Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    19-10-2024 03:36

General

  • Target

    d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

  • Size

    366KB

  • MD5

    38d9aeda5745ab2d524d8f29628790f0

  • SHA1

    3d971bbc61c99f5cb5a1c8506be5dfba7fa813e7

  • SHA256

    d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2f

  • SHA512

    7a11d80b36f5213ac7a9ee7ccf50bcc652750e8a3521382ce40304ed2e4cd1cb20b1932070bd9d176b3d6def43ed109ef6af87b28cea33d26f7e463ee1ddf56b

  • SSDEEP

    6144:3/sNJUbPaYnJ3deKx5kkdsg8jJa/R9QwA0rM7WqMkCGbRQ:3oJU2YJAKxznQl4MpbG

Malware Config

Signatures

  • Detected Xorist Ransomware 5 IoCs
  • Xorist Ransomware

    Xorist is a ransomware first seen in 2020.

  • Renames multiple (2181) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Drivers directory 8 IoCs
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in System32 directory 64 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
    "C:\Users\Admin\AppData\Local\Temp\d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops startup file
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    PID:3028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

    Filesize

    422B

    MD5

    1ee5052508eaf02a5fcf6c574a83d175

    SHA1

    29bda576d6c06f8f6031df7cfc56b5df6c42dddd

    SHA256

    3cadf5cca10ae2f3ccb227c09be5d789f1aaadb0ec471f9ad60ea511c158a471

    SHA512

    c28455f45ab22b02406f347c725d6df5167c54a58bbe11369ab7bb84dd677b393e9f9fbd2565cdbace4d7f6a54716cb88f936ed058b65f9060cda9cb96424f89

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

    Filesize

    341B

    MD5

    fab79b14837145456891c046957ddd92

    SHA1

    af83881460481db16b4dd456fbf3b535e5c1a5b6

    SHA256

    4ef2c3011a3b8d8fd9700d1a7c34d76a93ee8e8c25f87a2ca83e3b9b32e14321

    SHA512

    bdb241ddad841afb7db2eff03b1ab6944a04d4be8ac83ab7b1e973e1fef56b5142da9114dce607bca266173399c8d5f0ea873fe81a8c8f7c76ff54a629ecf247

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

    Filesize

    222B

    MD5

    dba5f4e597aab312ad73594b254330fc

    SHA1

    4010c2933263a6460acd0fe1c37234bc5b0304ee

    SHA256

    ecb68b3cb3807a9a47804e23771ef69985d86e137050e8662f6ef642886fe297

    SHA512

    a98659aecc3059b17853b6d2c29a7abfc512a0b77672c2c4188011f772b0aac087d18938c4322c447bc3616be8d12fadf997e36acc4f0a6df5e74436690cb45c

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

    Filesize

    24KB

    MD5

    ff984d660b76c40800fd84377364c9a0

    SHA1

    5a5f802b2e19c2ca47d6ceb8ef9e5c4f9ca40560

    SHA256

    b6d582138aed272658808055a54f2453028d5be42e567130aee1ced390f1a53f

    SHA512

    193bdd12056bed864ad3c1fdf780f67f319436f9a25bebe2437a9424caac587dc11252b24b3359bae6cc4fe85d84ede7c31de0945d30cbb6292ded16d59a41de

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

    Filesize

    185B

    MD5

    e7530091acbc4f4f590f3b923ccd2655

    SHA1

    19e58221ad3fe71b8d15b7c7cd9a8140280f7980

    SHA256

    b89bbbbc7428c6c26725f646c805719a4357ad4824b16cd5e9ecb75f5e3c47cb

    SHA512

    9adaabc7ab1b2ae44a6f15a0b6236bd7aaec398fc711201405a549b2de06ec239fcd2a2bece9ccbfb398e448e280933f64c6f9cbe99d6d6cafade2734c65924b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

    Filesize

    496B

    MD5

    64f02d23bcefbcd9c72e0524dbd8808b

    SHA1

    8beb4d585be87fc7e2e9ce93f0243c715d05e043

    SHA256

    9ca90fbd191787f35ea0d31d5f28235a31957db5e95579c7dc9885abce69714c

    SHA512

    7e4f9147155235723b8db0e7ed016016e47d6810cee6a85ab8af94e79d97665176ecb3a2d7ad843492aab0c2c966d1dfefa21db89f653c7461abf3514b0725d9

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

    Filesize

    1KB

    MD5

    ddaba71f9f0f631b7316e5a149f95a0b

    SHA1

    23d072a8a110f0a586ceb5577b63c82395493a2c

    SHA256

    7cedf21e98c915cf479cf8fac2c96488e39c2e9b9051d8fd209997a4c5f358b5

    SHA512

    6af4d54023060ec2119180a5c24e7439a724e4618b74d768143a5cf97a2757e7090472e605192cedd8bbf587bcac58de7619c4abfdf0e5c2cf169ada4d74f9bc

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

    Filesize

    341B

    MD5

    52c58cdc2124a6b6f76abcf35796b175

    SHA1

    7e5754be95fdae38e25b558e54f30093e9e62b3b

    SHA256

    3b3b60c94b4bc1f5073fd30068f7cdc0deb60e837f04fe57162e80047e17e22c

    SHA512

    f62e8a8727830e2365a9f56895b137fbda702c717f3ad343a72b661cf6c40b69a71cd8717ab25b87c89994860052625e24b6ede1475546e0bef242061974336a

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

    Filesize

    222B

    MD5

    8996aea5fdb740fded44696022a0d4b8

    SHA1

    fb77e5b415ea5820a608db0d82058118f1c21183

    SHA256

    bdb3a095e159864a1df0adda7401173a2062475401780ff9b1c43931bf0b59d7

    SHA512

    8adae966620a0a5ddc8c70f9800b70b797bbd5c1ccbb7bdea9897737eaa2dab79f08d90706a70bda12b1376462081979eb6fdf21a62dfad17be18fc4cf02343e

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

    Filesize

    5KB

    MD5

    ea041f1911dee6ba089961bf76405eee

    SHA1

    16be4d2357b857ce525635fd4f3cd527904d20a0

    SHA256

    4d360a932bf5b8a60189a9b88f018515192195a5e9dcfddb9be4c80ff8548d98

    SHA512

    79d2c522bf7f3adc6af7f4d4dc525fcde5aaabaa89ed4f240cdf43dd05231a14f9ea823c6f68f1198a8de0bd82ccd7ac1c65b92c723b68b723c0523c8affacf1

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

    Filesize

    31KB

    MD5

    3c08982a4b2e1f3aa0b701abd411916b

    SHA1

    4528e3f9d95c01bace3da879df3bcbd6ae0ac10a

    SHA256

    98acaf8f18623492d781c52ca142622621550346983b81fe91f7971810efef2b

    SHA512

    2c4e98a2e4d54b1b4b71dc6e87853bfb6d0fb5bad1798b1176c530b8b40ab351dfde59263ededdff59db7e41a78738528544ae19439d388299faf099ba839a0c

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

    Filesize

    4KB

    MD5

    f7284960f994f7b9eeb38cd4fb58f030

    SHA1

    1028201e24ee6e6c61908cb28ed1c22036cd4385

    SHA256

    1c98b52ad3cf3c4c62b1c53f86ab8652bd87783f118ebc2bee164b009ba1ff58

    SHA512

    fb01f880039b26d133c5de375454fdd7ddb99b864bfa16219737dcdbfc7dce054c066a9a82e11494062bd6566e5fa8e867921cf99fde83e14bb5d0f2a1d1a576

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

    Filesize

    21KB

    MD5

    81747d000374d966cc6ad7d7817efc45

    SHA1

    7b06121cb3b92d0b0902873e5e9ac1ec1aeec376

    SHA256

    035a4142b60a2ab0bbb2d06cc1490fda1d643dbfe64145a0fb38cd71c497da5f

    SHA512

    6f2eeda1d412c11a12a91b148c96f4d9c0383a09a94b85ddfd57697808f4dcc840704c9b39913bcbd95ea82e56fa056b013ed4c0e32a9e50387125fda79b21dd

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

    Filesize

    106B

    MD5

    7e32f379ea6502587c8f16b822782319

    SHA1

    9a8d94b2b5eba43e4ab70271b04e4b3c8e32e81b

    SHA256

    7d8bac769c3ca85dfad56f0ea489712148b025f7d6dc972d3c1c862954dbff62

    SHA512

    8e0f27c9da6e60ebabdd3664b8ebee4cfe4ade54cbb06c8948fc418393c5dae21d73972eff3d87f161ee196d190d8d9427eab65c04e88159ecdd5452c7f3b3e4

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

    Filesize

    8KB

    MD5

    7c666ff156d392ef211247438bc7aa26

    SHA1

    434eac29022d2297e4ba7c22fa5fa594419fdb63

    SHA256

    f79540a2a5bb7307a018f5a5edfe5dfe338ae9859f1dafb19affbd9470eb3cde

    SHA512

    4cfb42e18cc9e2e40f9978d9ad7c7aad5584685fbd9f7566beb65fe83d8284b76d904e8aada5f1473c4ff0c50d2e54d546a399fbede54758bc0dfaa3f3d3ed4e

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

    Filesize

    15KB

    MD5

    6f523da27c161283d1f0322c3fdbb9f3

    SHA1

    71fbe193c0eaacea0a818925c014b8cfaded6f16

    SHA256

    1e776d2975f07d27fe510404aad0cef528480b5982f9418bd0b6f8511539a756

    SHA512

    b9ac749078004446800f45984ef2a7cab650ab9bf4cadedadbc47314f11647c7c2351731cbbac4eb82b3826fe17f6feab7d5cae139287eeafda4580ca9dccd4b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

    Filesize

    6KB

    MD5

    7b85907306d458d331a1544a63a740ad

    SHA1

    97290c948c1b3db9382d8a824a91ef3579c5848d

    SHA256

    e74e66b7300e38281740d6d2375f9eeb708966aa8d1c8e8f45e54467d4e7b164

    SHA512

    123fc57e58e148b9fedaf4f4d6f057a1336e83be48be3a7717449462665060c5012e950d351f756956ab38530cb37b48b86da2f2bd54b1af0b7ef5fe7cb12ab2

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

    Filesize

    20KB

    MD5

    14a720b820cc05e07be4e7c1924ad5c2

    SHA1

    f5e1bf7ce813b9da7f422c9b65229d5953033dc6

    SHA256

    be0b73e3bb5926c129e3b8d0aa5fbfa479c6b5ac3db74545e032c8b978577545

    SHA512

    b0b4d116c8267f0438629607ec705dba0eacdce60ab6c8dff2c071a8f712b8cd0acc3fc4520c63a49c2323ba54bba11e33f73daae6172bb527bbe1f8a53edc20

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

    Filesize

    6KB

    MD5

    2c013f671893c70ceeb326b622862a49

    SHA1

    c17d7ecd686518649985c94516bc2b01a791914a

    SHA256

    1b42a5fd9bcacff8d0dd225052b752e7a96d745d0e9632d58c9307701bb0da51

    SHA512

    d26c4a5fe268ff2329ceeec48bba26e3b6690f0ef80edc65ddc9965c3eaf8d483f2a55d6ada066fc2618755288aa839801c34728024dd282e919afd8d3173333

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

    Filesize

    15KB

    MD5

    24e01339a4c420c113389f0ca7df5677

    SHA1

    3ba48002281a44a72ef3be9b5d7014d595292ab5

    SHA256

    a155e44b774fc48adaa919f19dd23bdc5f9034265228f536848106806b868285

    SHA512

    486df75446f25c30a37213d1ae3e29c8fcfc5b2f0f4e0aa68a536e828cd99dff20728cd4a4d4ffbb236192b58e35658851f7c5131944e11c80bc25d71a01e466

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

    Filesize

    2KB

    MD5

    bc6f2316676afabd8007a5fe041ac9f1

    SHA1

    580d2c54169221a1482dc050d6e978161f7aa551

    SHA256

    b17138251cd08fe24951105c1d7a9e8c96c5a22956bd00eece0cb45d83b41429

    SHA512

    55eacbb7f2ee5c85f746a9a4a0a74929400c84f76baeaac201bc710c4a58f4603d4ecb1bfa67e4398987c374d349d3891eae05275e07302d6e57723842a82886

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

    Filesize

    2KB

    MD5

    baefa7b468b15addc301d13efabcfec6

    SHA1

    255dfd1187df3254477744340c763369dbaf14f0

    SHA256

    0a8110be8ad191cbfcc10a0d38b1a115ae2b03216c512512822b96dd0ddc14cd

    SHA512

    65e8c067e97c6da6e19db4e6a82378138dffbfa4a2a65b946f7bebe7d9a92a8352051b857f146d09efd6894faa8a809a45f8c657996908f53eecbd6b3771d111

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

    Filesize

    6KB

    MD5

    613cee383b76e0564f831faee7784c68

    SHA1

    9dc40ebd45f1dadee1b52abab861f03329a3d86e

    SHA256

    3ade95c6d8a847c37b497acbc5c7ea090004d25f767cca8cb5dd5d0827174999

    SHA512

    2ad4746ee0481e0b82ea85f62dcbe911b3dd5f1e3ae539cd713737187f5f2944af178344174805d09a12c16ef6de7141ff7a3057284dde1d4fef021369ee8d88

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

    Filesize

    255B

    MD5

    f4ea1ff455e416382446a86dfa0a71ac

    SHA1

    2f5716f621e63c85f219f118bf8bf9d45a51f55f

    SHA256

    af2e637dbbff85e4fb325fd7a5e794f5d7800ebcb09694369dd14ed813a1a590

    SHA512

    e2c340427ede16ddee5f10fa85fed87830f858c92f4eff7a8f4b81f837050d1e42ece43a7899780eec873a8db988f9a10523e472ad2ff3d97001ffc66484264c

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

    Filesize

    323B

    MD5

    af7269086d9c344987543fd7d7152c54

    SHA1

    51bb59e0eaa6839a68c79b929164e35571223cd9

    SHA256

    2a58e8ccd41fd392a2d7cfddfcfe37bd7f4e2e888625bd3e24a92f348faf6b2d

    SHA512

    8b33c294e7522960dee0bab8dbb20246ececea8b578d15251a12adb6f9e9f2ac44328ac8de575155abba55c83e3f60a6e20a41b16d49c1df67806efdc976f3db

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

    Filesize

    367B

    MD5

    16b55298a391c2216b41f89a7666f900

    SHA1

    da79ed5f72a5dcbfa9a164f8da95b9588a65e681

    SHA256

    1c974dfea68c59f1a61eab6f3b6e2705760ca8f94c54e55b49fb5186f002d3b4

    SHA512

    0b7b1792ca2720fdd36ac508a795290996d2b16cbdcd449761d60238363ef42f33dd8c861e2e79da446683a0f52a4221595be93c7014b6f361adeb01ca246699

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

    Filesize

    148B

    MD5

    6d45df4ea7a6926aa7c15ba0fefbcec5

    SHA1

    b246d80f61bf8f3ca00f2a6a5b229433d3d7ebe8

    SHA256

    a79f19f1ee9246213effeb86e533c8bcff8ef4ab827a8afdc30d5bfdbbc98b52

    SHA512

    d9b8aa9323bc988b404beaeb4580d68cc2bad72421eb4917f45f38692b02ff68a832dfb74c35886f6b7e43ee094a428d62d42b9b40e24426a5295712478ab856

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

    Filesize

    440B

    MD5

    dce1047b300e73de436b3d9702d7c682

    SHA1

    5208bc1125a205ffa4e025cd78edf46a48780ae8

    SHA256

    b58bf731eb4628abb9eb80297e8628b9d8329211cf8b3b87b83733fbb457f1f7

    SHA512

    818ea729bc16b55ddba6ad8700f3b39a7a6fc698e5ea1eb07abb446936f8e78a13862382bf91d7760b4363dec1b8b454fa118ffef33d5814187527cbf17a28e9

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

    Filesize

    462B

    MD5

    9780be72df9957a0d87f97e0fd386d78

    SHA1

    7639f5543c8d13d846186f2bb2c388a7fb3dec22

    SHA256

    3ac6746504383ab5a9f63e715ca3223e396a16829975ca02fc0bb862ebea7b26

    SHA512

    eca40045b49c386cafc7d9835e07d2fc5d776270068cd23994c3eab884e5a08be56745a9d2a1b4fdccc8ac84490c9280d6212447d41ad31c3b6bbe0520936bea

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

    Filesize

    267B

    MD5

    aa9522e56e817043de24ffce2a49675a

    SHA1

    24eae5d4d5cd19201ffe4311607735d87e9d20f2

    SHA256

    dc4582625f803ca9b35e97eed0e44bac6b27770e2b9d791797f6ce6bec919b94

    SHA512

    c9d00afd8459d57fbf2c3b988275c6106cafc80f787f3eb036aff9736110f370c36e292a720cd3b92b0cbbcbfa2b067ae4440427090ea9d48f42a4d6ab181e89

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

    Filesize

    2KB

    MD5

    9cedc186f84011a6d2a63226f0ea3987

    SHA1

    6afd9a2ca22a00f658d8d872605c49933e938b7c

    SHA256

    64f607938bf9187ab95ca9d71a2e0b8d3d85653e966a8624098ba9c10756999b

    SHA512

    40ccab459742d6d08ce411bcafc18f27fc89162d5c58a82db13c4e8074cdedbc7467776d8040d7389ba36a0963dc4e66e11538e6f4374893759d816b9f335176

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

    Filesize

    233B

    MD5

    4b7cdee0ab598df7cbffdb553eb719aa

    SHA1

    7e7d8ac12d0a4b09b0b09a09596cc6667eb19629

    SHA256

    ba2b824c8680a3416337529dde304b6f4ad147ddaaced65737354819d1fed244

    SHA512

    9fb26cdbe5ddea90255141907b36f705d79f9e7f90d8ff10909611c1d9c53826d94bab50940c1582f510732b80f5549394c86a9df14aea705b539a60ff65dbc8

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

    Filesize

    364B

    MD5

    420586f41fb2e3cc1e34d82e918e57bb

    SHA1

    cc5fde435be407693633964f551549c00f838768

    SHA256

    073a91890e440d7b32a40fac53845200f16e7357734a1a10a824c640fb5dbca0

    SHA512

    6a541f19b96f725d743f15a0fdc3ea180a587d81097ab3da18d1979dc313902cd4d1b5b11b317b938ae70c4e538a0190f7bd40d03b141d89e9c02fd3676192e2

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

    Filesize

    364B

    MD5

    e89a9e50378ff099cd05f9c7063688fc

    SHA1

    0d50ed63d2ec1bef17eb5ff6b80aca8f56003878

    SHA256

    ae6844a51a5f2f1dbc9a62d885e9ae63962a7a007ece4b19da20d2779a51e0d3

    SHA512

    3aacc43d589b0f9ece36df37f13128f3a36b003539b04f4ecca9de6cdfde75454ecab94762b2f9e68c24f05e1b51c17cc2e333193bc1fe5552bc063e69fa72ea

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

    Filesize

    6KB

    MD5

    8cc7f0813b49d8121261e59e9bbabae0

    SHA1

    4998263a7ba58ce9245a4e28bb91b9d4c09876f4

    SHA256

    114f47cfd50376c6efda322992a20f6f854932c546ff4a52fbc025ac8a7f1b38

    SHA512

    ca23a8b765ad944a533131a73ac45f88b1640ffdab72ba38e96513c79137b3666b9b40bbf6437b2c6374ae83a7ad0923220e2eab5445630007f860507be2a122

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

    Filesize

    428B

    MD5

    6c83b58cadccc9c31973430e81d6704b

    SHA1

    7c26a94323c0965b736b86b9d6cdb07b7383b043

    SHA256

    d927aba7c8bc2d4225fe9e60c675cb551db7e85af4c295c9ddb808e0d5a0fe4e

    SHA512

    e7b74b9151b32be426798b953d9d8332c5998d758a9d0941eab835e64aad1fab52e43bbfe7b685788505e2701b6b1bc8e2db2461e9c84d461d5b78146f3bc418

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

    Filesize

    815B

    MD5

    3ecb5fdcefdd77dd1e068a26bd7e1d87

    SHA1

    0d47cfb18711d6152b848d692d6f9c40eeda21cb

    SHA256

    470be76ab8a8140edaa73a05eabaa99601e73c42c9d7d804becb5d33643b67c3

    SHA512

    1a50389033b416abb15999d71f92102442cc4edc383f97a8ed5023616bdaceb04deb03a16a8c589709e3f3e050ff5920d2d0f0383b0d34dd9ec3ee9865818cb4

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

    Filesize

    870B

    MD5

    a718ece47d04eb9262c0ff88730f80b4

    SHA1

    501b1bc291efc9c9dfe1cc2a46937f09bfa7726c

    SHA256

    030e1260f87d564b3c9e6fb9cf25edc1aede983b6ecfd82b2b4f6c2fc4b44fb2

    SHA512

    ab27c9b3acf71c5ec323402af3dee2f0548e9f64f6066abd2acdce9400009f3bc939b2591c92222ac5042a1a834b7c229b6e7b5ec3f1ac0293ae775ff84ef658

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

    Filesize

    3KB

    MD5

    2436a199327daa56718fffb60aaa9310

    SHA1

    2b2d3d4c730bcff3e33cabe0d2c62594a3431687

    SHA256

    c86467677f7be4af56db26d162e669d57627ee6a7517d331bbcf6b9eab21ba02

    SHA512

    912ef1204a59414455e424542b49385ce4bc02cca1398045a6372949c3c8898f2cb5c048c1816db6fa647829b1b1a56178ffaad8bff900a54b31377a90cfdba2

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

    Filesize

    2KB

    MD5

    f56d1e775e651354294ab72ddf9817d5

    SHA1

    fce0d0d8e5ee24beb1b306272b3f71da12eedc99

    SHA256

    dcae4cee65f82df3e9337c4ed264a0b7a98cde847112a223290a1ffbdeb21785

    SHA512

    7e024bd89b40d83271e76a446f732aac1999e7832cd385b1cb5cc3ad5e5ac5d245b1516be7eb1b91343019041a3275d272e60f31ae9f424400a22252334a8aee

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

    Filesize

    19KB

    MD5

    6b6788b8705380840c282f35ba3e1293

    SHA1

    2d84c6fd180587cd8d2a04d92e94adc0600e67a8

    SHA256

    651994886d686127d50b9df4a079bd6a887932ade22a03f16aebd165c8d75a17

    SHA512

    b4d9450f45fb6d7af9eca263fbc63c44f0ed3a4f241c4ad1ead01393f762437e255805c394844eb68939572d65ce73a8f9c4cb706b370923df50931328d5fb8c

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

    Filesize

    890B

    MD5

    11df471326de6eb8653d329e4add82b2

    SHA1

    f2d0e73da505a1ea96ecf339153abaaf7a231cd0

    SHA256

    038182b40d9e8e3d733d809e83463c27e694395f3b31214a6242c4d8cd0baae3

    SHA512

    715066119d38382b7806491607c9220a13fa56d6a8556e91441159bd3ae04cf668bdf321f03c291b7f3e7888a1f46820cf958f29f029bed4a57fbe80050653db

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

    Filesize

    852B

    MD5

    b8b7bdf5b085c741903fa825522ea83c

    SHA1

    6efe0c82f78d1b1cb50a722184be3dde32ff8ed6

    SHA256

    e5c886a88589cbe3c3306b0abb985d3a7f6fe153ddbec368cd06d81966efbe8c

    SHA512

    57fd0681bf3b01b67610abaeedd1d156ebcdfd3f9d92ad58c156475872018625a9b6b72896aabdbbe98390b887626bfd8333214f8afed3bf9413a9ae84a02e36

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

    Filesize

    860B

    MD5

    b14fa5cfc73263fdc6110365d4b78e54

    SHA1

    463fd93fa39a8a88fa8895b427f24825fc861269

    SHA256

    063c3203a66a1955f31110b3eb0fbc2355a586ed22b59a050366b6da9a35138f

    SHA512

    3470d3d8788e8a5d77bec0692774ddbebd50c7613ff9f158058f145a16241e2e07b624b807d533a0cf8d1ccffe310b1d71c2b11ff31ede40a00cfbd39bb88905

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

    Filesize

    580B

    MD5

    b7aa29d71526943390d5ef3fe4159d8a

    SHA1

    af92585ae15b5b6cc3048f8106b23e027513624a

    SHA256

    f4432c0ab9d911f1f100fa1bd91d8de9fa67cb6deb5301ad09d43e1f725855f4

    SHA512

    ee683c180a7aed37dde335f44e4faf7eddd28e9bd3ca51f22ebf33cae6046d546eceb6d1ad3fbc262e47d09e81602938a38ddf63054550096435d4f636910638

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

    Filesize

    899B

    MD5

    43a135fe5444d6be443dd52e21a7a571

    SHA1

    29578773452d9b6bffe5f0f0593f0a91bcd76058

    SHA256

    b12a9732d305c26d7ec5e0e33979d5d022258b60219fca24a6a3017fa26c993c

    SHA512

    9f9c52c0e3f96ca6da1ee2b91777dd4a780b5c6e2f26462e9626d1961da8b3c2ecb62f32159cb9725a804de8373e3a042194bee6a78a875567069458f6891d03

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

    Filesize

    625B

    MD5

    2d4eeeded6f36a5c92cad56d4f6546e3

    SHA1

    db36c42312fce7d0d3d0aeebd0e38b954a8d69b1

    SHA256

    89214f456f78c2754fdc87e8cd748728bce65c37282015a85791ce385a1172d5

    SHA512

    c0bb1d5d909e066c54efc4f16fe04eacb5b6f486f21de6cd56e7018f4d2ea6d94b346dfc2530ca17ef84ebd53bf721bd38893e7bf343310813d64aa5aef9ed35

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

    Filesize

    873B

    MD5

    87a47105c2f3e8cbc64b10334f476212

    SHA1

    6e8efd8c99e7cf0e0de04788a38b3e07d2a7e3e6

    SHA256

    9cb13afa43ad62e76a2534adb0e6536d01e9095f185deabc9f1e911b9766dfdf

    SHA512

    6960475275023fe70d43c2517000545c201936e4115078b8798ac0e41a08669b5bb33bcc06b859e2a36e8e10f338981093e41b663fbef65584d51b4ef74d807d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

    Filesize

    5KB

    MD5

    509ee8dc1c698a5858b1f12b7f5b2383

    SHA1

    339d9df78e40c3abb54cdf69fd1205276097d5e7

    SHA256

    2740284f825cb2cfca50047559b738d02ab0dc8c205ad1c3dadb0545211c36b6

    SHA512

    6ab2b900524e3e34b38fa6aab46791e96cb7b7ad5c2075915082432e5be9e286355459f5c09b56b28fe62266c08b02a8c546dfba848df11945f097667ee1fb5f

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

    Filesize

    1KB

    MD5

    fbde99110a6290e96067639f1aed6b50

    SHA1

    bd282ac03fd582c554fcf4bc12852e119c53e79d

    SHA256

    34b40780b83c53eedc868076d62bb5cfff05f82446d2699caf9d844589fdd154

    SHA512

    a63be140165eaa2c19b21c5bc9848f8b5bf00a34675d965a9b5d5a1ce59d3533839511aabe906e7582ee0cd022b336269063027a6e5efc1c5c993f1537ff7cfc

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

    Filesize

    615B

    MD5

    71bfb242658155bff22183fd9b7cd1a9

    SHA1

    8def653f3c4371aefa5fb95811b0315606c918d1

    SHA256

    e6b8332db07950f4481368523ae1a9267e8fc5ac8f3915f31bfbc26905eb8a70

    SHA512

    1d4b58a1cfcacf462d8890024a133d5f62f07492ce87904142aefcf2e2c34c5733e2818915549d381f1b7021a3063f54e6ceb9454937bc230b9bb137ac44bfa5

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

    Filesize

    848B

    MD5

    e98b3e567836f34609433738b225b1ff

    SHA1

    f14b4455064cd41ffd712b5ebbd9c69d648632b9

    SHA256

    417055c7616e7c3d90e900b73fa37e135c799013ec45ad9881bdcfc293b26704

    SHA512

    542ea1075b57e9dafd64864e093d0ef43f0225b046cb3f5fc9673c1a78871ef351a098807dab883382436d8e1bea8e2813267f6169127275b6734454c0e0d223

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

    Filesize

    847B

    MD5

    019ef958d6e485ffb90ff65c7a1a4a38

    SHA1

    66caeaeca0d54a19df231fcfa00c43d599d4fe74

    SHA256

    af6dfd85a9b6bdcc68530d616b245d6593637b5862f3b6daa16a1bafee603864

    SHA512

    c537f618ec8e5670937e1d904fb5bffaeed894176bf611c92c4fafeab95bfc2dae46c93c6d1c4040ae90033bbb24d19940dcb4201569830047378df9546e21f3

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

    Filesize

    869B

    MD5

    c6636beb4e458ae87584640673b4e44a

    SHA1

    325dadf5fc15e2b08960a2a6382580b757db416b

    SHA256

    74e31612bc78be94878a8ca7527abfd3173209dae683f33d8112bce5377e060e

    SHA512

    aeddf1aa09a5eeeae85474c4116418f3b26b325d03c602157fe2cbacb736ccebd9fc55532d26e05c688e80d2c549fddb5a0ebf6c72e78e2dcdbdeab113806ac8

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

    Filesize

    847B

    MD5

    69a836db9a89609c14ff2705b9825f16

    SHA1

    dff5da772cd1ce0c52e76638d274401ccf95773a

    SHA256

    614524ab8423bbd931d1f525a473a7e434be3689036acad25b196519d52c4f8d

    SHA512

    6304e76e82b6cdd5ab4a4516298220b23e6042616a797abca8099ee1807124e9eb49e08c0827454f5e643b293e5649a71d6b3e4087e41e701e74bc4e8f7fca49

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

    Filesize

    863B

    MD5

    6ec2083eae6d01a8e68c9d6f1efad207

    SHA1

    ac1385e1fb10985231ef98c74cda0c094be6ad15

    SHA256

    3a958283224de54395013cfbd10eac3f7d0ae5b7e270c66e8f7c14653b8ef667

    SHA512

    20c1757129834d717ed3a0e2507ca8bb95735bc078e5bfbd538171722f04e1fc734e5b98a27d901ed82fcc5ba6003dcc9cff3926d16efd0e59be39a976c1bcc8

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

    Filesize

    861B

    MD5

    500ee5680477f4a2ec85d156362d61e5

    SHA1

    f42f7711436738898fb8582a7fb3bbca313b58d2

    SHA256

    6435d3e98350a877ca445116fc982b59df18c9c8bf2a9cec3918e5f15d0e9b0e

    SHA512

    2d9bf00088f947f8660d3548cec071dcd83473d7797e1c01555c0fed3d1bd542ecd4864d0d03468be3744270c0a9831ab53b0f15c4c3ed8161c80c2d6fd03c09

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

    Filesize

    850B

    MD5

    4106c3c6ca8ed4669fabc224c66e9a2a

    SHA1

    ce9e1b4e862db0ed699379e61b36b85b50a07af9

    SHA256

    300ec8aeea7e658544e0968d56465ab274543d9cd2623c31b821a45f633663bc

    SHA512

    8f87ae58932598064ec7a15366c313eb67a5025abeb09e2ff9c26f47f67d231d4bdb2a249c6934abc620b2e852b6516fb02662056058fc16d0225b1af8bee570

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

    Filesize

    883B

    MD5

    a46eaf1b6b01e07567ca65d29449cc35

    SHA1

    aa492940e2659eaedd277834b8d90eb2b82b218d

    SHA256

    a6b800088266c799ae36d2b49f301e32fa24da2a9ed05c452e9d5a017d370b48

    SHA512

    68c538c1b6b51023502e3ff8ba91fe1aaf27a39327ed10967e20f2ba3de305ea8275a1ece0e755d7d5d8e2ed0b294cd51df2fe1ba38ac9473d70296a2306f6c1

  • C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

    Filesize

    153B

    MD5

    190a4d6dfbec070570623d62a05c7ced

    SHA1

    5c8cbf4a27375e75b5715ec5587288a97d78a2d6

    SHA256

    daaa944809817e7c5ef6f218a14663698715b984c07a6a3ac7d5ab5bbf479ee0

    SHA512

    fd2e60d417e5e19a48d22660db497900891bd3bf9b41ded5bf917b03d64ada3b32c239405be3804e328356fdba32a841424c04673d059473fe33135cfcd5da83

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

    Filesize

    12KB

    MD5

    d2a12111f17006f3edfcb76e535b5e33

    SHA1

    dbf85b11ffc2e17ecee785452c68edb9cba6c619

    SHA256

    32cb9a0c4f83908a0bd5a5e5b5538426dd0ef0c1ef48d5c3b496cfdb48e964ef

    SHA512

    b26d476be25ae21309778f4a8281e52df7dd573df72afa151bf56c77e858d10e8af0457bb15b8e968872052d3c3d86701a05f34ef57a5fe9253f314f89361e87

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

    Filesize

    8KB

    MD5

    e5ecc9ce82be020ace85b0ed66d05702

    SHA1

    e57291c7a0383ab2cbb4b2042280d7ba0cb4922d

    SHA256

    e1f18801a9a27f48b408fe1518e84b1732e9442ad522809fb920e2b996cef167

    SHA512

    126aee9892046160e31b96889d0359cdd463f86b39aaf88bdd1473e92e8a62726803118767cbc140e769cf04c4a500fee82be78d816fec0b6a899d66d29e8f22

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

    Filesize

    11KB

    MD5

    f2b88559ca319309d1590e4d6bb0b26f

    SHA1

    53ae64d95c260cb884d4866f30da050f6813f95d

    SHA256

    80ec4c79918dd2ca47d0cb4c1769814fe0b7731c9c0351ba465b47de713d6f63

    SHA512

    a82d6cf087df6d59d39db77d6f8e10e0a8ab477c0595eccfc582f1b340331cf6e9f716404c7007e8da20d34b7b74aefe1a40c027538f1bfdcc03da030c844147

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

    Filesize

    109KB

    MD5

    5a393b60f646b40ea984d00845073456

    SHA1

    30e46524e677f4ea0bd54525e82a3a8bd032447a

    SHA256

    cc947223f3bb56785a7e9d21e51e8ef7ee3cde874fe947995afa327be6df9116

    SHA512

    7109bdbf6c64283cab21dc8e6103a87f47c97c8915b2424515c7dabb5e6b060487de8f83141ace3ef4b2c69ca52ca2bf911d49ddcfd80564ebdf66e51773bc11

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

    Filesize

    172KB

    MD5

    71063670426a286f78de7c68ea42d4f0

    SHA1

    7bb07ea13d3fee0edd9d917df64c26f3038a6f97

    SHA256

    045bd182d0d71ac5c311954bcb241f23b6b2f3bd8598c930b275cedf6d315e3f

    SHA512

    ddc05ed88ae862a77e4be6ed04ebcefebfc4004c3e5ec0c87654fe15f8cdd689d9937ba6102e90d2caea78c86910820f0880852c867ea8d8cd849a25aa48131e

  • C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

    Filesize

    1KB

    MD5

    99e7704afb7e050123f0c9b7a21bd3d6

    SHA1

    92c28dd36c68167b31d26282b03cdd483a68033a

    SHA256

    462ca6de5eb8f5546be5ef4014de1b970528771fa98da6e6899b47960217a0ab

    SHA512

    a8ea5aa09a970ae9efc35b398f7aa41be99c4ca27548a51bc2e216420b43662589e6217a8bba9156dc7bfef2f338d05e70d5e0a3339802aabd5fc9e8bd2a64f6

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

    Filesize

    21KB

    MD5

    60ab67f9b776a7684697067c292e9bb5

    SHA1

    ebbca44ec73c6d0d3c587b6600185e1f6d9622ee

    SHA256

    a90324434911cdd8beff915385c492c8cfb47288e5c9626d92aaeabfcff16d44

    SHA512

    44de40c5292f2e6c86318f9af2bd856d7af3e3c2432db0ac6a1a5556a0c8c761cae15ab2e2835863ebaa4e3cbaa1df614e6095c6f23550f9a6852123045bbeec

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

    Filesize

    1KB

    MD5

    ca8ec462edad386f065c26f364f6a0aa

    SHA1

    1958bd22de7ecea713e1150b3dc4e19058259682

    SHA256

    383cf8b387e7a871428e76d4c165f60876ac666f95fd9549aa92ff2a19cc8b83

    SHA512

    712dacd6a7afdbea862b52c7373148d833e832f28038584fb7dca2f31d6b8fc3a6957aab9631e990fdfe32a4e7207673da03293ae25514c3aa1a7f94cc1b130f

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

    Filesize

    952B

    MD5

    6db99d1df393d7a67084a2c0160d6a58

    SHA1

    5011f5f89b071e38387de32319c6eb805525893f

    SHA256

    07f998a69a0960902da083cabdbce52600086f259e979eca16ddf4feec19d8c7

    SHA512

    66909332b1154a2e8cf4056a49eadd4610e7a95ba890e698ca49be0f9857cf65730712751dc3ced4b196e354e96c83ddd2c2a56655239de2d52854d972218ba0

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

    Filesize

    121B

    MD5

    9efc0acf68fda4ec5b17f6b5dd841e67

    SHA1

    d5f437a6fccdf937825b80acfd08d3f13191591b

    SHA256

    cf52101bfcd22a7e76872be349170826df267593ea84f87a2991e4fce337addf

    SHA512

    45dfbc7a3d3cbab9d22fe6a53c0d9bedcc0cdafdae96aad9a299b9e8a7e0de9364865bbeb4f8a175017a2126ba40d832f2c7f7729a8f048c2359fbc591df1ca8

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

    Filesize

    1KB

    MD5

    d5e366806b979e3a33e2e12ddab03035

    SHA1

    936edbfff215a13fc528d7f86f31997049a3a220

    SHA256

    c5319d529667a2ec89fe142b69827d4700729537e175ed185adb945936271db7

    SHA512

    9e53353117d90362cb04663d07a44f4824952f58a80a9215bbc761ae4a91091abfea070b533193fdebf5c519fb6d96c50c4091b721e783d8e789755384e71558

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

    Filesize

    8KB

    MD5

    5eaee4d83586101ca94cbd6db23419ca

    SHA1

    fd5653258c2c7932e3b21b43b62895d5e3726010

    SHA256

    66165c9f5673e46189a6ae110483ca1f2f8982256c38ec33a5586e7e76b66ab8

    SHA512

    37982a9f3d21abae069b0fc9d10f3f8ecefe7d46fa99659ca9de628fe394674731452e5edae487885a05e19123f7f15990a6a1a40127ea7acef114084ffa6e5a

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

    Filesize

    61B

    MD5

    72046d9ce2b319185af8e439624582f6

    SHA1

    46fbb2926f66469ae85f39082fb46dc868dbedfb

    SHA256

    fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd

    SHA512

    17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

    Filesize

    914B

    MD5

    7f4512385e062b8f6169e308de3f2519

    SHA1

    c6d872111ec511176621d003624adb148788bbf0

    SHA256

    7e1ef2719b5ab8640221112697806607bddeb2c47cadba01b968c87294b23931

    SHA512

    3cd4e005e07a9f7a4d3204c60ff8d6d007bf6115baf91c6adf480eae8268336ded6256a743c039f6c631776f41d42f5652e82466e1c1ace1f955147f0fa0b59c

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

    Filesize

    90B

    MD5

    d118f5558faebacdef6d4f6800a8d8f8

    SHA1

    c491a38354a52dc0d77ae50706aac7fb412e7470

    SHA256

    1bebaa6e3bba24569c14e3f3b3d88b35d7b4b51b261dbc73fbc3ea9125edbe52

    SHA512

    9549ceaf47ae3abde83c1db029e25033d8d94908b92fb4bb20e173c739f3bd41b02f324fbb3a7551b3e158e95849768ae946c57ce5259313a5f68c45fe90ab4a

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

    Filesize

    90B

    MD5

    c3a6cbc73d2959018d1c808273483d08

    SHA1

    f47f5efa301e88d9cd7137c1584dad94b9b721eb

    SHA256

    ad0ab299d5b9e06fa45a2d3430300374a51a92020af46390aa10374bdf6ff6f8

    SHA512

    5ab4333b3adbc3f56cbfdcf5e3013b4988727fd7194e2ecb944fd955b8097614ef41c904b83feaf701d3624842aa69fa78e66066e9872cdc652fcca7cfaee542

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

    Filesize

    328B

    MD5

    a3a2e8e4018769171634369adced8d53

    SHA1

    8542679abb36379dd4c99d54191c73306ba97ad0

    SHA256

    891a38ae41ef4309bb412cb344cf9615bb9eba558e20eb66e24fc3e3cf96477a

    SHA512

    339e3b054c7d00f3c8262a8e28b726f751ac37d90490c9891c79b34d5b9882953a7dbfb033317c8ad27239da4b160f2363b3aadae695877d708b7a1ac2c68924

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

    Filesize

    1KB

    MD5

    c1dd8ad38d7a1f4613520f069f0d0646

    SHA1

    74132395034ac3decc4fb06279135417769cbc8c

    SHA256

    230157fb1f1d8fbeaad9d76575a074fcc0dc6004a6bb4fbf065990ffabe52ce0

    SHA512

    061e9fd698a2ce38a2b74f9480f4c8c65147e4aea70f4bac75f74a0c3529c4319cb2e6469a37c1335eaee757d08b44501cdec9b674d99c316cfa7cbceb60dd8f

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

    Filesize

    162B

    MD5

    cc570935f09863c5b030dc97480c530f

    SHA1

    8a723dbb7b77dcabd135e09dd6ac5a60535b02b1

    SHA256

    585af654ce19f1d03fd1086cbb74d095e5fe2a201a44ff3ec3ac1d35eb7c8945

    SHA512

    aaa326847fb77e37329f6d232dae8a7c97b61484296de6941a295111db650ca7dca6ce15ee0e802e731588e803fb1f3d7fe40183a83df701d9cf752246ab31ad

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

    Filesize

    586B

    MD5

    32491050dceb3e33a77722a372cbb8e0

    SHA1

    b31f4b75cb4076ea8ca4de7af2f705d406137210

    SHA256

    c8b12d34b12ed2206e24562e9d5e5eaf7db456baafb79dab5a299b23f8458df1

    SHA512

    cdcccb0bde6cf65ad40092edf33d687b5df808fd8a1272a46b913570b9ae2adada2434ca3f8db939b7d0bee44f7eb800c0495ebc33e62b1d39e448f7356d7f3c

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

    Filesize

    124B

    MD5

    bb6fbdffae67128f0c4d1acd64e52f96

    SHA1

    4d2bc7aba05c36fd1df6baecd3ed4cd292743533

    SHA256

    4f4d45fb2da2953cc003a51b7a0ea5d439c7fe163f90a703c446c7a9b702ae26

    SHA512

    8300d6e9bc28d8e61b3cf01b13011f10a0d2dc59ecd05032a14aab42a29af1e61af6ae13856c69b395d9e8689ac01f67bfd1c8b3a0b1e5e25c4d88b64d589d23

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

    Filesize

    65B

    MD5

    18d028b4888b6f6e9db8ee0f427854d7

    SHA1

    3748602bf75d436827e2176147e6ff08fb8f691d

    SHA256

    f4007d94f35fbc83e87bd2fa6f7dad1321e80db6dbbd0175abdeb530f56e68a7

    SHA512

    65155193b7d98183be24647d628ef9738cac380c988fab3cd775f89181dc5adff5fee1b1f6aa2fc43e5650f8e11b99e23c28e7382636307e361119aa871d773d

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

    Filesize

    65B

    MD5

    21b2f81c7de3321ce7004af728d11a81

    SHA1

    cd7e72941fd5e7980e8c81fb8dcaad45b2b05581

    SHA256

    30a37cbe50c62b343f48af376084d51ad5f0f4a38bf0e21e8bb72d633a206fa2

    SHA512

    466a5be67281b38e9d779dd2f696ecb85618b000ee7f748cfe47ff630b7f9ef0d2a7c97581c4cc0c76e79e0ee640f684c26367aeace89836470c285de2a2a52e

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

    Filesize

    8KB

    MD5

    e19461030bf2b8f5bb805b7431028e56

    SHA1

    d4645d105b9ef395d26b2e41cdec9af3279438c4

    SHA256

    e0cd484a0256cc274c15a855d967da47298a9f373851a82b77e0e966b3602b6d

    SHA512

    aa1d59368c1461f5c3cdb07565f8e7939e731b185ef5e540048901801e1e19b326a582b6ae3ca84d990f4f62bee2e4a7a7947135f966b0b2effc16cf569b8f80

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

    Filesize

    65B

    MD5

    eb84c814eed81f69ef49848d03420206

    SHA1

    45b76a995aaea76d9ba72fcdc8560b89a7b1a0dd

    SHA256

    d9fd61b1a3e5fc7f7d39a3b1bd6b5f8227d85b53786146f3960cbdf32dbb203c

    SHA512

    e3b5bee34e28b56e8581529865cd10747ea96e9be558dbab8136c0dcd1160b0ce2382ac51c1c09052536a969f1d03fa00a6bc7a91487cdd0f76d5e0b67260bdd

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

    Filesize

    65B

    MD5

    7f92eeaeab07437f434742ce0c4f2827

    SHA1

    8edc9fd784dcbb612856ed32a28ee49d77267a9a

    SHA256

    e9e7c651fba92b26a74573d452b2dd9e2115ed06c411499e04445fd86ade2eb1

    SHA512

    7a49ba34fee8b461cd2e8b554a38ae8cc1bf69f0b616676565d061ebdf0827bc5af89f53161996f05974322c7e7b2de86e4f589252c09eb0dc9415b162fcb78b

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

    Filesize

    880B

    MD5

    3b7e64065cc1094746d92a408b05dffa

    SHA1

    985e0b8f5ddaa56efeb989a2f8d70cf81a1b7609

    SHA256

    f533c7760611fc66630e5ce4681fe9b57579a63eda2a311fd74ac6fdf55d2081

    SHA512

    83109513ffb1b3444869925a509b63313347e28a0ace4cd10cd9a2e7523af242fab28858d0f8829ed30fd83b052f0ed18a74712f5ca6572960351a10594565d8

  • memory/3028-5-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

  • memory/3028-9084-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

  • memory/3028-9083-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

  • memory/3028-9097-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

  • memory/3028-9098-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

  • memory/3028-9100-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB