Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2024 06:30

General

  • Target

    60d155a69731675bb493c707ae205c96_JaffaCakes118.exe

  • Size

    13KB

  • MD5

    60d155a69731675bb493c707ae205c96

  • SHA1

    22d7741ea994b80188a8d43955083c760553cb99

  • SHA256

    a81cf8585a3ed094202be82499bcd20cca447d879c2e2be6e74dbce50407d2b1

  • SHA512

    0ca9ac7829299cd1b4a36229dd05db74e95fab3fc60931974c773493bc7d4b4998c8499e8a6cb5f5bf562d8d67dd1f3c786c4ef79b65b9bac4d03f5b1630a33b

  • SSDEEP

    192:Tzdrr1FG1WDCgmjPZcCz9NFoy1Ma27OYYaOCIX5jj2J/e8cwrXpUA:Tprr1gkDCgS3Th1Vg48awrXpB

Malware Config

Signatures

  • Detected Xorist Ransomware 5 IoCs
  • Xorist Ransomware

    Xorist is a ransomware first seen in 2020.

  • Renames multiple (2214) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Drivers directory 8 IoCs
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in System32 directory 64 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\60d155a69731675bb493c707ae205c96_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops startup file
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    PID:2308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

    Filesize

    475B

    MD5

    45b4d228c5cac94492892fbd8809008a

    SHA1

    f2ca9fcbc6ad114ef98cb6ae8784bf7578625c0a

    SHA256

    f3de79ee3696a3abc54053cc01b339c65099251b6b07a03b46b73c9d140ecaef

    SHA512

    300521bb1a7f5f9ffac45aa6d73f1d2d9ca57bd8d71a291d0950af5d8035e27740f3b54b3b9870058cff4ce2d93413c59577fc11f3b1fbe31a0f321994ccdf1b

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

    Filesize

    341B

    MD5

    c987c67d9f3b212d74b4a36fe69109b6

    SHA1

    56477c95f6c1b6b86b2531c0c5f70daaaf7aae28

    SHA256

    04232c6198670fc9082f9f9a628577dc60db25ea7c1501487a5edc9171db2eed

    SHA512

    169d2204340dbec63e3198a33a3059bead5a18d18ec709408cf0d35c238288659a1baed21fca5ccbbb3daeec1cce7c2df8ab491d8cf5b790137f3a778f104720

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

    Filesize

    222B

    MD5

    4079d751ec033c9cbd0b872ac123e778

    SHA1

    739c5be6e581cc91f54a1438e0e89ed976509083

    SHA256

    a300f981e61e66385eb31ffb6a45e970484716c330e1e57783fcbb17c0e2857e

    SHA512

    cb1d21e1c15867bce395b531f5ef4248697c14379ba2341f562dc46e4ce81dae5306d8f7bbfec85ef767dd43b138304b074b6cfe9a5b7338a2a19b6e9a6eac67

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

    Filesize

    24KB

    MD5

    121ddd78cfea7d011dc8fd17e3fb1a6a

    SHA1

    d6b34057182f261da71e03ae58c1ed085bcc5aa2

    SHA256

    e1874766dc7f8d10f9111373e44818668dc039e5247938233a1f2dcac0b89fdc

    SHA512

    5adaa0347c359e44f9e8e85e8d42fabe62b0e81d9abbaaf536db5c484d5edc19fbfb4ffb2c20a929d70418951216e0436fbfce90769460e03d2311ee8f81ac6b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

    Filesize

    185B

    MD5

    f660cd5730dfcaae456ccb3545d89529

    SHA1

    00e7159bee3304e51749b99dacdf840a64095356

    SHA256

    63f34989bdefaadd7ab68d0967b3bf1e444f62b0764cf6758a6ecd36da98b1f5

    SHA512

    8ffdd1ecaa0acde86be92b3050dd2906d017f938c3567cc74d0630b2d59e4bc7dc1af2fb309fb6538cac93eba2924055bb3d1933cb3128d5213f3504ba4112b2

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

    Filesize

    496B

    MD5

    5b69abd869513721ccc4aae6629a44f9

    SHA1

    9bf57067e407a492737794acaa19e5b4e953642f

    SHA256

    1f4dc48eec90599b9b39b07501d888bad7ad42da17a240d41e40182a94933e6c

    SHA512

    283a227850b168942cb060834b645e5de7f7588749c96f88f1f0d9dc062aac8c1bfc7fbb1367f3385696e9a80fc55d8d452385709506bce70a2dd57593f36f67

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

    Filesize

    1KB

    MD5

    ba337af24abaaac8d09b6a94ac4a360f

    SHA1

    7f3f957a26fc2994c4ea8174c7ee2e1f6e3a539f

    SHA256

    791899978a31ab2a4f188f55f2777bbd0fd7b58fabb0dc8383f2275f2c8543e5

    SHA512

    61a08b10b3cdb52ed6312eee4fa1e80955f66d7fd33581e5e2683a9f17033576667371d802fdf18c6a711849e4154c7ba9cc32ff17d327a751fe13496c8b58c4

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

    Filesize

    5KB

    MD5

    0bffbd1b80383a195c0e256229b731d0

    SHA1

    28533a7d8c8043433a1753b0cce01c09c836c65e

    SHA256

    722448113a7b775fcfff1dd4b98dcfacd0a825a5088cfd52a7d1a1276dbb4e97

    SHA512

    dbed938cdd2a4532ed12c3ae0d1bbd26e0017ac7dfa50080817a12642352f133ef33d708159fbe0330ad5f7ff8bd6798398c462214d15358cd1bc6d4e2ff9ed4

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

    Filesize

    31KB

    MD5

    bfd49520ca68d9f2df3bd3d848a9a3df

    SHA1

    555147a9b94b0428f815076f91cac586a06b42eb

    SHA256

    56077eaae4a008cc05356add2c5322e85fcbae53e78cd1ee6280776a6a93af81

    SHA512

    6c4ed11a5e1563da02c3b355575d38daab06c1467b2c88b2cbf6562108568c9f50ed9aeec9f2230330e823611b51e4efd5f9b93b13cc1f3cbb38f12404241214

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

    Filesize

    4KB

    MD5

    8cb7a71304e650e6a8773897eb507c1f

    SHA1

    8dbae6ef5a478395397e17e199b5d56258c8a16d

    SHA256

    5db17b8621d294030ff0b958eb4ef7d9f39afea1d6d9088681578c8523b805de

    SHA512

    acd6f47c59fcbb057bd7291c6c22bc809dc455722a48b4064242707eb2e75e8a0d264e3d16906f50ec4e6eb5fa31fa8a499be93bc4d6f9b44b1e9b5a21f27dcb

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

    Filesize

    21KB

    MD5

    91653ce74650d9fb72ba8d47b184bb0c

    SHA1

    372c9401c5ca943e47aa12d569e59044b6b83e82

    SHA256

    d80dc03a46e97080ce63e0f5afe8cca5893b01590fcd760d2ede7e93348fc8b5

    SHA512

    948c57c3ca7ddbf0e56d5e9b28694844f8eb396e71fea0fac8e391bb5cb4d0820ce2d0031e37d7906b5141151862fb631ca99bd03fd521261dfd1d37e112318f

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

    Filesize

    8KB

    MD5

    5e283f6e582b6c486a40f0cedf5375ec

    SHA1

    d7660b54126dfeba40ef14eef96e9ebc63497f4e

    SHA256

    304e42c8220170a4b686de2303f8132e3086f9fc54e05071f0f7ab3c18dd1f2d

    SHA512

    950ead73c3e30cc117c6bc361440b1d6e18999a11386f50c6e59ef08a45a04bfd4143a2904a0185feae7973d13240dc69bf413a919dd85cf7b28795c8c9ee043

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

    Filesize

    15KB

    MD5

    14a704b205c822c9ad301324501b8eae

    SHA1

    03f5b0723fff1241fc8a9976bab6740d8caf5648

    SHA256

    48ebc4bb27e573d4fef837d00616d72e1be3ecbfb33e5ec87c1202bd9e719e0e

    SHA512

    bc9f7171124b8aea908ae19eb11ef767ba9cb791d8235a57915437be3a69c8415f1c50824c1adc0cb78829c734c86cf64c23438371b7eabff1a1c905d0b9212b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

    Filesize

    6KB

    MD5

    b7c8968cdd86767feb6658e02a4bdd69

    SHA1

    4c1f85d5b0ff038c7c6505c5fb165131b4d67ca8

    SHA256

    0cd35eea01f7d646d22a6fe72f7ff15782b5ff004d07dd6436a7f7f5b7b90488

    SHA512

    d6dec843b7a4d7ee581745c472852814504f5aa9a1cde1765fae70dc5b25b2bb11e6108edabcac30da26bcfe0704fdb5faf0fca30ca0aa91d88bb347b4f2988a

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

    Filesize

    20KB

    MD5

    49d66de2f0cd94a02314c0a556fa80b7

    SHA1

    d0630080585a876eb62e56ae7d531ec5290e41d9

    SHA256

    bc0fce79beb60ca2a9e536ebdff7a8d8cc09fd7bf07bbd432da7e226bc7ba4d6

    SHA512

    fc151be4828e6265afbd736c798f31fd62f41ee123a799cbfdffb69e39a90a5442354cc3dce5fd681dc1fb40a0447adf3715e05a6cf3429dc5e83185145ab253

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

    Filesize

    6KB

    MD5

    e5e7a9a3a68050a21628c8a1e9e11fc3

    SHA1

    28f4ac8dd66681b2baba90d83d9163d4d8693a78

    SHA256

    a16be4d2f4584314eb1f6329a82c406c51691f9d1b2b8111336470798ee290d6

    SHA512

    f262877747f9c9e98ebbe2900114db802377768f37e91337d83a1b444c9edcd8cad6360a59015b1c8c151d8450613d5d17460a57b19c091bb325635cd75c292b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

    Filesize

    15KB

    MD5

    36adddedd8616a5cfb08efd3f0bb8a66

    SHA1

    b3211f009ac86efed28fb318d889feeecea0f7c6

    SHA256

    b689caa2e18196b620fc414b9a02be64c7153f6a946045bc27274859d9ed9c2c

    SHA512

    b87c10553e195e0666a7d2bcc1285020719c3d33d73265417ed2004c7307230029eda92beba5ac0b5871bd0a920d41fb80b2d3dd655174f47de0b479565a4cb6

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

    Filesize

    2KB

    MD5

    9bb8ed6ba67d04963a2d0556f655d4fb

    SHA1

    a8cbe155b14bb9ecc335e9ebf7d383ffe08c0cd6

    SHA256

    e2012e8474d4b628f97492f782bc3d5c3b71f440cfc13e097f18c9f8aa6ed15c

    SHA512

    91a492bf6bcae677b419167955109925a3e7fb40397050aa9303c47ff3fd4256943cdd7ff4c8ccbcaefc93e2219711afb3962815d9504dc5d97ac00717bb1da9

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

    Filesize

    2KB

    MD5

    273385c9bdf3a6d5fcdcd208a3b940aa

    SHA1

    3b85b543459ddcddb6817c6d24af06551ec43c3e

    SHA256

    6740db92173cf39b3d6c01f9083fa38438adcf4dcc716e87a5b201b029d2143a

    SHA512

    822f865a11402f9ef7596480324e09476dc70fc8708c521c112ac804ff279b44d9824b63e42e903136bd90ea9a4ca9b7e95cee794636359b1e79bf5fd2c4b30b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

    Filesize

    6KB

    MD5

    9fa3ef1f5e37590bb25c5314ebc5a2e5

    SHA1

    cd423fca54f6b79db98fd86254da4a780d8ec92b

    SHA256

    7c30bd93e8c51204f1dcae814bc070d769432f2129ac93113a7ebb5da6cf7cff

    SHA512

    a7f78ff59589d49941f40d5374878b752cf80ad02ced65fb5d8410e37d03dc2d1c3b94539878b9aff60017944bed6dd630c59785174aca191988ae75e0c7f2c5

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

    Filesize

    255B

    MD5

    9872f422b0a3ffb96465b7a78f72e5cf

    SHA1

    b454003ebe007f96750d948bff0fe3fa4e1698b7

    SHA256

    fe3cb888a1ec763abba8f652a9962a7b901a662c1269709550924098074cd8f4

    SHA512

    3fe41cf8b1bc1db15a4e7068b55559d438f3066cce8224afa3ef589e76089a92772314294481809b5e5650e55c955129fae2c78c5c22e9d4228319814d2f1161

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

    Filesize

    323B

    MD5

    401ccfe2c4fea7d505b866cec9050a02

    SHA1

    bebf721aa58b75ef6496e7a0ff070329191bb99e

    SHA256

    90350896d5c7a107ad3ba53d5d36b445fc65f217bf70493fc8b95b6ff5ed6677

    SHA512

    359ce7ae84e18c02f7262fc1a890759ab0d7b44f0d7ace7547063b0d487138f8ea9a5b4f9447f1a4b2e14da3fa28c7205c3ac6feae51721244b07dcb6831cea4

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

    Filesize

    367B

    MD5

    30bedfd8b7a5ceff2ec2cc5bc64ba16f

    SHA1

    b548d7990b8e9f35fbe78b72770d9e8bed3bb94e

    SHA256

    582f1d8234edc9b36000fb26b17ce6b20657bfe8c405259c833c6c608a209f1a

    SHA512

    fe1be5b45de359b9672aed3696c8428f6c6d3d06f880663203b7a3546962919b1e2b1dcc7f4ce277cd5b2ef599b3359f106275e32862d36e6f316cee3c34e76c

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

    Filesize

    148B

    MD5

    a63f101ff3d5c2b9bee8853fdda76f94

    SHA1

    7a7a687cc6066600d1e430e86c583471fb4a1508

    SHA256

    d0950b1cf26b5f02ab3d3486d094d0618416e321b6ba05d65b8914fdb372fc13

    SHA512

    0660bf1c9b6262e1ad3a8c4a54599c0ae44d30d692ef7fc70d9ed70c70b13f02a89138534ab0e6476f31a73bc513bca2fbc3cc3b4e20332943200fbac33f2de1

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

    Filesize

    440B

    MD5

    4ef62af00283a9bd2bf253227a7d83f3

    SHA1

    35addacee37274b5ee53a83035363d6a29b94929

    SHA256

    0aa02dd490c005a97cd3eeacc0b684fb97e944344a4b85f65d29306e2b1a45b4

    SHA512

    d93a7171044c7ab2f7dd21cb5de6501251a8fb56a91826ce1df0136e4f0e4f0eaf0202f938ac4a48774b428bb95a8109eed60d3791eef38bb14833fd9dcba9c9

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

    Filesize

    462B

    MD5

    647f4ef2c794f76addfbc0b89fafea21

    SHA1

    8ed747748c7ff56768b6a0034a93f4b385e297f3

    SHA256

    a0bd4f9ace8126e9f39fdd64212f29cb9fcb4884fb1855b2ec86fdcbca609412

    SHA512

    4c209a7cfc13dbfc2ee0b0fb933ca214e3a4ffe10ebfe12bb6e24280be5c6ac6e59dba784fa813109787bc83774a3d349820de89e81f7729174e893f0247081b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

    Filesize

    267B

    MD5

    d277cf21639d00d9441936c57303095e

    SHA1

    85172d0e6c98f36a4449db786f859353e2968054

    SHA256

    87adae85e302b3ad04c39b265d73b900882def1b78290ee118d6af70c362c1a7

    SHA512

    e24941e64453b62fe10c70abee507f6b1a00be19510ba7f3ab5b93c232757972757e89b947fbfe5e527bdd565087f0cd9810eaa561d40c8f03786a725a533f54

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

    Filesize

    2KB

    MD5

    da8b173b287cc22e439e1904abc6f4fe

    SHA1

    5491afb505ae3fa663bb3e3a9fabedf81e654b7d

    SHA256

    4a43bf2ca92f382fc57025010576c26aeeabd28b5fb4d0387abeafb8cd5999c9

    SHA512

    658724d6d0d4da407754f38713da17cf814ae84c1ddcaf86a035bdcb03cf841009ae37225262c66af7e6a3e34c7b71dcb20a276fdb4edc550994a56be1dfebc7

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

    Filesize

    3KB

    MD5

    4c04b4aff510368f44cfe64585ae1896

    SHA1

    11bcd6f38f3d1ea51a02283a72a6f12b73dce401

    SHA256

    52e0f75f8b4f67324d9ce19f4b5bbb89235d6255b329fff991eb99635b1019b2

    SHA512

    10829ed4a77003f88388a77a13881f5a87ebae6a8716bb58c28a792baf19901ace64b3ca87b28793b4fd2f12ebc292e9954441010cc603a09043a3dfb545c6e3

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

    Filesize

    462B

    MD5

    8a452eb15a66a276f305ce1dd88cfbf0

    SHA1

    fc4827b0a91f53ef378cc6fc4ed96edaebb02ec5

    SHA256

    6eed6d275c468fcd37c8277cb4018cab2a3afa5aa2331615aa9cf24d4f704b58

    SHA512

    3f764720c2c4302fe2791ba45ce91b4a2905c314ecd2b60f42f305e91509f1e7d2498c503350f7bae3cb40d073a7da24ab93d8c4501874442103bddd9af22fc2

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

    Filesize

    264B

    MD5

    e59d2520fa26f0162070bcb2231387f4

    SHA1

    0dad4840ae53b51c8669c78f71ec2d36a5c3d10d

    SHA256

    f75aefbd7b9c9e7d18e2472179a801547879224516e238d5975931b128b83bd3

    SHA512

    aa30d3d1b65a5d28dcd98982c103587d749cc732b5ed11d6a447528d4520ab0f6e945f817a7004c19905d50e1a7889210fa8a7f1d3e87a40f3602e1b6e09816b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

    Filesize

    233B

    MD5

    d1fa16b3302259351143d2a5f00d90c4

    SHA1

    debe3aadbd7dded3cb25a60ede7280eaa142c73d

    SHA256

    123fb1b5b3b055f34b30068b582b5be5a9918a07f02ecfaa744561ebdca86aa5

    SHA512

    d9291386210452e05f70cd769018cf1ec48ca357c5259404776304c547d192c9a243a74015f8582615b31475391d481be41d65d26de554ec030eee1097e519dd

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

    Filesize

    364B

    MD5

    9ce64e60e21b216d098ff9580e4d1912

    SHA1

    99b31adcb9cb8de83bd5443edc291335b3b71e5f

    SHA256

    bc3fcc7beba2427be3866e804dc166aad31b7c23dda1d684f2f6947d44ca1afd

    SHA512

    99c5211030510fa336b46218b17756de2611a0c729b4445c3ffb7e4b408efe823722ec3aeee5e31dcdc4c97d1fa61fb2e1b95ca4f7099c3a0abfa3d2b2bb01e4

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

    Filesize

    364B

    MD5

    4ed74d9dd2097cc223b73644d6b4805d

    SHA1

    7c7ac6b6c29514b21037f0f3561d8b60131e3c82

    SHA256

    1b0e4b6144705f39da396b2df00ff06cfbe3655b1e045aee7a890d3c8aebfe25

    SHA512

    1c1a9029f73f1db8a64899a9f0b65c9f7fbb222958b41094c71ec22ab0df274c342c3a8e4a13b84cad3ead80d747e381435d8f582efc547f247861aa3a712bb3

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

    Filesize

    6KB

    MD5

    e9686762f63d2f335cf5fc3512ae93b4

    SHA1

    bc9afc26bafecffd553905a6577dc9a6d8c4183b

    SHA256

    2c5b8be7eeb4b24885f80d24bd18036ef7ee6d788c27457b605a5b95704953e2

    SHA512

    4cbc3e7619d2d5b71d382fe0620a5caa13465422857dd25041397b612296ce9117990d04be3bea6c3ce9b27273f897b53b7d4180d80623b0b231121a848b38c5

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

    Filesize

    428B

    MD5

    b3225a5ad2e6405ec215cb8752156453

    SHA1

    afd79d8fc78737039865f3ba7a85a7e48ffe37a6

    SHA256

    f42070bee0394124b266e8e2dc007d222d620aa7ea4bc54afd814adc9b78f3bd

    SHA512

    aefc9a463b58eedc182413366ba449ee1f285f396a51f117b7794843e9d9077e23c0cf77df495a4fb43c4ddac0ae782e35edaebceae369166249a1584fa95f6b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

    Filesize

    26KB

    MD5

    a56a085b3aa2bc7e46b2c028b2558ed9

    SHA1

    777256e3446976603b2a73b73ca4754204c1f9c1

    SHA256

    c1e40a86b19fb5ef58398d55ff89c4e2a34bfc2f2b35a709fb7cd71c68609ec0

    SHA512

    97b41cde5857d3ea1ee9ef1e9f11e9eb5b43b3a8ddd65cd61b50fc472bb90c49bbeafc273b63b0cba8c63b774b37e065a0d9e490213f25f8d9410c5ad120152d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

    Filesize

    815B

    MD5

    0be024d38cbcb54127642b6d5687bcd1

    SHA1

    a360afb8b94ce482a94c3024e0c1f50b4059f0c6

    SHA256

    65c70b57fc027317b39dc7d0e422b3f5c4b35df836f2d4d37922213d5fd9814c

    SHA512

    c5562b9c79e8413ea70a77048a183c2a8063469627c3398f467fb641c93a22e52a17a958d70b6458341301186a0ec956f4425297032490b692f6424861b5f650

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

    Filesize

    870B

    MD5

    85794181b783533c3ed376934d7baef2

    SHA1

    4d99630666d66250f250bcaf6a355ddcd16dca4e

    SHA256

    9c3f44e1fe4ed66c56b6217f60efd01e3c1feff2923c34aef4aaf5eb69a36bcf

    SHA512

    e2a86f71f77947fcef2291b429067a017dc66549b941a7bce543a7adf864c7120347c89277d2a10b4d8603933b254736743156dbdeb1a955271c2bb809f4bb1d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

    Filesize

    3KB

    MD5

    a8b600df7c25402a9a7bf7332c3a7b62

    SHA1

    0e87ba703b05abf254df6861ba908717b8c5bd9c

    SHA256

    9da4ffeb97232e5076de5f6d2c5d1da6602e96b9075a962b4b1316e22b6c5fd5

    SHA512

    78b31c7145d32d939434a10d023bc918aed568ef70d79d8785500697be595f793b4d339cfbd25eacc31e476adc82c3f4f9451551d2c892906cdd844fff1cd8d0

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

    Filesize

    2KB

    MD5

    51941ea13a29d4db2889d1d6a127f51f

    SHA1

    2b4960d8d3ce65f04ac8d882dba77ef072192a11

    SHA256

    12e135141760b7b74803f071b1f6695de472c38acad38956efa58d26d3bd2924

    SHA512

    4023fad7d26dca4f54c09d8f9d8843b740bf08af3482ef1ef9729ca1cb7730593e1afa682d04b2720225dd3926890c11cac66fb998a58f28b692a0435300bc61

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

    Filesize

    19KB

    MD5

    58ff2c354f4610ddff38d088df0bb9b4

    SHA1

    d51e283be22b15474c636194b69fda7475d52ad8

    SHA256

    5073d7eb92d6e751969f54b53399733523d9f65ea53113ce13e103241f983a76

    SHA512

    c7f2ba4b1c86892c95bb85dfceda7fa341e22060cbbe1c2ac834fb3d63204d1df200a8bc58fbc8aa8b895129ee60a897acdf62e4a899051f5b0152363f49a4c0

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

    Filesize

    890B

    MD5

    3017101419ed99e8280483a9e63712dc

    SHA1

    03be0a9f7955682deb20e29808a7014f86a89dcd

    SHA256

    751a8fca92ef4de096cbce4d68bc5bdae4d8f51fd2e8828a8dfb8a49ffef0933

    SHA512

    ba4a9c53f3ae3381a56b6c69e372c094f361441a3e382ed73ad0fbdffe78879b8c63013956d493a2f2a5f99e06041be57191ba3d9430bb3d81f18d8f40323e96

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

    Filesize

    852B

    MD5

    2bb43f63c223928e9928cf716d717124

    SHA1

    2e628f3150f0f3a898faa580d521064d3e7db972

    SHA256

    c840531ea7f5d7632f49a3159a0778a0406c5fed091cf62a3f2ad4f3aa1f54b4

    SHA512

    a4c11109fc1ac16acecdf53f3f36c91188d56ee90f664a670ca9fe93e1ec6bb2183474103e70c94ae171c2741e337d187f67c3b9fb2ed8954e6022bbb84ecaac

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

    Filesize

    860B

    MD5

    3cefbb8fc912833d4d446b16dae5eb9e

    SHA1

    59fe7c3536aa1e298627258d274bead499cb9724

    SHA256

    d9556c1ee928767eb631895a42a4983eddaa18006912d3b6bf62b702603cf3b1

    SHA512

    cf7dd463711bd68b6bff4bcdfa57c8d1c3a72defd9a9889b8a4765f055947f6a1581008abb565564d824dc100affb667b46235b59e7747640944cd400c4c1ccb

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

    Filesize

    580B

    MD5

    dc7556a1c373e960cc9798ed21bc02bb

    SHA1

    b60313f5dd2288c3972350f9e0e2b982071e322d

    SHA256

    764728d47ecce657d2edfd87c3f3961355956f8874b73ea6394a4915690caff1

    SHA512

    3c1dd5af6a9a537e632d0f28a787e67eefc8bc40e300025ac8f9897a7e97ccfa7726ba199df4d3cff4a6039e1bdea1d376514af5d84ede9fc209d5642213a93c

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

    Filesize

    899B

    MD5

    c8597e4dfbd1c88bdbbf20da9218625a

    SHA1

    78671da9abf58f499878fc5e85106e87150b6f1d

    SHA256

    22170680bffdebf8b931584e594763a26e961f6c0188d8154674beb66d86ab46

    SHA512

    3d274c9ef6afd594b14f4227222d43f938de26dc5e76e1bade08b1118d0b2dd3a7d4b9e6d380560f6f22f9ccf9df6b38c0dced4fc59bcbbd0ede84911df06e93

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

    Filesize

    625B

    MD5

    71e642d53469a83435b1b7b026b63d72

    SHA1

    fca4c8eab7233f5802cfb234aadc00605cc28d23

    SHA256

    c15b2269fac2f855e051536de7d9bdf26c7f0d0caa29c527e1655e7c5a12c61d

    SHA512

    54a6173051c623d44130b96d356efe33c947d739beb2f0df1be7ecd4584bf07c0422ab67cfc32e41dd67e77710aa7534fa92c77b7b1aaf4df21e5f50ddbd2a97

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

    Filesize

    873B

    MD5

    6ce1f26e99df157d0bfc54f451af8a8a

    SHA1

    d3c7b0cccf4279eeacbf323c50a814e701c02a5c

    SHA256

    af511eb5ce63e1a5d4d59cc04906cf21e5ad9a3af88d0619f6378fffb8816722

    SHA512

    0a5555d2e285f6fb5c45e6112d62942c7419df9ed102ec98a37d59b6267446d38730d16a2f99ac0c3e56b715b28313c55e0c68dafa1e903588f4122bb4e93a61

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

    Filesize

    5KB

    MD5

    241278d63629f7235103d486eabd0ef3

    SHA1

    a33ffe229d67340de847961271ee2fafe66741a0

    SHA256

    edcb62d8ab35ddd754ac76205bdc1f2cb7f2ebf7cbcf221e8bc54eaacc66c9fb

    SHA512

    0f6d577961c487a4319cd37ded24d1d74187339e5fc9a42329c4cfae51fa67b08ff5425a001fb8487750dffda4108cdc02752e91b89ad3fb374360e7c6a4658f

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

    Filesize

    1KB

    MD5

    d9255836d0bb209a2201f5ece219a777

    SHA1

    d9f65a44487c6cbe1e6463b4e1a43254cbbbae0b

    SHA256

    9eb21d9780d312559944877715c4c5b05aed41fc649a4641958de8751b095150

    SHA512

    d246fbf8135d5d401e49b58059c83c5743c9613a0a7f83f81a4f4e644ad24fd5595302e76831aa81a5beace87a8e22d27723e50550fd1fa304c2590088d1bd05

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

    Filesize

    615B

    MD5

    7325c9b11ae8db16f56f88735f3ec4b9

    SHA1

    a8cce53fb22ddd84233d1889994853a6033eb229

    SHA256

    48cec4749980b8dc6f04ca5608d847278984b3875e6b7def118fe4307a7378d9

    SHA512

    988033483874b87a6db618c88fb7fc7f8349b7816a03f9d2333a6c97b4c04540b015fa9a10f0d83b1ee730770578820f1c9bfde254ef15b8b14831edacf33408

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

    Filesize

    848B

    MD5

    5df951ba695babc624a69a731f5e3bcd

    SHA1

    bb259b6b12b1068b29f49b3013c00b9cda649811

    SHA256

    8c8381c67fe200b9678bc27a37a5731716f2ecf931dc02953432bdc62afb7615

    SHA512

    ca2cd54521642f559d9f19458033f316792f0f3524294c05bd6e6a10363191dfd26cdd903833e09de911fe2207a8ebc289bca542c8a952bf4a315959c35dec1e

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

    Filesize

    847B

    MD5

    0cc354d6ce66b79f935e8c76aefddd0e

    SHA1

    274cc59cd517b0397739c17f44a21c5d6a48e9c7

    SHA256

    4c90e7a951300e5805e3b5c8648a8a899ecb1f07734080df16e865ea842ff306

    SHA512

    fea3778a7da39be4fd638a3425cdad37696dad3b6492cc5e4ee4dde8d4529ec21429308ec62020ecb6039401794699810dd1196576713d61f32dbc6827be2c5d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

    Filesize

    869B

    MD5

    8d6720d0f5628342764c9e8e8fc0332c

    SHA1

    f64fc30b9a7f46a4c816bc4a6d891a570c33fff4

    SHA256

    9e2905ed451ceecab3350bfd9b9b1bd44eeafd0189e0cc3d1d4779e85c06fdd1

    SHA512

    fe4a42a9a4f5917668dea1a56f86b9683244d28abb79a680ee5d044391c42b39822145ab0de858064f5b7ba48d36eed6708816b213b344b69eaa0b34ae9e131d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

    Filesize

    847B

    MD5

    5380db9446293abb7bbbf625bd20b0ac

    SHA1

    1148895bf9903879c20628049b5986afbeb209aa

    SHA256

    068248075aab2d1b7f3e0e4947b2fce83816f167cd556694ef41b355bbe60514

    SHA512

    2a9691d92604282c2d5ef36cbd85d8a3b794a7e4ef23354d2f209eb9e70eb8827a528272a01a0bd6dfdfcbfad76857089af2953558551416f1516b095813e3f3

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

    Filesize

    863B

    MD5

    391965686440b687b5c3e770688e6990

    SHA1

    397fa330566dbe4030ec2382458ad63bcb2de417

    SHA256

    587a65dadb4ef23998bf64bcc9f62e1f2d0065aac627d44e53b31a3ff174eabe

    SHA512

    088622c6337b92460909dfa7cd2480edd0838aa16a70a2a12f24f21d1b0190c230fea7c0dbb7bc8ecc5b7113091ba2fa9252c08136f0a6d3e46d5b352c3559e2

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

    Filesize

    861B

    MD5

    bea8106f2fb7bc76b9acd6cb8b496fb6

    SHA1

    d7a1411486f6f3935ce3ca485828a9267753d370

    SHA256

    0ca246b4f8b64bef1f76eecdec95f9f0a5b8c731f77d12f69806e296cf10aaad

    SHA512

    e4029f095b1173616a7fe653db6f01274469cda8d19f871c092c715cf8e2a753e8aff0bd01d8a4d9b4443f4b7a2e884781cb9d449b66a5e8f3be95cf4c794bce

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

    Filesize

    850B

    MD5

    c672e786aace90268aabc7c787b95f69

    SHA1

    1b675b4ac2a21c6d4b0b41a6bba44c70672de557

    SHA256

    7f115dd23835f709b1e56cba12010fda073c5d61d584d7e699fb4ea336caea20

    SHA512

    a5621d37004f8d843289e8973bd1c77bed24f21798417a9a096ea754c86cb282be742bbd51125653e7e950b20e7f01b54f42b0ad100eddd4b79a8658294b22a5

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

    Filesize

    883B

    MD5

    14594b8b7aca2278af8d550dde1b9de6

    SHA1

    2a27f88d5ef330936619dda4a0aa3eb9784aa61e

    SHA256

    7b5e9c4237987d1e08deb9608604d0c0faad800375850930c1f8c3ad28c6635d

    SHA512

    9a3e0a127d15d681119b96dc8c44137deb2fa8a986749133b89a265691d829a53f025f3172f487f59d5fd7026396568609b3f9d4b6f3d02d27f05254f4a014b5

  • C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

    Filesize

    153B

    MD5

    7715a9518c91e4954a836822e5bf36a0

    SHA1

    4e530b0e6d41ee0ef5cdbc622ceb6e69ff92f95d

    SHA256

    bac45e2912a843d55664e09475f7003f0cfa14d6511fc6723300c1af40eac6e9

    SHA512

    c0daac1ec1c4f496b681ed946c3b4cbce93b3f9468a3f7ff898c6f7eea58cfdc1831098f815abb06f009ad6dc4ca7de12014c44e9d64409ff1e8775a6096bffe

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

    Filesize

    12KB

    MD5

    873861b7a579fc9774117f8c3e8c8915

    SHA1

    144ef47b5c8159945da540445d78713a24453344

    SHA256

    6383c78176b35e42a7ad7a0f873ca7cf76ed856af2575028b1f2c7dd8ba3e979

    SHA512

    31ae945fe7a8a7ef6e4b5c3c75df98de7cf47e392c3f7c2f842e009ac31e7aac8cd3c42e558c8a375bd72e702c7463b610ca4c0478fea224f7ca8b59a5fbe451

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

    Filesize

    8KB

    MD5

    f2009f74251bbee265d87e076d00f129

    SHA1

    d344f5a61253903835bf3189a5aeecdd068ca1a6

    SHA256

    8996f85ad7716410c83516294d780fe651f5b4f4072ec2a7b923d869150bf7f3

    SHA512

    eea11c8ee6693e5adf7d379deaed46119f03e7381095ab34ced9e0ba33f3d4413ed65bb4f29bfe2fd47a760bf1985a3a5660870d8dd8c0e20a7e2565941be8a4

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

    Filesize

    11KB

    MD5

    5bf4f18c4b6ebed4dc7457b70796d996

    SHA1

    3bd0119b74ae54335125cc52d69cd72480e693f8

    SHA256

    37825170c33cc777837fc0748f99e0fe6b00e5cff3bb3be5a9bc5fb2dbcaaf97

    SHA512

    0eabc67e759ba0058f3b66d9eaf9bcc2504a3b805b3eb9d04b468b8071a1273c7c7544b44572efd0f21afc579499f936b188731fa0766b2131f1c1bd32d0b614

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

    Filesize

    109KB

    MD5

    fa6d60f121af3023b52cdcaa73d8f868

    SHA1

    dd674b7c805d1d8f9b3ceef1bd09bf4a26e2769b

    SHA256

    093ea292fd3882d6073fcebede9d9494218f7a5a7061c8b6a6a882b6967f486d

    SHA512

    49adc65989e368e775613972fac74584fede5ea9845bebb9ca30821d34eb8db20b0312d4a45c60d9ed3d79ebeb443cab952b8f864a06b52db84678649bd20292

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

    Filesize

    172KB

    MD5

    56468fc5b5fa6fb63421f04fed526e02

    SHA1

    fc4bb8b783b737f5c96af16a7eceb7ab69636091

    SHA256

    ec786cfa1ed791e3a7b934bc4c9990485be0a288ac90bbbb4b4653fe9b41d2bf

    SHA512

    34009c4fccfffc0b37b3f12e46578c56c4c509dd1f22a8b7e1f964bfd3134ff0d2f20eecbb8dad56f9d5aad786720603d9940a22802a9cb128288486555e62c7

  • C:\Users\Admin\Documents\WriteSubmit.xlsx

    Filesize

    10KB

    MD5

    b3fb6648a449bc9c9944dea58a737bbd

    SHA1

    bdc7efe3d70bb689abb2bf005363c857ed1f4d39

    SHA256

    ba03202a7a9cd1723845f0f239ddba2afeccc1ece84a8857e0d8adaf86d20a5a

    SHA512

    7630fd9a367dd6fbc4dbcb90c9c7444bf2db4fafe22f417f636444aa86551babf60c8aa793f80b2de1078e4f71135bab0f2f3c4affdafded1c46c7ebcf31fdb6

  • C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

    Filesize

    1KB

    MD5

    dba3aa77ef732970345671ae8a22b2a3

    SHA1

    5c471697675cab8156392f3a859591574fb27228

    SHA256

    a78f5dc5378a0e7e015515a80b5de47d2e5d5c794950961dd89aeb404ffa5301

    SHA512

    957b61ea4313544a773397166c1fe8645a71c7713a42ec9af86adc13e4c4c6ffbc4d1717486601f926bd2139e633729d74e19a819757c5336f0dfdcc02ad4a2d

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

    Filesize

    21KB

    MD5

    2deb361d7a8927e480eec78366485f1a

    SHA1

    df07ee615401f62c0cd72a3254a307cef100d243

    SHA256

    dbe2aa9db2afa45d26292f6378e683c92e02d7ee4df3a41a8650f89b54e10a85

    SHA512

    1b66c912f06802c84be3a1ee5d3af2ed6e062c5300cea012b6f651a68311684bbc21d02d9be54fcecb1526377a9d774aae528d9cca61fe90c291b0b9793f8af5

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

    Filesize

    1KB

    MD5

    7613cc1526079e7df1b0f7547a6ee343

    SHA1

    0ccd0bd9f5fbd2ac21e37739371268178ebefbf1

    SHA256

    3c30b62095f8da34def1531b39574906d30e13f0a92d225989fd328fb878dc12

    SHA512

    a9f9d00581e4484398a63d437824fe3d0ae83aaa79a09be9ff1f6f08a2851d5b3aa372bfdc0749d164554069ddbcadcb0ff07a4bddd6c1e9797565f77a2f015b

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

    Filesize

    952B

    MD5

    101b4bda073431342906a584bf1a5a17

    SHA1

    8d867f24c8aa4a2d4226303e8b0c884cb4ed7e09

    SHA256

    6702691837c9c6ab6a4604db20cbf93627c7dd8d60182873ce96bd0a33b9f92b

    SHA512

    86c3d813dc2865f6185cb89b7948653cbc611a5feeae923e20e22577d9684ae62f8dc2c0ff7d86a8ab2829852c6c5b8384806fc30625b7c0b1248dd74280a740

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

    Filesize

    1KB

    MD5

    0bfd3244b94d32fe4ed4cc4a9dfdab9a

    SHA1

    740ac7978f4c321d575616685ef02d646e70e71e

    SHA256

    b6d5b100d00ca28a7915b063a24fdbae95354b0eec35493aa9cdbf8da146b460

    SHA512

    6d90d1f8ba07f9ae36434f95a16af86f2771dea53a6afef48238615433e125b4d117d18a1ec9247a5a34dc0e1dd51b4cab629d19a38631e7157fb59b65a31a7d

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

    Filesize

    8KB

    MD5

    d1baf938cab0a4440010238d26b882b9

    SHA1

    b9737fd387e922676c11e140b5f5dbccaaa84cef

    SHA256

    663026c87359c5d760e8f6dc8b1217c13f0530f4863bdc32bfe5a688d80e431d

    SHA512

    1851c135c3a8669c5222f0a80e4b0f930ee805a3376d0681bcbb94c48ab564c858ca18f69c3cb4e1c1d6bd4cd1fea918dc55b4a8cdf90c41f6dac22c2b4016cd

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

    Filesize

    914B

    MD5

    6e8861c48e34d68953475fad559194b5

    SHA1

    e41a7479070e6a537dcd6dce325b91900ae9a3a8

    SHA256

    a42b133e8bf0123faf3cd9c189e16b8214a245a47d6258ee553dc88bcb914fd8

    SHA512

    c97830dc3b41c034dbb80f7ab38eab6a180b0a913d46b973944a47a458d9733d01d5040cd9bdd9b10664c3ab5263f1ba629bf0905fcaf66985fa2f7473cae913

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

    Filesize

    328B

    MD5

    63f02655d4d9e26ecdb3fb9daf4e25b3

    SHA1

    3a80441dc499929034c1e6e86c775178c8074970

    SHA256

    433047ce3bea55a64abf81ae137eaa2e4c2d95ffe97e32d1ee750bcae29d0d50

    SHA512

    fb9908aa85a8b4ba6e9460d1499127dfbbaf6344a413e7cea36f2adcc4260f9458b07e0740dca4ee3ab8c5f51e841a14db06a85000fd8750d1041c97309d34c7

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

    Filesize

    1KB

    MD5

    fbb2813d54c76c83b4f6603e0dacb9c6

    SHA1

    56b1c6f50d4db96a0fefac46624b7ba2c358e114

    SHA256

    2302be2d57c4d3893669857589185bff56296f31c35b298985db9d6b1b1ac716

    SHA512

    114230b7b8b365f242f3b53dea92ce97d4d709f60d0ca8aaf8bc6eabd397b1be0d71526975e68daf1a2b03467ee04ebeda123de463a04662c3ad35eaf4510785

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

    Filesize

    162B

    MD5

    fe6570afd5abb034e07d78c1211b80fa

    SHA1

    2effd6cb805497cdf69877806cd8e0b587fd762b

    SHA256

    c06dd0b6362fffe7d52e3668592ca84c1d75e062662b4e8feffd90bd5dcc43cf

    SHA512

    f8cd8b547e83e7a92fd8a3ae1aaab33da6320bf6c51b025610ba3bee92b204eee169a101099ba3488082881ed29a095b8fa7449635eb94d39d999c17a93f5d9d

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

    Filesize

    586B

    MD5

    e601089a6caf7f5b96a62fc4205e9dc1

    SHA1

    dac3c5957fc3637769230704c2cff0d4484dc8e4

    SHA256

    c10c8ba65cceec9d4b06f3b6dd584fb65da09f54926ab8da312f3caaa875c561

    SHA512

    d1f49cd1f8c68d4782813fb3897c11d20583b1df6cd56f538d210b5c7d62aa8fe0c4054c21ef4542d2ec9dc6cc7b7a7c369135de63e7f97d3998fafb44f62f1d

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

    Filesize

    8KB

    MD5

    526c10fe63980101999713cffd691881

    SHA1

    381b8b3422ea736abd1c57f7103e9af21ffc446b

    SHA256

    0366b81d06ae570eb6a68e36bf81a199bfce8b609a13f243d6f7ea3da869dc51

    SHA512

    16b4c613ebb03f737672494222f2472f9cfd0174aacf20fe2fadfcd4f28603112832523d7b81ec9ace54057b2128181243b4c6a2bd38de7cc8ec72c99678883f

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

    Filesize

    880B

    MD5

    a99d4a8b652adb3bfff43855cdf6426a

    SHA1

    48a4a2f43bad06a41c852f3bbf4dd734671bf065

    SHA256

    c8798c0adbae4b7fca18d78243dd838ce8a0e4119b676a673cb0449147d362d0

    SHA512

    59cfc8f2709830a15009ce8d19cf10d2edcb5525a5cac427fffa3607fae52adc546fc3bb91e5a744f3daf296708e0cf015b3ff4b6e2d2fecc551d11921a07f8d

  • C:\vcredist2010_x86.log.html

    Filesize

    81KB

    MD5

    aefe0be3e075b20ce7b7c9bf71d72527

    SHA1

    e628811385bf0c727e307e87b95bfcf374c4d961

    SHA256

    64518516050af9a17a55ba77fa6fe34bb9e1069c7b1debcb6067a37abd768716

    SHA512

    151b2646e68c4583ec7fe756777945ac761a8f9c45922ba1f16d1969f5c83dc596937cd1ad2aa777234bb75be75d96f0cbb09cd4213e558417e3c2e0619b6a9f

  • memory/2308-0-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

  • memory/2308-8647-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

  • memory/2308-8648-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

  • memory/2308-9036-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

  • memory/2308-9037-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

  • memory/2308-9038-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB