b860589bc0c02e342d327a5be7a3cfe78f65f4ed0f67d06d6caa204b276add87

Analysis

max time kernel
126s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18-10-2024 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
Size

1.3MB
MD5

55522c1da2cf9392d2258d90652114d2
SHA1

1188ef67038c2f14a754d89e994658ca716505bf
SHA256

b860589bc0c02e342d327a5be7a3cfe78f65f4ed0f67d06d6caa204b276add87
SHA512

e68442753ef81c446f3a4a88e14fefee1302bf33c193018fa8432cd9a15c6d9f0bdb660dc9f5a029732045b0ec0d225c18b7b498e8f65d19efc1ddca56707652
SSDEEP

24576:gzOUxaOWk01G4fbu/F1ZYDnaCXtztayjngSPjVh4L3GmPA705sCvsk5Xf7v5lFW4:gzOUxaOyGaupAa+XjHlAAoefkVf7voFF

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2316) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\en-US\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ld869rwRuHeO9Tw.exe"	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\prnkm005.inf_amd64_neutral_c03c9e328608873e\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_environment_variables.help.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_neutral_f8bdd2cbac28a8fd\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\Enterprise\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr002.inf_amd64_neutral_db1d8c9efda9b3c0\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\ProfessionalN\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\System.gif	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_script_internationalization.help.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-RasServer-MigPlugin\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ClickDownNormal.gif	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_format.ps1xml.help.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr002.inf_amd64_neutral_db1d8c9efda9b3c0\Amd64\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ql40xx2.inf_amd64_neutral_b95932400326817e\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnis2u.inf_amd64_neutral_de46607a02fe2552\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00i.inf_amd64_neutral_09ff5ee0a0cf0233\Amd64\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\StarterE\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_hash_tables.help.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmjf56e.inf_amd64_neutral_328dabbf0aeed9bc\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr009.inf_amd64_neutral_fd2ac5b9c40bd465\Amd64\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\et-EE\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph3xibc12.inf_amd64_neutral_ff7295ba5a46d63f\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\ProfessionalN\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pssession_details.help.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnsv004.inf_amd64_neutral_fc4526bbfbd5feb1\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasic\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\ProfessionalE\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-ActiveDirectory-WebServices-DL\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_type_operators.help.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_format.ps1xml.help.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmarch.inf_amd64_neutral_4261401e3170ebfb\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr006.inf_amd64_neutral_f156853def526447\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_parameters.help.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Redirection.help.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr00a.inf_amd64_neutral_aa4f0850ff03674e\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnok302.inf_amd64_ja-jp_708c81a8b0ad8846\Amd64\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\Starter\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Automatic_Variables.help.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\EnterpriseE\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Comment_Based_Help.help.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_modules.help.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc303.inf_amd64_ja-jp_b0dcc6693f67451a\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\040C\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ks.inf_amd64_neutral_2b583ce4a6a029a1\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmagm64.inf_amd64_neutral_ef322a8cc2738a9b\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_arrays.help.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tape.inf_amd64_neutral_c6a6811d3d827dba\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\Starter\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\WSMT\rras\dlmanifests\Microsoft-Windows-RasServer-MigPlugin\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\0407\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnle004.inf_amd64_neutral_beb9bf23b7202bff\Amd64\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Return.help.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Session_Configurations.help.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomeBasicE\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasicE\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Comment_Based_Help.help.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_prompts.help.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hjnacehknpcfikna.bmp"	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

Processes:

55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\Words.pdf	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Casual.gif	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\ja-JP\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\form_responses.gif	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Purble Place\it-IT\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145895.JPG	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0148309.JPG	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ViewHeaderPreview.jpg	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_right.png	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21364_.GIF	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15302_.GIF	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_foggy.png	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_hov.png	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked-loading.png	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\EmptyDatabase.zip	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\TAB_OFF.GIF	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana\TAB_OFF.GIF	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\QUAD\PREVIEW.GIF	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101866.BMP	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0202045.JPG	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STRTEDGE\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RIPPLE\THMBNAIL.PNG	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01179J.JPG	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d11\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_hov.png	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_thunderstorm.png	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\ended_review_or_form.gif	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR1F.GIF	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\es\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_over.png	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01607U.BMP	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\ELPHRG01.WAV	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-disable.png	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115836.GIF	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\PUSH.WAV	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Defender\de-DE\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPreviewTemplate.html	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\winsxs\x86_microsoft-windows-d..entsnapin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1f442ea698705799\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\Performance\WinSAT\Clip_480_5sec_6mbps_h264.mp4	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netr28ux.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5550642744c2dcc7\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..nistrator.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b4f3bd8b9b817f90\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..splay-cpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3d3d80da66f582a3\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-main.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad7a885e4314c58b\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e89ba9cb6f9dcbc3\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnbr003.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cb5615c491ff5304\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_environment_variables.help.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\403-8.htm	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_remote_jobs.help.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_fi-fi_23882454ace900c2\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\system_settings.png	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\1badf57680aebab32f17bc080876b61d\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..shell-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_fe68f514b890400e\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_ph3xibc11.inf_31bf3856ad364e35_6.1.7600.16385_none_3bc5d976e6440be5\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..converter.resources_31bf3856ad364e35_8.0.7600.16385_fr-fr_0821fb4c2461fee0\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-peerdist.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9b89faf20b1c0148\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_rdvgwddm.inf.resources_31bf3856ad364e35_6.1.7601.17514_es-es_96492366c41713aa\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_split.help.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..apc-layer.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ae96531c25d8c5a3\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-networkcenter_31bf3856ad364e35_6.1.7601.17514_none_93bf831def70cc80\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-shacct_31bf3856ad364e35_6.1.7601.17514_none_242839193814d663\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.runtime.remoting.resources_b77a5c561934e089_6.1.7600.16385_it-it_00d935abb10ea99e\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-c..n-comrepl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a9142181f8e64ace\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-diskpart.resources_31bf3856ad364e35_6.1.7600.16385_de-de_277d1b6cb03cbe8b\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..spp-tools.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_cb414a40d328b0e1\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-scanprofiles.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a6b2c5bc94701aa8\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..ecore-acm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0cb3073d2ecf8808\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\404-4.htm	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_09252ff637951494\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-stickynotes.resources_31bf3856ad364e35_6.1.7600.16385_en-us_567f6e855a658d02\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-appid.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9c7424fcfaec8d6b\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-storprop.resources_31bf3856ad364e35_6.1.7601.17514_de-de_882cadf458ac205f\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1\play_down.png	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-r..lelevated.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5acae4bdd4a85c2a\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1c05266de8a7a982\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-a..mecontrol.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0bde965abf387612\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1\pause_down.png	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..omplus-ui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4bbf55d3818495b7\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1361_31bf3856ad364e35_6.1.7600.16385_none_7da022f32445383e\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx35linq-vb_compiler_orcas_31bf3856ad364e35_6.1.7601.17514_none_f4285a06060032a9\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..ional-codepage-1250_31bf3856ad364e35_6.1.7600.16385_none_210f16bf6c318f89\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\3bfcfe12488f0a2285f5f08274cbc13f\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..ingconfig.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1e16a13410c46dd2\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\404-14.htm	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..on-wizard-framework_31bf3856ad364e35_6.1.7601.17514_none_1478eaa56818c3c0\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-events.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7802df3065a94f62\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..topeerdrt.resources_31bf3856ad364e35_6.1.7600.16385_es-es_259154a3a31d63d8\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx35linq-system.web.routing_31bf3856ad364e35_6.1.7601.17514_none_fd1c2b9df8518df3\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Web.DynamicData.Design.resources\3.5.0.0_ja_31bf3856ad364e35\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ment-core.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6db201f5db13dd71\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dims-keyroam.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b81eae384c698287\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_mdmracal.inf_31bf3856ad364e35_6.1.7600.16385_none_94654f616d035e4d\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-legapp.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6c81f55919af8fd2\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tpm-adm_31bf3856ad364e35_6.1.7600.16385_none_47f0687a93cc8b71\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-v..kprovider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_310eba4283ecd151\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-hlink.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_55c131c9c47c8396\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_subsystem-for-unix-..lications.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8002fc80e6c60075\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.web.entity.design.resources_b77a5c561934e089_6.1.7601.17514_de-de_c5bad6a78437ba67\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_umpass.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2587d188972e129d\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..fessional.resources_31bf3856ad364e35_6.1.7601.17514_en-us_090436357cf6c2b9\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..ty-client.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_14f92bf9e03a1646\HOW TO DECRYPT FILES.txt	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.CryptoTorLocker2015\ = "KZXBQDZALDHFNGD"	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KZXBQDZALDHFNGD\ = "CRYPTED!"	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KZXBQDZALDHFNGD\shell	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KZXBQDZALDHFNGD\shell\open	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.CryptoTorLocker2015	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KZXBQDZALDHFNGD	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KZXBQDZALDHFNGD\DefaultIcon	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KZXBQDZALDHFNGD\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ld869rwRuHeO9Tw.exe,0"	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KZXBQDZALDHFNGD\shell\open\command	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KZXBQDZALDHFNGD\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ld869rwRuHeO9Tw.exe"	55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt

Filesize
1013B

MD5
de3a3b707082b03731cd74bf977523ad

SHA1
a9fcbea5239c1b8c0597c784603f3a67fcb1ffb2

SHA256
21efc99273c3b60e01b4df75dc2c96f8aeca13df0ca77374b00a2368812db6fb

SHA512
b7196c3be7230914ac2378574e3b72c9a4a4ad17d36d40a5bb93eeb4d50be72a94e397a8fd568426db85682615e2522ce1a9a4a95b5a73e5633099c4ee3ae6bf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
cefd12249a8366ff0154ee471b08a31e

SHA1
3348dae218b0d32ebaa629bda68ac7b59ba3d4f2

SHA256
1a375ae37399bfaeebdea494386f3a6783dcbcda155e26edfad897edf76ea026

SHA512
541301ce269a184382fd9619bd2caafaa8cda35140322dbbcdd7b380ced4c11212fe1386bc2ac1f86ddd2693f75973ec5bf94675dd40055e388ba31a7a56ecae

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
ec7dc1b9e9f053055369cd3f25092b90

SHA1
70b14962ecee0c4134cd4467291c35a8f3716d0e

SHA256
d63fcc143b12e19bcea3734a9c929e56c93397bba47c19d9b79cbdcf21e83ae4

SHA512
318feff90c0c8130891c515644130e78344b8ced5ee1354034c79e68f2ffb978cd9a73dac780b2833a4d0b38afcfe2eccdcd00b4e4a7bf1bd9571b44989f5985

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
14a4941c94817d377a727bc27095f66b

SHA1
994913eb07affbd0f75d0634285f070de848443f

SHA256
708fbb5e8e6aedea750a8a9451438d3bc7dbb3177fcaf3b14e26f691259649d9

SHA512
b2f7a15242961c2bdf534b352dbf5fa8293d742a7e44ab7d9c7993a6671147c281a2edf80a28b5b3b86751c536d0c516ad2495eae5b0d7466b76caa78da2375b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
533f2be325c3b9a9149c9eab6ae723e4

SHA1
2047891b3827529a3fc0f929e517e867f6102c86

SHA256
5e022a5972a0e7fb879687cfbe09a9d218ddccd8b415e0cba5913cdda030d1c6

SHA512
84d7bd05b5e09bd951ab9a79b65b0d659c4ad213474da81145e6055c810484ac5c0bb685792c3cdd1ff823f66bf7e3873e026cdd5fef172c77b7ecec01c729f6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
c8d46423ea2627948c1156bd6af8f6f7

SHA1
fbc5d7089ba4f5fe56739f5f6675d28d4505e997

SHA256
ac5d35162824730c6ef53435a9760ebf170d5433acf23992eaf2a76bbf392f62

SHA512
ce5459c1b21ebeaf1f0efca6a29c0e938f768ccbf629e365cb3a24dc6392b44b0e99b09079358f36a6980436b489abc4ea707bc5fb74efd7283c223745e26f13

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
7f2d6fed64bc6315c71e7c9fdfa3b954

SHA1
fd0066b427f4a8080fc41ea949987434c1387138

SHA256
8fd6bb1f8b0a992435ac8209a78f793a74b147db8e15a786852fac3b3f8e35a4

SHA512
93fcfaa64ca2b7352d0fcc663cc37a8c3922bc0652e1e3be50a0e375c24dd5fd6a0f8fb37f1882de8eabff5e41698f0d8748ce02c5670c9c56e047508874827f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
a29233b7a716d1781ad3e1464b77cf99

SHA1
fa5080259cc2b24cf312d68c4d2f1ff756110b52

SHA256
92a8d81e455252e187f25c54c6abc5a86b9824ca0eee0031ea618a60b7624df9

SHA512
68daf24ed4e03245545a84281184d159a7d5370629a30088f2e9a0e5cd905ee49ae64394153c30e2f47227813da5fa41cc92a22af1b8e1d3016f29b33aad9eea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
22be573fd73e2c7ff4fd03fcb47dee24

SHA1
ec54f8f672378f7fce0601256ca797449882fa95

SHA256
52a8ce30b0db12a6b470fdbf2566d345f2536ae1f8ee1eb3fddd712e456be474

SHA512
6581bd911fb439e7bab51c0f40a7a5c1ecf52fc54075599bff99e7df79c92baa712baf4c857bff84e620fc983754b906c4a6ad4d0f33e02b03e0032bffa3c18e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
3c34290f6f4eae0728ca9ca7d87ced14

SHA1
c19d3217e516d1ebb85428931b1cd31620902600

SHA256
8c7fc0e3888bdbe07af8d8cee20fed8287bd4c54f7165982f439ef4be0218fe1

SHA512
c297de3d9b88062b477b709cd348e6b778cfdacc2ab64dfa3c14d923c0ce9f5c82db0f52b7a1ee307518299732faf4ef62eaa0d237499f08fe183575a77d6d94

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
14a26774deb785b6791dd5ef1f69b169

SHA1
bdb76c3473cddb35a0bdae5d116945c39d474ea6

SHA256
f38058ce05ca81e82f5047a5754df56495a9855d2079a02c74c16c22e9812ad5

SHA512
9ac5a6f042435f6ff8f096ac220fa43cc08e633d114398d9f860c8bea39bb01e2b46cfd2c4e8e3ca95c7f50247c6fc76458ec35bd8bd7ae47e42512286a74d5c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
0b1a0591faeb402f99a8cd53e5bdf41e

SHA1
d37dc96b016d2a55604c23157184d96241d1125a

SHA256
9f26c2f6ed00bf293ed14ed8a8c1b0e2cdb1d2a010cb1dc3cdc8325ebafeb59d

SHA512
67e61bcb75025e1bf224b8511f1bfb740434c2ac4d279359d8e6bf037fe2f71990c57375f5bd30fdbee93c9b8929816968fb019a8c154722bba5bacc3599d05c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
3a87e3ddd89c0028f5429854014a585c

SHA1
4aa382183506ecaf46b16f4de176fd2d66fed8aa

SHA256
2a1683dbfb18a39ec8ad5965874cdf1c15bc0e0b2c2b67b3cc881a3aa798ada0

SHA512
d9c55428f0605bcdc0b3690433ef9b99ecf50dd5bab4889af279b85ec425b4c7167baf7f99d41a8a56e9279c999e4718048d412a3d588b9be4030ee933fe987e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
492e0f9e006ac1820e5622a4e545fb73

SHA1
4c08ea6d43b143854d01e0f3332ec42e3c732dda

SHA256
107fb23b3b419458ac92e122b802af53638d6808529f0939960c2865644cae73

SHA512
3dc8ba423be623137227b366866be21f67d2523a93c140d5f37ffd8e0225067330036a4dee1e567bb138eff634ad6ce5e99ad09d34b28a6eb64f83bc97e09953

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
907a158e6210764ca7b001a822051c3b

SHA1
4489c4d8f0d14f8b9b57f5a25fc29ff76d80c6b9

SHA256
46f1126d774a3e33ad4db237a2c192afe509b8dba5aa5f1faf45de64daa3fdff

SHA512
12847c28931d803d0d392f52bcc48707c0e70a59a3e05cfdc214ab9651cb4aa7e8c1f383a343fc8ceb639ecc409c808cfc4bf6ee0e328b71b9dc7f9602ba2977

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
5bf87c0cf82181868a566b5ccab3dd7a

SHA1
dc0887971ce17eb926c458bb424737a557bb028d

SHA256
1bf59736e99830fb982970e531f40674947ab08da59d8c4e62faa5c186f53814

SHA512
47ac584e0748710168c62a8b43abc3262114d71d078f50a6baebdd3ca3e0e31ca9a41a8b65405db19d0eb8726268bcca9964467a83125a849710e61c71b0d207

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
4a28db3ac3eac0eaedadb823676136da

SHA1
4067231d20e4f113950836b707ed3e0137dea85b

SHA256
4ed08c0ebd9a6c39a7e851c0d6aef7795d7b0a57a66b4f302809308dca7c4966

SHA512
a72933075b8635582fece90021238bffe6027e7287d1a7698f93958dba575870d6806f421917f9fdb3a533a0438fb6156769b355b863b2c7a2211514631141d5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
398f28272be3adfabfd76e9348a54f1e

SHA1
4caf2f78a8fb083f11654e79b123dc8c78ad3ab7

SHA256
722dbc0b7ddfaf394cbead65b0337646538f9075ca1b09913b0ef2d8d313f448

SHA512
12e0e8f698ed2554242f3ec9ce4c69270f5de16324e6b51561cb1548c9ebe2c5466b30360d26c9437b6a7a1286dcf83c73d6f32a2585bb9d311a69dc3837dc18

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
d5e27683050e21fcb000fa3e9fbb15ed

SHA1
bc8cfe0f8814ad2ae6ccd2aacca8d6f1bf6d32d9

SHA256
367098fa65f72829e47d6708f76ef3aba420d5381f18f6f4ae7997f580079248

SHA512
1227d3c432e4f60cce9fed6d42e8f7103744383863a748a79028119dcd667b530c6d4afa8d61f07ded52fc40f50a8e8b9a2b8866c65f71da944e4e9ec42bb95a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
53f1ab7650657f5272d1fa4f421088a1

SHA1
82f42a4322f169fdd9d4ecc30e677652dc0db1e4

SHA256
0ccbf763cd79cfe383afd4014e81d285d5addf6689cecebb596b2a42eb32964d

SHA512
4e9d130bbf4649594f6bb66081beadbb9bde194b0b919795461114b76bd81df38a6d359da06a18a917880245c046df2ef0e2244fbb5fc1b3ccbb0cf26666ed91

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
3af3bb6bc06b6f135acf1f7be7caf590

SHA1
11c5b10f32587f360c7a062ac66163f69077b444

SHA256
f43fc318cd6d670273b546cb135519924f83181cd0f8a7c9ef6367293ee01019

SHA512
30517f07fef2ff578cd26369e5a05916d4acd9bf8cb8d7d181cd0413c03194aea842ba40970ee8e8b50fa4a6c6430cdbf45e1ebdad9ff91583df21b5f4b09e04

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
4809d0695cead8aeb404b8f2aaf83dc4

SHA1
2f02f63758cff105d7c8e7df9e8b785cd8cdc0ac

SHA256
22c5ea682a07fa83850973286572884cbeb80bfcd1d8b9fd5cfb68c13fe58b20

SHA512
2195e36fdac54e6bb0ab117a0d5c2b43d143ce21cc2004b8c3c09439bd3e3b8c0266e41395bb300e86e2701e08d687c709b65c4a30ff5d0e8eb33294efe7dcc3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
46f2a4b0457b60f4ea4c4bcbe2504f2a

SHA1
df3fdfe7485a49f0d1d991239585a416799b2456

SHA256
b8664e4776ca024187e47fdf014a1362f3dd02f13bebc8adf0e80fd7993cbec1

SHA512
9feaa518dc3301ee987b4f9b71b580958c08c7fac5e302f91620c4dc724d0c9a38cfc8aabc087e283b062c34f209816a1e8799142b963b18193fb0d376854e58

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
a21bc3dcbecdc11fd296e5cf46f44c43

SHA1
030ccc7431c25aed652741d4808f5882a1049feb

SHA256
fd0c137dd52e9c0d986971f58247f6765cf1c52e27bdd5f06a01a7f0272423af

SHA512
3b78b7f134549c72549ffebf651bf85f3b8b1fc1371accb9f7be0fad431bbb76687c4b0324a490cda80ab990c9ca6562704d48424803c904d04ab7d780adbe6b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
4988c45f53c9e57312d486d07ca4e909

SHA1
96a7a636a526048a2bf1a0442034349fa93e02ae

SHA256
710dbd7cf31c1ac196513c3455c20fa12fc22dc43be16e98e356e607c8d2e79d

SHA512
a21d493fca27c9b0eb1318e45e2e119f38026dc076c56874355c1f2f3fd2bb0483d5f52144e92de6b810f7ce3c0b653d0909bd44d43541b0b469221aebba297f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
b5372027ce92cbb150826dcd4cbf00e3

SHA1
03f7fad0c91bef12c5d67e4ffe46006d499aff67

SHA256
eb386b54ad33f0fb9108fcdcefd6e4752151c0725abfccfff15564a61679f4c3

SHA512
857e8aa52e4a2a72929cdc78a6f3743041ed1b5a7323bce3220a0891f3238467762132048211c0cda62a1faa27dee9102579ba1c1a8af28eb5ccb2aad489bb51

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
cdaea752d04262c5141a34938f4eafb3

SHA1
d3ff3a63bb4a484663233f8d9a81b4b7a5f3c49b

SHA256
ce004943dc0dae80814d02a0b57f8926b4832d10a310a7fc309651bee9a78df8

SHA512
9c0f0333fc350023b38ad4726a649fb864aed9a45c75456029a6562cb8c78cb963f59fd821ee65e44a4665303b66d8c047beda464262a6c4cda1d228b54fc0c7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
747f84123e54e76c5a81264ab4cb8525

SHA1
d26b8a886188dc549d13732ea248bb8f10967788

SHA256
c794690e1f66050712f4fd03d57406636f95b801bcad8dea1e6d54473e960323

SHA512
6bd49ac02a30f97ca22a3c7ab89909afc43047a91d10045720d772b9c93a206708badf449c8df46c6067ebb9d63ff28c5f042a148df0d59ef74ed1ccbf121852

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
e2af228e6b46ddf27534b57fb43385e6

SHA1
68e9c6e6abebfc02e87c029a8c483aab0901cd35

SHA256
f5fc87804dfcdf5db84f4542e3e6bebedc62597111bf4211c71a9d3375f8915c

SHA512
7d8a95191e768fd32e2160a0ad14bb6f1affd957e8f3ee481ad447cc1c826068dbbfeb16c84fd1c829e6e56b8372c58ce2e58860df3ac550618ea923b84c2471

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

Filesize
3KB

MD5
93d96e913d3311cf40a662a8cf950d97

SHA1
4ebf31ada723699459658e0068048c42adbc3f4f

SHA256
eaddb84651f9f350545f50db54ae8309171f56a6953879f3a027f3cfe0dd62a8

SHA512
7a39daf77870a940a8f9e6503705d9f0c1e9908163785701da66a2f9b8e37365d314892fccfe305e2808e7ec79b57d28e5657e6b0d2a7d8da54281972f4bc5e7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

Filesize
462B

MD5
5b724dc8e30dd4fa31e86156dae0aa74

SHA1
f3fc2cb17509c945333a3417a919b29d021fe4c6

SHA256
aa7c068883f0272d51c51e908c295065c023adaa71f5f2fcdeb3225a44f08324

SHA512
aef2942910399fb8e6f1227e37ef196a06237c5cac4eb8bb523a298dd3595b608558c9141bf3d1e4837e3ff2664b233e99aa1d0b065173928820467d2bd0bd6a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

Filesize
264B

MD5
58e21dd664ef25fe883754aac4a35455

SHA1
b371ff3a88502d70f79128bb8da265339491afb0

SHA256
fff5ff194d37a6869dd250c5a88c4a5f11faec0bb9f76a465c0eceb0ae144ddc

SHA512
b1cb4628f942ba741b92cf61cc35aa02cee91e9d502e89accc66616e453a6fcf709bc595ca7fb3f6530d51235436019294a979e87dfe5604eb4358bcd410b927

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
71ce17ee97473b90deaaa86f2bc9fc6e

SHA1
1c1bb7b261e478acff43c38f45cb8b6705a4a1f3

SHA256
41be77e318effc7c42997b26f2dac88b76771c1cf5cf78e05d4b3995bec2c2d3

SHA512
bd5ad618c6c375649cc4ee780010d8506b88da0cdb4c5e9892ac4bef673b96f10b64ef843787b1994bdeab9f84f1953d8e4cb3835037f65d55089bf7d47599e0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
152b5b54e61bb329ea5289304384332f

SHA1
d3dc4955282ea41890130ff47c3c909a6ea63a33

SHA256
15ddcf6e82bec42d33ad2feb0fc16037b3dd5a38c45ef9350e5a248b7c985a01

SHA512
b51c61e937383d81f3a8d6fe51c0dadbc5fb6910a10f5f67317fc40820a8c7923878459c9091a97ff248989980b5afd2999cbf6ed38fe25ee2dee9f70c1d7cdd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
6410bea46eaae6720b7725a3753a84ea

SHA1
787dbe13f9e181546d8e239359b460c174283f38

SHA256
7a9c48220d3b09f0099e0d2b331069c76d763d39f453eed8e606bceea9f4d784

SHA512
16ae92f5d165b37b0642188d7aa2e63f1e4867ddfded7760728b4018a22a07ea3320c937f19cb559add5f6f6587f51b800eff91ecbfdf53230efdd5213e0dbfa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
e5588bec3a03d5a1b9ebee8048ccc7d8

SHA1
90ec8137d90129d9a5ac4a19ddf6cadd04d2cb69

SHA256
954256225cfea55d1f07710645fde442241175684142d4bb77c28484ed058db4

SHA512
2fb09eb74230f854cad10c38b72e2b3a20e1942396a62d912dac1769be506709317036507c8553e49c771eab04d613a883d058eabd785bd765a7b7fd46276472

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
da6edbbd6f9b111151edfcdb1eaf2333

SHA1
b102cb0f9131c52c9688e163c55fd9f93b15ffda

SHA256
20ebe5319352d11039d8314d2e8909ab94e6a1907b8ce8795def73ae30fffd48

SHA512
0a23a3b3b1e94493f9fbeb49fc1df1d9db72550a55ad897094431795f561c896ca79dbfd37114b7d959c39c5d7b8c8f43182fb7f52df6cd139715260b8aad57a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

Filesize
26KB

MD5
14212551e3f93d2e823a1b3cd848c9a4

SHA1
43d524e516cbd3000032eaae90af8657ac947f2a

SHA256
643fcef557808072085c4b22fc6337339bab3efbb3ec94aa229dfd18b1dd7c3d

SHA512
f086349eaa53770e6c455bc115d33e14fa3be51aba4fb304632598eed3b1c01962ec92d9b95abd5247cd1dc4dd33bff3bec5141aa065b9db5012b508a384aa6f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
7f184abdd298166dfc409acd2b47ea27

SHA1
4ed4464e674a0b7017252257974cbc47fad3affa

SHA256
0ba8501f6ed7736a0beb23838d641cb068c60165c905e8c92ad34a63c17741b4

SHA512
a6402ede53ffd7ac0e0e827d7fff792cc497d55bcffd858e0ec5b221372d1a16469fbede282fa312dedf54f1b9dda1a087c64712e38e0b5bf709e8b4274bb81e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
0eed268a7884c2bad2ef2ad2a134d5be

SHA1
15f534c9fb21d3436daa828f63d4b9567b16b1aa

SHA256
08b3be554389ad52a72a1eb8bd1bd2096138ffde451fdf31f5164116d5d08b9a

SHA512
93f02b85a94faf15ec3c9c9c6bfac931250c83eb4b6faaa703350a6923ae008ec29d59aed9b7539f4e0a1df16303fa54c397f44520acf57ac93fa5ca6237210a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
84cb3932097f37fb2363a3de69994123

SHA1
cd007d46a7d4a538a2f13f5e19e6cb1c9ca62ba9

SHA256
c60b96367124b8ff8fd5ba38ac509c9edaaa7a38868991be11b608a9d2cb4bdf

SHA512
1c9537a664c4578876de92547202a0fb47e7cc7d007862d160b5eb3d230966551573df4354c97012f2794bd2d710f9b08e2ddd031a5ecf648b86ce7e12c0b203

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
c432446b67ad3878e17c842e2e1d0c69

SHA1
9a9cd58fa7c7f48410dad19823a9f1399cec76bc

SHA256
b10cbb8b0730eeb6f45e4f4ba0fd7c2037de62847675692e7f0b4e87e190ebef

SHA512
7064360845b2b30e98204f3b2188e007a1e4c973dad73e677c3df0a1856dad0df926ade5baccdc721e2df6065c87e7b46c46f78065c1dd0c68d627636f7c9ab8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
9f0ba2a36a3082be519d274d78526a7b

SHA1
0ffaaf835ee187049686124c7f9ddba212a8f619

SHA256
0c9ef77a02daba5e35de529810611fa0c07e0919b20c09fdcb3f78f19bb1a27d

SHA512
2c1bec723f33649f55c29c96647d4a7e9c805386fcf0c012358cd7049ba5ba222e1c744bb1d91184f5149c924d2b86e21ffac4dfeae48166f2b7e3ed59174079

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
50e131098d07143f00ef1f9ca5093bcd

SHA1
f88d3f0c0290c787dc48b014305715e75c3b367f

SHA256
a0df530f68d1fcb1970a5feb8dd95ae15a1e8ef28b7206d18f784844e92143fc

SHA512
33d2af680a178795bc238ce179e47feb745017c4d75406e5ea9b00a8d5c039140c3f4c2f0cd452a129c972a2b997cf19a4269506c67b46827f993f9ccd659846

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
3e49510b2391c977f7297f956fb8f9da

SHA1
801822bc098f82c2686fffd3712c4825903327c1

SHA256
cd67fad45614ac96bfb92404db6993f02e0d37045f6d21c0d67b932439881d11

SHA512
cdaef0a42329f33e6e85da0b94a2d74ea3a4f280ec9804e1a8fae31062e64e8b01ebdb99530a492bbc86a6b0f111577665243ff1b4f410fef714cdbb9cda8c81

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
bb002368a059b69568ba46b252c3cf32

SHA1
6605ae262e4ed13e511e0ee025ffa372dcd8ac74

SHA256
ebf11b8d1451b76d80456c3294b0a27814edd3503ad13e1a2017525786cfcd70

SHA512
1062699a47cf5b75d9d334422cb0719984227b923f58ec26f46ae694aeddeac5ca60b05263e59c9de03255b58b4a1376570fa1271e0f2806caa75810b9c17929

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
6b7850535345001e9470b786947e2d55

SHA1
55f731649a90fabfb7d439083d0d7879481e6c74

SHA256
d3d93da4c3b37e55fa1e1c44e003ad22b4fbe946f25a066fd6a65d4ac65299cb

SHA512
ed2a9e276ad83e689de06097514f833e47d296ac770f714e054fc0701e537d909fbf25c5ab70a52787695d5c24e9252263f3a7a4d26ba7b14b7a187cd4e3f11c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
9d46f26294783131e416e0b230543665

SHA1
7274055e525fddb4ea08b398a9af42f534b0dc4c

SHA256
2aad05c7b2ff1e4010c56856fa9d534ccd60271a7e79c70d892162ea6b0cf029

SHA512
6550978a84239472c89c8cd9c0f7fd62400ea355b0ce23a02d460f22118317d8ba2ff1a975824e837414cf4ae1f28123348f5b4ead7d23e52d0114a014c473a7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
469cccd8a3cb6837b9000133ad9f994b

SHA1
ef3c8d662eae0ad9a9d8e20d48957304381ed5e8

SHA256
d8d46fcf594d41bfef96dc33af0d133a2fa3f43e44a9bb71c511f3d7d5a5620d

SHA512
693b41490c991de4166e78f33968ddf52258808ad070eeed6ad9c2f211c866edff0d876c5c2d2f17aecf447d8a7ce5217453f68f539c0ad292f193689e125ce7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
87f39aa33de6146a06e3b935020b6631

SHA1
e484aceaa7f198261db9293d61a634821f3f4de6

SHA256
4853fdfbc470340f94cd7065daac805bea850eca34261cce56636ef1ff947d94

SHA512
569f5bdb6b02f6431fe506649d59b224dc56eeaa4a604dbc6af971c14bc520318d51e42c3ac94fa94d537e415075ae79056f214040ef876cf4767bcb037a64b4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
52b2a6dc694d7fbf70a0b68749c0173d

SHA1
de7831cc9f14ea40cb025e3648540aa985711be7

SHA256
1acabbd7984e194cd02b1a91e2e3cfd73c67997d1e9fef0a3eb112c50534ecf1

SHA512
4bf2138dc44cff0a799539d1de243e4f9956833c13197fe5c209c7a237f8da9f3f7e3de7a012b2341b883151a34889e6cd2080e05bd2069b3d37c628c2c6bab7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
342278e9319b37e075773ea2fe62db06

SHA1
2deaef38fa9478ec860ddedb9ebc458bdd71b800

SHA256
06cec502d5da15b6406179109a27de18765d646ca5c99268ee8c52ef164d2e0b

SHA512
ed64880fd6c093818db268f1e1494e067d983bdadcec9206d263c121be61fcc0fc3e26b1b52b747871c92eaf6642f8293f2d7ff326fb71b66bcac93937f4196b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
0abf362e345d0707c34b96d56ec84c35

SHA1
33af14bd0daf1f6e253cf858186ef0d15b1150ba

SHA256
26b8a73cd4d8087d4ec603d21df4305afaa4335c77c7199e72173e848194b8fe

SHA512
d0897d185556b509ff2a49f4005741aadf9fb3ec6a032226d362ead223d6e53776299d61825cc7c5694c2322c361235a792ac2a87310d72be2751bcbb0190087

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
198d5b671781d36def3f043c122d602b

SHA1
c5ec9c4129d495d6866d46f2dab9731ae9f5f15a

SHA256
45e44b8026e7f43a323e5beaf32bb7576ca485ff6fb9335a969fa3dfc3739b7b

SHA512
48dcc7033f7d434ecf3f951133375917c94bdafa9658867e1dccf78d565a9d69353d82ef8f32ccffc200a1f44f361a3c8d8402cda720879acc149ac15c67d8ea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
5c41b3fde7d28f3cf7e13a29f9e004ef

SHA1
72de878a87eb108ec12594ef0185266f65b5e175

SHA256
c90a9a5373a59afce2756371db29e6c79c1d88a37282e7c3bd4cb380c2398da2

SHA512
e77c124aa9ca3dd6d43338e8b81236c94905d77e0878b854e3c5e3a40baaa0f484706b9879a14d196d26ba340acbe63796b4f0d3f5c53fd1a2a785841d1fdd16

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
f5c5407197d7322d26d75bc3816cf0e3

SHA1
04fbcf505c9579a4645c9d3c5795ce644fc5740a

SHA256
a37cdf2172bdb8809e0686011610b6fc9d9409b88c3018f1dab8e0ac9693ef5e

SHA512
004ef4b247a9db9da28c87b8cca47ff8e50a2c938c3330a5067f86043a99387aef2f55fce72cda66eaa18697fbd2a876ce2c8adfe313b8981f38d2e2f7ec7f59

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
642f0f2e7492b383cd0f2e0b75eca15b

SHA1
c3b6ade2cb8a3754522c4bf0392e8937be23f7a2

SHA256
cf06397c3854cdda76146f73e02e11eb996b37e4c6a413f7ad0462b134e798bf

SHA512
e008e736e8e38746cad554bae65d14845ede49eeb4b4e15a1680620aa8035c241c2b63d26e069762ce4535037eb7c2f4cff429381245a6eac41f999c0965f9df

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
e158bbf14e5cc4493d09ae445613a5b9

SHA1
f5cec7b44e7bbb6ce51befce4f4b017babf9dad0

SHA256
6134944ea4d326d9f384043a9e058e7dcba7278a6e4eeb6e28939df2ea69d66a

SHA512
9817a4929b1c408d819e703bffc37492d52ad6009a68deae4b28fbd104f5693686413635a2fc69536bad1cd651cb396414bb3618eed657dd9d2541ef81ee19c3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
5885db0a25de918c17c241466cd08348

SHA1
8a05e19b687bfa2133b6a2774d9b93b00c93028a

SHA256
a2f8960ef70a4d43dbd39c629e5624b0013df2ef0aa86a1d10749e25f492ce83

SHA512
bf3d59dfc05d5fae1c6247771fe0be390a55f07c06b830f665c14d4d37c79289b7ebe7daaea54357191bf5ac0b43ce7ecaaabc73b4df262b86d0bd3b54744f5e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
75a8ea25ac0096f9686259b284853aa3

SHA1
3a6de889578e6e4ab521a50ae78211d2892ff472

SHA256
4c760ff48b5f28e7727701befec69787ae684a9eb5e381d97cd4a364c9ce7022

SHA512
36272979c2bbf855f09eea1d926ae0c836a0a920f49f876d4f719dc0d507a9f23f2ab1cfb926591f53007da90f65ff161d105311041322097e70defba574e0ab

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
1bf1331f3f8a3b427f6c76c9eb2e1d33

SHA1
69e5d37f92894a7430feb1258c373ab563027a17

SHA256
b541a33c4a00436e451dfdf582e4428b28f197900e17645345ecca42884c8ee5

SHA512
9c60fa51cee129eb76e81b08ef63754a8e132f82725b43a63136b9e9fef2a9ff50c35957a0e3f2e76efeceb2777f274d6a4e677440ac3d9f2b447849060ba637

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
57a830c949e2f06785a8262b23c8a733

SHA1
083ad85c2dafc16548b7f05141b888104414d379

SHA256
39f6ce804e25ec1131c30085684d368808b793a4cc71641c76912d84038f6fc4

SHA512
711cf475f6573ab7b07d75e460ed61684e703997c1fe3a42cf52dc6cfa6de6e19a8bf6a44c17579cc5ee9eea2a086d538a2227c798ec1d371588f6ccc33d92bb

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
38f98c109a2c1a5b6739bc81268c13af

SHA1
9e12019d407f0b1bbb8aa88eb2f823bc21e6a390

SHA256
8ab0fa048eef4442cc15885666d9cac6cb90cb2a8d20d8408cdef8f5bd35ad56

SHA512
5b8cb3857597c12bc1926b5dcff56cb4489cb32e73fd5c6985f285ef01fe86ecaf3d8b8be5cf4bb5ccd3467cb7f6987d418f2fcd75d0e614df8ec00fb904eb42

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
7948a8ba37b47213c32abdcfc3846a29

SHA1
f086fe246b1077888e254bd3113a49fe65b2e173

SHA256
e9d440d0262bb118bf9b80d9549c5d706e51d41b3229fe419f41ce6d1576d818

SHA512
9d27000003a8b39ba966cdebbd8935cebbc527003bd56fdfad59530a1fdf3acb7d47742803a0c8de60d9633c1086ef973d2815ee2135f4e4c44ef22d672b77d5

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
383c482a636802db9a99d43276e87e97

SHA1
8f8c2b3030c8d6fc7af6a54302e88aa441fef1ac

SHA256
c52b7fe97dd298f855de24cee1de6930c07db3a32ee397096caabae7e8b6be88

SHA512
2cc6c8e05bf52ad40f348ab383dad1015aeaccb4b9dd620fbd0ede54b1a723ec2ec4cc7376b9e6f2166dee83e41c44d3d31be23f3a58a1dedd4742412569407e

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
dc81c89a0fdc6c79fd233d002979db62

SHA1
bc68d7fd647dffbcc796c1337244fd76dab2afbd

SHA256
bb3d4c16b9c7b9a64a29ea6f9ac13ad90d74079ac4a6301d037021e4a75aa43a

SHA512
ec61a53f2932d1f30de6ff55b3a0ef9104d177efa59c901966776722f4a020797e5a9648aa70ba73ebc7e91f3216e0fa83943529d29293fb0e6e4ab200d8d285

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
fd32ad39b6b3a2b1ef0d5439b0d9bb5c

SHA1
eeed56ae7d5ddf1d79784bb87ab1608624bfc540

SHA256
bf29388fcfdbd7ba0026865560fcae5d6945d23e6953a9ced846e3383177f81f

SHA512
f6c83418df5f700a7424f11f0187c12bfdbe140ba356a39505d16a1e4d809894f300c095421c4cd44ca20f3902b2f5b70b1313626633e799e761fd433710725b

Download Submit
C:\Users\Admin\Documents\RenameSelect.xlsx

Filesize
12KB

MD5
e6aaaff92fef72e768d383ef26c2e386

SHA1
dacfbb437ff39ff527942bbf8bd7428224092d86

SHA256
82414e7382e5e417d6d862ccb90a2cfd83867c68c8a0ddf37d0ebad985c7eb45

SHA512
7a67317175bf4f32edf8f88e1524f0e9846af75768db223ca9ee0f13e40048fa6c73de1a3814332b56bba2774c3a85b2af954e054d2a64c21881aa18e34ac3e1

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
55eb30eefea881c64907150731204ee2

SHA1
1b28b455a000d446979005887879253c51a7eb62

SHA256
8a7e6161d8951761c01a18a92fe7f65330b286fc6b70a9307516d54abc7cc20a

SHA512
95193d7dd7a5b27490f8d543a64112c9578eb7b34f2c5ce3fc72e89d233ec69747ed2e4b3c74fc1087668d9d1fb7ad19fd988660ceff0602acc54087c38b8850

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallCommon.sql

Filesize
24KB

MD5
2f5e2f5eb831c19fe8c45cbd207eb65b

SHA1
ec94349e8b057d70b1f184a25b58d21f518537c6

SHA256
1472725202e817a3d6cf400d018a66369622be0c987c5404358ec2ba7b1de172

SHA512
1c4704c087e52c824a7fb47a09919f9449c11e2b29876e71c440394e5fcca931440b26d7f76a89fe1efa2f6cab82b44b593fd985510081f055648aeda2ea9f45

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallMembership.sql.CryptoTorLocker2015

Filesize
54KB

MD5
347df849cae49b62f220f52688bc7ae4

SHA1
deab52ca391ab902fa39302bc073ce218bd9d63f

SHA256
e8480828262f4a9f4d24217a2bb6ad991e1c5e94debfe2d3dfd3ccbcb94e164d

SHA512
cad254dce3cfba470acb9dbadfedb18b3a48879a1799857ecee77b376c59cef486d022510d914f9122522c4cbef019615fefa76e46aea171e668e612134c6f6e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersistSqlState.sql

Filesize
51KB

MD5
ad7aaa67b6f2e63d205d97da8f36c82c

SHA1
6abdb36d9781217ce6c17ec31dccf15bed9faf45

SHA256
e5ca1ccbf1fbbde25d797d10785d0d7acada9b048887d6bc963546abd47b2f39

SHA512
209fce4301c82deb3726bef9adb966a9d9ddaa5f763285f11d41cf41d3ab751bd927890a2fff41c88723e6269940822b9badc1e711e2d40be41b69cad3033cd7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersonalization.sql

Filesize
34KB

MD5
a86ea9ab1938f10f9693ea5555a5c69c

SHA1
19fbf46161306ba06656c5fa6bd709b9b1f892f7

SHA256
f831aa223985c7e4a55ae094dd82da43939fc6257efbaad6aab291a5fd46492d

SHA512
cea451d976454bf49c04d807ca0a4f42331c358823325d0893ede025d90c2d4794decbd7e02c5032a60952e5adb7f83fca883d5fd8381e8cc221be708b6b9b4f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallProfile.SQL

Filesize
20KB

MD5
c53df44f083a63ae9dd2d5b06dd7a012

SHA1
854546fe3b52a93f743bbdce985c79f27b0c215c

SHA256
2cba2497a7b5ff73dcc3d86edff23a5d8c352c86222b6f81894a34a51635ccff

SHA512
a71e58ffc61d435c4fdd29014578d66636ea7ef31d7874bcef20d7200cbb4a51cd4d594ed34c42cdbba033d0d57e0d997d7438bc0cb256459330548e13a90d83

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallRoles.sql

Filesize
33KB

MD5
6a3a8256f36a153d65fcba43fbbff37f

SHA1
17b79c20f63daf1e72af9d87bc26193eb31a29f9

SHA256
cd11c2a12e9e188ac188157e96989c2a8429f0e404954c9fc9d33e940c8ed00d

SHA512
989c7aecf304f36452650a80b29fe00ecf06f623e10ab44a2fe1e2b0687d5519eb7bb9f17014254fe665c94ebc18acaf85113715a85e1d8b6d33fb2ba724319a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlState.sql

Filesize
50KB

MD5
30c5a1180cf5cf312d5f9e592d573e85

SHA1
30a0b03be30ac9e1f65a36e9ccc6174d15def1e7

SHA256
b01aa06ff2e4bc6073363588f875a52f9cf976bbf2208021f8af83c95787a675

SHA512
13acf9ced245848702b1e469d0a4aca5a45a59c9858cc2c472a4535ee29c47b5ddab8f8bb55063d1dcf3ba135a89234c89b68b80d9fe116d7cae1e1c0075ef7c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlStateTemplate.sql

Filesize
52KB

MD5
918fbd1d2041c7d1e4ce2246bb41cd15

SHA1
f2d0e578263738fd655f118bec0c4fc273cf9395

SHA256
665b76832f9881f1fb7a643ca69590df8d9fb194493afc81d1849d1be9f1c8d9

SHA512
14d6af03a1283b1c892dc7e250c4251d7ecdfa7f269dafddf55d66eca55ccfe7cf6c762ba00956c1aef5c7cfa11034607dcdbc712e6bab63a846dabe43cf8f05

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallWebEventSqlProvider.sql

Filesize
6KB

MD5
3f8527e01176f9dc52cc37ef973256e5

SHA1
d1a932256ef9de61aad199693244eb38ba4a2a18

SHA256
d988faf1a1f903d16c7437bd0ed1b60ac0d8562ce579ab533d188b5793d1f96b

SHA512
e573b45a3ce8194298fe7cc61a6a7e730fa998bddabdf4019697429161d910dff827498f1c96a697908dc568214c95d08a2289bb962dc080ce85e64197d0d8ef

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UnInstallProfile.SQL

Filesize
4KB

MD5
bffa741d6728a267dab7f91f69bfce3f

SHA1
b9b30edfbfb9b7383aa9c243c6ae7ea60a416bef

SHA256
aadf222b34bdb651709603ef6e5ae03cbbe7cb9ab2e602dc45f1e9ef171cb7e5

SHA512
d960dc2c101b59621e471c268d3686c625869174c8bca3cbc1519ca340db8b1cd4491e4d3bb330da462ffb87459566ec56e21f3690329dc19babd5a27941f89d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallCommon.sql

Filesize
3KB

MD5
01742d1c533dd3c1f4cc209eb26823d9

SHA1
72a84f81b0b53f754f794e070fad381080ae404b

SHA256
e129c64254a19dab17659ea515edeb97c76d6d3db5efb9d35bfe22f3d9f92a0e

SHA512
e53b70eeb81879714c0e8c3fd74634dd2cf20c82bffef218fcb2ed741451a0eeff70560c4fb8726ab6976a5f163e671e88ecccde2fb1bac7ce5defff3aac1fb3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallMembership.sql

Filesize
6KB

MD5
d86d414de312bc13e74fb9d4ceb5c260

SHA1
e10281827b477b052037e567c8ac9a220dd97d2f

SHA256
da421342e6991d6d6ebdabb51be7e07997cbdaf2e12cfb1b1c49f34713d9e769

SHA512
0d0dae34820e19408097282732f99ea03d3c57a14daf1f5dff8ba1acb793feb14ffa009cb417f3321b68946a131aa76b03ae45c422cd3c3e81e33d0b11c28ac9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersistSqlState.sql

Filesize
9KB

MD5
0850a128de1a82cc5f9a0a17881c1f6e

SHA1
cbf573c2f4fba4b6ac0b0ebee0a14296aedd2de8

SHA256
ede516cd783c0a2c6dd96d553ad8b2b9b1e822812762c6f4c6a53f3986d17254

SHA512
8012b9d8db14a8bed99b74f03d8305e938f20162716479d8f4dacbd318b9e98df519fd5b24d6267c5c34561875cbed9e3e25bf675f18f090de076ff23ceeff6c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersonalization.sql

Filesize
7KB

MD5
3b3e1960c944512e3c73c9b1b929ef01

SHA1
2579db5774dd6264cf4333bd063192ef2fe59a21

SHA256
a13ab5d9121980fa262db14982a9f5c43b9e71037698407499c79b26f9fab620

SHA512
240effca032f23895e332d5fc5065b67c8909562a775f727136a81ef11ecd0749fbd1f0653a1ddc232a4b5b7329bdec1128fed1cbc661f4520bcd5e014858b1a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallRoles.sql

Filesize
5KB

MD5
d7679b06ea3ecbdd56212b6e6e5ed99b

SHA1
7e21ec0198f0740baf544ac172f0eeb69f4df4a6

SHA256
52088e8a2ceb737e6b01ab275f06c84406a36f2c5ca481e53eca2f874ec32c8d

SHA512
ac9d6eddaf473be09a371be9b7e8c5ef2519e61e3031532ad34f49fb28daffb9a5b8382633ebc316321262bbac125bc217d4264422363b594515924bb0c5b27e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlState.sql

Filesize
9KB

MD5
30c69867898b89e64209cd32f799f0b8

SHA1
2e4683bd9c9986492564bcfb9884c1868e3fe3ee

SHA256
e178ab75d6524539a9c5f89d8b1e4f847e66b0b225767b2afe6a5d93e9784dec

SHA512
672277a2323200ab614996ccb268edad23c8b3571fa323e0543b51ef9976bd2f4bd4e6e1e1a3afcf69ebca973cd2861c59ae8d55b1db4edeedafa5695ceb5e96

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlStateTemplate.sql

Filesize
11KB

MD5
a182309970f6381106eb78c5323e450b

SHA1
2dd1656756bf1dcd27a029c3ec72efe0ef4dd462

SHA256
8852f69921e30f55940ecba38967c9f6a463edcc3c2e2db3d545172023cb8f29

SHA512
964873e3134c60a77e106642aa8ccc6ac0eee6fc2f0d0b9d6040c64400e3a8a98100f594d1fd2ece82806364fdf9aa8d062435a9021bb80a6098cde0dc0d658e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallWebEventSqlProvider.sql.CryptoTorLocker2015

Filesize
2KB

MD5
180fba033218b528a4613ef7d049c283

SHA1
c09b9a25d60304f7d1045959e083298a006aa5b2

SHA256
461175c174063d0bd5088437b948fd3c48eacb19dce70d579e83c269b487d7cc

SHA512
91aaf26982a5c99997e524d06c93d6154512b222b991604a0bda26dcea74466923c0cd21649281828e085f4b73d48057c0e80ba19b70938933b775099c0658bd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
dd95eb82af1cb745b2ca4c3301a5d937

SHA1
4bb7c2af7ca9dcc0e482f65aeecec3556b4056b5

SHA256
5865461ad13d737ea9e915e788f957eb87b0fb42f69330d6f1b6e4eb73cd1687

SHA512
671f4c939cb5268315d9fc1b766538037f33e77dac9ec810124c04b40f401d14a1d62d4f8bb3646b8a7ba9c6f3f16ec863af308697248357fdab934314436b80

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
77621ad0db95cd7aa3b18331bb78e8d2

SHA1
6c7d3cde5521aa243d8ccb9af2d2345e4f361799

SHA256
5da7bf87988f29b04517ba7b20c1058702a2011e675d765a95783d4cd3da5090

SHA512
2c27ddc88d62a30533cf4d9b08d465eade79c37b2c4168cfd383dfeff11ba671ab1b86e26741e9f4379593f2c9b0904a045283202a298e14ba270e706cdafd6a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
e841b85ca7a8599d0f049b58727bff89

SHA1
747944e20f878a203faa0f0646edf9507d3456cc

SHA256
1bc9f4a76a209a063197e6c98786fe46e97a85c6e9fee3e806a45d146dd45d46

SHA512
c8b0380a57c10b22a08e6c4842a195c6b8ca0cf02a62e35a5112c81ffa20632e864ec0c12f329fd3816a8a21b052eff56011e82def3059631088414e9743326f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
e87496333cad95b8e46106d6df381cdc

SHA1
58e0307579cc8268f72d7fbbc1cf541685024999

SHA256
682cdd99930d4a45de6730d5a7eb27726dd70a63d71d2e87f43f33dfed49bb97

SHA512
74ac90b467302b4dcb2b50752ebc3a1ef230f90b884258a6917bc9c6d8714ac0e238ed8c464fa2e9634b358f139dead052851bfeb13b1b293946619553526d56

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
4e20fa35bcbf9f033b49d59e54acea7f

SHA1
186956e9223bcb506cba537ef5ff57551c2188d1

SHA256
82ff24a31c042ea6930c70c2fe200de83c9b4ccfe08d29744b9bace629d4a6a2

SHA512
d91aa67998896668f4479fefd6823aa97c0d77d58b0d085fc0bdeeb20c58baa360ddb3402bdd7f37310f4869e296d88c73a609cb578758672197c1f0800bb25e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
f5ca0a72e88687188f532d8187ce1c03

SHA1
e621b26daf130cf5831ae115b1caa6bc35cbcfec

SHA256
b1d3778117a3d17e122b53cd09722593eb46ce8a8b7f81b38329d6c1c89c5a9e

SHA512
efc5cd587c4053f5c9e2d6c7c9eeca86c5235ed30d00bb049c1c57632d246fdd9dea922d80bb1ae8ef868f83f7d0e186cd2d88192a77f69034bfda6153c222fa

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
2e41ebef7742876009d1fb72f3ce19d8

SHA1
f5c031e2f4e9870d6d0249cab70813a165df54bf

SHA256
d43826bce1d5f3c9faf9f7b1205500b1309b34d24e42ecf0e2f1f3ff0d5d9a3b

SHA512
aaecb12b6cada85043c626d183568a06ab0e64c2853b9c1bb40ff5d42716cdb690a7d28a1a512d17398253fe9ea0244bd4ec46e553eba62fe8c92eb1d1bf2cac

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
a259c3ac00e96cf08d2275548b1cb876

SHA1
a2e9f00db0ca38ae43981f7382f798b626b805a2

SHA256
841f0fd2181138316e809298be2cc522fd9fa723afa5e5992ddc50952ff9c054

SHA512
48883922d20013bda59c8d3fbaea40d36b06b387c935cac6784511912cca91a1be3669e6ae2fae96f54aa9511d8388a7b6eba4892b430346c737536365e4aa06

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
be9fe65fbfc61621793bf89536f7954a

SHA1
6f53058bb15ed6eeffb365f173d4a4eee0e81f9a

SHA256
c6a5a8060eae79d8ef967bf18665b9e977c6fdcd64cc03669f64dea5cd85414d

SHA512
d54dcf9d1b6fc0a85be546e54cee057d58d3263162b8d77932185394df0d247cf63f2f2e80209220930618dca65c347b7f5769941399c89206459efe84a21ea8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
9b0bd05208a5ba2020033788e7979a04

SHA1
bd12653cf4ba32db4d739792e847dc2f086aa816

SHA256
2c3b78fceba0aabe7113a0de3d6703bb14dc346c93f7dc14bd5ee81fefdc84b7

SHA512
1f16daa98b9e4255e5e1628f42d21934bdd94c136af0008ead70d9f0f4f6470481d153e96791037911f2054348fa4fc891208a80051da351f46e72a057b02d14

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
3ccfaf44d005819cef439334920bb340

SHA1
e0c78ac672e10ad655f6360e115f72ef77048f42

SHA256
18bbb6ab207ff52badfb6fb38636e865934764f4eac24428799917656fa517da

SHA512
37da0d2bd7534d26e2863c768d5e3f6116eab944664126c53edb977f649604703320dffb4060d7d995631a2adf18f11f2054ea19571b464fe0c095e9063bd236

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
82f1bfedce7e7b611760ffcf22993cd8

SHA1
9a5214ebefcd028524e63b7556e39c627ac74846

SHA256
509a26b2811348cda04734de3bcb6cf1c9b75c1f2e39f2ae775c319ceab75fcd

SHA512
f13c666af9cbbeab71c03338a941732d039a670c7b7a8904159ec130a59bb3508ec61fbc5153558ee424013e3e5a79f6cf5e92afaaf7e98d2ba30bb83421c44b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
b51a56346d58b0fac59af274ff3279a9

SHA1
339e23d11069a2f8e4d82cd93294838996303fc8

SHA256
b229020ad39a2b4707f34f31bacfba9d1e9d465be20d8dd3ae9765c25b85c494

SHA512
a9882acf4e56a7543001d0a8d61dea92c19dd264f6c7c0b559eb84e673bcc58f05e8717b686e96d14113219a379d27a33f50008525a3a961d9ebd6050f0212d2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
441faf5cb3be6e74380fbc118dc50aed

SHA1
9ab30ba04d852d1fe87d0ade6e5471e0fc0882ff

SHA256
f850cec607088830be8084ac4207dc137d81d5ec3b2b1b6b12cd53600ebde6aa

SHA512
27295068852229e2607390149d7c47efd5781ed947f1a05b897ee3ae34e2159dc73d7609defd3c5da298a0bc6b6127aa5bbfcf595f9db9559b8f250e0040dbc0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
eac6b774af88cd2ccf20983b32687982

SHA1
6a577f56531e5ce18849d633db3821cd947e8aab

SHA256
67cd596e4b11850054916be44e50077c1c2c46c0c7727718aacd199a93dc50d0

SHA512
8c03f5b17f6262c866edf31f1cd23f703b8a2dcff9c6b9b6fd3117844632630a249a3cf5ee747fefc47bf9bec31c6a9cc1f8b0dac2d46f084a6e6fc4d753da25

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
819a8e49f1223052d4e30cd9b97c973d

SHA1
b180a701732381c8181c2aa934736f2fa6976feb

SHA256
f1950f445c0a2c561ec4ee234527aba545e09a0261b905069fe4ed82589e6ce9

SHA512
2f11de6bf9ad373ded1ead2d5be8064f645adbd9a75d324f7306fb541bc743634a59618895d41a990264d392441010692294a941a37cdeeec08b14dcc7db0591

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Logic.sql

Filesize
23KB

MD5
90b0cabb51844f14482d16f8f462570f

SHA1
7c0156ae6142af88c9a3c8ae4cbedd869070a0b9

SHA256
930ab5f94640fd3a208b52220a34899e952bd63bf79e8052ae86996660ec4c4e

SHA512
978b2729b4670c8fc71e4d61c090a5963007832c4eba2f30e30cf53cf17ca0ad05a8ca1e1cf7c99b576d6ea7a26ceb909d061277234ff538b1de9add1c9b5d2d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Schema.sql

Filesize
4KB

MD5
eacb7bc7db1a9066ba9e328650f1a872

SHA1
52a37ed5a366eb191a9543a7b65a09e90e3ee344

SHA256
bc5390eb9a58c1192764554db53216fcad1aebc6ee027b0d79fac646edea84aa

SHA512
603fe9b71640e82a73f2f5ade0a827f11df789da1c81e0d6058df66b954034ce3c83b8ee181f9a6885ec503c45d3819661356acba4dfe3db0798cdfd13d70768

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Logic.sql

Filesize
372KB

MD5
26d88cbc4f4ec65e960eaa3fc3cc1ac4

SHA1
7b3dbd9bdae7fc7946ca9e27c2a0d5d9a6d8a5e7

SHA256
bb308c19646aad0083ea4b6e8a17bf6bf2f70e43e6c1882555585b1667ed07e8

SHA512
7896ae0bef3782e322d273cfa9ef21be1f28fb7f64573c0e429c0443bd847b1a0bf36cfadea7f64817e8dd9968204a8cfd1448b27ed9c0746caeb18e4074effe

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Schema.sql

Filesize
49KB

MD5
a5f02f79f67873187936065ffe01b4f3

SHA1
3147e67aaa752e8c4be17e970f33aeb7250ad27d

SHA256
3d2f288bc88b484338ee61f339d353897ad80b4d8fb095ff731d9d1ec26ded6c

SHA512
47fc44c34bf67557310f262e866e0bc181bdd7b419c0c1bc587c3f2cf81551fe8f9dcb809bea876e8ee22e72a1070017d56aaf4188388965541fc51966667df3

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\DropSqlPersistenceProviderLogic.sql

Filesize
2KB

MD5
eb45050384f460b8359de2fc6c20ba15

SHA1
499ba6dbfa2b7a21187b6d05f6f647cdfeb3e230

SHA256
dc714b27f7d06b502d6c0a3fde5c25f8de910c563f8c53236e875ac5c5da7563

SHA512
35abd26db6eff92da3c9255cddb249afe50deacc90dd6b4c3c9b5768ac3da6d88cfb2a7adbc8c31bd37a7346c485e53de4e84caae1d8b0a358ef4138a3f132ff

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\SqlPersistenceProviderLogic.sql

Filesize
13KB

MD5
62e40c4abaf9bb39463c526abaffb4a7

SHA1
f85a9e1d35fc457f67588ccb47216dbd8434bfac

SHA256
cb876db64268be8ab0d4aa924d1fc2b32c0f4304a17a319b717e39145277efbd

SHA512
03160dae2e382ce820a08a181a83c31f020dd31815986308f5aefbd43cfcc740096b004a64714e4128ca208e9089b8f67c25b598926343767d40121524cb6599

Download Submit
C:\vcredist2010_x86.log.html

Filesize
81KB

MD5
738d7a7370f040a43b7ecf67a6b50ec4

SHA1
0a1d922802e97d1d4ece5db5e74af93866996c19

SHA256
2e1a7a401d3dc38eea2adeec8b4b51a6e246044b7de969b8baaa4972ec95d8b8

SHA512
2c7c0b2b8b8c7f0565ceb065930d4943c4a8df345eb9c7abf6cc69f98f9f99caf2941f2ce43379b234a3787942b5b42775454578e1b5db283f2c810b702c3810

Download Submit