Analysis

  • max time kernel
    33s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05-12-2024 07:44

General

  • Target

    735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe

  • Size

    7KB

  • MD5

    bbf16f6cc96daed3d907ca260f542334

  • SHA1

    85720c94e0a73bc1c8690d3d88eaef9989a36bf3

  • SHA256

    735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0

  • SHA512

    85480b003ba7d3b848cc5cb7949c6955adc9fe119cf62f5ea4163efa16390222cb14fc5ee4512a37d5e385952673ab50dfeafb2ca5c019d33423e3508b4fec87

  • SSDEEP

    96:1AZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExAQbodG7GqqKZMUAi:uzdrr1FG1WDCgmjPZA2ZpZMUAi

Malware Config

Signatures

  • Detected Xorist Ransomware 5 IoCs
  • Xorist Ransomware

    Xorist is a ransomware first seen in 2020.

  • Xorist family
  • Renames multiple (2186) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Drivers directory 8 IoCs
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in System32 directory 64 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe
    "C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops startup file
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    PID:2104

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

    Filesize

    299B

    MD5

    b28829aa51a24c0452689df2364c7430

    SHA1

    1765a7cdd572757ec40616946ec022e75ca77c7e

    SHA256

    b0ab3473bb61bf150b9112814c51895be2cdc6284a1a0f9e8c04ab62367755a6

    SHA512

    57e6c8f60dbe1c0e2124f918bff16c5b9809be0163cc646f86336f612fc087e70f300e3c80bc3ce2f81c00037cf1bf47ac24f2172110e1b20cb104a645f1caff

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

    Filesize

    341B

    MD5

    ffe019e61ab357c4891f85abb5676488

    SHA1

    3eab2453f5bb691e1c99d30f54d83712cf8e7404

    SHA256

    3fcfe3237ec26e104bcdc61af3d46051ad3a91387c1ca9e2da4aed8821e2524a

    SHA512

    edfef15274e0081d69bd78ee42a15763c6f134cbd28e4b81a0ad9b4c3073130dac238c86bb1fc07863e04b0524a4e8859c7e27f6a43d85abb9774098b0e49df2

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

    Filesize

    222B

    MD5

    908de2bc98a57f745f483aa2e0931bd7

    SHA1

    3fef5eca962a2a654e05cf6bf7fb3f0104311a74

    SHA256

    f9f59447b925112e172c3075a4f4ea6b737b5fdf05cf33159f1fb725d44fe366

    SHA512

    32b7b8e797ac5853029f81905d767f8533a60bbca37660718b8ab76529c881eee543e425ea5278c4dd37c3c2d0a01d1638fe00fffbe00d4d0872c2741d3adf3d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

    Filesize

    24KB

    MD5

    11033caeb9577a569cd716450ff9cdff

    SHA1

    5c7e7455e805c5db3e6b72f5bc5d24c2c629f5fd

    SHA256

    2097e26eee03a26a857fdfdf1c528159e5a9249284aac059d86dd92bd1843b96

    SHA512

    8fe218f09bc9929c715a21ad2483fc5c457426de390bd0e8f140b46e49e3482782b8b1e39eb2414484b83390397a25064170273fd3bec2d480b949030bddd0b6

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

    Filesize

    185B

    MD5

    8f40e69c0d24b16e431f746d18c2d15e

    SHA1

    c6ad22ce548ad6316c0fa4bff654cc57f0d4cbf9

    SHA256

    7db52bb36766aba3b5ca795ac956a31e064a06322be5861f40cd99692cc270d0

    SHA512

    8e94d9773e4dcab5c6a0c6ba406ebea0effe97a3a74bb7aafa89455b0ea0fcb862c68bfb78c1be53603614b360a334a439356537f3c9755437a649605bb8c42c

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

    Filesize

    496B

    MD5

    738d5e8f3f54d5f699e78abef78ecd74

    SHA1

    a752ec36a39109fcc183d0574c95874872af1303

    SHA256

    3ecb95c1af724c801cb2f3d914fa7fc0dcdd909fd304fbb70d131bd9210dc1d3

    SHA512

    062188f829aed7279f14fe9ed41b6a3af5b3472446f559f90da7941e8f9a6eb951b4e22147a9dc069486e9f95e37ee35f45817430301916edb235beafcda5d0e

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

    Filesize

    1KB

    MD5

    ace2fc946c21c16003ff5fcb1d0ac1cb

    SHA1

    ddb3b2d78b7dceffae2b8b6d24243f5c4d58ada6

    SHA256

    57414850ca9d258f4eaa034557838dd9134bce2016c7f7847049b0bd53cfc11e

    SHA512

    06e50d42c3c96ae23420921ebbdf9eaeb0ea135f68422aa4c8886c0011e4c037a30e9cd776ba18afdb79848c7ba781ffba128a576950c8d408943fd7cf6bcdef

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

    Filesize

    341B

    MD5

    7525b625f68016d05220d2022ee1bed2

    SHA1

    aa3956cd35c99bfe6dee5cb90576dbbaa24683cd

    SHA256

    c8a862e8f459e70d92ba1a9fd45a1f8f17917a450dcba7059be486c14b51e984

    SHA512

    067a05129cb886abbf39a644811b484fbf33a341f7c8acddfc3aac1e869f8f09b9e1eb055d20e61b7e3c129e31259ecf3e02b239f0bcf05207a08974a9418743

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

    Filesize

    222B

    MD5

    a0d0d21bf0b05f1133220df787f77cd1

    SHA1

    3ae916d954ca9e9edb8b3b1877cb320caa50b06e

    SHA256

    2fb4ff2239c9d4b142c2b66c632d88a41e9554cb5bc8f1a245882c4686989578

    SHA512

    b4922ed8af82459542d5ac83c7e264af361ba7990fa44d4642f6562500f5208c059bad9730668f2be8032f57fcadc851eff1116061ba4db5117b370678297bae

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

    Filesize

    5KB

    MD5

    01902b822231643ca127fa6fab68e7b4

    SHA1

    02ba0697e1278238ea88f21948daf4100423c534

    SHA256

    f84536d5b6d4496b52a4a3f647bd5b313e7a213d39e3266ddb562827579cba2e

    SHA512

    2f21cf81897468643dda1aba658240ba13a3d858ca5b412a6f6068107dad8717afdbe91c1a053e12c037e172b83e4b1b56888c1e30c157651b26f873f1e5f954

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

    Filesize

    31KB

    MD5

    208de0b3a7c2b121f7d08c02e26f0b49

    SHA1

    b0102d0c973fb3ee7048c96193a26c1c5ef2acf1

    SHA256

    09888624af65a29fe9e319a630c5991b47f005f959868cccda67344e76ed2835

    SHA512

    bafa72a42097cb24b9c590cc156b1907e548861612521273254959bc2830ce4747ebbe5f8b53b2a97821b566e30ee98a672d404d494eb867bc1c8fdc3675218e

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

    Filesize

    4KB

    MD5

    48940896ba43b2e557343a6fc32318a6

    SHA1

    bf8a88d1c3e2fa4c882c299a9424fdff41ef9b9d

    SHA256

    e8441e88e3e33d8dbfaa6f8e718d58253e32f88c83c649de19c1bc3d36152021

    SHA512

    94ab53b16e22c3bd82e015fadc31d1f4877612559552fa04b87f473c7937cf819bab120dc12d6d2848d4597822c49b4a4586adc15ae1bee29e161552d4e1a2e3

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

    Filesize

    21KB

    MD5

    5a732b5b44adb74fdf4f020e17b32c57

    SHA1

    7823dc316f3cf1a85fa5d56ef7ce07fa22e1d71c

    SHA256

    8b3cfb4c0b9ef59e0e53b7d961e8117c2aae22206f43b06d5dd59a6c8adf7346

    SHA512

    fa982670c0bd23a15e6ff670d26ecf984ea6a04bdce4d05fb0ce7c455ff3abe9f738ae21e43ce272168351c9c0295415cc0e842b3c303a6a61915b18dc5d72b7

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

    Filesize

    106B

    MD5

    736d9277ab02a3a8c099c44f7e0e03e6

    SHA1

    1eb0fe2f0b1c949b73c14e4ab401d1a13690327b

    SHA256

    8ad2df4912ba4fec336b41ae644e7fb1ec010e95a720d98a8cb6aacda2aaaf77

    SHA512

    57d31cb297207d47981f23f324eb4c8d6a1beb3c1d5732538ed9a0e90babed96eb6b67938d2dee5f0a52d03f6f877b151e623ab5c588af9a0dacb3e808ac45c7

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

    Filesize

    8KB

    MD5

    2ac9363472b820a74e66a0fdc8013066

    SHA1

    1a3fb44feb1170986b8cc996ab55ce873e895732

    SHA256

    c8c2c037e024dfdd4e4dd34212bd623cd41404c6d27041b2b691324db59787ef

    SHA512

    c2db9547bf6e638372c0accc460daa8345066843e8c81e913b4fb123747c7437d20189755ad93ce8d5e1fe870ffe36a99e520d5dbe03ed64f123149f58f391a5

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

    Filesize

    15KB

    MD5

    57f0c1d2e9dffcd42b77ed5330312c25

    SHA1

    8aafaf27d3d9601860fc8d8f89583e48373318b6

    SHA256

    c68c6965f21d5fdd3bbd418a2b002486877a2b30162a9995cd6c0fbdf6ef7a61

    SHA512

    ec63c5a09341cf3d936a64a31736e135c81c3878f0bca8a301e08719a85795003e85168337ce4e2ca6a3ac3c63f8e58493f6fe7d5fa40cc861a3b9f91b2a2ffd

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

    Filesize

    6KB

    MD5

    b669a7157d1c3241a67822adbb0039dc

    SHA1

    f599f9ae2ced4eea61116bc91c84c0daa18f935c

    SHA256

    24bed6699ac41603bf45b3b863a1960c65e01b0f4a23b7a5f65a7e0287e02b93

    SHA512

    46fccc7cda32b2f91ea0c05790109791e817530d2b98214574d690f6e16f638cd528186af56fb3a1e1146b6cede03030dd4bb6d3919e4300a6467f52a6fa42e0

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

    Filesize

    20KB

    MD5

    ef6ca8e5c7c86f11d1d47f6ca8604185

    SHA1

    97e771ed85ec28312c8e6c6628382c802b79d9f3

    SHA256

    5299b6216059d817dbe3b35aa0223bd4f26580921ff648ff061cb4826f7a3772

    SHA512

    c6b4d310c9d4696c15cf8191c19c20f35c243d85a3e82251bcc4a117f9404ae94b6ad110ecc1518d952617a04b9575fc910e54d4d1a902baff93cd8ff9f22a77

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

    Filesize

    6KB

    MD5

    fe2b4dfe7bf65532e8c232294dbf4b41

    SHA1

    cdbdc86ad4e5e8faf62516d6a51828258331a7a7

    SHA256

    17e47dfb83f8839db355d4edc725b3ba793a0f93efa0da0546af3ee53b11dcd6

    SHA512

    a22b5f1e834d1c7589c6d0e8b449f41c53e87954075be3003251d7a7e4d20e1d3dc23570cb846e4b02e983a62bb2970fce9863e556c7836caa7eecc6edfdfd7e

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

    Filesize

    15KB

    MD5

    afe0d1582f9c59ca55edfb32735e4cce

    SHA1

    626f8b4d8ca1dbea3625d213d430d21003e49a40

    SHA256

    b0ea40603667802505ff49702a2f9565864ddf976f5c6a7a9a98e29260ed90b8

    SHA512

    12bb44f83817cfd3e488520e7a290607b4b694febebe0885ad555d8fe5a4183322b2374b1907c4bcf94546b7f0305087d11fcca74878bc07fd005b72a4338861

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

    Filesize

    2KB

    MD5

    50796f7db170be8c7228ad9afe86c4e6

    SHA1

    d299887be98233fb49d29560904b2fc9bc9e0f41

    SHA256

    441baccf55b265cda3b1890d80710e4d5f164db366f763929cab14e5ce18fa79

    SHA512

    dca7b95c1e4feeb51bdea09b2ed3bfc1c36d0a24942531043e9eb7e0eb9892aef13e1e554b7e9af79ece194d033bfa2965a2cc0f3b4f16fd9e257659580c6939

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

    Filesize

    2KB

    MD5

    0475d3a01c163cb6fd6f6d6d2bae944b

    SHA1

    94d3862836362225c2c1aee0bdaa59c94bd39a25

    SHA256

    6b4340553e1a9070f94a4becdebeb3016ee7aa0a74db30bc46acc2da7ba55466

    SHA512

    78c8437f76abb7531debbfc634dc119aa532162eb10efa06c567287fb84246867eeadc892b148a6a1bea06de2117f7c37c4a77c8e31df5c8340927157169e4ce

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

    Filesize

    6KB

    MD5

    995cb25640d37f92b8c3606bfaa3b5e8

    SHA1

    a6fc80678446b15a62128269067962b1f6de57ee

    SHA256

    9634ce4feb46711164e5576a3c1d6381e6385799b75e254e0a4ac62d0ffda091

    SHA512

    7f39a94eb3d5bbc8e17c1ab8bd94924cbff13685a827c48a625d685a8e150b9f08cf3b320786f7efd67b3a4c979a1f75c5844c3366bf781612317522b03bd874

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

    Filesize

    255B

    MD5

    94f23cd41518b85b451e30f573cb2877

    SHA1

    60442f5667a9ac10a87ac2d5526608f3af7fcccb

    SHA256

    d1860940f2672f8ee9df1526247dbef8eb58b7ab2c3489b438fb8225971c0e64

    SHA512

    35c9e2eaf5a3fd420b0f5a85262a92b40717a0b4f3d5e1b6083fb9da8f77fe1b0f3ba1017fb6bcacbeb80b435098afda82d176e3367d99ac106417e2523abfa1

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

    Filesize

    323B

    MD5

    0327cde4692178cb9ea747b71564a4fd

    SHA1

    329ea497453277535451bcafeaa399fc0da595bb

    SHA256

    d7b55732121abf6b7602e85bd50b74ba3641a76a768b1215010bc62552e0ecd1

    SHA512

    8a6c39ead090bac619ff5a7b511841301ffd0d97b64e54f7ef24e2fe4f61e0470dddc7ac984da68b7ab20c6831ca225d30513a606072e6249c0819dd8baf759f

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

    Filesize

    367B

    MD5

    44130a125e3cf7efa7572831bc0946bc

    SHA1

    455d0833bacea948592fd0bd1a05b2b2d3f6e4fb

    SHA256

    3fe90f27a2f44cd7d9dd96d35c68204757cb496fd76bc90f3b0290cf40f3e2d0

    SHA512

    9dfa6a37bf367177fe2cf6383281ce8115f19d44806fe4e578f8be4e7d85e4ff91b8198151edaf564f316623d430b5259fd53027a1c0a98f45b56aa47b70d9e4

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

    Filesize

    148B

    MD5

    f08bc94fd429fdf68e7745a28bca344f

    SHA1

    bb999041afa2aa254d9197f2643ef47056f1b531

    SHA256

    7439ff9252ac211805769290e2e674f69016cf71f0f10c6a3e8865c42e517db1

    SHA512

    8c25a9de7d697e85cc1b2aadf9ad7ab8297c169d29c6a7949c6249da5d8ef9e05253497ceafeaa42432272f86e70f11a6e46737f60f41474b7a38be4b0fccf13

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

    Filesize

    440B

    MD5

    87545ff0f541ccff91dbaffbb35b41d0

    SHA1

    3f1053c860ea5d5e3c2f6a4d7ee99074d2c0bcab

    SHA256

    8ce773dd8cfd0cf2952088cd295dd1444734deaeb1f537d69b15a6f1e744f580

    SHA512

    6d07f7914230638b6f9aa6c4283f54d5f0073ec377042727d04901e25542393d070dc7ab8bc7c53f2140179662674a2fb5929bbe308bb8ac94e4e699fd82d637

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

    Filesize

    462B

    MD5

    c54e6516d60774c41bf33632d856785d

    SHA1

    6e8e7ca0cbc7d04de2da757916c2fd30d275ef6d

    SHA256

    bedf996371059475314609fcfaa204b7a3c04948ef23fc10068afb3f05b4b65b

    SHA512

    f194070a4798703b46b89472d3ba5180e170e54fa3bf5f6e9fb9efbf7838c3bc38deb691041771b555b543a81c37f39f4e6f5a2d902d7ee4e20e252787892772

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

    Filesize

    267B

    MD5

    ff914c132a9765885a9e02fd90b931ff

    SHA1

    83ca3993b16d708be226965730c7b27d269d88e8

    SHA256

    3f9f5b4f8a25ac8ec65cb2840b37db4ec47be54a377f197ea4d64576ca6bd8ca

    SHA512

    6d489256ec936734f117d47fd2fb9cbe108a8613502b521f34c5f5c2b3eccf3e0f3fc884235037dd2cfbf3ff27f59b266cb23ea3777d0c16affee3ed1fa0f035

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

    Filesize

    2KB

    MD5

    26bad873faf1b871c033bc9a96ee11e4

    SHA1

    e34ed73d06b874b1cbd43285dfb01765c68419c6

    SHA256

    7a70e2e3c717bca7a8500a486faff2bd037bfc00b3af9f960bddd938c191e0b4

    SHA512

    a948342625dfc0944c59a936cb743493e7028da557e3f8263a81c6e32d63d1dee124294c202afe924562f68216cbf40a73802c29f75a46b76b4ba86c4a00a281

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

    Filesize

    233B

    MD5

    b54f773e4444d7c9169947ede8750a4a

    SHA1

    191ef35642aa870ade3bfdb122509e4cbe66702f

    SHA256

    dab1dfd88e39fae75c40c6c08fbb06ec001b2ad91a3ea06741659ba1858cacbf

    SHA512

    f62da12d288dfe3a326d4e6e099f4fa564e827f4a527ea1796128a77fc91f5c0792a2f6bac2c21e033f0f976817a05e779374093f33bf7a7412278fc088bd3e1

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

    Filesize

    364B

    MD5

    d7e7a719a8e24f172dbeffa06a190c30

    SHA1

    14192f875a04bc2453e4ce89b04710076810fea5

    SHA256

    f18a20671986b7448e82c69504d67ff80c2d24b39effffdd1547913f72247888

    SHA512

    90d45d67904bf8aa67d77eee718711ecfc90afc5b9ea91f744c59a800a073ef114f8dba41edbb3e5dcf40d7e8efe176d780ddd8857a82a687ddbb865eeed0d1c

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

    Filesize

    364B

    MD5

    d7b83fbb366ddb9f74602a00a3d0cc6a

    SHA1

    7921a966f9ac06275f94606c72c0aa9477ee5d9e

    SHA256

    77e9ff49264b0122605f991feb005bb76adcc29814c5377d9ad8c58d1a660e90

    SHA512

    e0bad0cdd667d7202077026b8ae6405a2b799c8b315d694e469d8198199b8d19b6b300426de6c1af8d45fb11d7367ee10c302ab889a252029bf3e0e233ed276e

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

    Filesize

    6KB

    MD5

    26d4dedaee75438fb2d2fe1d247e9345

    SHA1

    3b741dc207a6c46a699a8745c67d034ca2a28a51

    SHA256

    f6f96f412a6d8ddb03b82d0caa84747b8b777cda968c2e4b2d1915cd81eaf5b4

    SHA512

    ba84ff061283df7eaf4648dded6007fa4324d80cdded465feb6aa42fbfa15c7992307327cc961ea6f502133b5bbd99c7ca7bf92d43d311cbc43e00605a29745b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

    Filesize

    428B

    MD5

    d8d036fa9ef16752c713e35f5e5871a0

    SHA1

    9ea852179888ab56f97c2ee849d32d312053bce6

    SHA256

    dbc438ca67d262360bfc8712b7cd69150494ca21408b8ab15fa879b86af48200

    SHA512

    406009b492ecef65f07b1d9722cccd9fed3d23ceb3ac61463cc98143bdac7f0c154035e6bd5ade4d55c960a3fa63fae9c42c6705fc5639cb66da08b1c80c8899

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

    Filesize

    815B

    MD5

    f6fda4cb190f4ac4ab2b5525bb1d94bf

    SHA1

    af32d2c897f4cf6c6718b889d090eb620c441654

    SHA256

    dbfe259772dd54e31e97b79d2a7db9d7b41f8605016077dcfa2ce162ccf67423

    SHA512

    39efc74f12a243b92441c896b52a8b68802dfd220d6a067d054f62f6c145050f0e753e47fa982a88d2a217a626db53978c3ea0bc0e0ae4f189509c2950a96284

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

    Filesize

    870B

    MD5

    1600a40472815d6dd83242a6c65808f4

    SHA1

    43a6960e29e7eee0cfc50d992f9d0e22d4f93609

    SHA256

    2e7fe4ebeaa07479cf6f5cd8ae7e8d668a660929a60c12dbf74dd8fc9150cb71

    SHA512

    860590433a76422af37849276755016a3cc5528e86ed2c8552fd66380c754f3791c59c732a5fbfb74e43fac632f23f82973d7a0bdf759e0e3762d3446b8a1c49

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

    Filesize

    3KB

    MD5

    e4186daaba22bfa478dc51a9a160b5a5

    SHA1

    e5962f35adad84da9c3bf7237e635c72af6b6e4c

    SHA256

    49ec688c48c3ef28bed9660de39f64c3663fb62af7a849a40e78762b86ed0e09

    SHA512

    449150afb19871f2ad7524933e7d28cbdecab6bfcfbe1743d73a9ffd20fefa130031d591b7aa845519f7e48cc125ef95dd40ee7cbc4b7de923d902fbc0a2d373

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

    Filesize

    2KB

    MD5

    a6926840f590a909b084a1a8d02b9256

    SHA1

    e4c097d72d51202eceb414a344644c8d90d966d9

    SHA256

    db77731fffe53a2961e976a8b9a463b29998c243648da8349ce098bdd8635625

    SHA512

    da80893e100798ef51a07ab3f3a8455508d9ee7ecf59b729cd945ec0aa82931a8b0227d6eb3437721b84225fd3354bc56ea989748313f6b15a45dbcaecaacb47

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

    Filesize

    19KB

    MD5

    69b6d2ad6c4daa2ed21198224a37be5b

    SHA1

    2326f4be3af23e3503dd056d5e866c1adeca768e

    SHA256

    e039a34aaab9194050b4828e9a5f2713a4b078bffed66a56a09663ee9e1d5544

    SHA512

    20baba0abbb8e390576dec02b74d464f28ebf7a0382c929dddf43b6a0a1b09ef586802a0258517b185a75f5cfe89cfcf604cebf7cc504d9573a9ce3e30897848

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

    Filesize

    890B

    MD5

    503e7746d715ad64ef1f8c02685de687

    SHA1

    018a39ec07a995e5aab9c6aaf2d2a547f7f96a80

    SHA256

    b3cde8261a8b1144dfba62a13b53db75706927f0c8543c765ec6372954ae444a

    SHA512

    579a0450a7b380d32c072e7cad88613c913068274495ccb34a316210f7e3131e480c2541b0487ade42793a6665da0a6514a759fbb5ec06db44857910d43523f2

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

    Filesize

    852B

    MD5

    fd16bfdfc3f011ff41455d9fe6723732

    SHA1

    ac437bb579263a60f010b57b891481aca864023d

    SHA256

    513c5af4a335e5f40dc46df8a8db403cb7b958f9800156ee870d00d2ce9da2df

    SHA512

    a67e5ca3e32bf6a1492b863eb53795e64b2501d64cde9e9f54e19bc1705ad97d0ff04538b03246c40dbd4bbb32917d5fd3523257be0ac5940721fae891c47e10

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

    Filesize

    860B

    MD5

    6ca3041ed3e7f4e2ea1ff32dc13f0e16

    SHA1

    3ad6c72bc7410657983bdd036545ef705419d765

    SHA256

    1f5132c8886aa9dd43f1fce7a9aec89d117ae1077010df52b3adc43ae94091d7

    SHA512

    8361ca578c404796bb676e3b905a83efbf8bf596e102df17d3de13a6c379e309cbe788b7e03d5702d46d5ff507a25be21c9e521902d666be5d8d89e77fac7f0b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

    Filesize

    580B

    MD5

    d92321254ccdba68458180940c8bd3cd

    SHA1

    8d26fe3829ec31c00ce2a09d9a9a3e85f8a3b3eb

    SHA256

    a98a6375b9f5f1593ab590cc7d20c55453ecab8fc08fdf5ad4b240a2856dda5b

    SHA512

    9bf9d1684bda3baa0bd9848d0466a7c505a606c7552f7a5e4fe14331c954a2593614c6e3dd8119d93bcf837f129b56c947a602dff8472d43bd5a47abadff1e7b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

    Filesize

    899B

    MD5

    1715b76a1f99acc23638924078a25f37

    SHA1

    bbae72b14eea92a66870428d0c6cacb2872ad1c9

    SHA256

    f17ae9b09c89b493034d02aaad4726834efdb91c14e8582f2950bd7a2c17b056

    SHA512

    a6a5cb7a53cd1e394a7b324909f21ef663e9282be6f533449a7766136abe33791696d6838985c8445d8ca48bdc5ed3563b612cf20bb0c372e47f3b2aaa30d4ca

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

    Filesize

    625B

    MD5

    19cb483fa74c8d56e0ee06c8b8379d59

    SHA1

    fd444693c5766aaa8e1fd04da78dfea691dc55e2

    SHA256

    55b86800dfcdb8a458ceec95ce92f2c633e45282dd0dba81c2716ad7b24b6dd3

    SHA512

    9840feccd5885d84c6eb23d3c30a69a62c422d5cb6e5ed12ffd88030fb753b2563d355fc92a02b32aaaa492ffc65afc3e9d8bfe18412301472dc1abb831d1ff0

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

    Filesize

    873B

    MD5

    ff9d48a5852dc7119047d5463058911f

    SHA1

    a66711e67e693d5ac8d9faa56f028a0b71aff100

    SHA256

    cdc388bafee9575c6441046d276ea009ad5899235a8505b1a8d87dc4b86d88ff

    SHA512

    9a4f2eab06a3b4511d8f6000ecf560d903a221c822b08a719305598b5e5b8b779ea195d85370d1058653a2af3f35e05363d1231f9a2e6ba95594f04c627db0ee

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

    Filesize

    5KB

    MD5

    660dfce18e3553d4eb0fe9a9c742b8c7

    SHA1

    0541bcc091e513bf63f66d22f1138a01c8923ee9

    SHA256

    69503202b210f7d17625ad2149d6a355169dc484cc984f07bd226ad89cc8c6fa

    SHA512

    fe25639d25ab84ec4e90d30439a28c3105b1b5d6c75f0344c7409324e247901d95e1f13d1ca5eb9436e4c794dd7330334de1e5de666e1d82c880ad2e963328b5

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

    Filesize

    1KB

    MD5

    fab24f0196b783052b835cfac43467e4

    SHA1

    653f6ebfa2a91065971c52c2840d11cc1e438398

    SHA256

    ec3e386fb2a85ac7257e05c60f8d3ce84d9a30b2dc4789c2e6631b9e81fc0339

    SHA512

    67601d1d56728ec1927c6dcfd27a387bbb88fef3f41addfca1336049dd3714328aeb3820d650d9844a29393fb064cedda2d2ab009d97bc748951fb841f80d068

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

    Filesize

    615B

    MD5

    0640d2f3ef7cf477eacb4235cfc8c6fb

    SHA1

    79f0eb28fc40a0bd73e787843604d11beda1cb7b

    SHA256

    e739a77b184d82b16517ce2538e63f4864922c5157840a4b2af5f5bbcd163e2c

    SHA512

    cb1b01bf8071d199aff34b05837ee723906c56e48afefa86622a8a5f5899ada5257e1e1ec5f80ec6038910d5ed86af4ba3b7c3f2b7730660eb1f62e5de46a95b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

    Filesize

    848B

    MD5

    0bb6eefa3954c4ab5d9c7996923dd970

    SHA1

    4a3c88791c7f38f9e8f8af618df48f426c8e8d5b

    SHA256

    27cec81cd638fb47fac81fccbf21ae4e22ad616d04a96c9870db8d3685cdf105

    SHA512

    3fabc5fd9f17de06dc6e33212f41ceb1329c46937eac7a22b17f8ccb12940c0d3ecd0ff8bdaa402f0da487333bf558bf2acb356f1eb9da021753e39fff7d964b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

    Filesize

    847B

    MD5

    f225ddc9638a2d1b11a53e9e98021448

    SHA1

    b73906332a22763085fb4bb15dddf5d74586b595

    SHA256

    aa25b8b874b0c1bdcf854592d82fae4469809d20a8e61db490fff1ced0bab912

    SHA512

    ae93ee0bec8a4d607009f1e33ea79c7684387fea481566787f64623d4cb082e0a4aed87dfc820ec2be3c6ba44a1e89d6c79fdd942e924e76012d009e8ce32734

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

    Filesize

    869B

    MD5

    0f1965d16a525b3e8d944181917296ee

    SHA1

    ed17a1be61349f36fb0a163a0538a04fc914aea2

    SHA256

    997bd3d613a978ea70bd9bcd155ba68afaedc1605eb5f8facb6b2e3eb49fee82

    SHA512

    6e111e13ea4ad321e230df174930fa997876a5541e610d7863ddca0c9549a3204e96ce15bc8623135e7abde789497b2e8c8b9779d239d1eea378e4737dbd2d9b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

    Filesize

    847B

    MD5

    b0150f58ac7302df844f5adace0e701f

    SHA1

    baed9bf1c8a7422b539dfc26148bc4c1ec6b02df

    SHA256

    69af0f20971a938bc479a93278a00d2032053ebcea78d8236e784a12f4cb97f0

    SHA512

    08cb20a4b010f6abab23a21056ca74007f95f15e78aac959b292dea5556504991088862523f8478ceb73c2ecfd6fe9cc1d733de438f86b1f38bc2e92b3405659

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

    Filesize

    863B

    MD5

    4dbb5a129a0e5065c435415b8f6b92ae

    SHA1

    7d85a63151e3d0bcd52bfdf91fb318c2e1f2aa81

    SHA256

    0a93380b9e06aa5bba122345213afd6a4732361827450ec5edee221cb2945f3b

    SHA512

    88f9e02437b8c2784b36d0bd25ecbc4dec7ff4908296e29114b7d27de5b924852dd172172a1dbd637a39caa8ab56a416789de7483a8426a2e219e837c8ac4c11

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

    Filesize

    861B

    MD5

    392dde70a6a2f09030a1b157c1b58896

    SHA1

    20dce5a5a993bd094ead12005824eb2fa87b958f

    SHA256

    0af42ce7f7f212535db72956833f076bef63482321f4a9c03b965594e0ab23b8

    SHA512

    0108ffc34450a8ef27fb3e1711ba9d123c3cd056e7951fb30a7e58d6d26bc2fdc5432c8037732e7d70da9f95adadb3d1b4dd461e8fed2a742c6fc24e1e7ef61d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

    Filesize

    850B

    MD5

    a69c53ff5b46f4a774e4b1abcf3b5c2f

    SHA1

    d6cd5b92e0ea256fbe9443db7577001a63189944

    SHA256

    99b9e0b47301203215de76531b67bac8f0555a2c4d60346d4c80bfac189c602b

    SHA512

    df3a07109ddd9c921e94fb22a7410b3163aa0cc74207d14ae8d0d39ba98406ae8525c46990701b04b69259835eb7f6babcd20922858cc0a203b07dc963031389

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

    Filesize

    883B

    MD5

    a98afb980e56b2a55d58dc8d13d83af5

    SHA1

    8fc9e2b80a5254ce0bf191c29e394d770586d4f4

    SHA256

    d13bb032c4cfc14225804e142f649e8827c7259f1bccaecc2939088c9aceeed2

    SHA512

    030d83f02e5bcd1ba231bdffd7456c5e6bf743b7683816d5813940df979c452053f45509d5f8330d54fa675c10f6a6c92cc33d5b90c547fe14158e8f156a0764

  • C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

    Filesize

    153B

    MD5

    c41678dd684bf06e53a6245b53968128

    SHA1

    2a027bf562fec840a1254e9ba4c48029ac7879ba

    SHA256

    8b46f27c26058882537eb34553d3d54c7a8c31c960286c16c95b6d90fa81aeee

    SHA512

    31016a9419edd42cc14d1f4e002380ac65c6d686e62ded7ad1e61dd507ef81930ccd2946f3bb54d0b2de16722e6b707043cc7fa8cc4f7b9aba93ad0f6c92de9d

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

    Filesize

    12KB

    MD5

    3b1403c22bd7611593a032024d74ec50

    SHA1

    b09751bdf0a8ef6c32428a20483530db5a429830

    SHA256

    920b424fdd13306ac01ce4b7aaa9f11501958737650771b4cadb90e9d69772be

    SHA512

    d6c34859346b6ba3aaec2719ed6cd12b3b98be2cc8a67d539868453cecbd9ff2a9f30c750e7bd18948d9850ba6d5e32d20cdd58efc2db35fa9a34866ba0128fc

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

    Filesize

    8KB

    MD5

    0e0e5839556df9e904504b261ca5e5be

    SHA1

    27ea17a924900e8ef680e0f81508a8fd87b456a8

    SHA256

    04bac402879bac13719d12e992eb8c877455089db1ddd5186d356b1712f6b2ff

    SHA512

    6ef95a1ad5664a77edafd25df0f021657963267477573d05b27f8bb03df320f3f90d2ea686492798962641d29c0e9c73de2299220bd66eb25a2ded2c560eb9c9

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

    Filesize

    11KB

    MD5

    cc302202b2c12a88b06b97f151a226a5

    SHA1

    76a7d71200a0eb54d0ba3c0d77106436da863b98

    SHA256

    eb9ce9d755191c3d605f4eba3226270fd05d053d5a1483fa01200c4019571771

    SHA512

    8b9913b719ac2e610341ae0c4f1343ce2b0162e7ce42a69e99afe27140f1afc1485142ba43101dd7359916cc42f516ea7542b0495a19748b4f4d4e9947936309

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

    Filesize

    109KB

    MD5

    8cbd3f245d63ba98961f0c62e7b3c109

    SHA1

    b8bc3d81a0444e217a027ea8fd96e068c110d790

    SHA256

    e3463ed21321e58fdb158594a6c59dfeadd030992e5acc11fa2dd16dee5be4d3

    SHA512

    5a788eddbc8adaea37afcca036ff282b68d0335aefa4fc975ce72164a19eb1a3af2be461e7c8beea9cf1dc6b6d38a6c270f5b575a34a2bf3c99a4c03a99ab7cc

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

    Filesize

    172KB

    MD5

    53cb5133c51d10a2591bed7d459131ba

    SHA1

    441787b95798ac59c84a24d8fe3a623961b18ddc

    SHA256

    d1b92ad38ac64e056cbb672d070bbf0848214510cdc4a3764624344278056604

    SHA512

    a23942d8479d82eab58b0f0cd403db586094cb4c52b5b9b6f5a2c4c00f53dfa435db7905ac0c759813f062296c6fe1b2fcb70e52133d480d739b51194c3a88a5

  • C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

    Filesize

    1KB

    MD5

    1f6610718bb7c4c12208478af70b8313

    SHA1

    7469149a60f41fb362d4b06d136be6f06e3b077b

    SHA256

    c763525e208cea91cd8cc8803ee0756b51455c2648f4a19dd11bfc20ceaf6e94

    SHA512

    666bed9ea6c8fe7e783b77aa26cccc957b61ab0728fb11992e625d79e3f5a9fdb3fe9aea67d43ea55c31c08bdb7461761cb62fd18620e6c44059c66db64b3595

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

    Filesize

    21KB

    MD5

    215a0341a30a24fe9212d079a9b771f6

    SHA1

    9f3b1f436d9dec24586ea21eb8104d4619107e64

    SHA256

    abb6067afa90ff3508cabd61f9ca121d0f9c90507fab1b76d10f6331999d5e12

    SHA512

    dacd58c8c6736618e535e38d2e7161ffa010263fc1431626abab931623a5b203a1a0540afb0ef30bec06d88d3693d5602fe6f798b77100c24c0a80495e4a19ef

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

    Filesize

    1KB

    MD5

    7601755b5dc9a5fdd884aaf45b1153d5

    SHA1

    98cda7b989d5807347f654ad8cea8761531b5b7d

    SHA256

    0c05e957dd1849724941a1e1e19b200de91dffae39a65eac2ee5a2da648646fd

    SHA512

    29504f0c4cfd106625367d401ebce2238b2e7083546e667627dac42bc3b41ed326f5389ad2137821a62fe02fcffeccf856515cfeb6f4eabd05196c36393db477

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

    Filesize

    952B

    MD5

    958ea0e3c3e4d9d1d0b14347588ad087

    SHA1

    3cac504e31e2873705bdf0ce0d2a037a3f842195

    SHA256

    7b834141748e5b88b22e7481b2a02058875a3e784e20f773e04c676ac88223cb

    SHA512

    84cad66f93a1fe6464b40afd3f6a5be62342e123e43e85cda773a8362594a7c6d0395eaed80fe3ef9c7e2aa807d4bb9539c273ea2aafb2266239e3ef97dd982d

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

    Filesize

    121B

    MD5

    a5b2a9795e86ed6a3d1e0609abd402af

    SHA1

    c4c26660daf86eb2fa74af68fde94acefcac13cc

    SHA256

    a7c8a59ea1a7b08496b9214a33c28177f6f7c7e9749fbf0660527f72382f443c

    SHA512

    45d8c2f92a62eabc76f5bb30da5b36ada7ad2374aa0971ec38b87488e9fa986ee1b61c18998015775df88048bf673e94fe74dca3a1cefa8e4ca6a9817a79c513

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

    Filesize

    1KB

    MD5

    5cf7971f5124a38214350c465cd3aace

    SHA1

    cd4e0f6ff4e19d2475b303d8f9c5a186237b8af4

    SHA256

    076acf7238d73824dbe55ab10e2ff8916a4e03c5205f46e59905524fa1650641

    SHA512

    735fe04c4e0d436e36255b5f399f66db807d280d627e55ec931da7f022136b3f6cc8ea56102e46a674baf0d2b6844409bc06edb092128cc43f91bc4ddf89ef1f

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

    Filesize

    8KB

    MD5

    9a21d6541be97f6ae6b0ddbf5a39fe88

    SHA1

    500855f31b919d5f10b46b2a3807c022e147b9ef

    SHA256

    5b6af7e20b6b90c44413900234e9ebb461679e9017c2b52f2f063c416bfbb96d

    SHA512

    eda142a3042cec239453f653f92d3a9131ef1de39a6fcca641a6480c92e1a056f2fd47d3c89ca2892fdbf3558425917b3746b25056cb77bad71eb80c547e5c07

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

    Filesize

    914B

    MD5

    722240bab399566bc270306f9df8600b

    SHA1

    9132894ed87ceda4a1f66e6d89ee502d57bdfb08

    SHA256

    2c2636a6c3c53631a37e5aee914478ac6a224187ac6d48be5a9b9baa7c6e5fcd

    SHA512

    fe79a9826ded6be6ed8d848884dbe46b7402567794159b8112a549ff6a59869afd5ea19d7cf5a39b8423bc3ca57d31ad6f2a5ca4f72acaac7dfb60b8f9e627de

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

    Filesize

    90B

    MD5

    435a7d0a8ffb995138b68ae1b83b0103

    SHA1

    6d58d94d2588688f35c0eb74c4f5ba7efc50c091

    SHA256

    eb363739f1a3552750c219cce7c3412ab5f437ae1ed6cac3b53adf5b0620a232

    SHA512

    1921f0b80bbcc5019cfc4993072bc7878d9399e84cb20614f807e18f45221c7d44d21fdbee1e30df8cceb0d0f68f0091e49bf1865eebb575ed757d820326757d

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

    Filesize

    90B

    MD5

    a4858bdfc6a8c2f77c7666b9cba76f0c

    SHA1

    3d6bc50e18d155c41261435546c028e9bfac5d9d

    SHA256

    524d28a45b8635deaef0e96cbeb656e30e3c2a3089519d3c0b87ebfe1960c4de

    SHA512

    92d56756f47453801b0645769a4590fcf2e03847f054f65d875c2c6e891c34b7b379719e8096a804a41bb5e9697fa19dd7e2af79ec1430430db5ae9214140b66

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

    Filesize

    328B

    MD5

    15d544996cb9c3a47615f5de052ed8ff

    SHA1

    33e535373ccd36515bf12e566df82c477e413db7

    SHA256

    b4e2bcce0b715f490ad5977f0bcffafebc9c1558c42a6577d2baa074498ffdcf

    SHA512

    4a66a869ca1fac68aab8730f2bc559468db138204a4dfdc1be760960fe5d5a1fb755ffdde9510f748820b9878ddbe54be3c56365191a3cd7d4e374ba5cf4c846

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

    Filesize

    1KB

    MD5

    fb15ada5b4f7cd0bcc8d0af4d0d7ef7b

    SHA1

    253aaf914b4c6a5219e7ba6575731d6358cad098

    SHA256

    c43e561058463f7264a3859e4a700bedef54dec862ac1d264082736d6327d933

    SHA512

    fe1c7ebe96a5d65cc25c3fd2ae4ab311115c076c770cad3cd9cc25e9f7b294fc4ca4b2d7481f4516cc6b76be0b7ed71059be07694a4506f9665ef7dd41ee1867

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

    Filesize

    162B

    MD5

    567ba6759c00c7773e2a2423da61089e

    SHA1

    cf4272372a4c1337abd399f17f051f9b6e20d846

    SHA256

    83a5ca5ac43f9ccd9c705802d8134cdb31f6095a903d4b7b03381279c0c542ba

    SHA512

    cd13dbbb01b5468a0634f1bd406fe65643dde862259d7008433894275d64da1985c9bea6f69656611a17e5cba0694e336be84bf43ede1ea1a38ee0f78454aca2

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

    Filesize

    586B

    MD5

    fd41b5253c55d14fd75253b1e2639e88

    SHA1

    9fe76ee44322b2ab4908ba50a286fa3baf2b27fc

    SHA256

    03d00a628dbbe8a63f9948ecc618928cdc37fe818b9b2208fafc6cee31e191d7

    SHA512

    4a8d49245bb7dc3b86ee52bb0ec9fd4435150d44700e94d650f574a77857a91f4af95d734ccb3bbbfc54fadd0c0bd76960599213441bbb3e57daeb3cc26794b4

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

    Filesize

    124B

    MD5

    171a23b90edbbbc9781182967397e2c6

    SHA1

    5b0f85aa42410d06e375888ede0c335deb8f2c7b

    SHA256

    7bc1e27c44ed401fddf1b63799e45107c830ba8bf39d0eb953614a0c4991b47e

    SHA512

    16fa5d38732019292a329ced8b136f30b482c449fd2c28b8519dbd848d12bef66cc5abf6e8f30c1c65f9fa86447a41a92e10d6c6e04ac7631e8997f1acadbf68

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

    Filesize

    8KB

    MD5

    80fd59f8c4eea72d54b11547efc6fd88

    SHA1

    21149de9c5e9b6187de1a66b7de1c8670ad0904c

    SHA256

    7094c18efe63460741857977ee74b454a0d7eb7238d9f1761a9880f9313cabd0

    SHA512

    dab9abebae58b1e55e6b083cc0d471cf07e57fbad7f033a5bf62796d5921c1fa0d8d3ca863c12983c7fdbd00a4681eed6b9dd08de79bbf9e914cc2d8b49fc300

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

    Filesize

    880B

    MD5

    699f2fe8a792fa2ab89e49233d47875c

    SHA1

    ddb5d48ccfca7b02203038c68db3e3e50d66d655

    SHA256

    9477a12bc94c0e94a243db6d5de6328d3112759ce45b10ff7ac34ab0fb67441f

    SHA512

    3e2d15ec534cf8e1e4ce2c7a4ee01b0e7c18b6f6ce0901e59aaef3ff9bcdc70516f25672007e919464c7285a47efbe2c8a25bf3538f9ce0645ad53233a4e8804

  • memory/2104-3-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

  • memory/2104-8821-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

  • memory/2104-8820-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

  • memory/2104-9053-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

  • memory/2104-9055-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB