Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10-10-2024 19:21

General

  • Target

    3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe

  • Size

    13KB

  • MD5

    3176d1d3343727b075dd190b830013f8

  • SHA1

    c6904036b26d4be8cf7d969a6523774e1ae916f4

  • SHA256

    86230a352fc6f42ef28276a133bf9cc64f528db0aa320b45a263fd125ef81293

  • SHA512

    69c415ef88445ed331ce71b51ecd27e15e01f2fb04d0a249e81074039e91af1569b18d3574cea57869e3ce540f796d756150015a5b50df6a5294cb5f21d7c3cc

  • SSDEEP

    192:Zzdrr1FG1WDCgmjPZSCxOnb8al6RBalhC0+cMa27OYYaOCIX5jj2J/e8xrX6UA:Zprr1gkDCgS/al6RBsEcVg48frX6B

Malware Config

Signatures

  • Detected Xorist Ransomware 6 IoCs
  • Xorist Ransomware

    Xorist is a ransomware first seen in 2020.

  • Renames multiple (2209) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Drivers directory 8 IoCs
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in System32 directory 64 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops startup file
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    PID:1804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

    Filesize

    547B

    MD5

    c1733f02e7c0c1b7667259cb416cca3f

    SHA1

    b2df7bfccdf956ec1de3cd442b92b63d450d73b3

    SHA256

    b50ec7fc28573b36a16e85895fa563a8272bf7c50203274291ccd75faa52f5ac

    SHA512

    d175a6958d01dbe9a66c2e0f0881e6ec15c33cf899eeeab842c6d46e39b91a4d8395509625291dfbc99e28febce5e6145296e9015f15b265ad637e64e7641992

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

    Filesize

    341B

    MD5

    e079ea79befdf5dde2f7b25cc0269168

    SHA1

    aad0fb9deb2aba6781de52d854a2bdd352be6b0d

    SHA256

    472ad1ec13136764a2010685815324d72f8cbec391dc98e9d5c922803346ff7d

    SHA512

    25842db47470f8d5e66a51ce17dff3894fa128b44b60fb6a1b6abfbb8ceb95c3d2e4163069fd3a7f38850c151f981a6f915b084799be399903a99e60fa51c1b2

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

    Filesize

    222B

    MD5

    b9193c9f86938ea14e5f90cca8fbdcea

    SHA1

    4fce3f98fa09036d729038a7e8c63d7e22329f98

    SHA256

    ab2ece61e457a16de5c7845da74b2564244ff282d6dc6117cf01bdfa9b9f07a5

    SHA512

    30b90d5d8fb9c0cd1eb70e2657820029e250764c8918e068343c56e728324ba4f1846159117697c14831b45d98d1fed9e08d4f04db9a94a28d8bd57576edd476

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

    Filesize

    24KB

    MD5

    43449a0c85eadade4d14c84e78ef49a4

    SHA1

    fba45a19fbccfa2b9755b5a86a1fefe89acc6400

    SHA256

    b89e11b054700975c2d6a43c72c66c4d354a8416f21b55b525edfe93307950f3

    SHA512

    b20209c68e48fd47ac25aee92facb790fa3adada4ed9081da626bcc66d61baa790764bc63bfb22afc999550b9b749c202181d56d27a7bf2d8b639e06877455fe

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

    Filesize

    185B

    MD5

    a04c96f2045f98ff02ef2e518025d0e0

    SHA1

    f184427be28f843cd2546698c1de007c9298210f

    SHA256

    cce352f7b40ee73a0244992071ab5780fde951c709aaaaf4d64e8f3f926349f8

    SHA512

    a69ff8dc058ae6f9316ba184d8c388918793c54e97821860ff0aa94c4f8d479f2cdbd26cbb52afb52fdfac45cf398582b6eee8777cfc2bd11eda99258fb64185

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

    Filesize

    496B

    MD5

    af0d5bfad65e5c01c01d73e5cacc63d2

    SHA1

    32ad82f48303602b5b7560e619a3f543a08b8cb4

    SHA256

    b23a5661c7e5a14fb1efa38d8416f45b07b4f6ae33a202475fea05092917da19

    SHA512

    ccedae56559b06300319eec06558221a943dde12b83ad937323164ba35cf94c4f9f53ddf1b090247fa82e61fc3cef7d2db9897ea4d1b9e29203933960f65b47f

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

    Filesize

    1KB

    MD5

    d0a9e2a1ffdf4dc117f0efc049cb1d6b

    SHA1

    38414c357929462405e2701f739fe75261f10d26

    SHA256

    991d6a3e8f31c614aa6f334a571ec562b10fdfebe7cb92269e24cab4985ba0f0

    SHA512

    d3d5238e9969ebb78f27da5d8e56af8edb892b35ac9b5833d1153b08445fc96c627c04469ff48b77ec343350c2e0105ec4e4eb42b84e20dc18ed9556785535f4

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

    Filesize

    341B

    MD5

    fecb2ed589f73a874a69f5b0122d80c3

    SHA1

    557f8d24e3cd82dfd77776a77cec3ecb9211ff19

    SHA256

    2798a017c9ffd89cf77501569de783783ccab418a13fdf2f312efb050c15ba49

    SHA512

    72d01c374ee57079180217d5c47d2ce2a7bc453d00eb7db2eb232eca57ab6456bed26978d08c6e2f7968d5595bd8d275022c3cf5bb9557bd65f7d82e87888bac

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

    Filesize

    222B

    MD5

    8c58f65390953bcffe25dd87f9a9d786

    SHA1

    2a0c5b97bd1b4328334fb48430475e650d5c8a81

    SHA256

    54bb7347dc22c928c0b79f0129e060a78a56b3e49a393962664b428cc29acfa0

    SHA512

    1ba2daa6566c8c63b4b2d18cd4b90418a24a99c8a95cf9b92645b2e317b7f07df6505fe905c7b929e8189c0e9b018f0fedbd4f9fed8076fab37287da246f4ae4

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

    Filesize

    5KB

    MD5

    426084095e99b265caf29953201e071b

    SHA1

    4e9defcff2e02849122111bc05fcaf955b88392f

    SHA256

    a68d3f1827a5ad347341bf228e523beb13a83ac2813c05941e1519470a75a9cb

    SHA512

    c90e7a91623b1a74e96d41a8a7527ed44162a968d1778412aefb2fb9b855a9d2c575b2da67c5561e2fcd73783ebd1ddf753a18da6adb6cf368ed78ced7fb79e6

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

    Filesize

    31KB

    MD5

    6ebf5e97b5af01e00c162f2501f1a621

    SHA1

    2db0a088ca5233639139f98350106dfa24c3e59b

    SHA256

    bb7a3715f0534fc0ff72d1d2b12f94fe0deeec1e38c2ec5867e9bbd0ab72f4a0

    SHA512

    58990c60c3c2b0549daff82e8ec5f170f20d14bf6974c9252dfd67a429081a3fd6062e02860a1ab1be1ab18783dda83e638af73ead2ecc92f0404b0e40f2b51d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

    Filesize

    4KB

    MD5

    c1ed98ff53f89d2790a92ad05508dcbb

    SHA1

    fed676dd0ffa0c7b39f2f1247d7093a5dc80543c

    SHA256

    788d139ea0633914c1354ac9f17f638ee39074e0b94dd21f05deab3bda142e0c

    SHA512

    25ce354e50a8ebc6ddcdd64ad5473776b993bba186965b03aa2fc46bbb5d592db5f087359049c966c71408dcd8318b05001f7d0eeee1a57e078049084d90c450

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

    Filesize

    21KB

    MD5

    ad25b3fd59f4db86b0a6cc8c70e1500c

    SHA1

    7f2007c753af4e6fc2fe9836011eed3818620ff1

    SHA256

    ddf5dea3bd6d7ce45d4fdd1fab9acaa96370e789c82bb3ca6c26dda6638c0995

    SHA512

    1042e93ae3241c859573598297e213606792ac5e9a01a2eb1a525b9fd738530a4eed772ed8fbe536c79f4a85ba34685878bcb1299ed02e9e3be26c81f9237a61

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

    Filesize

    106B

    MD5

    17b2a8d7947616b4c84e03a618948227

    SHA1

    2933334be0635fa7095d1a0619ae6c56cfabb73e

    SHA256

    aa9706fbf1478d85f081a84bbc73aa84ea30f83babc069046fee5d66a8100d9c

    SHA512

    3c806633401364743136f53b531bf23ea41b4e7c49f2ad9f85015daa475e7a545ed44e93366ec0b62a661374901ab438aaeda86536a0483439732586dd81a0b3

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

    Filesize

    8KB

    MD5

    189b88dd87175fc4f8d916284f32419b

    SHA1

    8551f1e5fedbaa96dded25780c6d5bf0a63f9a17

    SHA256

    8fbef7295a8cf5f1c8d838da5a2d8c8cd98982ee7520e623ada6fa012c65bdb4

    SHA512

    dd0b48e179782aab44f8ac69ec5afe00b8820b102f447762e2b25551d15189a04c7497e2f6be10d75dbf3d4a8fc652fb154e3a1c3466dde5f7d0c936f568630f

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

    Filesize

    15KB

    MD5

    377e63e80673ae7fb7aff0ce97a901ec

    SHA1

    d22a1df98c8db9561bf9e17fe59972a412469bcd

    SHA256

    819500c3e4dca9885c82663be9c846e07d97474967cec0b41d78cafd6e8ae579

    SHA512

    4675d2e80172b10603fe20d013489961904d4288d47dee3ca2606b1ba7240e6a0e0c0c503b349d63a8ae8b564a3c96e99975fb2be16e0e0994244189c5905c41

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

    Filesize

    6KB

    MD5

    e5aa8ef8b15fd8457e4820f0d076ea79

    SHA1

    f25d806d333649e9fbccb89000de9d2a1eb13dea

    SHA256

    82ce08482af864462d604af9a81b0983a31fd64c918eb6f92e00703172b8820d

    SHA512

    633e55080d5137da417150888b95c0f3f99bf662594ba54793a412806de812f55a86eb76114fc0fa62e126aef36e355aece037590778b27ea07dccc6b1fef476

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

    Filesize

    20KB

    MD5

    04eb0e4fe1a68f9852041cfbd2aa2466

    SHA1

    9c6cbb8ccebf526c6dc93790ee027faf3c019678

    SHA256

    1a1aa3539fe29b4c938994821c73044d587a4e9bc1946513c5b599358db7fd5d

    SHA512

    484b062e5988547a793543d7aea2eeb73ee0564e8a4c86fe82a0f0fe8677d91b0a0e87ed10f5b9b5c8d5d4745b0add7c6039b535c59a5ae852f3703c8c61fe6d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

    Filesize

    6KB

    MD5

    706b11a2c0012a1423fd6a2c9653dd94

    SHA1

    59afa31427b2328c4150c427c561f85ddc80e688

    SHA256

    f74f64f20aae3e4734f8db0fd203b1f9ef2547a02ebcdbc73376e9bfbd38cad8

    SHA512

    92bc03fff3b65d8170dcd8b83fe06f3ec52263cf17bb20dc9079d6f5957e367502eff15a2e1ae6b88246c1e727c022a91ccb0a8436ca1ba73ca22ca5a5d36677

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

    Filesize

    15KB

    MD5

    34a0d52f4a8b9382a6808a66509b2da6

    SHA1

    6fb25b9bdaea1ca41bba7869d72b07fa984bc992

    SHA256

    a16a5bdf76e87da8af2bfe96fe114fa481bc85750e78351733cdeeae78e2ea05

    SHA512

    8f31bb6cad4acb6cf1fd056deb81e3a2c0a59f4566e9470849892d578136dd432e0f4de8bc5b5f2736d13606f536f285d013731756c9fe35ee7ed570b8138888

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

    Filesize

    2KB

    MD5

    5b770675a78a681e7786e9a5e2efc5b3

    SHA1

    8722661c97ea0d4f5c3b587075d6e1c4374a30cf

    SHA256

    9ba816e9b0c47d5145671f99c06111ac5b4351dbae36b24198a8af1ff26be43c

    SHA512

    53d841242a1031bb328ba5c497c7d4bf72a2d0aa29e72fa820663cf40abf0f14a4e351723f6a690932b75c7b24bef272280784f98ca38caddf823f03c402e8bd

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

    Filesize

    2KB

    MD5

    0c734b94b7c5e578d123fae5f4041fd3

    SHA1

    b749aff2d33e009ccb26225e73b3e44a2d5b9148

    SHA256

    b9a068ad338c1f6a80a08efb4842c3565c03e1fbc78adc986fe8c4b846ce1a58

    SHA512

    63f5caec36f64feebd651f072aef60e3e1e22aa1c82debcd494e81ff9406e141a9d2d6bc55ee3a582b7b6af9fa3e740778b1ec62c3795226f12c48e055819e12

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

    Filesize

    6KB

    MD5

    f1764630c9b34cea453bcc2d82084857

    SHA1

    9c35fd0e9186fc0577328e14e994867c6c0f6b67

    SHA256

    c4e7c46d6e5d140afe33dcfc40f6dfb1b6e967627d500f0b89a0245c5290b909

    SHA512

    80a49db03e9228d14a03d1695ddaf5f700bec84adbdb9225b3921f585158215815dad17399e3df84d084f6bcbf3dbc1dc0ebad547ac7e7087afdd464983119ef

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

    Filesize

    255B

    MD5

    176792168c7c07df7bca28bf89277245

    SHA1

    74618828edd5435b3257989e381822ef7a973406

    SHA256

    a4dee41d001501e9fa116da0dccd95f69e1fd7656a22d0147567ea6e670146c1

    SHA512

    a521915154c569288ec04f11a2b8c11e481a7f956568e86ff0f33c3a46e1106d9fb94a75d4613aa261e8bb4bd264db215ff97521fbdc593c9adfaf106afdab98

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

    Filesize

    323B

    MD5

    d68a5149b235d984db07a21a0299b4cc

    SHA1

    22c07a49c5dacd24df1659ea22aa90a7c4f20e94

    SHA256

    cb2e51ffc361343aed3866dc38c1bd06e382aa4139ae7d44a3e407861e500e18

    SHA512

    600c178c6a95b69cf6704a80cf97e221fdd4239d90cfd83340543634fc0293382d1203c0a56e2ac31143c2e6064e083f4b2b0b913a2700102679ad2f590269fc

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

    Filesize

    367B

    MD5

    90e7e77cddf7f343b7ecf97ee8da8c03

    SHA1

    0481c57f52ae010348e56f907aae08c34b0e70b2

    SHA256

    5d46b2a6d1a988ade73e0f370576ace0bb1a37f3157ee997c51f075935d4aa14

    SHA512

    eddcf95074c1409b7eefb331f17af9d51317bdc944aad59ce84327194fc7ed266beca7b1631aaea5ead02ecd47ccb1f1f2d96554c79b32b061b88949ebed9cdd

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

    Filesize

    148B

    MD5

    56a7b49a1a8efac15763d3d6bc94e663

    SHA1

    4d63b746304ebeee6bf6ebccdee4a9093d41504e

    SHA256

    00e899b06be0bad6b3bfbc61245f4b0f658b71d58308171ab9a61133d216148d

    SHA512

    100106b1bee5a0a92c6e1b2fae319f9070a3db25b12e655705a95b3ea984147cd9081f1168c9f1284300e0d558a8eebd8ae40b9e2677ff784a6201d976d21790

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

    Filesize

    440B

    MD5

    1ef485102c374a50bee9369cdbba9089

    SHA1

    1b70cfcaffaf142da91dedd765d4c46c3c37fde0

    SHA256

    5f3e018b077ff107f185c8f8715f79c98a0a12f7aa11f96f0c0c9d0d3fdb5934

    SHA512

    4ba1dd4308d6ef7a82d31f5dd15bd25890dd36ddb219328f854ff547f50841961e1f4a1e25aae5cf2bfbb70411f19697514211be048852005544fd3672c0d1e3

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

    Filesize

    462B

    MD5

    80432f7776bade726e63d1e81d2e29ff

    SHA1

    8a139f35db23c5a833ed556d5800e9a07496770f

    SHA256

    941f955a08139a11158942258d09a4cf923df540a2ad9fbfab22c87a33bb3208

    SHA512

    a1f3a4961e886d5ba32ff9aaca0f5a5a59ce844de0fbb2f40a0e2a42c25e861b65491f61de17faec6b24bdd6b4873625027d090ccf5405651ca7844009a9c103

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

    Filesize

    267B

    MD5

    de3dd5ce352ee7a4b15f4beacd4978ff

    SHA1

    1e2059fb29f55246adb91ce05516537cec5142be

    SHA256

    ca57c445f5c39aab5d392777bb20bf500bb2bdb361ff5d7c320ae4ad5e300e53

    SHA512

    6d6153d3d6463a14250df95e89c399ec16e31b1ec253bc64b66f4498b7cb1f5172d8ee9d9c7f6df17dd94ef761e07bdb483f8707318b505b59baeaeb1fef7dd4

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

    Filesize

    2KB

    MD5

    2de9bd51a6712b9798589709269a83fd

    SHA1

    258ec8051caec7ab1272d40575eabcc43a9da0dc

    SHA256

    a36ce8fdfdd30e795fc7b2cad2410719df633b0c2ff629e1f1f7e68f279c5834

    SHA512

    ee235f45245119ec268e9d1c68cd01693ed48e0d1e9461dcc5214258a9fcf4089c83435b0d725c70f622b53b34aa07168de070d1e91497d1d7a34b5011c272a4

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

    Filesize

    233B

    MD5

    b921c532671a2e4a8dd21cc2e837b591

    SHA1

    483df4c81ed5db7616adcce52ccc4b5000a189dd

    SHA256

    ce2929a403ada791893092841b0f1a06b37fc9c4f3bcf6bcc6b0024e61ff779c

    SHA512

    a97ef1aad0560d34363e9e9dea6c9736f2cfa8e18b88d9198972fdcc9afd26df5ab0d4eaebc44961c9c02e7dbcd79176cd893d05fce71ca3b387e9ea3cab6d01

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

    Filesize

    364B

    MD5

    abdcc73378ad2355d94422d84a4a96e2

    SHA1

    224546f0ade6a83f6b2028e8ce75ddc16ed363ed

    SHA256

    15553608db0226f723626bb4cf094c5240e39c2282927211188d3b6047d89fdc

    SHA512

    cd59973694df8cb0499bd2a70262ca9eb6af47e0f8ca45f1c30725c00c9ae685afa868bd7c4928d6ffb7042612e3774aa90010c7ab678b3d8bb896a007a612ab

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

    Filesize

    364B

    MD5

    9faf2c8ac3e09d60b068076e8735b1e5

    SHA1

    d26ed375e62164b0d6026502a84af5c464724768

    SHA256

    c4ff50fb213b0eab50459ff726e5d2544e010681e644666f532883136aa9d348

    SHA512

    2d6c95467a7a269824047645c99f32fabed16e268f1021f3b3bec1561a37d448bdabf2f592416b49ecd0b24bd5866d0bddfbd2b311fc681c86f294ca82f736cb

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

    Filesize

    6KB

    MD5

    033d8466e87af87fd4f956930895199b

    SHA1

    887681fcf786628e84b3edf447d6b092ef50602b

    SHA256

    fff0671bae1fcd58045df6820506ce4bff218e09eb7748ce0a652842ec7c209c

    SHA512

    59a587500e1ee570be2b493000613f8f97464fdd373a3f3f9e0f6ab2ebd982aecbba7479221cea576d7c826fb8b537da396955c099e13b6d848038da12794054

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

    Filesize

    428B

    MD5

    e340ad0b6598cd7b472cf73ef87dafc9

    SHA1

    db0093c3fc67c6022d1f62c9425c5b8a498dc4c6

    SHA256

    2a28bdc093f80730d4cafd8c3d856d5cf403b821256fe664ee7ad15a06f66aff

    SHA512

    092b1c463fb6834fa1ea852e1c7091d2d5265e332cd855c971a0a64b04915eae0e4e0fa5bd2f7e1406cca0c815a9ce1c6e86634247d9b9082b3e98259f6fdf92

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

    Filesize

    815B

    MD5

    df5ba98b6a39bcfed0b95e916a741dea

    SHA1

    7970489192b9e4145a7eb299d89ffb0b9211be41

    SHA256

    07a2216c67175794947bf370e3cd65cd19c5b16b29184d35897409ba13a676ad

    SHA512

    17be1da43df47fa8dac8980b6154f5a2287ea0b8a3998ceb0f1261f3f703e579acb510b1f5a9f87eb591087f9332d7cfdf54814fa68b2e1df04458cec6d8f7c8

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

    Filesize

    870B

    MD5

    1043acdfec3f6ad4a07a27c26b359e0f

    SHA1

    2125cc76df58e08e4abe049db806ffc552ebfe1a

    SHA256

    527f1c90320cdc47d81e212645e3205509bf4db74232e79b2a0cf2df1c333339

    SHA512

    3a46f60ac134be480afbc0c8c55a41aca6d63716537bc711c87fdc2ce5975916a04a6484cd6dc2fa829be74780e041980ae45358aaee8e77fe177556f0275f6c

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

    Filesize

    3KB

    MD5

    2aa0f4e13fc1d8fd5ed0fd3e4f5eeaa9

    SHA1

    d3252732fe379f5e11a4dc78942e933ff53f9d69

    SHA256

    df97d0865af3b67acf8b830ecc769cc8df0d806de28825aa407304f729c650be

    SHA512

    968952f2cbcbd95ebb31ccd569cecbf903af3a51f31d8b13dfee86f0c7f0f321043183854d8e090ec5d5b901ce96a98a1b6c03936d40b1cb0da7c4784995bee1

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

    Filesize

    2KB

    MD5

    6da0029baa71de7494a8c15d2b6b44b2

    SHA1

    3223c77a0f478ce28c46cd1e27e392ddda8b4e61

    SHA256

    fa8ec84274702849dcea1ab234bc7bca3b2a4883bb169aa58909e686b70ff7ac

    SHA512

    34a7a458be7412a1140e5ae89580649f57910b6f75f045f5a71d8fb42e97192cec7320c18a00a1205b4bfad576233690b907a70fdf9e1e43a7df7afc6ae38c87

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

    Filesize

    19KB

    MD5

    12408f0bdca7efa704e55ce723981fcc

    SHA1

    0c9a0b6bc321dcdcab2a787c838e628e684bb105

    SHA256

    2d291b19f819f6dc35b5664014002e1d96f5894fbf2ec9b265a2ce249508c6d2

    SHA512

    9ca58637fa0ab7d8b3174beb40f3f7070739724b95f37b21e5d75e785c26e40624ab80f00268c4385930b9dd623197cf5e52f032805df9f6fced36e3726b9764

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

    Filesize

    890B

    MD5

    af31e7c471462e4758350876dc242327

    SHA1

    4c9d3af9167d72c7b7a0c7d6e52735cd858e4559

    SHA256

    470b76f86e880debc1e13bffcfc83f3f6f33886e5b7313f40ff8dcbda27ddb57

    SHA512

    ba9dc710c3386731c00abb241ea4b0d621c84c3923db423dba0fba98dd35cc8b04b824fccc23b0f6de3989fdfb6d9160e12d42b342cb9fc2208151cd3d9ff3dd

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

    Filesize

    852B

    MD5

    fc016a62245e426158bc9a71798b32b7

    SHA1

    e689be4b6bf90459e4e3eb93816efe65ff05b973

    SHA256

    cb174d5b932301a19d4628f1b406aec79587475e4f155cad9cf3702b3e44ec4a

    SHA512

    2bade9fb5e5b506472a5ac0acf4e771f6b097e9b1baefdb7f0d20bc0938d4017d618a317f592936a4a48c49a2003379ba012d82974e5123a677361bbc8d97d6b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

    Filesize

    860B

    MD5

    00e413f83010c3814dc01873ed3770cb

    SHA1

    f4695a3c3600234729d83c67ef2195c45055e28b

    SHA256

    9686b1b4bad0cc20bbe14cb9778be48a48dfb177950ed4359160a3ce842ce778

    SHA512

    7b8d4a2e769252a72000f9ed9bf08d986e3a075d195b8e8e34624bfd1e0306ff00be16e8b4a6dd80c088d6ddc621e5568fdf142d20397122c364566a349b0e02

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

    Filesize

    580B

    MD5

    5bad4c5d9825a5a27bc3c54edd369db2

    SHA1

    80cbb53aeee06287f76e294747201fa5ecd91205

    SHA256

    cfe2d6902902682e03bc0a5d1f1cbdd1beb24ba0077487bb01996cf52c1e1b4c

    SHA512

    c5a13432e9821f0632d34e382becaa45429539e8d0bcce7f91be1f9d25ac45a047838d1ed7c34bd896688a5be6a08e84860304ac6451497526ad8ab3725e9176

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

    Filesize

    899B

    MD5

    f7e012e61e5bd9286b815bca14369b22

    SHA1

    594d21e6394adfe5349a02fbf862c69fce867f2f

    SHA256

    db94499c13d4ba6206d1314ec48ac0ceed901b728f76fea09ec0dd4f19b06ae4

    SHA512

    8fadd3ec1333f704e60c9f77b296aaaf191d21a6c74a23d7537ac42e595a8a27a89a77c4248873cb3f27921f0b2913cf22dbfcb5aedcca81dfeaef3a409bc9f3

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

    Filesize

    625B

    MD5

    8e5d3ce64a2ed519fab7566f33158a93

    SHA1

    11fcf37134391c855382babb809ad02bfe6c9e14

    SHA256

    dcda0d0a121f6bde038eb7699b3d01c6f542f0c4a1a58f809166ec5a7640891d

    SHA512

    1d2ef6c8750a5b73b72061b626c74565827961d7a025fe806c931667d553bd0776f8e182ae819836bc2f6f1f1304690a8633416f15dfef8f2cde36f7fb4f2f3b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

    Filesize

    873B

    MD5

    6249cbb5269b0075973e321409906575

    SHA1

    eac9f3c5bfbcfc8c253c0637fc3127c5e0601157

    SHA256

    d893275c57041112b18cae7eb273db0c6cda4ec087d23643d66ffefa6273e5cb

    SHA512

    e966ebee102505cab13b54ae3a1cc64fd2086d17e5e2f7daca7e8b00a1002883ebb220297b36d20807ba92d1de3e6244199e04337b79d399b467ca021a1232ae

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

    Filesize

    5KB

    MD5

    cce1d6563c9d333c77766d3bb22fbb9f

    SHA1

    30364c8839cf4cd95e6fd4073a2e0d4ca84e8974

    SHA256

    4ec42ff3d837360dae81e1cefdda483619d2c93ffede95417c06edf844d7870e

    SHA512

    57294e98ab97cd2a25bd8f451a1e60aff7d0a0d46437b1b759e574281ed3955eb50d6a6b7e4ed70c82acfd3320c95c4fb9ee929135d7b6dfdabb4900af8947e4

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

    Filesize

    1KB

    MD5

    8b7139c3cae57337ba946240f1d43fe5

    SHA1

    128c2d6d1d1bf76bdecd61db13b542402f89425f

    SHA256

    c258e7d0df08e20e30d78eb8bcb1b1d1b31f537e3c912838c3f467f723d0c5a9

    SHA512

    ee52118332a999f63e9558b5088297290d73770af92052514e6aa18dc31182f678600585b312d15e6d554c8995b05d376e85913796bc9a0e38d9cdcb21120644

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

    Filesize

    615B

    MD5

    3545a2baa730347e702517a935419d3d

    SHA1

    7fda94d3c373bdabff8a2a6a029c1a47ef415cf5

    SHA256

    7efe68a890ef5a9152ddf99dc54e7817c0eb2f34cb844c8a873048b106544840

    SHA512

    914662e87d92943bbc5890bd43c0cfb47a9db648b9c91d89b196ea01e51062e381188a1309525e81583bd85d20ba1b15790dee119b02e20072fed64c958990e1

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

    Filesize

    848B

    MD5

    2e313c950e27aa805dbd9e2c05565da1

    SHA1

    75a363f28a1f1f01eaaf412e91293c0e307efabd

    SHA256

    8f7467036bf2c38a42743e5ee59ea57b55b4bdde76f28ea293a9a735e9e29251

    SHA512

    2ca46e7102f91b20c4e6269e32f6acf87af78a5cb2b9ae8832dcd5caf07f96d96da188a9b3e6deab58a9bf4d9d18d1bf67989451f720ae2283490a2e2ea4f4a7

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

    Filesize

    847B

    MD5

    7b3e1a28eaff8edaf5fd781e4789a4d0

    SHA1

    75f614badf8393c02335aae63697fad61255423f

    SHA256

    930143362c2d16f73657c71f440a4fcaf33bf8bda8abe47f4a2faa942e4cf428

    SHA512

    6d2372aa90b131c7f6c102808bfcd7a092b907b622d46aa6f07b124f1399d0760c0026730e2d27f3f04f9875a81126fc4ab0e9bfceb6bb15bc04dcc162a41358

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

    Filesize

    869B

    MD5

    3a4377fa813075c646a16d42a6e1c15b

    SHA1

    7fdf571d8c98993d331d6c9aefcc122489771295

    SHA256

    33864e7059410c3303de6255f4d63abc48e06343e06bd79784bf4f44b0904801

    SHA512

    f46a72e51e6479a03cf3c27c1c738ac4989a7a03455a959dfcb856602ef52a4b5e4bcfe416d4356e1e237a3f4738a65fa9597447a40114321dc6143a111ebe43

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

    Filesize

    847B

    MD5

    b2556f87aa1074338a3d4aec0d69141f

    SHA1

    8d1a02c4678f68238e7194ae0b02aa38b4b896d7

    SHA256

    1b730e0c001e5907f9809274d7dbe2b80e3bd2c81d5011cd81dd3d94d89c4e4b

    SHA512

    af7a22995fb996b4a10585b64fbb2de27b179c4c3122b00ca7c53e11f1123f3a3bda2adab1301155c1ad25bdcc12cdf4efc150d03d4d77e32df0bd4b951d42a7

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

    Filesize

    863B

    MD5

    fe17cb0929c0dfb67d24fa502405eb23

    SHA1

    65c98a21d0948f66d57f9818b68f8f5d98294fff

    SHA256

    05985cb206d01e92e890934f4de190a5b0a762d278f6595ed88b02893a2d1d5f

    SHA512

    75d46b96f2d69e4a93ad0fc7c06d0543341f5e6cd20f598b12a1533c400456c974ecd22f5c371bc711a13da2e2dbf4a64b71202c9caf54111aeedd48d05a2eaa

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

    Filesize

    861B

    MD5

    de03e9e8426cba61e79c8ebcd9258240

    SHA1

    a4bc28c1d7718da831256261a22075f1241c8c61

    SHA256

    06cf39a5aff337e6ba20c369c6e75a26cb678449081cb56c25387fb0c2d03209

    SHA512

    76c498161ed8ecabffdc6a7f6e205057b8c646e055cf8989e428f4f0cc35baee8e58860918eb271a08aa939ec4cb18f43d049f0d0c01f77abb04538c9dcf45ff

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

    Filesize

    850B

    MD5

    493d53e73e45664c3aeeac9d1ab41656

    SHA1

    3fc826e61882db88ffec9aed84e09a69c0ce1b2f

    SHA256

    02c272d8cd9db88366478a4b60022add64996aee545ba02b3ff6354cbb4c28e4

    SHA512

    1f3838206beaf0ddafaee4e5d435d8ca56132cf3105a67526806c88e5ca7d66c746bbd34c515e21377bfc54e8242cf6767031e575a104c8e9990e50c2290a03e

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

    Filesize

    883B

    MD5

    68c9605d69656e9def9a8a951636d351

    SHA1

    b618a1af95977c578ba00e76bf7c2aaba412d67c

    SHA256

    cd9a6ceaf45d665b3d33f5e284e7b86814d4f1becfd1df030d08a3c733f3b6dc

    SHA512

    9ae6e41b754f163a0e01bcb3f64f8f2876af72d273fd3a66bfdcf6973553a5df5642ee69c775fb3844b412ec3167465f477ccd6ce5392dd898a6a36958797431

  • C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

    Filesize

    153B

    MD5

    2b6407f2705b35a5284f0707b1711175

    SHA1

    a72130ec9f28e910d61c09bd7206273d2aefa555

    SHA256

    87f2d20133ca3f2b00cc9b57b2215706cfc49b66580ba86fe600d41e76c584a3

    SHA512

    75bb0cb73459eff13aa47104763c76a673e8cfaaad5fca5e3df23213841089e897cb6c5a9252566fe2fd4d97ebee6cba10a91245067a1ed2ef143c16ae7b53b7

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

    Filesize

    12KB

    MD5

    48a7a48d2c2ed111d3114c6560dd6518

    SHA1

    1294d5ee581a2148d5e35385362846303a1e17ab

    SHA256

    18fab4c6d9ca7cedbc0c6a232425256d7e4f9777e19e6e2c85976f4de34a85c1

    SHA512

    4127aabb2db4034de22f5bf641e74793baeb2b3444920137e0b42b05fc23509abaf897da030c454138090f9880e534258931d6ec0fd8071a13452b884a97d95e

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

    Filesize

    8KB

    MD5

    c26da077715993d6c91deeced88aefbf

    SHA1

    d614ae577014c37ca566010b42ae24cc87418d50

    SHA256

    6e28f8432a6d17ef6a2538cd8b0fc2c5f1d8b0757a1ef586308af2221defa7f0

    SHA512

    65a68018a893796672eca63a2cf40b69cc68a04b71942be384a7733b14a5cdf930955b73cc54bd21a698727601f3da1b050cd8443c2a98a61b293e9ba9c97dbe

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

    Filesize

    11KB

    MD5

    2a4444f10c814fe3911b8f12e739bbf5

    SHA1

    d5b2549502a4a4ff522652bed96b695f44639ae3

    SHA256

    cfd445106527f38f3828d30c84f58e639773978081d8e10949129c77f4ca75c9

    SHA512

    ceed707b3dcac71a66b6fc8fdbe62f5e42197bed8c87b0e1a76ffed8464b5a77a317ff61aacf91098eb763ddb46fb2a1e904936728b6c6338a90fd3ddf7c5945

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

    Filesize

    109KB

    MD5

    3474714a98ae7dcc50ac3bc7aa9e66a3

    SHA1

    d726e3e5bbda6920910c3d8cb747a5160a83545c

    SHA256

    70dab0bb403c0fa25eccd6b73001d76888353a548c6bb44541d8d7165bd66589

    SHA512

    72830ccb3468966d8ba180b57496ad0dc884b590ba217f55bdf99d2edc0e50a89dddfe4db43abcf8d8067731dd7b1b7e053083300a2b58e35f9386d0e4fddab9

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

    Filesize

    172KB

    MD5

    96798d8dcdb915982a44198fab26ddc2

    SHA1

    404b539e2d334a9b4f498571567cc3c286e8ad57

    SHA256

    cebd48cacc7a0b619d2677e852e082af32abc2c5d7637f64af1e484f6cb6cd10

    SHA512

    db0327cdb54fd9179089beebb35314afadf351890c1b2dcf660fe181360bb59e50aa982e28403628a162053f767e029f4013d646bca0b8c0f1f6e300e51aecde

  • C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

    Filesize

    1KB

    MD5

    246a4650c0d90b47462a9a154b6f93f4

    SHA1

    069ea97847141937bc7ef73e66c09bd475bb5ac1

    SHA256

    e7aee5099c59d58fef9f886f7f9e38b62568e8653ae3ff994eee264f5f3082d8

    SHA512

    6c4fd4a92b66d17268f4560d8f5a62e19d3c1700698a6b1bddb96b76361946953a5637acade393dfdd57d5118e4be7862ca055abd865d699930adce3e8448e62

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

    Filesize

    21KB

    MD5

    566c4fafef79fa27979648881dd99377

    SHA1

    33ed0b7952b3e72f933c027f993630a32263f42c

    SHA256

    dd8b7ab91b0c0c4b69b5999c576362747a14d0b6a844901b678b38512b0b8a40

    SHA512

    243429bb3a6e9ce7d8534910bba450af97ca3c4a5b43af64a3b7c07762b07fcc46f2b58a47ca230ec05fe330b4ad2d81330447b426139e42d4f43ebad81304ac

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

    Filesize

    1KB

    MD5

    16d1c5bb9ab4fb7cf38bc499c042ecf2

    SHA1

    64dfe770eae57621c78fb575c26c2e1611a00689

    SHA256

    77653b8d493c44665ae5e072b89f4a43e947feeca4dd4ae84fc6bc1d61796329

    SHA512

    efcbcb28cc4a20c8e6f95d4f7bcfeccda5233a8acdd240b2c7afa20e2661f67873948f52333e739e2dbf95241294df34a79de518af3568107b45b5e08fddabea

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

    Filesize

    952B

    MD5

    359194315616a9cb9d017d62cdad054c

    SHA1

    61974aa802497320b74099c60ef86efbec764389

    SHA256

    3e25300dd289c6e63f75e171f5b00bc8ed52ebdc817750df920d1b745d61cbd1

    SHA512

    7c0ead9c3ae02c81b0bb3aa5bcbcb3768b766a083375859728d35b97d9174666b8740f794e31758d764d7347a91c982dadbb88f017339bd6d54db62601be63f1

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

    Filesize

    121B

    MD5

    9f7b94e392684435e13f3c4276e66b98

    SHA1

    8785735fa2b6d56ad0a6cf83fafbfa3a17ec4d2d

    SHA256

    bd9a944c7939d1b3fa728926501f4c4244966bc61013cbb2ad7fc4c57d464392

    SHA512

    2d9fea76e2f1605e2268d9a944c054f1c82fa80aa2b1426baf0cbd810cf6c8796c2360dc62fccae98d10f1ec68eb1c054ef23e3ed4433de54cea928421b9dd1f

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

    Filesize

    1KB

    MD5

    b789af83f47258e6b36f61e1a8a10cbe

    SHA1

    ca0e445491bc5820111956a8de4e3b989a58a5bd

    SHA256

    24ff5df068a5f746b3081c0cedee174ec639cc79227f0e6a5816d442d54d95bc

    SHA512

    32271b07659e7ace9b1661c93b8bb5348e1e254e1479ad3e1eb0499bc7a84cfddad71ca9be753eef342dc984f166d4a0d32f66f033f9c3710f0c581e4d96381f

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

    Filesize

    8KB

    MD5

    29521675f26413ad7f8ef50e5ac78029

    SHA1

    73160015314e0051dcea6fee8ce9b3db72a589f6

    SHA256

    52cc86818067ad545dff47100368b32838afc3bacb72d82e691e984ea1b98a0c

    SHA512

    d7a1b089505f65c7fe74b327e206c3ff47f59c8133a1a423c3a21d5e984909f44bbe08b26ec951fe9c8a2951e75862c82c655ef4ae798b1901eee3e295d14846

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

    Filesize

    914B

    MD5

    447bd316ef6b85a132f57e6282ac57bc

    SHA1

    762a390a8805038dbd86a343abec4ad6d734cd57

    SHA256

    43f9c311c93f9efd80adf1a34bd3eeb2a6198c72e87ea01681e4e76ecdcd32cb

    SHA512

    1295e21dac06009c6c9e7f89edd1f835d16f81fce342894a25b9651be0bdf6017a13931c42aac1e2de5c2ee6d1a1552b349729445066aa095e24a05df41c4a22

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

    Filesize

    328B

    MD5

    ee06255b41dac6d9b5125399c87944be

    SHA1

    cafd3513ed678861d37e267193291ad923511909

    SHA256

    056c2b7a4fc76ca1181f7dd054d10af9f92939366f25e983a493f51ec638377c

    SHA512

    999c4644844af7c0411c35cd7e2adcc00904a6eff5ad8e5b61a60776480471ca238821126a71a75b0a519ac01ada40a0dd556833ae482d9c964e562294caa95d

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

    Filesize

    1KB

    MD5

    a1b6b7febb3000220a88376ec85e9c08

    SHA1

    dc05ae24c55282fc2432b3901f22a8a822e767ff

    SHA256

    f25878fdefeb7e12b261412172f8ca618d03e5dcc27e927799638ad744d3b969

    SHA512

    c58df5880d01d5ec196e8c129ff99a65185ceb789d0d60b94bfc173b6a47fffa23795e347d522b36329d9389fe156fc9581eba6c0be540bfdba929f66d40a8cd

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

    Filesize

    162B

    MD5

    931c77d2516cfdf53a7e37fdbb793a64

    SHA1

    19a8153048ea31a0008af70e3b3725ac62388454

    SHA256

    72668d4f58833db8e8bb157ad4bec284ec683533e602355d0fe48ec21c64b2b4

    SHA512

    7fd0215dca26ebce197ffcbf5e72ec12045cb7c948cb744ae4d44e0d2ebb796cc87da8c521fb829f33c1e6664cc9b9cff7922a894f7c2e2c83da1ff2f2b24dd2

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

    Filesize

    586B

    MD5

    ac91ce12f5288ecd6a75cd4656aa6a16

    SHA1

    f619602f45435fefec2f6156ab08eec626d00b1f

    SHA256

    ea8c770163fe5d3c46c1f3506cbd73b7672348e498aefec3b3003cedf7e02d6c

    SHA512

    65d9b27b8a3072b7b0d93470730d9a8530a47d4f1b97f9360477988cad140b7107b6a8cf6422751cade4a0142c50506bc74c9d27616894a7cbefecf3c8d03bc1

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

    Filesize

    124B

    MD5

    3fc5101acc3a06447984a2f3b61488d7

    SHA1

    809286952fa1601bf0a6c38cf6f56338a27c2f08

    SHA256

    220b0271201af03e592e8e1da8d8f5c306950f9b6e226aaffc8e38b0346bac9f

    SHA512

    05c8badc64444afeaeee1c65d64de2a4ac2c8ca9f23714fd62c09381a0cc4e501f45542e5ae37e20b614fac7c96be343fce6697877df93d7668df8b1117c2eb4

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

    Filesize

    8KB

    MD5

    9cd738b8113af0b6d36934c898008370

    SHA1

    3eb015255c18a91ffeb89b7e1266bf821deeb5c0

    SHA256

    23507aeb7da9b750b100e374dd58bdecaa3dcfa70c134af948aa0a51384447fe

    SHA512

    556c9d2d0f7b619dc9b0e5c65d6d463d9ff2b76edb1f0bfabd9e57c01ada8c408041aafa299dfeed065de4b8a1ff86b2170acf9a838095f997187fbeae46f61d

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

    Filesize

    880B

    MD5

    7f569fe54404feb3b0fd6f8de44b3c36

    SHA1

    45005e452a5f6e9084a67f861e7112b494c45d5d

    SHA256

    c6f860d8cc60acc755008f02754d886d936d37679c236597b9eccba1ea52278d

    SHA512

    563221c9fbfdff97ce1d0194ba632d68121ff156e1e43f730ee776091508747e21d834460bf3b23f6117214bbb2ed3b7df69dbe9c0436f34eebb160e17af04f2

  • memory/1804-3-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

  • memory/1804-8845-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

  • memory/1804-8844-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

  • memory/1804-9077-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

  • memory/1804-9078-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

  • memory/1804-9079-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB