Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    24-10-2024 06:24

General

  • Target

    72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe

  • Size

    16KB

  • MD5

    72ac44125353f22e5e1fcbc6432c8e58

  • SHA1

    fbf12e5efb4f8ded0aba082d3855c245f13f6f21

  • SHA256

    726fcc36cfdf852f0a226228d94c6257bd04f3ee6d99b95adc6fbc255fb0f315

  • SHA512

    44cf444d8060afc8ae143fec477d9ca6a43c2abaa79b1f67c04d19e8232f2f140a97f0f1767dd0650d32a4a81284eb51c8d2ccc04e13c7570ffc940d9f773e01

  • SSDEEP

    192:azdrr1FG1WDCgmjPZJI84WgxFkuYpMa27OYYaOCIX5jj2J/e8NrXtUA:aprr1gkDCgS084xFupVg48zrXtB

Malware Config

Signatures

  • Detected Xorist Ransomware 4 IoCs
  • Xorist Ransomware

    Xorist is a ransomware first seen in 2020.

  • Renames multiple (2193) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Drivers directory 8 IoCs
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in System32 directory 64 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops startup file
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    PID:2840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

    Filesize

    546B

    MD5

    6f648ef72a22a7904da3de08fd4a07b2

    SHA1

    6dcd74b159f584c64375b97d291497ffbc7d34bb

    SHA256

    c210bf789f938a56da9dce3d5875d54c05f9cec2946a35ec8eb3b36d13a47912

    SHA512

    c0a5c9d8f852eec7dc40dce74346c66e85eecd2f21524a5ab3ef88d938d373fadbf93d171c0883b081ec1a998180a949ba1d33510751baa2e81661d2cc2c3ec4

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

    Filesize

    341B

    MD5

    7bea46d5960d58104f0dc54fd4a98d36

    SHA1

    89d93f8573d78960cc5f1adba6bc4dfe97458a98

    SHA256

    d22ceb226f65b9d7e5a0fae0592655ceef3678c919751e83909f4f19001bf6c5

    SHA512

    a6e91d8a67adbdf506dcce95bdca37fbb58966e0262767cd0c3bca1c1c4fadf37b6df540adb6c0a127dba8cf8978b51932c20d9c5394e8f0ccf0ab668b95efbe

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

    Filesize

    222B

    MD5

    e6c48604215542799106bb24880c83cd

    SHA1

    f8d8fa91a71c24e38414a463c7a4fef05dabe36b

    SHA256

    f511b5683321214ec2e21928afc6df6587decc9b480dd1467bbba60014955ea9

    SHA512

    50031f74c37eb879491d6f844913da1a803b9a978106970337eda0420cbfea2534f6a0a5bc1b0cb5d5ea3d5ad2aa1bccae55470ce3afcb80b04ff579c6fe9977

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

    Filesize

    24KB

    MD5

    2ca632fd110c97d7a02d03538ee14483

    SHA1

    b4589852ae41fdb836f977097367cf49be682fa7

    SHA256

    d33697912a4f8a71e4a215165f2db044d4d0cf05e1593445cb0cbe9fa930433a

    SHA512

    7065352e23445c6256f56b80cd05b1084c4816488d6da071328b3ecdb57c8ea72e6de4b3f78366573fddcae0054d4d7f51d160b8ff6620cce976ceb2abc20c14

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

    Filesize

    185B

    MD5

    abe7f09fbbf00d4cda4e2b1c5d106e29

    SHA1

    d234eee2768924093382c15b26f676a626fd3e28

    SHA256

    c9646be0320f3db2bff205013dfc48c1ab645dcd92c912c869b98776572a8ca9

    SHA512

    0fb9663e89eecf03eeadcb49280c0096d9461e1eea54d8e0d1752625e91bbc5bcf4721966b79c1402e62e660b96beeefeffacdd9d13f233c2ce9af3be5b66025

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

    Filesize

    496B

    MD5

    b4bb9945cd9be668b41860d67c8c4e11

    SHA1

    1e5ba8264e18950e605334026155622226b0939e

    SHA256

    17a691881f509db091e9cb1672156b20b1530246e72ad5c5f41f9a2f9c5b7a87

    SHA512

    f8d3b52690d80e0fb8f1f2894addd9a0f6cbadd51c40b97605dfece0d716231895b55feba60504f678f59c485a65a5335844629d2af4420192fb9cb6c78c1250

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

    Filesize

    1KB

    MD5

    a2a2b9f367d2d4c016c80ad267bb848d

    SHA1

    3c3fd8b3cf923e5926e98af13e4c09d5c7db3473

    SHA256

    14737cc9bf1b25b8e802a4ac6404923d970edbe8c7f197bb440c4497ea8b8428

    SHA512

    22950f7f7dee8bc752e558af1a2b9f3ac5f170b153ca240c78244be8d5a58e4da85def49fb9a42a35077a38b82cb1f8b8c9a772149d4d07d976cf73e7d00879c

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

    Filesize

    341B

    MD5

    2323a3ec9d5f0a345c1919f301ac18ee

    SHA1

    6ffe77d64b4d50b5d6a2f4ddfe030ae9a642f3b2

    SHA256

    e001c9c479fbc0723b8d8d3ab4ddde47a7dfe531a0478164c8659dff529ff127

    SHA512

    fa2b27b14e5aeda0580adcc3a5ce7519e9f3235946df5434e8a5fc30e099c5bfa3988ce06fd8a8b7add4a89211577e526e47a9a24b13903920290266b312cb33

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

    Filesize

    222B

    MD5

    da066dfa05d7b304db6f91acd585d8ad

    SHA1

    43e71f4010865facf8331ec2855f35d23af88e8f

    SHA256

    3417605eb5d04dfb12375d70d9792a458a3934b0b710b87d1875eaa57d1f932b

    SHA512

    f478fbc7e92727b9570a6351322dec1e57a8687a10e15d4e2ede8ac0995da227ddfd2305c9a8abc495d40aa4d778a1d28c4f1b89f6db983c6feb504c39044d28

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

    Filesize

    5KB

    MD5

    577864f5baf598cc30647fe14d96ff9c

    SHA1

    eed53948e3ef9af30fa48e78da91dbf999a889d4

    SHA256

    807688da9a712d855296883ea9562d99da259b1d88308a005056d38242307e1a

    SHA512

    a0ea7947ea0dffc1abf38d8da50a4ec2095ae9ce87c2a35055e008a6c15ce2efa3d2cdb6577b2be7b64baefdbf38507d4e8351d5f803ab03e40618ce706bad83

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

    Filesize

    31KB

    MD5

    4696c691b12dd49d9e563117a8f66c0a

    SHA1

    554f1ec36167c192d965a5d7e538c93d5dd7cc85

    SHA256

    8f3f0d0a0754e758426635bf8a08204f32aed889ef3a00565939ed8b3fe42a70

    SHA512

    327a1f8be48a5a1c1d84c2147418cd173288161b142c02af1a687cbb18938f32c4ffe7c6994590e68d03def5ac59a0da05a4a4f04182a36d1bb50d63594ba383

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

    Filesize

    4KB

    MD5

    b84351287c9b0e6ad4ed4f44964a4bcd

    SHA1

    5ed70eda64edfd99816d859741203c1480282cbe

    SHA256

    8abaf5bb82347500aa591318f30ebcb8c6686f1e5bbe652764405c09a864fcad

    SHA512

    859a161730179249fa52379d4aa73eda8e549f9f731b224c2752dfc5f8ae76689225ab24552fe8e18052fe035ff2f71c2e6ef91102f5f5429ad9fa5aa2ad4bd9

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

    Filesize

    21KB

    MD5

    a98e4beb06bc0aae0e0c18c7cdfa70ca

    SHA1

    aba50a075297fa2992b9379d54fcd51c1a371ec9

    SHA256

    e5fb6d2ff5bd2947352155182b2ea5ffadff5c8e6ccd450d54362060eacafa88

    SHA512

    a850ce5e304a4d61555bdd7d03e1e231b2b3f05df0692415c29757c9bbc5ca56b3d6d8d4aea068a8c402fcb52315c06badd01bf04797369899020c79612024a3

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

    Filesize

    106B

    MD5

    fb467ab745d63759f9d7bf1216df7f2b

    SHA1

    4d25641eb12953b1004058310820aa7e4eb3695a

    SHA256

    2dd264b7e962c74b328ed35b1fd5991cb8473e74e1429e7547b4292ad608f58e

    SHA512

    7fb712ea10f3724fc1361f46057b7fd046747d59b26fa4d42f069774f605116776f01bee0f2f7c80abb120d40b465d4a5b5aa0548d3d941865e5843ce732117e

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

    Filesize

    8KB

    MD5

    41ba9476425a50b81f5ae6578bcabee3

    SHA1

    b2b32cf630f48659c3874fb519061b3f223240fe

    SHA256

    532e6f28b528dc8a09a383fdb4438b7ee7fb7a9ffbb1d3a0d183ab5561cbbefe

    SHA512

    7d66283d7fa77ff3a1b696fa1c4db620880007f2d7366180ea951eee867e676efd1248a63c9eed325fb64e1d239b8b5ea3f5ddcfccdf451dca6851b6ce266f3f

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

    Filesize

    15KB

    MD5

    32c9ba068feace298fc7710ebd035a9c

    SHA1

    e98b71e1998f34d7c6f2d8e9182d50eebe4cbe42

    SHA256

    a444c837e3408d5d9b7e2e1e010b2f132bf2a848793e17906158fa807ca00e83

    SHA512

    29490a40a3e8af3af88e1dce2c2cc5709e19c9712e0d6b7bce4f0a36dc68532c1c76d851a16cb506870670a3511d8649755098644a298c35434f767affc6f784

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

    Filesize

    6KB

    MD5

    58f6f39924f48f9ce0ed5cb784d91a72

    SHA1

    c0810f8806ba4c535f8055fe91363a7052aa026b

    SHA256

    c3e515ae5c28cdb6ff6a476d76f58f43c05c9c6f5104d63d462bdab978a55a2a

    SHA512

    2bbfff67cdd0f708f25e25a987f0bb985ec58420cb2a114ed7124888d328a1e5b41af2807d8340fa655519a88505465007884cc9977ebf0a6d746ec9b1a8d46d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

    Filesize

    20KB

    MD5

    64a40701f7a43eeacf8f3fcff3b41e10

    SHA1

    022767554976feb4041b0dcd3af6d5c0bd30ad70

    SHA256

    ec6fe3afeec30b996807c50b0f7c954f8ab503ad4233c7b81bc81cebf71218cf

    SHA512

    556763e05fa3496001b0835354b6ec212d186f1086200f028542c82dc25f7c7f38e6be460e8a960c4b16d175f2999e4493b6f71abce6c707ba1f01dfe1a149b8

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

    Filesize

    6KB

    MD5

    26adee8cfe4b5b8ba187334eb7474999

    SHA1

    264711f8eee5d314e8afe7d58fafeb30dfb7f1c7

    SHA256

    723a7f7bf8bf988568d259bce853c5e2818a2626414d712468cec41f7369f7cf

    SHA512

    96c868bfe08949030d4524f52a62a16c22e51648b3286b0083300baedb28d230ce7ada03693a1cca7cb12d794c3dda3bb2aa52d5eb67ec4a15cd895e7e6dc155

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

    Filesize

    15KB

    MD5

    c6067b885a18b6b8db19f3db3e9e8e54

    SHA1

    1012548bdd795f5b0cb76d4294ba3e0d5f9b9a78

    SHA256

    d6396d4fccca4c6eab0ad84e312ad4ad10cd7dec1c83fcf28277d2c1234eb259

    SHA512

    835d62972edf14a9fb5b2f8a807f3a80fc4a3e19c858fdea0c9a54591f8f6c2b9fdc4a8704e4cd194c1ed08743d3901b79b09356b6d119e516416315e7e6ace7

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

    Filesize

    2KB

    MD5

    1e4f83c2a0abac52a735a8bd9dae3dde

    SHA1

    9453502d5cb5a1ad5608eb5daf69fdd0d940d149

    SHA256

    4dda1d07fff2a97827c997fca64efc7876bf735affd2efb9c478b9d4e4359694

    SHA512

    ac056d385a4a8386ae5d1198ec45099607ae456f138859bdec01d8bda9a0649994642e1fb07bf0cc9ba16c05bf70a6efab6d7069c91cb8dae4a81a9bd8b21fb3

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

    Filesize

    2KB

    MD5

    29ddce6613e95501427e0c634d57d104

    SHA1

    bfab163ad83bf1f1799b7b66c8f142d6f44ac6b8

    SHA256

    db17c1de05e7d31955daa34c7c13b9cb867f4702ea2d32ab31213770be5f2e28

    SHA512

    17372dedcf033b8356e171460044ad73efcac81f03aa327b3a14867a4caed18cc5ec370fa5aae7c0e085378fe01968e93a386776080be1a9a99cc43da8b9989d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

    Filesize

    6KB

    MD5

    c11bbd80c52513f37929b98e8a4dc8ab

    SHA1

    db3e8cf4249ba1ec64b3bcbbcd387d83270098ec

    SHA256

    7f3d3da4c335689ddd3d6bf64911d59f2d01d6275d063db2b43076101a32d745

    SHA512

    f53c2c09054cabbc402990e3e597695bbc651aebee1952c72ab5534864eafddbe0204fa92f48722fc978bb587ab1f0e68d79c774b3f327ed9fc843cc6d2a63f2

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

    Filesize

    255B

    MD5

    cb028f7887fa736534be7ccd1267c4e1

    SHA1

    2b9f6a658946d7691ce873b0d829a340516ef7c6

    SHA256

    d5750f7e12637941a873d2e4f77d5c142cb9b49a095b603cf91fc1d8ac67ba99

    SHA512

    8710782431a9634856eee24489223dfd41376f55e4eb54fba84ccefc34ea9f6ddc8f0ec2d0dfbdac5daf16ba55dcafe423fe70709c3cc75a4e63e005a2ab5c5c

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

    Filesize

    323B

    MD5

    19ec95c328989f1854b9fe1b02786cad

    SHA1

    9409dba6dfcc3fcd417bc8e3569f1af54a6895ca

    SHA256

    d4dbfc0b5baad77cc34b8d619f0db68c4003167958b311d164817b606f8f7b55

    SHA512

    d02a2b4ee9dfb1506d052ffa377320fc8aca3f9f97bd4ab248cd749f153661c10cc945c0088f4977860d479d2ac551633255f23b5ece8d2550b330eab3f35fd5

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

    Filesize

    367B

    MD5

    1cd955372f1a49d6e538b20301944e27

    SHA1

    794e82371ea5eba3020e4cb3bf09b7a9db1d5985

    SHA256

    ef3785a60edbf17dc262bb2ce71f0dc76d5d13d05d7ac6029ae5a8292a0d4c75

    SHA512

    6d073e1ee3e71799c17c5e685cdd6eaae17420b069f4a418f8e4f7a7969154d5d5eb3a60924419a795db21f6f4f7101bace0344c837bbeb9a7bba4965b1674fa

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

    Filesize

    148B

    MD5

    53ea6fb9d894f0c7f898e0e147d72815

    SHA1

    9489f46882c7ad0fcde366924055d6b75f323c30

    SHA256

    1a676d430c2c9ea9eac43bfbcdf4ea822e862b6d4a716a889d0a4d2c0e6214fb

    SHA512

    0f40a7833ecbb66f09d9e41bbc05bfada0df49ebd88bd474f7bb71c2f36f226a447d52d5c550d3b7366423c82fd3f6d423c53b8e67e3b025666595e2684f59ef

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

    Filesize

    440B

    MD5

    249a0aa2ec7bf0b07b7f241f1aefecbb

    SHA1

    cb2d3c0ae6de124e0f5967dab3010372579918f1

    SHA256

    d0f527f5381a00e53d66dc09978170632b0ba66591c8b63b9ef32fc55094de63

    SHA512

    5e2b2e03f05b299338cbadb1f0881c26a2513ecb621345a1ad15ce42bea1d2800e6c591a44d4d6ae8502f772deb5c13667787e9bcb6adb7deb2dab8c499619bd

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

    Filesize

    462B

    MD5

    7f057f63e18b78445d42758933086d2a

    SHA1

    e978ba33af70c0a00656078c62658d8fa21cd982

    SHA256

    b545f3fd2ffb364d709fc163653f710f1f73b34419bd9b18f11e773b024682a8

    SHA512

    8c200bf44f017d3ed9161855d787529e00238618250de28b6a107bf5f0b6b6d387967852a71041bd6d4c0bd7afd2e8b38f3a30fb11888f366ce666ae10100f0d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

    Filesize

    267B

    MD5

    35687fd3f34513b1b242fdfb509d27ce

    SHA1

    7bf1973b3cfff3eeaf1336ecf914de2ea462e3cb

    SHA256

    fc2ddaa59f880e8f3d7996bd61b36e9c3fd22b7980459d218d7eddf9c4d2ac4a

    SHA512

    2f531b15686b27b109a72b74248ea339f65a59d37064d4a2a1ca8b9212d884b6b061805f03d4dce1164afa999efd2ea9a9fc9fa099a197f872fba577cd1a435d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

    Filesize

    2KB

    MD5

    18a18643c90a16fed7082af83e17c89b

    SHA1

    27f82f48ee87795815e192f77a10338ff91f5f3b

    SHA256

    69e81b22242ef9135ee4bf6e03b234da71555b47df267765140f85e1cd1a4be5

    SHA512

    817f81fe8cd4ab5f2653f66c5c591a1a81ced26052e2c5d37c830fbbd1b27cca34caf449cbb0b9cc9e184bee75a7782d0f7424a108d88f1f3d1d65a1901a0e17

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

    Filesize

    233B

    MD5

    3b1dfa154fc74aaf54b8d0c4f5c1c74b

    SHA1

    97844fd9ac37a3c2fd5dfe04a4ca713c6acfc367

    SHA256

    ecb6dadd9fe17530974b5996024b737273ce02e620fdeafb2e7bac36fb0fc1e6

    SHA512

    098544b31495c37ce21c93d233756ab61d6ec467cacb82a547f027361586a3d887258f7ccdb0ea7ec3919efda6fd8969b988f6d4b6d5b4a7e6725f7ee694ab33

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

    Filesize

    364B

    MD5

    c9adaa03684213a9e23009f2b1116099

    SHA1

    8209d8eb33a6eab2f897a44d6ecb4649445dbc4b

    SHA256

    9ea81aa4e63da10a529349b3083a48458ed8a57790244edc22ec10bfa224eb1a

    SHA512

    592d6ef77bd808470a0ce1c9616e701aad275a61f92cc05521afedf88d45874d5bed290662826c0ee4022208b1e847925dd702bef6097333722d837755d5f737

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

    Filesize

    364B

    MD5

    b7f1516f48768f27a432a67f2df6462d

    SHA1

    cd22854e15c35822c8c3e400b273af8041a15b0b

    SHA256

    f278cd0bfd2e19254b56534e0363b7216230340c163335ecb3ee9382f3df4a7f

    SHA512

    3567f5de6fab794974efe92af46a20a82295332975e7b3a12520906180c5be6db9050a6634a28fce7ce6fcf70a34a8ec8ba726824fdc3817b52e1a558c39e5b3

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

    Filesize

    6KB

    MD5

    5ba3e287921eb88d2e2a783bd9179d4a

    SHA1

    6bb739bbcdd2092154d284757897dcbda669d9c7

    SHA256

    1e63cbf06a8f54f5a2827ba2dd946ee4ea4e4945086affeb7bce002c1e04dfc6

    SHA512

    5346398970f327a292ede7ec72aba7484183f7e6115abc1a3654d71fa52dcc97aef48093b3fab41c7548c837e45fa5220ee8bc5f3f4a0d9a74ed11a73f4c871a

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

    Filesize

    428B

    MD5

    812f026b50bd7b1ea01e71beb3776e03

    SHA1

    12a21f21e004fecffb859189c2fcd038d8113144

    SHA256

    cd97e43d7e563ef030683adb669da3acaf9d1c968bbf3ab3676ea477a703ca09

    SHA512

    0e1e30a3d1730769de3313814a0da618ddb77a6ec9a21c0a32b411100af037c50baa0b6e66344bf2393166e1771f1b5b0c07d605c99fa8bd1c984d6a49a6c9bc

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

    Filesize

    815B

    MD5

    468f3032e40ba63d116cf99f635a9fe6

    SHA1

    17f34e9521a3166cf656ab2388f524d1b736b4f2

    SHA256

    e78004c639ee6efafb9bda3e1563afbb37e049969bffda28d27c96958a2109ce

    SHA512

    37504fcdb67bea6c7097c41dca4655809385133576b763e81874b1b3b283b6357e4648a8c79dbe8d71737545a47d2b69aab21540187b714f9854ac6fdd26983a

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

    Filesize

    870B

    MD5

    100a534178dcbf448c24739a82a707aa

    SHA1

    83d46d259132546304d4b5c1423390ff0117f5fe

    SHA256

    3b0234f1884257a3ae5287a10b60b9cb96a6adf25d505d39db956827a4857fd1

    SHA512

    c54b96a293c1e79b3146a24a82030e91415e0aeaef650aa6072e5f5f5c7442099c9e5e6c6da9cf36b81011b8c6836de97ba7940e74b2e44f1435434fb61728c5

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

    Filesize

    3KB

    MD5

    6d0fe54aaee6f96da6d42886b2ff29b6

    SHA1

    dce76c6320052b120c446ad31166a37fcb4188cc

    SHA256

    067cac75eeef4035c1de088119b7eb6b25f0864aa7767497149cf27ffe74aa4a

    SHA512

    13fae1207a678e7d2b7c48fdcb8e7772df9cd02cb11d7a8a8c84d50e94740191bf9c369be6ec24f61334fca2620c3b2d4df1c56ee32a0b5051b6658aef30be74

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

    Filesize

    2KB

    MD5

    805e6a03c166895a9277f83f46fc6837

    SHA1

    39e85c4607346899a15da925b380a0c3707ed166

    SHA256

    2531580c09974bb8f64e45d2bdc6db192ead95ed53532a60978f07710bf45f53

    SHA512

    a9c97fca772c86172aed29323a4c220d2cea53c438d718079907d3a0f42efb7d5bff709f5657521663df55e879d39c6018ceb7934ed30bcd9e4876c5a3f98f87

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

    Filesize

    19KB

    MD5

    e1e7e8bb8506c2088b243b434cd3a1dd

    SHA1

    754cd6202a727c94fccf2170c5ae221811c5733b

    SHA256

    8bb367f00770b4778b06be8a262848ea1ed3aa2030203168fa83bd4844f3bb31

    SHA512

    099b1302652c2caac8d77776fe460a3f1ed199e4dd1b7412ad6e2355ea8b285d10a2e00134bf4764b10b396105c808e740a87a9a79eac703c0b9c086dfb38687

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

    Filesize

    890B

    MD5

    db5733edabe7a0b179dec998cd34b7c6

    SHA1

    baae6b2d41227f15322087a16771d614c1bb24b7

    SHA256

    8e2cb930b8249829f58c69bd455577a658f62687ea59f51f4c764f51e196a3c2

    SHA512

    7154e921f2e35230187bf69bad7c2488b19a6510182cdcb186c31e96b4664bd58a5c3321d6843c7bb66f7f2565e8140f3f1b347910bfc8060e4a9811ac471a38

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

    Filesize

    852B

    MD5

    4136ba98f6ac72f1117f7258679f58f5

    SHA1

    bd7f2e996e36d64bee303ffe257b5e49a5dbfe3c

    SHA256

    4642567889570d650d06de6f7f9e742157976ffd7bab39d7fff2cc8ae7bf7725

    SHA512

    aee805415a69c4e0ee63382967d698dc69355c3a7194ea567391f9faddd7dc16c16c779b9e7e1bec8ab40505c72446ce7fac9f28df042bbbd33e07d4e7196183

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

    Filesize

    860B

    MD5

    61dc187d50c676254426b470d51a639a

    SHA1

    d810a46a81ad489911031bb47c9b0e2e3e8e356d

    SHA256

    882d58b2e319b1d6420191fd9a0201389b3c942c65af44413119c9c1f180abe2

    SHA512

    4798ad9b0837c694a3c565ef4e968e34766617dbf9275bd6271722b564899d6136ea32e4e75470de48191ad13ec74f8257a41b0d701b0c86f5db717badef455f

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

    Filesize

    580B

    MD5

    02491390de637110c9d75c622e0fd1f1

    SHA1

    2653edab4b1879903cf65182e49a85f06b93699e

    SHA256

    e2ed9fe55d67fea0d6049d505f6f23a001212cf59c6e4447219c6d7c9c431d09

    SHA512

    25cb95a97d5dcea8aa0c87dc91639778da2ed93e7e20871bd41b91c2b1ae7d29311e283901ed80b2299b5ec14a955e27dda71157ca51e324ba4104d5a557630b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

    Filesize

    899B

    MD5

    672a93e88109abc9ec30174b10f33b1d

    SHA1

    7756f805789aea9d1c5d6a232fe8e13bdfc0fc88

    SHA256

    4a3b3071439eb05bfbba484fd4525cb36dc7a947a6ca59ffa0f2ee1fa5ecc91d

    SHA512

    91d17b640bcee3f6af4ececab969a26ae78fce94b6073534c5b82b26fa0f2992f32269b1baff05f9b004105e5ab024b33f2fd47e9f9cc81a50ee6c0192f955e9

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

    Filesize

    625B

    MD5

    0df2295721edf93a94408de7c548e416

    SHA1

    1b4eaa6766e9c44d61c3b5c32ce5d69ac8586e7f

    SHA256

    9c5ccb9a80b4938c93773a1afeb17f8e3629243a44e9fcf10c194bc6cbf9c203

    SHA512

    da2e8e35dd716a1756bc91570fe70481ee92632b3c320583d6c1f3fc9c1e8d72544da8682a1f1124d5763b52896fc84be0e376e8016ef674697ff39230dad870

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

    Filesize

    873B

    MD5

    daa0b6e36ce670bfc9e363893356ec64

    SHA1

    beb6acbc3f42173348147144ce9c84de1bba38ed

    SHA256

    ba4bad41d9165308e98bdbdc2a5ad6db4a2c66f865bb02f1c5a9fa6baeb9fc00

    SHA512

    da94e2a915ffa44d38f122cd69a77e490607a4f9703dfe5750a4e1366846c58dc3c0af717c6c5edd83b57692afe54dc5c71561e4d454d68fc84fca8e0f1857b7

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

    Filesize

    5KB

    MD5

    f7b4ba8a604c039bb7033fa0a3edf397

    SHA1

    33f55d7358e88a5878fd9fd4dca1b2892efc5267

    SHA256

    e1a3f3137de3ed8c6f8df4a35addc1e8a06ad98ee117c3cccdd2ab23558f2562

    SHA512

    12ee08dbd37290c4347efc3fe9a9513e44bd8602c6ed1e9fbce5ee8b8df8f6cddbd4e3da8b3c69c495899a4047d2be0f1cbd74515fe7f7fde849680a5e4aa8c0

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

    Filesize

    1KB

    MD5

    dc1d89bd1d74dcab82c33f71db4b8df3

    SHA1

    5e736e0ee83f5b0ea85cf1339b2697be43e174c2

    SHA256

    2c954f0ebae81832f49c6040335d22b3a010ce305f5bb9974f4c70f0b1c12f09

    SHA512

    7464c2b6684ce3fceceb7a9d59bd5ffa08e310d7577fd5622c4651e1e7f0cbf5c5c3b94d1c537482d18fba11c54370ce197e025f511d3abc481a2273b7f8f3a5

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

    Filesize

    615B

    MD5

    291b65465f5339296ba78bae9f757d9a

    SHA1

    86ed692b645d46f145f7ae52ed4412c944327668

    SHA256

    21bfd3e9e70bfca4f68d464d62f05cb1d3800de56e619d7aa8c14f1cbed9e98e

    SHA512

    4f923bd3244e025f29ea1520acde604d610f9cf453d804736da41bcaa88675e70967eb466586ff4f66cac59db1dd7739fc3eb91ca359392261d7492a8363d66f

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

    Filesize

    848B

    MD5

    ff1b4bdb676f19564289b65822fbf254

    SHA1

    b0a0e0efa2155acbece8ddd3e04c204322c1b806

    SHA256

    ad513bd00d5d2e9707887868a434cda8ad975e33d9633faacb21650bb0ad363e

    SHA512

    987e3e8dc6380af1066bf396e116cf3c9262852c0a3783f9bcd2d64fe86067d8af3be33e66317c7bf12db58be31d9ae34bd44b25ce13dc653d0a3eaac038368e

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

    Filesize

    847B

    MD5

    165ed7d34792b1f3cd510144d2c04d25

    SHA1

    dfac2d536e61d1aa5c5a3d3e4a1a6f98c3618e60

    SHA256

    d683aa4788ae465fc40b37b6b64213815375c888525f8e0f548e0c8386b5e2fd

    SHA512

    6b2e9e5db4a35513e2014084ccf6ace95d9d8f6706c60f69a3c49fa986f6a720dd04f4ba5f995dcea0b29658f5a17bdb70a3fcf3ef1b797de67cbd2e8dfecac8

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

    Filesize

    869B

    MD5

    b899bd7a68dcd72d572b30884910f04e

    SHA1

    454f8f948762fa42b88ce62c660af212bfe018d5

    SHA256

    ef5bce4ea1ca134cfd16bd9e86a3bb473226ee37de21f827c0f68912c34d7645

    SHA512

    10a6597b064c478d88a2479e462570365dd0d6e319f816db77ab0fc480761afb989a69d537ddf1a5bd2e22bc3d3c71d50dfe4f3ad1bddd718f98c20b50463143

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

    Filesize

    847B

    MD5

    0251e651165408ea0e1c25e1ceed6d4b

    SHA1

    e1dafaa2682dcc6458a3b0065bb5987553a38c76

    SHA256

    eeaffc7c6399627542c2ba046f933ad4e8843296c697260695c9c79f802cd0e7

    SHA512

    99c30d02fd18883d538b0c093cb28fe0ac5dbc3acf0a93b3cb74ab97ce1624e8789658aa3dcf7f3160b3b02b1ca72898ab2827cb4ad51b9add631836317dbd54

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

    Filesize

    863B

    MD5

    65401e0a3d4cf27ed4c57c101da7c033

    SHA1

    19d62b3c21eb4b36717edf5de5ef78dfe656b2a7

    SHA256

    d03b41ff98d3c40ba812a67f4dc15d8be34d12c039ef1da4819338874bc2a5ca

    SHA512

    0305d64cef65166a7460a41da81076aef3a71cf080c7f7faffdd60cf7ea3d62bbc7868cee9f9cbb3af9e13c38f630bd8e633e271ac1631621ae8ac4e0b96f97f

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

    Filesize

    861B

    MD5

    77bae7919bd515c03d1a20fff390749d

    SHA1

    04f1cf53444d85bf430aa9c16debe7b752196f4d

    SHA256

    0be3b726e4e545dfbcc893ac9101921b75323ac53aa359b1af07ed5823e9c749

    SHA512

    fd2f94250de2161c5d74e56b815657057c38df7a5b658222b7095b9abb7eb8296c077b5a6e0ff4191afa8e45ddb6c3aef073cd718a3455de2a0463e1a36dddb2

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

    Filesize

    850B

    MD5

    16da124d2635c0c039cd8df530b56814

    SHA1

    dfc92e6202939029e525c985fc423e23d4092922

    SHA256

    a1716aa49687e0a644b0f6c0fe0258dd39ca4441c3844abfa34a98b44a3d503d

    SHA512

    b7c401637357bcf0b4658f42a33b54085be1a8c746f53483309fab3b1ab1619448cf7cb3f324b72d4e22e21ab8eab87f4185c8473bb2df1539d6b3f92a52efb6

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

    Filesize

    883B

    MD5

    5719b3659ea7b98966ea625334be1228

    SHA1

    6ab9608b2654a6f03eca5965408c0100eb2723b4

    SHA256

    b4f61df4bf46c484d1c42bfcff2e14905b213a2acf577555f9fb819d8e9a8254

    SHA512

    8e9f3b822a118f1e2e6641b0ff92b5ed49c73410c6d3615b88f94811f61a31967f0d520a687ca9cc3774a7bec7b22f18b435416097750d6b03070a34d9c576dd

  • C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

    Filesize

    153B

    MD5

    f99f517a9d62044a6ba96e5514ce99e6

    SHA1

    59d39f93c7f3a6469361e25f335f8115d3cb8248

    SHA256

    3216891a9fedb9e9a02e4fc32b56c2ab5f8b6ea013e27e1d8ca26e7f05642961

    SHA512

    100f3118f495aaf087fb638314a5572b5ff06b147d206c6ae7f5b6551b97e39a514338709313c224acce7b2f735adbc51701676712eeba50fd681b86465f8c2f

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

    Filesize

    12KB

    MD5

    73e26ffc2f27f3bc58fe6d23ad2a6655

    SHA1

    817cd7793af53e940ea29d1be51b25665d9cf639

    SHA256

    6b87a7fc12dcd4a25d31ffa7d488191730f333a06ab9ea3a57c236488a196fbe

    SHA512

    f52d66da22b576ab9e20867510d40f25f9f5896fae1fa24f3175587df32922fa112edbb4ff77517745a59636e9440544c08cb8e1c75fb9903f4065b3c6f56aed

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

    Filesize

    8KB

    MD5

    6fe875f535569b7bb4802491bdb9ef7b

    SHA1

    3043d3bcc53afdccf42df675e8e0dea2a1615535

    SHA256

    3bceda4d694af050395914a51b8b48df9bf222e3dd217bccd709b9ace1faba83

    SHA512

    bbb9f9e8baf71bb446af15e66f2a6a943b613cfc18bdc8e1f46cab4575b549f9db663c82cbf2755644786c35b192dceed8876f4f7b537eb62199e1cd746482da

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

    Filesize

    11KB

    MD5

    720d4201758e5272ba502fa08e5ceda3

    SHA1

    0d95790ec67b7e9706c132c77a4e62ab05851e21

    SHA256

    5424930f701154fc9e05d7f610372c95463c7d7fa0a09056a658d10865a85553

    SHA512

    951cff8429c6d1a2ea63c0feb8cdb520ed386bbd896fb8ee33bf136da1ce8b1aba47a83ee84a634f458a8017888c0c4415acfe0a15259a2f18134c0843630ff6

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

    Filesize

    109KB

    MD5

    baf26a0658b5abfaca9841c993ef5a4a

    SHA1

    75b281e2f0c9756539bc28214952e7c4cfa3d901

    SHA256

    572921cc25cf5f9e59009ab7c02c9a22d5281c873bd3184b35cc91e9d98c8ce3

    SHA512

    9cc95d4a985f48e33c50322be663930b149617d0d637e2c42fc2df6d490d300e3543916a43ae7757c7ddec800935c104be9c0d63f65bffa5ff1c57f877992385

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

    Filesize

    172KB

    MD5

    38ad9d588edf742ad594a939893563b7

    SHA1

    e47a6a2feada7cd9d59fb77ff6dde616c142cabf

    SHA256

    5c83a8ca1fa93b5ebd4932165e4eb3d11159026c58c548bed028624c3cf35828

    SHA512

    5317ba65e4a4224f4f92dd3b14bf642a322ac49ca40734d7d23704085905fc494abbfd697f402318a5c858882c5aa481cf91618c5d1b4fbef6095d9ca996ad4c

  • C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

    Filesize

    1KB

    MD5

    30fed964a05a7f31ab0a596e089cf240

    SHA1

    80a284f7aa5baf801f83206906c4e414bf1d4db0

    SHA256

    01a62d02069cdff10c707c9ea0b353e5700012ea73e21798431340f9f9b18b46

    SHA512

    53686bfbff158f85050835df176658133da39aa5157cb8dd17317d047eea8d6b6d90b8bf7b8f35527d13f3c61d51f0a61adbd397e50d061cd329e973cc6d04d6

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

    Filesize

    21KB

    MD5

    5045fb57000d2eba0b6493db4776bdcd

    SHA1

    f5b82e684f4ef3b8308072726a3d2d78a6d2d57a

    SHA256

    d24b0b6902aba9a08ebaff2a4d1650372566e38c22e16c7e6680869a0cb2bb29

    SHA512

    96b687fd46a8ae07cc118c6048a63f3a9690e4d7653ce50ee8a32a575fc712d60f3c9e8c225e3553467f096987a658857cf89a8e44a3afce2c806b396a0a34e8

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

    Filesize

    1KB

    MD5

    1adacf2cdae6b6d9ad82fe1bd73721b4

    SHA1

    b11ad374423beea4934834cdfb5d4af4ea015fa9

    SHA256

    c3b2892ade1d41e80163b79f6028a312963f524f1c388d4bf27448ec83034869

    SHA512

    6b61333571892e7f05102f0cf07f34c53fe7bb16bf4f90cb60009b81809e2efa1d3abfbe0c49987db091b928bd31bc013510a1e69f6bd418d19e812f73fb01d7

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

    Filesize

    952B

    MD5

    f690ff8f1a3fa6157c8b4c5757074fbd

    SHA1

    a06aedc04dd3ac525561985e223c6d59a12ff1d1

    SHA256

    b52bda519d461d2cdadec6b9e55467a285cd2d0fc16146934a2e40f283377c27

    SHA512

    25ba47cfc074827bf3986d0f1e993491363984d62d423e50212844455b5dcbefaceb2ac40ae8579e60cc91e1c92ad62c962e799d4cb5e01cf2ae5c90f31a06cf

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

    Filesize

    121B

    MD5

    a530742394e42076d12a656c62e713ff

    SHA1

    35f804e3da6801c74fd3f89b013cb154688ebed6

    SHA256

    98f7fbbbf1e522289bf85bd1041b7a000a75a26506148bf1c4ade3dc5cdf4293

    SHA512

    c5649a1025f517cf023dc5ec6bc63f0dab8448cc5b01fc6fa49a6491c6241c0796d2349353b577f5445eb5254178d2c8f12d6a63265e3be4b5a3df56ef89ef36

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

    Filesize

    1KB

    MD5

    eb1130fbbdde8679c783de428d40459c

    SHA1

    b5aa5acb5c5ed87452a209a2fcc43b65e9eb7c17

    SHA256

    ab3bae093e87f682d46bfe57f1fce7644719240a1ad001510576d2c9ffb7ee90

    SHA512

    065ceed4938857cfaeee5fe889c2cc706c7bc51d773a3e82bfcebc29826d708e5cecb29a0b8868643f213f86bee66c3cb6e1abdc8a62406eb141d04be6ec17fa

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

    Filesize

    8KB

    MD5

    8932eb3d8d98be3d6b7b816f9b4c0451

    SHA1

    db4c03ef9d1589db0397d90a8ad5f3d2205cf035

    SHA256

    ee2bdaa1fe5f183bbedd703682d5b07ca62830555bf8b20d8883ddd5483b5f81

    SHA512

    4fcd1ca131c3e932bedcbcbbfd56a08d7035296ecab392ca27787b885063a5d65f3b95e1b991d425c445f60586b3bd334def157500cd440beb4958cdeeea11a9

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

    Filesize

    914B

    MD5

    d02f250b3d163e8667201ac3d22120a4

    SHA1

    c53d171ccfe80b49214c4d4698fd48f26a40fc77

    SHA256

    a4277c1b5434bd3543fec53f3a49547f9e08e235b068eb0661e2ab8e1330cec3

    SHA512

    4d609a7e0acf23671030fecc01da013e6fc69ad48bba19b5f01d7eca2e1a5d8a2856fa308d878308c21270ff67431145c44962bc8efdaaad81a1648f55036a09

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

    Filesize

    90B

    MD5

    f0e4931ff203bb8f312c220ea7288e52

    SHA1

    51e463906e2b9cf85da5d4610aa859f4ac9480a2

    SHA256

    48cbafb9dffd320a878aa4220383e2d61c27027ea9c4b39dcb6cb94a5379dc0f

    SHA512

    d086a205007a19ee9eb1c5eae7fdeb41912c97fed59bfdd98812c9af0077d28c75bee571e702f53488d006e245c58558c37cfb9f3413a553b7fa464f1dd710ba

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

    Filesize

    90B

    MD5

    03d03e51e67959e9455df43c06bf58ea

    SHA1

    a360804bffe0dddfcfd692dbe5b2b977207673b2

    SHA256

    30e7fad37d3498dfc5da9f21cfc57496b2ca43be39a90f9eed2bc6f1ce62b0f0

    SHA512

    f4c58b2ce4c53401cf7b0936268e589d097931c3adb174aefe4eee553653bf825d599c1db3298af43a0187c1acdd417716a696d50ee762d5f075d2dd1e5457de

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

    Filesize

    328B

    MD5

    93b6a746956237bd0a4cb2c056bd7f12

    SHA1

    d51602b5c2a10308c58397d58fc934b54dc13535

    SHA256

    28d9da29ddac12cfa49ebad9d26d7dfe822a947864ad68ebbe3a70ad728f2168

    SHA512

    1305bd5b8d60b3295f2914854e2455e2161452932fc3d4ffd9e7d85fff592ff92bad0f8aaeee836685090d270a62f5646c45930f361c23d2e750c8d1374a5d94

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

    Filesize

    1KB

    MD5

    77bfa2b6d0f3357b523912f66a2d3fda

    SHA1

    3d1d9dd1815fbf273bf9192181bfac55c39a2a51

    SHA256

    e491d17e6d41efb534ec224abc42764c4c59917fca6a48cd09fad6c01ec7d5ac

    SHA512

    83b398bbffb018fd9b3a058ab52b7c49e380801304422b77c2cbe18500614e8b2c7e159505f2c08d6b711f75e6930b18322208852f56d51841719978897118c4

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

    Filesize

    162B

    MD5

    d94aa698224d3c806c512be368d747e3

    SHA1

    abb2ba77fbb3dc23298feeb96d60b0f5c67d4b94

    SHA256

    bb7ba5f7ba5762a5664ab18c3bb4863d9ff118cb6c6ca4e515056983014e0a32

    SHA512

    4309c3e8f226e832cf68e9de2c8d324023b92bde385229b54330cf113a95a124a8493b0d7e75e6e314dad6f1f49af3f827695b754b013b67fb0015de522898e9

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

    Filesize

    586B

    MD5

    28aa555accaf835adfb8031bb9b9b69c

    SHA1

    baded71e444e155d76b11954aa859a1c657729fd

    SHA256

    77916e19fc970aac1f38891440604ea3311752ba17794cce99d082a5d7b3d630

    SHA512

    b4997e8055ffa2a8234e71d15a142e2a52e482d2bc874b1a4abde172fb86b91da47dabb2ca2ae91ee08e722315fff5c0ff6eaf20b97fb8021f4cd3c43ea4eb58

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

    Filesize

    124B

    MD5

    9671317bf2072377df40b0b0113a99ed

    SHA1

    3eb6295495848a2a5622a70b9b321e4a8d81f39f

    SHA256

    562c3d3e1e99079a61be54568fa6e2f8e616f0cfeee6863fc90ad21305398713

    SHA512

    0e58c6b3fc0848f83c1f4df45a205eef7927539163e0a98781d0422192c5af56c8ba35f46a289ce4746f506871c3027530e8f6897e10d2cde68d4612d2bd1813

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

    Filesize

    8KB

    MD5

    fa4cda5e2fe8b69aa1a92d03e9934223

    SHA1

    72d69c52c24af369bfc2edd6ed11099f28375b3a

    SHA256

    018881290b2d1fcca6fcf7252612c317af6fc99b8f20a7d46d35fe6df8ef4509

    SHA512

    1953a29be80527c0d8aecbd1e7891b78dda6c23f6931b806a5ccc73942282b913abd4863547f0e28dd9183d032854ffe14f233d912810f58074bf67cd7539a73

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

    Filesize

    880B

    MD5

    ef239de90088e1d350b01f820fb6ba17

    SHA1

    47c157ae8f766b540398b27eb096e0a4767542dd

    SHA256

    4a17b86b63ec28714d1064990bd7030a091c090af8361a79ba41a83a0e569add

    SHA512

    f418b4826de2d79401eab395fd987fb5b0ec4b8b8ff52b0f70c168a5256e762fb4f050df6f64f037d55e3f85286aa3ee72595115259e5f03aa98956e0caf6540

  • memory/2840-0-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

  • memory/2840-8844-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

  • memory/2840-8843-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

  • memory/2840-9073-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

  • memory/2840-9074-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB