xorist | c1ff7936d3eb96ab174c4411bfb95ae7ba287e0a9abb8cd26002610b62318de4

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
03-11-2024 01:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
Size

1.4MB
MD5

8901e13e8e01a6f9223c78a903d8fb46
SHA1

a015f096d431e42e0df67b21c4eabe4ebf2f476a
SHA256

c1ff7936d3eb96ab174c4411bfb95ae7ba287e0a9abb8cd26002610b62318de4
SHA512

f7ae948f33fb2270c5ea5bd150c039592edb8d1511dce1077739f17b4f91c6b43c9075a71f15248f7f94f0c159be3e5dcd189c93b7bcbc99847a8185f374ff08
SSDEEP

24576:q9WQitvyUilzOUxaOWk01G4fbu/F41jen6KXYzkEEknJS7DFN4L3GmPA705sCvsF:q9WDAUozOUxaOyGau6I6WPDvlAAoefk1

Score

10^/10

xorist discovery persistence ransomware spyware stealer

Malware Config

Signatures

Detected Xorist Ransomware 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1968-0-0x0000000000400000-0x0000000000560000-memory.dmp	family_xorist
behavioral1/memory/1968-6391-0x0000000000400000-0x0000000000560000-memory.dmp	family_xorist
behavioral1/memory/1968-9926-0x0000000000400000-0x0000000000560000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (1912) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\en-US\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\w8i9eHkHOwWwQlX.exe"	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\Enterprise\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-international-core\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\com\en-US\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\0409\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wialx002.inf_amd64_neutral_71f4aacee1aa9f06\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasic\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_data_sections.help.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_transactions.help.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph3xibc3.inf_amd64_neutral_1da6abc36a79974f\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbvideo.inf_amd64_neutral_836a6716cd56c692\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomePremium\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pipelines.help.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\XPSViewer\ja-JP\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasicN\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\EnterpriseN\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0006\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_amd64_neutral_9b214cd9b78760aa\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\HomePremiumN\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc004.inf_amd64_neutral_bbd3435eeaf576ee\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremiumE\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\StarterN\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00f.inf_amd64_neutral_777b6911d18869b7\Amd64\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_aliases.help.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_regular_expressions.help.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_logical_operators.help.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_neutral_4616c3de1949be6d\Amd64\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ramdisk.inf_amd64_neutral_798b5d4dd3f22a07\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky305.inf_amd64_ja-jp_4d77cc4802b17ec3\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\StarterE\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_scopes.help.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_If.help.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\it-IT\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hpoa1ss.inf_amd64_neutral_8cae09a2238d64e0\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky009.inf_amd64_neutral_8e54c9ff272b72f1\Amd64\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_data_sections.help.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cxraptor_fm1236mk5_ibv64.inf_amd64_neutral_b81bec917adfaea5\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\EnterpriseE\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Enterprise\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mstape.inf_amd64_neutral_c2bb3ef1c45cd5a1\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\HomePremiumE\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_aliases.help.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_providers.help.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\brmfport.inf_amd64_neutral_f41f35e5c21bc350\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\shared\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnxx002.inf_amd64_neutral_560fdd891b24f384\Amd64\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\HomePremium\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbvbda.inf_amd64_neutral_2bfa4ea57bd5d74a\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\Amd64\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Assignment_Operators.help.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Automatic_Variables.help.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\EnterpriseE\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\elxstor.inf_amd64_neutral_4263942b9dfe9077\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl006.inf_amd64_neutral_e5693eb731048022\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\EnterpriseN\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\ja-JP\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_eventlogs.help.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\ja-JP\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdcm6.inf_amd64_neutral_b1db427ce3d2a1b4\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tpm.inf_amd64_neutral_d5bb6575cf91cd73\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Variables.help.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00d.inf_amd64_neutral_0600b2ba575729f4\Amd64\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0024\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmags64.inf_amd64_neutral_e68956e24e287714\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ioadilnadiknafik.bmp"	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

Processes:

8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe

description	ioc	process
File created	C:\Program Files\Windows Media Player\en-US\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\10.png	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_up.png	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143749.GIF	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\ado\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Chess\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_right.gif	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\es-ES\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02756U.BMP	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\en-US\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.PNG	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309705.JPG	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00516L.GIF	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\WSSFilesToolHomePageBackground.jpg	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14866_.GIF	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_orange.png	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\System\de-DE\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21422_.GIF	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_cloudy.png	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Solitaire\en-US\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\THMBNAIL.PNG	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341559.JPG	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Slate\TAB_ON.GIF	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145895.JPG	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR19F.GIF	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageSlice.gif	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\SUCTION.WAV	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR5B.GIF	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\DataViewIconImagesMask.bmp	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_Auto.jpg	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\MeetingIcon.jpg	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099145.JPG	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid_over.gif	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_down.png	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0148309.JPG	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21331_.GIF	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Class.zip	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous.png	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\ViewHeaderPreview.jpg	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\DataType\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\bin\server\Xusage.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0302953.JPG	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana\TAB_ON.GIF	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\Media\Garden\Windows Hardware Insert.wav	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..xthandler.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fd1a816eb5cb127d\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_8.0.7601.17514_none_334c9b845b46bf8d\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-storprop.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2497c5d3163ae68f\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-directshow-vfw-capture_31bf3856ad364e35_6.1.7601.17514_none_d88590af85321bf2\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..commonresource-core_31bf3856ad364e35_6.1.7600.16385_none_472ada1af215dfdd\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..rds-datacontrol-dll_31bf3856ad364e35_6.1.7601.17514_none_c611e11f9414ea3e\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..ity-vault.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7d5504b4e13c8ab5\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..svc-extra.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_fdbed0629f061767\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-autochkconfigurator_31bf3856ad364e35_6.1.7600.16385_none_74b76d3fa1757c6f\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-qos.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ee66c79cd92b204a\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wiabr002.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5518f1b3f2277620\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..minsnapin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_06ad83d3a41f6179\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c6574dd3f66966e2\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_lv-lv_87425b58e50687e6\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_microsoft.applicati..framework.resources_31bf3856ad364e35_6.1.7601.17514_en-us_305c4f8756d522c9\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-c..questtool.resources_31bf3856ad364e35_6.1.7600.16385_it-it_409537159e37bcf7\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Windows\Globalization\MCT\MCT-US\Wallpaper\US-wp5.jpg	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-artcon2.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_98b4ae4c6dcfba21\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-full_31bf3856ad364e35_6.1.7600.16385_none_ce3a164d3f0fa152\NavigationLeft_SelectionSubpicture.png	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-v..eocontrol.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1e18194bccf50b93\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_zh-tw_cab72c643ed73043\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..nttoolapi.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e00fc6d1adb3f327\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress\6.1.0.0__31bf3856ad364e35\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..e-ehcmres.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0ab145fbb73cb960\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..cyscripts.resources_31bf3856ad364e35_6.1.7600.16385_es-es_73edc4b92446fa08\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_vhdmp.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e8e047bcc59e0184\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..-wow64-setupdll000e_31bf3856ad364e35_6.1.7600.16385_none_47fb970acb88e551\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_avmx64c.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84e4d7e8642d499b\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\4.png	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ystem-web.resources_31bf3856ad364e35_6.1.7600.16385_de-de_63baff6af370f039\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..r-library.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_92073f5522c8b7ff\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_server-help-chm.msmq.resources_31bf3856ad364e35_6.1.7601.17514_de-de_97cedb538bacaf3c\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-c..andprompt.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_240c1b06e325541e\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7600.16385_de-de_39abefffc16e5209\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..n-playapi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f8f12cc98cca3df7\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-choice.resources_31bf3856ad364e35_6.1.7600.16385_en-us_70ea5cdf6ac4c967\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..r-webclnt.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3f0ca7963218dd9e\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\inf\.NET CLR Networking 4.0.0.0\0019\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Quirky\Windows Hardware Fail.wav	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..ruetype-eucrosiaupc_31bf3856ad364e35_6.1.7600.16385_none_ecd82d1c49af0689\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wlan-dialog_31bf3856ad364e35_6.1.7600.16385_none_6ba366bd0755f2bc\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..es-drprov.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bb817730995c241b\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\DropSqlPersistenceProviderSchema.sql	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_es-es_6dafcb8830226e41\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmpnss-api.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4d6a2e5c047c34b2\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..tional-codepage-874_31bf3856ad364e35_6.1.7600.16385_none_cec03856fc83cf16\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp7dda8007#\4233efbee3de5f702340b1088df01439\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..e-apphelp.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8495f7f29e850b95\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..direction.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d31879ba5162faa3\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..win32-dll.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2e6b813ff09c15df\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wlangpclient.resources_31bf3856ad364e35_6.1.7601.17514_it-it_c213cd424035da8f\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-security-secedit_31bf3856ad364e35_6.1.7600.16385_none_0adc1fc1cb6f944b\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wdmaudio.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1600dc944313fe9e\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..serverbox.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f4611a4f125cfbc5\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7600.16385_none_c15ac71fc7aafddc\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.1.7601.17514_none_78befff0523ed483\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..ortingapi.resources_31bf3856ad364e35_6.1.7600.16385_es-es_587b5f2c20cdc716\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_comsvcconfig_b03f5f7f11d50a3a_6.1.7601.17514_none_bfe4d387913dbb8f\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_de_b03f5f7f11d50a3a\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\inf\SMSvcHost 3.0.0.0\0000\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v3.5\SQL\ja\DropSqlPersistenceProviderSchema.sql	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17932_none_d26a33ec18cb49c4\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..ingconfig.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c707772cffa27997\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PRPASCBHJSZLMOM\shell	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.CryptoTorLocker2015!	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PRPASCBHJSZLMOM\ = "CRYPTED!"	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PRPASCBHJSZLMOM\DefaultIcon	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PRPASCBHJSZLMOM\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\w8i9eHkHOwWwQlX.exe,0"	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PRPASCBHJSZLMOM\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\w8i9eHkHOwWwQlX.exe"	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.CryptoTorLocker2015!\ = "PRPASCBHJSZLMOM"	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PRPASCBHJSZLMOM	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PRPASCBHJSZLMOM\shell\open\command	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PRPASCBHJSZLMOM\shell\open	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe

pid process

1968 8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe

Suspicious behavior: MapViewOfSection 23 IoCs

Processes:

8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe

pid	process
1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe

description	pid	process
Token: SeDebugPrivilege	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
Token: SeRestorePrivilege	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
Token: SeBackupPrivilege	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe

description	pid	process	target process
PID 1968 wrote to memory of 384	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	wininit.exe
PID 1968 wrote to memory of 384	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	wininit.exe
PID 1968 wrote to memory of 384	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	wininit.exe
PID 1968 wrote to memory of 384	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	wininit.exe
PID 1968 wrote to memory of 384	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	wininit.exe
PID 1968 wrote to memory of 384	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	wininit.exe
PID 1968 wrote to memory of 384	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	wininit.exe
PID 1968 wrote to memory of 396	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	csrss.exe
PID 1968 wrote to memory of 396	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	csrss.exe
PID 1968 wrote to memory of 396	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	csrss.exe
PID 1968 wrote to memory of 396	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	csrss.exe
PID 1968 wrote to memory of 396	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	csrss.exe
PID 1968 wrote to memory of 396	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	csrss.exe
PID 1968 wrote to memory of 396	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	csrss.exe
PID 1968 wrote to memory of 432	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	winlogon.exe
PID 1968 wrote to memory of 432	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	winlogon.exe
PID 1968 wrote to memory of 432	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	winlogon.exe
PID 1968 wrote to memory of 432	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	winlogon.exe
PID 1968 wrote to memory of 432	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	winlogon.exe
PID 1968 wrote to memory of 432	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	winlogon.exe
PID 1968 wrote to memory of 432	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	winlogon.exe
PID 1968 wrote to memory of 476	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	services.exe
PID 1968 wrote to memory of 476	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	services.exe
PID 1968 wrote to memory of 476	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	services.exe
PID 1968 wrote to memory of 476	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	services.exe
PID 1968 wrote to memory of 476	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	services.exe
PID 1968 wrote to memory of 476	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	services.exe
PID 1968 wrote to memory of 476	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	services.exe
PID 1968 wrote to memory of 492	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	lsass.exe
PID 1968 wrote to memory of 492	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	lsass.exe
PID 1968 wrote to memory of 492	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	lsass.exe
PID 1968 wrote to memory of 492	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	lsass.exe
PID 1968 wrote to memory of 492	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	lsass.exe
PID 1968 wrote to memory of 492	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	lsass.exe
PID 1968 wrote to memory of 492	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	lsass.exe
PID 1968 wrote to memory of 500	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	lsm.exe
PID 1968 wrote to memory of 500	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	lsm.exe
PID 1968 wrote to memory of 500	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	lsm.exe
PID 1968 wrote to memory of 500	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	lsm.exe
PID 1968 wrote to memory of 500	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	lsm.exe
PID 1968 wrote to memory of 500	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	lsm.exe
PID 1968 wrote to memory of 500	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	lsm.exe
PID 1968 wrote to memory of 592	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	svchost.exe
PID 1968 wrote to memory of 592	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	svchost.exe
PID 1968 wrote to memory of 592	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	svchost.exe
PID 1968 wrote to memory of 592	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	svchost.exe
PID 1968 wrote to memory of 592	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	svchost.exe
PID 1968 wrote to memory of 592	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	svchost.exe
PID 1968 wrote to memory of 592	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	svchost.exe
PID 1968 wrote to memory of 664	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	svchost.exe
PID 1968 wrote to memory of 664	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	svchost.exe
PID 1968 wrote to memory of 664	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	svchost.exe
PID 1968 wrote to memory of 664	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	svchost.exe
PID 1968 wrote to memory of 664	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	svchost.exe
PID 1968 wrote to memory of 664	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	svchost.exe
PID 1968 wrote to memory of 664	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	svchost.exe
PID 1968 wrote to memory of 756	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	svchost.exe
PID 1968 wrote to memory of 756	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	svchost.exe
PID 1968 wrote to memory of 756	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	svchost.exe
PID 1968 wrote to memory of 756	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	svchost.exe
PID 1968 wrote to memory of 756	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	svchost.exe
PID 1968 wrote to memory of 756	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	svchost.exe
PID 1968 wrote to memory of 756	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	svchost.exe
PID 1968 wrote to memory of 812	1968	8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe	svchost.exe

C:\Windows\system32\wininit.exe
wininit.exe
1⤵
PID:384
- C:\Windows\system32\services.exe
  C:\Windows\system32\services.exe
  2⤵
  PID:476
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    3⤵
    PID:592
  - - C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      4⤵
      PID:1580
  - - C:\Windows\system32\DllHost.exe
      C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
      4⤵
      PID:1796
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    3⤵
    PID:664
- - C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    3⤵
    PID:756
- - C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    3⤵
    PID:812
  - - C:\Windows\system32\Dwm.exe
      "C:\Windows\system32\Dwm.exe"
      4⤵
      PID:1096
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    3⤵
    PID:856
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalService
    3⤵
    PID:960
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    3⤵
    PID:276
- - C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    3⤵
    PID:1040
- - C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\spoolsv.exe
    3⤵
    PID:1048
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    3⤵
    PID:1124
- - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
    3⤵
    PID:1216
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    3⤵
    PID:1648
- - C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\sppsvc.exe
    3⤵
    PID:2520
- C:\Windows\system32\lsass.exe
  C:\Windows\system32\lsass.exe
  2⤵
  PID:492
- C:\Windows\system32\lsm.exe
  C:\Windows\system32\lsm.exe
  2⤵
  PID:500

C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
1⤵
PID:396

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:432

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1176
- C:\Users\Admin\AppData\Local\Temp\8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\8901e13e8e01a6f9223c78a903d8fb46_JaffaCakes118.exe"
  2⤵
  - Drops file in Drivers directory
  - Adds Run key to start application
  - Drops file in System32 directory
  - Sets desktop wallpaper using registry
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
85ebed08c41b43efbf4a4f555afa2d0e

SHA1
eed2e36357889c9295ba65b12aed733515eed6d7

SHA256
9ee38814debdd2d38f3c9f6363d5f7fa77f423bd33d76fd2a074a7fb6cb7a928

SHA512
15be03f2df3bdd6b2a0a355924b1024947e91615dea1be1309e791db18ce1c33a09173d348a6c14edd8db6784439927946d6b2c4377919105012b537fbfdbd1c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
06df8edd89154d68c49af15d65720af3

SHA1
be179da8a60543d3e0bd828be6a9bd3401ed2664

SHA256
103f9efbf111ee715ce67f81c3fbe566f93c1e71cec4bac7020ca0eab7c6cf1e

SHA512
b13a57147f34cfe6cc7728f80ea62e4cd31f734e4f9d5b7ae9d45f9e4e2e9704a93292342b0ec45bcde4e4796f74b53722a79ed31e5a8c00f1ac1edb28e0229d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
4ef1096e556fbfc5fde3e1fa06304f73

SHA1
461f0c5affaf5efdb569e0e696579fc7c993050d

SHA256
b5648a7bc06ac614a32061c53f70c852df9f09d6c634a2494bb5e5d81d6216ba

SHA512
32c1db24fd9f823431c14935b2623262f100f33ed962dc1faca7c28cec7ba25eb8b31cd12da94f7763e212d50aa454ee2f389776c9b19f20b377dffb8ad35d80

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
97596fb884501ca1680cdf19ad5418c9

SHA1
0017139a784fb05c7cbc2286492b233ce9dfb909

SHA256
64a56358c52fc799a001e3a565b1606795e3fd72a5364512ef23c6f168b3b284

SHA512
d4517e46db786e811c1ba8710464d379a9d6b70df7ab29bb78e1f9d366fc61bacc39991c2423194560bfca2a060a1b04c5b02dc25164e765a288f880c1d33da7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
110879749f7228ff0ed850cffd64b0d1

SHA1
ebafaf8a53fc98c7cdecff5e70890681102cfa78

SHA256
caa9b95b19cdad10bde5628a9613ab9d93b3943ac9a2a28d42eba1f2b2ee429f

SHA512
46c0379bbe55907ae3416ce188b5cf86982af4372e7f2ab4601ce731f4c3a111b0923e82f941186bcfcf04ed0cf0f78092d276b157484463a24c803c66901459

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
a3fcdcfe734d663c003ee6d2b4cc1c3b

SHA1
3f6297c831b3611f403a878cb39680403d33c603

SHA256
85746c8ae6da83216af31569503c86b1011055abbdabfc5a7c98ccca56626fea

SHA512
1cf3c313c446c16d2a3af3041bbac7a6be229b9dbb95c0b48ab2841e054fdf6da9432b87ffe4fc15e35d46a138ae3d3eb0e01e5aaa1ebe110404cc176460b616

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
78b05b567f3d91eedf537e28cc382a73

SHA1
56631473dc2ebaa4d98307b8966f102822f79f3d

SHA256
b046cef058bd43d6afa4c5d4eb1c563edb6c7dfee97dc25e77f3cfe25c888aab

SHA512
32aa999092d8d2a7cb67370f5c26ea3ca761611cbc841d49999cea3c0ec3ed91478eb1e3cae0bb5afb303931a5d59c09189eb85ef301a634d019d5a4ea79c2cc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
2aa0238eab9f40d5bc0085e061580fd5

SHA1
7737b425f04dd4ce9bf886b031eee19ec56bf41d

SHA256
b7c60fff09733bba301054964fed0f63cf71b8f0f603f8cbaf17a60ef8a61a8a

SHA512
6e125207fa57b4b8922ba2c5aa957088af161987b7764ffd6415eb26da5cd6b9657813b457a83c53364acb4dfd984c02ce0c6040326b78052b77816db65f25e6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
414d995c962bdbd37a8a5df57c704973

SHA1
6d9d2d9c7bb60f32b3720a30d92957340791d473

SHA256
59806998e738b31094776810ed6122db03abf45153fe0f8c8663a7f54edeb32f

SHA512
49063e078b5e5730f95ae3ec203335e15787b5c8245e1d5132f6614d66d1b299b83d11a62156ff27a3d20a700e43a00d3afd7c6a13f7a55e22d0b628343bbe6a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
3f10bef3b41361e23f49bda84f4400c3

SHA1
8078027961aa7d96cef0a8713ac54156fae463e1

SHA256
59caa5c4066cb8d3c54140fb9db47db9123c7d0837f3544804fb4429b75314db

SHA512
9d152df2453d741ecb7aa34c53e0c4b8b424b19cf5b3010a1fe88110b90a87fbb4ffbc469fe47b0398214d60362f44590dabae3c98e174d649097a9f33db4e31

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
07370fcad2acfd6ad45e85548bdf2ea9

SHA1
d649a822dbc04308b827ef611bc994856c2c6b09

SHA256
d33de678a555b23d52c3665a3b2b455e5120c9670992dde7e21693a07dd1339d

SHA512
96dec13b7706fc8c43acb3b56d056950d322f5c4d56105a6be4011416f75c34169defd364bcbbbca2133ead6cf4cca3d535edacf173d3ca4fa764a24135759a7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
11f4420064bd9c612e45770ead5c6cd6

SHA1
bdd3c907ab0e9b5863e2ea552499369987b28b0b

SHA256
31847c8af31e9f1775c56204275710ed642ae1ea55b8be38d1b82bec0d9d0d37

SHA512
f0a25fa5aeeb04f333e4adf7f21b38694e6b305192eb9a2897c6f505f1c63aaf2a09cb65cffd52f8181a627a4ba16828f5d03e063c4f2ba86b4dc5026a057e53

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
d262f8f5b77ddbdea33d04ad91525632

SHA1
c7206787efc2ba5ade7b24a38a48ff9c0d7f0057

SHA256
c47ad452ff99b20576c6c4baa0a4c4620181cfc668d66c487b3f70d5fee3c12b

SHA512
f027a6a81af7f02459285a33937f777090de33d36b075cc407c9ae2b5ba9587439de5d160134156368273f35ce155cbb380b3a80146796a8e3bbc11cf8f31c8c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
e65a7bf78b818c4d661ee2c411cfc9ec

SHA1
22d21964b9ce666c0b0bcecf42b635ff695732a1

SHA256
446efb2650d61bcce3c1de99c83d3e85bccf9967b80908cd9fd40579552ab88f

SHA512
3903f1f67d3cad27c44140318abf3df1f4827f49f6c39da1bc4bd56ff1ec3cca401bad7b8a173f4e78979cfb3ea61f1d2e9dca206e116a223e7b9deaffe40a02

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
aee3f1890e967d09b48762e169dc9caa

SHA1
c9b41f9841b7e943f252551a8de2930e569b7698

SHA256
f97eb632aaf651e0c326eb3804165ed9fa77dbf0e47ddaef99f2b6bd12e7b275

SHA512
6af301f811dd3a6762f12627805e82121a348c510f6af22a180a9be841c3e499083be1716aea7acb78217d85faf5516d83511a4a6c79877456a20562bdb95082

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
c4f38f4a65aad94cecdec9b0b3dc735a

SHA1
2937507381fcd367ef767d44589b8cd25599db1b

SHA256
42d7c219c08b92feb8e137bcfbab6d0ab51bf163e571a613cd6fa22abbe6d777

SHA512
73cd9f5576fb8ad65accbf5144ed7f60fbaf60fb2299caef10317cc7d21ac041610b8bd0dff902559cfdc886c03be893fff3b8a78cb11309dba5cc77fd9a223a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
50b93896736d7b1f45aaa17d64d8e73c

SHA1
bac863b6e98c4a73a4042a0110ebc81a7cfa41ab

SHA256
88abe1b6734cba5e42a6a2746673beb8a8e53f1029036bf4d3705bfeb7a66670

SHA512
37848c90e46a2b5c425b3d27e4aba046a580f3789d3723db0912b81a0e81527bc4719e1d45b880b010e9d942a54303199eb40eb5f5241265306634b5db3a0f40

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
0be8122e76ea7bb9f76f64fb52241ba7

SHA1
ad86980bb0e8a9cdcfb53f35d5a42d3447312ac5

SHA256
e1a77275c763af1a236351f1049188341d3d92a730eb1914eca88e4be9c8c193

SHA512
9897be38f0b37a22c8811ad602c252400c966fc49206be9a3e9448c9f26464fecc8d989870b754ae56e3389a54dd8bff78cfb9e45b3a8e89af4c3a561d536ab1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
00307c5fb3ed1ff4cb77d02709af2bb1

SHA1
1d7d4e097cdc915015ed67b56bbf1b08e94cc8b9

SHA256
9164bc45a2095376e0cad24bc592397bcb9f7f6467f1a90116633cdac5b1f6ea

SHA512
8f8f34fc01cb4eddc1c52209a722cea609d46136db2efb0c011d7e6c0c00d7f3d6b943f5f92598ac9441eb32862f57924e21f58ef5744cbef8f5667b91572664

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
e671f7d67f6c4242c187e673a7ba4b4d

SHA1
024b1bca6a8650805111789380babc2e6b84514b

SHA256
ad6c168f14426c50cfa40581e597f1ea4415ed83f4010c79ef31d0e030109037

SHA512
96ba50c21b6508af0ef56f2f4e49e23a7cc4cff54ff7a299afa557bcad70a4a764782cd559393b362898499e745cc8299368d3b41b137fe0a7cde8fd6cb2e141

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
4c69c0b9f117ae040c6c16e06ac1afb7

SHA1
4844368ca95d4f7adbf5a1f01b0e8d037ab3f39d

SHA256
8e425e4507452cd0799eabb419c39f516a1674b228389626ef4e9badb1d51497

SHA512
cb97e342d4bf9f917160b9d0c7e3c66f685e8dd09685a472e052d602455ce6aa5d49df82ad91519842e2b07c7ab121ab862f48bb33a4268bf65e4f307557602d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
2e9631742b55152f741fcdc5e3664c1d

SHA1
88bf82a74807f3ce9cd3d86bf4d175182a1695f5

SHA256
13615109b28319a104e9d540fbb7c985f14c6fa3c0b262890c80454ff82eed2a

SHA512
2439c3dcd21133485482b6df08e4582e70e1202c933484de458c786c8d677a5309939c7abc8f57b1d52a0a802249d540d9cd7aef5fdfd81cf007763792d97d84

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
72d06fed69eed57661bae8c3bbfefd04

SHA1
d8599ddfc77ee9b9c051a5b002546817c22fc69e

SHA256
a5962a6b16f418a369e456371382cb2b08a6771d42cf1eae474cb8e64d2a6810

SHA512
56da9a579c7b0f8e260b959d9aba7a8cc9be79fa6b043ed2d5349b94264500108c16d91494c26bdb6696fcbf258cbc3fc8d66a2ea321ccc5426479cb34eec165

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
e4d869711060bbfef18f42718fce3e31

SHA1
240979c151dff73c0d87358ae7ed4fac3fcbe9d3

SHA256
b5d6eecd24fec2abdd3f55449c7c94d779124fd4f185331e22c73ee29919c062

SHA512
17dd2b1004ff8e54abfde3d5cb8a42a80173deca697bcdc628f73db3717b4e56d6f3751a21b98442cbe4ca7c82a52be8f079c445d0804001d15fdfc5a2986827

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
330c2d3957b6bbdb274668cc9263058b

SHA1
8ebbd5b06438d785849e74c9397a0a8bbcd43027

SHA256
ea037008037c7650e0afccf8c53baf133e5b801cd1197cf8238cac25614627bc

SHA512
668f5dce08b1cbe6d8b202b9e634fb0db75b4b12378ab4da21c95bf68d954a50c10288a01928ef8d6be5ad707334403049f0723126415e3e2e9fe213d9a957be

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
cb665ecfb83e74d2bc2df27cb64254f5

SHA1
7506b136ac4d6b13c83a16d55dfc0fab81f459d3

SHA256
ca798f18c844fb08e6bb0c808cbeaa815a56f176a6cdf0c622b68a16e96a14ec

SHA512
b3462700c30201e546b709d7eedf08644a10616cb9a235aff283da38983f53180ae4597b28703a8555fb52e0ddf34562667a70467127b612e60529882cf53222

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
24a23f721835e21129f3e73de5d8395d

SHA1
a258e5a3b4d6238497a91c9f3e5d7de1ecf1ce82

SHA256
e5f1a43ed89ce695d6940b8db0f7424cb59660fe39bf6e018ee6447658d1a25b

SHA512
74cc65549104210768523acff171cedd705a0f3e3a304db2c334a8d8025ee7978f6f9f073037c730a43b93f33f8187ac9c854a90385295523e073c5e5c7f47b7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
601c8c0f6bfede21b01ed4344284095a

SHA1
1cd1848e970ecdfee35764d848a61bb5cbcf188d

SHA256
8d788af57c7b6fd639e519629b2a05bfe2581c11db61744b05a9c945abb86da7

SHA512
1da63b1e701e3a0b3366c58721e45ae666a45a25de34ca0414267fdcd4081fdec3949e07137422fa36f7ca4907a17ba5d1c31d7eaa75dc820b903c9f77a54542

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

Filesize
3KB

MD5
55cab7182de4fd36efc7d4ce15d4fe1c

SHA1
7e88211f750a91f477a37a1fb3f0fcd7d56e1dbb

SHA256
c5103963ca79d2f435a123068ba47158a7e707d1d2697c3a6ab84ab6af532210

SHA512
94135fa5bba99c787dc6132cc63aa2bd5602a084f2d127f89fc3b1c971f3d80529e48569be349e070e68e8f138755448034faa3770cd07b190dc43d1bdec856c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

Filesize
462B

MD5
1a4f0bd5cb939a9eec70c861f936d778

SHA1
e16903427a768abe86a87df09830ce29d8e8e74b

SHA256
4b577e3b8197fe504fed3e099ed24f95fdd141320e98d72e84205328c6efcd75

SHA512
e1f76e00cea2a153fb5ced6f02332dc3f9ef92067eb2ab73e388622a2c1a7c894ae64bd9f2aa3d1e010a442e17fe015096b5b78387161233d4109d75dcad487f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

Filesize
264B

MD5
c5d679d9abf2a699dd621af3d5d9e217

SHA1
c0dbec0f4a42606a37125d167f33b3bcd6de84c5

SHA256
c1e95f9395bbde24f4ad0a54f57762cf6a7fba4624b0e2c8401454a16acaf4b3

SHA512
fcc3d89c9804d4110539020c3b478a837d95664e0001d03b6794c3e11e987cdd72a6639fd96d5842b92c8bd05d85ba63b4b764e08e8d9e08cce89384378ddd9b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
783f900cdbf4d3aaf8894fa783368dd8

SHA1
40331ea9aa7302b90d1515b438b514adfdc5d8f8

SHA256
d77b6c5cd6a20e9731016c7776dd86639e3d2b2f67d54a2dab0784c5c5d10e78

SHA512
11bd7e4ba37d4fdbba7c1693d1453da59ef6bf54b90c2a92a05b2aa9353a0b494e2298d47ff7173042a1cbbdae83b01307074c9b39c48c5940deccd7da790ab0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
c7d1434ee4ef56ee5c80ce71311df3b9

SHA1
fb7ca26ee7b342031698802dd008d0ad84a3764c

SHA256
973cdbfa6d2fda416a934d8bf08e6c2a61b0709ba9f85f93b2777cf5a685de36

SHA512
9c09f0322ba5d82c6be860767add2fe8445a6fae86a6f05d93bdb42977747cb3523d7e555fc336373b196624aa8d951f30ecb021783591417ee7a39c900b5b5a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
35d0bed55b4e646415eb5bc05459b36e

SHA1
fddd4e3879857b638c2fb6f32af44ae7e64ebf99

SHA256
2beba5a928a0d465d702f6bdddbedc2bbd7c61ca885a08653d23c51810520577

SHA512
6eaafd46a939a46436d60b74b5bae7fda3bcac42847b48e60b0717501c524481b55e08dbad8cd98ef2a3cc9ce9a46c2b41ca4531f7bc9e890e7bf39fc7c36219

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
f85c835ba9c5223d4df2a663c14b25d5

SHA1
c872280ef6c868b863d6846a98dfa5094e35a41c

SHA256
0dd4f48edd4ffbf01263177343bbae522259cdffad61bc21b66c131c16376ea3

SHA512
42ed2b673588b49533bd72397791937b1913bcc84af549b3c7de697a854e94f16b366fb4720499eee19b3911af868ee9fb265b46c09aab9ba692d8f674958fcc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
0f7dcdb64958c58343336cd65da80a8f

SHA1
73db8500cae99d767fe8955127d1a02662e582a7

SHA256
e2d09bacfaa958eb4a6d90dc49abf96b8fd159d4a958c237703fed6bb4a2e53a

SHA512
5a4fd3d2a729d498853e7401c91e1b8d90cf5bd10d4c8128cb36f43ed5eca23ad4f5dce5594fc66400d7202e208fa2213c45bc0d9b2916ceec0ecd91021dc311

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

Filesize
26KB

MD5
348b08106f2d11747d35009ffa4a302a

SHA1
ed1bbd38128a361b4f43f8520dd390aca0994116

SHA256
6951e417b74f21133940d769800b3d64ac2d90f5a827809f9f06208849a6c851

SHA512
885fac5c4f40711ee96063e36c0579026c17c0368539e7c25b07358bf36857c09917d60197543c9afd7f128c06cc2f5169afbc7aa51765b53891b97ba3e4da5f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
ba9eec5044c8570f7bf4780cdd9f3710

SHA1
238bad4b1c6a4ec381023ba5aa0d2bcfd82888e7

SHA256
8e0110d49fe7d17d37f43adf685644300e240e9d7fa9f6e1044d462710e8234b

SHA512
4ce8d2f85b9abf6ce7fb8704ff3b572658aa8dfc2c91c846bc600d03c74ab9b6e38e67b3e7b2fb26f011a1585942ae2170e89313fe75b8d404a94162d9aad278

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
62d91a112536741cfa95fc82bb79c123

SHA1
ce4b05523b621bb159fe17e221c94f07ab66fa39

SHA256
41b657e8094580be04228f8b0fd66a7aa028250e7ee8b407189ddab16149488e

SHA512
a4f73ce203e316d34317cb2e003c34349bb8b2e2087467750d8e376b72679efb389473cb324699c225571c8f16688d4f708244f99fef214d7ced65fbebf95932

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
7f3561bd3eb3b1ee30e49001a0e3a49f

SHA1
d0c0cf0838b71723d505f741cd187db0550a5780

SHA256
1dff6485394ca5667c7512a36f4d4fd2ea9efa11b5f774f4ad85a2d9a3246e11

SHA512
9a2eb3398d72180c3554d77eb433ab1132d9c6896c7ecdb1ae3f2e3e2df281a91a1552e11b4a6289420ce13f114e94bda1da20241090cc02debe14ebc8ed1f33

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
a511bdf17358095494591f8d89c1cba0

SHA1
2109a6215c7a977bf8cfa8f7dc4b84e1e6970ff7

SHA256
8a3f4ba400b38c8b7d72573e4427c6b6523cb6d4dbd1e44ba654ad7c1cb9214f

SHA512
7438e9273496235d53b85967c01457699bd64c5237a250781e7b1550d29b7f3ead8275e29641960dcccfaf283ac294b5f960baf9b1c511b2e1e4ab21ab03b554

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
0355f9afcdf5e2fdcc2cd7684221402f

SHA1
7746da91b7a9fb1ce14b9626e08b183e0a30c064

SHA256
a414577665e2c56535079a9b85bb6e52e72225e64cfbe1647f4f82e658753ae5

SHA512
69db12eb398351d5cbba494469f3c8be11d8fbbca1cdb26b064400532d59f118c56ae904cd51e3488992c27aebe307267690fceca5dff1560410eceab2657dd3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
8872c401c1a741f01714c7cf617bbf1a

SHA1
0276f6f8dd460568fc3d35834535cda7dbf6ba63

SHA256
35f2ad5bc40328e0e54e8a28cdc9db9b5a7894cdf1605c084e108ad34a7cf2ef

SHA512
71cfcc3165d1931a399db085873439440f6ec71918a717359984c948dd0d769c2799adc9705bf1345d216ed38b62cc917580952036783f718759ad9d12e0a56d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
698a4ce179742cab953ea3bca2412c30

SHA1
325b7c16532938d8b9286e8d9032911ce71a7f79

SHA256
4a204a0eacee1d54eeaca9fe5ef123a594f5918380a46eac9c976bee158052bd

SHA512
1fb6681bfa26c4e786e173561ad7dce2a25419aa2f57dd5a5b53b3206568df44935c378c87e43102bfb7e4832c68a5951ada698df630711bc3bea6a881337543

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
7e048a9114a0f85728134ba9eacf2814

SHA1
8c39061dd59b692628e058e9ba233d8b5ccd5983

SHA256
0d2aab0ce4daaa2007957c181c5c32b0e96ad48c4be926816ce714f322f8fd07

SHA512
05a0c9e0213e77ebf90671aba894ac74e9cdf758313dc7defe6ff8dbc56927c5972f658430b8d26671708e7f6f69b17fbf1589a54bb40eaaf9269e7fc9bebfa6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
0573af8f669ac60864445130e2c96051

SHA1
d4ba91692736eed627206527fe2239a99db40817

SHA256
a024e6bfbb059d76b9431c3bdb0b2412de383f7301885e5fcfdd4762b312bd9e

SHA512
80dc941d215a4edbca7a6afa798c2361ee690cfbbf8dd4310f510d09259f04b66634fa0cdaf85946c002d68f1618e95acab78a393ff74447c36f540d9cf35bbb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
bc7ce4d4699be659e16769b76b4de050

SHA1
70f315423507a7537e7899acee17dd27bd39115a

SHA256
d88b7acbc9828f288eb9023458384177f266ef604a7b0c1c94e8015438733235

SHA512
868777f1c9b95df1824c086a9b193a450460d134f5d8aafcd59827266910c4a1bc2e46e50d09c64d9716fe58266e4afae3bbae6971d0bef00877105f533abc83

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
bf3042833a6c246a40c37165ecc83e07

SHA1
fc37eb744eb3c584109fe691190279e52d2c8781

SHA256
be2a746c980fffb44ac812bfd1262ca6eb08374a90c93d2120a914543819a6d6

SHA512
8a30613747cd23510d5645b60196cc61363260e92806c2ee91f36039d3278147aa759029b40c7f534314e5782f512ffcb7eb8d684fc1285e31387663f6e4dbc4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
2624896ab25a28ad930febeb917d8356

SHA1
6c67fb1208cc2ae20c4279f65c9a925354a62e82

SHA256
40ba19323849f52b653c8278e2c20267a212627be5ab4cb0200b460293575f5c

SHA512
d58652cdb4289591c0403b8d6606e3132e0b1e733c4ed9a3585a981a24b49f482a5e9d42c26f9d02f590e9278cd4b75cbc8aaeb5312f19f3996d342c4ad74150

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
79398ace538244c380ee5af41e53dec6

SHA1
df7bf220aad89c7531a8bb9765936070f75682b9

SHA256
0aaddf2b0721f5e7fc3aebdfaa18f1c45907009a4befda5588ee4a6dcdd738c4

SHA512
6cf9bb01c4b43e42992eac1f652cfa4973d6e6a09371f71b98c3620c870d292640c92e6e4a0b28eb961bae7c1c49e45c78467ff58cab1557b2f549a666b2c02a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
c92534d067368b0756a0e3355ba7d550

SHA1
ba5068978269e0a7743a8fd358109354045422ab

SHA256
f38b3b88e91c00291abc7ab31bd1aa046db6e2b2d14494ac7b13a444666ebb48

SHA512
6ccbf9bc704fa9eaa1de4bf040c8ea90500174529c5a37de6578460ad05a449a5bf4782b12be91f644c6045f66f201c8fc86b5be3b6d9f7d0c561f5a4a567165

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
d9f49b6ef4f5d29c92c9da5db52cfcb8

SHA1
88ee2da39af4c7611cc36cd0b1d7f3f4a671ddcc

SHA256
08b6e5c543d64a6548fb153253f85dcd54dd0b5ed24e68cc984fa04297b74a1b

SHA512
dcf4d9ea54fc9be582294d06d275702ee6c09ddf5b2819489933e93cd22bba27b3117b2908e530e5a075173db9957c3418b9d98b435944e9e13c359dfb440974

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
ffb59178fb577673d7cc5b79401245a2

SHA1
e3207356c84daeffeb45cbbf23a08b96c4e0caaa

SHA256
c8aac5d4ec6b53c8936618b353e7bcaa7bee9d5b2a4b5b334f701d97c0fa48d2

SHA512
813d9a716e5374d714aaff5b4bfca88a73d1bcb4196b8103795d9b47a88490063d2747140edf802aa8fcfa8a3110de8a87987a010f3ee9aeb75b87bfa34264a3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
c780696ea1d56ea928df4681b3435609

SHA1
31f71503b00574927839d25ede949dd126031225

SHA256
f07e502291c9672738be28658f4b12c1afcaca26bc7b3b610876bc79e9307f03

SHA512
fbfcd4a1b2e8bd08d211d59978dd51e4deccf04991e1670ce33b095564e93bde2220bd97c7e29efa5480e389220d45c014a7f61ee066cc182a62bae2a5726e29

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
ffbf2bc658cf1a8a9901ef9f192c094b

SHA1
817cf647561fefa2f6f39abefab5b8e11632fd6c

SHA256
9186ddf05e65ff27c19a459fa2dfe0e38d9573ef1faaafc603f2713e0f5f64da

SHA512
3c030b0b790369f0cf6b6ec0542da403d633798e08e8821489458a17f9354b61f428e7becaedc0927151a06d24c3f7f03a0f25e960d5e7e5af210b661a3b0d70

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
83862cb6f7f99055b15a6ecb369e6432

SHA1
96f25e347571a8bdd00ace4873927037af54e4ff

SHA256
d0beb258c8490c65bb8a4424ae1730bdb24df98eaf37b1d52a891f5c9ebf5bac

SHA512
ff0cb7a6f6eae76e50cf1f6983325db257e45529fe80cba329c1162420942bc3c47bd64a75879dc0b541feee03c935602fc0ecdb8a4e7c624266fb78e81ad170

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
0b0c2f589feb7074554034433a027179

SHA1
6dbe93ec5e2b22885fefbc4517b9310cc80de348

SHA256
21385b8f1297e4234f1ad530ac0318c4948d33e7ff433540b9d51f042e5e6018

SHA512
a305b7b5cc13a22b1c563ea623970118d4eb0c7ebccb453c2a303f7e666278151925de974777a047c14995d15f76eeca9709d68290c29ac5eeb975121b9a1cf9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
fda667f798405c756c3b8ec49efd9f88

SHA1
e7230deb0d0d041e773a0dd314e7885a781d7875

SHA256
f8acc45e319f4a8b2bb53a60584bd532e886c1dd744d077e072b42475ca7758a

SHA512
704ed00051faa510d767fe3f6c386c511ed8ce8f1d8c4fa51e1c01815c545d9c1518a55f7d6730b5def1ab0c6b33faab880678848261452baf5ae0c50622e07f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
f24d95737e535d5bbb72168c479b9c35

SHA1
061a1a8475464581e62f0feb894e2377858d79c8

SHA256
271e4df641f1cabb33657f543c929d1a191d7ccf9a27ee4d15e27eac44c6b7e8

SHA512
f5960ab758c7952b5686a875f430db165f2c94ac0602a68c822e0276a0aa04a8dc21432e2535450910d9a372224d69ab712505d6eb9da88a20d9159adbe29b50

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
2faf4026d11c512bf28c3ab14b57b0bd

SHA1
0c8a5d2ce008b92a88eb87d39e3364ac698ffffc

SHA256
8f32ccbee0f1b3c6255c9dbd0464081d52924281c7b8fecf0426d08b13107f97

SHA512
924d6c3d96cbe7e96d916f05adc4ae04b25941ec7b6022cdc304aeab10c1f30adc76ec3ee706cfe17968607df2ee17054b635209736f5e4d9b4c57ca0cd1ca60

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
06837df93346f96cf67c02d0e5f56a21

SHA1
12effd49c886693c9d5a8f36f529896166428932

SHA256
90be465df45b4eb86ea75aa898ab375201ebde5fb2fadd8f4643f5060c7b1715

SHA512
2cf0baf215fc192ebe39c009a7ca4bd2d259af9eb4f7f42d209d8880fc7c005cbcc27163baaf2ab0d6783584ffd63e9ce8f49b3a0e422a6331a57ac50757b611

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
67cc2591cd0966981c2d1d411b84ab1d

SHA1
e072c8275405370e43fedac40ea8256ba76cfcec

SHA256
3064bb8212089de899a8927835026dadfbd1829c08adf6ab246f3d266b4a04c1

SHA512
5711d607410853c6527be11eec48fd0d2a1500ebb0b4ae6cedd5617c00f2c15c7c7e150b9328db51596d851b1e3a0b07403a80890c5a51c13613271748d2cb0e

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
e0810a82160a9a61674e219e23dab8f1

SHA1
c4778258a53c37f39eff0058e6e8bf0643a4d35e

SHA256
373cde86656ea29dace5ae73520e03b5219c07c6a7fe470f48f236134f9f2d30

SHA512
af2da00dbab75823e4f3707871c8062a5b883fbc2f73ef979b942128dbf195a4d943a5023ff1486fc012e3d67d9cb55e9c42f0ef000e842b47f27dd29d3e3521

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
df2bcda9628e5a8f6256606660750cad

SHA1
11d18ed36d04e894f18a4f00e9d6314a754e9425

SHA256
9e129676838b8a4cedaad9dac0663d6a51b836bf2852801c837dc662915b8107

SHA512
2ba71c9bd38f731ea4a2fe3efeb194661c62d853b9dee4c9f24660069722635f1d2e0ce8620a9089a83d8f36bd27479f984b3515a3821aa52501baa1c47f9e02

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk

Filesize
1KB

MD5
7b0a5a6b55a5817bb0b6a26752034e02

SHA1
9653fd3ec2b2a2e549f68f41dcb540bda809a87d

SHA256
c1c4a3c20e564752d8acedf0b7ecad833661c04a42638d8abf262d0b9dcf36e4

SHA512
0eb930c274f3df844589c950af2143ee6084d4a3ee96bf92496658511c53d1801140950fb0d027ae3a719ac2dfe6c3101a58a56d9b0cb323c77606bfd6a437f0

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk

Filesize
1KB

MD5
b159f47981362757f071fe54879d37ed

SHA1
eb5359dae8c00dbb13dc2804d15ac838f7f9046e

SHA256
8513ba0ed0bf6fb118105f113eb341075cbe4277cd6285765d9fcc9b3280b6c2

SHA512
19dfc26eac651dfcd0f7672399ab24b67441ab1ee41fdf8dc0376dead583b195e0e26d62051cacaa126ec56c8a2fb74d97f451c1bce1762aa610594a7d8b1191

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk

Filesize
1KB

MD5
656e93ff3d29fe203796d3abb789f345

SHA1
78ef714f3f2d7ca0e7b7212b2ff48b5efc293ea5

SHA256
c6b2e8c2d86ca73dd7833d98a736725e38d6170f4f317688e26971c79bae3b84

SHA512
9438b30287755a877a718d31b1a64190a8ab2a0c65bab0bd496c6dac7fb2cd1d9154e37977a1f16dc9a8712a6d60dae1f24cd1b19f81fa7f68e9ef941d0cf137

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk

Filesize
1KB

MD5
05f4ce6e125de568768ec78a11c3b331

SHA1
9f1ae152648b80c171ae9668e1f0e296a85b7579

SHA256
a4f65e6cee79903bc4923ffc8f8de1b3af2bed9eb6772553fc188230b381fb2e

SHA512
2d82375fd9493a1a5677dd50c22bb85749ae1a0ee50b34fac5a8784c14fda2acdd1b733b85e294a0969c57df440f122c1112fa19abc95f5ca8c5819ff87c96d9

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk

Filesize
1KB

MD5
e4a75f97fd527289aee9760d143fb0d7

SHA1
1b6fba8ea39650dca7c9c38cf108d3c4d3e519d1

SHA256
98e73186cda61b3d43f92e39aaf534cc702244984ae765a311c617a866150d6e

SHA512
975a174fc159ddf75c2e9e5e277d40a01b634945a16f96b35f5665b2810743e8daf6c4fb7454b38b8db324bd64a0885710eaae0614673abc47435df6339d2160

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk

Filesize
1KB

MD5
4fe880ec1c09034e2f673dbf9854d7aa

SHA1
9a81bd3f4a153c0b4ba8b5e208a89bc4f1ef08ea

SHA256
b1b953ae27bfc59a389a1e60b31034a3363e013a8185023ab80790e17c4bb05d

SHA512
03da26b1fa7d940db760f840e1b895acbf551d190b72113d2ebe130c2f29ada19698ba762b4f3866ea961d263a4b1ccd58fb7fa9b4da8a2f8678f029189a5cbb

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk

Filesize
1KB

MD5
4b7e3e02a45fa4c843b3d5a74e232273

SHA1
f1b0f48b72f707e9aefea54bc67dc12d1f7f77c4

SHA256
c4313cd0e8e42481c93c28f7a181afb780be5ad724c3a0657fdd865b4e99f710

SHA512
a3fdd997ab6b8ad456169657ce4ad9448b602a7865da8638093aa7f823bb74da232d177048a90edaf3dec222f83593cde3bc83ff202246e063743ec36871d426

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk

Filesize
1KB

MD5
ead8d81306447de9a3b0e5ed5aadb4a0

SHA1
3aa2584dc48493ff30d90d4452700635c4f45263

SHA256
3b6403c0bc29683a135b70b6ebbe2e7776b2c532db113e0750ddaea2721801bd

SHA512
b5bb09a4a6fc649978b2b5f0d4d34d83ff48a4ea326d9753fefab5023392b512dd8e33fd647587637dc1cd2022fef06e4703bf361065ea35efbfc3c60ed08c81

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk

Filesize
1KB

MD5
90ed9ed2be60695771c7f895838da5ce

SHA1
ee1bdc395a905d37cf291374cf8f673eff397267

SHA256
7fe74b09d99730173c51389c6194d6b054ead4372f941fa1ee6ca78c42e86ea7

SHA512
fd4f4c5a4cb16e0dce5c04386f59228f56eb645ef795267a0aa0f45cdb0fb6618977f65f02e9f02c95c725ae0fc54f1ce368e7f91f90f76bc4eb94ee9655a5ca

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk

Filesize
352B

MD5
89ab6b7025fdc76ccb5c2c5d16908a64

SHA1
752fe75fdca6fd42ff8150fc3cb8dbe7ef7e5ec5

SHA256
b57f01b456581b159840d26a571e6cfc60a68425ca4893bfa0a24382efc8e671

SHA512
6a705eb6070d59dd837221ad0e0174b6f8364b7888d11023350ad1141b74a584189a824e32e8237b2d1f253971cd4ceb193ff7acabd77fa56929f0787b0f5182

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

Filesize
2KB

MD5
bbcd69e345706cbfb3ae81aabb6a534f

SHA1
87692dd9782195423a8a0db7880bde96d57e8159

SHA256
21469cb9e15bf1bec35bf680d50f76cc39b92987c38b8e7c9dd73635f95c944c

SHA512
cde1cacec8ecc8c1414fc28f1169005b186f2f412e90517d2ab790264b7e46b348c25550b29f3c0345d70e3b6aa327692a0256109b84de88b1cef5e505b91e11

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk

Filesize
1KB

MD5
e920eea9914b5b947b1a90153bc98758

SHA1
778c665948c1ac720a75f69c5773cb493c67a5c1

SHA256
d3915257f7c49fa746b194316e0f6eb734d5ba4d69e7b6904aa2101263348424

SHA512
f6f31fe555d125f759835e64703ffa94719066abef7fa1362b6abde02c2b7e381e7df5269d042368d7693c04e2ef25d8c4ebb437bf91b7bca440ecec66fd37d0

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk

Filesize
2KB

MD5
69f45c36d9ad15cc6794010f4a761f27

SHA1
d56cee44731230d0b2c41780771fdad5ec277585

SHA256
7aa94aeef22959aadad23433ba17d9fd9403aff45c0dda125ded1cfc1cae385d

SHA512
f8f5af30e67ecd242949f6fd4adffa693df9d9c081d3a7e469580b9988aad5932aee4da8b0d8eb55bdaf1e0e0f6961b644a2c4236de2c0cf83ee284afae0cfd4

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk

Filesize
2KB

MD5
218721a623d6aa93a30e6cc8c5ec5e15

SHA1
345a79cb809b9c58d67d7dbb10f6ed8426250661

SHA256
5ba3fbc894c260d3488be73d9a33c9f076ec5065548cdc1bdc2df48b4f8cfbca

SHA512
04c65be64f0d7269706c80422f95e32f071e87c73338dc29c1d48f02d6b33383513c6497c16ee0906c60b731be26f8e694f1d2a64075d484646d2b8cf6bc0cd1

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk

Filesize
2KB

MD5
4b4e0dc4d7da554dae41cd5f048a420f

SHA1
36d2f39a9f973ee4a5df415d01269fd907169ee3

SHA256
d2f217bbf7095594b65e61cbf40a3463a6cffeb2b504ff4c681a9d54ed9b6b87

SHA512
c2ac66f01d1466afd1e34aebc611d8b14aa95935a7f7cfa7dc8a4b5e181eac4352218ae813b8587636b6a8cb17ecfc63f6310a2784fdeb71d0015e85697c7e0f

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk

Filesize
992B

MD5
e9e858c90921810b895f747a7b18d845

SHA1
35ada8038753084ceeac2afa6eded25bf5f12ae1

SHA256
2de745fb97e9a18cae19163c9cfd62f9b59ad5ce0ea173329446c0c322281525

SHA512
2ca86e2aa9ae8350a2bbdc7a67c1917b3723310cdc76eddfdc3d654e54fb98f3d9b61d2ef4593fb6e82f309ad665180daa7cfb0bd7019dea8e5334de1b91af1f

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

Filesize
1KB

MD5
1008cb61a4c38ebce9865a0a5fe23a12

SHA1
e5607082aa8e042a1acbfe61be0f71f75ecd1d74

SHA256
9d37b30f8f7723d9d4c4277002744e0ffd8054e499454f976bc997b1510490c8

SHA512
9822751aaa5e46d2ab57438c306bf5c387ec9c33f01746e8c21de02371a58817802a9fc1084bf7cca915720c16376310a2b185068875253720381f30c062ab53

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

Filesize
1KB

MD5
0d6f9bd00c4a9f0d425f9336d93acd00

SHA1
2e993978e93051ebb0f85f4a2f8d3f081696684b

SHA256
9ed10d964d215ec24ba2183d0af6ac9c031da7505995ea1b865c3644f3ba6a4c

SHA512
f047ec4b2e1765435909ed9b28b638ea8570b921c4cd32798841cd502c25db84df851a5c27788830f4a9dfb342ab64b7a5def4987228407ec164e8f8fe0ea404

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Color\Profiles\HOW TO DECRYPT FILES.txt

Filesize
939B

MD5
6468d057d7cb30ecd6283ea01e6ab5fd

SHA1
df5379d633e558544ebfcb88b6ad3f53e6df09b0

SHA256
a2ce2b6c9fc04d26e595e45849916efe01ceba18159013171ce44142830aeffe

SHA512
be080542f286df5cd9ff126dcba0057ef0ecf2d8b7767911035f419fc5e8dab4f1a055c04d07e4337af8fdebfae6a254337ab20ab0309eaa1696a1e14f87c10a

Download Submit
C:\Users\Admin\Desktop\OpenBackup.xlsx

Filesize
13KB

MD5
4a49cd87c479c629c26e8ebd2f0a24ec

SHA1
2b9434d93cabe8eeb58409036c92985fcb5fb38e

SHA256
14527105193e940363ad1ae6ff5f9d62c15dce7de0f3144389d788199e6568ac

SHA512
b90737f820c9a8236c0a0caf680f71f183511ec5bae509cae3548d6a761f1a7a86dc03707b8c45bd293c4ef2e313709a10f5c3f87756107489f0285d5ba59b11

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
2912209d9dc1d26bfc91bf9b7378fdb1

SHA1
423e308dd510393a388ec555fecd7e945c6d9b88

SHA256
a43375940dd257f3559e1d62f6994d3c4d8180fc72e3c0eb2167aac81e9301d9

SHA512
5bc6d5b90d028fa502327ed240e76393e182a5d66bd5a417517efd5e5ecf110908b165f226025cd717f9e2c1603f6695957f204fe6691ba1b5ee498677a980f5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif

Filesize
49B

MD5
d0a40056de392086ddeb11198a2cd45a

SHA1
34f48a6f8228699de66701d93917808d9657a41b

SHA256
b0bc617fee418d963710f34df57703f0dcb1fda45584c6e5743c31dce185c4cc

SHA512
14cc4e38afd80b2884739e6baa10c4fffdb1410b85489c6fbd57c151850d8ae3f37fa44971132798267c0916e2470b3230be96a5aa50b6f016908078fe50eb48

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
1d03a1f18ef9a8a9a774e50e52f036ba

SHA1
75cb64635107b64c57e33f99c92086cec70fb787

SHA256
6c652ffb36e75f0560415f1025df6c3b965e1f989d9732e4ae679663f167831b

SHA512
fd6d7e9a0d74979132b04273734dfc5fa379dc10ed00afb3a9838b3c52d25b254936199f0fbe9bdffb381f818e658e67be9013bc2500b81c606729ddeb6d34aa

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
f2838a0de099fc5a69ee87423981db36

SHA1
80fa32edf46e2abf90877fe49a541d55a7dd9856

SHA256
a15345b0727c230ef2605019d9cec357a2cb289e60afe6ce0df752ad6d92c42d

SHA512
72df16006dd8b6f69a037a69b615e7e49a6988211f200db2313ce40483e7a3072d5f4d7a95b990e18d47755f5ecaf05dbdd2e2989472f56e1918f20b1959deac

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallCommon.sql

Filesize
24KB

MD5
7bbcc9e370638d22394f6d5af4486d39

SHA1
f0ee969e729e765b8001687da04703ca7b60a8ac

SHA256
39c70ad8de8bdccdccf160b4761329796c8706ca027321c3b0a81d5dd03b075b

SHA512
c81f53810c16cadbe8339ae2750dd3b2c2f463388a9a3aef8d16ce91b2a87821fc23f63625ff85f7e668e784b5ef82bcff53ff49664e89b2421decaaa95511d8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallMembership.sql

Filesize
54KB

MD5
49102c1f3833175a241d83338646326f

SHA1
cc88d48f5a37cbc913d08c13da2ae2a26c009976

SHA256
bdb964d432eda80f424d0e9febbf188024503c8ba107de8fef1e52fc1bd4a7f9

SHA512
c0d5d05747321e5ff9b7e29d0e3ba0f4eb3f9eeb53f690562f31eb8941f5d9046e8d4a0e501fca05f6a1879e1f861791931d483bd78b4886c24afeed58a5541a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersistSqlState.sql

Filesize
51KB

MD5
9c46db1b49c7049a34ab3e7ad8e56a2a

SHA1
e95a2ad382cc781733de92c32da83cff0b6cd82a

SHA256
7c3293547320e3fa293d6b57c76174d4d04da277b31c05caf887c163dc61c890

SHA512
3779bc01288b1e90e78ab84b24a1fa6b7bba703a9adddcfa7c59ad080ac49a80f8862b72b44e22a7e0c6d17213e618f830b4c5d0c0003c3179f70930c6f4b21e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersonalization.sql

Filesize
34KB

MD5
e646010552ad2ffaa95f9ebc107f6969

SHA1
337dfa04dfd4c80ccdb1ce1c6c0c8c12e0885034

SHA256
24530a88a2612ed21750a1c0449d3257d4d006f96c9b83454b7ac92e509a6403

SHA512
cc1c2794501d9b5dd0f7c2742fd29613d7ef7a21a5db92e32fef7bc0529c5980e941440fc480c3bb92c7e82686b497d10e1deb4aaf8e6ff17226db64e9ddf941

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallProfile.SQL

Filesize
20KB

MD5
d3da1aa6ad0360382f77f2230c23425f

SHA1
e42e68f624c661fecfd3ef91d9e5d6d27a216563

SHA256
d45430cb1c408d5ad4e095e3b4210bd26716a97902f803086401908685973edc

SHA512
c9b509c40b4981c92ca71f68d14279674d210c3cc99d42c1f4787a11f1f51573d43f605cda9b687e24c17629f9be49b19ad41a8837e477213e2925c1ed883ebf

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallRoles.sql

Filesize
33KB

MD5
55dbcf7109b0551263273ee1a8ecbf66

SHA1
b3bff2f3415d4f1b5c2f610254b777cc9697a393

SHA256
aa2f4128fee770f74e9325e6e72abce59dcfbb5980d38302f78f7a8e44730211

SHA512
b20037cda73253418f527434d42260655d6940c8bff8fb15ec204ac16c35f8d6f190ea2d2e4e863228e6a5a3567a045c9f07ef810c582d61284dbfc79ecd03f3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlState.sql

Filesize
50KB

MD5
432ebce2ad3517d6559273dcb484cc31

SHA1
8981951aa73b1cc9305f35b09249f16b8a079196

SHA256
a5d7cde843605d6c00dd704f2fa83b0d1295da8b18ff666954a4076e2d2f4c83

SHA512
871a04387a475e581082253181949381020310819827c1065b45627ce9ecb2514b5a915a410330f62d508e71c19cd8dea830631ddc940fa860babb1acda72d0e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlStateTemplate.sql

Filesize
52KB

MD5
88b8a0ae0536a61974f7dc620f195357

SHA1
abddaa82434ee348aa27db91ef6cb68db3125d91

SHA256
36c0b0bea0a5fed39d267fd45da2e893d26105b26517ff2ba0d144dcf7ed3d9e

SHA512
16aed64af5160e67af8faa4d69d92d53c2f5f9651eabfa1fd0ffeace87ec60902e97361ac348c72a75b4536b89dff20a3a64e5925764fbe2beac58594b4b5e72

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallWebEventSqlProvider.sql

Filesize
6KB

MD5
88a662680c6f3b060a7e533977da2496

SHA1
c400d61478dd2e8108eaabbabcf183ae917060e9

SHA256
556581a50779200d96628e404d1551278232f2eff69343111b22089dd3b47fff

SHA512
1bf5d2a36c00670b5104422657b0272612c416c88ab617129ca926b9d9b878d34f6f388204df5ac6725c8957c2bfd117869cc153f3e45b3d4611ed421447ad96

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UnInstallProfile.SQL

Filesize
4KB

MD5
bd542f02309d968a131ecaf8dabf4248

SHA1
de6fed00901f41482e06ffd99a50be6a2aaf601e

SHA256
af17ff4d876b3c4e552cebd655de2ef2efdbdafed87ba50a3b21dd435a2c6dc5

SHA512
29048553476745384de92248e3b76b4b47dae03c213c08313118b41620e9fc58a063b2cf74869300031898c1d09252908a9364770baa0e1b591155f2dfa4a908

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallCommon.sql

Filesize
3KB

MD5
fd26d27364c388f7dc184be92151a166

SHA1
318759750c9b417becc7f745c3510627f63ffd5c

SHA256
161dc7b1ffeea541cf7c64763dde828c7897a84d0fa5bb909c25e3ce07f6576e

SHA512
cde50443a9ee9225a9d392e56f3ca36f11809cd20a290fcc9638e5135b1cf06cdc7d60f8db3407efbe818a45fd6bf6a010e7e6bc0961b3514a4eee3e5070b6a1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallMembership.sql

Filesize
6KB

MD5
11127becf9e03e6139b4c61e7a6988c4

SHA1
96125b570233a39c70ede901c13c9e19d1d76e00

SHA256
735fab538a59f998bcacf4e2d1c5ebdfd9f35d3c1228337fad44f1c9d3a532b1

SHA512
1fdd8c8d04a7bd709c598db48a371d6328eb6358edf47f334986f317970f89c6b87520863776a1c15783d8931fca7d89750aaa893e9c294f5a279c46c95244b3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersistSqlState.sql

Filesize
9KB

MD5
dc0639ae3c7ba18e3c74168abd947859

SHA1
8ad8d8c81178ec7d2b0fa81ccb26d406a902eb7e

SHA256
4af963694f3b52e54bc85fdfe16afa1390758a49d81cebbac16c905804204b75

SHA512
b5ba393db0db4906493f02a26ba868a86a0bcbd81cb3a7b20f22d0e221782745d9e0a2d49ec4c2b6f1e9035aaf53c6de3bf3024795b62963abb068cfb53ac13f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersonalization.sql

Filesize
7KB

MD5
dfdc85253f49c283cc75a4b128d017ba

SHA1
359b7da4e4e413e99d3b3773caea56edf7f2073e

SHA256
cc18fbac0b58c1505d360442abba2cd53e884656124106f2f5a020848b290e68

SHA512
495c91c04daedd63716b812c4403ec23f5f56f6ce0c7b8789c75e81be0d52bf8a5d6ef531f664ad83a6b4c4a3b6d9eee6e121c9058afe6572e305795aa2002bc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallRoles.sql

Filesize
5KB

MD5
52118b1d50a0f8a47194c8e191003359

SHA1
4a55194b437f573e5ea865c42ec0743f31d0b2fe

SHA256
3753635d468f56a7f0adf62387498ab5aa03b62c11046d19594bf0e1625ea3bf

SHA512
e9f3f70fcf492ec7a36418c7d5c67315f0a16f11435dad28cf604e3cc76d505c18d0352d94365ed50676d9eb6fb8edeed4bf2bc0ea7e1ef900c94fa63c8b2e7c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlState.sql

Filesize
9KB

MD5
38272bc4b3b0fa56e414a184770f5b17

SHA1
f378ee08d8ef29208f35d0c34ec0b08aac276974

SHA256
6db457a40dbe262465057c8389013d015d0122dc062a2e72cecb7662b288a147

SHA512
98f7cb86625e1a96641af580c67a97e72f035913c5825863a64a9481904650e5b9e2f66ff74ffe7b0a185da1b41dc23827ca37d69ded09f838e635bc16ede915

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlStateTemplate.sql

Filesize
11KB

MD5
11737d5150b81522646f47c76eb10c84

SHA1
2708148d82dc07a0363b40cf8883419512cc80c4

SHA256
1307553006fc66e44b9c4e508c3f40d6917ce110e33b1d34ab2a93fa6ff6544c

SHA512
d17ee381a2ae454dceaba84bb997f5cee795f9eeefd5f7ae6fb139fe28e84150207e5e33a320c2a2cc02afd3fd67f8e96ddb77d13131a46b174b2c9dc59aced9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallWebEventSqlProvider.sql

Filesize
2KB

MD5
4678c5820a2a886b37a54c6c784b0590

SHA1
c574ca8ca213c6419ffa19a1f3692706f7bafb89

SHA256
80e110a34d6eafd0f248b2814808f6e3572895a88ac24357400fc940c8986a30

SHA512
45d2fd1a355e520bdba01bada794fe5a0ba19f9827eb249548b68318f8daf829eca302482a383c0e054042c61435af5f5f82a6673808865f8d8d8e11916e927b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
1860e720ad4f55331d7185c1fcea579e

SHA1
c766092f230b2a378bcd3ab4aedb7a1776ed8467

SHA256
a1dc4745ed60a0cc8e495d16d7005f21629bade44653cf5a6a934483fac1e9f9

SHA512
635ef56ee98305109693a8e46011b6484bbc81283708874b97814c85564ac3cb9a701eab9dd756a54b0ed3bc48794c7723b9ef2840560c2acd46b1b9e8ba226e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
0c9fc5016559a418b1193671d94dcc73

SHA1
6961962aa97cd1de858a84aa5c5283e65f197f8d

SHA256
e45af1dbf1a19c97cc59126c7af75ee2eb902f6a826eeb2b70708f1d9fdcbcf8

SHA512
63c84e618e252825ee5f6da974255b3e590c1c0631e74ec26c5cbcf859139c4a8954b245021fe08656974181bf4bf3a48ef1986cc049310f61030a572d56380a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
29c7210bd99f766cda8f375d1a16f9e5

SHA1
e7e9530b66ce631025a65423c250f2bbe3a86b29

SHA256
446dcd5add9869593190a1001e5790e8048f63ed76e28477caa1e11b206dd1aa

SHA512
cbe7a6796c4da760508e45a248ddb8e1bfe1f3e759bbf2a9b746828ca3cc2f57e242c2e5cdd96d4d7f44fd830d1af4bdbb6a11b37b24f4a69e9e53d2a8510c2f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
ec9433d394423af45f78c39f8cffb0e9

SHA1
7a7e79dede9c5c46c2dcf5878054f704272b8d0f

SHA256
c324d0f461cb7626337ef30f2b8634a70fa537cd123367c2e7e0fc9707d23fcb

SHA512
9612c4142e00cf09d9137b6eea419498e91563daef0decf9f5319c48d29471b0ea5b66281b64afe122344996305fb91b1c470429ceac854a66c096589409bcc9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
5910926f4e261b75d4ba178c15feea63

SHA1
61d3457501baa06269845b55206d3fe0995855c8

SHA256
962cd3769601dad0d30f17efbd3da51f0b261b46df6819f9947cfce6a16ddd30

SHA512
26cab0578b7e55e9675ae4e21b1f52ae492396e7d879e93180da57c2b0d2e0b2e36884dce6372681ce96550112af8560db76dbd3a7bd6a3aacdcff19836aeaef

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
e8ced8283051f0e9004c1812d6741d40

SHA1
4b2506ede93a47ffe96dad06d1263e1bc9322028

SHA256
ecf649e5ee1c8f3212090941eb0b1ed7ac76b246d31777f861873f880c2367f0

SHA512
5d4431870d1c878164ab38c0a85d1190d03eb3ebf9b1e85cdd7501e7a477cbb8878d3fe275df6740591c3f01077047461d9b4e9f3b013829c528e452059fa640

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
688f57468dc1d6c0e1dbe5f8dcde5f2f

SHA1
576d7d044dd95da5c09f341004f791d5bf903346

SHA256
fd54935c228763e3361d78994d3b41b97093813d6db600b3b555661a00d07cff

SHA512
c21ca4f75f4c0bd8cbb50d51fa4ba1406aed7def20dfae12f76c6bb832e5e3e60db0f89c6c910ba251088dd4c79b11389c48bf818743ad193af4a8b15574d414

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
197a93447d7d80d7aeb738acd9e4c099

SHA1
a0c74e4a4db335a5230ff4f58e98fbce74497555

SHA256
9bdc777e5f160bdcf8ac00ebc9f7c63c8df280fa79117da28065c0abcd247c19

SHA512
d0d3c86f7b903159f2056107ea7d663ef804e62ff9158f4f8147067c6a0f92ce7b0fb81f7744dcc496d841cdcbe1d025f0960c57711413eba83ad98134d9460b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
ae125a3f947a11f69cc225425d095f50

SHA1
e32bf922f60a7f4bd65c108269ea371f57943925

SHA256
668c93c281a6611418c7ec92ea5b21e24bf100771399ccc513661f3f114aefcf

SHA512
782bbb8dcc4422108d184dea69619449ff3d82898fcd901deee665dd68720e93fac62c3481be0093898074e6fc7cbd123411a8355b5c7671bcb88245cfe4608f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
ab8a70700c7534c5f9af6e5f7e2c23f9

SHA1
d0eb007b5d05134c664dffac14c086a4e6b6714f

SHA256
ad4ab21e70bdd13231185c353a955618666c1a7c9e30b221cb4ac84f29371471

SHA512
7594e41b679bc1a1891725b26e4de2e20e52b8ee7d7d7a6315c0aaf618daf2a64500ff3563409290686fc2a4cbdc5c18cab48ace9668c14c53de057a80e98917

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
fb33ab93bb78106e653fb65334f0b0cd

SHA1
8359afddd03557fe0aa1704771cc5870a9f67d15

SHA256
1bd9e586889696c25d28d6a877663cbb34fd9412d9cb351556cb69bfc07766a0

SHA512
80da27899bde451923f66eb1ba99e0b15942bb6e544d8915d8a4aa346fcf23f258c62d0d4273ae7c996cfc450a879f818cf54e6fef84d5a30a5f78efeb73dc62

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
d0aee146540c60e81f1552e31b028898

SHA1
cd1e8d9e21610aa2aef9584a9e64901f8b0d9b3b

SHA256
c70aaf3e31365a34d6d6b15015dd1ad377f7012cd7db0c5bb041286c7f9fa747

SHA512
a388d8907e56602b518de1fd44e8d397f91e92620fea0d1a05ccecf3815894aa0495833bad9a0cd1de2a0db935eb6880eb214757885962109dee96bf29833d8a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
1afa2a66dbe507bc31d3c453440f3faa

SHA1
4f30bf7b9dbb514c1ea424a05327d618001a5b6b

SHA256
48b4c8aa92decefc8b8141cabfc31ee63818c0efed792a4ff3e00cdf5199161b

SHA512
e7df46d9e6fd806017d5ba97dd4cd7562f92e478299f311c41ec8c06be8a2e7e7ec88b70eee82b8cb476606738a1bb0fd44bd82aac9148e24893820945844daa

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
0043b6c341916282f5e1d4e49b478e9e

SHA1
9b1ceaaab5b4a8ffd2cef0a84e6dafbdaf4a4e42

SHA256
020402772f0a9f495f4d3f12569f19f67db4178286c84426f9138fc75f9cd6f2

SHA512
57611f68cc27f7aa7a202566496dd119a89e6e3e94a83d3154f209ecde122b62368e7504ff1c04da589aec2c2b0ec3783e689e5107371bc7fd92eec98384d467

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
c84707819947eb41bf6b4b417334075d

SHA1
f8edf1a061f64dc931391df2ef10bada6f4cf835

SHA256
8e803a851c782b6ae92366e726f0d41dcb12cf87cad7395c4e33d3043eaf1a1b

SHA512
19fc44142ca427b26278375f1083f4c68b49db1004d7b7aade34c270e58c92a4c86b5121584c54690367b6a25765a46ac46e5e20b4b6b578fa94adf7a6e10504

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
61d22b09b14e2b0875df290398336dd7

SHA1
61df1ce2502d7891edb10389528cddf80dcab6e0

SHA256
90c09c540a971540d7c6841ecad83c1d261ffc6ed060f699fbbf4f6dd1cfd59b

SHA512
53ce76387b3e88019199486b93390a1e0259f0de75d923a1bf2f1411927623556f014184acb316386ebcb34bdc33e8f2a2d8f378826e6d2991e2bfb213408d62

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
7c7b5f3593ebd5d669611d44118a6e31

SHA1
8185c6a29419736054aceb9f2e761d4d733896dc

SHA256
45ef4a5652a2e349cf18ee81b92ca1a817b6ea27225470da5815bd4796360b15

SHA512
19e4d609fc7cb17ce7e0840d733562df7268a53133602a41b451fb571fdfd2bf976c727c28be953fe13e1ffe04d3edc119feb5d35fadb3773b04167d48fc9f51

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Logic.sql

Filesize
23KB

MD5
f4f057b604bfc6d1343302a4a4ddccfc

SHA1
b6d9381af5b7db4f3ef44f55a4dfd9ec5b5c2427

SHA256
6959c49cb5771cc8bfad49f26190b21ae6bf86b2d1c2bf81e238ab55a48f7ac6

SHA512
7d3244ae757390e2a5c2203e93bdc9669b97f4b57809dfe224e99b8b6dcd29e42a150731479a3a05cb1c2a55dd4590462319a9a9af1927b580935dd7783fe3c8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Schema.sql

Filesize
4KB

MD5
928658def675b7fffae606603ffbe9bf

SHA1
12b94cdf2af8345e095e0aa37d63dda87d2d6860

SHA256
8f29e7204e665f2d8fdee1e1172229c0603f99b8b74d15c159a0af45d3c19948

SHA512
c242ddf88c30fa5a57bfa431e973bbb2b276fd647a06687edf13a37997be45879a22772bb8b611378de1c5aa7d6e6fb9b5f69aed67fadbfaca4f254ca0ae8906

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Logic.sql

Filesize
372KB

MD5
171fa7faf74b283427aaed33f81ad96c

SHA1
6c4947ff30122834af18f4e37ccb292f98fcbef0

SHA256
5eebdd2c0677d4ad8e1016fd5fb8755110d4a496ca2f076fe143a42237b65776

SHA512
55daab525b60660efbd5d8618fc5540770c59259bc5af5c73b8da46672fbbbb25f814f1c0472398016f65c008f0c3da85d805b297ffde1423e3708155c18b653

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Schema.sql

Filesize
49KB

MD5
c582741e0f6f505437bbc7982a0f701f

SHA1
e4f8a2db91ff77bd7b76b1bf3bddaa87ed0f650d

SHA256
f8c483d0f29a5c3060cd26c197cc633abbc22c3c52c8f98d803570e92e8150ea

SHA512
66536ecff57248cad71c1a6813656ca1a65800ab133f33ee92283d91777f50168f8fd90fbba0c99aa696ac1b5166fded2448094710afa8eb4fee8a3bdfbffb75

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\DropSqlPersistenceProviderLogic.sql

Filesize
2KB

MD5
4124b6a8cf8da0712e490167ae10d72c

SHA1
4eae836c779aca8d078956505ca8a95b049e8d9b

SHA256
c1f7fd5463bffc264f504f0d38eb82515954b6d8267389bc7337f2b449bc8457

SHA512
4c04b8a802c1774a2d838dbfddcfd8cf02ebb1a7c3982d3afde1f58610fce9502de4ebb7fc673c7e5440a18f248bb4f65e9e12829416e8e062145f1d7d16305f

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\SqlPersistenceProviderLogic.sql

Filesize
13KB

MD5
ada07201ac1c8365f196eba4a4dae9c7

SHA1
349ad3652210ba436c2c1f4eeb463117e3dc070f

SHA256
6d3b6e8b3c89eebad0d01ad51e62fe24ae9ff7a4c234efae6b8d0057dddfdd8f

SHA512
d99d17594d4624c665b96d403d2c5e57c662d7f91b1a74d2cc6f2e7f685d7cdb75786b549dad67ae37beb12e557cc0ff609b8d5939a4970621cd9578b3c9e6fc

Download Submit
memory/1968-0-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1968-2-0x0000000077EA0000-0x0000000077EA1000-memory.dmp

Filesize
4KB

Download
memory/1968-1-0x0000000077E9F000-0x0000000077EA0000-memory.dmp

Filesize
4KB

Download
memory/1968-6391-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1968-9926-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download