Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-10-2024 11:13

General

  • Target

    6a3617e86953e7f4b177ead1c84f71f6_JaffaCakes118.exe

  • Size

    7KB

  • MD5

    6a3617e86953e7f4b177ead1c84f71f6

  • SHA1

    60ec0fecd409b5d9cdcb7e09bb9d692e2a6746ec

  • SHA256

    9e26ae8f25bc652990615b37c49724377bd9e07a2bc3cfb9c9d9ef19a59b8a98

  • SHA512

    dfc16fb2efe581506d943f4e1ce1926b5ca28133012d9ae51393111f90895587610cbf65e626051fcd30ec54f80e098553946b081510f85f3a785b18cb976321

  • SSDEEP

    96:1yZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihEx/XAHwINBXlqlDmMUA:4zdrr1FG1WDCgmjPZ/XijNVlYmMUA

Malware Config

Signatures

  • Detected Xorist Ransomware 5 IoCs
  • Xorist Ransomware

    Xorist is a ransomware first seen in 2020.

  • Renames multiple (2203) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Drivers directory 8 IoCs
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in System32 directory 64 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6a3617e86953e7f4b177ead1c84f71f6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6a3617e86953e7f4b177ead1c84f71f6_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops startup file
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    PID:2380

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

    Filesize

    183B

    MD5

    8c3be944a21e70bd7cb910b11728be94

    SHA1

    a3d2fca2d8f79a59a5f9e63668d42c4311a14849

    SHA256

    6522034d3e68f40daa2869b1be177e0a02fbb6d047db5aff0648b6dff5cde104

    SHA512

    714246479ebb08cefb5ca7c45f7b3f29042540ebdd3d3d2afede2f2e194ed6901c3cfe0899b4101267237496e16e124dd6fecbf245961bc2044ab76f8de249e3

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

    Filesize

    341B

    MD5

    e195bb7a9ecfab310cf7d652eaae5eb6

    SHA1

    fa086ec644f7fbaf53a488e1e55f606c89bc7c16

    SHA256

    887cb7514846b3f884f9158bd0493944c6b88168841859a6f5b36c29998c1be2

    SHA512

    5538cd166590d2991470c67118a8494349f3a72725ca9fe349d919b0df8a0ceb46ea0f10cc2982245d714d645e6b20ff21387933785b1aaa7c3845e8818dab70

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

    Filesize

    222B

    MD5

    d9ac9ed63d5d002bfb24f68a1b6e921d

    SHA1

    1bc19ed87a589a968b6f4a51fbc621ad0632cd47

    SHA256

    4541dc5f965b06cdcdfe5e2dd674d02ce84f36f17c8df02859ad892f7b72bed1

    SHA512

    5b5daa35ad426f5f229be0849eab25d122cb187bb1c7b4f2d55b9ce634401bf3f77435b93d6de08464b6068edb5621869ab4f3d6a539d89a183e530fcedff063

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

    Filesize

    24KB

    MD5

    ee8722cc86104344f319197f7c879637

    SHA1

    1304fabcb376faacf964e23a7fd33cffdd1ba238

    SHA256

    8b43f72ad11e6ea7732d646a0dad61bcf2a5dfe4e2039e2088956b462c081801

    SHA512

    bcff65b0630022d067ff6cf723543764f8867e99a6d04a7f851a95b7be865c8209120ae64fdbbf6631205847a1cdacd6cbdcbdf128a13f7027398c1ee1d585cd

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

    Filesize

    185B

    MD5

    712a6bad4b5c05d14008aa3d273457d9

    SHA1

    17556e3c44eccacbf9b827677e8fd606bc3cca0f

    SHA256

    e2c62d70a0b39c880b372b1055663936e5fe3c8f9f7a969c6712a1cfea3f03ee

    SHA512

    1c7f44b6411403e70a42f5e4562d3e1fb0f3308aab9d2af7365cdbcfbfc110e19f57bb33fe4d803d32c1d2860349517b31180787debba00cb5c75322ac64b992

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

    Filesize

    496B

    MD5

    22756c1bc4ec0365311e55131025d51a

    SHA1

    bbf210ac1f684866af985d54a9abe0b0bb93b103

    SHA256

    a25cf5cef0a6c7de6101fa224bee2ff49af1d063fa95f5386e41fadb67e5b03e

    SHA512

    564d7aff7a3a52709528ff32c2706f60208c6f6eabb44d8fbd9bec7c35827586745f068dc675d1836149dc349ef19bc417bfd67347c1287b425d2036e38709e6

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

    Filesize

    1KB

    MD5

    7702e902ac35c37889b4000d7cb21862

    SHA1

    53d31122e5f85ae90d69532a872b3af1d5e5f568

    SHA256

    9b34f3a589c37f4c45193d389db7585457aef7b143c62bea43991ab2831e2f96

    SHA512

    c87d7c842df952f25b207eddc8b95c873654077ba83a479ca7912ccbed2dde50f93adaeb53459f03119a4eb7bdf6019edab126ba960e59d9fcb9cc4c3d59d433

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

    Filesize

    341B

    MD5

    cc9ad1edfd292f631001ff287eb145a4

    SHA1

    2489792f33750417d5c3bb718e6745daef9c60db

    SHA256

    8fd9e9ea363505ed4e478fc6d0c384f691b9f5897c54cc2e9e72d6656b94d5c1

    SHA512

    d2c8c0de4030436448210f24f9afdad4bcaf14174971f108eed5d878582b8f2fcd8dd2cf09899b9abcbf9a8406635668e7ba8a5598b6d589cdeee7bc75b01880

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

    Filesize

    222B

    MD5

    dbae88e8f5d2134a82739223a209e4da

    SHA1

    07c0b93178dce7b67d3f160a92e7922ba8392508

    SHA256

    72f536e66cc2122f5cf1d28475feb7ee84894d4be7398b62acccbe7717d36147

    SHA512

    717cc0b31eb5c149c6aef94f06ce25fa728b6b3c97aa02930506979f372f53da079bf06c650c185b270197ae2398b25532a30c6719db868c5fa5e1e330d5ebb7

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

    Filesize

    5KB

    MD5

    34f24af246a626a803e1a44db89f17bb

    SHA1

    3cb7ae8b1a9374a1c41dd81905e59fe633233c5e

    SHA256

    fe4eea492fca8d21023254c0a180be7cbc1f6910ce4c330abbb91921bd598dad

    SHA512

    507fafb2583565f71b0296a57075a35a79e621ee71583ba35c86f5f77138590ab297a88eeaff721ea4e93fb78e8f3ba1080c2f49791ad35c7e36f8051370f5c5

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

    Filesize

    31KB

    MD5

    c9266517724bc643f46a5719c4c2c3d1

    SHA1

    f7aeb0c43020358a9aa163e7800325155f72cfe6

    SHA256

    058b13243b7d77d53f29597d772860b179d81b8192b8e7110de2a38a51690942

    SHA512

    14e44e93fc9751c963f6b47a1edd6c72f69c27029069232461ea3e7669a6f5ab9ff8883f8432bd1251dacf68fb0b5ff5bbd44b2a5b219557ed3aeb768f274c46

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

    Filesize

    4KB

    MD5

    55f483c644da4982316f45f04ed9b2f6

    SHA1

    b639e3a19432210850b8546fd400f165bfdb7fa2

    SHA256

    418b447e35a79ab49a2f29329b301c5e0c56fee0e314347e727b6432baa924d7

    SHA512

    0d35663bed657941c91ca1c705b235301ecbc4d9987ed995b43e7aed3d44ad96b44a904356608cf7a6f0a5f61710e1933df4fc00d7db246a21125228294a8fb3

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

    Filesize

    21KB

    MD5

    ef4deb1286ba8679672ef067da149fb1

    SHA1

    c3378ade6868ad7e08c1be39b7cb12c0c29875c5

    SHA256

    e3db19cc2a3b63e05d31d5d170ff38b5970d71f4adefe3a750ee1749e1eb779a

    SHA512

    28a3b35e7adc8815832637579e5b7edc7e37c6a328c0f24a17052cd3d67dfbe712c6c2438944ea79ff81b95adafa85b64f0f09c8e30e80354dcd33d115ae9d60

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

    Filesize

    106B

    MD5

    0fd331548283e3855e90b5c7b2135521

    SHA1

    b51c709870c2b2e444b780c10717acd4476753fb

    SHA256

    b2db839afb338b6b0d96322642a67ce23cabaec4fda0b2de1ac6ebfe2c2f4751

    SHA512

    23ac32fffe9fd0223549b21b77bd7f17fcc45fe81adb1921c05a5b63cc62994c4d4d329722e0e96a49575823f8d160842e5d05b984eeb32487189079cfbb130c

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

    Filesize

    8KB

    MD5

    8019a66f61fdd884002c4a09670b1f48

    SHA1

    0683c0a0a728f1de90c299b1eec378e33de6867b

    SHA256

    83ad3d8825c3ad352a13b9882b3638cab7d328ad26e0faa3be3daafa8c71bd06

    SHA512

    46fe2d3b60b286bf19912fe6b6336905b5c2daa22675799821d9c29bee7bade65925d18ae77a8640e9e3c6b8331b068d214a55f4ee08d7c9575eba1c6c2e58ed

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

    Filesize

    15KB

    MD5

    3e79fa8c9af41bffdbb161ec74e89f49

    SHA1

    86e6a92fa2b0f263a23ff95e0026fe3bdf437c35

    SHA256

    f9ed618ccb423925363f1ae92aa263f6be313201dc6e13ba58d6d099572245d4

    SHA512

    8c351973113dbebb744cbf72240bfcdece4bd53e236d7cbaaf2a638ae08702d1dfd850ce617755deb337c3bec11b5127e403be0a8abb110594ce0ac70a28b349

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

    Filesize

    6KB

    MD5

    0ca2337048b5d9f12be766a2e0eebfac

    SHA1

    e6b8eea60adc69bbfcdd43b0188d44d58880ae77

    SHA256

    085c8beccc276c7d8511e5b4e934df8a86682446033ea70c3d54eb7f599e06f3

    SHA512

    4b2ab3b1e4ed58414ea2a6f16d012286d58b2c2535831b41558d89b013a2dec21aed840f6acf30d2525e1047c85d4bb8e21015fea0237f710bb6dd9003e194ec

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

    Filesize

    20KB

    MD5

    3e710be5dc984fda912386b221e0f304

    SHA1

    6e1e8d09ba4337306f7b477ed475c8e22eeb9d73

    SHA256

    332a6e30eef04784ea7ed068bf6eed2f228c3ec9e7c56d1d2bf5c8a4a1fb3f53

    SHA512

    5e4738dc68b47c110114f9c1e95dfd13f537af152ba0d362ef263b22281790608602d96936c0ff1a6dba5269112ebfef809e9c14e6a5e14554e42d60843eabae

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

    Filesize

    6KB

    MD5

    398ec0eb7af84c218a0a2fbc349c0955

    SHA1

    9f031b7071c3f715b68937f686e9aa86cde71d07

    SHA256

    ce93b95fe5ee3d142b87463cb13f5e5d4929b601fc3726a8c7a391fa59e7eb68

    SHA512

    57c5c44cb3f44667e4eb8443b96b6caf38b384d24739d9fc16237a1c58d8bf273e4cdaa0b6827e6d96b9e50e172c6b7540b72f703d0c5f000783bf8f879ea9a2

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

    Filesize

    15KB

    MD5

    135a90b6e44af4a11fa2846d7592719a

    SHA1

    8f376346a1e9bf1a697c6573a3f84e5447f9d332

    SHA256

    25891833105de0df143d7731bcf3ad986ab7fa3eb93d9c02687d2025f20b976e

    SHA512

    451c9f1b23e234960fe5141fdc577dee733e430275278dc995819db58fee1b55dcf0d593984830f39b8591fdcd830871e20048d6d108315b661d2b355f7f7f27

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

    Filesize

    2KB

    MD5

    6f60ad1b5c1ae6e790908d3bbfb1be91

    SHA1

    297a333fe5a1232554b660cbeaa18ee80bbf2a69

    SHA256

    e0ee1795a6f8adbbd0a0393f82ccb5f084ec98d75e8039f6b1f8070f376be232

    SHA512

    1cf36adcdbdd8acef67c2f877b1b9348a34f55429fdabfdb9f8d4aaba952e9958d2fc74f8f82c1a081f1d1be0657a03b4d90d834196f2c301c916eba5043b1a5

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

    Filesize

    2KB

    MD5

    e2e30eaf6e56635b3fbbb1c51b7e1372

    SHA1

    a55974439bfd656901d1f63624515ac72cae0e1b

    SHA256

    8edd7c37034cc3c1f6680cf5a53723904fe35d72dbdb92fe0316e6262dd290bb

    SHA512

    2af1bc94ea7b935fd733a25323ae2630545c7888f095a97fa925966465be9c4590ea41ff8c449fbc43aa02f212709477bebd102a24cd365c20959dbf73440395

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

    Filesize

    6KB

    MD5

    f2a16f8db0cba3712d88a2f5aa742761

    SHA1

    85e2e1f32e505d1b425e77124c004bec38ef91e3

    SHA256

    f5225f82d656043e3d89b319ae1291e449dec860c12d72111e17e6327621c9b4

    SHA512

    d4e363a6024aa87a709ed6ae08db1e0cc997a3b90c7e3a698f3309cba72c10ffa96ed60c766255fdad066809408600dbee7cef262d29b497ddfd92a4559a734b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

    Filesize

    255B

    MD5

    8afcd925257be7795b0b0ef4682e337a

    SHA1

    d5278c4bf880e77174c7d2a574729e79bf2b0522

    SHA256

    c4489f8d43fce7a1b7ba9ce5f7185a1146f3458bfe5c89d9e008ba56bd994e12

    SHA512

    9bfcdc25a486c84dc19e2fcd8c45c0d2122826fb22d8e9be0b32240223a082d39d0ce624b492a19a7ee0221e29cac13801f03262886ac221b79472f11f3a9820

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

    Filesize

    323B

    MD5

    5a9b32ae0b44e56c7361f3e4b6c9c5c1

    SHA1

    4920bdc9fcbe0292c1f5c603b61740f6a7dfd749

    SHA256

    0195192e5cc9e3bb6fd775f61b50641109649091e79ae295f736c483279f57a4

    SHA512

    a77e041a0c2e2a735a56d4639a88771736005f7ef70af28631d14bfd72bbd9a80f216edf59b59feb79cb408c333eb6df0dc9e69cc0ed026c07ecd4faa9b484b5

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

    Filesize

    367B

    MD5

    feb9441c0faa4b07596bcf1c83cc85fb

    SHA1

    fd4cf98ab86de72399d856563cb808d788a3387b

    SHA256

    4a7f7541510b6fcd285d3a3c77b35e62ac41477bd37a3e467afaf3c8cdb116eb

    SHA512

    c0d232bc5099e793e350d15ca0e2bbc2d4ae56ce3e44019d2999589a1d213002bb8f6ef219b6abddb293e3147ac4487b7f5cbbce2770caeb842b0f098fbe8d0b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

    Filesize

    148B

    MD5

    66ad8b480776736b666c28c18dda6cdc

    SHA1

    cd8ca1ca6d55f89dc4b039d0dd80413a20880305

    SHA256

    57bcd8813061f8c9c7d681e664e5cae52be92e67506bf3d7837d7d1217cf71da

    SHA512

    3011e16800647c80be5556643c0c8a73fa4360fe02a67d26064d84e553614eb141b233b417b9be2f5a0bb1fceff25a1e9fa24f773cf4eda2b24f7cad6d9d3331

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

    Filesize

    440B

    MD5

    b86ff2bb7b7c082c95c2db0e4946ddbe

    SHA1

    de158d2cbfe1db98df00a31412f484553947207a

    SHA256

    410565f443dba09562107d940e32b499a4d5a555ae13eb43a1cdd2d3d008184e

    SHA512

    fb2edebff80970f05dc127fb4b5a611bd7c518606605ee09df7bc2edc44b07849210602a3e544890cbf6b6a00c2ff1c86829c91d792bd3f409f47e1a7456b816

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

    Filesize

    462B

    MD5

    baa2ea2c00f106797eadde134d5b226e

    SHA1

    eef820f604dd2123a939729d5a0492e36a9807f3

    SHA256

    22b0817ec4be0c318907d7d7c781939c66d38b7187ba3dfa9857ff4ff470d6df

    SHA512

    c5c7f7d66d70421c998e1a24f4e1589f0a7ef5529993a56e95fa265ef8bab31c79a8ada616daff7d0b8d874ddefd31a3168c766302a20376713b54e1cec8320d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

    Filesize

    267B

    MD5

    855aee7fdf2fd1e53912e52b408f8887

    SHA1

    57c96363c3ea5d847805f84c70a8deda40998c14

    SHA256

    31699cf58a4a565354e88498f3fa8479fa918abc720e886007a41948af56a48c

    SHA512

    3ce3f922d031ca66da1a2694bd944a016592a63a0eebccf53a03c2045f4c850efcd865dc883cd8ef755522da8e9d82eb5485fec2c860ba8da104a858a90c13ad

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

    Filesize

    2KB

    MD5

    f3a6389e647dca3a1e08086d156daed1

    SHA1

    350dd87906b8c7480753ec34d8870b44d233738d

    SHA256

    8b26e8ab4880d5a50c21fd05ad00f9e951b510b50721dc57242f4c980c3dbff1

    SHA512

    73562b9149a99b135f44896d64e2acc84c19fd9cdaa73c7172029f1b8c52dfd6bad65ec805b60a40dd35bfea88a1ac7e7da59fb4fd7bb379eb771380555132a4

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

    Filesize

    233B

    MD5

    adefdc9ca1eaebd54fcfc86834ea2913

    SHA1

    781079a48fda43a0968390fe77d65328bc474263

    SHA256

    f1093a949907cad41c29f7025a6a76646a957f5428404f7fe4f116a621a3333a

    SHA512

    6a336a986ca40e379fbc7414c38a1756aad162e681015b58a92ff31742a44e22c6def1274e4b10faf2c807d5e699572b0c28e3ba5ca31b38c69554fa5e6a4d60

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

    Filesize

    364B

    MD5

    91849ff4d2c659bbaea6521dcd380fc9

    SHA1

    3f412ad0c478926cf4f77a4dae1d28813adffa1f

    SHA256

    506d4811e2b67c3ee27e27e0f06e7e9a48f254f35c0aa7c100d51e7b9b927d62

    SHA512

    9bca87e9d59796d9b1438c67a0cbb7961b569479705610023541e65622265782d341460dc1c57360f498a0b84057d733f70480c1b8f1cbf033d2ed006a8f9a97

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

    Filesize

    364B

    MD5

    5badf6140e54127a23bcb26561fb6bb4

    SHA1

    e4dbc431b0f67b20da84b885d89054e6e46d0c25

    SHA256

    ed1a2d6a5c826b662abba2e0d84f7eed7a88a382a8392e9560973fcab2efe83d

    SHA512

    e6ee2b20158a95ab079135ee8ba5acc15449f31b8454e3a82ba20f59879c604558978a7f44d4c3512f174f183a97239e7633ef1d6cb2497625bb3f6e70c224cd

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

    Filesize

    6KB

    MD5

    672817ff15bfaa9956a987fc8d0dc9d2

    SHA1

    c1e461faa283acf792533a08a24e1490bc2fdc34

    SHA256

    2e640be99410f180083d4d87afb75a2eed8a592c825801f269e4d11ea1d70bdf

    SHA512

    392e39ba2465a3c342bec8a9fd7665883a18a01788844cea371e639b08305fd3ec225fb6170ee00b0ec008ec245137426494ef0d82d5de5705f5d533766d9b37

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

    Filesize

    428B

    MD5

    f8d5811e47e4ae45f3a27d1a95120b53

    SHA1

    50e09e8944e256a171173668c0c5359e08348551

    SHA256

    ffd83008e73b1bf5e7046ccc987fb8f331ff6a461f1ed4c422b9a9b953191af9

    SHA512

    5a3741fdf9b5cd606355e349581c4604c25227f7073048b2946003be3bc3d6d6e25dbd854f981b3e7e7f048128c43a7da7adf2a7d113fd4534ab865f48fde5a6

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

    Filesize

    815B

    MD5

    1c95cff34c23c1aa0b9b60b6eea5f003

    SHA1

    300070a76b58333d31d39fc2755b27b399240afb

    SHA256

    19512fd67867b858287ddae8f133cdd2661a0da22f2e33a02c0efb20f3cdbdd1

    SHA512

    6441c13ff6109487022a5c7ad44462164b2a922be0153cecdd293c53ea3c0b21b103d862a1ef5ff9ec66ed689a62a2ec7d892bc54eb05d9b5282756b99135e11

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

    Filesize

    870B

    MD5

    a7a2be9a20e4f33f1e68c28b0b98bc2c

    SHA1

    3069be877e163b59d1bbac7fa810fee0c54f82eb

    SHA256

    22127441c7417e92668a7a4e8a68f1373cc7dd63af4e2ef765cc6ade0f878169

    SHA512

    4cda537dbc2437c6e008ae6d08ced4c91a2d32bfc6c471b482d368d266eb4505da62b6a797d9abba4f14d18e03b777ec6815ae695c5bd1e9fc5d20e2552357ce

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

    Filesize

    3KB

    MD5

    64f99cd853f7eb7789e6ea0629508589

    SHA1

    30fa1fc415bcc0457afdc5679ca49253868b6f25

    SHA256

    d63fcba2ffda8e7f96d3299b7ff9fdf3cc8c8116c9f20266a1985c41eceefbda

    SHA512

    2d4ec7db8210ee12547409d82514c55c975095a7984ceed05101df9ca71208169680a99b3009e838a24c9ed9e3913b88c97e7b494625a4d154ab65d527024702

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

    Filesize

    2KB

    MD5

    513cc74fccdcb98cd531b76dc5efdd18

    SHA1

    1c9b0b5b40b177e8e9dd336ad54c83755709b895

    SHA256

    a1446610fa5709181d69f24891318c0b0103b39fa65183d31dbb997d1e46cf08

    SHA512

    f14cd8ff5ecdf2b727f0551d29b75b6d518b659b526b302533b9df3605000ac27f36a12e0b0e407de756e8b06088719606e642d1ec28ee48f028081193bfb757

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

    Filesize

    19KB

    MD5

    e821b266e73699b63ecc3edc20b56810

    SHA1

    298ac151d68e0827bffb2c66b5fdb34b9e36afca

    SHA256

    2e71947d736d4829be83f268e156a525ccad96edd621f4af81ec275dcfd7914b

    SHA512

    46184bfb65e38789dbaa0f3108701c771b394fd060116d8495892a4a329262422efe25ced99440be0f91375f2b5f7652b789c8d92df759a252351832dad51a1d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

    Filesize

    890B

    MD5

    692ec1f5aefdca75d29553ed4f22a2f6

    SHA1

    476d374ddb6c4b74d7711595c6cca064079f9172

    SHA256

    32f2fc3ccd0da4b230e5e5539bc7505e51f936b0af06344ab671bec8efed4c33

    SHA512

    d0e3e31111d2f3a2cfbe6449a1402c9188552ab77bc979317e784c5ca455c1b037f63290bc6ced84a87f8fb40718df1fe05c5f9c1848640d07f1b521d867f01f

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

    Filesize

    852B

    MD5

    fc0ec435651b0b5f0eef7fae4ca4929d

    SHA1

    fade89a6672f022625ec00842272190f151c4a48

    SHA256

    8be2dd3756bbd776ccc95671ed4b5d9b39094209233fc904479707e5f00b20d2

    SHA512

    45193c5c8b8c1037b96785c05c4a92135cfb6faa615f952bcc974c1911a7e54f2545522018e58bfddb0003fbd04c0bd1e924b05918cf550ac9fbb3ce60ce82f2

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

    Filesize

    860B

    MD5

    3a805cf31a65ff101858cf5ea852f827

    SHA1

    67ae2db0e98a271af53b907a978447287f0140a3

    SHA256

    cebad2bfc37ce48499189f03cafcc0f99a9883398098c417df29623265ba6400

    SHA512

    90f0969f02c75b8c28d6c9e60e22bb9393c27466e71e46e245285d76ea70a4e0ece7a516eaedd63a049eb0b7104e3c905ba2e4de72ea65451cdbccef771889b5

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

    Filesize

    580B

    MD5

    14eaeb036f0bdd1249ae61f149f96a12

    SHA1

    fb92a141f13f724ac3e4f1f3f25e06ea6f14b87e

    SHA256

    c11cd0683b3a2efa767ea842cfd686d0f2281984553fd8d1f5e1ff10132abe37

    SHA512

    104a781d673a05bc225d145a274c358acad7386518638f0c37fd635297f503c6fa96fe7a246fa42e8d9035a1b2acf2bf16bd4467bd817a6536ebb9db47b93e82

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

    Filesize

    899B

    MD5

    33bd0833f6eb3b7d19a022ce63033df5

    SHA1

    613330e52eb2a6132b76c6327865c0215df350a0

    SHA256

    9e2400bc42bf6f0a0598eab54a0f47e7da5feba860c51224913f2a569005e8a1

    SHA512

    2b878fbee152c7c4e7bb14aeffc69bfd76478c53e933175e738de997ac753ef661c94bd128cf8158886fd4ae98a963e15d916fdc2f6cdbd7d1bd98c21f1d87dd

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

    Filesize

    625B

    MD5

    f4fff3a4730209da34d750f6a74f83f7

    SHA1

    6e2226e4a7ce1bda75f403bd227cdb63b632ab19

    SHA256

    b48dcae047065069641cd5a77cfd5059295f1a21536597a711d9525e1fb4f6f5

    SHA512

    0427a3c23dc263537add0db40a815b6f13df76335100a609b6862a471796d50ef9ab207921579f3929501cca109a09e7baa2e49a2eb4422e7b4f767e079e1010

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

    Filesize

    873B

    MD5

    a64d39d205d98cc925b1b3570032d2cd

    SHA1

    a7748477820af369f041de0cfc913785d6cbcab8

    SHA256

    4a35ea5452302c6068a7cd105ba83a3580fd6c35619e542cfbd277cc7b806791

    SHA512

    68275c8d91d0fe537f05ae99b0a92d542bf233ecbc8aaff883568cd1c954c575c3f84e6ddf8388e9e33c8bdaba31134451d631596188a8f4848dfe4be5c0065c

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

    Filesize

    5KB

    MD5

    ec12bf572ecd841ebb29108c79bced5d

    SHA1

    615e9b78468a9dd2b082d26058f5bf445ca5a164

    SHA256

    cfb279eca28e1a5daf5e44e8a1d636780ae1e19f668127c57127298bc1508ed4

    SHA512

    1c2d2308aeb69df4f003e2863d6afefa66d6810c99752f18529d0ddd48b267cae46f743c5417a7af054b36c04e0945661ef86a64a59325c6817ed1192514fb67

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

    Filesize

    1KB

    MD5

    4c6577364a4f5e8846cfcee807630073

    SHA1

    11f720a9bd7b9913dfb125b7ce141254b9ec3a02

    SHA256

    0b9f3b889933c632fb2a92d663e7bc5af275f466cdb3be9aab62c352752fb5cb

    SHA512

    f4cf86815e4d85e8b9f889705855346ae48ef18f31ad016714484e54d3088055209c99c64d6f27a27b6b87cee657003a7e31a1ebe046202fbe874335f6f89912

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

    Filesize

    615B

    MD5

    b72a92537f1f247ee44d3935de1134ce

    SHA1

    af17ca823bb3a606ce408fb0619b9aa11dd7448b

    SHA256

    21e3af07ba8267ed6d7ad74193d404e559b0e5a1d397ab85624e5be2735f4a49

    SHA512

    0678fb926fa8466c0c79e7a68e82a518cb02ec6203281a8eac2964423925184fc85cd614113eb1b22e1fee16ddf76046ea15971d5063dea6c8135563ff5449e9

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

    Filesize

    848B

    MD5

    0846adab6f621c7fe0b6bac4d67bc9dd

    SHA1

    bfe3b0684ffcaaea35ad7dd073b29798b7f17513

    SHA256

    431e6fd81411c8f265e0c675269b0c624fca624c9a9b416eb717ddf623ee323e

    SHA512

    067678aa244599ce99c3a8019f60d72e0cce2509b3e8f2e84c6fb304878b3b5b3eae4fd171da1eee903633bb7d35ded2c71ecd088d1f5c1851ab9f1c126855ab

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

    Filesize

    847B

    MD5

    084d34d9eacbfd5a52e31d7dc7aa3760

    SHA1

    7f75f6036a03a8bf33c20e0dcd4d1a25f14aaa7b

    SHA256

    3edb504bb8920f42095062a2499352d14d9c86ddde317daa4cb086d51253fe46

    SHA512

    de013f195aef2cb3793cadbf511cf0155fa01a63de57e5e3a1000421c9b8e497806a53d00459e9025710be422d7ce07fb4881f20927a290ea14c9438bdb3d8e1

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

    Filesize

    869B

    MD5

    a7b107b707b9d221cacd1a77645dbf82

    SHA1

    2cc1ad90c888eed47316ca18c0acc3a361e8c7b0

    SHA256

    9083510888bb7fbd7734413a8d64482ff0168f7e2ba21c6cfd87d151bae8d2ad

    SHA512

    63eff9b27f620c3adfd55aee68dade5d13f5d9108ffea0c2c44f873009d0e8fc186efa5620d845e1a354bbd6699561fcc6f4690ddb1bb8992cdf5d03babbdc4e

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

    Filesize

    847B

    MD5

    77f3e157655642c7a6ed3d7424e050da

    SHA1

    afa2a5255eb3ded8f88c7dcceb9557b35fb80ced

    SHA256

    7dabc7789079096ff427394c1d93fdf67b752af8829784784b8e008bc5aa97ee

    SHA512

    cfb2c5e9ccdd40101952100f4fe05973196bb38ef5da3463306952a8f8b24785f2692598f09988d6d30477347ac7a8eeb9c6b10817b530d5e4cdc1aca7855fab

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

    Filesize

    863B

    MD5

    dae3488233373551ae1a23087ae425af

    SHA1

    2a8ea2e48916d8865224fe90edc99af362918ea5

    SHA256

    11f62296efc5d2c202ffac7e3bb09d1ae5d3a9af37ea3cbafd272e961837d951

    SHA512

    d3b359deee16c229eb317c57842b377df8d92fe7a4ba78baa28b5e7755f3ceffddeb742572de8c17644e01606aa1b06d3228b4f960dc5bcc2375933ee381ea32

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

    Filesize

    861B

    MD5

    27e4d4f315ae528ec3e31c733bbc9706

    SHA1

    574918a3418809702a8e50fa89d4b8aa06c9d641

    SHA256

    37be22daa0fb1fbec49627f7440c47e59e6d1d18bcec29e31973c5231c505247

    SHA512

    c9e82cd1ef693ba2b3d11124c7a49050eaccb39667a93b68b1f07d90abe9730cf218f36b7ceaf6b1489e71d35621dffe3f044b4eab9b160821dcba309ab42310

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

    Filesize

    850B

    MD5

    4ca2653850b4d24e42d6d42e0572d952

    SHA1

    d129467ec1da1c802a61d0216fe886183ce927d3

    SHA256

    6af1233b792d63436e13b3489030e561dbc8c99a4676bf2ce2e31532ec2e4ab1

    SHA512

    7b4fc35688a95b6e69c35f9abe657627a1a541b71cc0acedc5801e1a2fd00b36fc0fb8fd8a6eb20d1b294155c7175d99c5ec5604e22b86d4278525e226e93fb9

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

    Filesize

    883B

    MD5

    0b3e5ad4e9aa0bf434411cc97ec8feb5

    SHA1

    48b800d634ebf18e3fc2878885dbb4b6575d4ebb

    SHA256

    bcce36b355334f6f79cd159ce66e3551818b9edd784280d27356147727b251ac

    SHA512

    5a96db68751174b61b3c83f3e1958f2ed0f607430fbad9ee1c6176d069534484206e3f5988fc0dd9849262854ccd4873541525bd435f1b14439cf2c955e37193

  • C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

    Filesize

    153B

    MD5

    d674fec2b5259ecd4af583dbb7494432

    SHA1

    36cc344a61a22231c8996bcded5df8afce7839ce

    SHA256

    3c535e40f0652b5a8323b34cb76d0812243999b8c51ca4e2e22497231bc5ad88

    SHA512

    e5ebfead431f10030d90212f5ed7928b1134401566b0b369029f424ca2698c0fcde2a8db59123e5547c025e3c5da608001e955e2a688cb49fa735990d266d77d

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

    Filesize

    12KB

    MD5

    fc424e2a2db279872449bf230d032758

    SHA1

    bebda966f74fec2950600e0531b237b04646fde6

    SHA256

    afa2c99dfaf5f3d8e1acea1c6d38ae55afe8db2e29f8b5095e1ac51b466f3b31

    SHA512

    73bd1a669afd5453cd4fe2caa73d6d4dd10f35e192f99325474b8934a6f321ee87bc0ab2f6211080278085a35312df26507bdc89505eeac4b3cf9b100f3e98cc

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

    Filesize

    8KB

    MD5

    3e65eadd714a9c8dd75b0b7f49986a58

    SHA1

    ac849ad3b129ca643f375ed036c4cee93614b14c

    SHA256

    9ffe8d931d8f7a7679c9d59db883f0d96e7e571a03f37b07e676b2e6929b6f88

    SHA512

    27fa02a399430ede463824cd135844f23db72df5b94230d8b129691ef9f33100cf561cb3fd99f9b3ef8957a2404c4a8c392cfdf65300a98e7bf8f44f03ee0b38

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

    Filesize

    11KB

    MD5

    bfce2e527c8bf4e39a61d7baf3228137

    SHA1

    4b783c7f18a6599a519496e69b03536c4a1a7140

    SHA256

    3dd813a184e89a1730ff1c565dea8393b9390e38cfd2b1775421b6eb41296050

    SHA512

    8fff195c3b67eb356cd9d503da4a09508f1bbef531e99ec066fae25361284efe6ff5429dc2b930ea4471159f62ded6cad5c1f36f335f4a1f8c354a971bc1c21a

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

    Filesize

    109KB

    MD5

    ee42937d14c26cb8adc877069aedd8aa

    SHA1

    724f1bf2efa7f6596248f8c2bfa14396b343f7aa

    SHA256

    9bac89857e5a23005fb6104456b75094e0770124157cc9f429ad6579f453b10f

    SHA512

    14d39d01166de57ec211ee4e9f2fc0eb1ad00058e4997900dbb0229d3f2e41b971cac9e13fa58d6f572d0566ecde3d942224de808bcda0ab5308d6850397db4f

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

    Filesize

    172KB

    MD5

    1c9415f6c568ea61086dd5eb64eef3ca

    SHA1

    eb5e87977d88a775b47864359f1f238ac5ab1988

    SHA256

    6bc134a8a3313dce8a8c5f272973eadf6c89ec2ac32f11b7e4d09fe5225af385

    SHA512

    0cb6a30ff9f3592f7361883c46df82052f8d56224a23b65beaa008f62f959708024d2ef18e0d2fda220b9227470223f48baa6ce7c13ff4f41cd3d95c5cdc7561

  • C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

    Filesize

    1KB

    MD5

    16d75d95cda654395cc2761801c25a08

    SHA1

    9b8a718f525576f97bc4acc4641ce848ba3079b6

    SHA256

    c6a6862e1975576bcdf42f60e1ab896f8ec4d97942074f216c1bfecf36d39ec3

    SHA512

    fc72b4ca020d26cb9728aa58bd9f90bb4ab7aed34ad30f63c3617bdd8f5244fe68f6e178b501b0afc953ae52c5f68422a7ddbfd7f84736ccc2528ef7064369e0

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

    Filesize

    21KB

    MD5

    de012a95ebd246953c2353dd672981a7

    SHA1

    cc06e9ab6ccdd408b6ad613cedc882d275dbebb8

    SHA256

    e52a16a7aca97aba51ebacc5340b7611946ce9274cb7a68216b96a5aecc629a8

    SHA512

    09740b9ed36a1f29e2c9af34492570093cc1b7f4c08d8b729ef5197e7461810bf432e39fcd7fc0fe1ad2b4c42dddd84175d9a13cb7e231887690ea34ba218563

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

    Filesize

    1KB

    MD5

    a347d278e7c1a66fcd0e7198d3768431

    SHA1

    f74968df47cc9571a1b06062ec99c66ccd5e4316

    SHA256

    51e83cda304c4085d90372e005c44c4fd1d6dff5db0a741a31c9c7b1cdd207eb

    SHA512

    83cc27aed922d8cd598845f0891bb05272bdef7ee42ef1b5f4d3a715fe66373723dc6a8ef79db6785bd83c8c1ccf5e1ce8e5b207addd24ff0654bcae114e21db

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

    Filesize

    952B

    MD5

    0e287ab2eb55bc185d5c1b42c414c238

    SHA1

    da8d06a5766f4288e38e9cb8efdd51ffe7ccc01e

    SHA256

    1f6a3d3492f2ecf69e6cfcdf784ba7b59552303bd245c3539d9b5b45c3c814ba

    SHA512

    da27172e37c742df2432621b3fe6b3a2cf1e479820737c76726e3c3ca9565fbe3b505ea976980eb3d0906db340e19f8c24f9c36f2358b4540d7e4e28a29a8f3b

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

    Filesize

    121B

    MD5

    50bdb61223efe9d96126a0eeb1653dba

    SHA1

    a9f6279889d7683a7badf93c5eb67741890d92e1

    SHA256

    3e36a0cb4cf7997247798b97cf278b09fa99b0aa6f62637998172d9727b49bee

    SHA512

    a7127afa211bceea833ea218f66a40595986db06ad352c190f61770ac3e83739f65db2dd9c84d46750153b92a65bbc3c62900e6253b8c180ed231d433ce25a03

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

    Filesize

    1KB

    MD5

    a6f779c75b72e763a4ca4c534eeb5a48

    SHA1

    9907f7296e04e01f0600448397816b5a338e426e

    SHA256

    4002c1fe04d35d8d052e0aac73ef011a263d80e6821b7bb2adb780e14f21a38b

    SHA512

    f6a5148ca91e9acafe6b300a0aa8a27f2670a3f11e754075fe3cf79dffa9f7736377ea0fb9280f5ce674a31c61563fdc55d4575f671e28ad9b07eb35bf426ad7

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

    Filesize

    8KB

    MD5

    5bfc08300b19288ded6f8356a827cf36

    SHA1

    a0399498fd341322589aa0bc57736da1ef4500ca

    SHA256

    c85af78a17c0b788b56e5b2c00eb2d4c789aaf2bf103bce874669f568cba2e00

    SHA512

    44da679b5799d49e8defa5bfa8d14b52042b62c19f4245bd9e5069d19a916a5d85270feba9a22e401e1169de9445d9f06cace0d87ef322586f89d6f737a92e04

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

    Filesize

    914B

    MD5

    bb206a8b738071cfa06e06a422a34862

    SHA1

    e2c9bed83457bdf19164d092af721a22cc4fa0fa

    SHA256

    e20b158fa62797e467143244729237aa618633f2b977575d80f99d343501dd88

    SHA512

    b889ec5cb6e1bc37f8d0c99c8055052f9a26a268bfd6ecadd506875304e5d26545876390ef68f754d21b517af4f7dc692bed87a73fdbb635d0d29032d532cdec

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

    Filesize

    328B

    MD5

    68b176ce12e990e229c2e93f6d0bc4d7

    SHA1

    e4429b39e5571ac53c60976906946e43689f0991

    SHA256

    b10c2a2a1f21d4cb35b9998cae7e7098ffb1645318ca0336ec2448e624aa41c5

    SHA512

    87cc1d43f6a0ce4d6d2a24dcb4799d1b5a1febde0567d241eb4f38e1201a5031bfa01743e83f3ac130d0cd03a1ad39a98a79346a1910278cc331f81427ed5fd4

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

    Filesize

    1KB

    MD5

    897360a7cf70b9615fc416e3db53a475

    SHA1

    b0515257ae287f221c66f72912e271b885a7e4b8

    SHA256

    adc35d57c90a71f96ad3bc8f3a891ae6eb6c165beff122fc9ea200a90191bdde

    SHA512

    565d3e80238b74fbfea41cb55313fb21ff11369d807515aacbf19200cd5b9bb3ee3fa627cd6f9aa60a66126caffae9d9ae8a9780b74ba40c1984adcac5283838

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

    Filesize

    162B

    MD5

    851a4714c98b95f54022e936e0e44d1c

    SHA1

    b9cd9d2e2fcc838d4ef8480bfb7089a67380298c

    SHA256

    b56a54f6e216d1b9e685ad800d8fc81121db57d6427d7e45af97082bc238ad7c

    SHA512

    f88a14fc3782b0348bf853a39d0830bf97dfd0d56f6fc72fe4c90fbe0711f5291873af445ad96b5029219a11066f6c5733675c79cc67a527359b2ee565f694b7

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

    Filesize

    586B

    MD5

    cc3a062adc5b8be512e62535ad5a5e11

    SHA1

    93ec646acc28cd2ebc11022f770894dd24a20608

    SHA256

    680bc290055932f24871e0d7cc437bf27dd78011414756ac2c887409c6d94c7a

    SHA512

    6de8c1e0df85c5963f02e9f5249d5f06b205d655e11deb7a4af33a5ca9ff05e83a6e885c6b39e61002a9ae6bc7a73b2d310ec83ce89f179a12a1e7195aa159e9

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

    Filesize

    124B

    MD5

    8555d276324ad608f744a64be88617e3

    SHA1

    028ba721213d4ecb91bee20cdd6b0847f0a9dbdd

    SHA256

    a1dacf1448633b9615886812332be1b706e2a675cab812845b38d572d7c5f98d

    SHA512

    6b9a16aff31fea8e297a3756e2b9f34d0b693f0c765291277e03ebd1bb2280e18654763621efc058793235ac921249fa657aceb33976e5c45c0b8753ad2a35c9

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

    Filesize

    8KB

    MD5

    bb36afffef268208e9441f7c082dd24b

    SHA1

    96611707fa30fed956f20c43c1f9fa8c204dcd67

    SHA256

    da4128540028cdcc5e9e3c25cd3aa9f9e1441b2edff4f056c9170fb1e6fbad6d

    SHA512

    f1415422c16a00c561ac68af92c2c51c608b29d3453b73c88f683258e89710fc6e07f3ed6e4beda1d5924a069f9609c65278c13abfd0cf4e7f7dc2cadd71848d

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

    Filesize

    880B

    MD5

    7a3d3c0c59736ffc3e49f45bbe468a3b

    SHA1

    53050b6eb6194a4adf781565e6d6d16ce9443d08

    SHA256

    63acf8bbcd09f40d37982e298fa682fe357888e1a18eb70208716c8710bed500

    SHA512

    37520f505d158bf6b91dc76a41f557781072d981c01888780f7499367a73b5dc91ed779cd656102dec3caf1c39eb16aac67e21663975b317fd1442ada336038a

  • memory/2380-8384-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

  • memory/2380-8385-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

  • memory/2380-0-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

  • memory/2380-9072-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

  • memory/2380-9073-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

  • memory/2380-9074-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB