Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    31-10-2024 07:50

General

  • Target

    8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe

  • Size

    1.3MB

  • MD5

    8259b40a1d153db2118bad30fc331890

  • SHA1

    8f51838c8a465a4ff8e7056bca2ade19e7ebe924

  • SHA256

    5fe34d6176c29dc12f487d525fdaf589ddeea0f13521a0a1ce343dd84da81bb9

  • SHA512

    45a11dcd21278cb499c6230c850a8e2bb1850b4fdeab05daa82a992ff063efe0b49b2273f9f9f5cfe2c37fdd45aa435668fd15e4b08be94dc2691f66bd9919a9

  • SSDEEP

    24576:evxye+c7AXht3A0pt3ctzMA4rbr32bAgAa6Au9/oja2S3Ltx0rBeYVAe+AB:0Ye+cExRA8t7Aibr32bti9/oO2qGrBB/

Malware Config

Signatures

  • Detected Xorist Ransomware 6 IoCs
  • Xorist Ransomware

    Xorist is a ransomware first seen in 2020.

  • Xorist family
  • Renames multiple (2212) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Drivers directory 8 IoCs
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in System32 directory 64 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops startup file
    • Adds Run key to start application
    • Drops file in System32 directory
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    PID:2980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

    Filesize

    305B

    MD5

    7ddf4c6dde57dcb17565138cf75cd5be

    SHA1

    bd88de3e907e1baccf5dce3ac2220d4a957f88f5

    SHA256

    9d935365e2e54fd8ce1d8a0777dd20a21d8fc2d82d6c5d1e3bc4fb2d6974b83d

    SHA512

    ca44dd6ffc3f71107611b5c96d775fa84f55368cea9143d6c3f6ca0650a0a1e55101820bfebbaea851dbf601c58c1997a0d4803b3b500fccb62918aa515ca08c

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

    Filesize

    341B

    MD5

    dacc96a8170994bd99f76fc55fe53d9b

    SHA1

    3a692caefeb13657f0a20451d4f28598f61da90a

    SHA256

    4e833312e1fde2957ca28233cbd44bbea9ad902ff9ca40f706b7694a1c40fc26

    SHA512

    b9a166360618985ff75b3095bb2e3b8df775a00d0c851b60f696fc565ad9bfc2e47d3379f0c205034d29ec1e38547c329558712029e9b8f77ce97101ec47ab2f

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

    Filesize

    222B

    MD5

    e2a5009713d0e1693794e229c37ba375

    SHA1

    01a24413dfd83f06658a86f701f19a5074187187

    SHA256

    d37f75c0883a28223be247c16a73aae7fc27df613e9105fc6f13722b6f51ed53

    SHA512

    2c0aebef3ba73af268d0dce172bc5f0a5ed9efd7a095dc50c71744f28956f51925eb4a90cbf0a5d6bdfea34d39ae934a73411075e310bdb51fb5f7f8d9e7566f

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

    Filesize

    24KB

    MD5

    64d0bce70935480c8866d82086966cfb

    SHA1

    6f2eff8a12542792c82ab0a313e5deb0721129c8

    SHA256

    ddd3cb23e6f1eef499811e92632c450f1993658911a18c974d8b3a1fae9c8b47

    SHA512

    1eab820f41ca01f1985c64307bf76b4800db54aab5df7894e8c0e46e7917550eef947098e4e586cdb845874e4fec61608a499df9accd83da57319a4416f0090d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

    Filesize

    185B

    MD5

    c6e850ed813d133fcf29be9159e34f6d

    SHA1

    d9d89ebc015db92ccfb1dca07ccd99f179102746

    SHA256

    64c606961dadeb24d18b100051937d94b0c96c000a1f55ed9e615410f60f439c

    SHA512

    17e18eabe75d62331bdfad2b79b6c8f085c1486ec23348b3a6878e9f4d0ad921fc78f14066c9ee8d4a5c319b9e26cdac44b2a3aa40bbf0eddb87c8deeef29c7e

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

    Filesize

    496B

    MD5

    35f28d23575f460b6be752b1c32d4bba

    SHA1

    bcb2b0a738568ab5653e0a32f546fd1a8e86d127

    SHA256

    617e518ad21325ba976fea50063cace9aa724a0ee8e7977e8444300c5be82ce3

    SHA512

    77d156101bbae5e72e30bf17f46ef07f2b4b2a4cb815e170c4e6d102ae6ef674a3ed933cd3a5b07afde16a0137c5697cb7ec1e1e450b5d9aa76718592bb07834

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

    Filesize

    1KB

    MD5

    b9a1bb8dc635b20103dc8674f2bd08f4

    SHA1

    6b9ddbbadb0dfbb09ec8d87b6861693cc4ec3e75

    SHA256

    725329d070b3c66ef99a35a01db34d38dc14b6db8f813058f558484dfac41155

    SHA512

    94fafef27b5ebf178499cfd852b4989c90ede0b02866bd5b21cb9b533d4dbd43615c00dc0c99a71826acbd9d148f36e5b5220f043412b7c68ccce92a9c9eae61

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

    Filesize

    341B

    MD5

    20a45ff09f2ea7376e6e05b9b049611e

    SHA1

    0008c3a424f69f5b6cc354bf5c721dc3296a3802

    SHA256

    06bbadcf3cf1556755fb65f6e66a463dd8cd66e56ec5771663d3aa313964cdc5

    SHA512

    24f7aed0773bf09cff48233501258d872fe2fa6734e81aeb2cc63e901ee49e592a7c7604898f4e09c26484eba87b6d0bbc96cb7af68e2baea9478eda4a52b56e

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

    Filesize

    222B

    MD5

    240211f71c55522ededd16239a50d973

    SHA1

    2ac9667f64f623a5ab52d2f46a37f0d30d42f1e6

    SHA256

    3ce51fb6e0291e88be915c6b2e99a25fbcfaeb86d586994c2c521d3b71398532

    SHA512

    dc6d42947517ff2393524a2fbf2d6ae2c8999694e7039b529a89a1c9055d2d705d3b14f0f2aae54e222c593f9816c0e9dc374f866374066bc1036c736011f6a8

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

    Filesize

    5KB

    MD5

    f15681626107811c644350367869f5f3

    SHA1

    40e6a78e3aff87dd8711c8f9c48f611981228d4f

    SHA256

    c42e540707fc675976f1301498a23057d6bbcc3ac6de788e35fe2f95ccb173cf

    SHA512

    7417d44ce0e5887bfccc15287b5495297fef2bf322c8bd55364a1543704959b9797f0ca7d22229ca87b9d165b7443a96d1d1613fb591ea00cd291260d4cf3166

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

    Filesize

    31KB

    MD5

    ede9d2261fa00417cc8facfca0b2ac3a

    SHA1

    9c4b739cd7f2ad0a0622ea7180d84ded4dcb22a3

    SHA256

    fd9d006ce95b3d8fe20ddc7b7dddf8e7c7ed20022b78be04c62f17ff2fb48334

    SHA512

    e25b95b944cac1dfd0fb6e44d495967fb567091a7153de48b243fc780c2e0ab54b5fc6a1d6de94f4e38d7f61ed1792f1fe62d5faffcbc38dc0c064be8e135e99

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

    Filesize

    4KB

    MD5

    06eba864d29c117e29c62a5d4ac1f45c

    SHA1

    f3b22d63daa6e67c8f0c189dbf976fb8a80faa50

    SHA256

    731b4e6273812a267733e835053b718f0d92d09f46341a53fdf05c7580721fde

    SHA512

    c5cf8966167becea2cfc743bf42fd5ec2a82b210ecd0570765a77b2c9fa71b5c034f41f467bb208ccfeb76b6a32657eab88fa660248cdccd8cfb1d35145d63f7

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

    Filesize

    21KB

    MD5

    6ddcc83de657d6e7fb011c2b43f1d5f3

    SHA1

    e51d525ae40259214f383f0c00332048f4495f49

    SHA256

    43da44886b3cdcf1efddddd56b6fc2cbe19e20d08010bdf91c184e7f30c9360b

    SHA512

    bbfaee35e08a311e3cc193d5bb52cc287ca693d3c31bc533d57ec963e1a877bc414a29de475238566a3adc0aa7ff07a6e18b513dc1d2ba4929c394a351ffe924

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

    Filesize

    106B

    MD5

    8746835922adb953ca61d188c037b472

    SHA1

    4936cff90d2bdc5564eca4acbb281983b540ce15

    SHA256

    b2f2e58bb5f2ea206a3362e06720a12fc6710a322383d70e5a38c9944df51d7c

    SHA512

    625d88552480fa65fefadfcce20a03a0a3d5d374e0697c48b86270a52e24e1b5273f3056f4b7955461090394677454aea6d81420158e66d2404123f746818426

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

    Filesize

    8KB

    MD5

    ebb38db1643f1521b26634caab4c80cf

    SHA1

    a23bbc620dcc104beb2c1501fa7f3201d45e5872

    SHA256

    1bdef44668f7186d70206a3ee9eeb5a3e783d547a9c6c17f3580c7e38ef77ea2

    SHA512

    ca4e07edda688cdb53205c38b4e382b27024097a3212decb6b7a0923d26c242fcc8b58963b57cda17bcefd5354d6aec8afc0b8615ef0dc4dabfb086e3db9c50a

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

    Filesize

    15KB

    MD5

    4ddac38a73191c02a1f16cbef7973f6e

    SHA1

    a0d4fbaeea9aabdf74001935d63f8798fe8949c6

    SHA256

    5e7793565fe4d808c3376c1fa6c84534048c0375bb2f27abbe7a2ad8e76db5b1

    SHA512

    94d963c9bf6150a173c571565a73c80160d6cee7ce7c411bac9b6eb33c0d7f3ce6d642359d92223ba30116b0bf870922ae5e98324e27a9ed5deda09057348e8f

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

    Filesize

    6KB

    MD5

    b117b3d6ef8fdcd2853b0706d702df03

    SHA1

    063892cdd9f9f77983a65e75f4657933a4b2001a

    SHA256

    413f19eb3889299bd25ee31e69d36bd291399f3bc12e7ef00731c5f6b8a98eca

    SHA512

    c9b09f082da89af24374ff5930dd7e979ba4e1e86d6e5ce324fc73d64352912c1d229f0734e108c8e3000f2a92beeb3943663789fb1b9f6ff68bb2e96a7b24bd

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

    Filesize

    20KB

    MD5

    af2d27e6b63dabcdb72efccb3c556942

    SHA1

    f5d6cbbb504220dccbc65a1837d7f1a128db0da9

    SHA256

    3c4c22e2ca06c4ad3bd531bb1323cbddf4f10e59120271fba7a5df8525cdb4bd

    SHA512

    523df6ece081b9e892b2c16c148f5daae5ab7305772b2ec665faadde7b0f55d91e6ac840e52ea20e36e483c8b0b19a2eedc52cfb194d27e037bc8ead1368633c

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

    Filesize

    6KB

    MD5

    5ada2a7499deae6c066d694e9490c796

    SHA1

    655708aa159792c2c8ff2bec1e7b609dc10331a4

    SHA256

    4ae3833ea752fea89760063b3ad3054dd2e76a38769da029aa656e4351b32397

    SHA512

    993e86ec1b60c7b1cde77f13f57d809b9efd22fda25d86350b98df26afa012d725336778d58f712e692d5b1176a402b861592f342be04369c21dce028d2291ec

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

    Filesize

    15KB

    MD5

    9c2cb645ef52412b9656a5048a92b778

    SHA1

    e2dfef11063856fea747f7343173daea16db0bc9

    SHA256

    5ab1ac91f4baac6449f260f799a08916ff27d13866788c7f6612816c9a8eae55

    SHA512

    17be5dad36fa4f7d2f4ee0bc13258ef8c7b141d4c7e94f403112c238ff83f4a8527657f315798b0ed754bdec612362c01f76c11399128a5b0e0720aae281e8c6

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

    Filesize

    2KB

    MD5

    c40dd3101dffc0cececfa6a05d8723b9

    SHA1

    6cb065fc799740ab4e3621713bc5f54a4853ef4b

    SHA256

    3ce2e65db3841b50e88fb2b862937125e3a989503a355424c347237cb32ffe60

    SHA512

    e2df0811f0fd4f2d2247e0f6393e42a060cf6711110f0b2aa27592a6e73c9d7c177dfd0c939fd2c7331c5c8ed744668e228e4404393ed18b71f6dfd3c38fc93b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

    Filesize

    2KB

    MD5

    494d1d83c60d54cc0fb8c73c4fa48ea3

    SHA1

    c71ff950f2fc2285deeadaecfee45d7e1ccb00d2

    SHA256

    c7d0fa7e27e10fdac85cf3c330484014be5b5e6bd2399af304c51c490e5f5f14

    SHA512

    c2d1774b7318285a41ef53fa7bf6c88e45ca10e5650512f5d1330aa4382289d46be75b60f88c6cc94983668dc3a645564c079e6c79fbfc4bcf17602c7bd4d314

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

    Filesize

    6KB

    MD5

    b1a9e31de6e30d09f834e732c4da1d4e

    SHA1

    82e06cfc98768faf8fb0dcc089cefb6afa5fe373

    SHA256

    03ed8d2f9748889675f9c88189456a63d162838d09cc047f23c86ee5d7f24e8a

    SHA512

    8dd50088dbaca88cdecf315a79f5198c7763d17ded372e681dd3555712b3044b938aeedaf9aa6ee83c4f6213899f53af49934bd2499535cc9689e49ed6a08ed6

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

    Filesize

    255B

    MD5

    dd854fc36113c1cf304f1a300df9f90d

    SHA1

    545122de29a6951c767fe3e7d443c7c5d90ec32d

    SHA256

    01295f73e92b60ad92bb01c6f9c3f1efad13c0367f67440380b4fdfb1063e991

    SHA512

    8755c711c92a439bfe049c5297fbcaaef8ee842684a652e2129dca1eded7fac6396b533914e72dfaea5fdafc0de16517803e056597442b3f17390b98a37c8945

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

    Filesize

    323B

    MD5

    ce9163e21903651b66d180e96c59ed4d

    SHA1

    e755620d3094c15315659b24caa624fcab57797c

    SHA256

    92db375693683b976c0ebcb65f4b849ebfc2e9a76282b109951ebfb47baa0ed3

    SHA512

    6a9490d30664208f42b7af6211cd10b155a2ee8be653399889b3c8e8bdeaa5a05795ebb2c2d93c52d9001530ff5285e1a6ccfc642ec2347e25e0cd5de705e7d6

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

    Filesize

    367B

    MD5

    838eefb437127c0c65a8af13fdfdded1

    SHA1

    a722263792c4929f9f2463665e78796e23f4d99d

    SHA256

    01712ab6594f379d646125e410981ea87b25ab5ca5bb763d00e521e386300918

    SHA512

    d84ffda526033efd7dbc0d36300f184d014878176d2d81a3623b343f1b644e83c3b4ad072b56c87bdddf51ab379d8504aa74a58c96853ff817d55072cb606f45

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

    Filesize

    148B

    MD5

    b465fb26651ce1a660b1782aef27ae3d

    SHA1

    9b0318bea336c248084545c7ddf5e03200680659

    SHA256

    03e422d595d0973ce6fc989faf517ce858bf60a48dd1aa652483c103dedcc9d2

    SHA512

    98392968034f184de3352df647670adf9fa43b87547457faf7c9a08454067bf20bf320bb2445e32a786fbd480445a75db85e5257167047d5d1f5cb50b8f799f7

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

    Filesize

    440B

    MD5

    9943cafb9ca0e54cafabe4095db787db

    SHA1

    cbc174b124052490cb2ac008cfe701a6c8915483

    SHA256

    a1faa65f996438951587251cfa4c31c0e1e5bdd93d3c2acf437d0f0268c474a3

    SHA512

    fa05aff1603994405c57542f2747b72b02bcb3f5f1215b2e9d84dcc32138f9154578fa3680810f3f44bcf555ae64564740432dc262d9c3917a90684ec58bc31e

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

    Filesize

    462B

    MD5

    f05f42f917b81d10d67340930d8081e7

    SHA1

    adb400ccd9b2e52b0926c9dbaebceda025bc97cf

    SHA256

    73ba6d57bb73bf1decb4f2e108c576f3b23e4dab2755475efb07b87401d8f6c4

    SHA512

    9959c37dd007ce3a878ce63227d7fb2296f7334c944d795b03c49db2665580f143692a7751f6b24fd972999c91f08d8d96901d6551719e26baf36520daaaf253

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

    Filesize

    267B

    MD5

    df475a5e8943af8075ee8305d7a7fd48

    SHA1

    670b118bab30805d9ce230d8d66089a923711edb

    SHA256

    0c09c7d398c6b1d09b014d92336fe21b64f367d44d4e7ab923b2377f58842d8f

    SHA512

    7d2e173d3686d3a49ccddb8d78bbafb81ee3ec0fc8444ad4c96a405d0cfa38b4da5617fa4ab40cdf28f2e308cc0e53b18c87e66176bcdd583c67e854abc09792

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

    Filesize

    2KB

    MD5

    df41c62ef1f94de4dd0752c98457ef1f

    SHA1

    c1a9eaa3ba39493a2562ba03a1aa88ea6cfbf805

    SHA256

    ee9c78506aaf219ca31c7f9607d29b7b338eccaa47bfbb333edada067b22b8c0

    SHA512

    a185e6dba9140e98a7b3d74077eaa0ee9191216c11e28af21be2c8793c4dca3431f1ad5e1cd64cdd8aa22066a45652c18cb712e2f7e3a76eff0ec23d843ec961

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

    Filesize

    233B

    MD5

    5b65b450c5f73754dfab33d306ab3a26

    SHA1

    077b2b760983d6ed1e06c6d84c645ba69c7418cf

    SHA256

    e6b6f0b49c15d964f9f0de133d48b33db27625fa921ebc89098d57bb8906707d

    SHA512

    7ea5ac65dbdfc37b60cd4b743588f60d62d4bb7f9a35fde643a6f810a5e089b20b71965350dc62c34af0be5ac230f569e536f006bb37019b672f54e78e05f151

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

    Filesize

    364B

    MD5

    d76dc83748093e48898a0bf8333bcdd1

    SHA1

    a80815b2b864bbb2e4452c57aaa22863e0a9f054

    SHA256

    f8ba90073fc5dc5eb9cedb26a8355a392a1384fbdfa94ecd5e28a4257fe6f162

    SHA512

    fdde5a8fb85839ec43b848a5159a88594d6359d377b0b2eb39946c1a4787bbac942e7556943ee0e6bac31a2141553e27aa0387c9e920142dcbd3c4b53cd7a151

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

    Filesize

    364B

    MD5

    46fda81fbe0e4aa0bfaa823d89055289

    SHA1

    bf524df04203e73547a1f56a78bfffb4a5acc033

    SHA256

    1e221d12c3f1347a8dab486bc8651a85a981d5abf235d94c74f1b0f4febad872

    SHA512

    420bd96e5da2986820f46d8c7fc13672005dfa7d28ef8a9e778bf9070853cb59a8022bd9547c49ad2adc7d8d505551073125819c549a6631035c0d95265555ba

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

    Filesize

    6KB

    MD5

    85aa653911d20be8dcb64bc847129b2d

    SHA1

    e4a89a44bbb9361fe84751e5ffe50d6ffa114589

    SHA256

    ef252bdf72b842a48d2066e80cbc3da348872a394c28fe4d51a04604a7ddb80a

    SHA512

    a29181992c1effb3d35693ca4b1cb387c0763c48157f46e749f79cf02b76dd27af8ddde00a8d59bc7c2be325b90f1f280369e603c1b0f3b52bb7d73b27ba2af1

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

    Filesize

    428B

    MD5

    44f4e75a8557dc88a8680dd6dc93c822

    SHA1

    8e36c9a2af4809a5270d3c6e926b3d41e0cf3fb3

    SHA256

    7c3c7b55346bc1c2f23c979c5ca90cf8541a025102823a1459612996c816ef4e

    SHA512

    aceeae072ab2ec16c37ccfdb95cfae0dd39746bba99cd740c16caecaeba601be8fb423dd6b2f2fcef562d1bc66e6090ad41d3843f57fe0268f4a8a7a7dd33242

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

    Filesize

    815B

    MD5

    5c448f544f9a37fe72cce8278dc6b7cc

    SHA1

    c4d03b8c50ee80d4a34afc0605125368d497888a

    SHA256

    94322112de33ee6582691098fddcfec1ebc742bf91177f51e3bbb94cfe1db354

    SHA512

    d91a646349f1d7b8d328e96f542d78d3bca820974af345f0629628c41f6e1f45f5b6a37b0f01c29b2638027b05060904ab5693cbf8f22ef50457338e653e5325

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

    Filesize

    870B

    MD5

    31ea7a01740fd2de365093066853fc44

    SHA1

    ff79577872b600c1ffd3a8419656371242e6b933

    SHA256

    327137bf28ab81098016ad61a6c153d1276164ca1da874593f6bc9831c65b052

    SHA512

    2fdfb8654dd46204a1239575ce319c56004b4dad00e611cc26114541820c8338e90646cb90406acab3cb9d947ac9a3d2fc814daf21d952377acd2d1207275091

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

    Filesize

    3KB

    MD5

    0d20e6b4385f8432f326747d989fb5dd

    SHA1

    e7142e5c584afabf99b89ae9c08e8b8808e80c2d

    SHA256

    b9ad444bd0232e9661528b239a535f22b14ccb0ac3abae44d30a6c7923f97477

    SHA512

    d515ec65b40d29c1f06cb540e099cef4c0398995897a972ebaf953005d8673082f22b78012efc85edb4a2d35f627cbf89e0f41a1c82c69199e9f4d86fb457c74

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

    Filesize

    2KB

    MD5

    d127987b77199b191666b40a73850e3c

    SHA1

    a51c55e8b93f223fef148d623a5c1097fa8ff857

    SHA256

    b2ccb79f0e9fc07e0f394f0ba3b8235596d513d670476e9974cf14fb0566a832

    SHA512

    fbeaaae75fe1c8f668761f505f05bb397ce798c9b09bf88f32ec914cb20653cf4eebf2b9f659654387775e48db1ae255ca02a8029f93591bb0611819e94e4152

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

    Filesize

    19KB

    MD5

    89b77b18c8cb1683db5f5f63e383a425

    SHA1

    209d92a1b0f7b19042a4703fae2b950537a4ff33

    SHA256

    f3190c7e3528702b505e15fa22d382570bcb65778280aeb6fc05a80fc8d6151f

    SHA512

    4b8b7cb3a68cda4e687855f30b9dba7ae15548acd53e30c9a7c06b1bb6511e7d21b20ce8478248157276017184065f4a02a523c5caf73045de9673d0bff82dee

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

    Filesize

    890B

    MD5

    b81a0cacd08e0b84b30817ae3fb66449

    SHA1

    05e5cb1627cac6f1f08003b304cde9e2690d2766

    SHA256

    d7f8d2413859606e4800310eb70d13f1cad868820251f6497515b1b45bdabe50

    SHA512

    3f2699f3022948823ecd3b3351189e944a779f2d728dc5d95e82de8f60b4a05fdd7cd33634f87000c2e60b84b2e5bc96cf043395a34020da93889a925d903b14

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

    Filesize

    852B

    MD5

    6e8fd4bc140bb548bf5e98fea9c0704d

    SHA1

    47a92562356be51cb5a31d5cda675b0367dfadfc

    SHA256

    8c57ac6dae35a392b65ea53ce7b80ba179d6c9404f898d00e55ee2f3ee1e7e81

    SHA512

    c1a9b3f67ca2d77a6cdbcb268929688e4daaa3b36d48774f1f929fcc2bab557ab17e3b08f9f4fc93e8b3ae5265934bdb73f134d62bcb7c252b83a6653561c47a

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

    Filesize

    860B

    MD5

    db5d9264c05d18953e1d75901efb0bd4

    SHA1

    512c08fe1e3ef8872a27607e2db2197aab1d6c8c

    SHA256

    861066bb48838ce6b19e45d2c7b0784a9bf4f7dfc93567f35ce72b4a68d971cd

    SHA512

    a412490bc2d24093349c7ebf0164eeecfa5f3794d415bab89b7d33dc34fcc0ed3860426e2e10ffbc38fb169b915a4c621ef2ae0ed6b4346ec09ae2e011100086

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

    Filesize

    580B

    MD5

    3d0843cebb0f34d6f42be3486c56e947

    SHA1

    71a5c248ee7b809a690af148b2b1cc51d497a2e9

    SHA256

    cb49451ee045f1f514feb5b45e56b6c90f32198f74afba8efddcf31d9e4574af

    SHA512

    841834cf7e85126633a3d777bbfa12a408a190016dcf99f4abf595af67b6945ef211664376185d571c17e30f16d5c7358ae6d39881b2074f81dd363eff3251e9

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

    Filesize

    899B

    MD5

    c2a6c88e34e7ecca6a5b9f54dfc0adec

    SHA1

    3bfe0fffc727084a3f1de5f243317f5c86dc430c

    SHA256

    30f0bfccd6a9a081c4212b8abd72dba027cf47642d26b505168bcb947201abda

    SHA512

    60888fa53f5357bb69105ffecb47625a2d6946bb5d1cefe53bfc0acac7acc944552d2ca40c0c3c172c7ee8f37bb5c896725e291f8c7999443f368a0b0ffe1178

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

    Filesize

    625B

    MD5

    6c4f352020237c1c093dbbc0792b7e53

    SHA1

    f405f41c8963f2ddd586ac9dee74971d70c1200f

    SHA256

    fe60557868f17d828e57769aa1a7518ad311d7d6419c3520b452afe7fa2cd064

    SHA512

    06a6ba5db78b14f082e3d7ec1a78c19b4b59009fd3d4ae857ed5fb0d5e7f26c4113333e82d96975dbd5211c5c5b30abd67d1aa7dbd4e7549c0e6a38ea8d44d3b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

    Filesize

    873B

    MD5

    538682fc4bf2cd13667a83e4cad9627d

    SHA1

    a5e360789a7abb211cea32a2d9073042087535b2

    SHA256

    a9cc49e5202e659a3fbb9f362402574e20c2335109ddadf83903307eee3298c5

    SHA512

    1c84dbcd13b83d5c6775f38dde8a2816ea6288bb4ff5274acd964e774a2c8e486f81f2a50a5b84f541af75b68127c66cb8e736734d8874dce9ae70cdb4f4d638

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

    Filesize

    5KB

    MD5

    2fe795ccf290cf9eb68bc1682413c69c

    SHA1

    a46661a9a3cd716279311eaa7ee7334f99788259

    SHA256

    e317585e91f395b2d6c68ed2b0cbfb2aaaa8bb2aaa34df279fbb4bb5d530a64e

    SHA512

    d4015de0f12f917370b6070d29dbf3a18dfea165abc2c17278f07c770610a1314b577b1da8ff0dc0cb1dc14978f45a59390ced3a102f8cd1930d562503ddf730

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

    Filesize

    1KB

    MD5

    4d84c9da2973ff83745b7373495990e8

    SHA1

    520f4837967ce565000db65f823b6aa5935f020d

    SHA256

    bbdcda274b24baaa2b191668f289b9f22b2257998493ef8660eb5e530bd143e1

    SHA512

    46607e84754c3ffb022cfc0575f3ece0d45ea229d27ffa587211daf1ca590e4d965c413b239029cc10350a2c491ed42c752bff2739a40aeffeac8162df08c9ee

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

    Filesize

    615B

    MD5

    8a1c046be616fdaf54014b396923f007

    SHA1

    b42a7e8b35ea9096a53353ebed0a86e1affa4f25

    SHA256

    a9fdd758d2280600af44e54c79915065eb921a2c77b3e04671f81848a0170982

    SHA512

    c5e52ff71be7d93f5b34d98fe455675540889762b41008f10b93f1018903a3c20884d15f1a9130e339b56a8de6375d2f3c0f32a5a3fe564540dc8e334fa19c2c

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

    Filesize

    848B

    MD5

    31b35cb4f486f9e1d929cf5d1251a3eb

    SHA1

    8749184320a20bc9d7bb003c6a8e9ea920440f3b

    SHA256

    66c3a7b460ac142354d723425f8d3429f3d29cb2d58b42e1cbd59aaef334360f

    SHA512

    c29a91a4955b5b867b17336e0d20fef7348af0c1552297f406d55d019e757787954dc87aebc075bd97bb39dfbe7c1c48ab03ff75312936cef04a8fcac17675e1

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

    Filesize

    847B

    MD5

    347986b6d8779a5c41e07de634693c3f

    SHA1

    249a0056d976a9ba084855d598e89562a61ddc29

    SHA256

    1630ad7b031ec18cab05842c2a5cb23e151e26ce15062accfc7583b99da5bca0

    SHA512

    5f25064169962a586e441d68fb59d86e2dcfdc945d8e36392f1b2f34b050586f854a86799e8ba5265ebc761a68bbff912f19b545d7f199fbae38a6a114354e9c

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

    Filesize

    869B

    MD5

    e153d5405587b5529fff62829cad0ddd

    SHA1

    0ddb9a33591420d1e818ae895e4754a3a4ecebcb

    SHA256

    c0ba07b8236638aba2f6faa1df07cffa64fc51ebf2ec4976ccb830db3aa6fa07

    SHA512

    1188cd0bbee69601dbd0bd3369993bdb4d22bd73ef39b44d571fc0204e2091b5c8966896769a8fa654eb006a5f725cb7c7e2823a34dea6a398109c102400a480

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

    Filesize

    847B

    MD5

    cede4ccb399a4393628b19cb913b1d63

    SHA1

    d6e1e839c1f6b8c21300e57f7fdfd5f4cbc3b3c5

    SHA256

    760f9e9e1b0952ea9948de6ffaeed0ed06c6c18f80718ad06f1430c2d7a388d0

    SHA512

    c7ef45e716e0f30766d7e540997e07a205d2eb3d93dadfa4b94991dede82d52151b05e5e05c5af54e9dc4f1d83cfc6694b3cd067eb03d9a2c9dceb537f6c4e28

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

    Filesize

    863B

    MD5

    612db4a95dbc642731e054e4bdee7e1e

    SHA1

    c2d1672cfcb0689d88ffc216d89384c16043ff90

    SHA256

    bb05bc1077969fb38c27da21f2ca313c3826e5b27ffda8d3b0b69ae77b706f87

    SHA512

    163aaac57015fca877dced0d9dc733e53824ebd29c819406a1aff1ec8184948cd72383b3180a7cbef6abdc9ed85dff6b10e3467b95bdf4a2cb2b7041f8774a65

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

    Filesize

    861B

    MD5

    0b0f7c0735a52c76f4ae90422b332154

    SHA1

    9fa065f74860f216c23d9d0660f52a944a2ad22e

    SHA256

    40a5a26758bb5dbec5efc8d66c8cec3e4d14d9c3a3820f9747937671a5ab204c

    SHA512

    7136a1ba7a3b67b08336e1c9e0609c62d95f6cf733a92e3dc4ccc6daa2de2560d27c681de4a700e4c8e9c3d69a3066b39787a6f69a89241eeed9cb966f44107a

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

    Filesize

    850B

    MD5

    fb8215b1f1304381501512590da58a8c

    SHA1

    6f3707e2853f90a7449cdccd46212e3362917c69

    SHA256

    faec48dae200a3fbbb2015732cf7b76c79a7122f614ee1c78fbd4a4bda26abde

    SHA512

    68a1afc841b08c55506f4f443bb5ff97543b5ec2b288643a19558a218e4d39cdf9380edb3a9452346bae8317d2b9c1b1d1a75f50f0ca129c124d1a8d051d144a

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

    Filesize

    883B

    MD5

    2bcf997380c1373ba457e10fb1e8bc1a

    SHA1

    6bcb6699fc8d0d3697ac823006e885e3cd5a6e19

    SHA256

    bbf1107407c3c99768e2d583a0e8bcb878ccfdace548b6d51becceced93434c5

    SHA512

    d0b4287885a1ebdfbd8019f99dc3ffd02ec3de0822528441b8e78b2b80bf417c5f01ec2f5e8093b8cceac749f674ccef04cbd95b9cd793a99f8840e3c165abed

  • C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

    Filesize

    153B

    MD5

    b15613819262e8da55c23e43ecc3c898

    SHA1

    21e6f8a76f2df801f5303bd85df5a978764d54c7

    SHA256

    44418d68bcceca5c1c3c21b36beed282db7fccb2423859093a7af8518149448e

    SHA512

    8e929b9c6cd8c7fa9a48f857faa81e133a56c121e15c39b76e819e51219ff42d7c06fa13583b8dde879e2200eeee6820bf635b0fe2ecddf8f3c2c3254af71035

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

    Filesize

    12KB

    MD5

    9b4e5e308bbdd8fcaf5d15f62f788bfc

    SHA1

    40b93557c7ec838685feaf6111a4eab46f2f4e0d

    SHA256

    f935b451876f2790100f3b5d391e7fe385e0f7ced22097e799cbc4e8ffb52ca7

    SHA512

    c9114899114ccb198b5a930b566cda5fb74bd924abab9d0904952e25ead97d7737ad30a5c0074662477f2ab3f3e00146455e4e592cd6171ae6420d6fdf462214

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

    Filesize

    8KB

    MD5

    7d09f5eabf2d07419fe1079c1d3ff8b2

    SHA1

    9a34490b7976f4235bc9530d369d3127140e8dd4

    SHA256

    675025c4dc917091c4686d6ea85207d121a59bea1d3124a7cf6ad28317689ef7

    SHA512

    2a3afc2dd76b772acd0c3e1e82fe555b05f96058a4b0ac0adf2e9d2ec5f69f1c98a9f63a012455a46d8cde30ba4b7d41b4fd3133cd6640cdc192437347322a3f

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

    Filesize

    11KB

    MD5

    300f454b91ee5da835dc782515c9e989

    SHA1

    8e91925176150388bdba0ca6e88777b351765db2

    SHA256

    e01038be47e7464fef8805dc8fbfa0b1aba7ef20eae207e45b846b607fba0e74

    SHA512

    cfe87910b8147d5d2e0749b3981a14b26a51a77d786332cc9b568d396428a23106c1fb21d2d701235f43dd9196d36f967cd711ebaeac161c13d2d2c51603b89f

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

    Filesize

    109KB

    MD5

    310926f1b5218ba74047472bddcfb376

    SHA1

    9ad170189ea425caa68ba1ff8527d0e3f4b97a6e

    SHA256

    9b096e0cb454dae70ce473f6fb7349da24a1dde4fa4bb1390ea1e7a49381b6ca

    SHA512

    30c9fce4a8721926bd5cc00fad914a8ec986a35ed64ba524ce46285ea4ba187860f8c589a39cd6e89aa61db1e357eec2a2861241dd9f0ade6fee5932720f25f7

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.EnCiPhErEd

    Filesize

    172KB

    MD5

    be377d5cafaa91b59ca8ed56149330d1

    SHA1

    3629e1a47165d8c40332bef825ef45ebcc199550

    SHA256

    89c4f7b531294650eac53ebfb1e643b21ffbf995c74b3561143eb2f5c801fe0f

    SHA512

    c8ed56f29598d5b0d053b760b2cdbc9113e3c4ddc47f21dda9b6cdf31995d8a34fecdcf0b244acfb06c3c4aab6551e588d2717328b9fae9311897329585f9dd4

  • C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

    Filesize

    1KB

    MD5

    11cce6f99486979bf7150d13c5bb18bf

    SHA1

    6265d8539eaa17fc1a5a042a117e41ce56c9393d

    SHA256

    6c26d52e60d08c20377afa4d6eb9df1575b3a9749515a7321d8a8f7395f8714c

    SHA512

    4d4f0363323dd0ba91518182b5ceedfdc749ff4c43ae52cded70b1ca0eb0643ae4dff21a68d34fc994ab4f4276d5ffb13d8fb7af8d6f0e4c257421912f79c3fd

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

    Filesize

    49B

    MD5

    99663ab38edc0bfbb1458bb51634267a

    SHA1

    297740ffcc87f9423624c3542f8baf60b3194a5d

    SHA256

    090cada03cf6cb83dabef529297bc20a6d9c93decf18f579ddf6e3cd9bafda51

    SHA512

    a07daf116475a5297d4d662b5b3661070f58fac3a68101179b832d4d6ac83cd405d221e4da89a151fd3714d0fe5fcd663b3542f937f78a15cc4cb3c7f5d2e5b3

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

    Filesize

    21KB

    MD5

    3f22f5713ce539fcf6d8838114d478ce

    SHA1

    8c392d52b8fa9b57ceb9651a737d2f37d076caf3

    SHA256

    b4c068c362d6b0cf6c791c4d0097565ebcdc568494af541e456e9a26be25464b

    SHA512

    0f60d8206d6e49f0cc0739052e4237dc111e4597eef995afa5afdc9029ca12ce8b51c15741f333dec96a26a87738a945f75fc50e8979a7c8ebd1842370106514

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

    Filesize

    1KB

    MD5

    85a790e088ef20cb920e55fccd9e3abc

    SHA1

    f9e2c97ac67ab8c73e96bacbb9c0bb5fe837b1cd

    SHA256

    05c4a615355bfbd13fceb882b8830e5d448582f0d20c8293963505de771bdf4c

    SHA512

    3b672c9d07f8aa4d66ee23187796fbe9d1a89f3c7786cb7ca02cc9a9946a924fe8d5f073454704ec57368cd7d4f7cc7f8eb3894e922c4f8b44815629f0fd3632

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

    Filesize

    952B

    MD5

    e14bf4272a7523f737823b203146806d

    SHA1

    6cf4b418d9188bc94332803f9b98e6854200e5f4

    SHA256

    de83e46be0e2a2cecd20ff77e39ca246ac7f693a3ac6d4eda25e30eea91027db

    SHA512

    42a70d82ec3d297a18847943471edec35f65388748c81b092b45a81913cd25a9f9b057f258948d32d708c993972f8903e4756f381c0842a45aa2c5d5b191fb72

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

    Filesize

    121B

    MD5

    5bdaa9b09d7b89677b21ada995d279f8

    SHA1

    cce9f2591514801dfa449566920403ac67c4acec

    SHA256

    cde80a6e5b6b78c5a0554cb6f06baa4cc28b36fa44a056c4aab520cd7245cd70

    SHA512

    f07874f57da75a8afa58f7badb1a3480788b16f9795a89bec41f7734b0a3a8dc8280d1f7339f2750a6ab3ab96efad0bc433380e6ef8f442bc9888aabcc3f39c1

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

    Filesize

    1KB

    MD5

    46e958e61866143cacb6beed2f49aa07

    SHA1

    077a2b821cb048fc3c0a2cb900d1ebeb40bf6d0b

    SHA256

    e06be3a5fe04792c9c0c5d9f032c69f17aef41a7153cf24882b68792ee4bb67f

    SHA512

    6a942810d5bc9d3366fd217941026e3e5d9c98580b1679d793ebf802a0746413178b53d25809782e2aa9600e3a63f2b768993b37eb6da5f20a147fc2a06d6deb

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

    Filesize

    8KB

    MD5

    b36eb05dde9c33027b4aa575ed3d0e5c

    SHA1

    fd393d72f6d1b3d89f94626e80249a3b243861b9

    SHA256

    2ec2c87c2d72c4e13b577213716022103cd5c247fc3ac203174d3974ba36286c

    SHA512

    35eed723ea084c1fac3bc1f6317168572eb7eb5b998c988cd1604ff5557039ff35304cfac13f84d6f53718b46858ef439c5fc5365ee26ac04e2a33f6ff63b36b

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

    Filesize

    61B

    MD5

    0a0cc02a6ca6994eb4fceac44c7afa3c

    SHA1

    0835a5df7149889f277a59e073c6ab204a6f4cb0

    SHA256

    852f255c7d12d7bb8331d0ddfceb753809a6df2fca2246fce4e313026a539853

    SHA512

    df77bb0133c199787931ac24584d6822dc92887a1b3ba0d9ffdd217158fc38cda508fc49374df0879edb02dbf670bb1a1b725b7a8c5be3c53b9845097dab0a4c

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

    Filesize

    914B

    MD5

    c00dbaee6dd519e7a762e6edd03be341

    SHA1

    a33024f8e2ee3308579b3b19863c4a586bb2e0c2

    SHA256

    2d71bb66a4a2f5b78def681c4113a6640fee102d57dad0430e054b49359064af

    SHA512

    c3db67018ddf60b975b56d94955a85650b307a02d5483e6f0171060012480688342726cc8606b4558cca11fa48899c4c4809cff86eac1881555ae58d9c406d13

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

    Filesize

    90B

    MD5

    78d9e0c31323f304e3ec64241334811c

    SHA1

    08f625386e7e4caed3854856a502739a57ca3e06

    SHA256

    54b0b723c5ae6d70f6ddc4d75f71df8cdaa90b5ed2c10b5fb54ef386c1510d2a

    SHA512

    cb44f05c8a4702149c3e36e0fa297c286694b371db1e90f7f8185ea3d277dad00977fbb3dd41a105d69b753897d9b77aa7cbee16d9cb0956e65ca81889fdfa2c

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

    Filesize

    90B

    MD5

    ec5e34e63c569df639ea7188a362d7f5

    SHA1

    9b028cac58e2bdce5ee63cea867c459d80517aed

    SHA256

    5779568e7c575de8d58b5334e9c083a121f10abca6748a140916dce4a176889e

    SHA512

    8b760b8f010fd7c6c8e7ee0cfa0309ba11476d36384b31ad92fb098553f1d118926a6b3aaeee2e41ef64f2854a1a2e41f18423cc4730b1cd9834bfec9d2678be

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

    Filesize

    328B

    MD5

    03ff9942dec367f512453aaa401c44c8

    SHA1

    ea3eb756a42bb35de308f2aa999bbaa1206ab974

    SHA256

    b4df63302433e5fb07097a8c56994ba49a7e4cbb10e179b5aa60ed3f5e2580fd

    SHA512

    79ea8a9a5862fb6dd8bdabf26cd0a7b3fea5c02027f4d32e9c73a5a20c4e27f5727009c0c379a917363aa152b3b0039091aaa4bfaed6a15ab0c6331301551559

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

    Filesize

    1KB

    MD5

    3a0db1d37f690ea47578de49d68cb948

    SHA1

    776563ae66bf05aec62eace580e132522ef75969

    SHA256

    a35c370460a7509d768e3226e24286089d02e8fabd3483e3b73024070b4c774d

    SHA512

    f782ca28c137ba33d26c323b84d1b2c9c5dcf5da3a1d18bd759516b016fb375a3e197d9bff0b645025f8bf77749ab4208efdb8929e1236fc83775867d02f32d1

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

    Filesize

    162B

    MD5

    730a6f927cb5ca53f5d5aa978906a5cb

    SHA1

    559c49cb4c62d55b958d2141b6fbcebb9893ee34

    SHA256

    57c658c2b27dd5d8ace2e316e9d7fe0658fd86c85c458a9052b52afbc79c9f67

    SHA512

    053778675099b8fff90a90376a1b80f3dc3bf838ba30736bf3b9d4c0a71ca4ae74fccb52c53d705f645143995d3529f47593aef593659e6f2d436e22899a146f

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

    Filesize

    586B

    MD5

    6914726b5e0755eb9b23fea5369fcf17

    SHA1

    80fce348d4e73481785c991a063b16f7a60be522

    SHA256

    78fc0a5e58317de63565a3a4bb670a5b1762e5c7588101ba110a821ddad672de

    SHA512

    7daab4b610c0fb64562483782303a71930db9b50e16253552a920b36fd3e39950749c1bc7eeb4c852f447a48c53fc63c8634037303ff41ba5dc388dffd0b8af1

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

    Filesize

    124B

    MD5

    8232a89d20d6623404a2ba95cc637ae4

    SHA1

    7f459d64359d8fdf7df69ff4a98169d4ff531e7a

    SHA256

    05dcf640fcb8e79bf8783bae7245ddc4bd62a600e12f4fa8e0964806f27a5880

    SHA512

    50f4e7c8c2278f2f96c53b683e85e250b1119b9de106d1d8d828827872fd1e3355900a51d40ff94ba3579ccf6fbed0fbf2e251ca5354093c89a94e94b03d4bd8

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

    Filesize

    65B

    MD5

    4110eb60848106db4c3d4bff32c82a7f

    SHA1

    4bae6ac0c033567329811f5d2bd1eb3a7a4abadf

    SHA256

    e29a7f8814584eac27a0bea6f5751ee5e4c4e9936af0e68b672326b614a8d7d2

    SHA512

    bd322c5b94915dd9cd552014f5127fc9e7bc39763364fe75c5581f4b7ad49127d0b30477e94ccf9ebf49db2c099e0d954f3a2eee2d331268559ec6fa714cb68b

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

    Filesize

    65B

    MD5

    fcae871d1d25c8656e6edd8e946b0dd2

    SHA1

    83d95b45788893495747001e93ab710ee6219afb

    SHA256

    51034aa99a033509a5a770d00fd0c278ee566654b9a740b3bfba397471e94219

    SHA512

    78b179a7a11faa042d3c77c735238597ee7b819b530fdae0f8b2f441fc4e59514af8933dd3c261e515bdbfa3c411949381b2d63e608a47e1a5ad99b6986744a9

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

    Filesize

    8KB

    MD5

    8b446f9178c3a3f54acc79737d98b126

    SHA1

    fd4dd084167e012f2866d2e156b6aa8564a5373e

    SHA256

    089850470d33f7d5e5c05a14362c449e4383f463f6855385777205cf5fc7a7ee

    SHA512

    4445abcf78ca7b61dba56eb809313aabfaa3f6e184084062c7cd039b44953ca845b6c727de418037d7f38501598785fed37b03a487d808a0c49319c1711b3610

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

    Filesize

    65B

    MD5

    a32da0a3095bc4c7dbbd71ff7d5d5486

    SHA1

    c6c7447999da3261d5838ef9fc1cc844847f8a82

    SHA256

    d134cf262d4b232febca4147907820d9edeb00c6f0492b927805ba54fafc350f

    SHA512

    1c187c45f7dd49c8605c7c48522540e2a00a721bc28bc96516eca5c0ba148cc5193b6558d2af4dd71f187b9a39913fd43a47a1ce2f3c947b5f242d1316060fa8

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

    Filesize

    65B

    MD5

    a0354b630bc9606d21dc0307821a48b6

    SHA1

    384ca2b5f7ff50ec1974dfbfeea63a6b841336ab

    SHA256

    413cd58597af4cc6dcedc6a9375274f4037932dc9e79780fa0b7c6bd13d65446

    SHA512

    84c9e79e5f93019f6128b86d2fd5c3b27c5a3df9f1f8f93e0ab3d8d2a561fc6dac7d46c343c26ed5f7e94b8ef642c972bd050fba4eddf29432ed25b5c2fa59b1

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

    Filesize

    880B

    MD5

    4aa2354ccdf813ecf65140dc6305cc67

    SHA1

    0d5fe86f075b4977b7550493df9a3ccec0f119c5

    SHA256

    c9cc9253a9a58f33ee1bd47da7906cb03b70d240e66d5b2347df0b8d74efb005

    SHA512

    7f588275a6c0325efa25269fa39cba117beab8a6fe91158defe563320c63ad12686c59ece66de2aaaf1432d7719dd850531dbb0295bd6cfe06b87ff298e34187

  • memory/2980-7502-0x0000000000400000-0x000000000064E000-memory.dmp

    Filesize

    2.3MB

  • memory/2980-0-0x0000000000400000-0x000000000064E000-memory.dmp

    Filesize

    2.3MB

  • memory/2980-7501-0x0000000000400000-0x000000000064E000-memory.dmp

    Filesize

    2.3MB

  • memory/2980-9192-0x0000000000400000-0x000000000064E000-memory.dmp

    Filesize

    2.3MB

  • memory/2980-9193-0x0000000000400000-0x000000000064E000-memory.dmp

    Filesize

    2.3MB

  • memory/2980-9194-0x0000000000400000-0x000000000064E000-memory.dmp

    Filesize

    2.3MB

  • memory/2980-9198-0x0000000000400000-0x000000000064E000-memory.dmp

    Filesize

    2.3MB