ac1c54d0ebd56ac613bcf9cae6cace8430855c08c3a51

SHA512
92e63d208f222233d8299bfd73ab15e8903e0e6a862c1fc1e3f0a6809eb0e2aaeb97a9f7646843ccd112741b40b7e06fc55150c1260c4e03625a74695aa95907

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
5e0f28602cbc106a0f5da235fb743dcf

SHA1
25d1f2fd71648f76293cd52dc0b668964f680706

SHA256
2848cbccbff30be4eca9ff965acc7e05c284f7042a5614c4dddcb604fb5366dc

SHA512
220cbdb4dea1987c552462a502577f9f24b0a343fd2bf11153ea347292fb64cda4c6970c7a12d3978f4682080d2b6cc8dbe3bcb698d508cddd6600825f1ca8be

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
28b9b3e7ca4ce8ee36efcef8379fcb41

SHA1
8d55edff7303205b4de5b0184704b37fd96159bb

SHA256
62d4b63230ac5ca97280f24025ef833c8073b2b8a84502b710f3d79ae2028fef

SHA512
58f45a41b586650e0aa5528811f249303c51747d26ee7cfd4444f13789cc387413d8a888a6fc6e845b321d90d5f5588254bcc5a42ec17bf98898bae256675345

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
5bc2641f4ad1cea531dd5aad18bbed94

SHA1
f7cf18d898bbb73a47a2ec14f768c3df2ca85b3f

SHA256
189f7cc2ab3e095e0bc7bcd4ba4b8629c40d0752c77ed81721512fb596ea8199

SHA512
a5cc1a5404c62e49378b34fd0b36a3e17c583de0ee3f82e029069f1b76103fcc100b8444732e3a555ac3819c6cc446a6e4a3ed1022ad1cfaef21403f01e5f20f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
82607578fe9687e5542233407bd7a4c5

SHA1
960c463ff38c20ee0536049a4fcfb94f73289620

SHA256
be19c0a8bf334ee19c2dc885f00a34963227bceaf805c1d8b43f7c6c720fa2fe

SHA512
9b28ac27ef44123560c58a2a3f680a44c9366a3dac0d66a19ac5fca7a5fe613266119c9a40738fc37a143a48e5dc9c969ace4c07d80c04e4a6aa08f6fa752e7c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
b1fd6ce86ec45c80b996b95716272187

SHA1
6028e3e0ed3c826478b4a57e5bec56eda21a8ca8

SHA256
95ee438f8d3d4c7d6b09a998199ec8adf4f700d37009941a9990ed1d9f14c808

SHA512
1b5c4760f3ac20d7796c2cdae8f6ffbd9fbb84067cdeed17a8b5f67dd7221d523232181d476eced6a9e432b254663d26d959e1653e6228590e3f6468f23705ec

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
84d450fa03f897a4b30ade38bc8b85bd

SHA1
fc2722204f0e51667c8717cf32bfe681fa469cbd

SHA256
4beaf25fb1087aad44702cfc6bc179255b3909171913b82f9e4f92159ca62f31

SHA512
6cf92d301c806877e999c2f7b205e67513d45fa331e79afb1974d8de90c80f044536248fc11895a37b18e1a80a954b225acc5a6dbd412a0869ab7f5b00ea4bc2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
7c652de124621cf465aacc226d7577b8

SHA1
bb689557c916bfd897dd3a82a2159eaca5141bd3

SHA256
1d674ac7a15c999981a209ad760b65248bd48608434b64df5c7943858005e1fa

SHA512
aba3367e71dd5d2f57b58c49c7fa1ab77c64fd3ec7c5b7bcb22d69a1cd7df58310f9f6d40a5d3faa8c7066be99ed6fe79a2441f357c9366c79d9ca20bd924ded

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
08f8a37241845fabf3ce75d6e514fe88

SHA1
f002d09a175c302f2a58dcb576cff7238c9da0bc

SHA256
a74fb9d84b24319b9400d2731a352fdd9b05bbceee132fefbb7768935fcffcb3

SHA512
d91c5fabe50789eb7c51b162ac5fff3b724d520f1016806be7e6cd1eac4cd6e4febef6e0c5d159e3d47dc1a3e79722c1b206de97448e6394050cd2bd231b1096

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
0bad84b07694a545f2d040b26c49467f

SHA1
e34a8550ab66d1b075b9a434639883d3cab64460

SHA256
a4b0dc63c73dc8732871fbedd9035c90e00c6f3a557f230d286f3131c523b56a

SHA512
5bfb985f21bd29afb679c38d3ff4f15cb178cd5ba41c72fbdd1cb258a48fc8f9c36ce12e564f57c2c32d4e74a9787168c79554401a412edf963fc35b510c7517

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
ba550be221ddba65d785f910cce30d4c

SHA1
79e825c0e48624e638e5ec677131acc2de74b518

SHA256
186f974c7ab7ce4605f0adace601a6b894863f030c037910ab0e46a13130983d

SHA512
740fc1424dba1e0100815684846016ce926358369111125000281ed0ed9138202ec42d50cc264c4e217542e0ea0f9d1592258c95f4c0e78ec5b9c66ef88f706b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
74a2f4f2f2004756ce35a22ae3ff017b

SHA1
bc0f9f31441a90aa63e8295467aab60e35e50283

SHA256
e48a59dc6f2b0b6b535537211d47be3e0f7d883e87b522476a823bb919edaa43

SHA512
ecbf7485b234e9f370df78475a62282580768278a2089a68a3955ab8d1cc8187937b08b9f276f6d741e28a898bd116a21cb52df144310c6b9cfb97d6e286e4d2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
408a4bddc5867917fb3e91a8b39022f9

SHA1
c9b2ca36b35bceb9d94991007fff707a21c671ad

SHA256
e1bf35bf8aecd6c3c26bc048fcbe60f823a524c8a3eefc79b181e3a25da06587

SHA512
68b56f004229b2e293683e1b33c3378556c84c203a5920225b2282ed2e684b1a24d02300239320a9efd271628e432ab687601c59afb487af36c8bfbdba18752b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
81bfe24e5136b0af228a93f20eebce93

SHA1
35905fa72c4d785c5520fdb5ebf1a0c38b9cbecb

SHA256
a4df069db5aefc7e5fa6b3a4c0063d884d8852eaa5f084c7f17e1f418fd1fde2

SHA512
0b792a0d042195dd604d6b9e3d8afc878bf7f88ab5face7675f0d360e5cb232c10c7786f8a2c899ff18cc0234149d3113d3475c6fee23f0671d18c2e72eff47f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
cbeff114249a2c3ee1dd1329bdf4e081

SHA1
b457591ffba133ba0fff08697ac95c8c8bcf132c

SHA256
efffdab45966aa2c59b62cfea36c6ebdc457d5958683e7733b9604c573e7e1b8

SHA512
8596e0278eff92ba10a99d12548d2d5e20fd96c922744041e55843c8472c868536a6f19f3b80a9dfd41e8362664b6766291753559f2661269eb566bdab34e3ef

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
697e291b00e40fb4647b1ce9e02e370e

SHA1
95985f4d4902107acd092a694691c187eda17d40

SHA256
67cd278d8c714bbc37fc1bf4bc12c18f2ddff506e59c5330f7cd4ed8d16074fd

SHA512
f370e537300ac84cc768d892f65ef41e3d38034d18079d0869b76a1e4fbe80325044232fc80cb42072cc635117afd94b5a243285b7981d0582177ea5b0bef6c9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
17fc684d8fd173ceb513f83abd4663c7

SHA1
7afa4f43a9a071584eb7facd4bfd40802c9be037

SHA256
30ac315ea90dbd1b7eda150e36c6ef9bc50c551a92e114e562f093766572f69c

SHA512
3b166d7b69780745c10019ba211c90a340c18761161731acffd5fd0baec78af57b0045b0d0bad9199d6b36157da9dcf3f3d2ec0398a62b9df1a7f74a878b9ee0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
9c553b1dc43803a40f992a4e09497b51

SHA1
ee503d7063bbc5a975850ffbae8985ba51438f08

SHA256
5d65b1c9d82a65d17899fb0416207842bc0c34a16b7aaa1f8a3434df9a0a133c

SHA512
ec5b63bd41e05bea354b3a8aedc48b9ff714f01699b7019e9c78acd7f9782cfbc20ece746190a0aee49f6612aba4a3707fa79239568419e9597dc9c05b6d66ad

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
359df7e45c0f8933b244b271178fdc41

SHA1
9a274db07e018ccc6d75573041a961411611e0dd

SHA256
719bcad94b7802d1a5a1a92ec9ae2f923509d6aa4e49e6c86c4a4bd48fb71552

SHA512
205a5c3ba58723368f4877549acf458346bd34dc911a5d3668dc12c30a286da237c29420ec3ae4bd6919cfb6bdbe35ccf673b5905e8a6e3fcaf8615efcd4a6b2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
75a82e0ffbc15bf569a81ebc0baf770e

SHA1
b5c0a5f846628767207dd9d6f9d98be4406bdb76

SHA256
6b8736ff4029d261e503d1ff6283127179bca557b21fd9b2bc6426ca10b049d6

SHA512
df98211fb6ba57122ed52cf845162054568ad08d79d2f95e2077028534ff695a82bf04204c1fed8128784ffff1028d769e5e6c46b9e981ff7d26bd81b77a4c0e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
0c317cf2f0f5036464a93a71fdff7c40

SHA1
3318a915067a43af051d925ae59f9f13e0ee5f18

SHA256
7233c92a4603af320fb887cd828fb2fc372bda72b951046b33e77577ce298636

SHA512
f9ade6e747db535aa30a57ae456b2277b27da821d246aec3a70a84b87e80adf6525198d24661dcf182e2b64beae8ffe6e0988bb0a599d5cc89f0130eed4bac98

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
0c8ffce198cd8093cd18b14599adf424

SHA1
8b609ed443e9c18454e1620177b27aa51b5162a5

SHA256
1dd73735f0e50492a0f36d7936ce5ff96b244ec92e1c8055f45b135ee6b29a6c

SHA512
3065a2432545119ad968ee3e3ce142b4c39a7f2cf6b30c34cd4889db7f59e290415341d2b43ab3cd29be91c6f93dedd1a0d0f9e23098684c03389a7eac06ecdd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
a189d355f3935e0e17de5d1d20ca6d56

SHA1
2965e1f49a1203fa86aae2dd8691c77d91d1d646

SHA256
a36290ae2b7fdc9271db3a6886b82f7ab029feae768f530c17d1213610f62af2

SHA512
9a85441e1445b49914092566ebeb9c2c360b325b35396afeae31ada2bfcb515a112ce52b384834a1edb751f7f244e870c5bd2352f4c682ae44879d36f99a9578

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
2fd19c1b3d0c9a54a1e198cf1370eb1e

SHA1
f5d0257467e52f035269889b67891f7e1caa544d

SHA256
4d12048396ea4f35c1e3a83755ebc9d8d12e089f8008389bb6a24041f1cf5a50

SHA512
601c827f4374a31527405c6492fb5a63b69f9dc23d875f195aafe79c91fb092cd4447f57d780e7401e83ccb9f58be346a41ef361b298d7ba25182d1999615917

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
874550b35f3c6b3db8a9b9f945ca1bff

SHA1
3442d555d0d1fcd67d22aaa686a6d2371ada114b

SHA256
5d1044452392ac0011cadadb384fbf2693fe07119ce6168da359690eaacc8123

SHA512
54997d94c28ee211082c81a89e916d9279a73370ba377d82cda75c004d5435ade74ac982e3de7f071a7105f5b0864a08be159f07cb9a324ad1f94107270faf59

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
3c8212459a60a8ecff7df88f47aee069

SHA1
77c8eef3ccbc617fc7b0d4f32fb5f86d40545bd5

SHA256
4d17f15bd5f12f75940d8f43c03684443fedd4f4f9e9b98c1d3d754c7b7d6230

SHA512
31979b216c42ab89dfd53c78887fd47202b6ab46a62b454981c4aecc6b32bf88ffca17cfca997bdcebeadb766a8161ef69136df4a25f1781e1583dcde241d281

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
02178581282499d185c4f15f74c1bb36

SHA1
2b85be9f25d19e01eb99c234ac3d2a64a555a4a1

SHA256
6e90c44afe3b3011ad1b66f2cdf7b28c753824eb007a1aa10d15eabbc76d4b67

SHA512
58cd0577158bc9576ac136c90d805d8f99178aa8417719e0b4ba9f18cff9592f99e33181f7a048c7b9b609e67ec240c06349e2d55bc5fd5c6e5eb4bef33a0c4a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
ef83085f693c2dd04747ccf44b829407

SHA1
a87581c5265f1593ab4b1fa818108f5c7358ce1c

SHA256
f9e48e997a7f32105a15bd376f5e43625de1d004f67cf112bbde1c67d5ad67ce

SHA512
de32d9b63ad0382fde8a00e38a438c8e76f5ca3c9357315ef7df60a57d98ab41e2b5a458b47cb6983750dba8572592369f719d4403fb0f25846b44aea470ceee

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
a1fdb08d27f7d4f1434a0b08e1edd33e

SHA1
ba9da5abf8292e868b9b3388796ad82a3c156019

SHA256
6f4719e78a0d2a541134d55f906452d7276c892339882bfe72ac6d074675f333

SHA512
a46cfba225cca0060278fef0bb18f817fa06dcc8b8a0fca115a5462fa45f3c5ce571de8afd73be462d7196e7ecadb41963c910589a5808722ee5adde2af04b4e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
de92acd83cfebfe95f6a7b5026ef9c11

SHA1
937670100926d1ce3280e23991cb6582dc9a711b

SHA256
155b3fec5f32efc97ca4e5ce3a16d2ea1aedf84251464fbaf2f6bc6dacc3868d

SHA512
bc7d427a774b729e4770383692a177a2bbc6deedc4858776f5fe32f805caa87f67c93b479968e698080313023a4b1cb8620d6ede10280d32b798dade89e167be

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
211819ed64ab9473eb237148672e52f0

SHA1
335e04ffaaa72e6fd88f8b4956642ba12ba167ef

SHA256
b415f7fcac74c6fc3aa05764edaa243b3a2e008a860c0abf513ab0c5487dd605

SHA512
7066f68fb18f17715d2d0f2be5ec78971a02307020fc00240b1af3f4f2b7a13f0292c11663011121e1c601009e8a2a79e0192878ad71a3b28f2eee74869527d0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
bd3300f1e6dd38b785b70b5a44bf0329

SHA1
17dd86b5de625ba3067c1f4d2ac6232ee5e506ba

SHA256
b351181b90cf2ee38cf1c4940e226b271d56fb2f85500e952d2d44344b4c856c

SHA512
394568b2b71daa45e453fcf962f22ea1edfdb55dc7f472bac611f253c41b4230c4633619fc8beed4386aa5f97a7e8665d218d737c39fe76075a1030349d3c0e9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
41617723822d8fa80ba8d5008f175aa7

SHA1
158aeda985f0c19053deddc1a55ed9ebc5b6e475

SHA256
1c850d9fbe899306fabc507b0c3313abb472c5acb601bd47389139b50805d5fc

SHA512
9814a065b56dcb968fad8555a28438f4f37f9469dd43744b9a633571086154bc24ee6707995345fcb5b6e51504abb914e41c24c36bb6513228907663e03ce651

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
6682ff6721221d5d926fde5bbe78e8d2

SHA1
56cdba951f2747bca1903062a615be1f3c7c84c6

SHA256
741aeb500d3e2dda8b7985b89d6687a4a8d505dcd9c8db8a625ae09cc58f37c6

SHA512
20df93e6b5ebff598686233cda2e88ff5fb30988479314db72a9806ffe484ad976cd91fbc486acba121c3d79de5ff4ebe428c20074ea10f1b8cd95765d166fb9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
e27ff5bb7b58db6c2e3cfcc487407be4

SHA1
cf957a12a578b263d63e6d99e27834645a654a34

SHA256
5b1ffea34b28e3370ecc51178840d33e8c89f3e37696b8e90ac688d50a80c691

SHA512
4b73d8da2504343e31f85793ad7d3cae94359027f778dafc53368bf8f9d4612df3b1ff9a9b78ecf219eae85ceeef95ddcf349d4a9a4986326c4f8e03a1dbbc37

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
32187c1274c0b305b6badd8aa96e14cb

SHA1
1779b21a4c2c39996b1d6d924f9c17fca8786c8f

SHA256
65d6b7c6f1d12932b688bb37aab95d81a739eaff9c5c5214ae0e90bde8373def

SHA512
4f47e7a1f96293e3580bf455f5f3cdf0de34fd87549bca41209c931596cf0cbf76f44f9bc9e4611cfa6b7c2ba59301bd9800a46d2b0c109f9b9900f165d19ff1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
6152b622707f25187350fff5d4ed070d

SHA1
b38fac64bd550ebf66b7842f519a5ea7a34e381a

SHA256
ad283c50ee1b26d03801a18ff6e5b65f4f24c20fc628b94cb61998f7134865c9

SHA512
85365fda1feb2c882d37f9202deb2a3d1c2f98a1e40926cb994d259b5808954b37ec4f6efc94b08e189acd0d09b2d227e126e01e11ed5acf7e2af8e5589f0122

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
bf8c25866080fdbed3324e073c3a68ef

SHA1
949cecad1224c24e0529c813b3b69c3d03a97057

SHA256
506a37060a217dadd732cd8c0051be2e3d090bff7a3fe0249d4b45ba2cfa850d

SHA512
e40531bcc8a42ed4cd5a0e3741e5181f26189ea587670dbde8543608e407f9ca5f01879bb2473b9f862f6d10f76391b16ee0a896b2b5d75173ca0745ac51ee02

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
0d004fc193038ff41ceb19ede13e6bf6

SHA1
85327ae99e73f5eda1d3d4d54528a3c14a8d4da6

SHA256
b12c20737db4aa66d9812a809478da336435f273e557c45070e87a7e4f6335ee

SHA512
0b7f6e56b1cd15bf288f529fd992ec17256c3b75837774f2840967762ee6645bdf2bd04bf8c930a9cf8fcda28d337bafce3047f8c0dfdeea9d082f0af9d2c83b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
6f4be29e3075bac1fff4cadb8ba84cb9

SHA1
bb92051ffef52359f3070664b22cea4572904a2d

SHA256
fa5a0dd3412b52f573074833a6cdb0667572b88ef578ead386440994fdf13ac8

SHA512
3a2f5bd6bd017bd948d888d15131a5225f8c1924ff7de0f43d674515dd7736b1b3ecf5073cc61a05258cc6ea7b75e70e1057c190ee75a42c3b78cf0f6031ec66

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
71f66f8c3e43d561c7a7187cb5cce9d5

SHA1
74921e89091991b30ef5940bfd0c9dd253fe31ae

SHA256
b9206409d9ca887a38f137efada633adef45cd38208ae970ea82ac941a023c64

SHA512
bc0208703c67a9079f356eead48515c2f7c7f6f24d6e3ceba24f11c4817abd6b8d16b2bf77c8062a5dd9aab3def053802bea399edc51d44cd50dc18619d58321

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
9d41a383e4f91e69f9aa4c612dedd7b3

SHA1
f36188ed7c8b0fedc4c8f333d8873df36b5d9a7e

SHA256
1038afa8eac1e8379f443219a2a6c44c7ecd26db13069c707d30a084eaf9dbcb

SHA512
92f6829ac0849f8aa90927cd91e3981cd99b1358f4dfc9b2b4613288256e444349271de651245226a82f1ea9eb345f25b38885d1db1a4379d94a9db1ec6198f3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
5e3836a716f2ed785f8b12c8854bbdc7

SHA1
827fc518c4ba116a1c1b96e49659697ceab89d44

SHA256
10c8cc168f274c12a9023662582af064f52cabc49fe74f5645fa1fa5b7b8d2a4

SHA512
3ed4de3a8b48509bc0beaf363a45d0b8eb1e25b6a003cd4ce1f4df868a2e47d0e65cc4e791bb525d7895b91137f3a70ae1a235426d0eb3f70fe8f2744f37dc6d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
3f9eacea932bed0e99d31c68fb5dc15d

SHA1
8aabd50e6920b1d651db82467e1ee8c32aa9b096

SHA256
4eb2a08b4222c34d7c0af52d33b0e7cf1f479191df6eb950034a4d5dc7adbd59

SHA512
a512acc5ce8e69781081ff2611e943c9a63c4744f02394001174bbac0e927738cf79150e45fa508f1b6d944f6ed1c86783a5500a4b4f2eafc6e4f7f9c366aff1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
15190db6ecdb6a562d3dc3cd76c79f2c

SHA1
29f437fd5c6932704748a80f5c99e39717544f09

SHA256
85c8383835d4dcc96897983910da03a1462ef9e6ec90290dc15d06797525de62

SHA512
29fc32a2237fd0cf804439ec8638eb41fbee78f6717099ad3ccb81db4f5ad9d6b981730479ce0e953e8c30a008937312fec94b979645fb46328b099099193c2e

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
bb40dbc826bb33f6483a0af5e83ca83e

SHA1
a14c8d0211fbc80a6bc39be9c3eb589f95c39bc7

SHA256
2da006da66b890629807c337442ca119173578a490e5dae1f82d07c3358b1ae0

SHA512
347867ac408a3d7094fcb1c8ef85ddeac64dde101db2fe276a25de62ce0af04827efb94212dbc35330453dd09e47da586716ea488ac5db534de3eefa9bb6e646

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
25276b2184d9a90ab208b70deab763cd

SHA1
2d694f93b4b85f00d4637086851f1729759a553d

SHA256
c50a98ffb934c16ee9126042fad8f190032768d9579c6a0e7cd61ae4b15cbd6a

SHA512
e16f50263f98d0de3fc13a62ac3868f4443a8afe0cc87b164926f666dfda9929b33785d7c0f3b74441ded3333a7924c19d2c631aea228c37029f717a8c5a095e

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.yap

Filesize
8KB

MD5
c3b5703c139a07714557e366a89fb9f2

SHA1
4e929ccb078b5bd2b553aa5442d00e3ede8d31b3

SHA256
4baa5800ecb15759bca37dc3970f6b692eaf285c683264da0a226ba74fc3c474

SHA512
64b525975afaac3b0038bc425387237a12441596071abccc46ddb6ea8cbd097986507093e834aa0ad1e92889fb79687a193a9d6c070dad66498a26f81ffb56ac

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
fc9e2179c8403695219afe47f2c497f3

SHA1
2797fcf44b9cdc0e20552109ac7cefcc2c30721a

SHA256
4a3b7f77d883354ecb7ebd08411c29ffe9dea60db99bb4bdf60df1e5b26481c6

SHA512
e22a25ca24552511dea337b4727f436152142e608a31b5a125abb741a659a4efe5956dc0e14d93c750c8a1905884ad31e8bc55631b44a3cceab0561636a3ff80

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
5c54d503d7b1dd4c36822c2e60a56c93

SHA1
db1a9f2e2059aaf0f90b3a41959c5a10b548e49c

SHA256
bef194190533e0b98ab2c89c84bbeaefa4ab2cdd80e24e5618931dc2e8c17c18

SHA512
cdabd8d82c48c028a6cd927b1ca6356bdd822b368ade3c9383d52ddfe0e2a230950bc42f9277e70b20fea5bfb28f5d32666b2c9f6b716bd82c9541a22d384278

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
62dab79e36d30a3bcf606fd765f9fe78

SHA1
ec51b0cc8f31f0514dd0c3016d1a6471db9245e9

SHA256
4a6c53b9a34820f95694b44e17e09a4c6f1f849ff42257a7a406eaa86ae600f9

SHA512
fc5a877c25ed41866efd322d410882852a814f87e0d3904ceb3351ac5a3ba68a1276fb408a52affebffaed997e40a787f51390ceef844cc867b3766271b4fd86

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
a234f0f196310c1bc940bc0e519b9f73

SHA1
45879b849ea7f1d23e8e51b451274a44b070d076

SHA256
5c44d7a4f46ef8e985d88966697b22209c29e1f5633f209a97109d59f770ea54

SHA512
9cd7c649348e74a8324bcb2c8b1f00f87ca19d79c58924a9b2490de35d7f12625126e0bd7147ee1456403eecb465252acdf7dfff33a8c5e4a52fcb26fc29a3df

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
4c5c4002bbd5854640d97dfc7746ce81

SHA1
e6a5aa24618ce08ed16b36cd1765cfc6d7ab36f3

SHA256
222ecb96e0b546c1be67d781f586de8c2f81dfa5fb14d4254dd8b93c5a40d2ee

SHA512
ccb254f3861b47dcaf638ad309ddb8ab2e01c6fd4c5ba26a73402d3eb750f1a851568aa9986d69f1c0335cacc8bac569b6284319d3ccdcd67c321b1f13a09482

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
29fb395fc8bf22361cda2686cd6113bf

SHA1
e1e8d4bd9fadb251aa81db6128b1b201a5dec93a

SHA256
31bdc81e78492815efa6b3ca4d4c33d640c61b6df6690e056b1fd993565fcd0a

SHA512
0ea93eca3484a63f468b643b37992c01449449c4d993339f9a819586454cf42936f3bef1c805bfdc9250839fe481009f09c0f7b2ba466bd4970afeb9def8365a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
4d3afa9b195ba5dd4b35222da436d2b1

SHA1
67ea3e55390a8537cdad5b83021b1587b8756234

SHA256
1993e9e150cd56896f184169290a39169757cff6faf748461e6fa82fc369fcb5

SHA512
02bdc84d7cef5bc3c94dfcae4ff07da2860d647298a81dc000c5a0c7f403b28fa8927f25c88b5017a77a032b570f11787db5b132afa269b8c702293d774b8624

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
4c1cd070b9bf6a7ac36e60a907391a26

SHA1
85ca6d65a083828f94c27327b8994ce7c6b11ae7

SHA256
0b4bb3dc857263c89e3fd9405ed53b173a86abbf9cc5a1c83ccbd59182d384f9

SHA512
8c69b2561773c3e0af8754b6051db2aaa993ecacbe0494eacc15cf7a03d4d9d2ebf00362e1f40fab68d94deebfd84999b433f8114e28f71ec31622136237f224

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
199dcae3eb1ae770ff70cf6ddc2c8c30

SHA1
5e06a4723e1035ff27c6eb88a198dcaeac1456b3

SHA256
c4d68a41e552fffea6a4540f9ecc2472c4a51641a18bdc2bdd344436f7a0859b

SHA512
b7e0431e57c1c3c6a0eeb811b4bb07fbf1c842934ed6afdc21bbf16e485a6e7030179deb412acf74dce4cba2f214254290c45d01f6f666ff42a9d12e30829d2b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
ff06a0ac61ee0e0a9b57e1968e4d0c11

SHA1
ec9673e483d3363a83dde93633460185e1522990

SHA256
b724a3ea61d6b34ccf68c6c031efdfd6a58101e20e1a301995147d4823d7a9ab

SHA512
b00258046ad455e4bcfd0c542190797a36893bbee562df7bb988737b6e62c32adf75788c385a3d72c90872958ed50b86973ba3a1e62b8a14a665480a3642f97d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
ab4dd1182e1798773f356298f99b174b

SHA1
44197d4799bad33dfd6a18fe109dce34bd68a1e3

SHA256
868379d15f735aecaeb005466c9840aec00d646bee0c847bc64d2c62d1dcfe2d

SHA512
4845e0375d97d4066d79cf4cc8aaa8924019f58e81c9f4fd7c69166d4b0d90fad390a917845306c889814eb93e735752e7341b7842340838c9f0c9bd620dd180

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
215cd4a26638bdbe573ad89cca46b4e9

SHA1
d59bfdb4bf8c912845c75cfc6201b6a35d59161d

SHA256
fc42eb88e8b321be9c25d2ea2872958acf775a0b43dd2db812bf9560823f3067

SHA512
4393aa3547df4c962ef2aa5d208003a16bc6fdf2831f70ebc7d0769a5eab3873b67f7f93fcce18b7a75a3b95be54824606d96115a43a3205bcc1f986b004554e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
6d896bae455caf726e1cdbb758906770

SHA1
5d993cbca927ecb8fcad26e8e431658d6c5bbf94

SHA256
0f370252880cb86bf301a197f6f84bcef59523621e57080b52c258e356c4bb66

SHA512
0f6392541e54f1cb49caea36ce3dbd5114da3cacc037780d1106d9067d419e8f70c8b7103705639e4ca3004186cc3190de36cd4f81d6a71714dac56fd2e6f3f3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
dbda1d8fb356c39512484b5a1679f6a8

SHA1
55fef6e79bc1e8f8c746dce2b0fb686fdd8e07de

SHA256
b645bd51f7555f964a81aad73e5582743a90adb4de28963ea32c2ca17449d518

SHA512
4878bf8b1c0521d68a8af832af35a3f2bee79de722edfc6644f08fe5ec37fc0dbca93c1596fb5b09f24864c05457ae394b6ec91b923e443946052323f55fe2b1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
5ec73ab25b9be64867b237bed00608c8

SHA1
218a08571aefaae1d3e5d730180e74cebf6f8e0d

SHA256
7f2fed3a9fb26afec1654ee29998922277573bc30b0a1dc9aa831d5dbe77e7f5

SHA512
81364bddeebeb5bf78f8e06db63c69d632cfaeb54f05cb6d7e8acd0a53c7826bc9fc7564708e9bcc9cbace58ba1639af6f89ea26eaf617e22241e80f12f82217

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
78706ca9b54616d5384844f21e4c8668

SHA1
a62b471b7dd589e9d747c583468a8af98f531bb2

SHA256
da069fe3c0d56780dbe9315259f5210f3ae5907db99c5d8eb24e414d9430d61e

SHA512
d660651e51dc9387392821fcd5349a1b408478cc1a02cf173ef8e17aab9e49ba83f8cd134afe2fd7bfb990f4dfdb92e466ee2a8c056ca06c93625f02ae4423d7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
cce6dfca278c6a9faa000c85ff9f8e99

SHA1
8a04509f6492549314520239649fc41e25944360

SHA256
a4b761503e8497deeebbcfe0d20d0535576f6018adc3832b9f2d7587f2a89ba4

SHA512
5e8905b315b2795526634674b3fb0f21cf401ac3db92bfc83599f491376ef3b423b2496c4b5f49fc0359da14fd7f12ece327ffa6a6550aaf38b43a4973b838f1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
37fea56b716c490ccb2acba27e56b947

SHA1
3dbea702177bf30365ddec0c7af96f37f0c7e57d

SHA256
b33478786600d9fb6a6832647690688a71f7bebf6586f3c13c741e9fe1ccdec9

SHA512
afa860d84dfbcc08fb39a9a1d417d2ea4b0049f3b849ee18c52b9520965a33d4c93f5383c85542af0ed5698674614a2e500168e2246eaa1ad41db241e6709c22

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
d144159330d28ab5a89c926f9d62f7dc

SHA1
2ddbbee23c56055a00799e317700af5975e865d1

SHA256
de43ab250a7de2b37ee8808244947f095216bb96cdb87cd64ee4cbb01c216101

SHA512
a4ac66c475b0787c5b81954bf394e796d88e396d25fbb9db21a377242862c870b141d68394766dbdf6a9fbeaf26ab9c38f8135c87f64ca0c1e35c01858af3bed

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
89e9d00515749ccd7385f1603d2eddc3

SHA1
0f69c068fd7eb682984df1ec9d8a19e45d7e5a14

SHA256
e76c0d3ba9271fa0a6c942bdd7127b699bfbd7093139d9cdfa038f5e58ac038f

SHA512
6815763a237f75009ee971054447959a21c66a4ddfd2275f2652b22400ca19d56b73800e5af4de6e49a08425fa70e0999508e6d7f0266d4b835c0b8a82e274d5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
38dfc200342cd179f14240801913fcef

SHA1
be17feb3d41404ea9a31952f08450b7194db755f

SHA256
e7f1139fc8de9271e4ed8d248cd6728aea740da06f970c368064c8309c7a576c

SHA512
52e322120a3330f204beaa65a202155f3fe833b4e76bb94509b2f1002dde841101880af6d779379b0887faf748e4faad2650d6e4659b3ce6bbbe74d81feba326

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
204c84f21ad1c98f5343429567289e03

SHA1
d07a78edcdcaae19d8a4e842177f0b37264f1ca2

SHA256
35e48920a90988b0b589d8c6667551dfc6912696b5e8a118bc113336a8243119

SHA512
85743cf642b036a59cda21c54f3b537a4b18522753715211097bdef4efd94e0b5bed9e5ce62baf3bd689fa019b6f96c51d8e40dccbe9e1df51931c6c5f32eba9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
d394fdd4bc0ae738d02545022ef1fa5a

SHA1
20504b611745009b931fb7579ceb7948cd845661

SHA256
505d616fc16bab66665797a9d611f355f0dd8ec485cff550223873f1a68127d2

SHA512
f6542cddad8b37b744cb847cd5e34d02802fdbd45405238c27fa2c263418d207413a8121672bd20a478e1ac8e5fef53787152ff624c94d24082659758989cb31

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
c3176636f92c9b1480bfe0bc9802355f

SHA1
b64cf1c2369645be5930fb8e134a3cd87b60cf52

SHA256
f6cd58e97d5d71da8a890f8a8c7f80ba64cec67e53803ae836c8d8ad9f1140a3

SHA512
0be9345c0dedc0339e111751d9acea0478de7ce61a2cba07c11c8e13187897e5bdd920781fa3d0ab1dc69924956ae3b9602fa783d8d4c2e204e029fdd217e6ff

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
1ee0829326edb983494fb5a3f3bbc8fd

SHA1
c80eeb0d87afa6489a0d99b5c255c4536fdd9710

SHA256
c3dd8904248d60f49171239f9497489e8cfa3cf428430537d2a864b1a5d3053d

SHA512
f9f73b5d0164cc682af6c87d11729a7d23098f1497951f255db278c9384d7c58c413877561e84064d8102ec791d201a841187a8b752eb35f8401a8d65b41d441

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
e6dba13cfd423c8f786b06020cba917a

SHA1
e78225ac623d9d9d5365c049c52a12b46e9ecd5f

SHA256
519f439ff996b28006cf9164b35e62b2bb144fc7edfeddb63025b83f7d35f6ed

SHA512
3e67c94364a8c2c7f511e16189188d8ff617ec35e89c7813d80f0c857f35cde61059634d478e2ea2fb463ce06011dd84ce909573d86178cdc63e748556a31fbb

Download Submit