Overview

overview

10

Static

static

3

4ed4a6c0d1...18.exe

windows7-x64

10

4ed4a6c0d1...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    16-10-2024 20:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4ed4a6c0d1e58852258a982ec4bd8f59_JaffaCakes118.exe

  • Size

    5.5MB

  • MD5

    4ed4a6c0d1e58852258a982ec4bd8f59

  • SHA1

    91c455d5b4823e9f1c9c435fa3a38b727efa20fb

  • SHA256

    5e0f3c08bbf613e917106a6a776782d33f1c261a48b6a3fd6d58036d3cfaac7c

  • SHA512

    675827a3e67816698b6957cd159532fe587c962035abdcf46e075330d6516fd375a96d0d4279da01465f86dcbf01eb652d09647894f65872dd56d17003fca8f7

  • SSDEEP

    98304:SShvKZ9My4WjLDCLHdrLbyUCLN19MaWSHGFhluzlra/+amH6ckIF1Y064Eg22ki:SxZiy42D6lvyb/MaZHJlZy34Eg2K

Score
10/10
neshtarmsxoristcredential_accessdefense_evasiondiscoverypersistenceransomwareratspywarestealertrojanupx

Malware Config

Signatures

  • Detect Neshta payload 8 IoCs
  • Detected Xorist Ransomware 4 IoCs
  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta
  • RMS

    Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    trojanratrms
  • Xorist Ransomware

    Xorist is a ransomware first seen in 2020.

    ransomwarexorist
  • Renames multiple (2216) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Drivers directory 8 IoCs
  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Drops startup file 1 IoCs
  • Executes dropped EXE 16 IoCs
  • Loads dropped DLL 34 IoCs
  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads local data of messenger clients 2 TTPs

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Drops file in System32 directory 64 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • UPX packed file 12 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 22 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Modifies registry class 11 IoCs
  • Modifies registry key 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious behavior: SetClipboardViewer 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4ed4a6c0d1e58852258a982ec4bd8f59_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4ed4a6c0d1e58852258a982ec4bd8f59_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2852
    • C:\Users\Admin\AppData\Local\Temp\ufr.exe
      "C:\Users\Admin\AppData\Local\Temp\ufr.exe"
      2⤵
      • Checks BIOS information in registry
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      PID:2800
      • C:\Windows\svchost.com
        "C:\Windows\svchost.com" "C:\Windows\system32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\ufr.exe" >> NUL
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:1260
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\ufr.exe >> NUL
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2276
    • C:\Users\Admin\AppData\Local\Temp\MAxPayne3_licence.exe
      "C:\Users\Admin\AppData\Local\Temp\MAxPayne3_licence.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2716
      • C:\Windows\svchost.com
        "C:\Windows\svchost.com" "C:\Windows\System32\win32\install.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2688
        • C:\Windows\SysWOW64\win32\install.exe
          C:\Windows\System32\win32\install.exe
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2424
          • C:\Windows\SysWOW64\cmd.exe
            cmd /c ""C:\Users\Admin\AppData\Local\Temp\8AA3.tmp\install.bat" "
            5⤵
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:880
            • C:\Windows\SysWOW64\reg.exe
              reg import set.reg
              6⤵
              • System Location Discovery: System Language Discovery
              PID:1352
            • C:\Windows\SysWOW64\win32\rutserv.exe
              rutserv.exe /silentinstall
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              • Suspicious use of AdjustPrivilegeToken
              PID:2576
            • C:\Windows\SysWOW64\win32\rutserv.exe
              rutserv.exe /firewall
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:568
            • C:\Windows\SysWOW64\win32\rutserv.exe
              rutserv.exe /start
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              • Suspicious use of AdjustPrivilegeToken
              PID:1972
            • C:\Windows\SysWOW64\win32\ip.exe
              ip.exe
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:2488
              • C:\Windows\SysWOW64\cmd.exe
                cmd /c ""C:\Users\Admin\AppData\Local\Temp\9685.tmp\ip.bat" "
                7⤵
                • Loads dropped DLL
                • System Location Discovery: System Language Discovery
                PID:1112
                • C:\Windows\SysWOW64\ipconfig.exe
                  ipconfig /all
                  8⤵
                  • System Location Discovery: System Language Discovery
                  • Gathers network information
                  PID:568
                • C:\Windows\SysWOW64\win32\realip.exe
                  C:\Windows\System32\win32\realip.exe
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • System Location Discovery: System Language Discovery
                  PID:2288
            • C:\Windows\SysWOW64\reg.exe
              reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "ip" /t REG_SZ /d "C:\Windows\system32\win32\ip.exe" /f
              6⤵
              • Adds Run key to start application
              • System Location Discovery: System Language Discovery
              • Modifies registry key
              PID:2116
    • C:\Users\Admin\AppData\Local\Temp\bwin32.exe
      "C:\Users\Admin\AppData\Local\Temp\bwin32.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies system executable filetype association
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2008
      • C:\Users\Admin\AppData\Local\Temp\3582-490\bwin32.exe
        "C:\Users\Admin\AppData\Local\Temp\3582-490\bwin32.exe"
        3⤵
        • Drops file in Drivers directory
        • Drops startup file
        • Executes dropped EXE
        • Adds Run key to start application
        • Drops file in System32 directory
        • Sets desktop wallpaper using registry
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Modifies registry class
        PID:2248
  • C:\Windows\SysWOW64\win32\rutserv.exe
    C:\Windows\SysWOW64\win32\rutserv.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:840
    • C:\Windows\SysWOW64\win32\rfusclient.exe
      C:\Windows\SysWOW64\win32\rfusclient.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2232
      • C:\Windows\SysWOW64\win32\rfusclient.exe
        C:\Windows\SysWOW64\win32\rfusclient.exe /tray
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: SetClipboardViewer
        PID:408
    • C:\Windows\SysWOW64\win32\rfusclient.exe
      C:\Windows\SysWOW64\win32\rfusclient.exe /tray
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:1080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Indicator Removal

1
T1070

File Deletion

1
T1070.004

Modify Registry

4
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

4
T1552

Credentials In Files

4
T1552.001

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

3
T1005

Command and Control

Exfiltration

Impact

Defacement

1
T1491

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt
    Filesize

    723B

    MD5

    7301095b88e445d75b0e2f409ffa8da6

    SHA1

    026d776da1b4632ad39874b10995cbfef37f73ef

    SHA256

    f85c3137bccc030fc160c23a48444f55741d5aacaebdcb20ddc5e6eb3098d6ce

    SHA512

    38a77f029c820b9f5bd9bd75c03e7a1800a362c15c3a441124029639468784f2d6cb39fb6176a53bf219ae1df44ad8ff853b4424375328c5ae6e0a111822f4fa

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF
    Filesize

    341B

    MD5

    a56b105dade1fea3a7db9eedf28fc840

    SHA1

    f96918362c20f97778fa7f88f629a6ab86a7d7be

    SHA256

    f871841a38e0e0c60cd9ab696416791bb1af720321f3543e44cee39dc47825e2

    SHA512

    f80d6b9eb9ef5aded2b97551c51f0ecf2d2c9c734732bbf957b62cf8771ede48a54085de979980c4b935593fef918916aa198143de09a960ed90c801ca1b7fcc

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF
    Filesize

    222B

    MD5

    7d9bfba739e896730d39fb54aa73116c

    SHA1

    d7785ad850fd193e2ddd899730cc2ef50ce36fa6

    SHA256

    ec3f3d4e7c4c807bd643efb3096e0eff833a74ecea6d6a1a605aef254a8a8693

    SHA512

    d0b245095395f25fa8fc252e62d638b309379a6d35fc8342b1d73c6846b2917cdce50b2a6499843bf62fadece67276dcc0d2922d224bbf79975ff0a3d56a2fed

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
    Filesize

    24KB

    MD5

    9824769960545eb6ef946fe489b599e4

    SHA1

    5b0b84fc9116be1f527f5290efc1e2e38c815248

    SHA256

    1309d238cb7fbb4c9fe9753c98779b682ace948d2e20332919a88e727adf900c

    SHA512

    6ed351497eace413bdad2e26ad19d012f544e52bccb49e81595f225d029024ca9482811b147a6edd28a9fc414b9e04b0ead99255eee8b2df499d7dcf477f3645

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
    Filesize

    185B

    MD5

    fc4d6d6a3869e50ea377bdfb597e0cb4

    SHA1

    b80b1f9ce0249823463efea16c7f609a8f904e3b

    SHA256

    10a12b1f98f2065ee9765bcf2063956382ab0033723ecbf69f4fa0e35934c8a3

    SHA512

    91afc06180aa85e36e388cc56460e46f384ba3a8e2472c580ed1683cab75b0bfbef349f8bba272fc96930222aafc6b3fc650502cbb027cbea9ad1692eb910059

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
    Filesize

    496B

    MD5

    c672e9533e9abdcee749df158303aab0

    SHA1

    b8b0f2aa5c7e1852a57f6829338c925f9475f9c5

    SHA256

    d76c30d67658ac72b4526c55d2a5a025c3dce816c82031d74f16a431fd3d4c1c

    SHA512

    b8c611bed59683ecaa4e33ca1146ae1eec499db9ae42d004976ed76578698c1fb249406ab24cd38e398dba3cb3cd2cbe8a85c30f54829515dae0c5c71b1daa59

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
    Filesize

    1KB

    MD5

    3c7091f3342c667280e00540fd679f73

    SHA1

    9bc33562f20bcdf5c6bdf318c1ef61a471310b37

    SHA256

    bf923dfe4a65bc2d0732d39e7f528a7cd68c973eaaa8d82813434f102697dde8

    SHA512

    f686aed9425331b4a58fc68c902ddf98400d2e7403fd8e4974cd39304c0d80c74f3aaee7b6b9ffc71b95fadda8a56f75310647822611cb1ab6079b1ae8cca408

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
    Filesize

    341B

    MD5

    b6c7ed475fc1370faffaf3c116957d32

    SHA1

    f7d30ee9a130fafa19fe208071f9bd347049a715

    SHA256

    18332cab33d38b6850cd5cd6ddbd8c63af388d0396c6edf90513e485244e9105

    SHA512

    a51b1e86a02e58e949f00cd228b3a829d5257713e4357c37067e670f73b8101f7735f2552e831e3ca857c8f72215b68ecbc1fe30a93ead3e827004a71c31cf9c

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
    Filesize

    222B

    MD5

    a43233a095d8284dee11ed976c9b01ea

    SHA1

    1d3ee2c031d9dcf3c7f30e681b9ad3284ee9678c

    SHA256

    17eb260b1097db0117a0a4f23b0bf838795019d9c1c8df25368a49aaa33123bb

    SHA512

    87ce9fd781312d62f891ff6a7f3328e61ec8f2c2a159ad8612427e2a6b9c9d0fa56ec905c9056d410de56bf1d59fe50296146e4e672c648b6180bad13274b919

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
    Filesize

    5KB

    MD5

    07d79b26d5841e3ef087470d864041c0

    SHA1

    54dcaa4e814aa1d3253f93e93ce66cd181bc1dd2

    SHA256

    3465c7643f715580c9e90a30402826deb326007252ede7263322d9318995cf5d

    SHA512

    0f08049cef3d24811b7f0bc05346d8cfcdb541359342c6b3a115a6eb07bb22ce22404e215a52f2a2d4db5d8039af218f631e5759f9060490a4da5dec06bce958

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
    Filesize

    31KB

    MD5

    eca2cfec67006b83c71aa2af91fed4bd

    SHA1

    ff70d08b98a3095e53a6fe6317d5070abc9c5a83

    SHA256

    4bd0b9167cf0f9c2cdf198a87790b80f5303ca6ab30b6adb6cd710f72deec7c9

    SHA512

    aba49eed3b8151cd77b87bfdead7add33873c02d27794c96304dc52797d130088d6c890a634736e29fdf5135d5a2777dc569d48df1ee2dc900b7cff34561d322

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
    Filesize

    4KB

    MD5

    d8234bde085fb9eda00053687f6edf32

    SHA1

    f8cd1a17b6aac4e327be92da0585d7705c8c50be

    SHA256

    b2fb161b5687e2f5472514edefb9c0605f5214e52e884d6dfc5c06d57694fb1a

    SHA512

    9170ad661e911d513695ba532398e770d9a4eb78451797e0384fbcc97c8f3264ee36ff4c24756308879767e09515cc22b863d94b43f55e340d251ec4009f1735

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
    Filesize

    21KB

    MD5

    eaa2ab76d6a219bc2086e9071825e1fd

    SHA1

    45c3e317095ad76272602478a62cecb0f379286a

    SHA256

    5009ba9960fee662290b1008b5608b2a7bcf7ad757b69d862882a35a26923d1a

    SHA512

    1ffc12521c4b89940cde222b937f402f0a8f97fec439cc4e78135f7eb86dd12b7910e7d0df19696c764ac44134ba5be0659f6263d3235d2316ea0e70ed9f477d

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
    Filesize

    106B

    MD5

    a581a26e2ed60f77370f3fad752e11a2

    SHA1

    f8eaae2530fbb0ec3366a200977f347e4935a55e

    SHA256

    22b922b41b14c1459583a9cccb2b7d49db21636e7a74bf22938014cf6188beb1

    SHA512

    b5db25c4127b6d3b504af6d20a8a668daf4b429556672f566e84eaf1c6052c1c528ef77d632c0c50a17037a15da5cf701e22ed6ecbd43938c08486d95aa3f9b9

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
    Filesize

    8KB

    MD5

    e1b2b9c539e6f695b64c314095da6f01

    SHA1

    3e2ff72aafd104c0d685cdc379496c742728f352

    SHA256

    da86fa9f8be18a17e2723e26ed036ffced9039a641018e31939edc0746b33c82

    SHA512

    a79993780e700fe26ad5c70e96bc3a9c14c4ac16a018c6e3a4f64903683847e3796d9a312de7eeedf64f0360ae189f75cabaee1b164b2c5b6f1f630b81afb3d0

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
    Filesize

    15KB

    MD5

    c2ca39ceb2f2de2221625d8d7db3e398

    SHA1

    59e3784c1e025cfe0211755a48495afbd916efd0

    SHA256

    6490ea03dde5c153bae6e1470587dccd47dfec36a0a346e283ea314d8ef5c94a

    SHA512

    f50e9b0d3b48b90ca975866bbe67392bb3f1a01bee6c6006e78ef6811ecec984f0e47325611bbd29b07058f45b1f1d612a00f42fbcb059c3aeabed8245a77050

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
    Filesize

    6KB

    MD5

    2137e44716ac7932b4bd9df0839f6ba2

    SHA1

    6b333eacfac6c8556458f39172cb32547b4dbab0

    SHA256

    b629ba8d098cba8729bbe7774bb299130c6e1a3ffc61ca83fe392d4c0d26b866

    SHA512

    14038dd507a28d3fc410df3ff12a91fc3eb8ff26087b1931e8c2f0c99075acae0cec5f89aac07813c92a7bf693e6486f9132d8d16f778e8ebea7e1cf9ca7e0be

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
    Filesize

    20KB

    MD5

    34b0cddf5cd4eadafa76276040187ad5

    SHA1

    c55001dd948aac21288bb917af93e4eec425df64

    SHA256

    626aec97e4a2a74d6c8868f0ede7cfb0f253ecb4358588328db2e1f73d398119

    SHA512

    8f156ea33a424872514053466aa331d967ac9155c7abcad274c302649f29c1efbbf18f348ed2e79b10fc68810aebe99915134e3210121cf2f898ea5b5fead0be

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
    Filesize

    6KB

    MD5

    2512e08ef2509fce7d5539f999145bcd

    SHA1

    5128c71c779e5939e0d483d05eb579d0df38b9cd

    SHA256

    606af949d7deb70c916a9a5575140715a25e139fa7a0a0cb986784a7569b1153

    SHA512

    0e43a67ecb40ab7458180095fa46e32c82eddea0a38a19b28b5b9924902055e05d66c61acefb47a2b13d4e17d8f4c742b5f7efc25338267f38294d8d4be04369

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
    Filesize

    15KB

    MD5

    5e67bc1a2c0ca6617aeadf53f0e97a67

    SHA1

    c37ce7067933a20c0ca174ae36b503a33b517e9a

    SHA256

    e13255929f70f6b812e4f21e0552f14332bcf126070a4e818e19e230f576c9ce

    SHA512

    14c7881369fa7e85a3cd7d7bff3b57a33faaaf7616615ee5f0362a9a7c9541018ab40560adb086fc9e85dd934ea0d1c2f5d68f2070312f0a1678bb6e9b436059

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
    Filesize

    2KB

    MD5

    b33e9f35ce211df6c40349b5b57e3efc

    SHA1

    fc438dedb344eb9c6f6ae43bb59b96afb0682e76

    SHA256

    7e1d667a9f2da2d177186b619eb8cee7dd84adedc8b133f9778ce4393aa5dd20

    SHA512

    5421323f35674f86ef73e9fa607622c713db036a60f65b2bbb4d2150a0d904201c5e69cfc13fcae739d6eb500f906fb4fcfb9dd95a97e8b656b526f621685814

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
    Filesize

    2KB

    MD5

    52d957a48f862bacd7bee97f647f5f34

    SHA1

    429a59a1f49aff0efbd32a4cddfaead77398ee32

    SHA256

    f99dd766c30ddbd71d1f69b5309bc89b1b28e416ce07ad3581dc0ee9cd0d2810

    SHA512

    840865de26502d52a19a90a546a567cc033ec9ea3ed8b67993514a19082073454bf0cd91e0094287b53c15f52af98b415c7c7d3afa3f516a5ceaf15158380bbc

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
    Filesize

    6KB

    MD5

    c492b3f4ad5f61e26dae804d1dd71bdb

    SHA1

    22c890f314298773fac596e4b5eff6fe3f118082

    SHA256

    e79e4247b217a3117a1cdc5b2a517580b358bed374ed5085f69c233ce4372ef3

    SHA512

    a555848c1fd7a7b7b9692b7a95ac971f3cb9d2be45d2d912620cb7b6d671b1fa77d40d4ee636c41bd5c58b983251ed1ba6105926ca0c66f294efef8008d7ac1b

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
    Filesize

    255B

    MD5

    055eb50f1776d58c5518b105fc8a29cb

    SHA1

    23ce2e115555154555eb2a9125ebae6d4b99a01f

    SHA256

    55cd0bf85f409a428b864f80e5255f502eb5c0733fd2c4012463d76856dff061

    SHA512

    f743f1fc169428beba0cc5fdf2196727fa21531804ceaf543de815cae029a6b3f788a88051fe51f6f4930901ca30e40daae695cb736ee0bac833708b0031948c

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
    Filesize

    323B

    MD5

    d6f0fd92c36f565ddd802d4160caee19

    SHA1

    b07eb0e86f97d169e89b8799cfd92a4e911a35a2

    SHA256

    a78887bd3f88aee0d204d83cdf465faf56b5c9844e94d291d747d53c2468886c

    SHA512

    8fef8327890641740937aa982a5d5e2bcc7f730d5358b0636abc6d59908c12066fc7e859f36a68926e067fcacfd854a49e347f546cf6a6694bf18d081364acfa

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
    Filesize

    367B

    MD5

    fe0d9d6286d34667ddc2c1975bf05003

    SHA1

    3be0e829008f0a330f14c9ba7fe80f3468ecb116

    SHA256

    fbc14766bdf0227abfc6ff409271d86e130f6b558aabb8b542fb3ea96619d899

    SHA512

    c3be78d3a2fb03e332bb6bec970c69c81a0d34b326e2ed1fbea72394a87510bea55619c5807b7fdab02b9440fbb8e1ba7bd284df3f66585f1ee7f55c1f95d3ed

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
    Filesize

    148B

    MD5

    e19f248d04c1d52c80ab4184d0ad9ff4

    SHA1

    19d6a6c40eb6cec49497fb3d4152306de4dbd65a

    SHA256

    1a164d9f938cc8fa9d9bb3cf5615f6ac22f48bd53f8831aa43316c32c2336da5

    SHA512

    7d4188ef85d0a606de1888f769805102e2528584d6facb1cf55808748924ce4224eb3908d6e4b21dc9a12abb3860ad83d78d0ea14e697a6b9688128f590d3307

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF.RSA-1024
    Filesize

    440B

    MD5

    c4af55767592d08777cf1668c7adc8fc

    SHA1

    3f1f9bc2f4b61e694d63e9c0a41f548f1f34cef6

    SHA256

    77af6fb34c0762efe792195014a61587a9307bd7a49d48d9b119e5700ea2bc09

    SHA512

    0878eae44ffba9d063d99b488c17d81fdd1280a8ad5d9a9bacb86a8d822e5696660eb04b952611a371e78db577389fc9056c4ea2d17fa99ed38326aebe60030b

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
    Filesize

    462B

    MD5

    ec2b41bec41e4edda536a27c20893e4c

    SHA1

    6473f3ebaa6c5e89dc2b2b245f44f92382bc9d4f

    SHA256

    1a6afbf4e3faedb15ef3dff7eb080a1017a7096ececa579c6baf83b896234bdc

    SHA512

    4c8d30896470c4a2d36812265606497edcac526b6bc24b91cdef3fa89fdf5b2988681b030e9cb1735fc379cac77a18d5717fac9ed0ae75ebfc47825ea0c5b525

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
    Filesize

    267B

    MD5

    2902013d5bbec3c0b4489dac3bb6ae45

    SHA1

    3f76489e138cfffd1d8d40020526f906ecda637b

    SHA256

    ff3e934b201a3c3e8fa1abdff9c18b2f9a9d650d6f240751d023a9d0785ef0c2

    SHA512

    917d94899d15da6237f7d9526c334922619ae2c792d7098a9b242360ab182af87833a2ab983a457c69d8b9bc8b7a48b945967a177ced95ff8d98c2cad239e5ec

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
    Filesize

    2KB

    MD5

    944935db4a03e7d3c5e6fba90f2b45eb

    SHA1

    7a70bd8f723470dd3def04658a8fbc1dea8d9a36

    SHA256

    c93d763d20c5a83aa993743c3451c948ebe5802730ea22ce2b59c146530d26fe

    SHA512

    7f061a6b9c96e6fa501e48cbfbb1b3299b5dbb9f45f64aa4311a778268bf9f22b00e4b56912cd5db4c540e459ad31a8023ee103d8ffb3207a5e266f5616a129c

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
    Filesize

    233B

    MD5

    4a923b63d3f6f18e884ce49d687326f1

    SHA1

    6510345201a390013dc4bc63b58be767aefa9244

    SHA256

    789d5aed3fece2dfc080f7ebaedf63eec14950f771ce5cbda03d46cf957184b2

    SHA512

    c5b141e678d6f55a2175be00e65b76f72f5d29fd96b815e4ea9549120f7f386bb0bfb3006791aedee8098b070a3a2332ef289a018758d15d81e3e95abf7829e6

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
    Filesize

    364B

    MD5

    8c2b7f1a3abd140f14db36c5861b3409

    SHA1

    25be8c3deff95c2d8a59aeb86744fcdcfdc0f6ed

    SHA256

    4fb809719bf0f973e8c5088c8dd1ae1638b5d24bd30dd9b2e08830820a11c28f

    SHA512

    767b06d8bcc8660b89c0dd3789cb7ee8ae07da2eccee8043bf32d66e93234775f1a1e0bf2dd4deaf8325298251f7eb4c20bea79d829facbe3daba66053d270b9

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
    Filesize

    364B

    MD5

    a3acd904d1b10fe24c1765f92b15740a

    SHA1

    995e240b25b4542e6b83bfb39016e304bffefa61

    SHA256

    bf044a7ba214bb96c92b4dcfeb2e730317b4504b35d39fb4ac4546ce0cd6a9c2

    SHA512

    c56bb71717414ea79cd7fd31a0aec925f0ec1359cc7939200689e465123c9399f3bcc4f508f35b6b514f78015b864e7b79fa0bd3bd885e431f3f6c90e95cd358

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
    Filesize

    6KB

    MD5

    d04e4c82b2185acbc60676cf36d39742

    SHA1

    d243185cccbfd17d7d0c8a194f8d3fee896e7bda

    SHA256

    8e8edb2374cadc547286f4281da2c08985827d45238fb81e2ef127b91dbb6160

    SHA512

    7bef3dc4dfcd0be0cd47f2992ebd1bb443066b8b746d9786b532c44bd5c94839a824e79affbb93c0da16349dea55838392d39f3e5b29bee8ca1ce2bc4bd71cfb

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
    Filesize

    428B

    MD5

    7a29159288fe8f08795d8f285b1b8528

    SHA1

    a765f125b161b5e2bedf7955f0b3f0683bb78937

    SHA256

    b7eec0e3384a2849ef2aa1e724b7f1c3170456db39c035e1db09fed17a703a58

    SHA512

    271171e3dcfacf8cca1845c086ee20951250201f90174c639d0efcbc562fc08683897d8c1b8df1d18d754dce2154f3078b8c2cc0776b641c78a296161d663e6a

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
    Filesize

    815B

    MD5

    0862805223e1e67a9f3c0504a9b2c94f

    SHA1

    d339ad613896bd6746ae9bc191be27c514584825

    SHA256

    7c7d9df59b250f86d573671904bbbf48e3efc8280959d499eec76d2adbf6945d

    SHA512

    9d3baea3515f022b2960f03b02f48752fa6fc9b1ad955428aa816e8519d4bede6dde508aaff34b041b8fafbde00c31d345b60526b7c5cce9a9cfb6b807d8a42f

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
    Filesize

    870B

    MD5

    700d1abaa5a0923efe3f406a85491e58

    SHA1

    19cdba9e218efe499226e70228a83dc51a2ef8a2

    SHA256

    3402a34b4bda7af78e2476ee6b1dedf816df5b829e7b23aede015df7d6724337

    SHA512

    7b9c6eb2aa61b64a05de36c5bf736dcb8685fae88b1b19c992c2e8898bc399e5c8919545a3344211dbb9501779166af5058f8b55d82984deac61cc45e30fa01a

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
    Filesize

    3KB

    MD5

    f8e2aba7a02ce22220c6d5903f6f2afd

    SHA1

    bd83c8b1171777321844f8e58b579cef77916010

    SHA256

    b9058237892b8765c4b47cc2737bab4ec67752bf0fa7fcd201ab535c7f8593bb

    SHA512

    4bfde29168e26adcee55c98fccfe19afd4572bd1933cc674988d028b6c81c469313199b24793266a158b8c72bf66f2cac95a16a74641863a33b3137184f51819

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
    Filesize

    2KB

    MD5

    280f2b438b0d3a1935be3c7e287da299

    SHA1

    513fb99a4f1cd239656edf368a1265644159483b

    SHA256

    60dafdd8c7dc557b246fdf1c9784a2aa5f44483e1b9223a8a0b57b409fd0c496

    SHA512

    d9b8f60d272a1f9b3e3aaa787d9ffee44d020cd617a4dc9671b6e99687c40ecf344ac58ccd12dce490f059c3f7781467194452b509d1948fba4b8f609bcace5d

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
    Filesize

    19KB

    MD5

    5e1ca6b062a4fd15d5624160dd799e97

    SHA1

    1f1a606b4cd96fee4d0d27528fea37331b4d071c

    SHA256

    430bdd69ede14c23969b6e70d49ddcc7ada3105cd847e1ad7f87927bf6f356aa

    SHA512

    9565cb5df3777e18a17b1ba1e0ad5d265008d277019b24a4d49d78ad06f912c09c60897bf58c1efa06e89514b71db016bd00feb2d4ac71998f2d90877aa8be58

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
    Filesize

    890B

    MD5

    9852b53564e1bd9cd5e33819f724f23c

    SHA1

    d5f0944a573d3e8748e97b8b0ef0ba827e5a5767

    SHA256

    6c4d18e3acf8573c24c54391a2f1213b31f8ff278500cc3e3da9d918d957f215

    SHA512

    66483222507656fa36fe2cc4adaf51c334575819b2e08673e11459f06033d0777bded264f400a25befc33f09ffae3d98bc9631e0701f0f1ef17b344cec6e4642

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
    Filesize

    852B

    MD5

    53249b3b092e725daef4fe941b1fa29a

    SHA1

    1d6642838c606addb64c5f26bad44188b0dcb0c8

    SHA256

    2a24d23826ea1a8cb1990ffbc8cae34f7ce5c66be0310df0811d7d710787cb17

    SHA512

    93a28a79fdb93acbfc243021938e93bcd45b4446c1fa87946b88aaeda328bb8a7fddea197d7eb94a1c4a1f64d42fbaac8c78d87e8c5d09b30782cbacb562ad55

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
    Filesize

    860B

    MD5

    9b352e304186e0b37b0a423625d62075

    SHA1

    46afde56a655450eb76f46c594b8ea0c1f07a696

    SHA256

    8fd2b4a12aff9d51b7ed4308d961417b4990451fca71c0628c9758a4965a73c6

    SHA512

    eca6310bde285a2e43126542cd9d007a8d351b26465fbe2c41de10df4f2b9a92e25b459e8775f60a3876c632bcf1228a545ede399aab3a96bbfd3f6204dbf371

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF
    Filesize

    580B

    MD5

    84455cbd291ea6d47a16c884420e85b7

    SHA1

    558208960b2e597c587c05575b7738a7b00815ec

    SHA256

    2143b529371a40708cbd21731f9b086d4ddc4a179263021c6ffdb2612e7f1d62

    SHA512

    e9dd7affdcdc029df089b44fc149b2a60db903ecfbc4772d5753b92fa553febc011009738d2ac2f35afa1c4f6e95fe275c91fb9269de4e00b234186a7c5a2c96

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
    Filesize

    899B

    MD5

    6118a6b7cdef284e66ce0100786c62f8

    SHA1

    5ccbf51b86fdbba2528d33d16747e026b94bba77

    SHA256

    3f6da9e77307fe0c924fbad38ebcb73eb8b5ab1b56c0acc617f3e127f634c6e0

    SHA512

    a0c2735c856e534fcfbfa63a903aa633b27477286c2c1a57678fbc04b41767700aa9c943b87bf9df80c2b93299a74ff5983c381db982f433b3235f023976d656

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF
    Filesize

    625B

    MD5

    ec4e5ff5ccbd33104eaa411eaa9bd9c3

    SHA1

    07f9d08c7314089e0a445e86b83894952c05dc59

    SHA256

    c96fbc8e45917a134d7e0512cdfc63192468d89b5d72dfce422e35366292d365

    SHA512

    1010cf314f7fc58f52a7f7407251888f5d228f9725585445c1bd1af890378740dfa998d328eece52a7927697a8927336a9492ccc72aec3f763fb5e739e813aa0

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF
    Filesize

    873B

    MD5

    99e16a48ada5b7e31ce0f791ea5b1f72

    SHA1

    fb28890de38ccf31266892c2ea001cb264bf2822

    SHA256

    8cd01dc4a8e1b3104a959039b8166908685fa85d96131eb17f43053e82f39e52

    SHA512

    f40548b5def51b978b27e4c95d88837059cfa560d44fd23c5bd48da56f81913576f3ec01fca3c04f326c21c1e356987dd9b1d2cc62ef547af80005f721a2f49c

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
    Filesize

    5KB

    MD5

    1e496add485bad3382246d4e811290a4

    SHA1

    85d339623eb581d76b8ea6e25c5872bf71f26d66

    SHA256

    148e203f5c97a338641e2e6be844c2c8f1d372871d2b5c724277aacf98870066

    SHA512

    474c17cf5f949b7f46baef6eb1995c9c029c1a2303e15b8372cdb115da96377150204667d677b306a64e917e62e75f1cc33a54ed2d280c7f603e2f9888241880

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
    Filesize

    1KB

    MD5

    0af840fae07140514c37433fedc4936e

    SHA1

    8a7d7fc3a22c665595c39ee91afca524446caa5c

    SHA256

    b798456c532b24ce140b94b6d1a914d3b28c2509927ba01a9642d3c641f5a703

    SHA512

    119c6d53c7e51d91af97cb5ae27d807df72ffc781232b0ca1d2be77bf7824fbaaf0268f2e332370acf2813a113041659411ca016fe56fe1b0a419ad0b7ffe915

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF
    Filesize

    615B

    MD5

    109e6f4aef3d24053a6bedbf9038fcf4

    SHA1

    f3da3dc94d3a4a3df5298b11213980bb1d189179

    SHA256

    5bbbbb5e4682a62b55a1b359a63346a9e26a62f9fd14863d213289347ed24dac

    SHA512

    f0c00f70edfc2f52be75b5044df189a96144cd22d39aea81540f4fc0121b2eced51294a5396f15fec135d73e85d53bb7a385b68b9680eda0edc285f354848ce8

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
    Filesize

    848B

    MD5

    34f6229937941e5737a735f518a27c8b

    SHA1

    5b6544179da8d5f10413f67b32b7c51248429bae

    SHA256

    6634a673385da0753fd74f0dcb4f787650e9928b914e1d2efbaa391af611dcaf

    SHA512

    dfb02c421197288077c3f27c0c714727e9293a4a62282597d59cfdc96d7d0f3d6f93c96c73aa66ab9a23080f2172f4b7899050034e23e8b359843c74c2727397

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif.RSA-1024
    Filesize

    847B

    MD5

    26e4c17d6302373476175854f1a0bfab

    SHA1

    bd098081869417749f39c11b3db95fa3017fd78e

    SHA256

    1ea80486e96a6902b1c40c0ae0003e8d85f6419bd5ad51866b60592cabaa152f

    SHA512

    c66626061eafd6af465f389537428f333bffefe947c9e596ae7b59c4717f78867a5ecb8ef9cd83f10ada6132d773a9561e7fd0cc12698591ad142aa48455d77b

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
    Filesize

    869B

    MD5

    525de8a87f7ced4435c99e4a2fc4b227

    SHA1

    73c4abf7561f01657fb4be34b1130347a115137f

    SHA256

    c8377e54b577c8d9361c0e4fd638bd646ca57c8911d6c3c0b60953f512c32dc1

    SHA512

    af244c6fb14cfcb9a79044493cc5ba27ab5ce4ee81162f0fae8317ac65a01444a30854087da31f15d7f44cce443a3cff0af0ebd54b9a5fdf9b79db0879cef084

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
    Filesize

    847B

    MD5

    4222286961288f84299ce57680fba19e

    SHA1

    cd9289060a116d59c64f0d06279b992adfcecc5b

    SHA256

    2ad1be48a932481009eeabeb987f2938df5a442dcc046d3a4fc496ffa8044459

    SHA512

    18cb15a9fdc174f9e458b9316f7f362fe3041fc9a48f2179a4aab02b9227dedfdde120ca5a80f3b1f4f8f5c3ab5fa830e960f8ae750523bf401a4e3c39de84f2

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
    Filesize

    863B

    MD5

    9d7e1f3969a429e56711d6187fad560d

    SHA1

    a4932906831c99eb9658c4da190cd5b8a778678f

    SHA256

    31f577e0fbcd7925ce5a78e5a09f7749f6f18a999fb361789ef3ceb04bd2e79e

    SHA512

    5058f3e98d01f2cd3d678d9318ca133cf97678a668baaa7e48a7c0777729221310dcbb8276f1e40ae009e644c95cdf7846e5f2e6e014491f5b0049c52589c240

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
    Filesize

    861B

    MD5

    0567c9653e6f5a76a9d9c3df25f3dafb

    SHA1

    97b028b4ca40cb3fae4b0ac71a4a4a9b4149bcc8

    SHA256

    46dffb2f38ae36398e4941b98b98991f2eab41905fcdb34b52c4f11180b08a7f

    SHA512

    29ad4421342690c065c77fa5565dcaace38ae8cd1f80c232a036ac5e813f74f0808c79526997645e92203929e7780b4748f073b77ece0a4f4667e0f80b9b5a9b

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
    Filesize

    850B

    MD5

    a70856514bbdd7b11b303ba0b709e95c

    SHA1

    585bc40775db4a766e7722734f24f2e119df8fa8

    SHA256

    30a14a2354c318426467ff1a878a9e4f28691d907fab424fffb2bb0a5ab92529

    SHA512

    ea45461c665b6de19216ee944bae025dde139deeb794d4ff75dfdd9208c9680e356bf8e4c96ee8b34d2f0416fdc43833dd2f4707e45c40db15154ab08c1e7572

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
    Filesize

    883B

    MD5

    7e666135ffac17d2312db087a3fbb392

    SHA1

    417dc5341c6a99d0c85162ce65f2082e0c4fcb7f

    SHA256

    9cd9a3ff4f4b309da82ccad9ffaad77106dbf69df136c086956ac113eb0b114b

    SHA512

    5ed29840c03445f5d35575feeb93a37aece44336962c48673956b8f28dd425b668eb3c6cff45aaac36c776a9c62a5d76fc4e541f01ca9c96fdd10b4356cdb492

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif
    Filesize

    153B

    MD5

    74a1ce9324d765676a22a7dfa5e2c8a8

    SHA1

    cf11d08fcbd9f109c757b47e1a2e9f9fba9cb484

    SHA256

    8d478421d405847da9db717e320468cce8fe8e50337848ba08405733335510b9

    SHA512

    cf7d3181eda2e7d296c544c67959355c52f146ff7253048da6a4996900f2c4820a10026d140d6f572d8fe1b06eb9359dd97cda1a2f9233a507bc8c2c55e61e46

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
    Filesize

    12KB

    MD5

    efc1e50674d2915235058ba3e584adb8

    SHA1

    deb06f51ea772ac92ff4fd477ccda4c03cda80a5

    SHA256

    55d4b004fdbb17be3ea12b9adcf79f34cedb6f3e3641e3962a0cad1f16935b3a

    SHA512

    469f3362accb8e8c8d16822fe2857deb2ec8366693fdf640b2408a7e062ca1076f3b1cf1c54fd97270d9511187cccf8e823e317e92d10d098048a95eaa63f8b6

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
    Filesize

    8KB

    MD5

    abfff0a1ac6a6fef6aaeaa5fca3fafb5

    SHA1

    61c0fae7a7589aff9dc703a86ad49a148eb92627

    SHA256

    24e24df6e68983f52fd756629ccc240924f9ae988926a4892dc12bc0644475b1

    SHA512

    eb5e6b6748d64a060cfbc04dfc07307d00229962c41fc575ef617d3084ec7a5cb26a83b0108303397ea0b0c753d7c523a468def210241ccc6055ddc1e4ca8ca8

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
    Filesize

    11KB

    MD5

    dafff5a70ffd7a4f0dc4c9635d8a9a42

    SHA1

    e9bef60ddcbc37b9b737ff9101d8919d21e37eec

    SHA256

    e704f89d265540c447dde012aac141945adda10cc057568a09952f58dbdcba42

    SHA512

    4152be5b37d90ed81efba9e14d680657d4422061536e304256aa09a60a9411e6dc02e04e33868f145d4fbeb784b640aca3a60e0be8114d93a934224dbac03977

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
    Filesize

    109KB

    MD5

    186da4469f76015f3a47fbcdbe69a1f5

    SHA1

    d067479a536f82c6fd485f3c9e3ba6d3a051c860

    SHA256

    8734a53fc01fea2c25668643991ed49d258d907b936ec48509e39000dcf25773

    SHA512

    8aaa115b422a3dda1dfd9c8fdec2194d364b48db819b236be7e5992bc58071fe579ec08562cd682d9fc2168b37f87a8c3962aaf2899746b0ebd41f2202760594

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt
    Filesize

    172KB

    MD5

    4fab886aa617f71e0b633d7770a7fecd

    SHA1

    20016c3909c343e1b4987442f01ac471c1e9bc23

    SHA256

    778c99bd21c7f74719b3a5d2715a3d8b808e0ec9851738a343ac187ce8b18987

    SHA512

    841878c7c8de0f0b85939edbd994a69c582f1c426ba39b1c72b378b057afa51966104eb00d67fb18fdc28c9d9677cd7f97d34d99ffd1bc86b7ed86912ea7dffc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\8AA3.tmp\install.bat
    Filesize

    261B

    MD5

    caf576fd184fa7521f7ce40848fa5799

    SHA1

    281f35bb9d5583b8e5a767b3d0ca347fc0f75d0d

    SHA256

    17571d6e267f2ba051d63504c84fdc80e29e5b2b6cea1f2f5b41a31f5dbed6ab

    SHA512

    eaca9969ea4e68e537c2364a0ef438d7e26450cd6d5ca7f84a1716bb576ca060b85680531214dcff47fa3a1563ac04d5e9b1e213c98069b609b22b2bbf1adbbf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\9685.tmp\ip.bat
    Filesize

    719B

    MD5

    14364b5ef40e43f49b8296bf2a858f59

    SHA1

    c71c26442a859b0847991b2c418719cbad8aec41

    SHA256

    3583474f51872c4749fda86b24e05ac1ca5a9a2ea33948b438dc7cd101a88518

    SHA512

    4e3cd1c52d9e867a61f5408ca2a8c72e6f59131896d726d59923ba74fa7736d62a443d1d6785319f20917e021680a942545393b42c3b0ff8676c47372d9f84a8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\NO_PWDS_report_16-10-2024_20-21-02-79716ABB-ILHP.bin
    Filesize

    1KB

    MD5

    3666cabd3f6604ffa79d766edffa27c2

    SHA1

    f64674d712519befc254ebd93b9c0e717449a050

    SHA256

    a95534c00b6fe47c70278cb6385b23921dc5eec39449317acbc76dad221b9422

    SHA512

    ebce003cf4ae9d49e41f2e599c8fb294339706d1fc796466b5f84b815d4ceae309b9b98142e8b1d3559e160469251787ff55e3c58bce388b39bde2bf8a7b4374

    Download Submit

  • C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
    Filesize

    1KB

    MD5

    28602aa582a872730238b9578b989376

    SHA1

    608fa8347882188a6e36e3b322dedb59b91fdeb0

    SHA256

    b619a13bc6e2bed9ebc396d21e9dd449f815c47b885e90b70ca4bb12afd56e11

    SHA512

    c7b15cb5aa6201521d7447aba5f54bda50aab6772e9b150079a2844bda9028c8135f469247a474078106ada5fcc1dad6ad269d7f57f785ce189c3c242afd5a92

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
    Filesize

    65B

    MD5

    cd43f10f293437ed98b69feed71d30ef

    SHA1

    16c84001f49586daab1eb7042bf2c74755c77183

    SHA256

    9c41c70255e2eb65dd4f0f1d7452da3b621b856bd49aa56f6fe0b0a4ea80fe91

    SHA512

    fef0c266717c493c5132e97976d276b3b101000cc0e1a241045e833c5db1ae99fe4b03c3336873d28e18d378efe3c047c27b0d8ddbb9b536bf9725be4343d1e7

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
    Filesize

    65B

    MD5

    0bb6bc70fefb5d6ef27e28664b39b1dd

    SHA1

    511f31e41e564f6220b8a332654010bc96c4d5eb

    SHA256

    d244035662ba0c12d001fbf619bdf30ec4569c264b99e9804e02339942a13ebf

    SHA512

    25362f4a6a0fd36aaaa4e779c8fee68b2c114c96e593f2cf2657531de39362d63730c43678582be05cf3d41b0e6901fe6bb23fce52735f66655f0b1c84ce02df

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg
    Filesize

    21KB

    MD5

    def7643190bf57060e7cd97b27b1f6ff

    SHA1

    a24c52eb91911dee6551edffccb2667077232838

    SHA256

    30f08d88c004f6a54ad68c618bd7df855ae157c9a2caf818002b78421701d726

    SHA512

    55e54dde0a249477e25840330c1b288e8b3ee3dfd65245d1f8dcafbf8286d50068822661a07c01bdc19d48d4bf3500d1a7795e0f5b63fec75941f30bf002754a

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif
    Filesize

    1KB

    MD5

    d0c97ce19674bdab62229e2f725cf22d

    SHA1

    6c9e2fb28edd1978fc325135314e41edf47beab1

    SHA256

    d3f639272a91cb9db00a31cadb62f86eb9b040ed9e81a026255e49cc540e9110

    SHA512

    eb0ac8b29fa803224d04adfc99a237a79827cb561fdb97e1901643a5389dccacb90d1225a0556e867e0fc00af319c161417802f540437b223ff1b8d70d903b7d

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif
    Filesize

    952B

    MD5

    2053a116fea458782f801428c4577d27

    SHA1

    e0a5fbf47acd205370022953afdb397f4d8829d9

    SHA256

    e5faf54ef321c65867bc93b5203252d69372029d992124cc7d7c586a30d5d601

    SHA512

    db170a1591e0e10d0cdb0f5ac098b069fea010bd74a47dccfd4c44fadb4c5cd277da259674e67f2dda483d57f63cbd309d363887b3ae383236346c368dab339a

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif
    Filesize

    121B

    MD5

    a1cf7fbf3092eff70f513e1055e88a09

    SHA1

    5d24680ea943ef73ad9686c09ce19c26d7eb9a80

    SHA256

    c041844ca8aa6436c55c285b7cd3b4896ad49d66e6b8cf9660821f6910308d4a

    SHA512

    1cc4a6af9d7966f2e1194dadf0a2e3b719407b38a99a962e497601ed342e0cbbee153814226ef5e947d327843cd0f1ee99305e7e3e34e6c49a77377f07c21e91

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif
    Filesize

    1KB

    MD5

    72f3c400ddb4b6dcf723fb1d763ab189

    SHA1

    a3e7e6e71e76496aefa94c30bb0e9871b25ffdf3

    SHA256

    c7c302a74123465aa8ad286cadaaaa777ef1d20adfc3de0ada562f1a988c44dc

    SHA512

    418ea01cd08d9dadc9d0a5f185729df4f0ae8ce7442fc7214955a932d07257bfad86e53fa377ca4af6901e625852deeb21ed6accfbb3c2874f3579220d7da50b

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg
    Filesize

    8KB

    MD5

    32d691af789f67b85c7ea468ee63ab91

    SHA1

    c2f5d21b61b3dc0f5ae1a3add0362be75cd8c0c2

    SHA256

    f554ad858dd8376b4aa04f16d9a29b20af1674993e77c0a785e46d33548ce899

    SHA512

    fa6751eb0a43a0efdb58bdfe242f15e6734301b603d07bb8861fb8941fd0ef398ced70d1ba2af1c630c93236cff5fe69229a9d2a1de6759724fb8e37c86579d7

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif
    Filesize

    914B

    MD5

    d06ba22702d36709e6b9cca17c37e126

    SHA1

    bc2d4bcaeace8aa2b2f42e667b83ce3dd871b6f6

    SHA256

    aa94dc44d50a979b6be4183b0629dc7b2c63523dca1f4d83be9587eddba04144

    SHA512

    11d7b52fdb5b8b2ac977ab6bebdb138d72a689dd88aeecb788354bc24d77c60a0e9bf3b7ee63baa2f332a1574c6b560385daded22a9b1eea55b2cd6da28956f8

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif
    Filesize

    90B

    MD5

    01d3652eccda53872a4b29c234ee5e7b

    SHA1

    cc426e5f3cb299ed88ccd17efb341ebc496858c4

    SHA256

    53ce05a2f7d0f688f3fe3c136e9bcc4a20602a81a5eef65346b15c4d6279b557

    SHA512

    9078e6276f92a026aea984739d4e74fbbf1d8db16f9b0ca4bc9f3b47a635b06463219ef1c835d3439f7ddd908b12fb9d98d37a2d8f0f3cba81e03e07b363a655

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif
    Filesize

    90B

    MD5

    e44a58a24e87eadfc2d9da4af9ff4a0a

    SHA1

    ee6f6f55f16000c1028d0027b6ac47b5ab8917cd

    SHA256

    c61a8b6f9cc9e803be4de93292bb736c96175b7a42e02d1fbbf881c6889c4044

    SHA512

    b69979fdf8f598e77d969e51c5370b2aea500530cdeb72c0c5eb82f06205bbc6a093d8cc8d2535dcb69ab13bcf4797a192e106e521a581134d95d37a3cb3aefd

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif
    Filesize

    328B

    MD5

    9bbf815e2efb3df23954fd919fd5f35a

    SHA1

    6f95cd334f7330142a040874558ad3fbd6e65e06

    SHA256

    74697da4850560c62ce48a5228f53a490d4ab2f42831d13ee04881b49a156eb2

    SHA512

    99bb776d9ca1be000b0f42f189defda85e0314813e1389021e44e68bec149bb2b05ad8a90b12c1fd5ad9d8dd44073fd6907fd3a25265c97f7921a39c60eb2c5c

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg
    Filesize

    1KB

    MD5

    6a65a1aea5c19d7a73d39e779ae507a3

    SHA1

    ae6c91678a37214c1a33a721b3b313bffd8352c8

    SHA256

    7a0f42337ae9fcae68a24804fdf0f184787c13823367410bb776c5a31859fc6d

    SHA512

    46eded6486aaefaba71e67c9c1613abaccecd4b37da54407d13d9d2db4b1ba62d51b14f7c3a0ca3a4b09aff29bdc7d4bf1c15c383583b2a03b4ee7aedcd63cdb

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif
    Filesize

    162B

    MD5

    abe80e7c36bffc392223980ee44e1974

    SHA1

    5fd98a69d022a0edcd995cf2d16718dc988fee26

    SHA256

    bc09e17476654e986d85c6fcabad97556be1eb538f9472e7b52d975f03f94dd3

    SHA512

    413d2efa4ce7071b511368844a454a53b2f1448038d40afdbefd7cdbea44a1e76b08c7bff62730d8cd4580ce751b165ed85b4288486c2dbaeeef68b8a5145ee3

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif
    Filesize

    586B

    MD5

    7ddff6f207b98f8ac93c8a88a75370c2

    SHA1

    1e3d8951efd24f089afc9b0c90d72348aef85212

    SHA256

    aaf243e0c31cff0f3418b32166412c5cbf893111f390cb1914fff50166d5efa7

    SHA512

    46691c1f5230e8ea7577c3f3bd3e2071769e49019fd157869960f916097332c2d58e6efa56133c24cd9d5036aac06b5935070650167fc9b8f4a092bd3eea2517

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif
    Filesize

    124B

    MD5

    4abf02c8776103d4eaf3f1f05d16cabe

    SHA1

    3f5c68ee7f7776f1152cce077eec00cb2bd9e63c

    SHA256

    5e1bd8a3a1bf4218a2d08ffbf7b767005efec55b403211cfb2a21391b7d12db1

    SHA512

    854293d71e58693aa1f82084230417e82593bd6f69c43661d9b7f08bd51738824d3e39f9f449e2f8a8c07695a88543ce58c76a89081aa7c035725f876c6ae50d

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg
    Filesize

    8KB

    MD5

    1a26212e3d25e424f152a113b45af077

    SHA1

    ec750a5060a57df3304c75fa21c7c436543b9ebb

    SHA256

    e32973095bc958d7dc43a169c4cabf5b4b21dc0f6c79ada0ec6e1ab416dc4a07

    SHA512

    7bbeb9649f1de7c9c6e82293e5135c23f10072d5096fbe9d4fcce95a3c5940c80c067ef7846c8a5010c0a5b64e0504f4aeeb5e796b2314880846dc152d7919cf

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif
    Filesize

    880B

    MD5

    af2588fac7c8c88657e79c6c2cc7e151

    SHA1

    9a73a6c67e1ba9d7be925ffd63dec5b20e407aca

    SHA256

    956ed76b303341d50aa8e5a7e25b2c5cc26fcca9c39c685bb347c14f6b11e1b2

    SHA512

    e5a33a3707d1dfc9dbc33f9fcbb3bebf5cf013dbe2fda3a98587427b06b238b1e282184f6c1bc20b7948a368e6542afe765ca768f92a2789eee97037022535e9

    Download Submit

  • C:\Windows\SysWOW64\win32\HookDrv.dll
    Filesize

    198KB

    MD5

    348af5474c0abb5769d4d75a12cca4ee

    SHA1

    b423c186f9cc4735f35df99bae8e72c351dfc745

    SHA256

    828ce0069f2f21dd9c3cf3832883ec9229831feaff4d212058e95579441d72a8

    SHA512

    6b6659c9b16ba523ffbf89f82194226299089cea92ee570e272a609a843d34f46e9a035b30f2cf99817e540a81bf692c1e72f4569675baf1189b256a8a5da487

    Download Submit

  • C:\Windows\SysWOW64\win32\RIPCServer.dll
    Filesize

    144KB

    MD5

    30e269f850baf6ca25187815912e21c5

    SHA1

    eb160de97d12b4e96f350dd0d0126d41d658afb3

    SHA256

    379191bfd34d41e96760c7a539e2056a22be3d44bf0e8712b53e443f55aead90

    SHA512

    9b86a4eefdcae46e605f85e752ef61e39fd0212a19b7fd4c35eb3ab99851a0b906d048d12d1e1e985a340a67a64d405b8cf803555865137278f0c19d686df5e7

    Download Submit

  • C:\Windows\SysWOW64\win32\RWLN.dll
    Filesize

    357KB

    MD5

    bb1f3e716d12734d1d2d9219a3979a62

    SHA1

    0ef66eed2f2ae45ec2d478902833b830334109cb

    SHA256

    d7e9c9043ed7df2af800d9b2a33e3efddf68b70f043e9717afc4b7dd4e13e077

    SHA512

    bbc90747dd45a01b05f5c0b6fa58ffe18af894b05363267ac1cc9fe3262f5e65c8ae4e08dfd82d89b9112e86e42d24a12784b79f5ea30b6443015c19b6792c9c

    Download Submit

  • C:\Windows\SysWOW64\win32\blat.dll
    Filesize

    120KB

    MD5

    724cae63522f6e5f7565a3bf4b2a719b

    SHA1

    18620dbd4357d85918070f669ff4b61755290757

    SHA256

    b87814eaf1cd5268e797f1119b58e3fd79381af3f530be9a90993198cbce1779

    SHA512

    af68749cadf9920a8bed455a2557b1faf475d30fdd62f45da6757fbc5a59341fffeccca4ff646b334da95cf673deeeea74bdbb27a16f510a4e3309055f89817d

    Download Submit

  • C:\Windows\SysWOW64\win32\dsfVorbisDecoder.dll
    Filesize

    234KB

    MD5

    8e3f59b8c9dfc933fca30edefeb76186

    SHA1

    37a78089d5936d1bc3b60915971604c611a94dbd

    SHA256

    528c0656751b336c10cb4c49b703eae9c3863f7f416d0e09b198b082cc54aeb8

    SHA512

    3224c20c30556774fd4bed78909f451b9a5a46aa59271b5e88b1e0e60145d217802a8f1fda3d3fabcd8546ca7783e0c70f0c419a28efe6c5160a102553a3c91d

    Download Submit

  • C:\Windows\SysWOW64\win32\dsfVorbisEncoder.dll
    Filesize

    1.6MB

    MD5

    ff622a8812d8b1eff8f8d1a32087f9d2

    SHA1

    910615c9374b8734794ac885707ff5370db42ef1

    SHA256

    1b8fe11c0bdcbf1f4503c478843de02177c606912c89e655e482adec787c2ebf

    SHA512

    1a7c49f172691bf071df0d47d6ee270afbfa889afb8d5bd893496277fd816630ecd7b50c978b53d88228922ba6070f382b959ffc389394e0f08daab107369931

    Download Submit

  • C:\Windows\SysWOW64\win32\gdiplus.dll
    Filesize

    1.6MB

    MD5

    871c903a90c45ca08a9d42803916c3f7

    SHA1

    d962a12bc15bfb4c505bb63f603ca211588958db

    SHA256

    f1da32183b3da19f75fa4ef0974a64895266b16d119bbb1da9fe63867dba0645

    SHA512

    985b0b8b5e3d96acfd0514676d9f0c5d2d8f11e31f01acfa0f7da9af3568e12343ca77f541f55edda6a0e5c14fe733bda5dc1c10bb170d40d15b7a60ad000145

    Download Submit

  • C:\Windows\SysWOW64\win32\install.exe
    Filesize

    21KB

    MD5

    7b8fef8b39139cac8e9c9f39e2269499

    SHA1

    747bc7f3186645b3581c6be058ce2e12a4f9d680

    SHA256

    2ba30ca8c5dee924a38209e097c9eadc7c4a307d4e976ae274bbcc044f0dfde3

    SHA512

    bfcc837a2fdb265b28dbe2eff01e93cf6d96d7e6911febf1a3c28ef97a58e54b5e7ec8e66337e639c5606955f5f544327399bdfa5510fd5ca3afb8470e332102

    Download Submit

  • C:\Windows\SysWOW64\win32\msvcp90.dll
    Filesize

    556KB

    MD5

    b2eee3dee31f50e082e9c720a6d7757d

    SHA1

    3322840fef43c92fb55dc31e682d19970daf159d

    SHA256

    4608beedd8cf9c3fc5ab03716b4ab6f01c7b7d65a7c072af04f514ffb0e02d01

    SHA512

    8b1854e80045001e7ab3a978fb4aa1de19a3c9fc206013d7bc43aec919f45e46bb7555f667d9f7d7833ab8baa55c9098af8872006ff277fc364a5e6f99ee25d3

    Download Submit

  • C:\Windows\SysWOW64\win32\msvcr90.dll
    Filesize

    637KB

    MD5

    7538050656fe5d63cb4b80349dd1cfe3

    SHA1

    f825c40fee87cc9952a61c8c34e9f6eee8da742d

    SHA256

    e16bc9b66642151de612ee045c2810ca6146975015bd9679a354567f56da2099

    SHA512

    843e22630254d222dfd12166c701f6cd1dca4a8dc216c7a8c9c0ab1afc90189cfa8b6499bbc46408008a1d985394eb8a660b1fa1991059a65c09e8d6481a3af8

    Download Submit

  • C:\Windows\SysWOW64\win32\rfusclient.exe
    Filesize

    3.9MB

    MD5

    c149d94eeec5d9b517aaafb5d163467e

    SHA1

    27668f5d8134a77f09717008c5db13536932f9f2

    SHA256

    7ae645d1f1ba0d2a5b1a3b9389e0882185b74bb2d0c1c97cd8eab91a4ce792d6

    SHA512

    b0838bd097557940c2c540e56fc89121acc4c9be93f5e2ebfc24f876df08fee23893b1d92a20bf61aaa005f6fe0c7b63c5b657c75acd5badad17d9d5ea5531f6

    Download Submit

  • C:\Windows\SysWOW64\win32\set.reg
    Filesize

    16KB

    MD5

    b17fd4af930d44b3a808fad310162d8b

    SHA1

    8bba93027250c0ab9d299c922960456df4c8c46e

    SHA256

    aa509f49df7f3508db591c27284c2020afb32842ede47c7b330bc3174d044391

    SHA512

    dad972731b55b65e5ab3fd32e60006539c6b35c5dc35456c38128728df4f9ba5c8ec7e55e6743cdea910bcb9c6d775909fb5021cf93026de3d0baac3c67d2743

    Download Submit

  • C:\Windows\SysWOW64\win32\vp8decoder.dll
    Filesize

    403KB

    MD5

    6f6bfe02e84a595a56b456f72debd4ee

    SHA1

    90bad3ae1746c7a45df2dbf44cd536eb1bf3c8e2

    SHA256

    5e59b566eda7bb36f3f5d6dd39858bc9d6cf2c8d81deca4ea3c409804247da51

    SHA512

    ed2a7402699a6d00d1eac52b0f2dea4475173be3320dfbad5ca58877f06638769533229bc12bce6650726d3166c0e5ebac2dad7171b77b29186d4d5e65818c50

    Download Submit

  • C:\Windows\SysWOW64\win32\vp8encoder.dll
    Filesize

    685KB

    MD5

    c638bca1a67911af7f9ed67e7b501154

    SHA1

    0fd74d2f1bd78f678b897a776d8bce36742c39b7

    SHA256

    519078219f7f6db542f747702422f902a21bfc3aef8c6e6c3580e1c5e88162b8

    SHA512

    ca8133399f61a1f339a14e3fad3bfafc6fe3657801fd66df761c88c18b2dc23ceb02ba6faa536690986972933bec2808254ef143c2c22f881285facb4364659f

    Download Submit

  • C:\Windows\directx.sys
    Filesize

    72B

    MD5

    2772501fc43ef1a7f119ca5190f39047

    SHA1

    9e57d9c92d7c23db1189932a950d3e602f4c3529

    SHA256

    d7bdcc26f973b9a9d6ff4dd2d1a50ee463c0d0915c00a297b499a014f268d56e

    SHA512

    1953532b6c40e6ba22d78c5f3581456620c3e544f38380c5bdfa964c8fade0c9ba60a8fdf4dce80c442dccc854bf1b9d76e43c6fe1d3bd37c700e7b0b2f3b84e

    Download Submit

  • C:\Windows\svchost.com
    Filesize

    40KB

    MD5

    b207d9485fe63480996c2975b889340a

    SHA1

    59a00e0a2c0055c94ed250268f71f1eff55d2ab2

    SHA256

    06bf9b2e89a82f953983518666e47d1f92bc9ee6edb3080349cd809318ee52de

    SHA512

    b591deffe4765e27d819f20a2610cd2f8131f22ec1280e99686c5ba4f34dd4d716f8b88bd5542192259f5dd730f6f7e8d43119d01fda8b839edbd3f7fd8641db

    Download Submit

  • \PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE
    Filesize

    252KB

    MD5

    9e2b9928c89a9d0da1d3e8f4bd96afa7

    SHA1

    ec66cda99f44b62470c6930e5afda061579cde35

    SHA256

    8899b4ed3446b7d55b54defbc1acb7c5392a4b3bc8ec2cdc7c31171708965043

    SHA512

    2ca5ad1d0e12a8049de885b90b7f56fe77c868e0d6dae4ec4b6f3bc0bf7b2e73295cc9b1328c2b45357ffb0d7804622ab3f91a56140b098e93b691032d508156

    Download Submit

  • \Users\Admin\AppData\Local\Temp\3582-490\bwin32.exe
    Filesize

    305KB

    MD5

    6c3bc7a697c564a965e01402285b4543

    SHA1

    6b659471414b42cf6d543d105de6cb4742cf3424

    SHA256

    f5d6d3b42d1c0f05a7528cca053d5fbe8fe7656050031cddc9a3a3521f0b82a4

    SHA512

    e4c49b906c2540c9052223379aab2531cd868aaccc62b997af1e956802a7cef83e321b68d41d3aaee4c47071fbe533c8f1aa4422d0d5fa9376e317da95bf0a11

    Download Submit

  • \Users\Admin\AppData\Local\Temp\MAxPayne3_licence.exe
    Filesize

    5.2MB

    MD5

    59cf2fe5fc4de6ca98ea1adfa9030ddd

    SHA1

    9ce5cc5a0d06984d2f7a6de4adb95fde898b55f7

    SHA256

    314d5eb3f1f8b695ad3ae30d2ed509d781c6ccfbed7f5758e63efa308505d0ec

    SHA512

    b5a920d34d7359527fdbfd226cda7a8a61936eea1db74a60dc9a095c73a67a4f2d13ad056e7b26bebb654dcefd404f73ff4405772456a9fcca3d1ca03c0f0d83

    Download Submit

  • \Users\Admin\AppData\Local\Temp\bwin32.exe
    Filesize

    346KB

    MD5

    6f62ba2251f37f4d75f132a3aaaca878

    SHA1

    699688669e0dedda77dc1bf31a1bbc4d325d1631

    SHA256

    afd132df79bf177b3bc4e1e25bbc180201328a1113464061d26187efc675f117

    SHA512

    25a703bbe1b4d3df94e3b84252d3107fd95a6a7f4d4ead1cacd18244d566758b9bec6e8031e41b723938402afaaff5fb427e00cf8cbd1bc5dae2567bc865147a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ufr.exe
    Filesize

    23KB

    MD5

    19eeff783ffa7c11692992092d732e42

    SHA1

    90342c47d75e5b3ecd09ce0af8bf25c0570d4b65

    SHA256

    97f3dbfd41584eae285de5d61ee924186141b6a52f0e6e3d1d56683599253d80

    SHA512

    4e7d7ee9e7c526e9758f7650a81178fa235d9c3bff8022cfadbe66983f581cd20ac557ca000cdd26232510e060082c7ce27ab7b92f8834eea1ebed11e196dc8f

    Download Submit

  • \Windows\SysWOW64\win32\ip.exe
    Filesize

    21KB

    MD5

    034d521fedcc7fad1ed5925626ec85d7

    SHA1

    dde1ccfd459a6e728c380839cc1a6bb0341e1b7f

    SHA256

    3aa8e0010a9be0726d24482feebbd9915d914b24fead0b624d17af7168bbd380

    SHA512

    1ce8d2eec7234686e2a8876337ea34003f72c413d1be0662192420ed4d5e3a9cfe0c437e1cfbbc4d1d6b7b06b13a5e512bd1ae39ffd25bafba151586f2301d06

    Download Submit

  • \Windows\SysWOW64\win32\rutserv.exe
    Filesize

    4.6MB

    MD5

    133f0e46ef52808957fb6eb6f8021067

    SHA1

    5bf8a4f293a9a136aa9acbb57e589be57aeb563b

    SHA256

    8e29329e4224eb064638c6500791224d35f45b6aae54ab52fb15de737ebaf52c

    SHA512

    9ad88e421eeb6c82cf84c4216f541e0266c4ab113c6d3a51a0b07c2548ef614608c8af2d658612891adbfb4f83da8340caab9d528a5349adffd7f011d90da958

    Download Submit

  • memory/408-5142-0x0000000000400000-0x000000000086D000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/568-893-0x0000000000400000-0x000000000092E000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/840-9493-0x0000000000400000-0x000000000092E000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/840-9482-0x0000000000400000-0x000000000092E000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/840-9471-0x0000000000400000-0x000000000092E000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/840-9465-0x0000000000400000-0x000000000092E000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/840-9460-0x0000000000400000-0x000000000092E000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/840-9451-0x0000000000400000-0x000000000092E000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/840-6997-0x0000000000400000-0x000000000092E000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/880-1487-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1080-7013-0x0000000000400000-0x000000000086D000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/1080-9473-0x0000000000400000-0x000000000086D000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/1080-9462-0x0000000000400000-0x000000000086D000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/1080-9453-0x0000000000400000-0x000000000086D000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/1112-1568-0x0000000000280000-0x0000000000298000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1260-5121-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1972-1398-0x0000000000400000-0x000000000092E000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2008-58-0x0000000002D50000-0x0000000003127000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2008-8905-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2008-9199-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2008-5516-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2008-50-0x0000000002D50000-0x0000000003127000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2232-9461-0x0000000000400000-0x000000000086D000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2232-7012-0x0000000000400000-0x000000000086D000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2248-1578-0x0000000000400000-0x00000000007D7000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2248-5517-0x0000000000400000-0x00000000007D7000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2248-9459-0x0000000000400000-0x00000000007D7000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2248-71-0x0000000000400000-0x00000000007D7000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2248-9216-0x0000000000400000-0x00000000007D7000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2288-1580-0x0000000000240000-0x0000000000258000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2288-1579-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2288-7014-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2424-1528-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2488-1488-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2488-6572-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2576-798-0x0000000000400000-0x000000000092E000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2688-9201-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2688-6127-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2688-432-0x0000000000230000-0x0000000000240000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2716-428-0x0000000000400000-0x0000000000459000-memory.dmp

    Filesize

    356KB

    Download

  • memory/2800-4964-0x0000000000400000-0x0000000000455000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2800-1127-0x0000000000400000-0x0000000000455000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2800-5096-0x0000000000400000-0x0000000000455000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2852-5-0x0000000003830000-0x0000000003885000-memory.dmp

    Filesize

    340KB

    Download