Overview

overview

10

Static

static

3

PCCooker_x64.exe

windows10-1703-x64

10

PCCooker_x64.exe

windows7-x64

10

PCCooker_x64.exe

windows10-2004-x64

10

PCCooker_x64.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    13s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 00:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PCCooker_x64.exe

  • Size

    22.4MB

  • MD5

    317c5fe16b5314d1921930e300d9ea39

  • SHA1

    65eb02c735bbbf1faf212662539fbf88a00a271f

  • SHA256

    d850d741582546a3d0ea2ad5d25e0766781f315cd37e6c58f7262df571cd0c40

  • SHA512

    31751379ad7f6c55d87e9a5c1f56e6211d515b7d9ae055af962ed6f9205f5abad302c2e47dd56325abff85327ec3b7f9a6cf76ed34b8cbe1da06549c622c7031

  • SSDEEP

    49152:yIT4lj7Rl9HFoDi+3JK5CS2bV5IRtyrp63FDysl28Wvp/pUOmrscrdXuMIgqJ95+:yI6

Score
10/10
marsstealerragnarlockerxwormdefaultbootkitdefense_evasiondiscoveryexecutionimpactpersistenceransomwareratstealertrojan

Malware Config

Extracted

Family

marsstealer

Botnet

Default

Extracted

Path

C:\Users\Public\Documents\RGNR_4A38E1C8.txt

Ransom Note
Hello VGCARGO ! ***************************************************************************************************************** If you reading this message, then your network was PENETRATED and all of your files and data has been ENCRYPTED by RAGNAR_LOCKER ! ***************************************************************************************************************** *********What happens with your system ?************ Your network was penetrated, all your files and backups was locked! So from now there is NO ONE CAN HELP YOU to get your files back, EXCEPT US. You can google it, there is no CHANCES to decrypt data without our SECRET KEY. But don't worry ! Your files are NOT DAMAGED or LOST, they are just MODIFIED. You can get it BACK as soon as you PAY. We are looking only for MONEY, so there is no interest for us to steel or delete your information, it's just a BUSINESS $-) HOWEVER you can damage your DATA by yourself if you try to DECRYPT by any other software, without OUR SPECIFIC ENCRYPTION KEY !!! Also, all of your sensitive and private information were gathered and if you decide NOT to pay, we will upload it for public view ! **** ***********How to get back your files ?****** To decrypt all your files and data you have to pay for the encryption KEY : BTC wallet for payment: 1BKK8bsFfG3YxTd3N15GxaYfHopoThXoY4 Amount to pay (in Bitcoin): 25 **** ***********How much time you have to pay?********** * You should get in contact with us within 2 days after you noticed the encryption to get a better price. * The price would be increased by 100% (double price) after 14 Days if there is no contact made. * The key would be completely erased in 21 day if there is no contact made or no deal made. Some sensetive information stolen from the file servers would be uploaded in public or to re-seller. **** ***********What if files can't be restored ?****** To prove that we really can decrypt your data, we will decrypt one of your locked files ! Just send it to us and you will get it back FOR FREE. The price for the decryptor is based on the network size, number of employees, annual revenue. Please feel free to contact us for amount of BTC that should be paid. **** ! IF you don't know how to get bitcoins, we will give you advise how to exchange the money. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ! HERE IS THE SIMPLE MANUAL HOW TO GET CONTCAT WITH US ! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 1) Go to the official website of TOX messenger ( https://tox.chat/download.html ) 2) Download and install qTOX on your PC, choose the platform ( Windows, OS X, Linux, etc. ) 3) Open messenger, click "New Profile" and create profile. 4) Click "Add friends" button and search our contact 7D509C5BB14B1B8CB0A3338EEA9707AD31075868CB9515B17C4C0EC6A0CCCA750CA81606900D 5) For identification, send to our support data from ---RAGNAR SECRET--- IMPORTANT ! IF for some reasons you CAN'T CONTACT us in qTOX, here is our reserve mailbox ( [email protected] ) send a message with a data from ---RAGNAR SECRET--- WARNING! -Do not try to decrypt files with any third-party software (it will be damaged permanently) -Do not reinstall your OS, this can lead to complete data loss and files cannot be decrypted. NEVER! -Your SECRET KEY for decryption is on our server, but it will not be stored forever. DO NOT WASTE TIME ! *********************************************************************************** ---RAGNAR SECRET--- QWZjY0QxRTk2MWU4RTIwYkVCRUNhRWMzRjhCQTdlZDJkNUJCN2JkNDdDMzREMTYyNjNGNTdiZGFDYmI3ZEVhNw== ---RAGNAR SECRET--- ***********************************************************************************
Wallets

1BKK8bsFfG3YxTd3N15GxaYfHopoThXoY4

URLs

https://tox.chat/download.html

Extracted

Family

xworm

Version

5.0

C2

outside-sand.gl.at.ply.gg:31300

Mutex

uGoUQjcjqoZsiRJZ

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain

Signatures

  • Detect Xworm Payload 50 IoCs
  • Mars Stealer

    An infostealer written in C++ based on other infostealers.

    stealermarsstealer
  • RagnarLocker

    Ransomware first seen at the end of 2019, which has been used in targetted attacks against multiple companies.

    ransomwareragnarlocker
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (3041) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Command and Scripting Interpreter: PowerShell 1 TTPs 40 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Drops startup file 1 IoCs
  • Executes dropped EXE 30 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Looks up external IP address via web service 4 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Interacts with shadow copies 3 TTPs 2 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Suspicious behavior: EnumeratesProcesses 31 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe
    "C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2052
    • C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe
      "C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      PID:2484
    • C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe
      "C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe"
      2⤵
      • Executes dropped EXE
      PID:3004
    • C:\Users\Admin\AppData\Local\Temp\asena.exe
      "C:\Users\Admin\AppData\Local\Temp\asena.exe"
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Writes to the Master Boot Record (MBR)
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2716
      • C:\Windows\System32\Wbem\wmic.exe
        wmic.exe shadowcopy delete
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2732
      • C:\Windows\system32\vssadmin.exe
        vssadmin delete shadows /all /quiet
        3⤵
        • Interacts with shadow copies
        PID:2728
    • C:\Users\Admin\AppData\Local\Temp\Bomb.exe
      "C:\Users\Admin\AppData\Local\Temp\Bomb.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2636
      • C:\Users\Admin\AppData\Local\Temp\25.exe
        "C:\Users\Admin\AppData\Local\Temp\25.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:2820
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\25.exe'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:3160
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '25.exe'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:3248
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\$77-system32'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:6044
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '$77-system32'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:4224
      • C:\Users\Admin\AppData\Local\Temp\24.exe
        "C:\Users\Admin\AppData\Local\Temp\24.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:2836
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\24.exe'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:3396
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '24.exe'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:4500
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\$77-system32'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:4604
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '$77-system32'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:3752
      • C:\Users\Admin\AppData\Local\Temp\23.exe
        "C:\Users\Admin\AppData\Local\Temp\23.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:272
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\23.exe'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:1500
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '23.exe'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:4140
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\$77-system32'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:3388
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '$77-system32'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:3520
      • C:\Users\Admin\AppData\Local\Temp\22.exe
        "C:\Users\Admin\AppData\Local\Temp\22.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:2400
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\22.exe'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:3184
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '22.exe'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:5912
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\$77-system32'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:4900
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '$77-system32'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          PID:4868
      • C:\Users\Admin\AppData\Local\Temp\21.exe
        "C:\Users\Admin\AppData\Local\Temp\21.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1632
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\21.exe'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:2276
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '21.exe'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:4952
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\$77-system32'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:4448
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '$77-system32'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          PID:5904
      • C:\Users\Admin\AppData\Local\Temp\20.exe
        "C:\Users\Admin\AppData\Local\Temp\20.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:2496
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\20.exe'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:4632
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '20.exe'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:4356
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\$77-system32'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:4504
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '$77-system32'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          PID:4232
      • C:\Users\Admin\AppData\Local\Temp\19.exe
        "C:\Users\Admin\AppData\Local\Temp\19.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1760
      • C:\Users\Admin\AppData\Local\Temp\18.exe
        "C:\Users\Admin\AppData\Local\Temp\18.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1648
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\18.exe'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:3648
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '18.exe'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:4992
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\$77-system32'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          PID:3220
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '$77-system32'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          PID:3224
      • C:\Users\Admin\AppData\Local\Temp\17.exe
        "C:\Users\Admin\AppData\Local\Temp\17.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1272
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\17.exe'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:3080
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '17.exe'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:5724
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\$77-system32'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:5592
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '$77-system32'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          PID:4672
      • C:\Users\Admin\AppData\Local\Temp\16.exe
        "C:\Users\Admin\AppData\Local\Temp\16.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:288
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\16.exe'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:4972
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '16.exe'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:6068
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\$77-system32'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:4828
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '$77-system32'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          PID:5568
      • C:\Users\Admin\AppData\Local\Temp\15.exe
        "C:\Users\Admin\AppData\Local\Temp\15.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1644
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\15.exe'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:4132
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '15.exe'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:4708
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\$77-system32'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          PID:4408
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '$77-system32'
          4⤵
          • Command and Scripting Interpreter: PowerShell
          PID:5840
      • C:\Users\Admin\AppData\Local\Temp\14.exe
        "C:\Users\Admin\AppData\Local\Temp\14.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1448
      • C:\Users\Admin\AppData\Local\Temp\13.exe
        "C:\Users\Admin\AppData\Local\Temp\13.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:2044
      • C:\Users\Admin\AppData\Local\Temp\12.exe
        "C:\Users\Admin\AppData\Local\Temp\12.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:2884
      • C:\Users\Admin\AppData\Local\Temp\11.exe
        "C:\Users\Admin\AppData\Local\Temp\11.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:3044
      • C:\Users\Admin\AppData\Local\Temp\10.exe
        "C:\Users\Admin\AppData\Local\Temp\10.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:2556
      • C:\Users\Admin\AppData\Local\Temp\9.exe
        "C:\Users\Admin\AppData\Local\Temp\9.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1692
      • C:\Users\Admin\AppData\Local\Temp\8.exe
        "C:\Users\Admin\AppData\Local\Temp\8.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1552
      • C:\Users\Admin\AppData\Local\Temp\7.exe
        "C:\Users\Admin\AppData\Local\Temp\7.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1564
      • C:\Users\Admin\AppData\Local\Temp\6.exe
        "C:\Users\Admin\AppData\Local\Temp\6.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:2684
      • C:\Users\Admin\AppData\Local\Temp\5.exe
        "C:\Users\Admin\AppData\Local\Temp\5.exe"
        3⤵
        • Executes dropped EXE
        PID:2920
      • C:\Users\Admin\AppData\Local\Temp\4.exe
        "C:\Users\Admin\AppData\Local\Temp\4.exe"
        3⤵
        • Executes dropped EXE
        PID:2040
      • C:\Users\Admin\AppData\Local\Temp\3.exe
        "C:\Users\Admin\AppData\Local\Temp\3.exe"
        3⤵
        • Executes dropped EXE
        PID:2704
      • C:\Users\Admin\AppData\Local\Temp\2.exe
        "C:\Users\Admin\AppData\Local\Temp\2.exe"
        3⤵
        • Executes dropped EXE
        PID:896
      • C:\Users\Admin\AppData\Local\Temp\1.exe
        "C:\Users\Admin\AppData\Local\Temp\1.exe"
        3⤵
        • Executes dropped EXE
        PID:2824
    • C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe
      "C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:2792
      • C:\Windows\syswow64\explorer.exe
        "C:\Windows\syswow64\explorer.exe"
        3⤵
        • Drops startup file
        • Adds Run key to start application
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of WriteProcessMemory
        PID:2692
        • C:\Windows\syswow64\svchost.exe
          -k netsvcs
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2424
        • C:\Windows\syswow64\vssadmin.exe
          vssadmin.exe Delete Shadows /All /Quiet
          4⤵
          • System Location Discovery: System Language Discovery
          • Interacts with shadow copies
          PID:1620
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Windows Management Instrumentation

1
T1047

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Direct Volume Access

1
T1006

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Modify Registry

1
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

2
T1490

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
    Filesize

    27KB

    MD5

    43c16e81a0dff5f0552beb7e2daae4fc

    SHA1

    5f06075bd069ce0639c5e0067903a68b93d4c3e9

    SHA256

    22cd1983e3ca6422368be942317a2eacbefc2dbede03241a7b1d596fd9383a38

    SHA512

    dddc6e67ac5149e13d838e4d972191700abbd8da754aabf9998007d4cadc15ed2781ce0f4471948987a051663810419850293bc5b88d003a2cd875f3f21394d4

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_F_COL.HXK
    Filesize

    635B

    MD5

    409897efe736f1bda600903352610e4e

    SHA1

    b048b5265f78a1233193aade31c14f45d99efe84

    SHA256

    726c568aac193cf038670a696eacabf0b0953a65850b39561357cabfa0460ecf

    SHA512

    0dc0f6dfe201ced169edd243fd333154e9b129e962d6d92e274f4b556ae8a6f87a2ebbac5ebf82aabcf03e5425e30d8c9d43c33eed4fb369112188fbe2eae554

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_K_COL.HXK
    Filesize

    634B

    MD5

    2a0f90f32084785ce7b5d882b074832d

    SHA1

    cd5d942a7374f16872c0b9507cdc084bb55dfa1b

    SHA256

    c36ffd618f03139ff05a986fe9b8d5297a854aec8adc03e23e0a1464840fc7c8

    SHA512

    b5cb1d8e711afcc5e6c397287d5b36f2c8294d0deb4c3ad41b259372e080278d18a1f3e7fd5f0d419f4fd5cfde439bad481866ac20dca97b949c285e9aa45674

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF
    Filesize

    862B

    MD5

    d81e53cf627c60c9bc49b4e61de50cc0

    SHA1

    24f0e9c5e595a8ffea79f6677b5fafb0c43eb8d6

    SHA256

    b37de4e9b0c54048e93f8505aaca01276274d634bb0552ec2353e902ccd9f1e4

    SHA512

    032bb079a0c84acf58f8a0d5abed377572ced7531944aaf245506911dcd9639194738d8305e369231ae2bb8be3dddd33ccd6e60b4cca73ca40754bbc477773c2

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF
    Filesize

    743B

    MD5

    44ad785ce60ff09447012053071762da

    SHA1

    ee3b0dd49f042f4ae67cc3c8ab7af8955977c78b

    SHA256

    8d079ee96f1aa75f626cb7afdb9bfdf583ad2a6240a97de809ab41407d34ebe8

    SHA512

    3abc806adcdf4eba3351ff7682bdb0e2f9ff5533444f66e3442ccedad430359cd2d3e37999d96faf9dbdeff7daeb35dcacb5c368ee073b36c283178ec271568e

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\SIST02.XSL
    Filesize

    239KB

    MD5

    381886be856fae968fb64a02ac1fbb10

    SHA1

    5b4d543d7b474fe78813791153f0b0f25d074197

    SHA256

    293708705f07b5916ed0a28db201ead1a778801c1d727c3fb376254d4a5bdead

    SHA512

    60adc74a88e9360f08c7f801c4643fae28e26b376d3bfeb754c0da48f37d305d67387ddcfa968837d90cbb7632c4916c3c072cdc9f0a2b267ced7904ef771363

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
    Filesize

    24KB

    MD5

    e47493df1a0ce09b02104a7162e48643

    SHA1

    004fc78e6fad50d45e02bef3d9ef38903718329d

    SHA256

    c0eb7b09652db9b2d033f2216b8f7070fd4ac27b63a1139271eacd43704f959c

    SHA512

    8ec564048700d0057c5975fb86802ccb1edaf143e5a83c6caf4aa8545a9841a4696ce2a8ea04549b2665acfbeb02b380ec45559db25a8e2ea01f79a53d53bfff

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
    Filesize

    706B

    MD5

    37f93d447ed2b9414fcf28c8b890279d

    SHA1

    6e0c516b6eb70e1b2c0591df4b69fddcb3b61aa4

    SHA256

    261fa5918c3b55a8e0913474194035cb260fb00c467a79bfd1761fea469400e2

    SHA512

    fd3151f012d80cf808cabd0ced567e596bf08dcead655e9f7db3bacf4b6777b84940a5638d20c64ce20df35295b31ba056571f55197604e7addce4687e0d0a23

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
    Filesize

    1017B

    MD5

    3bf7ae8647395f19d090838d3cc68a17

    SHA1

    a5e293325caa221ce103820a6facb63988e93e4a

    SHA256

    e1d226749dac6bc73ee03804f34a14a8f5b9cb705f90dacfa067472e1f13af13

    SHA512

    53d91f08e9a2a14e46bd33fd1675b549a8abd09b6f26e32bab45ed8224edf2af35261752bf244d6e57d3802fc6ab86fe274fb946a84d468a8f3558c7337a51cf

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
    Filesize

    1KB

    MD5

    8ca1867f7d6192560d316fd724ae240f

    SHA1

    5517f44cac347e9fc240d1b8357f3f8c7cff664b

    SHA256

    fdbfae592266f5ac1a1a2a41c053017f8089ac16ca34ae7ee00587cb3f737edd

    SHA512

    9713d7811be790c95c401bd9620550d9d0ef6ef8ec54af7f30fea3cd1194fd0ba98223136cbf6492c4ac34abd214f3cb4ed47d9793faace00cf3219c6a55e5c9

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
    Filesize

    6KB

    MD5

    70fa01d28df7d378918f4cab0bc2177e

    SHA1

    08fe80e898378c1500d9d32eda9943ff3cc75f71

    SHA256

    6e597d1595d0d809711a8cd762552e908b1c8782f2e96d170a008372ce7a28b9

    SHA512

    0aeee72843e5a29ac2c87371d91b750c3e7eac99ac7ad0cbee4e9ceca87489756a88081c0efed929503503ba528613825516b0afef36e3b140ce4e637fcfd751

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
    Filesize

    31KB

    MD5

    382e186dcb25bfaee93fa2fc6eca3893

    SHA1

    a169bf3993abcdbc20d457104e5b7da0de2cb3ec

    SHA256

    bcbaf0c10671799e6dd55954dd582dabe9baf00a913c208081caadef6496ecd0

    SHA512

    54cb213f7b2648e1b5dc3db20d6ba409a4b72013d4bce64cec86b0e685861ff9bc3bc3f0900712bab361bc5e85cf2b30047331405f4f50b300d15b3d40435a22

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
    Filesize

    5KB

    MD5

    7aac72344f15eaab4ba6f09689eba3c9

    SHA1

    3e333f56d48a70df5dbc53e3572155d6ed1c136d

    SHA256

    41612ed9e82c1153dd5c01d5a6d841b3959178022fb9898a9dd8abc0a5879827

    SHA512

    653f173ec56dff2da40b5a7f6a2eeab267dd69129100eb3a889f3647bbd1ea1842db2befe394abcbd72604987915aae7b69dfd11d30fe92632c387fd9dc7ad08

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
    Filesize

    22KB

    MD5

    630740d9fcd49636b9a24b3a988f1498

    SHA1

    8d89bd3ef03b070a1d69fbc3d0964a7c17e263af

    SHA256

    858520e087e9ac62347273e8236898ea93a0c1c0dd5368e47cdb1a6bb1debd09

    SHA512

    68b4825da8ec9c2fe7a1cacf4d1df43df3ec66dd846d5c1b9f9582568a4cd339f1a0fedac76b977f4080a4ba98297038b5a148307cfe8a959fd4df39d93b51d7

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
    Filesize

    627B

    MD5

    26d5eed8c92d9bcbcef82f7c79dc17c2

    SHA1

    70d9285efdc9970e1e3aa09f255686a094cc7727

    SHA256

    19285e6d3286c9da4d676a0c1292dba5bff86464f33d6f7ec6bc1299f58e3f11

    SHA512

    d06fddc2f2c27e9d378e1ae4e098eed014f11aedd35e5ab8b172d932dfd2fce41d774ee7e1257314a6feae6892c23cc7a03327a8e34616480fd5cc8a3b9aa7b8

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
    Filesize

    8KB

    MD5

    8478b81b04e83b95425a8e425ba09972

    SHA1

    8125552f91a5960992f390106431492d6a715a00

    SHA256

    945822d26ebd00e9e344c2d19491dae4b047d6a07cdc21c5ee512f457e33307b

    SHA512

    f23bc300986432f1b81f38499ed49cc97aa2f98e0a0d2e64a81d5cd8413aad0175fce239af2c6a16a99e47cd3a23c74357f862b8b675e0fd71f9277fcc4e4894

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
    Filesize

    15KB

    MD5

    b179281c30b1a8e4b990c34aa249b29d

    SHA1

    8897330c1a9862df9b02dd4737b98a844f65c460

    SHA256

    189328052463f42a10df38523e54d0bcc80d3c83ae33489648375366acd9af00

    SHA512

    f58212f57718c390cef216ad5705320d8f870a6ea843356b791cedc4519e74302b7eac01d51ab762dcdbfd799c72914c6129a1a850fd94c14db9a359e97f6725

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
    Filesize

    6KB

    MD5

    f6bf4056eec559728b536c833c82816e

    SHA1

    2f34ba3133c1bfc03ceef8d0a2616950a2b515f9

    SHA256

    2273734e71574397fbce5ba4748099435827b88a6d1871362180f9e6edc48c6e

    SHA512

    f8896519cb6ec51e1a175fe2771c93dd4d12a41567112321e5bd0390475655b30a67c86baf92ac049e9c19a2d92fd0597fc100ee708dd47846d3f115e9633f7e

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
    Filesize

    20KB

    MD5

    fa1d5a97fbeec88b21b6eb68ef84ea38

    SHA1

    f6ccadd0f425d51f533da568ea79c8562c44fe6a

    SHA256

    3e3dd555d8ef2455c02bd5b2b1e27201ca317e4e66c215051b098fd9c6ae6909

    SHA512

    9f34ed0a19d8172db3d11626193fa5db0220d2ed65f568a24e11ecd95663981b2fae79e761c127a0b1a51be5c7959a6eb61d296ee23ad9697c995a42a15a1141

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
    Filesize

    6KB

    MD5

    87d6185322316685e0ecd2eea0df42f7

    SHA1

    1136a7ce29e6f8f7078c6bc5cabeefdbddde2f94

    SHA256

    0b2cea552b2d41bbb6629ad47ea4908c09d189ae3787d14e06a6b4f95a64e4fd

    SHA512

    f2620926b4fc25dcb29fd8108e925bd10bddc6c20b013698aab522998c494cdd7cbd5e095886a95f00508381f1079ad61369cc0579f91d25db2d6ff591163ecf

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
    Filesize

    15KB

    MD5

    fdfe2853d0d9f8f1f45c9f9912e98eb4

    SHA1

    dbbd20f9b91e351943d9518d45e269364544d51b

    SHA256

    ac774014c1d00bce32766b44b7f172394d84ae9d5ab6338ceb2daa35e34ee36a

    SHA512

    907eb7533026e93daa0ad85cced98519b93e3ccfabc2f9b0ad2c370854480e10893fea0b5ee03683b3164b4c76fd8cbc21f4f1b4d669b56cb11d10ed14a84834

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
    Filesize

    3KB

    MD5

    dcbab3f780b37e900c103d79fed83975

    SHA1

    0442f5f0e98c3bc2a0dfe10aa8040917dd492b19

    SHA256

    595d1fbf9ca4613996186645ffe73a9b4c12a6487308fd5d354b330fc7535dec

    SHA512

    1fdffa98d19fd3adb7a3f45d3fe3ea9a44d893b4f1aeae63a3d7556bdd5a8cbc2dd37ce4cb7e27431c72bbb9edd1466dab42c6af2211decc644e0b15c3fb413d

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
    Filesize

    2KB

    MD5

    3993a2b60e2dde8d6c885550f506d16b

    SHA1

    b94afff006b6f0e22cf8d6915c5f2a1e670c95fa

    SHA256

    dbd03811896197c7e8e2f803d699b99d5df93c3687ae365ef116d0820a7d2f3e

    SHA512

    84e49660d39921d56671215643b2eece759c17aad23f7cfc077149de1ee84ac5a7df3d25d8ed0b71541196a65989efa42d6f1b261de58642c6063b58a7693de6

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FORM.ICO
    Filesize

    839B

    MD5

    44687df16e0fbe8bd5afd40a772348d2

    SHA1

    a748da802ad0bebb435768ad8952b0dbbe962af8

    SHA256

    255c06b96e2279576e8fb4d48d554016ab3fd189d3c1fe61094a236d165ed772

    SHA512

    d15acef2a8cd6b37829d9022f4b0eed786990c4254c27b730645854f17c8c9fbb24290c1cc9463fec49e10c776f92c9cfb086b4d25fd33da9595d76b079275f0

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
    Filesize

    7KB

    MD5

    e590fcd526db4c3d796d41610f00c6d2

    SHA1

    406c2ed570a3f9e2aa3b687d736c69f47973de4e

    SHA256

    2d900f0b31670c497a4045eb21f96cf8cdc38c77b920fe5d19eead53978d9059

    SHA512

    2e44c8a5d398613385d5d9c51eba62caa9d06c80841aa3f7263a2be643ac0b668e6393146d2870e1e6bf86cfc3fc3fa17f894e888fe36b5d2f6637aba72d817f

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
    Filesize

    776B

    MD5

    a9c010fb6dcd34febe8be7c086e71aae

    SHA1

    e41943f855efc1d66f3a909ed9808d36b12737de

    SHA256

    1d593b85f630a7f5493bf895b4d172c6e686524208275210749c35b8a02107d4

    SHA512

    3211e05bc44f33cb4c704065f2b236f9a5d8e8d3d393e95ec53824b526e2f2455218c8d3de00145c396138ee92137df1fb77667a90c535b9c751a35708510922

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
    Filesize

    844B

    MD5

    39b3c41b4adf2880fa0b91fc9758757f

    SHA1

    fe1f814ecea1da57f9a5430c20fa3bf3573a799f

    SHA256

    fed0f291afc94a97edf89e592f5ea2e09caf8c2afd0b049ec924b61fac438e27

    SHA512

    cc8633bf8eede8488678afdae2bed92e60f2cf3901ae23116aa538519702b68eb91c43528b017606405395e7f8ad927817657748a2dd7894d8aec9b25ee061d8

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
    Filesize

    888B

    MD5

    34200b0c9c30a60506635e108bfdd58c

    SHA1

    2b43e061c4b67718f9a6548771290fd9758dc107

    SHA256

    f9744cb38d97ac225952ee44317c3cb3daa64a3b3f9be48fd90a9769885cd391

    SHA512

    9ccaea5a87a7fa8bf1acc4f3f154886cd3392d018deabb5a668507fb1f1b392a19f37107b40d32c7828df3d4961967ee32386fb9324619ef7e21ccdf0121981a

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
    Filesize

    669B

    MD5

    c22c1783d6a48d7999cb089481ec0842

    SHA1

    8dd6c18c09c7c684985750545d6c651edb3e50cd

    SHA256

    33d5940d69d5c34e5950df60eb064fe0c2bf5151529233b6b675f8329d831b92

    SHA512

    08fe9344f38a6fbfe8aa7e043f3915093410b2b00abdf20c1204d103a0822283452e58a4fc219f3142a5b02d2d4d5fd3a55040c1098f462042d8aaf408811d37

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
    Filesize

    961B

    MD5

    df3331e7ef4892944050b7a2f53da671

    SHA1

    0d2e01b222ba36fa3cbc00143e655aa626efb24c

    SHA256

    b7b25e7287b21d64eb053fbb9bb5fd9bae3d44b9044ffc7dd75f623f133c2ee7

    SHA512

    c07e2086ae0b00f3c53c95d90dc97c4533bbc5deca429f390f80914eeac95d89f36e44ec7d3ec5bdd29466695d10433cdb33e3e1381a1fa8980cb3d2c04aa8ab

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
    Filesize

    983B

    MD5

    ec5b01cd5cccf5bb1c01a61d1e940669

    SHA1

    6da24bde0a6b3aea8e429a9fd52a016e3a1d1972

    SHA256

    0a56b49968542793fa6d9e293c69bca22eb2d04ab35f180d98037bd3e4f4be24

    SHA512

    0a18b237b33718953cf0fc28ae6826ecca2656842579045f749d1b9d04c2e97a656c59c5c6f30b7db3d7e10a0cfa46dca0c11283a56a0c15d1b53d08dd0fe746

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
    Filesize

    788B

    MD5

    661c0b5570e1c336e509e7dace6db07f

    SHA1

    797d0b995e2e186dd04f6a8c0881958d4f9aebc9

    SHA256

    d004750ef92e9499e43250b834560b9eb8731226f2799262a5037436d0d86d2b

    SHA512

    5ba55218c6b173b7f7b2479bc9e8fc031e0968213ea5b2602198246b69bc5226c58a90cbb3bc6f17d74d29fbf5ddc4b2fc213300ddd8d96d1669dc0cc4e48dad

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
    Filesize

    2KB

    MD5

    9156781e0a25655130ded4995c34d7fe

    SHA1

    c024461cf4fab90914180be691dbf44c89864bf8

    SHA256

    6aa9d065bd5fff6aaa0d4cf0f221285a346ea564f747eaf0f4af29342631c2f4

    SHA512

    fc32047398372c62c80572f311916cf6312d90b339e34baed993d480d938ccb70d0f32099509386e8e570391e056f5f1be0a8372053604d321b6ba579f3850fe

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF
    Filesize

    3KB

    MD5

    dfbda26cdebef608a6da7732876335a3

    SHA1

    31f1376275e37bcdd459e798dde794bb7481c438

    SHA256

    1b64c8dcd8d499fd111576abf04f59bee0096be74cc6f312a22663c45e55321d

    SHA512

    4ee1a65c5cdfdd0ceb49a2deeff561492d15c70bd8152403d7236e65f849e0b6fea0452a4fc324d4eb9079017da7860bcc1d2959ec157f1015aeb21aeba0aea6

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF
    Filesize

    983B

    MD5

    e0770a74cab92633e7be3d8660e7c1c7

    SHA1

    267da8200d3f3b215d804a651618f2bafd538cbf

    SHA256

    1bf70b8124e629e59b9d13ccbad984ac5ef37503ec34c7a34d950ab13483565d

    SHA512

    89c45446f3f71cf743ba36cb8d321bc0395952204d6f363618fb6c2b496531326e95ecc5f30d5ae180d6732083406d6a3a65ab79ba097be726a038611de6d01c

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF
    Filesize

    785B

    MD5

    1f64bdd684c58504f5abb9e89b786c51

    SHA1

    489dc2074512a3b0108f3ff5838d806de0a43bb8

    SHA256

    ca89841150021634bf69d1a1804528de2d94751a40d052e45265e97dbf4562a3

    SHA512

    267fdf5c7e402e385926c9860a23f66298f1d0e6aa0faca897455f5b50cb0d225f99b5a31b88e317ba1d3334725d1450e86c69abf4acf901d9bed1c53f1e2c8c

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
    Filesize

    754B

    MD5

    c5227d169d9501ca8719335f808bca6b

    SHA1

    559b59eb52ae0f1b46c7caaaf57d270e1e197875

    SHA256

    2693b8c37b80029e6ddb2407ef6354484c05316f48d4a5caca1fd3c2b7ce476f

    SHA512

    6ead9002e5b7313598698b756e8f233ca38c7dc2b1a61ac8e56bd1a2a45998f07cc7399d788716cb465d2965ae15b0052bb0a536ba6baaf8ada4981e390753b6

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
    Filesize

    885B

    MD5

    5b069841ff52d9b8493f854d9b796d3e

    SHA1

    0511735a6c45d94030d09c9e6cded6064459b7fd

    SHA256

    8ed77933f383a915c094480a0948d23be809a0199de8acef6e1f330a47e943ae

    SHA512

    4d3de7d64ab3632e2e4b5dcdc6c30bcb78970ac810b3a3da00ea7a6f852e3fa1e32fbee5f5cf45bbb5c39f2831b7734849191668a29d90e2150d7f36facaf27d

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
    Filesize

    885B

    MD5

    6ffd3c220a99830372d1b408a9d0970a

    SHA1

    0e6d4bd262382e22b7cd9707a30ca59ed7ea890b

    SHA256

    483974c22b9c54e51775da800abd1292696d9d5c8bfbf4e3caaafb794f857c7e

    SHA512

    a5c7bcacb733014375c29135dec91ba107f6685ea6fa79ea6e0a88f782f7e5757e0fc15faeba568e02fc5a122e0da522afc3b7f7e0599882e84e4c024986caf8

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
    Filesize

    7KB

    MD5

    7592525bbe233678100b443236d882a1

    SHA1

    b5a3269759048c761442a001b6ebae872a1416e3

    SHA256

    48ce089ea014fc385b09a005b8c9a8ca8e94d2446462c04347bbb46e661af69f

    SHA512

    8e2a0ff7ecf9152654c4b2a0c6267fb84335594e6cf4c6c2b8fd74644a279cfd3ac793e47473b34008661e1dc522e2bd9b0e339d2b8f3251bc8826318e41703b

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
    Filesize

    949B

    MD5

    4a8ee78fd7d934c7bdac746217fe749b

    SHA1

    5e8fbd14d90a0a4c53af2ab0c635a893ae715c68

    SHA256

    67d2edb44f970ea7d1d94d93dfb85b13f12940272d4abf841c7e246a0f64682c

    SHA512

    ab34580879237d4e9619b27cacd65cd033dce6d67d6a4b511f1e2d47549f94f746a490fc8c14a5b38cd41c523d5c089843619ca00c3835a305ddd4e10851fb86

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF
    Filesize

    26KB

    MD5

    c67fadd4d4df95c2f861b86ac2aa8e5a

    SHA1

    84606ac237e8abff49af7227f0eeea30eb62545f

    SHA256

    e6ec6cd029366f0c08b6e4136812873ac17ba53fab97b262666c807b4fec85e3

    SHA512

    2a5c312aa2dd65d2220c6839632b589694ac8c2173d8adbe4c497f756f7d85fcd161a81e202b5d98b57171cf863c2a9b542323f8795ae5d6162003c6d9447842

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
    Filesize

    1KB

    MD5

    963c0db45d573cc05b4e291e98883648

    SHA1

    60d4b74b014590e2a49d51c63fed68760c62b6d7

    SHA256

    2d7b256571cc2f00a3feadcebb2d1c53a28a7f6db2b0da5bc2bd8a12fa3930e7

    SHA512

    23c61cbb3a857aaffa8bcd4dd80ee37393c9129d73d0dcc75264f22a08710c4a01fc2139464c0dcc65a81dd1ed16221d1c4e88abda54a74c7cdca0b1c881566a

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
    Filesize

    1KB

    MD5

    9e7d5dbea7b33d5eb1799de620fd1327

    SHA1

    cff3635b816015e53068f62a8c42aa8f8ec57328

    SHA256

    a873c75d19ecde7675cfe8ee57d56b781cbd9a19e1b5d4fc47e4aca8e0d32dad

    SHA512

    b6dfce6259942f469e9aef487264228ff8ffcd1ae118e6a4e2a2143e26a5fe31d022f1fabf13f53262287fa7eefcd06d4cb0dbed2f106e9f71c7a9fcc3f0cc56

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\VIEW.ICO
    Filesize

    839B

    MD5

    35cf9b7b0dda82cac1719a59cfc614ea

    SHA1

    952205cbf02da2a45e93eba76ecf1f066c983d90

    SHA256

    3e6a803f7256f639fdbc80b5c8e1c86eb61b2824aef1f2e57495bd78d88c22ab

    SHA512

    71bc83ac664ba7b236442b2c3fcb54d90269d9766943d2a6ad6272e77ddeb4c49b39a2ec2f2b8a71f6d4b92938be5d6820023bf503b79c9887bb543bb7eee728

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
    Filesize

    3KB

    MD5

    6c4b1a7458fda792b9e1ce4684891ba0

    SHA1

    c49ad66bb2a71abee28a4d633a99dc0c30a5e1f8

    SHA256

    a461674ddd5d532a0363c7db07ac2cb35060a1b3a43628411fc557a689bfacf8

    SHA512

    b6ff473c3a27ad6f80910c5f6d728040c176b60c697fb528674d9908e5ea5a1469ea28c9df23bfa0ae0a11c1c502d10ba9a47158d13ca2ed6a11603ddf552144

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
    Filesize

    3KB

    MD5

    74d884838a6b676fe1734e6b3e2ea414

    SHA1

    f89f13211fbf21a19462974aff7c898628514f5e

    SHA256

    741fb7d398b4fd47e7deac2e60cda695585f2e082172c5934158ea5b95928540

    SHA512

    f53ef372463ccc84d71c4a977a7a3077d33f75f0eb588df234cbd8171daa641270bde9a496f6c9ef0fc54f19acd36c8ab2d827d6ad62d50cedfd5870b20f7fbd

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
    Filesize

    20KB

    MD5

    d78de112d7f70e3780b3b9e25e15c13e

    SHA1

    de91524631e40fec5babb8af46370323497d3a97

    SHA256

    36a04b93661fcf231b768029a6d2d23ca75570bb357ba9b7be827091880dc7e2

    SHA512

    033d0247d38beaafd08d47603f1b1e2457bb5d29cf08d47575cf0c326f69cb79923e55fec9fb8d0002de5438cc545339e01980096625d537fdc89d1bd2e993db

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
    Filesize

    1KB

    MD5

    5e3ebb792be76b40616f996fbcc8df6d

    SHA1

    b6084d60fd9d38339f9ae3c799333938dadb32b7

    SHA256

    76b33a870d5510e8f83686092cb641b4f48fea87cc9623f9ced4f6f3f710604d

    SHA512

    61ba588f6859d3d73fad7d0de6f178b90141adefa9b0fcfff9e871722414ff01798052fbbd2722b552a0dc4ec3b2ba80a845b4523bc8e19972c1d1c88c980fa1

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
    Filesize

    1KB

    MD5

    aeb4657c18b9ea43803c378a911989bb

    SHA1

    38129eeae5c6aedf2ea3a9833aa94054bff3e0ab

    SHA256

    76d8f73c232621ae4839293fbdec15ffb0bcbbd2a79b8ed066120d2e0e032b9e

    SHA512

    37011af4f63aca3c64a8e980eaf642e7a94fee41d38c8df99c25b5f5c04bf7503e8d8fef8b7e61507bce6ced2f6d5587438b4e89cea57f6720d0cd59c6f2d6fa

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
    Filesize

    1KB

    MD5

    a2e6e84b89c02cd8d43fd4d472240d28

    SHA1

    ebe3fc75b396b15991c3ea144363da1063a5e7a6

    SHA256

    96b7df5aaa36df35e508e707f8eceb440d0fe18e5fd92497f531f84e9cfc0dae

    SHA512

    d4fba9e57ee4cd25eb0f65f8b69afe11e2367081871d729856b3cbb42fa4d7e89c10bd5e98f75d510a4d1cc519afe5cfbe4929bc05683c88b746cb240584795e

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF
    Filesize

    1KB

    MD5

    70f8dbf6534dfad9723b42ff3447b65d

    SHA1

    06f1b3ee63a0109e153b18f4541f5975e47ee5c8

    SHA256

    047c2700809f2795169e8e9e4e2708928b10746968089f2cd8f35c7ee7d59572

    SHA512

    c613b55be0c6e3eddb62d4bc33269585d314650d64b59d5efc03aef3a091ed479c08df9d7c80dbd4440eddfd721eb6c68160096a177857968f670b48451177c9

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
    Filesize

    1KB

    MD5

    9bc0c3702bc7c144557144783f224768

    SHA1

    9bd2936a198751fb1c17c1f01976ddd61c74dcf5

    SHA256

    c83d92d43085388625c1cbdafdf1d394feafc8abf90290950ac065b1f834d82e

    SHA512

    8c243ddd71d0eb2076022f3f533180a1f604c24fdf10d7c7cd2a8b4e14dffb3f23672603c8041ab53d6f7903488f2611aaa99602773aab0f842fd70dae8a675f

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF
    Filesize

    1KB

    MD5

    0c13444bea311e27acc37c224863abaf

    SHA1

    a8aae6f2918f674a4b85ac23383382ef3c30b751

    SHA256

    129a92f7fee64e4e6235ca631f4d2bcd23cd5f0b640ae80ee38b345de177f6b9

    SHA512

    08101159dd2626b170a490074afd84cccce69ac4361d2972b343cd8107f8d55e2b90c8a4a86b0f7498349dffa1e253ada21e0c31a96d546ed20071ddcc88bf64

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF
    Filesize

    1KB

    MD5

    d1776ee84e467fb38018f0c0c9e6fbaf

    SHA1

    27e81c9d56c816e48346b37ac4ccf98bfe7ca055

    SHA256

    bd25c8910051bf226dffb3dc51625918027c26e8cbdb51664dd653793a0b8137

    SHA512

    e6b34726d1eb9f92f0530654d137368a91f7622ffda81379b1421b0803b507f27ccacc7fb776ae68ee9403ae5933d6eef0f0814068b1e6232b0a7a57973f9b78

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
    Filesize

    5KB

    MD5

    c993b3bbb629eee1cce3e7d41b9862db

    SHA1

    71d817d70ba8ef8293e12b67093916e9c57a8142

    SHA256

    74f7cc01293f2cfdb9c53faa5319ef67126e926a189b0add3b2c748d6fde5a70

    SHA512

    a2ff07116db5e7a53e520b82cf9ae67f3fc55953a776874a283762377276e01508ea07cee178e0e8296d16a7fb26af5268f6d90f91b3a17f27dbe27505488b6b

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
    Filesize

    2KB

    MD5

    8ff02370f571c21d30bb809ad73342cc

    SHA1

    07b8354c53e5c05b27981e2bde9ee220794afd67

    SHA256

    25fd04fff4aee782b1ac7bfb695ed573b329344667fcf4006b9565b6dd4b99fa

    SHA512

    4ace349fb504a2d3ac949c45971f87b603ed1d25fad300452e6b0168d8c4342c90f820f7d9fed1fce32b9694d8ff4a9f8b54a282122539155691429e0d4d1289

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF
    Filesize

    1KB

    MD5

    fddef09e4b5681fed999ff6c99281052

    SHA1

    8b26a91ad315f45e3c3286cdd09ad16a5bbf9a31

    SHA256

    bb65be20aa561e0ba082820775508bf86579be5221bfed849c742b5d5b4075ba

    SHA512

    dcd17b5d78c148f32e0363c6bd7a4117a38301dbd8b3e92e0726b5968424d67a18565da9b146f10bee63f32796a374f5528cde4aef9615f77efc94af9d12742f

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
    Filesize

    1KB

    MD5

    5c6f5d95db34715891604f7c95d7ab45

    SHA1

    fbdb4451ca8b3aa3ea9f026c91b1998bec852c3d

    SHA256

    d1345626b6894464d92c33461464b0e017f9cf2baec39a24fae4a15b61b173e0

    SHA512

    68181bdbab04cd8ddf2d527425631fcab5dde7a5f21fc290acc94d376c1ff67b9ae1db866922d6a1291ad543e3aaef81c9a9aff3d54ac7f0fb93fcbdbd322f9f

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
    Filesize

    1KB

    MD5

    b4ea11ba73559c337533cf5a0da46eb2

    SHA1

    08bb1ca9500a5a3aaf6cb28d2c53e24f3e9abd90

    SHA256

    7433c519d76005de407db2918239af09df39d2293aa171145f14ab1093ab059d

    SHA512

    a52910ccfc173e5d4c2dcb7d9149e532250cff3d01d1eeabb0268296c41781bbb6350cb3a3fb412e0c7df8ce526daf170a59fe06ef1baf7d7aa96ce99f13401f

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
    Filesize

    1KB

    MD5

    af74ad68ffd87a400b4712b62525888e

    SHA1

    6b60a35912c00478143838e34511164f477bd1be

    SHA256

    13f3e6bf125d7dab6ae21c9e017c8a54b0830bae90584d57b24251877eac0622

    SHA512

    66e93dcd5a1340a73ded7c1b5431333552023e7d0e4217b11633da410a7f65604185c39ad3242aebabd399e982f89d4048a1f5f9351144f8cc240798fcb89459

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
    Filesize

    1KB

    MD5

    88e75ba00c636410d2beb8f4cb22f04d

    SHA1

    d871b1d2e794348c290724aae760c03e3bacd900

    SHA256

    3e1efae8d25f161e5464ae0199b9dc3e76af2846ac2682feaf2e7306306afe7f

    SHA512

    b6938d31be68bf1827ab547c230cfcadb625b1a07072cb018e292c297e5e7ada396d9cb2516c48e5c4a5f12c28f074b27d84dfaf919bbb0704ef0410a931ec92

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
    Filesize

    1KB

    MD5

    9a409db46cd8bdaf124ca4d3a184fa89

    SHA1

    5ede42e33dea5dba3872f2997614ea8543275a98

    SHA256

    d12ce79873df23472944fcf13061d71e260bf39490fbdeec2581fc100911bb52

    SHA512

    84c581d88cb47a598e60443f606e3e256a96c0ac250490880296a1dbd936a699edb2868ef575bf87d1923971219c015a623c8b19fae33494d3d4c45f868eef2a

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
    Filesize

    1KB

    MD5

    f3ff6cf53107ad8d4e7459b4d2b72a7b

    SHA1

    7e5189bc4e3b09e063251fb963d4ab01410c7380

    SHA256

    35c32199f9c8dc7778db7da335e72ef5a79b0d35116c3098427235ce8fbc54db

    SHA512

    6444970cf7ee80fc93d031d091c0717fd965d9fffc9339dc89c4ed19dc52266681be5030cdfba8320ca9ca8f93efe8f9edfef19db8741a4ab757f0446b4f090c

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
    Filesize

    1KB

    MD5

    1ad1ba947bd68d1a4f3be4d9fc312da3

    SHA1

    8df7e890c65f74f2e895e9fb1336dc741bdbccf5

    SHA256

    58f6fad361647b2775ea39f7efc99814560ab3549bd927b684e07d757fb3554c

    SHA512

    4cf8441828678e90e9f71f7e85daa4f8d1cbd65ab617d8b9e2183a649b5f414fe29eed8e83deb1120cbcd288468135b7f1e12b68fbf7a861070524a4766b6421

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
    Filesize

    1KB

    MD5

    420c66f146b5c1c563804db241c5411b

    SHA1

    ed19e40f2fb185762921947343217bd784a7b73d

    SHA256

    ad0963bc702b37bce2703cb9ec8a4f778a567fc3d3f25c27b6f924649fdd9eb4

    SHA512

    de6d1c5252c63a3b7446cf7db9d158f0ce1fd628e5e4cb02d5e61b4df63d0a8af60833c9b2d5c4910c90e4cf4f6f7ca08ce2ace850d61fec75e780413cc24a97

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml
    Filesize

    247KB

    MD5

    661f37ed4f9f4bb3f13d5a2231772fba

    SHA1

    e1ce4afb2409888f6031801c8a4181058df45813

    SHA256

    5fe7202ac93339d684af4257ca5679703bc1a1b14fe4d82979d54e8de3484410

    SHA512

    5a8ab1c40dbed695fc3929fe30b809d94a6ec832de4224152872ba7e45552d3c9441628c13824ee6d75df81def8cde7d31e16f6da77b918efe3e6a60fbf30458

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\TALK21.COM.XML
    Filesize

    1KB

    MD5

    f7890c3d51368662183451ec2e0c7b5a

    SHA1

    bfbda5c929ba1197f7475cfe3d60c9ad23f1a31e

    SHA256

    bdfa2e66bb1b57b8d3f9a1fdbeddc32b5d9b902732a7da49f9db1b9b7ced0b9f

    SHA512

    7576d3940d223b97d9f405c178029ae662a59065937826b057cb2cfa80e910cca017b5069a3e3f2f2c10024d85ecd0a62761adb28c3ab53d469cdff5359bd4e5

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.XML
    Filesize

    1KB

    MD5

    eb4e9d68b3202628b17d94dcdd922699

    SHA1

    fa6ecaa35bab0657ee83a736ad1cbf9376bb997e

    SHA256

    cdd6cf3678f53da23e1a1df1aeef6742b90e49d9f3bbdf156a1cde94b73ab8e9

    SHA512

    614d518fdf271d108496ae88f1d37b873454a8874633dd94fc5959bb70ead6dcf96daca3ae44a9de2b2047583529bdb289a393eac67b7b8476e0700805574798

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl
    Filesize

    6KB

    MD5

    296a4afef8d9eacefbd14132e38fee57

    SHA1

    3429075b55e389a249509779f1ba9f435da51dfe

    SHA256

    6f86ed78b8a5a7516f463ec25bb86c8dcbb7568aadd24ff7f96ad385823435f4

    SHA512

    3b21dd8b036d10881d9f8b45b9cfe05f035ea908f047a024920d031b7641f2660ecb2ab55191b9b32a98158155a1ac783a8e634ae50c0aca0fc385f7281eed0f

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif
    Filesize

    674B

    MD5

    54bdc8837d3f1bdaa8efd05c972327c1

    SHA1

    50ace1762a729014fb86abf8183e72c117bd5bce

    SHA256

    aa38a4b1735af864d35a0b14ce276c8cd61d0100d471f0571cc6fad4bd1f27fa

    SHA512

    bbd044a3ca8fbc5a865b6906a9e84e008f9c1fca8355cb3548130abf76a9b5f3e8c49e548a37c71d3195e46cc4d5e324bbffd7b6527ac728e6d4e5d953d73c61

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST
    Filesize

    548B

    MD5

    d609c2a19e29d98bec7c0d49a426d628

    SHA1

    e2f73bf224b5a468e94f23772ff63efcd1f67d4c

    SHA256

    11e4d656265a3f383b5e8f055ad44d4e59ba7a2f8f88e3ada16ed88947e615f7

    SHA512

    93e0d65a2b6721c91a78101046ca1f034d99a619a59751a29031e54b9e67ddc9cfea50d1e162a684289b1a693a9bccb568d951dd1c873520e3492b10ac16b20a

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC
    Filesize

    548B

    MD5

    ce14a525846743baa338ff5ade475758

    SHA1

    02b5e5ffa357289875a25b5e746c778cff0828c7

    SHA256

    e3b24c2b4aafa737710bd5a74265575c58939dde1fa7b06e129a7b1d19b8f820

    SHA512

    9e4d0874b4e6f6590cf72bf99a743157794780936740d298b7ee4d0c9c3f496fd77715d8cc05874c9e257305d85b7ee6b7998107c4cfa6ab9f6202dd306443be

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST
    Filesize

    548B

    MD5

    43a4c8dcd8061f4e94c4455300e1face

    SHA1

    a8a4c09e387b5869c23ff615de9684418d07b877

    SHA256

    04784fea56e46e5b8ed0e3c49096cd5d5f5b4b77eaa8183729be222053cec031

    SHA512

    7f793e893ea86de7d464170bd10037370e00f1c9bd2a45c90f78daec23e7156e2d551c7d18f70c718c8163516102da719ea250482f4e1302c571f920f5b89d58

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST
    Filesize

    548B

    MD5

    4eb0283aee682aa1c5bd34f6e3b44919

    SHA1

    d57e08dd716ebd64e0e570020996b1ccc915bd6a

    SHA256

    377d7363ebf9e098c1aab04e3e0dd7e4e65bdb0c488238056de0235523decdd1

    SHA512

    e1a501468efafc1700f14cc049b6ef6f4298d496b560cf8f0b2193fa67561b78694102538fcfb88ebe15dec44b3d449fd2039b1f86efe41312c801959da0dddf

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
    Filesize

    12KB

    MD5

    18cc1d7b4031baab324e3497fc358377

    SHA1

    88a519bc5bc7ee9b623970520ac8caf148ac4581

    SHA256

    9a186813cdc85a0966b4a8d27f9ed6381125b7a1fdc37596e845fd50ce738bf9

    SHA512

    d5d1e2e489d73226e417333419694df6250c7e46059e9a48022fe74d52a3cb197886bcfa4784c0a6d1b3f2d34966929c42b2e1f6ec7adf6e4e921c631971fded

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
    Filesize

    9KB

    MD5

    2555328387759c83a7819ace981df399

    SHA1

    240572021bd8784b6709731d1dd760204a89e907

    SHA256

    c7733f1dbfd4be8241285447183af46a380f504e65aa2b9721978ca8f813b25e

    SHA512

    6ed941266fc266d72209cc69a07e118e16b78b97b9081d4fa3eb8e2832204289626afb777f182056dd6a2483ccff79b0877a8b446025b39427b82c993b912670

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf
    Filesize

    578B

    MD5

    dbbc0e8b5a971a7ec49018186140e404

    SHA1

    43887a23c76c9e274df50c23b2431cab5fee5974

    SHA256

    771de55a4cdc971eaf94e84e8817d0aff74aa2ed487e623e34e33f1b7c7273c1

    SHA512

    1f8467c00cc7dd5f75722df6dc46e4692dd8be1453e8dc0205a3cae037b97f8acb383e845d43c3454e48bd364e4a66a0bc438139fb825b130207e9e689972ad4

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt
    Filesize

    11KB

    MD5

    199635480bc35b1630bd7a8362c77459

    SHA1

    0875283233c52ecbbcb341059f30b313df231c61

    SHA256

    8498bffa81752be3f36efd7ebc38aa066e3c2b392d3240a016ec37431e321ca8

    SHA512

    d325dfc9ed7f71628d742abf6eac904fa3d90d9dcd74806707877014327e7892e2f06adc53b3960b0e72ae5840a43cb4f5bee7a7e035e5a2b4214b870937bd7d

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA
    Filesize

    8KB

    MD5

    a10ce491caa59d53ab906877fdd3cab5

    SHA1

    3a90bd7fc61eb64888b6d27f140e44b430320ee6

    SHA256

    16056190c8936ed1b221a2192dc09d60fe6054599b4342f73a912961d4781e1f

    SHA512

    850063d6908f1d0b5850d8fb55b33d666e85c306cb79c5b053854921ad9b5cd42281f5b0365b4e4bf420b25ae472e856094925a45d08e379ac938a95edf5b6bd

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA
    Filesize

    8KB

    MD5

    48a819f16b493a4dc0b86605ed24d019

    SHA1

    a9fa483fe71915632b9841335c067931b95b8dc0

    SHA256

    97df94d57dc2a868766a00a26fa076ce91cf05609b38e152ee5a804b8bf8093b

    SHA512

    f8cab6980762e65881b0330b8fa5070e61eff59be452317393ddaf08541510888458d96abe0c83716d57b091a4901edd18655b57cb5b89739c34d98acc6d37b4

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF
    Filesize

    654B

    MD5

    fab0a3eede73bc1e8ae3cc3ea1885f86

    SHA1

    faecc194956df2b3093bb092504d6f317c2bc683

    SHA256

    4f2ebc49b40b8cc58f91ad872751c69c2f8e9948e7a42f7c75d053417e07bb0e

    SHA512

    40f925be7cf8a2ad8222e44031123cbf7282e5964359da7951f52b545ce9d3a9cf3a6711a1d946f363005daab299dea073be8d0db9b2c431166afd567911d972

    Download Submit

  • C:\Program Files\Java\jre7\COPYRIGHT
    Filesize

    3KB

    MD5

    fcf888254555a9d585f7418cbce9ffe7

    SHA1

    4a617d95d4c325bb03da5540bf4124dc0fda4a38

    SHA256

    77946bdaab81eded69a555d22014013b99f73ebd9b3ec57f8c7b3d0d97fc883d

    SHA512

    7b405468d0fd4e3bda6d64c3f216f6f372a67e737f91891b137b3d74913e32aa026a4e9cadc36cea3039e9d7f223af2525b9aa777c0f217d01340fd445982c1b

    Download Submit

  • C:\Program Files\Java\jre7\LICENSE
    Filesize

    562B

    MD5

    9d87d999169b802c4b024d82de765663

    SHA1

    7cc8d19d9ddd3fab7895f1d3003148a473150266

    SHA256

    706d65787ed5ea62da7d31f9ae788bb9bebe42214920753f98acb8a6f52ef2a1

    SHA512

    31b8b7f5b7a23b3be0eab67cc914a5bf1d5fd7084dc18273f5c2e9bf4d837d418aa4a7a2f1b195ae70dd1eaceb6d9dae17596d080032dd54eb6778360d7b8885

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
    Filesize

    109KB

    MD5

    457bd7b7316ecf27910307683c6c35d6

    SHA1

    60c677515e4117683d566b64da634b30d5a07997

    SHA256

    87321ee425b4e6811efd59a33acd37146b1764fe244637bcd9b6867bce10988b

    SHA512

    52ad6213f25aa69f750c357776cd9b68a256047fdf914a2c096ca2c7564f6c26288e3b746ea5f47bdf6bf5be7c584e3860da4381c6b75249ed9ebb9bb0714509

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt
    Filesize

    173KB

    MD5

    0139cb0e9d4965cde4d4b0fbe5769453

    SHA1

    f6880b87774a4f1e62b79201d560c3a1700e186f

    SHA256

    dc294dff643bac32824dfb31f9c267209fbd5857d5568c093745f81e7ce58075

    SHA512

    7008422039ca81a9d4cb1cb7d513403fc5477d1e88a848cad8ea7bf052a55e4f26f3dbb3eb7216b06fd55993f0d35c74afafd84aac98ba92ce656866fcf54c19

    Download Submit

  • C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties
    Filesize

    4KB

    MD5

    b155de35eff7d3419a58d11f514b67e0

    SHA1

    f8556f96350ef9958979d3675ce84a8b0a60e982

    SHA256

    6276cc90261eb6de306ca93a3f82141ed7283cee2b12e447ffe0392e7280bbd4

    SHA512

    5263ccd3b9abe9fc32932b055ae7f7d98bf2ba47741c7c234291c077ba291135b2ff3b594831e1b29108ab61813e5fd7c8656cd684a865eb7f5f435bdbbd9835

    Download Submit

  • C:\Program Files\Java\jre7\lib\zi\CET
    Filesize

    1KB

    MD5

    e49d396a143f64f41e8bd56fb4ece0de

    SHA1

    29a013e7b5e53b53a4e7d2731b453ba830de49cd

    SHA256

    32b04c83bdc61cb158ca24e8d8ecb1622a0b4548ab8b20c18983d94302dfb452

    SHA512

    5bfa6ef420f70168746228b18e1b477fa1b8bad4e9f428a002977a626461c40fc38e532b530667aec541a9fff11c640cca3aa175290c793994dd6f7c54313de1

    Download Submit

  • C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2
    Filesize

    548B

    MD5

    5a0377d10b7f673409c049363880e734

    SHA1

    bdc140403affc223dca1d4162aee56c45ceb3d64

    SHA256

    d4f200360975d34cecb3e6b10387e07d74e91caac882d040de738cdbe7718332

    SHA512

    09c74c640c0ec49960466089a37ee5ea79841867720b5ca2c8872f08ac241a62b2a7d341fc70df8c9c448e16c780e65cb15451bee417496dc9ddd44ebba98c67

    Download Submit

  • C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4
    Filesize

    548B

    MD5

    d3f87f92371d289058c4277e251a7316

    SHA1

    551d0f5f56236f1809d8ee5415f20905db6737fc

    SHA256

    e2c308b0a15713d0214932f928eb6434f6d68775a03cf4e205642c0a25aaa8ad

    SHA512

    aeb74546cd95f015294cfe65283ac559e27a4604a95727a1e811c842b9859c6ec5ac98601c53f05bb9155848b44a5e2944cfe617c5e808616e23701b40e34b28

    Download Submit

  • C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6
    Filesize

    548B

    MD5

    6cf5adaae97c96843b1c4e037cb20251

    SHA1

    d50284d859562a678b6316a1ffb32c3a60056ebe

    SHA256

    043e2545ada5a68e445f3ee2312d87982cebe594857917b3c3d677ac68273da8

    SHA512

    be15b362416251f707d018bfa9a09404e06e20b9480b971eab21104f2d054fae4e2174ab81a3f4a34779b1f3dc03476effb8c4119291334c627e94daf129d8ae

    Download Submit

  • C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8
    Filesize

    548B

    MD5

    25780b110ad7975da188ad4e2880f25d

    SHA1

    c39642767d1b99a50bf3ef7a73fbf65281a3b7a9

    SHA256

    35400793ffabab9a0fc854928c682feb61c6dde007fb6024f0f2bac884c4c4e6

    SHA512

    84fdb5c7e8e6ba55349776bab9816d45a8235032ea4b6b9d707539947df68e03beff260f8b3b89cbadb586ea815922406d1f94ee501de4344ad10e51a8cb252d

    Download Submit

  • C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9
    Filesize

    548B

    MD5

    0dbda828d00bc372de0b17340d129116

    SHA1

    499d0f0dcde7362b36e12696cabdbe2e98432596

    SHA256

    a937b42f57779d30472fd976b4c3e051fb5edb94b4503964a3dd3a96e081bcd3

    SHA512

    a17e075f567cb36df123613db60f381838d2ae7ac214a3227abe338c9bb00a83a3055891b1a0b55ef6a600d91d9d8bc276c34717581a80d496d0c22d8e3c007b

    Download Submit

  • C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10
    Filesize

    548B

    MD5

    de8b1e6431aa577ba5aff187ba651067

    SHA1

    6bd26dafdad5d88611204df4a3626e6db8f39440

    SHA256

    a1f781e2fc311bcf7fdfafe62a8ae2abab1e1fd1fd091c7ee2d0cbf59d0de76f

    SHA512

    3df3911b5a2c7fa4f725a6871789dc2ca729ee06fb94a0f034a793c1b3df2f5cd86bd38754dcbcf2279f097bb6bc592a4a728cd5dea6d4a08d5301d05dbae7de

    Download Submit

  • C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7
    Filesize

    548B

    MD5

    c23a6b533ae50a7650861bab947d3164

    SHA1

    d5f7b1e6eab1b80ac8eee208b378826355278d7e

    SHA256

    7f86285ad74ade7b214ff0aa5650a58c82cb3f206bb6e938453aa1c9a6ff2dcc

    SHA512

    8e6ab49465bfac6c2c8b58a87354d704a3bd96087228779ab210ec5f74f0d065290ca26613f39389f7364dbcace87809d9a5435ae8819734434d6e91545ec737

    Download Submit

  • C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo
    Filesize

    584KB

    MD5

    b298b81a362df8a8f9610dbda282ccca

    SHA1

    be8f2138c3225140a2849b00ed7a73c772ceacef

    SHA256

    dc571ae5e2643c965f3f3d56516f42da422ef9f7acb1c24dc4380ae1e7c2d385

    SHA512

    0ad5e067b3d258e459f13ea2973a32da7b11c03e0c29a2873681a3494dcb6eb46beae433792bf480d7167b0547bebdf4f9c2267dc75e200a8c8bc281bbc5b872

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.exe
    Filesize

    37KB

    MD5

    8ec649431556fe44554f17d09ad20dd6

    SHA1

    b058fbcd4166a90dc0d0333010cca666883dbfb1

    SHA256

    d1faee8dabc281e66514f9ceb757ba39a6747c83a1cf137f4b284a9b324f3dc4

    SHA512

    78f0d0f87b4e217f12a0d66c4dfa7ad7cf4991d46fdddfaeae47474a10ce15506d79a2145a3432a149386083c067432f42f441c88922731d30cd7ebfe8748460

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\10.exe
    Filesize

    37KB

    MD5

    d6f9ccfaad9a2fb0089b43509b82786b

    SHA1

    3b4539ea537150e088811a22e0e186d06c5a743d

    SHA256

    9af50adf3be17dc18ab4efafcf6c6fb6110336be4ea362a7b56b117e3fb54c73

    SHA512

    8af1d5f67dad016e245bdda43cc53a5b7746372f90750cfcca0d31d634f2b706b632413c815334c0acfded4dd77862d368d4a69fe60c8c332bc54cece7a4c3cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\11.exe
    Filesize

    37KB

    MD5

    6c734f672db60259149add7cc51d2ef0

    SHA1

    2e50c8c44b336677812b518c93faab76c572669b

    SHA256

    24945bb9c3dcd8a9b5290e073b70534da9c22d5cd7fda455e5816483a27d9a7d

    SHA512

    1b4f5b4d4549ed37e504e62fbcb788226cfb24db4bfb931bc52c12d2bb8ba24b19c46f2ced297ef7c054344ef50b997357e2156f206e4d5b91fdbf8878649330

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\12.exe
    Filesize

    37KB

    MD5

    7ac9f8d002a8e0d840c376f6df687c65

    SHA1

    a364c6827fe70bb819b8c1332de40bcfa2fa376b

    SHA256

    66123f7c09e970be594abe74073f7708d42a54b1644722a30887b904d823e232

    SHA512

    0dd36611821d8e9ad53deb5ff4ee16944301c3b6bb5474f6f7683086cde46d5041974ec9b1d3fb9a6c82d9940a5b8aec75d51162999e7096154ad519876051fe

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\13.exe
    Filesize

    37KB

    MD5

    c76ee61d62a3e5698ffccb8ff0fda04c

    SHA1

    371b35900d1c9bfaff75bbe782280b251da92d0e

    SHA256

    fbf7d12dd702540cbaeeecf7bddf64158432ef4011bace2a84f5b5112aefe740

    SHA512

    a76fee1eb0d3585fa16d9618b8e76b8e144787448a2b8ff5fbd72a816cbd89b26d64db590a2a475805b14a9484fc00dbc3642d0014954ec7850795dcf2aa1ee7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\14.exe
    Filesize

    37KB

    MD5

    e6c863379822593726ad5e4ade69862a

    SHA1

    4fe1522c827f8509b0cd7b16b4d8dfb09eee9572

    SHA256

    ae43886fee752fb4a20bb66793cdd40d6f8b26b2bf8f5fbd4371e553ef6d6433

    SHA512

    31d1ae492e78ed3746e907c72296346920f5f19783254a1d2cb8c1e3bff766de0d3db4b7b710ed72991d0f98d9f0271caefc7a90e8ec0fe406107e3415f0107e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\15.exe
    Filesize

    37KB

    MD5

    c936e231c240fbf47e013423471d0b27

    SHA1

    36fabff4b2b4dfe7e092727e953795416b4cd98f

    SHA256

    629bf48c1295616cbbb7f9f406324e0d4fcd79310f16d487dd4c849e408a4202

    SHA512

    065793554be2c86c03351adc5a1027202b8c6faf8e460f61cc5e87bcd2fe776ee0c086877e75ad677835929711bea182c03e20e872389dfb7d641e17a1f89570

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\16.exe
    Filesize

    37KB

    MD5

    0ab873a131ea28633cb7656fb2d5f964

    SHA1

    e0494f57aa8193b98e514f2bc5e9dc80b9b5eff0

    SHA256

    a83e219dd110898dfe516f44fb51106b0ae0aca9cc19181a950cd2688bbeeed2

    SHA512

    4859758f04fe662d58dc32c9d290b1fa95f66e58aef7e27bc4b6609cc9b511aa688f6922dbf9d609bf9854b619e1645b974e366c75431c3737c3feed60426994

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\17.exe
    Filesize

    37KB

    MD5

    c252459c93b6240bb2b115a652426d80

    SHA1

    d0dffc518bbd20ce56b68513b6eae9b14435ed27

    SHA256

    b31ea30a8d68c68608554a7cb610f4af28f8c48730945e3e352b84eddef39402

    SHA512

    0dcfcddd9f77c7d1314f56db213bd40f47a03f6df1cf9b6f3fb8ac4ff6234ca321d5e7229cf9c7cb6be62e5aa5f3aa3f2f85a1a62267db36c6eab9e154165997

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\18.exe
    Filesize

    37KB

    MD5

    d32bf2f67849ffb91b4c03f1fa06d205

    SHA1

    31af5fdb852089cde1a95a156bb981d359b5cd58

    SHA256

    1123f4aea34d40911ad174f7dda51717511d4fa2ce00d2ca7f7f8e3051c1a968

    SHA512

    1e08549dfcbcfbe2b9c98cd2b18e4ee35682e6323d6334dc2a075abb73083c30229ccd720d240bcda197709f0b90a0109fa60af9f14765da5f457a8c5fce670a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\19.exe
    Filesize

    37KB

    MD5

    4c1e3672aafbfd61dc7a8129dc8b36b5

    SHA1

    15af5797e541c7e609ddf3aba1aaf33717e61464

    SHA256

    6dac4351c20e77b7a2095ece90416792b7e89578f509b15768c9775cf4fd9e81

    SHA512

    eab1eabca0c270c78b8f80989df8b9503bdff4b6368a74ad247c67f9c2f74fa0376761e40f86d28c99b1175db64c4c0d609bedfd0d60204d71cd411c71de7c20

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\2.exe
    Filesize

    37KB

    MD5

    012a1710767af3ee07f61bfdcd47ca08

    SHA1

    7895a89ccae55a20322c04a0121a9ae612de24f4

    SHA256

    12d159181d496492a057629a49fb90f3d8be194a34872d8d039d53fb44ea4c3c

    SHA512

    e023cac97cba4426609aeaa37191b426ff1d5856638146feab837e59e3343434a2bb8890b538fdf9391e492cbefcf4afde8e29620710d6bd06b8c1ad226b5ec4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\20.exe
    Filesize

    37KB

    MD5

    f18f47c259d94dcf15f3f53fc1e4473a

    SHA1

    e4602677b694a5dd36c69b2f434bedb2a9e3206c

    SHA256

    34546f0ecf4cd9805c0b023142f309cbb95cfcc080ed27ff43fb6483165218c1

    SHA512

    181a5aa4eed47f21268e73d0f9d544e1ceb9717d3abf79b6086584ba7bdb7387052d7958c25ebe687bfdcd0b6cca9d8cf12630234676394f997b80c745edaa38

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\21.exe
    Filesize

    37KB

    MD5

    a8e9ea9debdbdf5d9cf6a0a0964c727b

    SHA1

    aee004b0b6534e84383e847e4dd44a4ee6843751

    SHA256

    b388a205f12a6301a358449471381761555edf1bf208c91ab02461822190cbcf

    SHA512

    7037ffe416710c69a01ffd93772044cfb354fbf5b8fd7c5f24a3eabb4d9ddb91f4a9c386af4c2be74c7ffdbb0c93a32ff3752b6ab413261833b0ece7b7b1cb55

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\22.exe
    Filesize

    37KB

    MD5

    296bcd1669b77f8e70f9e13299de957e

    SHA1

    8458af00c5e9341ad8c7f2d0e914e8b924981e7e

    SHA256

    6f05cae614ca0e4751b2aaceea95716fd37a6bf3fae81ff1c565313b30b1aba2

    SHA512

    4e58a0f063407aed64c1cb59e4f46c20ff5b9391a02ceff9561456fef1252c1cdd0055417a57d6e946ec7b5821963c1e96eaf1dd750a95ca9136764443df93d7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\23.exe
    Filesize

    37KB

    MD5

    7e87c49d0b787d073bf9d687b5ec5c6f

    SHA1

    6606359f4d88213f36c35b3ec9a05df2e2e82b4e

    SHA256

    d811283c4e4c76cb1ce3f23528e542cff4747af033318f42b9f2deb23180c4af

    SHA512

    926d676186ec0b58b852ee0b41f171729b908a5be9ce5a791199d6d41f01569bcdc1fddd067f41bddf5cdde72b8291c4b4f65983ba318088a4d2d5d5f5cd53af

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\24.exe
    Filesize

    37KB

    MD5

    042dfd075ab75654c3cf54fb2d422641

    SHA1

    d7f6ac6dc57e0ec7193beb74639fe92d8cd1ecb9

    SHA256

    b91fb228051f1720427709ff849048bfd01388d98335e4766cd1c4808edc5136

    SHA512

    fada24d6b3992f39119fe8e51b8da1f6a6ca42148a0c21e61255643e976fde52076093403ccbc4c7cd2f62ccb3cdedd9860f2ac253bb5082fb9fe8f31d88200d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\25.exe
    Filesize

    37KB

    MD5

    476d959b461d1098259293cfa99406df

    SHA1

    ad5091a232b53057968f059d18b7cfe22ce24aab

    SHA256

    47f2a0b4b54b053563ba60d206f1e5bd839ab60737f535c9b5c01d64af119f90

    SHA512

    9c5284895072d032114429482ccc9b62b073447de35de2d391f6acad53e3d133810b940efb1ed17d8bd54d24fce0af6446be850c86766406e996019fcc3a4e6e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3.exe
    Filesize

    37KB

    MD5

    a83dde1e2ace236b202a306d9270c156

    SHA1

    a57fb5ce8d2fe6bf7bbb134c3fb7541920f6624f

    SHA256

    20ab2e99b18b5c2aedc92d5fd2df3857ee6a1f643df04203ac6a6ded7073d5e8

    SHA512

    f733fdad3459d290ef39a3b907083c51b71060367b778485d265123ab9ce00e3170d2246a4a2f0360434d26376292803ccd44b0a5d61c45f2efaa28d5d0994df

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\4.exe
    Filesize

    37KB

    MD5

    c24de797dd930dea6b66cfc9e9bb10ce

    SHA1

    37c8c251e2551fd52d9f24b44386cfa0db49185a

    SHA256

    db99f9a2d6b25dd83e0d00d657eb326f11cc8055266e4e91c3aec119eaf8af01

    SHA512

    0e29b6ce2bdc14bf8fb6f8324ff3e39b143ce0f3fa05d65231b4c07e241814fb335ede061b525fe25486329d335adc06f71b804dbf4bf43e17db0b7cd620a7c6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\5.exe
    Filesize

    37KB

    MD5

    84c958e242afd53e8c9dae148a969563

    SHA1

    e876df73f435cdfc4015905bed7699c1a1b1a38d

    SHA256

    079d320d3c32227ba4b9acddf60bfcdf660374cb7e55dba5ccf7beeaedd2cdef

    SHA512

    9e6cb07909d0d77ebb5b52164b1fa40ede30f820c9773ea3a1e62fb92513d05356dfef0e7ef49bf2ad177d3141720dc1c5edceb616cef77baec9acdd4bbc5bae

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\6.exe
    Filesize

    37KB

    MD5

    27422233e558f5f11ee07103ed9b72e3

    SHA1

    feb7232d1b317b925e6f74748dd67574bc74cd4d

    SHA256

    1fa6a4dc1e7d64c574cb54ae8fd71102f8c6c41f2bd9a93739d13ff6b77d41ac

    SHA512

    2d3f424a24e720f83533ace28270b59a254f08d4193df485d1b7d3b9e6ae53db39ef43d5fc7de599355469ad934d8bcb30f68d1aaa376df11b9e3dec848a5589

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7.exe
    Filesize

    37KB

    MD5

    c84f50869b8ee58ca3f1e3b531c4415d

    SHA1

    d04c660864bc2556c4a59778736b140c193a6ab2

    SHA256

    fa54653d9b43eb40539044faf2bdcac010fed82b223351f6dfe7b061287b07d3

    SHA512

    bb8c98e2dadb884912ea53e97a2ea32ac212e5271f571d7aa0da601368feabee87e1be17d1a1b7738c56167f01b1788f3636aac1f7436c5b135fa9d31b229e94

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\8.exe
    Filesize

    37KB

    MD5

    7cfe29b01fae3c9eadab91bcd2dc9868

    SHA1

    d83496267dc0f29ce33422ef1bf3040f5fc7f957

    SHA256

    2c3bfb9cc6c71387ba5c4c03e04af7f64bf568bdbe4331e9f094b73b06bddcff

    SHA512

    f6111d6f8b609c1fc3b066075641dace8c34efb011176b5c79a6470cc6941a9727df4ceb2b96d1309f841432fa745348fc2fdaf587422eebd484d278efe3aeac

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\9.exe
    Filesize

    37KB

    MD5

    28c50ddf0d8457605d55a27d81938636

    SHA1

    59c4081e8408a25726c5b2e659ff9d2333dcc693

    SHA256

    ebda356629ac21d9a8e704edc86c815770423ae9181ebbf8ca621c8ae341cbd5

    SHA512

    4153a095aa626b5531c21e33e2c4c14556892035a4a524a9b96354443e2909dcb41683646e6c1f70f1981ceb5e77f17f6e312436c687912784fcb960f9b050fe

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD29D.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe
    Filesize

    132KB

    MD5

    919034c8efb9678f96b47a20fa6199f2

    SHA1

    747070c74d0400cffeb28fbea17b64297f14cfbd

    SHA256

    e036d68b8f8b7afc6c8b6252876e1e290f11a26d4ad18ac6f310662845b2c734

    SHA512

    745a81c50bbfd62234edb9788c83a22e0588c5d25c00881901923a02d7096c71ef5f0cd5b73f92ad974e5174de064b0c5ea8044509039aab14b2aed83735a7c4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD2CE.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe
    Filesize

    159KB

    MD5

    6f8e78dd0f22b61244bb69827e0dbdc3

    SHA1

    1884d9fd265659b6bd66d980ca8b776b40365b87

    SHA256

    a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5

    SHA512

    5611a83616380f55e7b42bb0eef35d65bd43ca5f96bf77f343fc9700e7dfaa7dcf4f6ecbb2349ac9df6ab77edd1051b9b0f7a532859422302549f5b81004632d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
    Filesize

    7KB

    MD5

    56ba0afa06e0cabbb7238b5ab153a4c8

    SHA1

    c2899ae088541bab465291154b34d06527f66e5d

    SHA256

    1873aa281660937cc0a6fd9b4329c6fa976f600b517450b0aa132782d9e13ad7

    SHA512

    a90fc50f74b5954433354f1d32fa307a1f0cc7e0cd39828fea15afcb4ce4e3c9c929c33ee1d74f741c362e3752dd70d8259587ba49e2ab861b5a4d85f51fdf2f

    Download Submit

  • C:\Users\Public\Documents\RGNR_4A38E1C8.txt
    Filesize

    3KB

    MD5

    0880547340d1b849a7d4faaf04b6f905

    SHA1

    37fa5848977fd39df901be01c75b8f8320b46322

    SHA256

    84449f1e874b763619271a57bfb43bd06e9c728c6c6f51317c56e9e94e619b25

    SHA512

    9048a3d5ab7472c1daa1efe4a35d559fc069051a5eb4b8439c2ef25318b4de6a6c648a7db595e7ae76f215614333e3f06184eb18b2904aace0c723f8b9c35a91

    Download Submit

  • \Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe
    Filesize

    10KB

    MD5

    2a94f3960c58c6e70826495f76d00b85

    SHA1

    e2a1a5641295f5ebf01a37ac1c170ac0814bb71a

    SHA256

    2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce

    SHA512

    fbf55b55fcfb12eb8c029562956229208b9e8e2591859d6336c28a590c92a4d0f7033a77c46ef6ebe07ddfca353aba1e84b51907cd774beab148ee901c92d62f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Bomb.exe
    Filesize

    457KB

    MD5

    31f03a8fe7561da18d5a93fc3eb83b7d

    SHA1

    31b31af35e6eed00e98252e953e623324bd64dde

    SHA256

    2027197f05dac506b971b3bd2708996292e6ffad661affe9a0138f52368cc84d

    SHA512

    3ea7c13a0aa67c302943c6527856004f8d871fe146150096bc60855314f23eae6f507f8c941fd7e8c039980810929d4930fcf9c597857d195f8c93e3cc94c41d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\asena.exe
    Filesize

    39KB

    MD5

    7529e3c83618f5e3a4cc6dbf3a8534a6

    SHA1

    0f944504eebfca5466b6113853b0d83e38cf885a

    SHA256

    ec35c76ad2c8192f09c02eca1f263b406163470ca8438d054db7adcf5bfc0597

    SHA512

    7eef97937cc1e3afd3fca0618328a5b6ecb72123a199739f6b1b972dd90e01e07492eb26352ee00421d026c63af48973c014bdd76d95ea841eb2fefd613631cc

    Download Submit

  • memory/272-773-0x0000000000870000-0x0000000000880000-memory.dmp

    Filesize

    64KB

    Download

  • memory/288-799-0x0000000000BC0000-0x0000000000BD0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/896-960-0x0000000000970000-0x0000000000980000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1272-812-0x0000000000940000-0x0000000000950000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1448-788-0x0000000000EA0000-0x0000000000EB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1552-846-0x0000000000820000-0x0000000000830000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1564-884-0x00000000000F0000-0x0000000000100000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1632-800-0x00000000009F0000-0x0000000000A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1644-818-0x00000000012F0000-0x0000000001300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1648-794-0x0000000000BD0000-0x0000000000BE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1692-826-0x00000000003C0000-0x00000000003D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1760-814-0x0000000000210000-0x0000000000220000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2040-908-0x0000000000BD0000-0x0000000000BE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2044-820-0x00000000001A0000-0x00000000001B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2052-0-0x0000000074881000-0x0000000074882000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2052-1-0x0000000074880000-0x0000000074E2B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2052-2-0x0000000074880000-0x0000000074E2B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2052-22-0x0000000004330000-0x000000000436D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2052-20-0x0000000004330000-0x000000000436D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2052-2400-0x0000000074880000-0x0000000074E2B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2400-782-0x00000000013D0000-0x00000000013E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2424-52-0x0000000000080000-0x00000000000A5000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2484-46-0x0000000000B00000-0x0000000000B08000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2496-791-0x00000000003E0000-0x00000000003F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2556-824-0x0000000000BA0000-0x0000000000BB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2636-47-0x0000000000F20000-0x0000000000F98000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2684-871-0x0000000000D10000-0x0000000000D20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2692-45-0x0000000000080000-0x00000000000A5000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2704-965-0x0000000000C70000-0x0000000000C80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2820-658-0x0000000000850000-0x0000000000860000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2824-966-0x0000000000190000-0x00000000001A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2836-656-0x0000000000FE0000-0x0000000000FF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2884-825-0x0000000001230000-0x0000000001240000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2920-961-0x0000000001380000-0x0000000001390000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3004-26-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/3044-821-0x0000000000290000-0x00000000002A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3396-4401-0x0000000002240000-0x0000000002248000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3396-4350-0x000000001B600000-0x000000001B8E2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/4504-8669-0x0000000002670000-0x0000000002678000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4504-8640-0x000000001B870000-0x000000001BB52000-memory.dmp

    Filesize

    2.9MB

    Download