Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2024 22:57

General

  • Target

    647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe

  • Size

    7KB

  • MD5

    647ea27f3cbaa4a260f9b349431be8fc

  • SHA1

    26cc7092a922367b56c0d3a7be4bc2c8bdf1e81f

  • SHA256

    732008298cfd71dba174d801c1544630f27d4329aad84072201ae6f3a9153a7c

  • SHA512

    6f84010260edb78ed6a892db3e36a4a8df5b9e76ab247728e5f88dec494d8bd986945ab6bf13c3cc912a1506a0cc82eaadb3d8786334a0dd5f4fd9b71f5607c6

  • SSDEEP

    96:5mMbv5xZxkQuKBW7Dm4p8/UDqpdONfG7NpH1w5kO2LgKQtQTLIQi1XDHxMUA:xb12QuKByDo/m/NMsQQtQTl4LxMUA

Malware Config

Signatures

  • Detected Xorist Ransomware 7 IoCs
  • Xorist Ransomware

    Xorist is a ransomware first seen in 2020.

  • Renames multiple (2191) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Drivers directory 8 IoCs
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in System32 directory 64 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops startup file
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    PID:2296

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

    Filesize

    283B

    MD5

    0798f82786161ca795dcd6a0999baf47

    SHA1

    d304ddfc3bee87e23a2a2ad8d4f08b8ee557234c

    SHA256

    a8e24865a0861f8281156eec1b3acb9e4a2e5b705923d39f07c860286510969b

    SHA512

    80b9d7fd8ce4b66494bd27eb0783c8acf832dd6c493a280e5e64cd2e8a9e0411c93015896fe965a01fad8c974fd2bbfa0d187e9fa1beddf4089d9046615edf26

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

    Filesize

    341B

    MD5

    6ee9736b22d1daa48f587172c5ab61da

    SHA1

    c267b8222af6677b326b27a58146883f5950369e

    SHA256

    e4b99b18932a35d5bc033a16e9d8b02a250aef2e50c8311badc23c2337f6daa3

    SHA512

    4b41f6bc8e885cb755b82ab93f10f14fa8120e7a9ace8fb630e17b733fd6afa016b37e313dd5f8a4c7967540aafbdc2520ee78b3d9bdd8476f3a0a2b5021969c

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

    Filesize

    222B

    MD5

    7a2f450736d4d013e96aad75c308599f

    SHA1

    39c949bf1da42dd25d51d4ced1e1b938a694d0fc

    SHA256

    829a1689f04f00e78290cb7466dd4d650f019ac079cbab7a5ff515a6611bcaee

    SHA512

    701f20aceecaf4125d08ad096d205e95477b3d012a5bb434ffae142feb0a777250cc0fd6c74574b379297f360342545b8df1bb3ca8423d659f7e53509e7baa3b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

    Filesize

    24KB

    MD5

    424ba69afd55b102bed94a81db248986

    SHA1

    54656d0410d7f3dd27d5a8065b2b310e8db741db

    SHA256

    118d44a7913030f7706f37a2a282fb24ce68882511b1a84c594b85909e90caee

    SHA512

    1cca5884a9da2525c502c543e883e1689848637a10e682aae8bde5f3a1e676c80310332b6c3c99ddb2d5c790bba78874af526e700d4dd513b8db6c6105cb80e3

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

    Filesize

    185B

    MD5

    701d0c1f61f7e7fdd990a10896b49622

    SHA1

    0d3aea34750bf1a83fcc886c0b53873be12333ab

    SHA256

    1f91302b4cb16edc53a72669b3ff1eef39efb9f95634533325827f14cda3ab73

    SHA512

    46b0f44e31b1216031e430a2bfc2310dc8a59a3f23f5af058935d13e82e53242f98600924c10932ee283cdf1492eca14652add9005fd4ad0109b79521adff84c

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

    Filesize

    496B

    MD5

    fa5b874fdd4493c17aab60ee9946763b

    SHA1

    29f479383947146d61bee7b9938148c47bf62ece

    SHA256

    254656f7b580484f31b7fa2f072a540fecd3dbb8caa9baeddfa6f41d6ccfb3d1

    SHA512

    6cdce7e611ca636598ab8dc8d3b4a5737cff202dabe93f548e978bb0835655030052b1fc2eaa2933aab9583fa410b441b24352ac3eb525ae94880458d6229375

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

    Filesize

    1KB

    MD5

    eec07dfcaed2fde34b7aa6ad44c1dd55

    SHA1

    f508973b31c3c062641c39c06763efa8983eae9d

    SHA256

    0a8587026093071663a829ea5ff00d15d9b84547cf9a2522dba8d25293df4ee3

    SHA512

    13ce611844edcbf56b8245c71a49d9e1d70ef0daabe427a9ae4642c0352f4db48f870a652e016f1eaf22b01e45c3e1df8f74a36c58448ccd9449aa90da50b161

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

    Filesize

    5KB

    MD5

    e5c3a8c9e51ac8a392175b51e10ac13f

    SHA1

    ea7e5b8a9d290b6e0372b9331484528a9f51e017

    SHA256

    bfb8cdd631517026ee137c783081f4e9ad264554b49ec0e76f9653b2ee41f3d9

    SHA512

    d29ba7f51c51ea0ee9a82b1666f222a4290fd71263f4c11aeacdad452d4aa4cb1a73ffe871ad09c49616c1d462a36a382cff2e0f7f623805f1827e26e35405dc

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

    Filesize

    31KB

    MD5

    34fd09a0b406b5b68a3e81b9aa2b60f7

    SHA1

    500712eba56a56e11d4cf7aeebca9e75fd06e335

    SHA256

    923240d3c997f1fdd8bf9023908ad09f8285dd2fbb1a0d0fdf3c6740a47b7cde

    SHA512

    e712edb092d99bf234c301a3c00c1c6e74d36330d728e984a8231e5e1a29e9634219f636ae115d86f0391254e1bdc1f566fc7a6d317454e15574129e11cb386b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

    Filesize

    4KB

    MD5

    ac4f976a462b209e401995425537f844

    SHA1

    8f4ae9378990f44e5aa5f9b8aca5f60444c44670

    SHA256

    522402522e63f4d6b412b057165cc7ba3e02d96ab163d90345a1781696c15d2a

    SHA512

    fe2907646464272becefb954b537f871f534238d262da0614d1b2f37cf2b9469209ba13f6ec950b6781f706ee3ee9c19f7cf2b91d37ee41ca08b945da2d834bf

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

    Filesize

    21KB

    MD5

    5391124ee60a4133432e22449ff25002

    SHA1

    a2056f958a10c7328eada4a70f7191b66f030223

    SHA256

    26ba5d993f2ffcbb0132ae53b12edbb3d54c4a00303d2e7c541905daf5b844e2

    SHA512

    a9d0b922b589985e1174c54b97300fe48cf2fe4c684410995ac95541d27bc40d7e824efda5d572a178378a1f0d8c525f6877fd302cf6c7971273e9a39e91bd0b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

    Filesize

    8KB

    MD5

    8ac42d0fdca01aab73351068f783f71d

    SHA1

    0aa5eee8aa882f63707d1f348cfd368a4b4a3b05

    SHA256

    dd11ca0207ecc5bce2edf03098adb1ed3f40ccbe27972452193422b5c54a0ba0

    SHA512

    f121cdc0a4e358ace7efce1fbb12ca7dcf7c73be8e913525108dfe784094d98a85a5f9d8123c0c3feb857872e58cc8b2cc00ab48f10a2440b43af92ca8ef1dc3

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

    Filesize

    15KB

    MD5

    4ccd0872eed07528cda51c590352c551

    SHA1

    fb36241d3839aee306f0d3ec3c15f040dacb5597

    SHA256

    9f9860919caa43016c05c95c8704fd39c0852f89096cc64f20f08c2cf83083f3

    SHA512

    db62cf1353c1b196cb1c413580fb03433783a36c69c6e5e3689f36b59b6c1f56177b983ce74c879d444e1544a3601977ff9cc9c2dd361b5382c023c5b049ab2f

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

    Filesize

    6KB

    MD5

    d5953db1ecf0fde16d43743c1b033a2e

    SHA1

    981ce25c3ce8116e5b81daf4073de209fa1b0c82

    SHA256

    7ee1491de2b43e91974f925b2ce0999c4682504b69b197a12ebf1d60668b99ea

    SHA512

    01365fc1e74a1cb7ac24ea79e244f5933f060318d16703c1580a4604fa7819601dcb9a742942232c57e8305035d58b83fb51ff8f30bff4bbcebc3c70797b4309

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

    Filesize

    20KB

    MD5

    2e2c0704b9c7943d888618f5f20888f1

    SHA1

    839b257f2fbe8900d4bbc1d274585a27c8f48ee1

    SHA256

    e28f4ac229b0a350c6e294f0ce8ac50f86aad0b73218592395985fb5d8474151

    SHA512

    dd29bbf899ac2e00ea8eccc97e6bdab8462ed47805c5b1a8936faa76fa3155639a0905a9dd415291b95b6b9955b4401c0168d7c4749e93c3671509901e5c5d5d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

    Filesize

    6KB

    MD5

    0bbe9d39cdfdad9ebdd6eac2de5cee87

    SHA1

    c615c5153050b082a3519d8daab762876b471994

    SHA256

    46b7b98df972afd26d4a482756da86a1ccb6ee02ed5e774aafdf7c01f07797a2

    SHA512

    dfcf257b61d448c0a817235f09f0da4fad237b7776a96ba5ca08578c5b008e922714ffafe835a550dc3f02848d7e3bd21ab09ae63f0291b56f7509c9d33b402d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

    Filesize

    15KB

    MD5

    7da58acce99463d2636a4d41b189b63c

    SHA1

    254d2d0f9786049e0c252084fc1606197c8eac2f

    SHA256

    96d272c639145fef9914bcfa9fb44eed12ed52e1e336dd328ae3873e0543a384

    SHA512

    3ba8492819e1dd71bb3ca5fa675428d8ff6ca63a033a73402afa41babb09363d64feb06882187114a7e63d046e394700db4ceaa7021e7bdc420ed66c7c05cf12

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

    Filesize

    2KB

    MD5

    91e3fde97849995dac87426f17d91c95

    SHA1

    3b14c0697ecd8bd34ed97a8ce6cc128289e0a3e2

    SHA256

    a9a875ec511e44481f851bde386fd0462322d3a819626cc36aa1a5b2cf3b2046

    SHA512

    b1517f3b0ccdc6e0c66e57be8370ac738e48898c48c842b145a9e093c65fe00d1a00a7a9100a69f54416405a1de324aaffda8ad363f0d6c85808fbad4b939581

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

    Filesize

    2KB

    MD5

    fc123acea3ca12434cf521901265e678

    SHA1

    834b9a3cb1de6def97f17700d9762ea7d9fc3664

    SHA256

    4aba6c3d67b72d1f88e2e0821a733e8d51d18ea778682bdc3adef572d99242e5

    SHA512

    de6e49e486e61e8b179310b3595432170203a80192df55c1fb629d25751aca6326d5f48086e9cb31f664097b49d019e944391480c3552fd3dbb26d4783f3d08c

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

    Filesize

    6KB

    MD5

    21433b8d5334629362f1434b5b3a9708

    SHA1

    6a180cdced3dea83dea36dd55f518450218f7185

    SHA256

    74a6f5d4946816c5cf1be388f69ed6a04c3aa3d184a3bc2d4039837b3adecd7d

    SHA512

    ee20f91e7891409b9d2c6fc5442ac572ddaa4286dbbc3943357230b1c95b8baa5c7df14b0a8ee42c692d749dfa3ba18dca8b731c929f2d27f3b36109232c6ff1

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

    Filesize

    255B

    MD5

    3fcf41731577e8a5e545cd86ef4a70a3

    SHA1

    9bc531e6585e8ed742a2b2567291eb6fb118ae55

    SHA256

    9ce573257e279ed0276c54c1390786fd1b96dc8ce5843e15b6be17642fe79b51

    SHA512

    80ff6b39e239f132fd1332ba5a642ed90f21c60b342d096ade18c62e1aeb0b79d6eea8107b9fe61fe06d450b0c25eb02cbc1f2b7bd13d9df150019ef81f29307

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

    Filesize

    323B

    MD5

    f445bd00fd70fefa28bcb1816955a00a

    SHA1

    f99b7c27ebf213f889ec284f51eb940be54e38de

    SHA256

    4717685128b54715c6930e054cd8b72fa6633b64bdb88b82f4c2d54bc10fd909

    SHA512

    3e419d26667077c2dd0ffdf1bbdd94553e0dbe699e176d7cfd3c2380934980d5a014f9fe059696e60f8cb8e1497f256fecd3c1fe178640283b330a7387d71c0a

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

    Filesize

    367B

    MD5

    e105dfaa3c62007641f590e1daf31a43

    SHA1

    d0faf2bb18e4156ad6c164ef7820ffe5012cfbe8

    SHA256

    c44ab53ed2d0c7f05243d8eb8b913da284c8a6cbff601bcb150c226459f96986

    SHA512

    3e8a24111cdbd13f038bff9fc86fa3d4d2a479cbb7aa48d95399ed869e17a8e68863d1715d6e684dece09650d525be4a717507e0d6d5ed3e35d68473e2f64315

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

    Filesize

    148B

    MD5

    789f7cc813ee4a13eb5fd311ce15369c

    SHA1

    a4a350a17e275e6c4fd98d5627708d1d3aa4dc67

    SHA256

    d8d37407f9457f19b392d86ec2462bbd31f83f41ec768ec3d6d287fd5f397947

    SHA512

    6cd2c761361d39145d2026a6de0829dde531058d54f57f7d2519cc7867df0fd5b115167d3a2f7eddf58205a8c90b7460565e18943ae6a05237385802cdcafe28

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

    Filesize

    440B

    MD5

    8c6d22f4adf09e1181b59cdd1b995fad

    SHA1

    78c183e36f9185f18665b649b8ba1f71ba04029c

    SHA256

    882586d76d814e984d1ff86a5de163d03aab2b4fc3f82f2e25a56663353bf6ec

    SHA512

    3dd2d6eecb54972ea8b0e3c56eb229ab84c866588851e9d6bf81c15fe9289a72aaad350ce4b30a6dec5c94218d8c00f618cef0de63b3188656573465225ce3a1

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

    Filesize

    462B

    MD5

    c66d24cbfc6dcd95b3e85c4c301e4c9d

    SHA1

    e52a20df07d2a25abda7ff18df172bf5639de0af

    SHA256

    208cabf423c838d8adac6a4d937671c1ecc0e607862c9c38df2374cbf76ac99f

    SHA512

    5ccd083dd19df05c3cdd4d8ea561d536e5c52d03271311a8e2a9374b8c7b573a6ede9b2b0fc5a0a637a77b92691d580b55ef63c0fca59c5c4e1b8e4dac076547

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

    Filesize

    267B

    MD5

    039c8177b8a929921a0f7b4010bcb6f8

    SHA1

    41bb63c931d3037adab9f3cfa65ed1c49224d567

    SHA256

    89bc79a445c220fc86351136551ac6436384a463e24aa7d15a6d4c5b8a74388c

    SHA512

    6a3dfb184b5f08b1cb084659b11171ad988531653c28ba9e975551bf504a4e5bf8e2d616fdc94b8b865a660fd3550b7b20169c3515b3d95500ff266f8d3f6a54

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

    Filesize

    2KB

    MD5

    bc3949fdd1145d168bdf91a9b531b565

    SHA1

    b5bfd55170d84a367c1c7f3b12e56dffc8f0c5c4

    SHA256

    6b9f46095e94195e5daf7b3e66324c0e1c09ae662d4e05833fe0b137737aa4bc

    SHA512

    f25f3a756e23a2e18e30248dd4bb897303658663d0d522d180d73b7c5efeb19e337064299a082dab46f2aabb228ed065332efaf3ce3dd206bff72518415508d2

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

    Filesize

    3KB

    MD5

    cbaa5ad84a81010ef1fd77d7787475d2

    SHA1

    47b4be2c3affe9e626dd6243e03ed91b4c53b056

    SHA256

    e4c1a2a0a1d33d9550e5077a318d307cda0de4ddbcc779246ece0b2f6c779f3b

    SHA512

    e4c380dcdd02a36662c60d4aa7af6da7ad7efea1a320052a2d03cad4725eaa81f1dedb3bc2818ed97e0f5f191334465c07ff6adb57e5ecebefd4d41eff1773ec

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

    Filesize

    462B

    MD5

    a89e9a56fa3bc05a4ea31fcdf09b0ccb

    SHA1

    5177b6c070cc59605de64fe34ea5ade63a96d004

    SHA256

    3ef49cb9a6937b06005746b44c4c8d6562c01f5086d9d1cb8b3f5ce8099b311e

    SHA512

    fa36acc065be0a1547ec206a7de42d5329b53fed65f9125aa0bfeb48a067180dfac70aa228b4ad3ad97674432187c8fa5d41b82a5236e7d1429594d61f33e710

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

    Filesize

    264B

    MD5

    e8cc389a0399755a318b7af9352a8a04

    SHA1

    9c3042b366d218bdedecf81cb5fc4dfca9f0913d

    SHA256

    241f9230321339966831fc80c00a8cc8ca9dbbbf0c363e0fd2274d69c56d0c2d

    SHA512

    ead8840d56356116cedd3f11e8d0e8e5ffe7eb7010839a23d95665eef93b29e9cf202b6700736c35feaa567a3bf3aeb742ee893dd2156e2e5577ba62e59f75cd

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

    Filesize

    233B

    MD5

    f93602e65e2a3329571e3bda1e02d1d2

    SHA1

    3c46ad7ae84772e656852eb69547c562763dca13

    SHA256

    c3ab2ef5d1ca3c97c4bb8f43c8935a56f5fae7c9014fed88fa50d2e8d35d6d7c

    SHA512

    a69593646f71b1fdbebeec35081d4449f77e40c9002d4d3ab1d68522f30ffadeb4379adcbe68cb81ceff3f9be28abbb172aa0b4da0b90c684578ab67ffc86dc1

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

    Filesize

    364B

    MD5

    9f9c675286a7c892857aa4341fdaaa40

    SHA1

    e6079741378bd50938203f026af04c4f3f857a5a

    SHA256

    9ebfc85ac999eb8365e2ad28a7db6ad775f652e19208b75a54b6bc4c484ec6d8

    SHA512

    70b7700388defa22d18b6fac994472fa423808a12cdd8106bbd6563f6544f7392a87f8d95745265644fc8d4050290fb5fb7d481286ca5e42aa129dd9ca8d5c43

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

    Filesize

    364B

    MD5

    3aff1c589cfe1ae1706a2f09e6fa51d8

    SHA1

    d314f3576dec18d99632d314104184e7b13e8a54

    SHA256

    0383916055449912d877f531423fa19f4ee338089d04e860c0a122e138ebeb41

    SHA512

    9f316973f81df6e2a78b9f5c4cb68e419ede9ab62b9660ec4348a8d4a997c281ecb53db14ac3a9f70e6f826186ec269b82f4a3cd4f656ce41c54154d4a538f56

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

    Filesize

    6KB

    MD5

    6607b07f548a5aa7e1fbab0bf4835d0a

    SHA1

    558f7fad6a2cd46afc1cea0ddb64b80c7092d6bc

    SHA256

    63317b3008b31be6b08197f282ce622976dfb478a240f11eec3edd5fb8a56058

    SHA512

    6c2343112ec9482a3605582dd08122a833455a1d9137a56b5b89cc4649571acb9c2105274d46dae3f4093d99a71b14e3e8b14a5ab3ef0786df2df7360ce80c8d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

    Filesize

    428B

    MD5

    c1f45190fa3336f10ac184a06d3aba8b

    SHA1

    c33877768ca0fa40fe87b0a41fec881f3dc65a98

    SHA256

    1af61a194720572cfb4f32e2e590f4082dc76763d58caf7b25da5be29a770026

    SHA512

    7bf45a67eca9dfd83809d0ed18b8f7187c26f62a59d2830799506488af02f225a56b2c6cd7697c99f13e0f8fe5a82e0d983141653cec73d1ce4e6ce96c0dced9

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

    Filesize

    26KB

    MD5

    6c7683a9ffafca89c48576b226999253

    SHA1

    f58167ee0e826a89bd0ef090a4a85be6f93ba9a9

    SHA256

    f77ad849f4bd0ba0197bf208d4ca2d248c6d441349db5c19c5e8e3b43536428e

    SHA512

    db8256cae5a1f912d18a05c48980261bf409d46799e5d73565b67d45745e11ff3f22b4762152b874ad0c53be04c6132172e6d24842319f4db7965bc47f357be2

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

    Filesize

    815B

    MD5

    342af442562dc10ca26cc1e63b26389a

    SHA1

    33341fb4b1ee9e0f18c931a29df9da0712ddb16f

    SHA256

    b5dbd676eecf3c1531cecc820e7074d6edc41f240aab229d334eeba098b32fea

    SHA512

    18ca6d9c905cd5801a2b1960556d774743ad0b8f5960f755795bece42d4bebed2c57db48cedfb7f5836226a1853349afeb55ea6e57c0f14156cf5f0c918d1441

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

    Filesize

    870B

    MD5

    7bb06321d879d6e30f5c9d759187652e

    SHA1

    a418355ef0593c517e656b76fbf4ce752df42a25

    SHA256

    01e2b28923b7ef7dcfc2949bf434b58c24219cb02c95791f432177d4ce72c7b5

    SHA512

    edbb5ea8777cd1d78ca66f44f4dacd8664399224704970335595e5110fa67f2ae91e12caf76636d61e683d661c25edd177c42f2f8e4883292d31cf7bc1b8f57d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

    Filesize

    3KB

    MD5

    4c24a391f1e4a8f9649b837be88d3ffb

    SHA1

    bf3763636614142492f338af890e6d344ef3ad34

    SHA256

    cd355f4a36df71d5ef9a5b5d0238cb92af83cd6ef7f3e431df996da513702261

    SHA512

    dce2cd8d9aac27a64018348110ff08bae2709489d73bbe7fcb6b9aac07b5742875004acf6530fc6d8758445a5739cd57efebabc020c5c4aad43347f54b93b5ea

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

    Filesize

    2KB

    MD5

    2b12f1596d21629c83e93a8af893dac2

    SHA1

    0a27f272a3f94ff94fcdd1ce52290c208e3ecf2c

    SHA256

    063a06daa2c0600f03bd0489be96132cf0ed7e01bf490f401c804ee412c3af88

    SHA512

    5b2411c26c4ec9c6815a84b87bdb69fefea62b42668182b900ba842034506781aa69a9669ccce454c570ab59bcf01a531dd0ae426431d8b5e042676d7f36a746

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

    Filesize

    19KB

    MD5

    a70c10f81c33b6f609dd77118c698cb6

    SHA1

    44a277d7a511542a1f17a6c1c6c9140d65b130a0

    SHA256

    2c6506fe96608fcd1db3f560d116e80dde8721e6a4901152beda6a3faf641e32

    SHA512

    9555dc2f333cd12979ae39650f795eec78e747526ded9836b7a5f0cffb9575261afe8fd713d6fef34f8c5d3f49556440f8935377969ab5cb560445137eafcfc9

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

    Filesize

    890B

    MD5

    175f147c1143133ff334a6214d58dd96

    SHA1

    50e317da04c8d61e8cce4fa168740e3a2346de6c

    SHA256

    d5a08b0ad5500523b3197f26744a8fb2ea78f601c007bd54a6fe3f8ccce896db

    SHA512

    22da6c4c22089f944ee4fde86dcd7eae2e3fe5d068cd1707545c28d90d54a98519999d7660734fe996da342528819505cb11fe2990a065c5dd2c41954ced3101

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

    Filesize

    852B

    MD5

    c21b4693659551803df28d8c20a832d5

    SHA1

    f59d6d03033eed0ba374013409f312abc03f8101

    SHA256

    098a9261fbbf2d40f7644b65ffceba2c1495ab82efa89878f44a9bf663331fc1

    SHA512

    5950c5bd3d1856db15f42d16f54bdcfdd3c1fb370ede1d9cfda5d968ccc63e71548794a5234dd7a0e5714f96145053d9ac0a81f623e5c363347676ce82e2c57b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

    Filesize

    860B

    MD5

    dab345170373aa88ce0171837337bcc4

    SHA1

    220719e8779e4f07e6ef79a866cded4165beceb3

    SHA256

    5bb9f2077724973b91e36ffb51783368839cddb28a1c81feb0c64164aa75f6e5

    SHA512

    dd82df47c5c4c04575802a1e9cb6bfb3e04b3f05d1e2b0eef80b1c09fa6d6366f1ed31023ebe2a90bb12d5a91e97fdb3a1c926111d0047b2ea81f89b9b1be060

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

    Filesize

    580B

    MD5

    195cad8076fe671cbf94e417c870537d

    SHA1

    b2f680f5a8bb885eef2cd6407b59ac2de7942d93

    SHA256

    3c4a9b5cefcc0c3f5951ab9b62f513525b9b96698e26059fab75b0eb472a4311

    SHA512

    99a918e4b8b23fb92b990c9bc66132ea56c4216c9490bf793cbd306edc04ae32a461d758c450e011ffb80c93154afd4caa9a1073d16e61bd7b05ce54c3eaac7a

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

    Filesize

    899B

    MD5

    1bc8a0141981772afccc08132e91109a

    SHA1

    2fbea1157abd1efc1b61d5f5bf9a72d242897f7c

    SHA256

    b97119f4b8a09c8be8d73c33b40ea52c9723797f0e22f6e45018e092546e74ce

    SHA512

    c16163d200f2b195a9fa03c90022d88edcb391b6ecda6e809d47c7bff0c932921b951c9b2ba29c7d49c114f9c2c7527446d20b5b81450da955e8c109c71a5c04

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

    Filesize

    625B

    MD5

    120fe55ed54399f60efb48bc5ed6626a

    SHA1

    91c000a4b78b659c07907d856e3a3dcbe7fec201

    SHA256

    d9ce4d43ae50bb947584d96c84f960e354a96dd34204e289a793c58a02e70c46

    SHA512

    ac460b44f2b48135546967ab0aac0143c10c9c4c9c89975354d8f35b02ad9ffdc3ef56b99129db9826fe3c1d04979fdbf4e16c143b4f19efd151195f5df51c69

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

    Filesize

    873B

    MD5

    0cdd21470e973d41860cc45d08be719b

    SHA1

    130b3f2cd4fca0e4c431d089ba0b950cb284d65e

    SHA256

    c4825e4da1e5c6c97c8356381fa295cbc275f666f6efcab04eee91586501656f

    SHA512

    c9892d41e08811663f2f565ea8582ae2635bdb0c31cdc58f5001df31c4b6b38fe8fd877c03d0d01bc3d8811dc8e2f9da1a524b83f22c5587ae44a7c04093a85b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

    Filesize

    5KB

    MD5

    6e781858e220e90efc306b00a67962d2

    SHA1

    02949fa07994fadf8997f0ac0ee62fbf38b29ddf

    SHA256

    9e213cfb6e9959b861e7e5c7a2d1b110fbf292f05fcc0f7d7709ac7fcc33b01f

    SHA512

    fd0a83b8e6adda3ea0ca725e578955da51e89b15368453b69d7dfa8d17b4ae158e83f19d52e0966a28d8c4dad68fdf211d6266c8f6c07a029e1a6347806b760e

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

    Filesize

    1KB

    MD5

    d514ecf2ada750095ecec3ea12e75958

    SHA1

    ffaf738e4d052dad7f7977d7dbe41af3ee5c5561

    SHA256

    f663ede12698fff141ac0fad512f74ee92d0dbf10c58a2d7f209abe894626a01

    SHA512

    66e1fe75254ad5964991321817ea880af75942df170806def6ce38c325d659dca0d44439a223780a909fa8401004430f7a039641cbfa91a3f2a451c318e7e627

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

    Filesize

    615B

    MD5

    77f739191380de7e52ce4ef60ef4e979

    SHA1

    1d9f13110ff7b712a189330542a55e531fb29131

    SHA256

    f2a284ce3d9c6bd63a2e83aa8a49dcf7661835ce01fbf2211f3b9dd525be8c46

    SHA512

    758444171a78550884e26ff21672c36025789ee2bda7fab37cd4caad90b83b6a62d38c422395335590b10eb95820dd660b7ae44ee49e1af43fb637bbf55407ea

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

    Filesize

    848B

    MD5

    f16e4ae4bf17a2de24dc68fe529ec653

    SHA1

    de72a0c51cb43cac1cec17f034f4e440ac9a44cc

    SHA256

    154756e2eaf28f68c1cba083cd4bf60e03ce1a47189b8a907bc02018a25bd0d1

    SHA512

    33d22f033fae0ae40f750fab5da1b758a222b3bb0d78dde9a45a18510ea1d9ab1424e7706d7a0f87811b9d3ce3acd6e683001336fcac94b3456587ae4f2e7f1c

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

    Filesize

    847B

    MD5

    a8a20bfcbb03a2974dd9917d22dc2be2

    SHA1

    566ffb7231e5bcd0f20deaa0c0103dac59f359fa

    SHA256

    7b6b767d4fc71cacc93b63ef0973caaffc1fb1da7e4ae34c5d84ffca9117f5f3

    SHA512

    4f8ec9cf3d8112ba401a180a24b6d8b490d585b40e3c19e7e6ca5a78eaeac35d7d7b27afad427d43af51a62c9d60352cdf3822d28418c4b04d34dcce020c3eac

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

    Filesize

    869B

    MD5

    e89c68540a7453a0af02f60008710e6e

    SHA1

    f8edb9e9e2f45f4b47cb63eb0fb3d85fe1a2d369

    SHA256

    d1aebf9f31f8aa8ffc8408108bc3a4a906bcdad587f246d1db287f7467013287

    SHA512

    3ab7f48f4fc369b93a0c26aadc50b67064ef2534ce26b5c7230006c73d32eadeb6af0940eeed6f44c2d4cab0c1a6fd70b4e709a228de2309457dec39b204a5e9

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

    Filesize

    847B

    MD5

    a82fc2e21bd02256eb3d324a4cf9f3d5

    SHA1

    fc555d71e919c2753aa5ed827d294f622f012862

    SHA256

    392323c6f822c3a6c3ecc3895c1cb4e27a8d1934e54f3beb76b21f96790983a1

    SHA512

    0be04a6e1fd16d815b6fb45378b8a07a635a977bc1e69143bc4baab3368c95d6d253c64354c48da1e1fcb62d64e5824cd214992d3805fbae28590a0c40ee2285

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

    Filesize

    863B

    MD5

    d2824b599c581a152e5e82eee9a0b745

    SHA1

    46773721931259c788c1b9d485461d736ecca068

    SHA256

    6b0f07de31d8e4dd2d4a00cf36ca7a58acebfc663a1158454d8d68df31a987ae

    SHA512

    31f0cd8f99dba20f2b398dd3d08b43e3d8b30d89e920e7b1f2da9f93ce1139df8113e2fa464eb2b6d188f383508b05a0dff9c17bee911f665748debe88d0b975

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

    Filesize

    861B

    MD5

    a08038a56dd5a8430da84afc1ac25e70

    SHA1

    53ae6bb8ebfb274fd4c99118547aade312dadb42

    SHA256

    d48700880d68cb3e70cd66138d3536b6cb5c8f9098082109322ab45d5a2dd4bb

    SHA512

    7b5f76dfabf9a4d42a2db55bc904afa5004d847cb893cc5179d0985b3611f8a913c5208b2437be40913347d2f36240702253f3f7e6f58935350623191410f42b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

    Filesize

    850B

    MD5

    31112e8152dc0abfac03f9a996f48b55

    SHA1

    cda5d167fc45f95cd4bb7ffed20dea98356b5f62

    SHA256

    b9d13b05b7405238d76a711120bd88f19af40b2e835d313e8c435a1e16482fcc

    SHA512

    7a1447c03866a84f54833d92135b9f93160b5b6bdecb007d489c718699eda7f045828c607b0666eb6fd65d9468db8395e57ec0143680b75290941b40c7c5a00c

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

    Filesize

    883B

    MD5

    0ad31b401b2f54a8ec46b11d19770d18

    SHA1

    3813962c9867b4972ed644b498c316b718c79fb4

    SHA256

    bd74ef7e70b48f9ac3f79955f0a06407ebbd2438bf7176b944969c9fc5499d75

    SHA512

    338368ee82c34440fb9425fa80b5c36d4a144191536a58aa1f65560b608dee2c49dbe5cbb919ff6b29e176f38dbe5ec9f46e315928c7c664cc4c3aaae98624ad

  • C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

    Filesize

    153B

    MD5

    b1a295e73a5b5f6a55a54e0f790e63ea

    SHA1

    cd29e9e01272f86beb2a1f138a1d195493b04460

    SHA256

    f606f6edb2f72fa25c3c7ddf3ed0ce203c65af45c8e98c0eb8d9beff8ed4725f

    SHA512

    f7ab05ab1c74f5eaa13c588d7ef8eb2f822beb7a80ea2b1d76aa2fdc862627948be76261f772a754094f1f1941bf6d5aec2150018488beb30fefa1784d43bca2

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

    Filesize

    12KB

    MD5

    8a596152ad321704d33b67ac1be4ce3c

    SHA1

    0ecf107ff9973390aca720c0d238b7a341f14f74

    SHA256

    c574d238b46c3234e5f332afdbb0b52fbb67b76449e30a05a1898ae9639501cc

    SHA512

    7b8e95d9c68c60831c5a7cedec4104632dd32e1a5174ec01951e6234b8788cd9554043fac8a18c8957386bad23783dbd4d6a5a521119cf54778772cf53cbb50c

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

    Filesize

    8KB

    MD5

    80c9ebb0058ac6a2d44543f856ca41fe

    SHA1

    f550874460718b9956c541a6e987681dab28e198

    SHA256

    8abd0bdac0609fc23de515d9c7220244fe60ff872e081caa339b628af2d62cb8

    SHA512

    07b17d261802371cc807252970c40f23489e7c406a5478e4dd84457d31da452e3b5906f8bd1b05f9d370b3505b14b4d6ea2e6d085ea7de19d5693a23049c9d8e

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

    Filesize

    11KB

    MD5

    129bba7bd5c8c954b46c6794c60ff0a3

    SHA1

    05584377c69245b8eefd81fd34f98bf3e4290ae9

    SHA256

    df615449e75d439ad89fb8b16f010c0bce599353172ca3888f56f0781b69afa2

    SHA512

    2b0e2db0259f2aad71f319cc1c5487a00558edc919138c26e94003be70d9e4b947c9120be56734e3de38029c9d6df1c4c3478b3bbb0164c20bdf89d5d7a04f0d

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

    Filesize

    109KB

    MD5

    bf0a19546a62058bd9189f6a8a3a08c7

    SHA1

    c397851d71efe82cc31ec1d7d175c29b84c3ab62

    SHA256

    f6029c3eaaaf5cf4758a42290bd4d60ced866c3bd90640571fa1406ed50f289a

    SHA512

    a1f3f3a70f8eeea2536bf4e2ba112235845766a41db54035f74f84ef97c841667d9f16159983289b42ed8aeb788e6d54e58191d8c10f49a28ce2712c7d32f577

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

    Filesize

    172KB

    MD5

    d13e288c0c71d13ddcef4e8e08027f06

    SHA1

    6f592e11d92eb3110f237434dde5b7c4dff1872f

    SHA256

    a3cc6e54b562ccc1a0c3f1a5160bdc93d875a4760a35c05bd1a0dc04551baba1

    SHA512

    86e5a3c9cd5dc54d3dd7fd8f1ef6277ef0c347920ee50d88bc4a1f5cf6af1485d4de0e6d4d0a814b606936d07bd2d31e0e2a355125f6b88b290e964d3ab63573

  • C:\Users\Admin\Documents\SwitchWrite.xlsx

    Filesize

    10KB

    MD5

    0cab262f83e913bdebafe73ce56fdfe2

    SHA1

    e4791c49ea69cfd7d80b3562b610e711f4b0ef61

    SHA256

    6a36711327e1017df9becc68e382b60120e6f93c4eea3bdf71f2869d88ee7c9b

    SHA512

    97318d7cc3effd7e88e289e90decd41f73790d8027e8c23c74d0698dc5c1d7bb836a69d52f77d346601bc3fc32e3178d1fd64c71033d795ed64025293c968918

  • C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

    Filesize

    1KB

    MD5

    13545d2ec68f771d2d83488d443e24bd

    SHA1

    394531448eb4aa69e54ad5a7113b564ce4c8e246

    SHA256

    0491749f804f30374c38386505aadc9ca3aabf954308d4e24fb4f507ee4a1ecc

    SHA512

    6df3140802b5e43c55cbf6a450e39e596d3d5e1c024f47d3ae45ccd1ffa0fb2c40085e5f18f3b3d64ead0b528786779d24cb104fd89a889e0d5041165a7363ce

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

    Filesize

    21KB

    MD5

    1910bdc61a47f40764e99418e59220c0

    SHA1

    265664e44ecf386e245e44d451c0a52f4d955f00

    SHA256

    85c4332279b7982dff2a5705a79869bf7b7c5e1bf25c12c7971268fa4a366de2

    SHA512

    8a8be835becf464508369e82748f04a438157d31c072f1c4adc0fe4c069b20c32b223919bdaf0540737f30aff0e9220f37a50f067ac356cfef01cdcc014d041c

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

    Filesize

    1KB

    MD5

    89dc14dbb6a9287df627c48d919eca8a

    SHA1

    6119b72375f12e876d0aecb1ff63e6f07edbf856

    SHA256

    0faf0c4334ec81b70f2a9090d0323009fd639ff8e7f22f41fefd5c0e49c4a4e5

    SHA512

    a0a0c50037595af7b76eddb5556aa85868b69e6f91d3367c31c5fd3ae5db545114e1813315547b42e99b1cd986fabfa43662335add267fc4cd8ffee2e5ae2e56

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

    Filesize

    952B

    MD5

    1326c90971be76954d79ea26c6e592bf

    SHA1

    3c60e3499be27e2936f6ec9ebe1cf361af9ab810

    SHA256

    c4933a2268f2867545cdb373123a307c2073be639bc5a168b84f7f35903f1ccb

    SHA512

    b645cc7de744b3d64aa749fe6e254f2de40ec26e19f1f1f5ecd24ec32d4acd58ff51fcd5a03dce2139d7b2339944b595574b9973736cfbefecd74e7d9ccacbc4

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

    Filesize

    121B

    MD5

    bc60d114ab69b8788b87dbbafc5f6ebf

    SHA1

    4b567a2ea842cc00af56e4b1f429b0fff35d2c07

    SHA256

    7bd64e2c1dff6019282bca56a03456ac11d508fe2d32b7fd8d624d40a90ee738

    SHA512

    2fd55da2a543702cdd05375b78f6585610bfa15af00e87a69348cd602128f8a095184d5224fdc64452348bc4ac03b483c69457176e0a1f6710496d46ae9e7fcc

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

    Filesize

    1KB

    MD5

    f6e46cfef5980196bb303e3de02cb3f8

    SHA1

    81938732d74621ebb38d8d60cca28101013b29e7

    SHA256

    b8494415fab4e1fc5fe11fbf50f2a1f466d2e6831916fd2d727500b309bf53fd

    SHA512

    918a3e738616ef6e7e3b3aa17228acd9e1630cf617525158a910fc8f628cac55f0faab8ebdd33b52e4e6abc157c9d37fc2c78e7e021238f8fe5d3be4e08b633c

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

    Filesize

    8KB

    MD5

    ebe92eed5ebd6b4cd612bb5641683edb

    SHA1

    a99ab66f8348ae052398fd1edbf86eb40ea09fc8

    SHA256

    1e1e240b3b89c9696a70a9bd4658f87f5e505e4db4109b8110963b25bae88279

    SHA512

    287a3ec5152e7fdf0e85cb4512a33014a23dc128face82bde27b43ad312e8ec2dc562fd67acdfaa13ad9615dbaf73f948a99e46f278745a2bdf31bdfc61e221a

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

    Filesize

    914B

    MD5

    99a1e04abae5bbb595db007a97450536

    SHA1

    9d527114e87fccc7bee21db5dc2691a8fac2b8d8

    SHA256

    48c7f9786c7678ea05222e394e5096403e923ad174900ae8eac6c97faf3bc869

    SHA512

    7549183b57cc8247edb0245da203f96e19769cedd8f2ddff5b7914162a3f000481fd722067c89223bc2465603da581c6b379227f4f704fb0d06014cc73c337f9

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

    Filesize

    328B

    MD5

    d2f98c1efa381c6b49c7db5cec795d37

    SHA1

    bf1c8a1b1d690933915072b9c91ce9717e350488

    SHA256

    ca3b7f41993607d4512d9ecb35a6779418cddff033b9c461c2db64eaa5be768e

    SHA512

    1172fce7feef0224991fff92a593268bb6929c4d391afb6c10837f188c6dff7e3009f124d878aab43094bdf5ad799fc39011eafcc03046ff0f526235ffc0d132

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

    Filesize

    1KB

    MD5

    9662d71ebd4d6ed1f57be964cbe6c6e3

    SHA1

    d34d452bb946f6ce7d7a740b18e8251443a9edde

    SHA256

    de48fdedcb5c8f3f8941f67903d8c68414fc490ff97aa00a05f2263f90baee0e

    SHA512

    72cf211b5ccddedd84480bd08bc1ece348d3fbbf0be11a60a8dff67375f24668b65f44b3c1dd43ef75ecbbccc98af5e3162e8e28e1c1ecfef37133ccfa876ba7

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

    Filesize

    162B

    MD5

    634dcee58db44b833b6add584d3bd9dc

    SHA1

    a86c804c8d9dc88c722552470b4aac0c93ffa3da

    SHA256

    b20838becec7af28fe21360e14c31788d24f3f9aaa480a35cec0f716c0b85f2e

    SHA512

    388334d89130c1b2a05736e1404998f2e1108d887444d46886798ba61b69a911ef4390c18773c426acc26e95ee9a1adafe99108e1e99fee0df0bb1776fc2b420

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

    Filesize

    586B

    MD5

    ac8eb69abee19dad425d4ba4fa4169c0

    SHA1

    1e5a98d1929fc03de7b3c47c4c83ceeb343577de

    SHA256

    396e2d15aef3664b6aa3d0410bc0d4a06ca7e6879a6f1115e457a3b58d9ecf58

    SHA512

    fb045107e5e9ed3313dcda1d842bd31a99ae38d5d0fd3037819392fdc5a90a5dfd8e01e2ee639e0ba476d0e7f368b2c0ded19f684d5202e384bac393db1ea66e

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

    Filesize

    124B

    MD5

    49577f4d8d16855479f77590f97320a3

    SHA1

    895d65242e88365016d606778c1c5e1cf21906a8

    SHA256

    95575a7fd8da61f586a42db01abda8ba56a3d56e46c8e15a5ea0e9aedae9eb8c

    SHA512

    ab02f2513f2e7e6824beb5fd308c9d560d5ba15639e79a0ca5cd9c95394b4e1011fa493fe2a78a4170db72b1bbfb87942ec32f8743f72b9984604c9c2d9aec53

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

    Filesize

    8KB

    MD5

    cf6084e848372a8afcd85955f12a735e

    SHA1

    a59c2b06c486707b4932b661ee4e9b890040c480

    SHA256

    037f870304e74619250ce314d7590cf332663bc474009f746e02458ba9544fab

    SHA512

    db6c508a432f6919caa63e316e24dd533e7b6e33744e0603e3f9371452214235a04e107ea0393534c3f8e99f0f0815d7d588fff611e45eff7c4c34d7ba000fc4

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

    Filesize

    880B

    MD5

    b5c4a6bf1a83f70d0150b927deae3793

    SHA1

    b415339ad985644f52aaa115f206e46f400aed25

    SHA256

    a99d8904326ac6441a1bb3cc37ea5a6e2ee1265458505bce212397271fba0e3e

    SHA512

    f1e1a8d5b946b8d9e984734c902c98e62af8ee9733ee82c71174b137ecdfad4b59d726cffb57de77e341e77331e45eacebc407503a5fdeda6d6a86e9685215b6

  • C:\vcredist2010_x86.log.html

    Filesize

    82KB

    MD5

    b566b9f39fcb70260141a990709feee1

    SHA1

    64607274c2dcbcb146972558413a0e07a9b7e541

    SHA256

    b29aabc587de449421859577bc14214da7b2c81f2c9bf71e239afb851aedc639

    SHA512

    086f4839cab6c6ee265f141fcc06e762e1e57836939c2db871e4c24e276a79a32dcb0bb07268df9e5200e53e81b86c36e6b284b71f27c52dd04918e98ef221d0

  • memory/2296-7195-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

  • memory/2296-0-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

  • memory/2296-7196-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

  • memory/2296-9011-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

  • memory/2296-9012-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

  • memory/2296-9013-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

  • memory/2296-9014-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

  • memory/2296-9015-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB