b31b3d847be6d345f5ab196c773957a6ff3a9e138897c02e0e29b753c6e75e0f

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-12-2024 03:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
Size

13KB
MD5

f2187dc6a727dc6acd947d4f0daf057a
SHA1

ce01fbee72e2a99f43c693131e50f804d99e9ca4
SHA256

b31b3d847be6d345f5ab196c773957a6ff3a9e138897c02e0e29b753c6e75e0f
SHA512

774aceb5ae4ec8d621db614163d7d32889d06d12ed6594df110b59abb73c105bb44292d77a3e89ffef7cc1be7b889bf18d2dc967c11b76f80aa9a91d376cd0b0
SSDEEP

192:J/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjaGpsHcxUw4h+lfPtRMHl7Qul:JebFNw4Pk1itKkpAjjJs6B40WHzl

Score

9^/10

ransomware spyware stealer

Malware Config

Signatures

Renames multiple (3056) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomePremiumN\license.rtf	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\en-US\Licenses\eval\EnterpriseE\license.rtf	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_wildcards.help.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnle004.inf_amd64_neutral_beb9bf23b7202bff\Amd64\LN1433E3.PPD	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnnr004.inf_amd64_neutral_3319ff2548f89fd8\Amd64\NR1393E3.PPD	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\es-ES\lipeula.rtf	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_neutral_856142fd87f1c21a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnle004.inf_amd64_neutral_beb9bf23b7202bff\Amd64\LN1391E3.PPD	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmvv.inf_amd64_neutral_14cb440c800fe9fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx005.inf_amd64_neutral_f65eeb9bff6bd8f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\faxcn001.inf_amd64_neutral_d23021a1eb548156\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnkm002.inf_amd64_neutral_7c42808e24ebff99\Amd64\KO5550PU.PPD	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\RacRules.xml	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Signing.help.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64\HPO7300T.XML	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnky303.inf_amd64_ja-jp_b054bb0d59e0a3ad\Amd64\KYW7QURY.XML	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnlx002.inf_amd64_neutral_12563574abbc36eb\Amd64\LEXC524.PPD	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnnr004.inf_amd64_neutral_3319ff2548f89fd8\Amd64\NR1332E3.PPD	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\en-US\Licenses\OEM\Professional\license.rtf	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnsv004.inf_amd64_neutral_fc4526bbfbd5feb1\Amd64\SV2191E3.PPD	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_pssession_details.help.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\com\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpf4200t.xml	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00d.inf_amd64_neutral_ce7a0b4e23e432ad\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnrc007.inf_amd64_neutral_2df575afa0f7d35f\Amd64\RI1342E3.PPD	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_properties.help.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\de-DE\Licenses\eval\StarterN\license.rtf	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hcw85c64.inf_amd64_neutral_96b71557b416d04a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmminij.inf_amd64_neutral_7c300346e830b2dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnrc303.inf_amd64_ja-jp_b0dcc6693f67451a\Amd64\RI3232D3.PPD	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\tcpbidi.xml	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnkm002.inf_amd64_neutral_7c42808e24ebff99\Amd64\KOC353U.PPD	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IasServer-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnep002.inf_amd64_neutral_efc4a7485b172c07\Amd64\EP0SBT00.XML	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prngt004.inf_amd64_neutral_f5bf8a7ba9dfff55\Amd64\GEDS7903.PPD	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64\hpmcpcp6.xml	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpc8100t.xml	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Continue.help.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\Microsoft.PowerShell.Commands.Management.dll-Help.xml	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\it-IT\Licenses\_Default\ProfessionalN\license.rtf	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\de-DE\Licenses\eval\Enterprise\license.rtf	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdsi.inf_amd64_neutral_e77f438012239042\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnky002.inf_amd64_neutral_525d9740c77e325f\Amd64\KYKC5025.PPD	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnok002.inf_amd64_neutral_616c1e9b7df7d5a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\en-US\Licenses\_Default\HomePremium\license.rtf	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0014\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomeBasicE\license.rtf	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnin004.inf_amd64_neutral_c8902ae660ab1360\Amd64\INISC203.PPD	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnle004.inf_amd64_neutral_beb9bf23b7202bff\Amd64\LN1341E3.PPD	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnle004.inf_amd64_neutral_beb9bf23b7202bff\Amd64\LN2171E3.PPD	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ql40xx2.inf_amd64_neutral_b95932400326817e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_regular_expressions.help.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.Commands.Management.dll-Help.xml	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115836.GIF	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_FormsHomePageBlank.gif	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\DELETE.GIF	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\UserControl.zip	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\picturePuzzle.html	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Foundry.xml	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21534_.GIF	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\WSS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\redStateIcon.png	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_partly-cloudy.png	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0149018.JPG	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21435_.GIF	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR5B.GIF	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Mail\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Program Files\Windows Mail\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01748_.GIF	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_alignleft.gif	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPrintTemplateRTL.html	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02740U.BMP	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10219_.GIF	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21323_.GIF	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\PACBELL.NET.XML	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\WITHCOMP.XML	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\PREVIEW.GIF	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_hyperlink.gif	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Program Files\Windows Photo Viewer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\Servers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsMacroTemplate.html	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341551.JPG	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0386270.JPG	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR13F.GIF	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\LoginTool24x24ImagesMask.bmp	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactHigh.jpg	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\cpu.html	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Half.png	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099161.JPG	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0387882.JPG	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGCINFO.XML	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsBlankPage.html	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\PRODIGY.NET.XML	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14866_.GIF	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14845_.GIF	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGMN075.XML	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\play_hov.png	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_Parsing.help.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ng-oleprn.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9b84a779e457f3e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-a..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3c08c58c1a7a6fa5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\ehome\fr-FR\epgtos.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..aticcontentbinaries_31bf3856ad364e35_6.1.7601.17514_none_de9297bf648e8c64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\dial_sml.png	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..opeerpnrp.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_25c081fa77349ec7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_job_details.help.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..frastructure-client_31bf3856ad364e35_6.1.7600.16385_none_4be0e22c043d2679\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-comm-dll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_14956a919480b944\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_e5966adda19f72b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..layer-vis.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e89c52d6f87fae01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.5.7601.17514_es-es_7473de1afb0db231\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wpdmtp.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2ab0c075194d9555\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-netplwiz-exe.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fdbc420d767a65e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-azman.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9c7ac407415bf79f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..installer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1459115ca65c0654\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..temclient.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2dfecca11d70a2c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a56cb41c8b19254a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7c3aeb36c5f98c70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ndisuio.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f847dfe4592445eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-00000439_31bf3856ad364e35_6.1.7600.16385_none_5117b55cb001f347\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_0dfaaaec65b0831b\bg-dock.png	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..it-snapin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_069ffb30ea2cf64c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-webdavbinaries_31bf3856ad364e35_6.1.7601.17514_none_c87778b746d52a7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-repdrvfs-dll_31bf3856ad364e35_6.1.7600.16385_none_da36ab884a9c25c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wpdcomp.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_cf2c238937f608f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.web.extensions_31bf3856ad364e35_6.1.7601.17514_none_3d3f7e36fc4f6ba2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ringtone.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_10e8fabda88618c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..rolspanel.resources_31bf3856ad364e35_6.1.7600.16385_it-it_53ca68d49dc78692\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-sys_data_oraclient_perfcoun_b03f5f7f11d50a3a_6.1.7600.16385_none_12b230ea15a9e57a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_prnsh002.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_82df43beb9f6b824\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-h..nter-shellproviders_31bf3856ad364e35_6.1.7600.16385_none_9444767151309ce1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mail-core.resources_31bf3856ad364e35_6.1.7600.16385_de-de_dd9d3cecf47a4564\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..libraries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ab1b22ba2dcdbb62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-mscoree_tlb_b03f5f7f11d50a3a_6.1.7600.16385_none_70416df523130950\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_system.identitymodel.resources_b77a5c561934e089_6.1.7600.16385_es-es_d863840be88e280a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\inf\SMSvcHost 3.0.0.0\0000\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_6.1.7600.16385_none_ceb756d4b98f01a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dsquery.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0a132734932c23f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000410_31bf3856ad364e35_6.1.7600.16385_none_42c577fc7e31d54b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..-comm-dll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_70b406154cde2a7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\Microsoft.PowerShell.Security.dll-Help.xml	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..nttoolapi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_89009cca9c91feec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ocker-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8ed8b37006b00933\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_black_moon-full.png	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\404-14.htm	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-video-tvvideocontrol_31bf3856ad364e35_6.1.7601.17514_none_4cd64fce99b89311\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_prnhp005.inf_31bf3856ad364e35_6.1.7600.16385_none_30e9a6119eda44e5\Amd64\hp8500gt.xml	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..vdsupport.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e90d63b64b72be5b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-storage.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0c69bcae57b58066\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_data_sections.help.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-snmp-mgmt-api_31bf3856ad364e35_6.1.7600.16385_none_47815118cd38388a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_da-dk_bc35c9a22f7dc1b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-f..libraries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_33867737402be86b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.17514_none_ca4f304d289b7800\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sidebar-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4ecdd933f44ed8f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_6.1.7601.17514_none_b81694890087430f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\system.servicemodel.resources\3.0.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-efs-rekeywiz.resources_31bf3856ad364e35_6.1.7600.16385_en-us_15495050540f23f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AWAKKOIYADHWLKX\shell\open\command	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AWAKKOIYADHWLKX\shell	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AWAKKOIYADHWLKX\shell\open	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.BoX_12	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AWAKKOIYADHWLKX\ = "CRYPTED!"	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AWAKKOIYADHWLKX\DefaultIcon	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AWAKKOIYADHWLKX\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Lld7V0hq2775mf4.exe"	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.BoX_12\ = "AWAKKOIYADHWLKX"	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AWAKKOIYADHWLKX	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AWAKKOIYADHWLKX\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Lld7V0hq2775mf4.exe,0"	f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:2500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
962B

MD5
36001bca10d5e5a1d8de4295bdc4f31f

SHA1
941c80149232d99d34ccdc00c5b5232eb2f9086a

SHA256
fd63fcfcc28130a2b6054c678b98aae8378788b55364ffec192fede79cd9a447

SHA512
86c47e7ef718ded4c6066475571ce44a38eb71d6ac64b50b5b1989a7df765ed5ca82e5d40c532aa25bee41898d053497772aebf2a772a56b0596d3a7532be1af

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
b3e5d331471050a673e65d1e96e26fe9

SHA1
1ed55f60158a031a99f4152788f61bf38492005b

SHA256
77d1bbb77421d034a6619f7c54496ab59cf450237271a9339b8f13c8ff057adf

SHA512
6462ea7fb1653a8a86dbcff5ddab503bcc59cbae7eb3e8b9553546dbbd2cf621f0fb3e3121e54668cb96a4772d2c80aa474221c130f239caac66b5f05410af78

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
23cd72acc1dfbd8139c82e30c9970b47

SHA1
e09aa53c2ad61be869d3e9334fb98c20f27d5b8a

SHA256
03904de3f5f06970b0d3080db3fb9a5274a87f1004b765dc88412580c868fc74

SHA512
1edb433aed400775b230c6a73cbf6dff032249554b1ea31f0b6a018b140bd7a9726c06c046b3ef3cf84e60d8ce883e353182b000c8113a86e25beb7a44ab5e0a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
7d3267fd7333c78d25bac3c29fc940da

SHA1
90820f76fc43a17eee4290202dd30a657ef421d1

SHA256
01959db491f2f899b6145a0a62436d95d99134ffa183d02974ded8f912f9c672

SHA512
299c7241d12d9e35867e0562e8e284c0c419b7356a027d2d9fdf1b421d48092f1d36b52fd7bf47a1372a27614953ec68884e2f7d489544f7430b71ff47b08fe5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
9dcd334932e375b6f95ddb4fb58f8a4e

SHA1
d039013ae2ab229052b44c3761add72e534fd025

SHA256
f56519190789a8f74c1afedad5e51db84fcd678c06cb9566ff77fd6690a727f9

SHA512
1ad99417defe17b5e7d78a55e84675e316d431c06588bbdd433ed1b22c670542f39ce8324c2f28e76366e74fdc9a16bf432799ec2cc6ac144a91b5b609c5d63d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
61390298fd6c377f3c1f3d7033ecbcd9

SHA1
ed80cd93006e1c787c9b0e0aa38184e1e42fb775

SHA256
9db91ccbe46bf431caa860a506b63e17c73b14d363f29e7aea25f72e6ce64f6e

SHA512
e1ab7299b68b5045934c9a7eb49ff43f425ecddec42c86e805adb1a178a7e0742e2f2788c04b39074b0f5a64fd0945a15c06b550cd42208b001614569da84f7b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
d4ecedb7154cb7fb13bae2f406f8019e

SHA1
5792f9eb6b84137f92c3580f3f0b41aa86a36e14

SHA256
d24a8fc8d7d299f3363276db8a7e56038895405ff59340773355cf8b356ef1e5

SHA512
68ae14d8bb9078d0ec97ddffa0103695d778022bb1dc155dcc23a7b63fc83943491b8682168f6796e5719d3e6f980d09b19ef8372a6456138cbe7d0bf7be0a8b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
39818db1df8bd27226e9083f9f54eb52

SHA1
fbec4cf57158ca3a0a1edd9d4d33d54462259f82

SHA256
ff26551a7c0b93f2195d86473a32a80a38a0a2a71daeda8466919bb5f41d1708

SHA512
0b28083a64473386e2f815e1f5a0dac3ef8749413791d4a60019e52d003a3ca280e3154789f2600ad7069eb16b3e5aec561097e6fd45886476f6472f03da5414

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
c1d83ad6f5467757e25f1c99fdccc48a

SHA1
e3feea993007eb5c9d2c85ff9c9e93655d988e6e

SHA256
918c20b21a6fc948590f7324588b55e919a4cd89b76b13beb9b654ea749d8b42

SHA512
172bc322ca94f1394c3c075662b60d449f80316250aa4bfd37b927beaf3d960397a64bc35ad8232e51e2588418248858c667d11b53faee031c532ecd91d893e7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
269cbb289af6421b52b18ae933afa467

SHA1
d12582bec95e45fa79f1b0867229c00898f3feb7

SHA256
f078e4092b1a832f198111fb960846fa21ec3757ef4d96666b9f0d7f0b47f20a

SHA512
b9abee9e291a9dc7bf3674480d49a1e2d4d37190dbedc47d5e8a28930361cacb403b9c7d25e75eac3a090f48060c05d3fb339d9dca3f5ab79834282dd73965f3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
dc9f2bbfd5eaf549d30a2512ff6151c4

SHA1
52511ef560b7f67ee7bf316e976256051db3bbb1

SHA256
4b576617c2c96ee8800f2c4c5b8bb7d13add3447e222e5f4e1865ed7ddaae461

SHA512
b388ef07883e337005510ed98521f0570fdd1e36e5e2b9f659db51a9a5e8d971a63565a97e7cd905acc60695f9dc4c8bea55c9f655e6937291a5fc4706965ef9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
d6c1998bfd046985391e5666ac3d2714

SHA1
ca0dd606b592ff8cbcb6fdad3f1a5e7cf1695658

SHA256
4fa5d7b3a761f937b0325980f842d34fcdec122ce5852667c6a2e0c5641fc28d

SHA512
c01fce5437a38f6eee9ea23ac893b8aa282ba87282df49184b2ac4b7580381e3534d8723afead240ac69b2b3ff5be20b29ea453d0d7ce5150d5c53fcf94a0d41

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
9fd609b97f0ca601cfb5162327b4a546

SHA1
076349a66f3c17c34c75f511bed81e40513ff9b0

SHA256
803f19e8342b6cb9596a5de998afc65a342eaf847a616aaaff5a35faa3d86e69

SHA512
71eb39e41300d3f4368dfbb8470e44f41c120f50fe5897630b2c8961c68260e1291a265f29f93072f0710c7ef599472c5eaf31da928aed65b01d4931f84c0a30

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
3035f2ac67e40a119cd1b14237d17c06

SHA1
e8806936253f79be25e9228b2c02199faca0487f

SHA256
1e354d46b020026e2bf2ff32f804e8a5b698610b93037bd34998cf17ae52b4f1

SHA512
b414f6da138d81c702e406549b80f375009e49a405335a67b601687804d75a49e5cfd54ca216cec267629249ef91629d79eb160f221824ffbeecea084acc463e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
a75597650f3a5737b36234fc3ce63988

SHA1
0693d3856b2277099644f149c45f6086e2c659bc

SHA256
e08ff8c571b57eed4348e98c2c4833bd7397526b1f9760e043105ad3a7b04eae

SHA512
72cf79078794cef28dca3366fd7853e1dedd9f28b778e5ebefd50c0815cb97dc71b9721817205db25decad98d1098023bbb5f34a3cb0a231cfb2318af91baefa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
56d42b148652fa76e220d665bdf28591

SHA1
96db31220d7896d2519274b3539e073625434655

SHA256
e9ef530fc678d3ad25c718032098ebc3163b896692f3107d2aaa8f620586c61f

SHA512
be7a78024d4f17aeab54aee5a8b5ed703a63b83adca6272b362e3fd46f0e1c657caba5ddaa3cca3f20240697e16908e7c700b59f6299acefab5134a724e9740a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
84d013dfb82e073ea2a8d8291c87f83e

SHA1
9d0608480ae8743ffe11b8a1dd5213118ce7bcd4

SHA256
3787817fc7c78e1748efa52b9908e65b9e0bb96158d78689b6d5abf535e25389

SHA512
8cb931aad7ff5264dd216009e67f4d4b39e73636901a15d164ed0417068683b2b0a198cd2b0dda3bc9acb1d567347b680829f5f27739ac585e4de8ecc2c064a6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
1118226f89d71f8f609164c2f4bee250

SHA1
726fde53623b4917e6d519deefbc28f89870c643

SHA256
4ca67e6b8f5456cae4968d3a180d6a0685076830464cd23980abc6ca27684de2

SHA512
45bd87cffcab5d6daf8bd7f562342ab020903b8010d651befb396337b06863968a4e977475cf4defe3428876e8d01deb06c33298e63192b88b606346f8a19b7d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
6d869e205aec0bb51c3c08dc9e2e0a76

SHA1
74bd8962af8f3c465528cd1c37050ce7d3d18b95

SHA256
498ede561349f09a41df0ba6be7e4656642d95644fdddc25d34b746cf3bbf243

SHA512
b97c28d43bf88c40d11c0dfc0da1011e3350c5e58461be0d727d744eb3ef9a2d18a277445c7663426d3d78c1ee881c4bee7d617062e037a79dfb6738c527b475

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
50b0f7905c1cf50822730f9c2db8468d

SHA1
c46a1b1860a25e6c43e3ffa64cab75e71d96b64a

SHA256
3a9015962816de487696b6c45510c6c9380154250b09cc974d40d1ce35974274

SHA512
bb5d28e8f0f4e85821e42cf92423d1a3a13de4b140730b7a66e9df3c31d38c76b79b6e2e66b7a04d0fb67ca4a4c4021c7485ba13a75b9c263490f4a6eadd513e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
5a1e850b32498fb34678dfd206ec5335

SHA1
1fb685b59bb3c6257b3d80853dfdc9839020df2e

SHA256
e06ed751bdc2dd755aeaac0fb802ea995463061007f20af724309bb3cc19fa71

SHA512
92c2532ea6f54c73d730d5d730b2d5b0312694d43109ce445dc67c0cff52255054fb7be5c9826ec210e3cbe4d76753fa4f618316a04e6fe482504f86472c0ade

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
263762815e0ffc9ac2bb373e4d33687c

SHA1
376ca42c55b9185fae1b38dadc4582be21d8e5fc

SHA256
48e14a5f6148ac4af0a5eba2d088949ab96767a4fbe382d8b433f123d59d5210

SHA512
e91ea1e4262cfb0d5f73da2246c9637dcc065f11ff21b5d2d9d2c3c0d9b8d7be542b4b9bd5d6ecc2409095d7dd9947974e3ddf64d977a4f94a10030a9609251d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
f0cfcd79259ecb70fa2243f552f8ba4c

SHA1
820d369f2f85aadf383ed7572fb1eb692ed45ef1

SHA256
062aed73d1a9adc7e11837099866170355380c97a102199a76ed390ee0fa2a90

SHA512
bc0e11e25eb39cde63f4bafcdb8ae04ee1f3936f8489bca95b22497fc0ea64988fa7082faebc0c2b969228720566a01bf02953fd139c6c41971bafb0998dc09e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
e4bed605d86e90d655a39eb9cea43058

SHA1
7daa95dcea57756a59638ac7ffe57496093a2e67

SHA256
66bfdd7500a7a2ce14916f9dbfc68c9185b1e828e5b3120b54b8d05336b54bbb

SHA512
d5b912d09a27fd4dfe040f248170a86eb391b085c85ad04c925390c59377cbd9d3afc8dab8012401541539ec51bf5eb1219b6335b7e3c97447e1e7ad2c61f0ee

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
49f04895b0c5374b5b53648d82917169

SHA1
8994f741fa55ac95993d495bbb7466da84cd16e9

SHA256
4aff34c49009d1f81a498c4062bf6195771cfb0bb10750cfbf5035cea36edae8

SHA512
c76d7e9aa521c563032ce265140eeefd511cda30e2610d96f01e44e093f632b3c851c7b480ae395a03134440d6cb2e31d92c288a220441bc17a220d1ced06dbd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
068b5c696f3e8110860d26084e631730

SHA1
15ab73962bde26c94ca457c5c2b7857f304e69f2

SHA256
70b3a5051bd805ea54fa381379a5814e84332161d109111fb6ebbcaa91911acd

SHA512
f4e2e63ad2c075ecf4d18d3f421248a8374d7c5ce95e4117876eb292f0be2b2a5344a9a926d599b5d73d4900b0f9dafc37633d8ebfabdac0656fde70c1b5e8be

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
c62e60525cc65da2afcfd99f161678bd

SHA1
d1cca20857c35b10981a264a01426711a4a3194e

SHA256
4e3e8e2b29e03c239d2946209a148c18e55de07e87984ab1b160644affb6d722

SHA512
053a44501ac039c10b98fc77469d14cb2743c651109581ed197984ab1b63c735a0d01e58f1b5fe63decccf1f8c931fefaa7382c402009d063934a5fcf01eaefa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
9b4c0e7942cf9f766363302c372bb5fb

SHA1
867180d691ff1defee43d1b364cbf3cadeabc8b6

SHA256
c6ca3c7588596fd77a46bfdf0a173455ad665b162b1323716777da4a69ee9ccf

SHA512
9de2fc7122f80ac76c3bc45d03fc3d5fbc003136f4dceef48d5083894fb4b7f296d934a35b709b44a950da2f7971a56ca525efd26384930c6c2521e80c8445e7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
14f75d54e3f2e784a6e216f14006594d

SHA1
24db2d4f1001bcbbd8e0398e2b0b982b7ea959a0

SHA256
0fa971724f89701ceb2f803c7a53056ec0a5c52502e80f01f8e7c3e59a6963c3

SHA512
e410438b3ff102c91fd2c554e026ba0b0c9764472f1dd9e72ef0de7d6d97646aadc92fae1012f35d3a643e5ac761363957cd8951e7514d7273d2236c763fa43c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
37996d8ef493614d30a0ad44db9b525b

SHA1
75c88883ff5a2c235b8bd814e783b0d203313bf3

SHA256
a4a75a94a96ff6269332dc33f3d71387ae3b0e3c8f4fb1e1daa0a9ec34e8b9be

SHA512
959afacec249772539ab63d23978eea85d2c0ebfab3f9d7ab0419135f0c57a537d8c025f278fbee2abcc7a0038b806b8e340d0fe6af19072bece6dfcda9fac15

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
da21d5fec7aeceed2a5aa406b38cc50d

SHA1
3c2f3b4242b208c1f3acac7b14351d5f900155a5

SHA256
c1516ac56e74853617c33440c48ad07b71089a84d65a4b60f48405a06d2320ad

SHA512
73eb917ca8eb6447700567fa5cca30bfc37346fab0f8ca40199a6b77cefc828f36895672d26f814fa380f256615249cab3ab2adf2ee0f1293d227d6a3aafc80f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
c08d6191375667c268d67524c3fde014

SHA1
96baf5b1195a2595b6dcc573d54d8bed50637f51

SHA256
7472a4f8a32d4cf52842371183eacb6c62086f84e65347f50a4f8ad5cb4d916f

SHA512
92068969e2e7c020773aa347f0edf481f027407f5b6ea42ae6d4ae5fa1b5d702b076d95e9bd22967ee51ca90678bb798c2eba151ec23ca2c99ae66737ba5869f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
b576d74e1fd5019cdabed17137f511d5

SHA1
e9e9eac208ea2a1b6e04a57ae302d402a5d0b0ef

SHA256
4b9dff48e44853c1fdb88ec1ba8742679ba2a382bf2e979486008b3d103ad74c

SHA512
671a8392f1eaa1bf93653caf0c0a23186a0800a3c46324b532b571bcfed8b41483be0ceb02952f1885acb4b46551fca9362a217ffe218251b20bf736c034a430

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
1e8c9696be568cedce95e109cde57d76

SHA1
0dacd2d602701932107e6c25869898e1565c7090

SHA256
75ca35ae5a013118c847ca379adb742b4bb03d7fd106199a0ec0dc0403899eb9

SHA512
a22190d0303ffb30701165db7437aca19c350622464f5423d9ccc6ea8aa25543076d63fefa5bceb7cc9430342affd5773c70308409f6ad974336f9f37a92b0c1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
a5ffec9c32df434375fd29d94f54ccdb

SHA1
c1185c2b94867876d5b18e7b435e8dd2a82cd850

SHA256
50863614b975a9e5d6775f27928f9680b8275215ecd182eb69a11d69857cb403

SHA512
d451786d9b3926134317b966a0ea138370c55da084a5b508812248cf65c4df8a651a3d940bba0bba502c640255caa0ade201cbdf71de3d90dd74411fa3cfd7f9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
7d4d2887182e22103b999aff16b1b319

SHA1
c193fac898a4615abd7743588967dd282660cdd2

SHA256
82cabf4608e342dbf5f183cc7684a9612a65f89509ace8d605f4739d1356f3fa

SHA512
69f0c11d3aa648ae915dba630aa22352b2aaa5f3fad2a5336d53bc7b18289af8f52174ce0380143d893968728322092ad4e4db3dafb5e75c1cc3f1e2cd725b61

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
c8e6f13051d08c518a036b90ed1fb82e

SHA1
7af4efae000e588fed09d77cc83e248627e2e44b

SHA256
05ca3ca232f493c56d3e31ca6cb2118e9e7af36e4940b8e092494ba9eabed98c

SHA512
0117b22f5cb748466064cb5a0e44fb689b9c7b2586cfaa09dfd2f32c10b85f9092009e83f3ace0475f15a7d34601de9fdb27cb3104e8dde3a8ab80f0706f9ecd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
1b962fbeaa9f35d0984243fe87cf7fea

SHA1
46cec99e475de2a7808c556be8bdb9970df18af8

SHA256
ba02a7631501d85e8947208072acc5e9f1943b33627a35bd5c34819224bc0fb5

SHA512
0e6edf3430ce79d079079352d198beb186fd91213a6b944d21306c738556e8fd32d528a480efd5bf46a5b573b9a2ebf794a53f2d7103cd419843da96bd221f4c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
6ac77bfa12e52c3697ac9006e9751b8a

SHA1
a552eae2e441f680ed3b7590d24dc06a25c202fa

SHA256
a89f015e7966d79cf9ca1505b6a0cef150040665000bc5fbe8b61c4f1ad3b47f

SHA512
ad1864ad9d9f76663f566dde6405a5fd85db8804b733414fa94a13562d595be7d728be7a4b2ce5894596e326c65ec4622d997f269891a8cb06cf4449d264e719

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
46ef987074349ad3c37f20fe4e76f5f2

SHA1
e06829951b6151b5d609ed57339e61044e3f4cfa

SHA256
b509cee18bfb14cb11cb6109b565c48aec89b338b00d3f55b50e6ff31a0cdff4

SHA512
f21a382bee357d1bfb2c494a1bc08c78f0cc60155a9a1a3e3e6fb75659a9fd96773871d09ef620e0ae18c8f686847511b8d21cecbf472fbedf15afe7ce5a87d9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
f83be317a82a4dc3ddcb1bb8e5db652e

SHA1
026524fab047056f3020e6b8543d761ac6e4bde0

SHA256
5bb4e971daca20e84d58ea083aba10fdbefb921ea86c5a8600d8c74876ae8c05

SHA512
9ecad2b4f6843701a4728a167665074ba13671deb3308c1d0ceecbfb18496a6531973fbfc6905a24492c90d705b3feaaf8968cdc56139186f015e883210721e0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
f28028868b871ee9ecb80f76620a50be

SHA1
b289a98a49aea7579c2e001427edfdc3324363f0

SHA256
ce4ad26cd7d0e2770a8c663a1d7dbfd0f80a465873c14a58e02dd19ae892efec

SHA512
f4fad24bdaf126a4a5d5ab5c8e1ea681b6a0546c64d14fb0ac017a26f9b3bbe44ab9c4ee5ba72aba9753b742169d8a622ecd77487f9d0ba623a76869a2188b63

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
43297811a485400674eb7776d9d954cc

SHA1
bc6e381c66d9ed803b8bad86419ef5986ac6772e

SHA256
aca28435ae546f7c1653ecf94da51d5f6b3f0d48c1c0a192e58591b646f2a343

SHA512
bf76929ab523c38baacacd4b4c466fffc871457f9bc4100779d990882bf79aa8b0dc6a89ad3b600a790a1663ffebb192c38ecf550de5683a71964ce56b7547c1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
b133af5f1b7e203d3c8462fa2a150581

SHA1
f34d7809b9421ac06857cc5c234edfef5b3c4692

SHA256
90df23af67b9ea1d8224e288835c465c1ac95b4bf134797036167d7b58243d1f

SHA512
cf2d15a6f7fbaa9c9e76698539e3ac3f424a4f1fdc76576ea685986eb0e9d02b16f16bd7a2ce71c4aa269ffc946837f3b1a445b128a6fc401ef4ee2338dba40b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
029fc8d52adb32f9cbf09fc0c27700d5

SHA1
631e16bb84122557fece4cf17ad2d004381fb489

SHA256
725d5883e1bb3ce5a75eb84633131caab21dfa21aa6aa004a8a5dbc36e561383

SHA512
767ac14cbc6616d0ff46d9de2700714b740ecbee7361d995f7452a1b6fea1c16e66adae9e0023aa65e6eb657e5513c5ee76ab1e154ffaec5c4e4783b1e21e123

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
82302a2737bab25441d16d9e6ca183bd

SHA1
ce93f7bc38d586143e2a3910937734301abf1c07

SHA256
8d890034c7f8550b5dde6256c47cc2bce909102699b934db3d20e53f3b7c02db

SHA512
10a71fd189cb4519564d0efefea7f80576f1199c2865c2686d4da87d6428df01025cd02e7332646c95379106b89903d5b9fd8932cef43a95a6c122a3811eec61

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
58f5549c3efe23b190dcfc2c2f7b3f33

SHA1
eeac3fc1e31743441e1540d221867151954f8d57

SHA256
f26970a4433b01ce64ca53edbe360065f41d28079b2d5c9794a90d1577def720

SHA512
a6f81989bb71fca0672c557a721555ff1ca9098d0d1216d52f5e69b9599fed648503862488560d227f4cbdb2e520c962dd5792e0ccca3a4ae0f81cb551356619

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
8ebd585ce2883f271a597f9eaa9c229b

SHA1
b96ce440b13877a737f222624077620b8d89db66

SHA256
a9a9b73901025e5e6f7f759c8ac971b8d4829a0c5f37efc522989d2b01997911

SHA512
e2218c4d9726d60410ab47d2beafb85e7f33c5a3b28410cf544378f6a8ca112d5829ecba0320c4b1e9815bdfbf4e6994b11e2ab05b8f0d0ce2f5c55ea54fc4a3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
2b98f0d8a180f197bbafab21fa39ed91

SHA1
e264e20fe6955275948e2faa639162cc628afae0

SHA256
bec0f6ff8d3fc0c8bd63d7150786044dba3540e0cc57ee5e4efa8008d5bced80

SHA512
fd5512579cd4ca9806d2c69efe906a312d49d488f4510674c6c82d60230e7ed0b091f0bf6d7789e050c6331396adc9f48e810a03c75e4e26577bbdd82a85dc6a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
d90f2e30c7c1048199da76ab162b8b1b

SHA1
fb58a9906d4c21dd30af48659ffac9b8657c342d

SHA256
f9ac78c2bfcf4c193e175975df2459d7d352b61db60a2c26c0b1421e984c305e

SHA512
0c15bb15a9b7b12a881e5771c59aed9ebf779c7b7f4af5a6beee4d653e703ffa69c371befefec510f8352ff2b91352d3ae246c35c7440e69a23ec4b5d19faf56

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
1aa23368fb44b6db1a34fda677acac9b

SHA1
d0f56402bbe6dcc81bd6876beb67f2644172f014

SHA256
cc34c377f053565fe7d00a6b23e6c4b87e320824b2a0ef91452471ccb7ee3315

SHA512
c83fc3d0d2afff2653a3bd28d8f2656e8f8e5dc766218bcae333a6913ad5b5c0d681bf907ef90c3b54f2ffb49e7011860235c176ce2cf68601e82728bf904573

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
0a80fed6b4408b9f01edd3d492c11031

SHA1
4b4fa5c2255f9ba600f6e19693ddc909de6e33f7

SHA256
a674ac4f058b80f4d1b59588dd47225a64629dee4814902e965a0a5b0f203544

SHA512
82ae874e21c65ea57b4fc4d90516e583f1a82419ccad9aa8751239df94f82739a1fabfe4493eaf1d11cace5181a7a26866609e146a152414864a03169245ac7c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
32a30e0e3d0c696a11b6356845ae45fb

SHA1
9d4fe8a512f96fb7d99d01050808cbc10634f270

SHA256
a3c0896120ff44f4b3a57a87f7b47ab6dbb3aa8d91800c69b8ff5d715d2efd1f

SHA512
9faf2727c9ae8fe4de1d4d1b0a0f668dfbf7ba0d4e89b929651709414229922fb490092e50e532c1339884de0bca5a725006fccb755321cedcab48aebdce3064

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
df4a7071c2fcefd86bf9354da2a76ec3

SHA1
db07fcbf0fa409ce23808d9098cb86af3b610050

SHA256
4b3266494b0224b139813f75394b90d65608e64f7f9fbad8490fc7f67b77f00c

SHA512
484eebfe76481e70f485f387ede66d573da37a87c3a1023ac63478491991657a372b71bf9576234dfc44fd021b4339e6c609608953a921cd21ccd1f2963c0eb6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
2e9be03cf6797b3c8f6818e961e0b9c3

SHA1
2ab6f99748459fbcf446ad5c4a32e1a309a2bd50

SHA256
fd4dd1bb42511d4751b20b0dd6b540b3ba834eef678c94b0c2a0af7a8d0db4d8

SHA512
aa7bfaf6dafbf76d20f6310470df6557d782e97c5841391ef0901e34475deac24b914b1a764b19c44fbe6360bbaa7f2bd6917f6c98b4abf42528eb646f11fa45

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
470fa860cae8259460283c2c14f952a8

SHA1
d896354aa871ab421f6466cd3f3a78de2829424e

SHA256
6a60df6ea23084be3b3bc5c855e9ee6a6c9cda47b37b69f50624bf68e4737cab

SHA512
b0f1d522256a93973efb4164a4b7c4ea0142be8ae72f2e87feeb0aa48a114afc316747469d350ac538fa092c9b204af4987ed9c63bfa7cb954e909432a5b1586

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
9816c15f60dcc2ea9f72bad1aa7ea0f9

SHA1
74c652b6b7938ecb6423dfa1ccf4b682f3f3d9be

SHA256
c157ab07557999285ad53457af375da495e545695d9cc51b67c39abce8a2ff2b

SHA512
521e61e81d0aa50e133ffacadc1bcb2097c6c33c9f7f86babf958b6ae46b0ba2be26f8fe8559cdd3335b028bdabae3dfe3c8687b44d20326b0dc2d07e601cb62

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
a10e134ee394e459a9bc30eddd93e20a

SHA1
04736e62a8b3dca23ddd00c00be72ff67fd0a96a

SHA256
ea3b11b9cbe6c2e243e4b5d842c5bef7753b77b2b10012d169bc2b018a70686b

SHA512
20459f94a9aeb1218fe4dc0612f2e78f490d067211bc2aeb7e37783e1b0672af45ffb4d7efe524a2025b1169a701980b4d738ab94260f410a362bda77fc704fa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
d9198d4a4ab676df757198dee4990325

SHA1
6e2c5632bf308f3e758f8482a3fc72766bfde0e6

SHA256
ddfbd6ac51312958cffd8aa21e96ed9d62ee0b8106159ccc1be9f6bffb216e6e

SHA512
749a24fa456e1dd4febae9daf6a9e9e44623d825674630b53914553584ee6c50bddd39391730679b4ffe599bc1b5b74b17e72b96aff78d392efde47204a9f864

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml

Filesize
247KB

MD5
8cf83a2414ca9416d079d005c5aa4535

SHA1
134d3e6ddec7cab0e694427024e1177d990a131e

SHA256
0e28713c6420251e4fcb449328cb428c025d67b102f6cdac901c75772f0af9da

SHA512
b26c187401717e24b8eb110720c38f1278bba78a5d6d2b25a3e269f46fa33add5724679119c7d04df5203a1e81a71717dd3de0255a8d556a9c6a54b2a909f010

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.XML

Filesize
806B

MD5
9dd7a1a9acb8e6c7af8bdc156f4e8412

SHA1
c500790ebf54f6ea2675793c434ec2e00d5cf5d8

SHA256
53456f2804a2fd70770a1b59787cff246bfcbdd614611af23d2cdb9d928e2641

SHA512
13b216fdcdfac32b3a1d5bf89413fcce20e425a8df541474a118440e538dfdae9b83ba719f8feed0fa8538acb34ca82f12e24aa77c4d59b6b9d87d5f13596820

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
e9b7c2654481697388bc65f14ddc490b

SHA1
c2ef2394f2a7485fbdcf245d4dc915d91a555228

SHA256
2e45f0d36026e447eb72a0eacd2a1bd8c5995b65f31426ecbf53ced93b9ce287

SHA512
6916c093a7714c71fcef4b63f25f48b53a3acb5594603900d6a8c6fe68f8562812bc63bda9e80ee32a21a69674d55d882981861281a0872cc1c0997dccbba0ba

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
57eee58d2a1efbbfdaf4aeb86d058577

SHA1
07561c87d2cc0e35e287dcc9c8a61ffd6354e186

SHA256
811a3675bcf2ef933e7802ae9d5745bba0ecb8c9423228a5953c47d2324fc199

SHA512
6e2c523ef408d8d3a98be704515abbcf93c812d5a269b96a1abcb98e210202c9531684e7811947a6396687e563474db5d3efe99e1fd10528e8b1011afad842de

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
04961a555a40ca545b88e41abc36cb4c

SHA1
8bf1c68f6b2170873066360cb13e915254e166e3

SHA256
3df0dc6e8d73dac9e9e0b242fb209d95c101e2176b068537dbdfb09f2cbd7b28

SHA512
2da5ee641a7a6c2639117ce0c9c849f00f802ca44b05d1b77b80230aef1ee400f7fc57a3c02a566a2b230f64315f9fb8cfdb4225259676ffac6b7e1f77d3f620

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
9cfeea6a5720d70233e6929075e3693b

SHA1
0ed9cb8670ad18d0d5ac84a2866f590b74644392

SHA256
9d9c0bbd5194d23c220a86e10a25357b7b35dcb404acc4ab4745212fa3c69b05

SHA512
8aa0e1e1e35ed5f6448be53c37b10dff3f467922bd3d077d71794f424304b3aa5c1d05a706b439844a934dc7b9abc4617321de5c623a4087ddd7144631680181

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
81254bba883d20bb62ae8d804cbe1ee3

SHA1
d6c41ece9211f64a0258d389b09199e0693b7353

SHA256
6cd4bf2d0b1d1eaac704fb7dc4b2ad02833049dfbc85bcabcdab0693d94f2cfd

SHA512
1b72d9e2e9c1b893331bda1e8190ca4a06ef9bda04f212c7a8b9f42d784f1b140d1308315677f956f01ee643fe06ed15f3b5512662ee1aee3d48c3c90dabda47

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
e97eabe0b7109d084e834defb647d757

SHA1
f55eea666c0a19bd70f453be8f6e1c89db5f9428

SHA256
72bc6fece506310e33e9edd7b53025588998b74efa311715f76672da4379b09a

SHA512
e3f3ffb6b39216800899f9c251eeaacbe439cef50fccb6ea8fd06743859f5bed4135b0624c0b68c0ca9184915397e4c3e07790e2eb688d110ccfe10bd046a1ec

Download Submit
C:\Users\Admin\Documents\CloseDismount.xlsx

Filesize
12KB

MD5
0f71057662be3662e03e9b46aa82639b

SHA1
a42946bad7937a3bc629aaa41443c60a97125f75

SHA256
4f53a64c82424b0bcddb57baa7b53f87b697a8899452a7c47f0074f48e909295

SHA512
54d6a672fbfa6eeeba72166244542681df36050f7f60b36603b871eb51eed11394c4e36d82de01531b0aeba17042780ce4d384ad00aefdf81cda3e941d5f2f45

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
d1b54927334481bb37ff423ff77d88a2

SHA1
087fbf3bbdc9ca4bc4243c9daa5c3ee563668dc4

SHA256
6db346f1e9270967ac1446f53b227303989533fe7b5875ec940a0200d3641e4a

SHA512
7554c2bbcc21c0c04438fd1238e19b26d1d8b17cfc329d818af590a081ab3802888658d29bfc9697ecdc75e476f141242254a914e6974aee94c2335086c824ff

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallCommon.sql

Filesize
24KB

MD5
6206313f42edbc6290f70447c08619a0

SHA1
a98d6a081625641680317e14b437c871521ee3dd

SHA256
54a58b995b8f8b761a19426ed0eec3b6366a79b9bd5d17268f97248667de1640

SHA512
76f046cd86ebf9033b13f46942dac916c79c056936e6a81c9d2a3250f5e6b87064a5e50d22ea868a5b6270fbd9e33342f78f98b103f573a6373a8823e96e9b4f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallMembership.sql

Filesize
54KB

MD5
391dd193a3d7b204b52d9a930115069d

SHA1
03974ad9f5e39ab0af08b91347ab3b382c35004d

SHA256
0bf50dd29490409a2659502615f2d99936a2466def2190d37224656256aebd7f

SHA512
fee5ef2aeccb41c39117c6b182a1119213bef9682270f81b164478cc8a108e6ab53dc0fb96c8a94a4ecebf4b453b202ee7d515d27525a6fc6209a45ece0688f6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersistSqlState.sql

Filesize
51KB

MD5
cbc82c93b75a1e9f22f4014ba48252a4

SHA1
a6734f037c003b72a5777ccc95cada7f657d69e7

SHA256
6fa9279c248108df15e5da42de36ba54273fa1dfc3db07cc85d49cd0c8e65dd7

SHA512
5583b816d884e51c622c950f531ba393539c3474d9065a48791c7beb023b2eaeab093e18ee57fc43ccf45ee94485fec44a13c19ff90d79b11df40e119e63c075

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersonalization.sql

Filesize
34KB

MD5
41711336899978183e2ff784d0c6cbf1

SHA1
956ea45515232089ff7e44aa30c80c24294621b8

SHA256
0f4ed97e0492d5a576f0a11e449c5ac5dc9a11a36205115b8172828a15e0644f

SHA512
723c2208244a3ba4ec06ffd6baeeff5cc43fdeb5ba4a033b39a880c9470eb45e5810709d89f7fbc107ec44926fd4c75ba263ae4e5cc0740835067d7d2fd97bb5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallProfile.SQL

Filesize
20KB

MD5
1e6ab0720d3bc475fe54551fe08afaf3

SHA1
d83c8aed6dbf197fafef236f60dfb9eb0bff725b

SHA256
e885f3a04da4a028f83b81dd861a2f8b9a09cadecb37f456597e6bfbac12e452

SHA512
124e9139828b0f87f167923fa35adeca39b0011852d836761e7a35e128fcd06abecc5c38b55f5dbdeb4ec8b3c670935151bff9efe873bcc659c89ff822b1e6c6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallRoles.sql

Filesize
33KB

MD5
6160f9a77ef01107d938e59bd6ffe6b4

SHA1
b9ffece2a6feb4f79e8a7cd1ce2247739f295e39

SHA256
8d6be2e92f0bfde497fd2a3ec2965c2f106fa1b3bc68bbdafe449cb1cc1493b3

SHA512
f28f5c244c9ed9e225512057172fb51317d8a3f83ae15b94543d2b81408d00ef96abded2182819c93f7ef5b0cb90b40d9ab7204dbd1fc902329b2a229420cc5e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlState.sql

Filesize
50KB

MD5
9902cf76f2da1264564104e0e867ab9e

SHA1
5ea55dbe171d12a1d32df0c8242e40fe08a33110

SHA256
0309b9a3d92c7d8713995bc0c020e1ac191e1f4f3a0b830f9a35b7ce749b041f

SHA512
30c46aaaaf7c6a1802f653e14205c2ddfb79c01486f43dd0c536431a835ca7d11d2054f87754c76af5c5daa5df4bedd3702df75b9330c3ece60d17a02f3adb68

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlStateTemplate.sql

Filesize
52KB

MD5
cf1b6dd6301bbd1298d778178607c17b

SHA1
3c649cdb6db9d1de4951af41b04a3d885169136b

SHA256
1d987454a530221fb2ca6e5606b1338444f078950183e0649fc6b9fee063cae9

SHA512
8ed90c3bd6eec24701e9ad00e48379e245c504d3d76093d749d269ad01458b249191ad8d22f25fc08cb11251db6e09cd7c90b52ccb03793df7326a66429e90c7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallWebEventSqlProvider.sql

Filesize
6KB

MD5
68b8d369a3f0541855edb9bd0a373292

SHA1
a305cae020c84e3ebe0f6c2c35cacf80d8f2997a

SHA256
b0585e8ae8cfc90a1d33e54f9e7fd551b02234ffc365e43b264f03c8f4064b38

SHA512
1da9ec30589cd7c0b6c54111e787cb738be00b310360cd1ef4b3908993af894a62a5ca5831861156404801af52f4a9e16ee563d54f721f9be94885da99da7721

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UnInstallProfile.SQL

Filesize
4KB

MD5
bcfe372e3cdcf419b178a29b3c507b54

SHA1
39dd659ab2c4fe4868e9eb69e104ff4731756951

SHA256
d9b395e2b7ab93969dfdec7272647dceec5fcd9290a156086f2941c82b2aedf8

SHA512
3edc144973a0bcd27ed08762f1cee46e07227905a0b9b48c87a3f9066fff229b6d23f25e541aff5aced7872fc675e3d0c994017f9ecf30e467ed3ddc3f5cad69

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallCommon.sql

Filesize
3KB

MD5
53c9842b68aa51279adf06cdb35c7c86

SHA1
2cf8dc196e3f4f4e7576154ac7f900852202d365

SHA256
0b7b5dd22fbf05c5fc26f976bd2ebfe9cd6b560175fd44ed3f9e7de30918503f

SHA512
3cd38c56daa922b95a9af39299eb8cf7dacef8c7b51e5df7abb0f345af725f4ec82c5d1b6b4b37f3bb68b068f0a55cd18ce413fe466a4e0fb2cb5f2c0d7038e4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallMembership.sql

Filesize
6KB

MD5
e375e4f9c08ddbcd4ef8e5041fe8e7c8

SHA1
24a5b319fcad133b9269b6481916cca56b887f6d

SHA256
bb643c56f8468f7aed647c6de6553eb8b1e61b4ea419feef20a0e91e5c35c9e6

SHA512
4fb3b0241491a9d413baceb9fa2468e31a2224fec06cdc80ccb28273b55e70de8440c1782adfdc8c3b21d8273869dfd7dfd6c561ec5533b4f2561f480434cc81

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersistSqlState.sql

Filesize
9KB

MD5
fb299b78ae25ad25947ed77a3b979358

SHA1
45d33a172b525689c051976b0fef938efab67fe2

SHA256
9230ae5743faae3552d6cfcb34067e35fc06c0b1ac2aa9ec358655187c6c2e41

SHA512
c0e98a7eabd8c8b3845bdb6b981860d551bf35071e114794150478648e24d09c4f9d3f6c3f96656352ea37ea149bb34a49ef4f52b54be416a7ef2a478fa054f6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersonalization.sql

Filesize
7KB

MD5
8cb7a13f954e54f7ae2b4407ee312d1e

SHA1
f7f9f5c4267ae3549f164aab0789c96ea2e27109

SHA256
eb8a43ea365a7602a483d69f0860cd469d8bf1feb768c12df1095f79b39d0d16

SHA512
58eb90bd0ee51ee7decf58f02740ce6a793c6b31c05f888a638228545243d863316f27e0803f3e531c04413933e3d964cb5d4a8670b5e6a7ec7451941bb2f977

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallRoles.sql

Filesize
5KB

MD5
bebfd7155f0e7b16c0430962c4ef468c

SHA1
9f73b4352ccac26320d6c729bfb9666750c8f001

SHA256
2a50b34f42f3e267615fce9135bc677d57c0c0ed6796f32694922be0b368cfd5

SHA512
2616ff59cfc8a3fa83267945d2deb68ea5e60fa5abc430628a33865da4fa97d8431820183cb8b9bc825b68e3654ec5afdec937f2446eab57f90e9f0d765aa19d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlState.sql

Filesize
9KB

MD5
5cbe2e75c7f1882e836ca5efe81f1d67

SHA1
8db9aebfd87a2c04bb8fff7adc24cb4200ff729a

SHA256
9c4fca395ce9cdd6354dc99c71df985c917cc0900f9993fb83002c56785ce2f7

SHA512
2319997ca4a19c50b18dd32dfa4f0d1ccaadfea6483865ace81509e186e0d281bac144b1f5539e644010d23f0fd7f903ee4de1181f77a5d6421a682aa4668870

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlStateTemplate.sql

Filesize
11KB

MD5
0815d8b4e98bfc863f3847db5dff9397

SHA1
d9eb8d9b3023c3119b87888a34fa756142a4a6cc

SHA256
cc12b8a35d3d6136dac7dc373e59eca0e6dbf10413b7f65766d1eb913e03ca55

SHA512
d01e5377b086adcc66fda4fe936f34bd48a6acf9a5ccef12905bb4c014508bc79b2cda8518ac53b5f057dbeff4e052130c3da24153ad35ed4aea8ca7e590f4da

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallWebEventSqlProvider.sql

Filesize
2KB

MD5
e246c2269d0f25227e4da9eca828aed0

SHA1
8924c56d6af4edb403cca800e69066856a0d15bb

SHA256
69f39657a5b417b571e6024ee3b3d1fd38747f85b35b6049dc65f13af0fdfe48

SHA512
82e4e3f6a25c09a60cf1ad289c7c09c268b75cb6c8c2da4650980aee7b2369e392fcdeef7a48cd96742a7dfb9ab8fb07579266b7a70d6df3166bc5d3d14a6b0a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Data\GroupedProviders.xml

Filesize
317B

MD5
d876d626553067b450e73f2624bff2c9

SHA1
246191b2fd13a26dd6715334cd01b8473968d861

SHA256
573040854b28ea76df92b0c9edd865da9d0995d0b588d6c3c2b5f10b871bd038

SHA512
e5d97def6272a109a13de6101c161750feb77a0c4c2c46d7ef0e07689732a8a37d89ebb029192cdad412d939c564277a78d844df5f680823bf05096074f2d41c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
7858b6fbb6bf7406b2cfd2f00a510992

SHA1
22bb1bae4922cde29e7742b9f417d08bef1ad049

SHA256
46f414e540253ccc1ec56e060c67eded0c7c3b13a7078c9b1217d4cd9d2383f4

SHA512
71c39f2925daf83acfb11baf950315805d2981a288b6dc47903a57f1e89a8b15fb8965773858c00008dabecea79d1417a35448d3f7132c46be3b36bd6457d7cf

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
fd493915445adb7db2abfd0eb046a92f

SHA1
4657dca9c0e76b8a8f0285797fe73b5fc0e2884c

SHA256
90009ed04d1afaa77867abf25b5c46376518a5b3e40bcf9cfbc093fd793b7a10

SHA512
17ca8ee798a9d7e98ebf14bc2dc22e7a4d1f693e115027d6ccd27fc59f54cf9471e031919b13174a7149c8be20057d2c08a3b03f8399a027f28bc7900c42fa42

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
f8f8a527a7e9e933a3edf0b6bbd55aae

SHA1
478f385b526a28f6e3cc4138d8ac3fb3e82c854b

SHA256
9d4505cf9a3b187c59e14278fd1e36e9a4c4f75c0cfe73023b2e802541e89dc2

SHA512
17c0bf1515efba890f590503626712880ff32b1e51a4813a0a5bc4e032993efc2fb04bdfd07218d40612a553a6b2e550993f0422a8a1fd8e61f3bbdf50e4e7f9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
8d9fd349896feb3b0a7578547a67a063

SHA1
d4c6714206f67187a0f981c5390f8efb910a03e5

SHA256
186c3658375a953cc82c9735a6109587783d38c24715df8fd9dc051fc12e4f60

SHA512
4ff9b04830ad5689187701c3d7af72ee053f6705c9b06374bd346bd6d29a89d5eb1ba513cd6df91d79bc43d6ffac4705173112c3b6aa4abb41093de4b522fbc0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
58be6a2f152d66e8068fd9513a991f10

SHA1
b9654a153fdc35d62e808c8dda66d3990cd9a6da

SHA256
5f4ea710e87b7ced99d1406baad16abb9d63ed6cc1f9c7e97ce98d343bdcdd3d

SHA512
f056a2af4b518f240218e51b1519240dad8ce2670070043d9120b5122c5689768149885ddcf87d831ad7b3b06b0d433069da009327299e2143e397e6b8644040

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
c5d62736bdab60d231f4545e8a61c58d

SHA1
022933692050adbd4de27345e7df51ef89658fe2

SHA256
d9522d83d02ed76378fc1fc658b9892015446d55717a3b68ea458cd8c1f99247

SHA512
12a58c3c94876ff26ae4d44a333ba03904027131d70f7034d4c4c8f4e91f3364206e4f70695ff6e492815ca9dc9e3fa0f08d841d344d2944ceb8ccd102d468a2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
59db5f980fbea3fb17eeee25ca3357df

SHA1
a3b77529a4341b5a5dae8b757aab155e0e390d40

SHA256
c38c99b4375551b00416d9e948594567673b0b032526908d8a9ad2c15aef467a

SHA512
561b677010d2980df80306b5c54667d228937d2e569faf59f03b0b489029f8f555ca571c4c936e241b16dd1806465bd368b8851ebacfaafc56a7abf271f12361

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
435a7d0a8ffb995138b68ae1b83b0103

SHA1
6d58d94d2588688f35c0eb74c4f5ba7efc50c091

SHA256
eb363739f1a3552750c219cce7c3412ab5f437ae1ed6cac3b53adf5b0620a232

SHA512
1921f0b80bbcc5019cfc4993072bc7878d9399e84cb20614f807e18f45221c7d44d21fdbee1e30df8cceb0d0f68f0091e49bf1865eebb575ed757d820326757d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
a4858bdfc6a8c2f77c7666b9cba76f0c

SHA1
3d6bc50e18d155c41261435546c028e9bfac5d9d

SHA256
524d28a45b8635deaef0e96cbeb656e30e3c2a3089519d3c0b87ebfe1960c4de

SHA512
92d56756f47453801b0645769a4590fcf2e03847f054f65d875c2c6e891c34b7b379719e8096a804a41bb5e9697fa19dd7e2af79ec1430430db5ae9214140b66

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
9e2863b6f3afbc2195fc2b9926bad24f

SHA1
a3efab4ad0aa242c483225f09cd093f50a70ba2e

SHA256
869daae98b6889db4651120da3769659d82d783bcd9fa092db378c626a5a70f5

SHA512
26d32fc9481691e2f3f6d8114cda89f66414cd1482c17bf62dc64243482b34ccf4896fe68db7f47ee067bebf1438525144bd69af5941017f1bf74206a09ab314

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
d9d02a2e3b17a7f6b4e3443c2404c1e1

SHA1
a4a96033bdab8be4a6d079b999ef1ba67e5539a4

SHA256
e2d842608387131c4dce6ce014527c7ab07b38cf0d73ad8d02269f370ba28486

SHA512
ed7ba14c5c377cbb5f499d7a366d89e25cd11dc8b0822566f41e900707051d019405b3f5ecec7382c6a9f583a022c3c735da100a9ac2d1e02a5def36d1eeb10b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
b50d81587510148cef60b6ea4877450d

SHA1
90e512ce446534acb298da821f924d0d8bda3c42

SHA256
0530e14dba9f036ef82202bfff33c99b75ca83c22b58a7f3ed846232813beb61

SHA512
04fde9cc010cecc4a5384a37fda185d9d4cede2e669226749dd395052318c9bde18efd66249567838418e207a1a76de2afa2a650ec8ec25b43c7cc27fa34e934

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
9f2cc43203a437fb7d189d9f6c038322

SHA1
77b17e7ce83a332293323b1b3190f63dde761ae3

SHA256
4d27e3a08437a202bd07e655d15686b1df89cb4fc4d658b4eb619dcc2e5b929c

SHA512
7ca3c9c52b5acebe4eb034872e85f5e621693c66076d74fae62e222b4284f46ac91b6f9143f031d26a91b071774aed997d7ef745b239868e29cc6ac75005d9c4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
05336bc13ae62c8a310155a3da38ceae

SHA1
b99ce6f50d358ed37858565662ccbc10c3370f56

SHA256
90285368d0af25ce0ff807b2b015283c6d8292decfdd04a1d79a811a00cdf984

SHA512
9443be8b3298cf9cdcdf63de16b5ec282a17232a2e8acddf1fa0f86a0c1015e832100c13c4da214c6cef5ee6890fb4206fc01a9e58cd0a50359499c364da7f69

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
dedccdc256805ded9d1b545c1e52efa4

SHA1
a662a7d86f9e23a54d0faea3ae7f1ac6f6d024ae

SHA256
8caa83fb6ff7eef2804b0b3901164cb2d01628f602c52d58e482895e02bb9f58

SHA512
4a9dc6d1e3015a982ecdb73e84aab5f43252c66bc11beafc5ca4a7d796e9bd8ce098855cb373de092021baa1e5730d2d238b638a25b8d212840c1122aec4f52c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
8bf15be59350927bf916cfe81e694fdc

SHA1
78bc3006f9c9fdf3e97430bcec50034bf0affca2

SHA256
0116730b84a6e1602d42d6744e08abc5b31a1308d3cf84eb0ce57512ea6759ac

SHA512
ae4f6f64bba34f2e96a3cb4a5ce154d1cbf3dbd008827ed48a8ad8b4d7dad4a2e538b52d59934544a22aae025f7006e1bcc67c1276a4184cabba8ef5af514485

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Logic.sql

Filesize
23KB

MD5
cdea4f2e70cab5650bf702020041ad6c

SHA1
66d63421b6a363ed2d0f134374892151c7b3611b

SHA256
bc93dee3879ad2ec508ef55a48972437cb7ebac7fbe1332873d60cc8fa68142c

SHA512
00b9b934599283906b39d91462309fa8e56ed05eced731c2e5a7c62db70d809ac11cb8d2ebdfef0eba88c6050fb46e7ef311891e86f6d1eb2ae6c46b41b7033f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Schema.sql

Filesize
4KB

MD5
a8d802048d062e2ac7c72f10c6bfa661

SHA1
33d925f25a7fc0d439f722460daa712c4193f809

SHA256
3dbe6c52881d117c0f17cb487df38e1745b6e4a88d24896d21044ea64b77d3b1

SHA512
01962a3f98b98b37d33eb1caf0b1822a4892388b987d3bdf383c202340b8fc9751a8303e7f4aab62b446c77b7aaa21eee1502ae1f6dd32cd336d21f43c483b18

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Logic.sql

Filesize
372KB

MD5
7462ab27094feae793646d8ca0308d1d

SHA1
f6e5a3cc25b9d72f2653e2ee3496e0c99b2e859e

SHA256
48bdcb889e926d07f5e8d4de772eae11d31f7a1475d9921789f2af0d8b549abf

SHA512
203dc2cf30b7c515a6301be0774403ba0dfeb91cf9b5282ba4d50fce79b210df8a422467fb358f3ce55fcd4fe7f7870fbe61e30b2d948a7385540e16bd83178b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Schema.sql

Filesize
49KB

MD5
4df3aea2a96cddfedd0cd0db3962259a

SHA1
6af9d97be4dcf3369e6d33587096cc37257e8555

SHA256
509c5095c17b45fdaa7bc826cefb8a4381fff3b7ba23167b467340167030f326

SHA512
bb1321427649f645a1ed45b9c4c65e52cc37758b645ce93d64454c495a0716fc9aa6644757087a197088286aa385297ec9b8d3a5cfdd58a20f3161c3367a9a50

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\DropSqlPersistenceProviderLogic.sql

Filesize
2KB

MD5
58053e7994708c0c30c2688ad2c58aa8

SHA1
2990dfad4464fc96554d5cff815e5c81d1314fd1

SHA256
8bda25a746f228f2c09a4e37764e1df4038afd7f1aba1bf5e3d515ab3d905e4f

SHA512
42309a457a8bd1a9502cfc7405e72e89ca724f69c80d528404ec2897b7a86e9e6706f950cc7a80a4d78b2fd888a24fddbf5f9f1279ca46ed29fba160f8efee9c

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\SqlPersistenceProviderLogic.sql

Filesize
13KB

MD5
4cd3c2da09e21acc8f4147c6c740a78b

SHA1
040425b094c6e0ba091b0edd1b92a81c96ef8a9b

SHA256
71a3a34cb5b992f935c343c27090335c518a6ee22f16088fce6dcc1bdc28e9b5

SHA512
54ca0367e03aae1eb90838d6f36be11b743e536b0b93720e8169124d43268078f19b8de18b8622eaef011c2ac3eac6ffd0f88c7f56041da7271b2dad11191053

Download Submit