5ecd0cd5e48aba41c6f4848633809f5a1e90b5d475adc7892788337a5316e8cc

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10-12-2024 02:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc87211d948e14a32558129345536648_JaffaCakes118.exe
Size

12KB
MD5

dc87211d948e14a32558129345536648
SHA1

6ea4d17c4ed9ba1cff43772c8f1cb142eadf522c
SHA256

5ecd0cd5e48aba41c6f4848633809f5a1e90b5d475adc7892788337a5316e8cc
SHA512

f5892b59ec017779f235693de783eda6dac2fc29af51ab92962f4390490c8df22dce2260d18343104fe678b936856f6e4f901b787ee0962c1335cf0b69db5cc3
SSDEEP

192:y/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMBSwvf78qm:yebFNw4Pk1itKkpAjjI2YpdmB978M

Score

9^/10

discovery ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2214) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Line_Editing.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_operators.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_script_blocks.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Assignment_Operators.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Automatic_Variables.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Command_Syntax.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_types.ps1xml.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Column.bmp	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Line_Editing.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_requirements.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scripts.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Arithmetic_Operators.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_types.ps1xml.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_script_blocks.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Signing.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Core_Commands.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_History.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_try_catch_finally.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\oobe\background.bmp	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_eventlogs.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Language_Keywords.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_pssessions.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_do.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_History.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_blocks.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_trap.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\es-ES\erofflps.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_If.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_locations.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_output.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_hash_tables.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scopes.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_do.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Reserved_Words.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Windows_PowerShell_ISE.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\catroot2\dberr.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Language_Keywords.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Special_Characters.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_pssession_details.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_try_catch_finally.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Automatic_Variables.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Core_Commands.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_hash_tables.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_script_internationalization.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_command_precedence.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Programs.gif	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_debuggers.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_trap.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_try_catch_finally.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_command_precedence.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_internationalization.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Windows_PowerShell_ISE.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Return.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_command_precedence.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Switch.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_regular_expressions.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_wildcards.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_WS-Management_Cmdlets.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_arrays.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Windows_PowerShell_2.0.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Windows_PowerShell_ISE.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Gradient.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\tab_on.gif	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\weather.html	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR48F.GIF	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid.gif	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_OliveGreen.gif	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\settings.html	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\greenStateIcon.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115865.GIF	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsImageTemplate.html	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\add_reviewer.gif	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21294_.GIF	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\calendar.html	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\ENUtxt.pdf	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\PREVIEW.GIF	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15134_.GIF	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115835.GIF	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TaskbarIconImagesMask256Colors.bmp	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\flyout.html	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\WSSFilesToolIconImagesMask.bmp	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.jpg	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\INDUST\THMBNAIL.PNG	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341475.JPG	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21348_.GIF	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_dot.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\settings.html	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01843_.GIF	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02082_.GIF	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\HEADER.GIF	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR49F.GIF	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\MessageBoxIconImagesMask.bmp	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_disabled.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mousedown.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\QuestionIcon.jpg	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\33.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_rainy.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0400005.PNG	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABMASK.BMP	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03011U.BMP	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Lime\TAB_ON.GIF	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR12F.GIF	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_High.jpg	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_SlateBlue.gif	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\clock.html	dc87211d948e14a32558129345536648_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-m..ttheme-za-component_31bf3856ad364e35_6.1.7601.17514_none_a5926b147a413e6a\ZA-wp5.jpg	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992\Windows Navigation Start.wav	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Characters\Windows User Account Control.wav	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\403-2.htm	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-oldage_31bf3856ad364e35_6.1.7600.16385_none_02ee3365ea53e1ad\NavigationUp_SelectionSubpicture.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-travel_31bf3856ad364e35_6.1.7600.16385_none_f2a7c66510a5395d\16_9-frame-highlight.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_escape_characters.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_types.ps1xml.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\notConnectedStateIcon.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c99bfc6ddd1bf1d2\settings.html	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-rssfeedsgadget_31bf3856ad364e35_6.1.7600.16385_none_07861dacd36a18f4\rss_headline_glow_docked.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_black_moon-full.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\500.htm	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_script_blocks.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_History.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49\Windows Pop-up Blocked.wav	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\settings_divider_left.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_methods.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Afternoon\Windows Hardware Insert.wav	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\404-14.htm	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-stacking_31bf3856ad364e35_6.1.7600.16385_none_d0d2b98d4629a41f\15x15dot.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_Comment_Based_Help.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\settings_corner_bottom_left.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\square_dot.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Cityscape\Windows Print complete.wav	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-memories_31bf3856ad364e35_6.1.7600.16385_none_51190840a935f980\btn-next-static.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-pets_31bf3856ad364e35_6.1.7600.16385_none_d0d7ee773d711005\Notes_INTRO_BG.wmv	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220\Windows Critical Stop.wav	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_4b7bf556f6fe4db9\icon.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\alertIcon.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\500-18.htm	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-t..ied-chinese-quanpin_31bf3856ad364e35_6.1.7600.16385_none_f79af98021986eab\TableTextServiceSimplifiedQuanPin.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Windows Print complete.wav	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\401-5.htm	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_functions_advanced_parameters.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Characters\Windows Hardware Fail.wav	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-travel_31bf3856ad364e35_6.1.7600.16385_none_f2a7c66510a5395d\btn-previous-static.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992\Windows Hardware Remove.wav	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7c3aeb36c5f98c70\cpu.html	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ThirdPartyNotices.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_requires.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab\aspx_file.gif	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\cronometer_dot.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\NavigationLeft_SelectionSubpicture.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..dthemes-calligraphy_31bf3856ad364e35_6.1.7600.16385_none_c1407bc73caf8dfc\Windows Battery Low.wav	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_Signing.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_profiles.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220\Windows Ding.wav	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_join.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_59e6a839753b16d1\flyout.html	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1\prev_down.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\404-11.htm	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..c-style-performance_31bf3856ad364e35_6.1.7600.16385_none_1d8aecb671a2bda5\title_trans_notes.wmv	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b\usertile35.bmp	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_Quoting_Rules.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\icon.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-rssfeedsgadget_31bf3856ad364e35_6.1.7600.16385_none_07861dacd36a18f4\rssLogo.gif	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_black_thunderstorm.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_Ref.help.txt	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b\usertile15.bmp	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_4b7bf556f6fe4db9\drag.png	dc87211d948e14a32558129345536648_JaffaCakes118.exe
File opened for modification	C:\Windows\Globalization\MCT\MCT-GB\Wallpaper\GB-wp3.jpg	dc87211d948e14a32558129345536648_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc87211d948e14a32558129345536648_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	dc87211d948e14a32558129345536648_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\HQPJXVFOZRYXUFB\ = "CRYPTED!"	dc87211d948e14a32558129345536648_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\HQPJXVFOZRYXUFB\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ydvtLsBE87mu4yn.exe,0"	dc87211d948e14a32558129345536648_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\HQPJXVFOZRYXUFB\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ydvtLsBE87mu4yn.exe"	dc87211d948e14a32558129345536648_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "HQPJXVFOZRYXUFB"	dc87211d948e14a32558129345536648_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HQPJXVFOZRYXUFB	dc87211d948e14a32558129345536648_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HQPJXVFOZRYXUFB\DefaultIcon	dc87211d948e14a32558129345536648_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HQPJXVFOZRYXUFB\shell\open\command	dc87211d948e14a32558129345536648_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HQPJXVFOZRYXUFB\shell	dc87211d948e14a32558129345536648_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HQPJXVFOZRYXUFB\shell\open	dc87211d948e14a32558129345536648_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\dc87211d948e14a32558129345536648_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
1c874de73b5b9e46085f53c9306be1cd

SHA1
9529ece25572881b8ad667f720e7b63bf41782bb

SHA256
9ce63b9ac3ea241626abc470dad9d65fabcdf42e41dae7db8c0836e35f053ec8

SHA512
b0ee2e21f4761ac6954d3c618ff781b4347fe113d0531ef4f1afaa5dc9e99b062fa9a1e1773f0c080c3d4461077c7363017d5ae5c40ef15525de90e71b6b1474

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
c40c2829e138b832847e3291ac61e3d8

SHA1
0ff26cb333a412fe0e09ba0af3f603e007ec452d

SHA256
263495c03f5da1ef8224ed1227c6b95dac3cc6a894b6d7066627d51dd5680bc0

SHA512
2489c47e9207b3d7ac15166b30a1fd42c594ca51ea349eb7d45317a82ab73771ab5aa9eea4cffbeb0b95adf965dfb6e91e5c32042278ae50662968d1c3ca9753

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
99d3458d5e54954a8f223d2c23e50264

SHA1
ac84210e0eb6821861a65c97d0426b12785b2520

SHA256
23fb885ad707127aabb1632aa795b89d2f0ab49d0323406749e4df50186171ac

SHA512
7d30a9ef124931d259f2a5c999b68fffde466568ea4f4bc47fedeea8f36a7da7c2ea05391cf31a608e1b84503e693208dfc3f6e3f2d3362e61a507401da42e2b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
877afa9482d2cec89726c363532ee354

SHA1
438b51fa1ae12ea0f28ccfa5b2748fd17b3397ee

SHA256
aaaa891d666ce2ac386f5a27f997510013e763168a0e5b7a20407d00b6af4411

SHA512
af82abf7a73bba8c11b168e1e01ba686bfd0c07b070600219476a4be14167a3958507eee3718473bf790fff94ceca45d9426078b63dd7a83ea1ca481326f0837

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
628e0af18becc28041254493ba8c093a

SHA1
b50668ffdb1538cc4262b2464172657a447334e2

SHA256
b93e3158975fc8dbd5d357544a52224f3847de39f30c04fbb51f0303114b16b3

SHA512
a82625846f3e705d2902a5f70133125bc0f8d9d5ecb137f436a8608e5b9a23634f926229b62b8a221f99b71a9e532efdd9d92c26adc4dafa8a5923975c13da95

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
586dfe6a3bc131e0c1aa95e4bf3bba98

SHA1
28b7bd0d3fdc312d74232f144dcdb9e5dbb7e303

SHA256
79ac17de8694370e0347dfc33cce7036f7439e45097303f73fa73c4e9289505b

SHA512
2577ffe08e43177ae17c009071580c06850e3dce9a943f8aa4863d65be94d85bb271291a828da3425c95885f3117a6026c6e5b961ac00e77a1d84517821d74ec

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
becdae4619cc87c2be0f514a9bf51f13

SHA1
06ddeb9fb8c4adf81cfe5bc76638d391705397e1

SHA256
3b149df0e00478419967dd8d6d1cc49cb2c553f4f1c337cccb9420210ca52935

SHA512
3e5e6cf6bd2f8df50933d4a4bd186343a5cb83cbce7c2f45dd39d144ace8417f2bb70c3fbdb4f4e15403397ce321c1dc2d638a113585d69ef282f47f5c9f6679

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
329bdb28f5babdc87e82bdefa8871269

SHA1
40ac56086312041dc6e88335c328b2cbb7b1b02e

SHA256
37ff1c08157cdddf508d30b95b8d327b1c706ffa7234f3b059fe71420df93271

SHA512
992751c2aa0dcf17ba45669e3bf57f609a6c738615e2dce1b4bf86dfe5575dd124a8a3f922b78851450b1092c60a7fa0b72049f715bb5b60000bf527c5eb859a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
0b0bd26ef72700cb46d568fa1f472052

SHA1
64fe5824abcdeaf313ae1b1f3efc40e40018614d

SHA256
414dfb56ca1dcaa23cc184fa05819588e9547b84cd3f2893ea76184448c92b3a

SHA512
be028586487aea159684f74d4d208be56a668d837de73d13c0bab2a6cfa73542c72378398966d227f4e6710951813cedc46679d3b0fdfb4ed949be987b6144ad

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
3638fdf6ce1f2b8f7b597f6637e4a932

SHA1
84e00372895cf6e9a0bbb6d02df0320ab9234562

SHA256
2b0088411860eaf45c58d7553feeb1630adc5c02fa824f15cbcf8e32379fda20

SHA512
d6c410d037f73274b50051c53b19b30c3256936d9e2392e3fc6a8f8d0840cdea32dce710c3ae92b398e1d9f108632476d88921dbb7688b171adba9ceb6e36af5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
792d1b23a108c06e4b84330369a1e634

SHA1
212b72efadc2fa6b8133027e72a962c3de0fb38d

SHA256
ed85795a74f34ffea608856aa8ab3e95ee607903230d04802aba661de6d45bfb

SHA512
ddeaf933aa2da763036e116c49441965ba77dc8f1fab41a09bb5c14fb7eeac3c720dba66a8ff53f54b5c7865f6a82d05b84b341071f609a69b90b6d25a281348

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
e86ccef7213c76d3832e147645bb8835

SHA1
499ad084cd981f43dc8d0351ccdca8bb01bc12c6

SHA256
17b58efac1c8cb646bf8557a1a6f1f8da08296e078effc1d9112c8fd66597323

SHA512
41db7737ed4c7ac0cda4b7f8fdb2c171a07496c8a3dd06e931ff2fa03cc39e133ccb39b1bb629212f577fa08b82bfcafa0408db327d29354145737abdd0e7d5b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
83cee398b6addcbedcf0e45ee834c627

SHA1
6924556d0080a12aabf9a3184e8632993576c712

SHA256
760b1ed2bb85901fa8fbc6113bc00587a46aaa8483373cb98d8014001966ba30

SHA512
5844ad6a81e46c82cbcd0aaa5e5e65f8f259f300fbeab5eedf5ad70769329d00b3cbb31aeb69db2019b9075cc1c999bd3dd1739f6e0491d2f048b55db1ff0417

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
f91325cc6f472409ae248c1f16be5bc6

SHA1
87841513352187af946f9982668d9777c374f46d

SHA256
44cdcf9bb1b9a35ff7e0fe558092f7b3ea60925df04b2d9c0cd530791e02d68b

SHA512
3fdff712f535b3295749cdb18c5e49e81f9482a25a23e34181adf70925f0c634be1e1a33a58bbcdc0f1838035c28e73f5bd0655a0d8ffbea21321e2fd42d6ac5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
009164701db44687975306023acfb899

SHA1
f56fd4eb827520d29774da883d5b7e6c65a01eed

SHA256
91316edbbd97c00f7a717ff2d3e3466af0d9f031dfa220ee317d0cb0b5bcb42b

SHA512
1ea82c301b5a643b170c3e92b0319a5bac8a884de7665235a9ce7df56f7d810bdf469111554854eda1462951b1ed7d9a609af5742a3bac0526bc26f254b0ac53

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
b75207b8e5fc595b50335ee4313b842f

SHA1
e03cf01c00829df3f4534c6143079a459cbbd9c4

SHA256
09662dc685d87dae190b3bd3f87af6dca0b4d2be45cd1dce2b5f992137380f7c

SHA512
3b2419a99f17b0e6ffb41f1c8fbf38b7573c562632f77cba9fd8d07e3f83e0b253526b7ae0315fab8df0aae50f6b0cdf926bb55eba1685637c9dc371de57b5a6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
083a9ba5033fcde80e0c4f5119045b76

SHA1
4769d063a0274200c556b7b9211d967297190d90

SHA256
541d3b5e2b7eb450b34ac601f02f6a78bd6ea6d7a3c9ba5d347616efe46b9cf8

SHA512
108a15df2c87ae8d08fda6c6f5ff0512b1fc5847432a126117569a8d2cb36c716cca8365a8b41e7a4d3faf9f95185c3a201023a7a1f3f9a644ed64e23bab89d1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
1303a26b87e8dfe63804db81dc3108c9

SHA1
3f8bd30f813910d27af92cc636c7282861c0a502

SHA256
6816f273cb9571058c9f6694f98b240a76a4c39a855e17427f56dc7dbb98ba55

SHA512
91187d74a31a42e08a5d89ab0eb36ffe34a21e8269828710d77a26c7e8298cfcd47082baed69232a0f957bcc833d2790cc961d005caf7b1c5876943fcd2f12d0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
dac2c174cd7d7fa17b7cd08833487a3e

SHA1
a77b90900990b9e25bbfb4f29cd2b16eb48c8e25

SHA256
8660a207d6e429a1c2623167c49377a36d4d6fe3b748aa6e246a5269256b1dfc

SHA512
7b747d4087f0698e18e828da627506db0ce478c0e447821ae333b959728cd951bf1083609574f97aadfe8424a3c9502d58cf5aab5b6070fc9cb9b9073120c500

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
1c9a2fd5e4e83ff317d15c7aa9049c11

SHA1
71fcd343243f168475ab3b78ac4231c35977bf3d

SHA256
a20a22ee6c3bf227cb61cd40495a012d359ad04a98d8bf87a2f12d09690b2535

SHA512
eff3fee95cd29c9f16fcdc059aca818bca568215a7b8dc413e896fb257f366d98ded7dc3483857b79495c74168db142b870caccf47d7797a930dd5b37dcf50cf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
e68255ba7bb2b2b50cfe54437d2429cd

SHA1
cdb562d42163f0428c44087350be75c21bb3a9e2

SHA256
caac13466375de889d0595697c7a1cbae9f3b3e25aea24f1d734fb458f0a1a80

SHA512
94873cc21ce9b6a966a868cb06279e46a81a04f7ee95dd51eb4719412ebef5ca2873cb53280aa5829324d77c6e5dff2e820de0faf735968961a036bb2680d6cc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
9c30cae2d4a77c0d5cdfc0734c0efddf

SHA1
7cf35df3628e40a9ad8ff257730b3f0df2cc67bb

SHA256
bf7907f791709805bc5fcfdd86838400b0d0e7fd4566dbbfb6a90b6046d112f8

SHA512
d047ea1bbdc192a053d96b6a849b74b1c7e2661c38455522a60cc1e8bde99c7faaf5b20028bb22d47f930258f2d1c63c2cc6b1306e15a573777b573214a6983f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
4c4daf33098daae87104a5a6ef1ad4fd

SHA1
11fc9fb29143ee8185944bdd880dc788e643bd16

SHA256
a0d7d195eada09a66069697f1bebe91f350605dfa511032781e02041a7bf21cd

SHA512
9075aca6750de9b6b7953942c4d42821721a7190f854373eacb4b25d724be5dbee4c549a3012a7c4488b465502db1e5908fe768c783dbfcdddc63d87ae1b7549

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
a367123e7a54336d12fda6f97fcc426c

SHA1
2c07af7329fe43e20d4f59b9b8ef30dac9cf29d5

SHA256
54b7d8dd8f77d384b1cc419ed6d6c7aad2fb49aaf7d4c937b2fa27d30bdec6ea

SHA512
5625a3af9205b4613e1ce250b632c90a2eff3f7897fc0bda64fc34296002ba1b11fceb324eaebac7801cc0429ea4b6598898d99f87b497d59d1560a4cc13449d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
6fe903641654eb4fa8942f4c6dcc8662

SHA1
cdf40aca4a558b3bb7667d79285824f8ce27ecae

SHA256
24109a83bf8edac00131b8f9743a1d4bba6f6bd133c276db38a5fecd2283ef1d

SHA512
ae01f66570d9bda8e69e59b6aba5de1a74937996fb87374972187034773096627e0e00166205f3f8e56569e303ec09b2c1d91d0002d005c76d20d648b947ba30

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
d1fd10cc108572031721f2b9f67475b7

SHA1
b350e41f26b6c5c4f478911ddafc9a0048b6cfa7

SHA256
48e4e0ddffbb98a2ec5dece563a5de1a274274d8fd0ac40022c4bf6586786448

SHA512
5332e2d47c3adda604f69ad5d5dcc218f21c1a9aab4f5a5921eaaabece9539d526f47f30a2fab2758a7420146cf62b4f0ef1f2ea7bf82319449a1026e64c4746

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
abd0ba76307c997864182d3128c0d797

SHA1
893f6e8589f991af2592c90d51b328f8264d334b

SHA256
52d91550055ac9e54d892c464fa496da645d27cecaff9b71509ee510950c5372

SHA512
68f14931a53fa9637eb1df0352a700abb4cbf4e5e842455f3855aef86ef5299f0d4ee0aff1d333651ef69afbe3851271417be8fa6cb23a0c56f627b916cc0894

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
e729817f61fad26e4f10f875dc803828

SHA1
4f3437f34273382a0c3d53a564320e17ec40e539

SHA256
84ed7306ab11e16da8e59318ba38298fa93d444c185e809dab3c585770e18a76

SHA512
5bcc55f5206c33ccc18b13aa234e2d1f9ba8a32b2b88c269592b695b2c0db6ae597d1d42207f9907c599d07c1bab83980aa4e4dfca7108f1618ee9d203dd3751

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
2332c2a67ca1eb35d3cc617a4a6a8d17

SHA1
e3997f774a25a92d77414081123673693a3980db

SHA256
be701f0bc7fde031e30bccb9968b83d6c2a8fad6a1a82d15eb437fc1a17f50cd

SHA512
fdede10bef4cbdc51af4275b279277daec308b152f4d3252e9fe0e283c38ef76eb50d5621f1b918e364dd45dfe3121bf126d1228dcc6c9ac0b65190cae174822

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
3d0f99bd55a5fe74513f313bb4fbaed3

SHA1
9c49aae84a7ae1cb6b17735c7a3b56d1f76ee632

SHA256
d99b31b43da79b37a5c6d70887386be23044b21c22d168a6c5a9d0c55a5f37da

SHA512
63ac4962debc593926e2196f92253f58b4f11c0bd57c33f074c19e3be680e51c867b51b4cd3ebf18ee09d9895fc2fc9ee69b1f08c5bd5fa9d04797fe9ff75018

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
afc1cc53b2254abac77f8e9adada5fab

SHA1
6ba047b1763114fa601c2e8cc9ce7b8a40f127ef

SHA256
9f549c804a4098cf0936fa09868b8bbe1de31c573deeb3d29fc2b738c4220941

SHA512
083b750e2cc36c3ee00a1780338722efd6bdf32e346935b950430ea7f976b5bce07e6cd0050dc5cb2bbe4fa2b32c68cee0b665be8de5113dfcc84be30932b3a4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
9910f615af9f960c87e31b821414d986

SHA1
3682880dfbfb83f1ca74b0f8576bf379ca465c3e

SHA256
61bcc24a185747912ba365a5c88f56359509bbaf897e5a4f45cf190bd758b4bf

SHA512
ee8ab632ecdbd06e880d839feddf6cfdb543f5d397a7f3e09180dab5889ed284d8bf7208ece68564912465a3455d846c81ac7953823c41d1157b4e9e9f4fd4e9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
c21eaf3f7dca805bd9f8b52ab0b7395d

SHA1
21b69286c45199574222e7fc57b9be80e5b9f4bb

SHA256
ccca0d32a1f55eaa6b3ea37f9a191254be19609f0a6faf50b39564b660d3424c

SHA512
96a00f36e7d07c8ebbab1ab1fe73c53a44386527c447f8723861ef87afa26494d9706b2e6f753127205d1a313ce1f029aef61bcedcb36ea1dc1c5ab2745816d8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
d29181af55a0c87ad059966f430bc8af

SHA1
e5f65dcbc97884e4012a5e41a5a8d25053e6fdec

SHA256
3f7026a538aafad2aba7c000bb040cc793dd80adc0b3a1b6688ab6f4c4b1d5f0

SHA512
996d53a0bea334bfcc3150ed8d33a9447c3e566dd01bf67693b4a2f6a631289d47f4b80e27c2fe6bfec63f9403d515b6a188a04e6c8b7ada015b10be957a1b3c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
2fb52a1757146ceeff0bf0c8e53bb56d

SHA1
d5212949ececba3fb4879b6bb938df20da9331dc

SHA256
b049927fe9f78b71f8918898662f2d8ad9e26cdcfe4dfd97ffe98e7e8c97e352

SHA512
b1172c34d167217c366151adf0acd8d8912d3e59b8875c9bc38f06652a08f9a157e28591e510679597a00b0d2a7459fd3c370e489986406969744021d71dd09c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
2929f996fcce892a04b2a0cd33442874

SHA1
354ba64975ffd5d72a907fe067870c4051c907eb

SHA256
d3399c7a3ab58d509324c050044af75926d1ce979b877cd511ba842b58f338cd

SHA512
07562b43e0f2b0c52f41f42277a1f9a02a5144f114e40afa2d73ec54fb19d9b371a1aedb5b22d85f97a1e01a2134d0378b7d14d1c74f6b0878b310154370bdbb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
63395ce3b47f209af3ce0ceb844f2499

SHA1
fa1180cefdae9944a5515a88bc77186845ac18de

SHA256
a77798f5ac17e6cc45be94024c7d8f5618dd6368fc81506448f0b9a35c1b393c

SHA512
883dab68e1643d82941e82c35c4c0e3cf4a42829ddfff7576909c537e11f733030156636ce882735ef43c80c171286d0b67f3c219efbe2a454c988f6a2d4d945

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
41f77cc8e2234782ff8c0c282a8936de

SHA1
7f7797587f8c76c88f0cbec8c81c4df4a42fad05

SHA256
b1a15c24d1984365d85188e5cd9c9e909f3432d916c374d1abebae0d1e1e9e8e

SHA512
3c7f65eacc7f988d3c803f02f6644c1769c97c66acf4748ce7ca3552dfb5119f955d60adf0d972d09606e0261589348c1c4541618571cf5be35c8a4984676ade

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
c90437efaccb8c0e113e5a7f5ee39b1a

SHA1
ecf76e71ea45e7a28db09eaed0d25915167c7b6b

SHA256
865de92b36f8cf299160e53d039e608532d2559a3fa32234844cb9fe19eaa715

SHA512
c20e0a92683937f1d367f4ae24c98195a0408bd750cd941b83033693ba39f17cbfc9fa85ad5c724e809abdc7a49c295881b661581640bd32b7b5a3efacb70de0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
ce8012be9f599aa9e6afa32bb31dbf98

SHA1
0ef8ee28091a579f6d6374e7cf77102c7d1e3d6d

SHA256
a9d1cff8ec385993dc4e405ea8736edf4cf7912ff253e5b5a564b27ffa463f9c

SHA512
f9b3dab3a067d79cfe0d7bb574ddff84db9cedf9bd399351d25d03fd97461865b7875762a3f4bebe42d4842510f684bfa957c54591625e98f0bfbb4db32b6cf0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
c9a94450175b5c0e59ea971c3550d21d

SHA1
613043e12a2ae2a09c1986efec8fd157c5210fcd

SHA256
22489e82fddd0029070a861f0b80e6a0864711c11065ec81ea9611c3e7d5928a

SHA512
8b47d2aac2e6c98d19a39c12f17b8278f992367bd03e217eac99903d49d57e1a389520911a1c4ad6edc69e67fbb229d0cabe484345925acc5e5d1e80bc2e6d4f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
046102f91ea08a1f9635bd0adc54d41c

SHA1
8db2fb4510af33c188fe686f77c90554e7223d26

SHA256
ec7f50f2c853b3ee72d76f8938d84bf756fe8b6a5b48034b711edd89f483c1e1

SHA512
a02185442cace3f1aa09c425c2b62b76a57b59f6e931562910169a1eebf874205a25e5a1f64a0881e9fce6bbcebc4c2964cedddbcfbbeaae52e95185cc720b80

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
724401e0c0cd55efefaabf913ed566c3

SHA1
b325ad7000fc0e11de7c0864857f7fd9dc40dfe6

SHA256
995fd36326a0212b448b238a7953934a1cd9c4ce95939b372ecd0ca37233bce3

SHA512
6b08967837a994b781ac372c4429aa9fa72e486db3c6bcbdea37f555433c3860527b8e52dd68edf381319fee597fa7a8d8df0ee5a1c71fc49b21859642e4b65f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
fc7b0bf14529e3566e9b9f68194453c8

SHA1
1bfdcdef35d3c06c8a4745e0b449d3fd4a407b35

SHA256
51c4c07667e8934d4ef4739c6fb9b11b5d991d97a17ce49735c67c33fd97b8ff

SHA512
8f33657405e02922821257be4b1ea6bc6e21462086cda90f8dc3376dcb514987276f128e420623604dd29a884c4df88ab630bcd9277e04211e941694289fe828

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
21a90be58ef1a439ba9cad1eb15804ae

SHA1
f6ca641100503c97a25a3a9b52a8617fb064524c

SHA256
6c55babe06fdbf2e6bf655bac0a268f14e92ac2798d4627c3a5d29b58356c40f

SHA512
fe21909fa2436e1a68cf3d42761de0553b756f74280f743ff60b3a859212ae5d70f5f4f6e71c762ffd1586204fe89c16675842e6f359d19a80db6edb92618982

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
75edbb553b45ca74c82245c5a29a008f

SHA1
f463fd58c5b1ac936c7d310de9f91602d6b1f513

SHA256
a50721bf171568cddfcf7cfd7416715dafcd093b2b269eb105bf4985f00e9a8d

SHA512
c34af6cb7f760b9dbdd837e191f8dd0372168a3f8af106b283d8d02bad3294b814f310bcce9ee45ba75c3756f2471fbb117d17f09e7cbc1e13c07b10139deb51

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
85c58f00eea44cb69064d4e34f35c3ef

SHA1
c191b465634a7d262863e15350680612a39c8f31

SHA256
eb5d3ac02c16190079ccd2532e669b90e58addb1d007d8214a9a7d636f551c72

SHA512
7caa2b71ca5a44ee6da711f9c5d5cec3d13ec661d0e97d9a9776caa78911251ff25e925382615ca6718a503800e1706989de890ea7ac4adad19a41bcef96604b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
f42a61a52b32fbc92ef345fb89108d89

SHA1
0f8965dd333f3c7c6d847c41980a3cbd586da811

SHA256
918717992d4368de9882ddfc5d5fbca64399d981698e30d6b64b6ef882e6ab99

SHA512
ffa44cc117dbb0d5165368f360147c2c716731a58653aa8976de929860f6015dbe5e1e70b3b21adfdf5f0303b87a2cef639d681cf48bb3d03b34070a08b18a8e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
1029617ebb259596f8723669cc213004

SHA1
ee0382533b1bc99fa8e5074a30fb3fd1d2e3d4b8

SHA256
830e597348ecc0fcb476474a74cb81cb34c69c1c5bcc72d6a459e030ee14908d

SHA512
491b48b6636075335a9e6a8b238c7fe8d2efac2f494b302a9b388ffe3e01e697a6752727f39614f9d900da597a79a799b0c9cdfb525a2b0eb2ffaabc9f4bafde

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
d287b2c61124cb16effb2fa0ac032c4b

SHA1
f7744d0183afd154b5ac59a63191677022cac0c7

SHA256
6d3d9204153c184f98c31274eb402dde049e86d856abe7e8ea2e880e316b55ed

SHA512
ff3070a191bf623d504671797bbf3442ed8c46a7da98f8d9a9c55e76d8da2accf52bcc68bdeead24994e2eafbacc0595c5ffb63da7dcf7156130f862bd05320d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
54d2975ddb7b94f80bc47ea93d5aaab3

SHA1
13d6c9dd5839a2483359cb596133df32eb9d14ad

SHA256
b2abe06e0c111de6b551c78b791689e32ddf8467e5c939d2bcce413f956481de

SHA512
9e72571ce8a26774d5478a11557c05926d205cfe62fdc2b2256bee9c2fe471cf19c8b2a3621dcfabf38a1ae7ed5faa04efab25258c27218c892644e8f0bac68c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
607c813c0e101e34de5c38d72f496324

SHA1
7b5de1998c7ebc65247903a61b811c516488113d

SHA256
5193895d90f9f7e554a8d7e76cf19731cf3b70174a2ea814c28f81b65b4b3cbd

SHA512
e1ab1baa98cd84ec4b598ce922ac1a3809bda9952b75068fa556715d4d5a9be104eaf673f0e6c02c1b1096931162d96460eac5b9b76105e2ae7f097e67fcee52

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
57862a0c27436a6abc80bccaac1f0eb8

SHA1
9781d9c9c8484343dd8feb6f660b40aa6affd2e8

SHA256
c4afff5c5f6c63a994347a63681a66902567ae90f4b953819a59c539b233a367

SHA512
e8c95b506985edddc114f68565c597244800005ae48d28569029f3702ec1f51f73fe7e968cda83e61884f32dcae5658a5db15ea0998ab7a8401815c2b337f21d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
d2455b19177445e32d7004db6d1c7fb3

SHA1
35f12de8e472ecffd26f322784ec29e46d6285ef

SHA256
9b1cda50d3e20202fa17e8fd7909fe0babde9a4cb385e91a1a9c04444e84a65b

SHA512
977d57c17894da18930efd65a85446e0b264582a7bab5b48bf7a0f348a7fc3a8074ba03394ba47492aacf67895e48a859980962109fdbb7d2cedc88c99d62736

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
c10cad5658d31ff22117e8f2814dcf2f

SHA1
3054802fee846ae76d0ede68f88c3238bd6f5028

SHA256
893833e2a33e5d3f8937304023db950f926dc0837aca22b9bfa96a8db3d9dd44

SHA512
44b2bf83efc1eb5aea0a3e08598304a319d02960c173915329cec44a1d0c9c5546efc129e19fd84d924505285f0d38700d7416cf1f9fb1e44d49f331ab961d48

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
e27f230a11dc803e61e14ed5d2b8776a

SHA1
76db247c9beccc9597b227e741daa37b142a654f

SHA256
3e03ef8291ab3e6b68be741f73d67648350190d6889e88f3ff217830a8563ac8

SHA512
43092c670912a4b4420a70be33568bb6df2ea54d339c6885d45c886c5603cbea4286ff21afa607485bd2eea26ebf960c9fd863e07b1268011db061b4452f9dcc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
df2803e5d0eb3e0c41d093b614d1f953

SHA1
eb78241e62ce8a6df83d28b6de408c57ce90e0be

SHA256
a0865a1bdb4a239cec9467977bd27c256a2ee12d0e7ce77024fa92837807be4e

SHA512
5a8e94d9f6e80550a0d5ab64e29466f59bd0e5229fb475b3523f37b61599115a26327136f48935b7d82faf50312c38aec67c8e2cbd5c92a574e1c1f3fac9f267

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
5f640453f1dda1b9f55af2bc271d71d1

SHA1
b1fa7f5618773e84e0369df15a36a5107c06fc96

SHA256
53fd433eb267cb06487112eb53b465a92e9e5610e90b04c1db76f45f6df88738

SHA512
0bcad3ce2604f2f6f6fdca8798c635b20a0dd1af4318480588fbf7e7dbae2e401b2709eca690cbd863321903a12290b29a3658cbc6665226eae618f5290f6ab5

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
30883770f0e1b85be83484db85ca75a8

SHA1
df45a077c6ab817b1a4935d8b33a574715ffb09e

SHA256
b88069b671b8cac359edc1afddc82204bb54836923420902a950b7b005d9574c

SHA512
fdf733776b21c61f3cf0c4928efbe5b011747a9c513e838484c608ff933d6de4765ba83d2794584122ce5e82e52f2717a6e55a656cc94d0b469c551f73427a94

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
b5099add7779fe12afc8bc9bab114d95

SHA1
f24bd5334a7d0d01e7781a854cee1af8efbe0133

SHA256
19a885e9079fdedce26ab87b8002deea7e486c5c4bfcab3572e1d3ebce8f6761

SHA512
399623012c67e897547670935510a7064a8cd49d09a3ccf9909e33c5755f1e6dde927ec3540c74ec8c32b2df26c4815d8c234f9f0d8e543237c04e73574442dc

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
2a649f033132c756889b76ea0fbfd051

SHA1
a80dde898deb46067e1e468172e9a3844a7fb5fe

SHA256
6f84f3d0751278699fb71b48562b55209264e946c9fafb337cbc399bbc120b4d

SHA512
324b1b0b10f39675646586f64035820543bb4e0527e1dbcb63f8b76fad4362954aa08da4d762c5a548a558469ed3396a669f24e18f131333e925f163d4f517e1

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
d4f3bc8955f98a5b4a4aaf3f18e87749

SHA1
2c0146065922a0f85a839adff8beef61ccc11afb

SHA256
a16a23a6956606103188afe19cf39ddd9224ea5e7e39357da12684a4c1107e9c

SHA512
a17e053b1d70aa28461671de0acae8ecb34033044962374f2cca518dc06912583fc6587f5f391502c224aeda45a41ddf3be76997d7bc69cee84e94f71173f63f

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
c67a2b064330d239186c1c29fec60b5d

SHA1
b02cdc176121ea39830ebb7ace78ee964aae30ac

SHA256
3b1c327ab9b838971be4eb18274d8105dddb46907f1b6429c0c68c1e656e0846

SHA512
ce185dd3bc4b0d444185316e029a18ca80302341ec5a6da76178215ff90f80d01aca7a6b03b64911ce2762c9e74906181012f019e9c03fc5aba19329b48d9d1f

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
957dd7aa0c4d65f41d96c5d9ad057a56

SHA1
10e29bc273f97af79647f6d9efce9a9b8c491fa2

SHA256
e3cf2685bc22bf78fd6cbc5ec8e72782b672209a5bb8c6cae1fdc67ab3ed144e

SHA512
9efdfa0d9169000cbc1821a36e0a8c8a3eb883dd5e3e1ee3bbbc59bd9ed5c9bf2c6ef334b2e23a0f48b950b2666e2b17af4e8d1a0aeca5bcb4b986a16006bff3

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
e16e86e90bb634c1653ddaf39192ab17

SHA1
298d4cefd87d691d441ef19d12443d60075d8ffd

SHA256
6b9ec44c9e29808d8a24b80da6edd481622b4032814a0cfd4a4e378ac16f4015

SHA512
d9e8487fad8223f9b80af48b86a053742a201e9a5d72302934eb900b7772136575780baf2f1cb0d451f552cf9b180bf2b9f5d6e1b3fe8a189aa5f130a9bb2a76

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
bae356a53dd616e2305f3d35bf86da74

SHA1
3391a0b8a405695822a9637325bd6d91a2139606

SHA256
6d3d34c95db7b104db9171432e8df2c22220bee7a6d690e5a8a434080bab1505

SHA512
76d4cf2680db091a7633ef9c8889739162ab0635b0cd7756afbb4cff0e64b4e6877514b4703d4a8a53daa590aa410974a56c152e25614f29650c31bda589925f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
61fbb673e97a2ce3626ab12c77064ea8

SHA1
72b53951d51b59f41e79a958c66d7d5d9f98fc02

SHA256
5873383f47bb38b137ee9f49992f9ed36dc800b29b031486e39f24285c8337a2

SHA512
eb2f0acc956982054c8de8feb7d94c3a5facea1f65c3ae78a839e9007d43afe340d91340de48b7c745f50215744a28df1bfbab81ec9242becd8ddee561ed7d60

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
006b3ee77fe3444b0b122773a7aa9cab

SHA1
d20888ede89314151fda19cec58455d92889cce0

SHA256
35de815cffb44a4a0e5156f138b0097d1d16eceb6baeed338e5ad8b5c9efd165

SHA512
9e6eeb2f8452d070610b6ad44ffe09cd30febc635ef9befd228b7207f8fd822051f9c19736ae436c51b26a9153c988a5541edd20a246853aefd015cbd8df42fa

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
1585c34aa27122899f042a6939ab639b

SHA1
9dc13348d55dcef9855cb06734cf0282ee7c5812

SHA256
3d82493b651199b8895d4861b2a591b55d6408b52723a157a4162cfb10b9fbf7

SHA512
bc87fb0d88cba610b924bb056d20e4c5edcdec6b242750ead7855b5afd0b3350e77d5e66750707bd7201d5b30304ddba1cd486acdef95c016cd8d7f712bbc308

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
a8b3ce8a4b80c309f179e28d49c7220b

SHA1
ebeaa9aa064dcece8474813f0b5e832cb0832d83

SHA256
ca98da6f83b744fd59829d25b9f852a9f789a76cc1c1af212ae9609539546c09

SHA512
72bf307afa99e846810b80b57b4585314e24411874a7f86875b8a0c97be0768b1734723c4cc8c19bfc0b39a5ce007117c9d5e9412400ea2785df680ff14693ae

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
46ed512cb90f7a90ad6aaa3c51ce9309

SHA1
4ff88cacfff33df528345689e69744ed9dd43579

SHA256
d08764eba562570ab9591b8d80a5fc14a946e3743eb4cf85b26643ebb41c52b6

SHA512
0c4a0f3b8eb12f58f3fa74ac5fcd03bcc08e43b9fc14e9ba5fd071fcd004b79ec8e373d923e65b6f4d302f9f69b8607fb0dc00b2532f3f892e6483ad907cd881

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
0b63e598a460707ca49ae49666e7ab81

SHA1
064303db4488dc7e5191bc7fead2ff6b996fc4b5

SHA256
860ca6292187c1b08be29b1b6ca976b4ec22ab49f60dfeef4b6e493d4bed716c

SHA512
3fa5eefd4410fc91cd8e96c0711bf51f3c9361917344f8d6226dd48ca77653c1ef1f07d3675d0f25a7f56ca0af17cf3b7791483d2035c21269bddd7fe356dc62

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
d8ec9a3ffa43f24cd9130434d16f4211

SHA1
442e38779590235da0eef7e7feacd0fa2c575e88

SHA256
e631ffe072efa27d130762914aa82e47e9202991c82dbbc95e4a763e9352c5bf

SHA512
854d269e4d57a4204f7055361e98e576584e3e79bef3d315955b97c0214858410dba882102025ec41d51fad8566563ed740b1a2fdc568ab079da247ce44b19ca

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
26c733452e86360378e1c23a44ffeb9e

SHA1
706ac4f12586a5b8f03ab769ec578118cf1e1584

SHA256
0d4148a345635dc5f2dac33a6afc87900bea603730ed4b7b2f1779fba3196a2b

SHA512
af6f1eb5a802533047ce0073e2ad278b4f019ec08311da208f4df9f0c82222a17c89e37d35441562ebe5b9170a3681dbed9a5a7f104606466bf9d14411e83e82

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
5e06e867120e297439ebd00499ba414f

SHA1
166615c610d75bd602e8cb96f26bdd27223aa73b

SHA256
5b4eb189d2ef00e774438d6f5e5af8568bd6a951069e8b288c993ea9444324ef

SHA512
2173c89fc6ac7716d8932102d24bdafe186796eab51a2b946498641bfe21d86320d86ade8088476ee948bc06ef79ee7b48a2fcaea1dac7bc787d8a6a55e8de6f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
27c96ecd196a152f9a1bf2fed186ff2c

SHA1
ea545044bbfc7c8f8eeba9dd520d07a8fb1bda47

SHA256
23a9917cb8100bd4fe32beec29651205db8ef47857eabdff06652027f24ea25e

SHA512
9cb41725080df0bf470940d66ef804c8387c3324322512bff4fe6c7c1fc1374c8710d29a99e1fd243e403746fe1a7c7c41f97071aabc6824873d2c245037c521

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
d0830efeffb74e5531ab7766909315df

SHA1
a66779a791710915bf4e78687d197c67bed558f2

SHA256
6adf1b4827a82f016565138c49a0c6aa801c052a78f91fcf729a5fcfa1e24684

SHA512
f52a475d4eb2e722c3708bed45d2ebdd665d133b856e004bb0bacf4738d949071a0127d4fd80bb4d395b4ea8a486b3bfcd298983aba8882aa5a6f9ac68dd7000

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
7bfdb742aa3c63e82f0b43d408c71c2e

SHA1
549909dcf81624caa77285cda7c03aa7869a50a6

SHA256
c7dfc32d059f12482e2f262a9e9e8eea420224ac0c3ec50c29189e7b59922893

SHA512
90f6890b967eb05da3f62129a1830511a90e5fd310cc8fd3030b069c8ce411325d970e3332d3a951baa5ca93a667acb5e2c98875d998e6ab724f01ba3143de13

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
f9a8900f6f13f8f875a10c913ea85eee

SHA1
5b5191f404b16472b994caa87a39e2d690c2ef12

SHA256
0be0649b16a000140a1cb3ac82e24dd4114106decbe711e57e4934ff72a6323d

SHA512
79a306d69176847f274649534f887df9810cd98500df4999ec9937d9261923fd7168cb0b40e064a0677f1817efdca5a44be7ee149ea555b37b27c549a61a6642

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
7e4eb644f9e5d9667781c6971b6506d9

SHA1
b32f27cde88f4eac57c2d01384e0998dc28caf94

SHA256
bf607f18b22aba724303df5d1edb58692adf0d4d784224303681c3890a24d066

SHA512
e55e26bd4fdd68e3ddadfc661f58b44dba4d0debefc59d9b082a6e4012b46d3a338b0741ca1be877ffdb7b09c8f171b079d46aa6444d5c5e253957748ac0b5f5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
3658770f0aafc68aeb15a0e257137ac3

SHA1
2acf8041297a364dedd81661912b91152d5dc2d3

SHA256
1601fd892f6820e012e08ee0283b7d9e1aa6db8dc7692f9e3a3a0e6ac24a018e

SHA512
6667ea885e56751136c1e8104b59d4fc17293f25f240a43e01cb156692fed8c03820a7c3512d519a0fc1ab93d0609f52065f11d843ffbca4fbfedd0abe0d406c

Download Submit