Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    07-12-2024 00:13

General

  • Target

    cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe

  • Size

    7KB

  • MD5

    cfbc736d5a16198f13e7bf360e5004be

  • SHA1

    4aea5ace463590c5c2bd1cc571851e5e630d9331

  • SHA256

    397009cf4ffa0f080835f9f2a43e50fbd91bd57763851a280a75aff029a7034c

  • SHA512

    59a51ab1bcc070ae20e385e56ba2d0afe9e4ee6088cfe06e1de9c0d33cb4afe6ca55a92f6d137209b0cbf4a19eb2601ea4085e40e0a5d1e224e1993350d604ab

  • SSDEEP

    192:Gzdrr1FG1WDCgmjPZPx2ds9ct1X0utLRMUA:Gprr1gkDCgSCd6ct+gFMB

Malware Config

Signatures

  • Detected Xorist Ransomware 6 IoCs
  • Xorist Ransomware

    Xorist is a ransomware first seen in 2020.

  • Xorist family
  • Renames multiple (2169) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Drivers directory 8 IoCs
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in System32 directory 64 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops startup file
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    PID:2328

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

    Filesize

    282B

    MD5

    af5a2a58a49793554f291a2939ede100

    SHA1

    637eb13f507da0c87433cff0990ae0b3238d070d

    SHA256

    b952cf8cb5c00487de38ed2f9f657f135200f61bb01173d2010cc61f15c43d02

    SHA512

    1168043a186b73c1ea43cd1228c530033728d68e34824b91018cc88bf8d56102367f2b1535ab3b23c90177d7b9bf03f3ff11135301f4bb5f05401ab0661668ca

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

    Filesize

    341B

    MD5

    eb4d38fe5ef6fdbce00fef8dd551faf6

    SHA1

    e5ba98ea68040db0b539419aacca40bcedd556a1

    SHA256

    1b0040d53cbb313e62b52bb52251fe8ab9055e80e1b0f94ea2f0083a05123d60

    SHA512

    57509c64b7a38a9ad1dc463f176d0a9434913d313959c83f8b4f517116dd5f80cc67564f28db4e7f81dd184d13727d3e05160bff24ddfed4b942365a06caae96

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

    Filesize

    222B

    MD5

    9cae961d89a2a023779548ad510cf1d0

    SHA1

    6a9c021dde4fef75572e202968a0ca83aa5d78cb

    SHA256

    a358254fde337d513295979892acb4fb73608f219b7864e7dcf408261ef39277

    SHA512

    8280aff1b2b50e0311f00886074181a6f790090a34abd869237367369c98a88a51b16195abc8c4e59ef183e86ff178161418e34e0ba4f74c3cc3073a55a781eb

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

    Filesize

    24KB

    MD5

    e45bfc01a79ad9df36badc717d866f0b

    SHA1

    fe6be3a2cfbe87b22f77a555af3e1ca05df1ec17

    SHA256

    b2e10d3490367d9ce309f0c8831d225d997ddfeb708712a3b95c6ddc5e3bd367

    SHA512

    e053774f37ced4406c66c61a8ca9c370986e885401f64066e32a69f9326dd6b71e682ce21d86741a89690a61faa6f9322e70a1bd81f2c2c440e3c8dadf0732ea

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

    Filesize

    185B

    MD5

    9a3579bdc02031cf1fc104ab59a87839

    SHA1

    a2af58fe8386fe6e2fd3eb575eca55276a54372b

    SHA256

    1e07b1958a1eb01a2cf2d35ad82a169a18ece7ea8dd78d28436634cb1e852461

    SHA512

    a5f088ad1456c3478789dc157a08c79373a6116c14685cd26f3a03feec6565bd546829d05f89646ccf7fadc2a47b637af4ff5490380c3df3cd3989316220f505

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

    Filesize

    496B

    MD5

    0704e68687099eb65518b236c0bf5169

    SHA1

    069b149d0bc071b7cf4c0d1970d8228eef55ff85

    SHA256

    79ae45bc419bffaabf1c2d52536d36fcd25e02cbfccd72bd0eb826f93a78f470

    SHA512

    6593deacf77a36773045a1d6c86950274dc35cfb75e08aa38dcea3a5a2c4b1881a69f158b080445df943856813b13c90465a03cdcc3ee75f71e653d901464a7d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

    Filesize

    1KB

    MD5

    05c9c7a73bd8860b84207d9f91917416

    SHA1

    78a939296376d4945a9251463c9390a359986ca8

    SHA256

    fae031d093fda3f07c2eebc72505f3b6fee8431bbdc734a2844dcea6e8befa64

    SHA512

    c01184477f7a9a17881661a0eacadfc36eb16acf5c75f1dcdc38cbacbca856dde5ca5f61e4029850aed6aff6dd14024c27bf526e005ed34ab977a511b695d29c

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

    Filesize

    5KB

    MD5

    26a8be0aaae7c1659fe441e212f17412

    SHA1

    256adfd26874e76d9d18f76d4b5e488ee1f2ec13

    SHA256

    34573ba1eaaff272d74e57f0f3ab005ebb85a869cb3d830d9265b608c05a608e

    SHA512

    9f884ea589c3f1aba68b933be6734f8b05005c4fb8db7c0855db375877ef011595b7ebd28237aaf7f2cc632ca986bc040304af77fb9b03a66a46373189f12336

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

    Filesize

    31KB

    MD5

    0feb8979ed975d929c332601a195c229

    SHA1

    8f44295f4226fb8eb93a9a4d34d522232915ee82

    SHA256

    dd957ac0afa2629a24e0f9c9f69e8aac08f34c4dd229c5419e77086dd88f4626

    SHA512

    bec3299dc9f01c3d70ef69dfe9ea4f752ebc114d8529785f6400c430cff19e4462715c28b6e144cd6c7eb9d7dd1c1d24db26f1bcc7f5c13abdf0927cec0c27bf

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

    Filesize

    4KB

    MD5

    8201806f3500aaab2b266f1b9a25c818

    SHA1

    8ff57e9ead1bd65ba82df34c00998a08835ccd93

    SHA256

    b336262f7165101180040f67b1bac41f2d79d60f248711390d6d214846c2990e

    SHA512

    e28b9e92db778f473b5c1883d8f2fedb5c9c0bf3a4d8ed985aff6e0a210c70d212bdc432a103b7738484f82c821cf732b2e1c1575b628845a2c4572e1fd7df65

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

    Filesize

    21KB

    MD5

    a1becb1c5f0f13829ba332fbaa8609c6

    SHA1

    b5a75e7c6a2f7729893832d47e8a63f1c646b79d

    SHA256

    58050062be4e0b15a41630a1208b5917e0b500e5220e8f9cf646a3e22ad33be7

    SHA512

    b00fe13ca54602cd66cafaa04dddd65f36bb0ac9955747937ac0aa52a3af42f91689d1ffa4a2100062050d7dea9d0e7aa97ccbd56313d5f00895b08438cfbec7

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

    Filesize

    106B

    MD5

    e5e2ed18aae9e168cb353cbc1017f2ed

    SHA1

    9a32a158fa28625910ec6e484a92f61606c810d6

    SHA256

    b94e94a018bbbf7a5de97303a0f106f91cf564699a3f9ffa6aafae395b766da7

    SHA512

    0abcfcac53099e25caf2835e50cbcf09daa5cc6ed5d77cd6e60825e504454d24b5cd2f7cc992cfb5b8975ce2c1e16f56600eb43f30f7dd14c857bb55627599f9

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

    Filesize

    8KB

    MD5

    11d1b34b17c27e52cb05e719f6e89dd8

    SHA1

    abd9fdc2677c381eb9de47eb54b03413a101e48b

    SHA256

    e222f4d69d5c706ece18fa4a5742b61403f0b3e7724b68a7c444f5f208a3bdd8

    SHA512

    a3b705ab4533e22961f439e49136dfee89b973675d955a8b4831e32484c9f16de8e3e449cd02f165c787293b77933f30324518fddb119595fe96d578dd283c96

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

    Filesize

    15KB

    MD5

    bfac141cb64beb51a5ec851dea306b0b

    SHA1

    5edc5002a02a1d8574a58d7aef08ea76829d5af5

    SHA256

    f0a21a733e893f049059c2cd17378080ce08baa142cd15d61ff0031d6829fd1b

    SHA512

    83d79d2aad38baa0f16ba69c8c9e60d497fb2e7e1a656041c84d6da884715cc76784fcf7a26fd09fe09a6f00fdb4b0c15f5d2ee565d10bf64cd9912d37e795b2

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

    Filesize

    6KB

    MD5

    453c83becfdbd382b4120ea2f2285433

    SHA1

    1d904f67a5ffee631657fb656ae195e069dca440

    SHA256

    6c8b7c42b2894f605f174b6e6afc98a3b0abac44e5db90b9e8dd332340f43761

    SHA512

    f0e63a8cb3c4360f60fed8bae202f135ab259fe342cb95c45655cb2d8a7c5d66b5701305f3a6e8411abcfe89e8343efd76c5902fa1a2bb6b6b6a9b83d5a4320a

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

    Filesize

    20KB

    MD5

    b96e54996ef32807f57cf37db549963c

    SHA1

    e2b3bcecf7bca9b3f692af9b4e704b570d4a9962

    SHA256

    2ea2f052efff860e1971f72a4f9dc2dac08ea8c10a706f28f9345b61f12ad723

    SHA512

    1cac9999285a8dcc00349ca07f4f98997197fccc4cc1dae0a66ede629bcd79940d08acfaef0bba222b294521cb29c1a0632425828609d089e61754839bebb1e0

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

    Filesize

    6KB

    MD5

    3192035376766cd9574d3aecb8db0e48

    SHA1

    bff6a4d5328f7a658ba76cbf32c3e16e65cad0d0

    SHA256

    b950e8500b341fb5118c0b13f6109ab21ddc226d1205638de08520fa25bf9543

    SHA512

    5175610463260a37bcc2906e11e53555bdb32fc15fc47b336ab28919c145596e540ade226037687b8e825d34bf6cf096715741ccf56819e2fc8745995075e270

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

    Filesize

    15KB

    MD5

    470e8bef643973365ae125263b70f6be

    SHA1

    009166e9a24f036d74fdfaa234c0f1b6819b6486

    SHA256

    6a90df120523569b4f47fb0ecdc48061aff15910c989b1bd312ea99cd64c4fc3

    SHA512

    14cf8f4f6ca58906e479bed0441abc4ca5676580ffa9a5e48c646c1ee975621dfda4a4b0efbdb7e84521b703f8db22850f3e4ea740f4ce1bce7f1d7da88edc19

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

    Filesize

    2KB

    MD5

    2a843980352543d545e74c3daa9e9566

    SHA1

    5f8beecd6592cd7166b6645c35a9e1198e26a6b7

    SHA256

    08bf51d72fcd00cc96280a85815ef5a81642847407cdc10a02454231eed4def8

    SHA512

    2a16a0ef962499a2ccbc9d382195156fbbe7ab9b9eefe2a5c6238b36b59254b1fd579dcc34d7da4404e62d4b36340f81dd9974628d0f4421ddd47d6ac9f49137

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

    Filesize

    2KB

    MD5

    54217decedd0582fb54ba7c6ff536951

    SHA1

    ebd007bd28c34f13559fa9c8fef5d6018474d5dd

    SHA256

    d266ecc646b2c8850520670411d8f8fe8396c5c938130ed22aa4981094802f19

    SHA512

    15426ab2d61c34e1f494cf4cac709456cf2fd610c70d0e4e6ea5af9aa957c25a3924275e72bb2157cb9e6bcc50b944eb7022e62db15e82070e61448e352e3830

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

    Filesize

    6KB

    MD5

    185d1a85b7964227813e0f6c4852a2ee

    SHA1

    ccf0a1c718fa4b6f40a4e86211bc4ba5baef8e0e

    SHA256

    115f0103c618ecca3b3257377b75a83680ab9406ed8a78d2832b94001e15a722

    SHA512

    edc0fa0b3228e2b3821584e6021631eb444f13b9bad768e48f87057f0bc11a70e083b9f454e1e9d19276bb70fcdc3362b7e33505ca2db7ee7c0737b9aa91ef99

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

    Filesize

    255B

    MD5

    424b59e79af0359e297cbf72bc67422b

    SHA1

    fd9936cbe0760f16fa3f96c7cfe7aea28dc4827b

    SHA256

    737ab2ac59852683d9f612a80265391c31f626c250f2b29c76c53f6320e377b7

    SHA512

    ae6d2c08522927aeaa5f302063d4c500c963c9e573e44dfa82e72f0ff7f3ff20be0a80ed3978dd5c0936cecfb532a445f10a5d892418ae9819d20f0b036db80d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

    Filesize

    323B

    MD5

    44c863af1ed8b1fe19729f392877529b

    SHA1

    c1abbb90212f13bc1629023a9dc2b96450280f40

    SHA256

    7f21fddb6f93d049d7e0168835e1ac20477902e21bf79106dbf9a1878e06bde1

    SHA512

    1bd09b438edda47028756e97acc0b50b57de3b3dd73db22e743e33d5accd3b6a41270bd33a1c6089a955cab97ffac0cddd707fa8abb822ee9c0e7aad6190d342

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

    Filesize

    367B

    MD5

    7b221d656468bf09d9f4ade923a8af93

    SHA1

    0bda463c3838e093ca679625fb9c12ff5f7028c0

    SHA256

    d7d85412f86909549cc5275e4c5984a2543d9265c5c002aad7bd800b0ca57b1a

    SHA512

    d8ab32ed4703a0f41bd4fd82e876b77e601d81bc62d7a944184eb166a492d23edba87a90ef6cf716176bdf67c0765cbbac253b51a85cd60b6dac9b20375efbd9

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

    Filesize

    148B

    MD5

    b3cdc2b0dddc49fcd877c059566310e8

    SHA1

    992022828d9c6b6536ea354562728e891a17b821

    SHA256

    4226e9439ae70e53546c3acfdb9817a4b43f507b43c6386adee14b3b00b68764

    SHA512

    b7881cde68987ac660434ccf2d0c5056e8875ad60991b88411850993d0a1c2b58dc284d509f991412a5fb45338ccaa39e50a38950391509534c5e8ae283414a7

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

    Filesize

    440B

    MD5

    55c919935f8464aade96fc778d2059a3

    SHA1

    c7cbabc5e951f62e9de3428bdbea3f5e3b6a7d13

    SHA256

    a78c9cf124c8b62ce9e57905dc687729c49386e16aed50c877b2addbfe4fa1b3

    SHA512

    6fbef174cd51a37edbbbeab2777c7892710966427194dfd0713397615bf27f505a827a388b85ad1627b7ac83ee2bdd7ae2c7457aaddba169e1434d03aa870925

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

    Filesize

    462B

    MD5

    d1d620c494f8649b36cfdcab6c9e1551

    SHA1

    2fd3cc5b5be55757b47ad31d5342924f2f47792f

    SHA256

    2aea5ba21cd276cc2edf2b9a81db7c809e8e46f8c4f351d9ba370227b329d3a3

    SHA512

    74c14a4aebe4c7131b5d8fd0ce92ab365e4f3707545e9f3371a044f204c39508decedb76e4d45a33e20349c04b0c8742ddb2df25c1238d1a759e901fe34109c3

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

    Filesize

    267B

    MD5

    985320ebd138f76d3b7f23b30e012238

    SHA1

    a71532b07829bb39aebe59a09fa7c1eb3effbd3a

    SHA256

    57896fb1085c903a02d46a3699adea7a5d80b747d7d9dc1153ac2ad98fba0e43

    SHA512

    8b215faa028640996c13dff8499fbad1f2cfc6c032179ebcd77b2d037680b24366c7010892f4e76a9f7d2820cd9f389510c41efb67012272d8faf190d27815de

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

    Filesize

    2KB

    MD5

    6a9d9d3b18abbff5245f034e2932c62f

    SHA1

    e4f8159286b07b3e4bd669513eb8b81b4342f241

    SHA256

    dc4778a5f7b5883401a1cab9f2e0f4daa65ac33e683628ecebaa782c475837ec

    SHA512

    97acab905d73891955de1bd3c0b0549d53f9547a87e0c40f4ffbcabcc3f0a32b3cdcaa9d7b805bcd29dd0f5245e2f0eb2181988aee85ed2822c9bea64a8c4a08

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

    Filesize

    3KB

    MD5

    569cbce1cc5d61ed68f1e605e1a9c6d4

    SHA1

    df97ea21b3185e4cdd3acb2030af56f35fda1816

    SHA256

    653212b7f8a5b0b4fe725d96513b048cb6fc233e1695fe123ce60979d79a94ae

    SHA512

    bc45e0c4bed7cf5e1a14931185d591aa00bee776537682a12d5bbd2f887ddf567d5beeeb64b6dc3eb2dc9c3b1fc11738a84997b6d8914e9354186070ac57e073

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

    Filesize

    462B

    MD5

    69c39ed1c5ae9472bc27015b200d0f98

    SHA1

    ff4626d8a9849856fd85a48b651e7ed8de185ce0

    SHA256

    3ba02c595dee094868271db310da6e1059db6b23682a03da0026dc3118f8876f

    SHA512

    5c32db05cfe7e914d61cee17b068282a6a467a2f510f60f4a75d2fe323df433ebac0465c677ad8c088d9ea7fc2f625190a0a08b582163b0612db3f6bd67be91d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

    Filesize

    264B

    MD5

    3715f2956d67e8e823996daf6fcdc075

    SHA1

    fcd7ec0170128b8de452ccd2da51fc0bb2d6acbd

    SHA256

    f6088afb019e6c0087cc589f87910a5217a2390470aff6b6505cc447d7f03385

    SHA512

    aa0e3555bb96ae0d52bba897304ee92628a364a86031b5b32eddf573c4ecc19f788c4decf4fb34602eeeef0d94552e8fb48e50323e2a9330d1e49f735b241364

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

    Filesize

    233B

    MD5

    8fe43b0bfa934e15bb990f3b13dacea0

    SHA1

    e93d7f29c8a9a7cb8c406c5db5adcb90b6b93b2e

    SHA256

    dc0a392a2c8abc080d3500332f97d71819243208fae1aa667e13e1b675b8b145

    SHA512

    2f6a90b2ab1754bd2d7b315545de13fc0282231f582c2b6a4aadf628cdaab630e549ac799eaba633602abba6623b9395cdd4ddb50d242d40acac70f6acf8e338

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

    Filesize

    364B

    MD5

    8c1a9f2c309ed5dbb32f8f8e1a387417

    SHA1

    472a886ce1e5d988aadf7cfdd105726b7101b73a

    SHA256

    c94d7fc4a12fd47fd76777550dafbdf75b7a59646dfbaf86395ab062b1f24295

    SHA512

    6709843a1c0057c6ad82016f5741d7261d9cdf7bd27e701dff0ba2c070079f924cdcda07319451f5ac15e70749a732fab1f3f5f7b02534ff1c7cf9444dc609c5

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

    Filesize

    364B

    MD5

    ac9e0929733f712558cc895bf36535b7

    SHA1

    2fcdb590fe186f8ba369c146c5578f82035b844d

    SHA256

    d8d1c4d1dc56adb81272e4cafdf9dc1112bc007431f034a36ef166dc1bacc7af

    SHA512

    e19564c8a76e38e317f1407a0d646f17382410d06e4814f7c847f855a20323966d1b0d2c9ab120db7888a53167c067048c46e4b7189c5bff682cf666b6335033

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

    Filesize

    6KB

    MD5

    24e5585f5d35a2cd0020c25d3aa50365

    SHA1

    a43c1dc2c087a656980a95473828cfbd8522a250

    SHA256

    5cb0089f2b4d4b430ffe19594451801a1a3fb59f3bf98346898e81545447d8b0

    SHA512

    65dedd853946ce8fc2501785632aa5995b2f75eb0b21ee2278773b36f94a9a976e16345f9a9fcf23907aa5953d7deaf2868c0108ec415a8abf51e140d1680e7b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

    Filesize

    428B

    MD5

    392f807f29c86e0a1522b09c7b344c9c

    SHA1

    5c61f4ccdaf4ed02dd36c07a023842e84b6d31b2

    SHA256

    a211aa186fc9fea37868892d9f5a3bdb7097339edfd1e8cee8541cbf5c43fc36

    SHA512

    549f7fa8295736f6e60ac6f60849b3796a77bfa4470d653f78c8968f94d8b7689a76b5aea5693686d723288a74c0d04532e9c075bb7817edcbb04981b2a6b3c1

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

    Filesize

    26KB

    MD5

    a0fe948d58dc7991e53c927d5f88cce8

    SHA1

    0c0c82dc2472c5c128e51013bf8e8765a4e2ea21

    SHA256

    c1927a87ae72cd9cbe9c8d0e52a662fa9e5868fb2558d75ad3913c86c5ba600d

    SHA512

    d4d66408dd52f2f810d3b43fdf44086def73d2f64ee872ffa5db1c09bfa32f8684c8090065bb7f668547c91a04485f12fd6f0d725763aa2d37db5f40d260c341

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

    Filesize

    815B

    MD5

    c4dbb7de07b95eea25c2f7dc582699c8

    SHA1

    1f164ec662ea78084951a4a5f2c7da9f1c6b300f

    SHA256

    692303f8388b72d44970a525003244c86df239e2c501bcddcdfe3be48eeaa84d

    SHA512

    b899523ba10291cbc5a8b744c3f2e074b8ee05718420ff0b863a45c24f626ac63e3f35c4650dfbadf3eeaa1e7865eae11a09549ac15ab2a654bea9fdace2405a

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

    Filesize

    870B

    MD5

    5d1a6a15c00136e94acf9bab084af6a8

    SHA1

    27bae22a590884a3c2560661619e67c52250ef0b

    SHA256

    59364e4132809191a7bc8c7213d57c73f06c501e2107753806d58ab723175f7f

    SHA512

    823d4604290b2dec888480f93e1eac7588c4a2cbb8efaaa6a5ff5c53a7cf6ab266b779a3237281e58a77dea5811adb023755c915febcf0087db5f1d2d967082e

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

    Filesize

    3KB

    MD5

    06e07678f32de924b9c48f9c847787e4

    SHA1

    40d677cb61d79b83ded782e73feb1e43880a0ab4

    SHA256

    6d9dd622ea25672dacdf01891f9e7183a4997b579f110f905823d1f23eaa2b75

    SHA512

    bad8b9244d6520a97234d3ee05df1178a6f8cd861f938e70f616918a55e57c0017a8b13061227f9cdc519b644d9beee73585df07e0d3419d5ff6b33e1179dfe2

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

    Filesize

    2KB

    MD5

    9edbe0bbebfbb457a8cb0bcc18aa183d

    SHA1

    31666b43b4a73453dadbbe14dd864d041b4fe018

    SHA256

    7b0737a9928ce4223128d6cb711fdf01e273a5fd59c019fa4532cd4b5a78e0cd

    SHA512

    57084fcefe2794aa569588e73972a71ac3389c3eb527cfb7a1d8531c8f21bdc38b31e7cca68d62a455c725656d9b86dd816821b250f5f97243cb9bfd5f4dd023

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

    Filesize

    19KB

    MD5

    8e096ee51b8450e2fc7ba8517054cca0

    SHA1

    3d14902515d8c062b811ba1011c6409c52d0aba1

    SHA256

    914d747cd6a21529f08856c92acfc0d198b812934bc54f981610680402c4f061

    SHA512

    87720e6773a2705a43ffd115f252369f3f0182d753a3f8d8d1d035344f1582517e6ff77ee9fcabf0897e0b57bba2e1242371b0962975294987acce1b61ce4cde

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

    Filesize

    890B

    MD5

    c39f8fb515cdd8713d47f0ecb73c80ec

    SHA1

    9e4da9e73af39a5d24490a3b9574250378a1c631

    SHA256

    2555256de6ebacb1d69f2db109b5b249a1ca50afb4188c3b60ebf5f5ec90bd6e

    SHA512

    f5e3b3ce9e7262e4564bc7f233aaf22f372de3197f42c3dc3bbfc90521036e8a511b8f8b30f4d8f8a284b929b7fbced23bb9f94718ccf3915f6d47501d879d00

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

    Filesize

    852B

    MD5

    6c2b70fc830044e5421f852d9e8b5d5a

    SHA1

    343accc79d604c1f6ae8f9f1c4750561d67f7e6d

    SHA256

    1efcb89eaafd08a68e7ed46d6cac27ea2a5c9453a85daa14a07b86ac0d1ec884

    SHA512

    0116aa5a5c2e9b249d0cf6ae08d6a15fadcd80a5b8fc91e7b3a116c928a85f4c2a320de9f6ec5b4c6986cd94c213d06444afa3fc17c6bb74eb5ba5d0ce7605d0

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

    Filesize

    860B

    MD5

    dfba4fbbe6ae65845cd2b4129277724c

    SHA1

    3c3ac9e889c9bd7ad801d0c424b828883135e295

    SHA256

    3bb769b3d786c8c035e9a44187c7263c33c7452de27e0f5e6e395d9e2c02c51f

    SHA512

    658e42034f48fa419fdf1b1c9272c58bd9979bb7a8dec781e22f5e8ee228bda12887208b259e98c407acb465bb7a486e6879aed7e61fe18803c22f98dbbd7c81

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

    Filesize

    580B

    MD5

    bb577134c7b9c4d6bc3486ddae0637aa

    SHA1

    7d29423796765ac87697b33587b152b1c853ffd0

    SHA256

    3e642ab72c83534b24cbf2bc5a6a0331a7847801c90c02bda43c96b7f4145e8d

    SHA512

    8349001543290bf4da6b01362f915ce1748d9a4c92bd2ecbb412ea67ddf751b73af692dc0ea2b472e8a8cfbd1eea244ac606aa193124eab174c016ec41837d02

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

    Filesize

    899B

    MD5

    599d5e4499b770b51d860c4239251bf1

    SHA1

    d2e107d00f21ed55f94815fcd9e93946922169b1

    SHA256

    e4d2dcc4f5bf609546ef84cae4d9d25479f87096326d36c60416382c59e594f5

    SHA512

    d62b57c8749b0c98df2387017c9037abf2a03e06ff8a18c321f0ca81b8174546239bf2b8bbc81500087ecc2a21762972f1dbe535f8b40b4d8b1624fcddd80421

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

    Filesize

    625B

    MD5

    72c3759de3c90dba8679bf80505255a1

    SHA1

    64da68169d9b1fd7d382342a861a521ae8b28d3f

    SHA256

    c22b21f296bd45c7afdbdff625af43d9808200a69ddb2ef29fd17bc94f97ac25

    SHA512

    20fdaa5e9e0a09713d0082268c342037d2ceef919422cd08f68a4063a249954dfad2faf23bd47a8a78fec52dc92ca16c42ca03c070355bc65acee41ca34e4be5

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

    Filesize

    873B

    MD5

    99cb793ff324d66ea0ca7eeb3f25a525

    SHA1

    dac16924903554d4799281a7b5c9bea1e01b463b

    SHA256

    e291221a9c616ac41df59bb968c20e9a2352676a906f370ddb8555111b2fa91d

    SHA512

    b371d81bdc81ec18515c38ac9159075797c02a9d372507077c393f406990c8b1ee06d3f5567d2b38219affc34405ee9956db7bc6bf31c7847a1508021e414269

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

    Filesize

    5KB

    MD5

    94685e2fe6424aef8cd220d63fa60238

    SHA1

    139f6ac6de78932e013ab2fd1468cfecfed21e05

    SHA256

    12ea48b074a7127f843b4d59ca2a7282bd5ec2b3aec631bb673212cebc9df700

    SHA512

    f26f972e235fe8f0c523a29d17f849c307514757073da6b9dfb7aa90aad05926d00137c99772f8cc57223f78d9cadb3cd14304e686b81db592fd2f5f3e9d362d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

    Filesize

    1KB

    MD5

    f3f038694a49da64b82ecec4b9c179f0

    SHA1

    238ba01dead02b8ed5292e48a0f853e345ef15af

    SHA256

    f429d31c64949b1d9dfb7af0d7f2e8933248a46bfaa6c5fb2f393256f3c00204

    SHA512

    8489e6957aff41647758ad64edfdf36aab9560d21cd8438312744885d6e280566314e68164275e4c8fedbd9cebe85b15ffee597238b45308fb97e6cb32547b0f

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

    Filesize

    615B

    MD5

    bdf2285785d8a10e8e30430805c6ba53

    SHA1

    5c0df09aa8b7fc5939e2b2e7bb89189070f10e6b

    SHA256

    25809a6a843a769e7cf27659cd5418d1c6ef60099cd2f20a4c9ffef765fd5658

    SHA512

    dd532dcf60c0c2c8f8d606ade416cae75083ca39993f88625b2fd3895116059367cc8491b9e48f0bbed5f9ce4571241743b7edaab235b6a9632400510b07613b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

    Filesize

    848B

    MD5

    5f89f6f61e9f216ba078cc0b113a0cf7

    SHA1

    6fd18b9371e350d2ee45343c1ae2667aa2c8ac72

    SHA256

    0d9ad3b38129817f7efad8ed26ab6e837299b3d2eb5ee1daa83564e811a93671

    SHA512

    ac839466306201e246d8089b3252a039360a503453d1533c72cabb8ab61987cadee3b5bd55ccba9c3ee88613c5e1c4a4f5425fee9598ee927809145e5ccee59d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

    Filesize

    847B

    MD5

    39efa2d22450d6f5a06d818a0e219e00

    SHA1

    bb0b30e0bbd35f4a13de7af4fac7f3d58c92b6b9

    SHA256

    fc65ef3661a4ed5f50fcbd881865e39cc7fb9cd325e32a3f408f488e7701e637

    SHA512

    cbcfd190325937cc944ae429812559397a93499354a99e8671a7584cd59716ea2a6df64e5f6de5f6953cdf2f18f841d8fbc29b506750f764a9e902a7fb10cb49

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

    Filesize

    869B

    MD5

    b70f0df51241a9c4b793c182b9fbc632

    SHA1

    3087609472a34e190bd0d6daa2931daf9e882ea5

    SHA256

    d837321e5596090d1560a449a8499c7321e2f947df35ed9eeeab986df6e07f0b

    SHA512

    ac33a51deb8d9a1c52fe36b8578ed0d612d2b3bd634968d2f346034bd8bff5e241999d45219b0d162845ec1d7d632e8b5e1b4395054de85ba2989d2eabdfd376

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

    Filesize

    847B

    MD5

    f15e93a7d99288f81deedac65bda5ed0

    SHA1

    c61f674a4319429feb3952432d5dfc1576077101

    SHA256

    870e7cbbd1ff2d9c4129da5ac70887e0632907ab6b4fc92635595d4b1a5689e3

    SHA512

    db8665d3e33cc5b115b94a3fc01fc4e228b1404904e7b2a46e51f971057bf22d3579ea942023eecc9121e3b908718ff4b990b19d3416606597f80bb3a87aba9e

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

    Filesize

    863B

    MD5

    63f578f3ad5991071535d37cd9c482b3

    SHA1

    c8ecc42e81887a4535e414d9d425441aeaf95b2f

    SHA256

    14cc9f3c7bedfad7ec5ad558152289c5d7c26f50561dfcd1909c42c20325130f

    SHA512

    c29ed055c59122ebe444ab64be78d960c484d14507968faf385defec2f63219cbc9f6c6c588e6c6d9fb09ec75c319c8de5e0e27d5bd0acb420b326ce232e32b8

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

    Filesize

    861B

    MD5

    4a5eca7b6a76006adacf82490b40fffd

    SHA1

    eade844c508c54cae1f9ce836ca713fc542f139d

    SHA256

    46dd0a0a69e480d151e377faad846489192ed2df2b272282e79d4c3e047559d9

    SHA512

    4afb72e557f8af68f70cc52f1b8b97fd60d692060fe8c654aef1fdc79d865c38e320cff1c4fa1774234ce0477a2dbe15089caa42c03aa0f75cae2309a6cf2b08

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

    Filesize

    850B

    MD5

    5d580ece99c03efde0c3f0cfc5b837b8

    SHA1

    0339db7dbea888751820b8a0bf8e03a3485cec2f

    SHA256

    96a4dc0d10d16a8c636679a4a18f33a9ee74f117333e6b12cbe2816db2ad711e

    SHA512

    2f6f05c0bd30f63eb4a6cc2940f7373efb343bdbe3b5ac21191329e0f12cea0017781255be151c7c479c859fffb2a20d8fe840ccdb4f2b5338c150f42798470e

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

    Filesize

    883B

    MD5

    5b9a0bd0700d57e5dec5754e21bd76c7

    SHA1

    71b0d6ddf4a268dfd7319de66368e4f39b4f70b8

    SHA256

    1cc14cbb216e79f8a5fe12069ef9763c4ef84afa1ae5c5dfed61e67add7c830a

    SHA512

    71d120ef03daac73f4b08d34d970110219787cc030b4ae86da16a1d83cc71b1fb898ff8f23110a45ebf1571dab48ff1148a55a8576fa06112cf653d220275bbe

  • C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

    Filesize

    153B

    MD5

    9e9f7efbf93167744a255fbe155cd518

    SHA1

    ebfd7a5069904df07821203c5ba3a27842672c5c

    SHA256

    24a46d586c5c9170d46fc63527c02ef81361b92889378f1b7c24fdb898c1b8e1

    SHA512

    7f05bf2eade7eecadf8096ffb98df9e1d3d8f4bda8dc39d66a68545621a77e53e4fda4ac34e3fe63981110acfdc98f781e079844e38c195f0f30f205b439f407

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

    Filesize

    12KB

    MD5

    8ca61072dda7a52331b52528d4e842f0

    SHA1

    21bb577abd5f035bd163ff5f5c35bb4fa24019a5

    SHA256

    96c5b00cec94fff21abca658df17a006e9af81c15fe8be9680b36a3620370d07

    SHA512

    d1120bd22547c288d40a572d3e08dc038c72ecec153e7129af23b7a9417de1d995fbd2a8f1b599bf1811812d4ed74a0ca457d76c287234b93d97ffaedf2c0344

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

    Filesize

    8KB

    MD5

    9510200cfdcfcde2d416bf762653d922

    SHA1

    2717d994205d2242e0030a06dc03cde09e492dcc

    SHA256

    10d79cf91de1aa38da71970f7a8844548f80fb4e2670cc9d8173aa525e3f1314

    SHA512

    72c0503776fe4e7341bf6e1d891fa91cd7e75f29c9b9494fe0c52065800abf58a9617b48395e1a9254d6d748347997111fa7adf6e67deb09220a0e532d6c8cc2

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

    Filesize

    11KB

    MD5

    effb415bdb37f30239e3b0a641164bda

    SHA1

    f2548edb8cdac1afc5db98e61810fc7ec0328a22

    SHA256

    c7b7cb52234111c7581f013dff8aae9d38b2d932a74238281cc08426bc9367dd

    SHA512

    dfc8df05e404f558e766b2b23466fcfa6032dcc40413176a25b945d53d243e1e339156eff495fa65cb884a60cfb1c410d7d69c903ed52ef837838b7aa9f9f51b

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

    Filesize

    109KB

    MD5

    cdcf678f9bb4efc814d6f56e70b8c0e9

    SHA1

    110bc013b7766dc9aef6bf6284416e308e067efc

    SHA256

    81db1a31d1453c7ec9cd89dfc67d8379ab283ddab604028d6e486ca0a124ec18

    SHA512

    c446a3a612a174364ca7ab0099f6d9489b22a75839a42f6195047e9725b9d7e59719e5be9b47e5c27dd81c333c663a0404a68153275dfabd64c505aa62fd703c

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

    Filesize

    172KB

    MD5

    d5b9da9217cdeb19b67ec5fb20a44825

    SHA1

    847e763ce7fe75444f6638d90423fe076b1a78bd

    SHA256

    0de976e0b84389edaeead1ac07dd4c3b45e0bcb4c6b5879b7523fb68b3a144a7

    SHA512

    9ad89291d55d7cf72cb774dfa23ef0807c3d5217e2b423711b9a43b6740010def1966bae7c304dc636440e1698f24efda5906cbdb5c1200013bc64371e27017e

  • C:\Users\Admin\Documents\SetReceive.xlsx

    Filesize

    10KB

    MD5

    b3d905c9b347049d6b268b0bd2d33bd5

    SHA1

    0b589e7b75b6beaa1787a9c81b0074786ba4f6ab

    SHA256

    f6187e425be246ef5da49a6a9f1443744dd764b7a86341baddb6e7b5710f7c7c

    SHA512

    6435487b7e821c454fe8bf32d78391b0496ae188dd96b1cdfb3c88c10c76c5c94bc197af619af7a85f759610b74b6925f2e14aa2573950c655b3b1a1d33d8353

  • C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

    Filesize

    1KB

    MD5

    e2a3d1b738363e36593be7b3f75f907d

    SHA1

    635020d481fc2833a9a62c48b68d22cde7d49396

    SHA256

    6b77be9b8aee6d5d6172cf2c0891c6b75f15f12d82129c89caaf98114b62f8ff

    SHA512

    bd6e814b7d4287c5175fc5bf0c0c2d90df7ee1c5852b08ab398312f66ec324cf8c935314d22807f9b9ce467f4c92313614ae3867c12694e909d7e6c178b853e7

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif

    Filesize

    49B

    MD5

    5e322b53a8b9c575501abb4b6967f006

    SHA1

    9bc8adb015397cf4dc2127c129feebea0eace0b1

    SHA256

    156dfaae4f44beb6aea474ecd02d9897e97c10c6ad55cc58286f50347bd2bc02

    SHA512

    e4797029a965caa162b0312a2346ee8be172fbc97efa296c6eb4e0e22d475ab1a522b9ec7378cf2f5836790d5cd9b2cc3c4887686607ad1890df3866e47f8b98

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

    Filesize

    65B

    MD5

    7839fbdead8663d56461e3c706f6cfb5

    SHA1

    be08d84badf119b0bc0af045023d1a71b299305e

    SHA256

    07f6cf97fff4b2611bad3673ea623de39801c115839c951259fb967b2e1e9662

    SHA512

    087316e60eb73f2105d0ed90948726ce4f2c6de4c582f1496013199d63b4c2d294d5c3fb4f9fec4e5fecc80d5c237e5ea8c18b6d8b83fcd43f28f2c324e510d0

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

    Filesize

    65B

    MD5

    5e14b149c6cdce31f959c5cf7adcb2c5

    SHA1

    2c89df3022317829009cc82da53b3d7212c2885f

    SHA256

    d2f53a0baeb2035ff50efcb5e23bdc86828b7053132425336f896e6f7bdaa6f6

    SHA512

    547b294e9477201df7779b05079afff398c1c29a66d56e27873deacd93ecf563de4925a9ead1672d44d4d39b818f14ef4e6f508ecf654ef800a49d191fb0b08a

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

    Filesize

    21KB

    MD5

    d25df18a7af3f0ead48c9f3f1834894f

    SHA1

    dfcf02030105532681234936a75108d3bcd1f8ef

    SHA256

    a7f5090e64d89ee9de8e11c81b8364c6be43f6a8f51284cf8446ad7916139c53

    SHA512

    59a29fa7638fdd03d6a1f1ec35da338505ba28d9361d6dc6631fe7c781b1a5e1213e52b37320fae4c6e8b2f334691bd3bcb0a1da1c8ab7a09d7db2a52309e171

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

    Filesize

    1KB

    MD5

    f0c7df353876c597f9a17d68444d998b

    SHA1

    7669d74fd49e2a1ab87fcc27b6a4507aebd5cab8

    SHA256

    d2f3d573fe2e144e627dcc395daa3878a97d8e11e392e078cfb6338eae3b8c24

    SHA512

    172d0822d96f1e1f7f13aa8723bac3cca55a5d1794c9bcdcf37249ce979abff7fb631e14a153a2d8133366842b017347f5d0cb0a010f140f13a98eaae2b4e7ce

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

    Filesize

    952B

    MD5

    fbc941160d74136a823ec92ffda1ed95

    SHA1

    987bafa3dbd788a09fc9479610b67022316a5e67

    SHA256

    0b2b1471385637ef2f877a6165eabfdd4472998acb5972ce086983943c99ea6e

    SHA512

    6c034933d0302cb68204817514ec00a79bcb24efcc5e08b562df23baaf0499572538f031149639f6752aea77587a47a42f98a9b9061b1ead814a7b4b70684398

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

    Filesize

    121B

    MD5

    e7de7f7e6ef687c7d381d5ca1ffb32b9

    SHA1

    f5bb25b19991378aab6f4b6970c3d8ddee9d4f9c

    SHA256

    7a2310b5a3f55c443585ba15ec7dba0288ba1ab39df4ffa504c7205818f12af9

    SHA512

    d3dacb8b30fceb8a149d547f06ab7ae13ddf3df5b2a5c0ccc7073c4abb7c58bf2767d6f29c8b245ff5ff2c1aa588aecde763a30b1f34f1967650806f5d56f47f

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

    Filesize

    1KB

    MD5

    acad3e5fa9a1ce0039efd8acedd278cd

    SHA1

    3902f7d7439325eceee818cfb5ceeb2efdcf78d8

    SHA256

    2d2a7b60a31c665dfbaf6333a01f16c5926c9be91b9fbd95ca7c0ce7df760b6d

    SHA512

    e65daca78f8108c6a57fbdf7fed14d833ee219b4f013ba2d220d41a1ea07f000dbb5b9a88e7f869e3fd33b00932aad7ff127122e5fea185d4fedc9da2eae86d3

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

    Filesize

    8KB

    MD5

    ba88bf7a9d6785fa71889a57dcb64016

    SHA1

    93a85ec4d353de6eae9f96ba30817107a520f750

    SHA256

    3e5c69d5e0afc31e53cce60833ca80319216c9c264b76ecaf45e9c7b0563222b

    SHA512

    3d53b4148d1e1b63e5a096f5ebe8fd3d7e9271284124628c3d6a82a5d06e57c0678b792d9f51214a453a240070e680eb36fdf745ae814380f1ae41e6512c407f

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

    Filesize

    61B

    MD5

    92b3bf8c42f09e3235b34356381df8d5

    SHA1

    2ff324d59349a2f58e463e6e0e0b5381052f2070

    SHA256

    63ab651e5c4b4a0fcb4e8babb79c1343d72396a8835c133a9f82fc789d7be372

    SHA512

    dcda29be995430689532e67343f9844b05b170e2d427c2894730a90115ce6bd91435bf79484abffbe74638c7f1cf22f401312015e10af23e562a0f19cb72dcfb

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

    Filesize

    914B

    MD5

    a769f7054ba5615b2ab0d37df49950b3

    SHA1

    97a18d06cc64183e7c22888ef1a5808610a2b14f

    SHA256

    a06c06b71aa4f3b7aed2fb81f89767c1bfed36dffa274f6d7735d680d866307c

    SHA512

    8a88c3122b4b492e245ff88d3245f3cd4a44ac8af4ac414205c7a08d2ac18ceafaad08761711150ac058f158956c343a744c08f4c27201edb3f8531a2c471eec

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

    Filesize

    90B

    MD5

    1cd5b8df2030f763dcafe61798d43a8f

    SHA1

    7362eb15b3963109fef3330cbae2a0d22ae3e99c

    SHA256

    26300cbaa06b01d74a73490487c4bd23937cc569329a14d40a99041e17a6b013

    SHA512

    69e88154f7751def41750921b6bbdfe59c84aee97aed46bd89a7c590a63145235b3e55e3bbfc1e35a4b286678e3619c193e2b39f2e031a15ad9c6c58d6cd1993

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

    Filesize

    90B

    MD5

    97c64eb75e1fd0581917afaec633ae53

    SHA1

    1214b041868ddd81c34284b02688040ba6bf6fbf

    SHA256

    25b5162ed3b8dc60fc115c9e3f714f9253f27b42cdb08bccb590b02d076a0ded

    SHA512

    07d22100080536694974e986c7e55054713e6f964af2d8a15348975fef819f8d3c85f3542231081a4948ffdb92bb044f9f691e5e2d7b7ec21009adabbd38f60f

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

    Filesize

    328B

    MD5

    36c38aa4429e3447d4dd48f167075184

    SHA1

    3096d9f8ce4c67cdcd05921d1c255b71b1a038ca

    SHA256

    dcf3e23bab171e8f4ecd1ca7704516df5d404a3046fc8c8705fdf1e5120969f2

    SHA512

    9f53d3800ef7e55a57276ed05611715decfe3e9d4f4e4d58bf2d1eb46eecc10bd87b962249c1d90d03e1de20c2450dc20e4027652bb44ee01baf6cc7b8d67f38

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

    Filesize

    1KB

    MD5

    92011617f1712b1e62335c6962794d33

    SHA1

    92a5d2b396d56c57718ef0239fe92583dddcc64e

    SHA256

    a62b32572a55050a4f51606f0ac13ea6315ca32959a9acc5048b3789e595aee9

    SHA512

    d2436cb08ce93f8556de785d9a106aa3e36439727b881d964597c4cb8e0bec4975b41921fa2bc4fdde1f2b43e8aab65e8dbddab065c675566ad68ec6ceaa9a6e

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

    Filesize

    162B

    MD5

    80763720a68ae876a8426f14717651ee

    SHA1

    af6cd7f97cc265fa9842974098f59f25cdf4da56

    SHA256

    bdcd72e9e0f2c1930ae94e77145b2825022686edb42dd2a4d828a7fef0ae6a48

    SHA512

    2d1ba00d7b0c0437565f4760c97491bbadac37966b2591857a71ef3361d35537cd958d7bb255b0aa14add5b702ce5104a97f945ae4588032f93457f7cd9579c9

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

    Filesize

    586B

    MD5

    ccf370973143e9c0fecc45410af659c1

    SHA1

    df33c9b3f50e7856488156c2ad165560ba4216fc

    SHA256

    cc693e7009d11c24943e7a3d2e932088e698055142f608daca5ade73160be7cb

    SHA512

    893bc919cc33694ae9bc2fadaa513e4c00fc6d697b8e52d2d0ed619678b15eb896d13680f018cd11274e6d1255d6c212bbf44642cc55a8e1027b8dad67b2cc0e

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

    Filesize

    124B

    MD5

    bd9447c60f16271319bd1e250a5dda8c

    SHA1

    7ea42467b0028f561779ea3fea110d91bb46448e

    SHA256

    4c017c3ead55f17bb605438576f11380257db9aa8f7958594ca66e3cf8d10fa5

    SHA512

    44e95fa70de79d1a0f2f32522c4ac7b98ea189ecae5b9e5727bfdc673c685963c782bba75fef69cabbe4f3179072c9c24b7111c36a07c95ad20ae96a2be316d4

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

    Filesize

    8KB

    MD5

    9fd7a7e94ea3916c418b69c2b7842733

    SHA1

    88e021ebfbcd9f7e72b878569990e7fb508ab250

    SHA256

    7e5ade2dcc8fe688efa468b5efe8294dfe9a89287b7cd90cd09003dd306673ba

    SHA512

    e9c44f74895b31761a9f537082814de3b811b98ee5a23aa4510187dc580a155af14bd2cc9aab9a949f8e7caf4f071ddb2a405b4c89e8e80f9c20ee41cd3725a5

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

    Filesize

    880B

    MD5

    539c34597f57bbc1749dcdb6b916f8eb

    SHA1

    768c27cb5f000f7af25a1d9ee20ee84cbead2017

    SHA256

    21c6b2b85b06059ae8d8e802a1e5d09f792eac0254375b8bc283ca2b966df2bf

    SHA512

    95073c340e6a0ec208f70deb5638355383ffa1bca5239a7657c1419b8ca4a22811edf93365cba2dd9fc2fd079bc830d26f2c4110fb9100e9a4843a852494cef4

  • C:\vcredist2010_x86.log.html

    Filesize

    81KB

    MD5

    45d204bc8dd5512299e568c7a944e336

    SHA1

    0b0608645609b2569d2e16194ab71fee3e997a75

    SHA256

    58412ac6ddf115e7b61567b69879830bb70734c6d697b83a1438518b8ec19172

    SHA512

    1a5126fd530ecfc93acfa00795923d1555fbf35b4876d98df907ebf9406e7dea2a1614ba1533691fe0f3975e40271869034384c507d9417658a61ac2da64c7a9

  • memory/2328-3-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

  • memory/2328-8811-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

  • memory/2328-8810-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

  • memory/2328-9099-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

  • memory/2328-9100-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

  • memory/2328-9101-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB