7f64cb7e7ebfefa6d1376bcfc5b2a8fdded19aff482f3cdb766f27923a5a3bbc

Analysis

max time kernel
80s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
21-02-2023 11:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
Size

12KB
MD5

0a5e38ff165e9e78e58fd5b47b19b86a
SHA1

d0cccb38776b7390bf8b0fc5ebe14a75b1dfa3ef
SHA256

319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5
SHA512

330c946e02bab30f4f33a6b246c0ad3d83438dddd1572d499aca2af5a1789714b81ba08729c2917ad8b6090ccb2b476d3a88f6bfd537ebd5a2f0e8ff9048ab67
SSDEEP

192:K/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMTrE4l2W:KebFNw4Pk1itKkpAjjI2YpdmToQ2W

Score

10^/10

persistence ransomware spyware stealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt

Ransom Note

Attention! All your files are encrypted! To restore your files and access them, please send an SMS with the text [email protected] You have 70 attempts to enter the code. When that number has been exceeded, all the data irreversibly is destroyed. Be careful when you enter the code! Price of private key and decrypt software is $50. Discount 50% available if you contact us first 72 hours, that�s price for you is $25. BTC Wallet: 37t6hwuzJbq6PtEgaxyS3AWyLS99qMGrt8 Bitcoin ee Transfer korte na parle Bkash ee Trasnfer korte parbn tk2500[3days] Contact me here: [email protected]

Emails

[email protected]

Wallets

37t6hwuzJbq6PtEgaxyS3AWyLS99qMGrt8

Signatures

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\es-ES\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\drivers\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\drivers\en-US\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe

Modifies extensions of user files 2 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

description	ioc	Process
File renamed	C:\Users\Admin\Pictures\InstallBlock.png => C:\Users\Admin\Pictures\InstallBlock.png.BD	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File renamed	C:\Users\Admin\Pictures\RemoveInitialize.png => C:\Users\Admin\Pictures\RemoveInitialize.png.BD	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WU17sDZVZ12PQjL.exe"	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\de\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl008.inf_amd64_neutral_d225e15af1a594cd\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc007.inf_amd64_neutral_2df575afa0f7d35f\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiaca00f.inf_amd64_neutral_f7f7e179d99acc58\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr003.inf_amd64_neutral_dff45d1d0df04caf\Amd64\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Continue.help.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Core_Commands.help.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\de-DE\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\it-IT\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\adp94xx.inf_amd64_neutral_4928c8870f6a1577\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\EnterpriseN\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_escape_characters.help.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_do.help.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_data_sections.help.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr006.inf_amd64_neutral_40c76453575b1208\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00c.inf_amd64_neutral_510c36849918ce92\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnkm004.inf_amd64_neutral_d2aee42dc9c393ea\Amd64\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc002.inf_amd64_neutral_fdb6f2e252435905\Amd64\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\umbus.inf_amd64_neutral_2d4257afa2e35253\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\Amd64\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\Temp\{522f6bf6-ae20-0f66-d982-a746d010852a}\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00h.inf_amd64_neutral_96a8e38189e54d71\Amd64\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_WMI_Cmdlets.help.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\XPSViewer\fr-FR\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\Starter\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomeBasicN\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bda.inf_amd64_neutral_41c6262952846788\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmlasno.inf_amd64_neutral_c86d5b5e5fa8b48a\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_operators.help.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\com\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr007.inf_amd64_neutral_91d259640bad7d26\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx009.inf_amd64_neutral_d4b76afd08f308fb\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\spp\tokens\ppdlic\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\modemcsa.inf_amd64_neutral_b64a610f1f09f267\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep304.inf_amd64_ja-jp_27c560b15d9928c0\Amd64\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\icsxml\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Continue.help.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\es-ES\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnbr002.inf_amd64_neutral_db1d8c9efda9b3c0\Amd64\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_troubleshooting.help.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\StarterN\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_execution_policies.help.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\amdsbs.inf_amd64_neutral_5cae6933bef20aa8\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\fr-FR\about_BITS_Cmdlets.help.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnin004.inf_amd64_neutral_c8902ae660ab1360\Amd64\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_neutral_24c807694f614911\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_neutral_548addf09cb466fa\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\EnterpriseN\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Line_Editing.help.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_scripts.help.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Reserved_Words.help.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_data_sections.help.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtdkj2.inf_amd64_neutral_0cf7696e2236ca4e\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net1qx64.inf_amd64_neutral_85d10fa4c777b7be\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnxx002.inf_amd64_neutral_560fdd891b24f384\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\UltimateN\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\Ultimate\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sisraid4.inf_amd64_neutral_65ab84e9830f6f4b\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_amd64_neutral_0725c2806a159a9d\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\slmgr\0411\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomeBasicN\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.bmp	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_disabled.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new_partly-cloudy.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR15F.GIF	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14792_.GIF	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SUMIPNTG\PREVIEW.GIF	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21296_.GIF	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15022_.GIF	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked-loading.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099150.JPG	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\settings.html	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\notConnectedStateIcon.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\REFINED\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\ActiveTabImageMask.bmp	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\NEWS.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR45F.GIF	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\MessageAttachmentIconImages.jpg	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR41F.GIF	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\MarkupIconImagesMask.bmp	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files (x86)\Common Files\Services\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter_partly-cloudy.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Stationery\1033\TECHTOOL.HTM	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files\Windows Journal\fr-FR\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15019_.GIF	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR49B.GIF	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Visualizer.zip	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files\Microsoft Games\Mahjong\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\HEADER.GIF	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Welcome Tool\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01748_.GIF	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341742.JPG	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTaskIcon.jpg	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_hail.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ba9c9f6625ca83d3\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_wcf-m_sm_evt_dll_vista_31bf3856ad364e35_6.1.7600.16385_none_d45f228bb212a73a\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-com-oleui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c7b11cf941781015\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8a02b76ae086b3e0\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wlanpref_31bf3856ad364e35_6.1.7601.17514_none_3b950c146d43ec0a\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.1.7600.16385_none_af18775c5e06e5e2\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_properties.help.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-behaviors.resources_31bf3856ad364e35_8.0.7600.16385_it-it_ceb27a494e38e13c\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_server-help-chm.pmc_lh.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_61878a5af412211d\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\msil_system.transactions.resources_b77a5c561934e089_6.1.7600.16385_ja-jp_f205f3517a1905d1\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_locations.help.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..idmanager.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a36c0028ea26ef24\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ef98073d590d88ec\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\x86_netfx-sos_dll_b03f5f7f11d50a3a_6.1.7601.17514_none_e84c1ae4b77c1765\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-credwiz.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0e7c7998d0345f6b\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..kexplorer.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3ad71e5d528e9a82\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-garden_31bf3856ad364e35_6.1.7600.16385_none_f7a4bf1e15863e21\Windows Hardware Remove.wav	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\msil_presentationframework.royale_31bf3856ad364e35_6.1.7600.16385_none_9a819572f29806f1\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-forfiles.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2f944a2b5ca685e1\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_blue_partly-cloudy.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..g-shell-homepremium_31bf3856ad364e35_6.1.7600.16385_none_9c05526173da9e18\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\back.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_prnhp005.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2c43d5d021a1f82a\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ddodiag_31bf3856ad364e35_6.1.7600.16385_none_362ce835fe42421b\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_brmfcsto.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_146455464977a39b\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-defrag-adminui_31bf3856ad364e35_6.1.7601.17514_none_f73c142da6e47daa\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_th-th_9b29344948cfe05f\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4f61fcad4768c9b8\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..tebox-isv.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_64a7d743c904b676\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_c00d06df454390e4\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rpc-locator.resources_31bf3856ad364e35_6.1.7600.16385_it-it_07493824f6cf4cc5\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-runas.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0dc7f90218cfa125\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-1cb0_31bf3856ad364e35_6.1.7600.16385_none_c4662e307e0c342e\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mydocs.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2598bc163582d454\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\msil_system.drawing.design.resources_b03f5f7f11d50a3a_6.1.7600.16385_fr-fr_86f4e6779b5552e5\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-scheduleui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a324c31e64989d11\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net\c252762f9efbc0ad25f01a475b7d00ad\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_wildcards.help.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sonic-symphonypal_31bf3856ad364e35_6.1.7600.16385_none_cd66bc3541f90a26\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_wiaca00c.inf_31bf3856ad364e35_6.1.7600.16385_none_9ac8d37e98daccea\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_display.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bb90e0956a02ab0\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-o..iles-core.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8e75eefdb0e4c7c8\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220\Windows Logon Sound.wav	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..etintlerr.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2176fe9fd57f848c\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-keyiso.resources_31bf3856ad364e35_6.1.7600.16385_en-us_667ff2e88dc1b9c6\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..rkprofile.resources_31bf3856ad364e35_6.1.7600.16385_it-it_95e5bdcb3ea60686\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4fc0b563b423b21e\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-u..anagement.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_90082f740162cae1\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\msil_system.resources_b77a5c561934e089_6.1.7601.17514_ja-jp_4a81f7312cdfbb68\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\569e273efda8306ec7e22143d5285476\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..nmove-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8bf917da73b68266\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-secpriv.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a3e2ec1ba1461fb3\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_6.1.7601.17514_none_0b0882245933a065\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_wpf-terminalserverwpfwrapperexe_31bf3856ad364e35_6.1.7600.16385_none_80543131e5508a75\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_umbus.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_bd6f884320ef84c9\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_wcf-microsoft.transactions.bridge_b03f5f7f11d50a3a_6.1.7600.16385_none_533034a085b78134\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\msil_system.drawing.design.resources_b03f5f7f11d50a3a_6.1.7600.16385_es-es_59803ffb7d6caab7\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cttune.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1cfd15f5b21d5510\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\rectangle_highlights_Thumbnail.bmp	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..-freecell.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a388cb14e3dd341f\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-setup-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1f37d95a3469f823\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\inf\Windows Workflow Foundation 4.0.0.0\000B\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\amd64_tape.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7ea3370d5b31a93b\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-restore-acl-cmdline_31bf3856ad364e35_6.1.7600.16385_none_131b3f7afeb4d54b\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZFUOCNFJDMPZDFQ	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZFUOCNFJDMPZDFQ\ = "CRYPTED!"	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZFUOCNFJDMPZDFQ\DefaultIcon	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZFUOCNFJDMPZDFQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WU17sDZVZ12PQjL.exe,0"	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZFUOCNFJDMPZDFQ\shell\open\command	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZFUOCNFJDMPZDFQ\shell\open	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.BD\ = "ZFUOCNFJDMPZDFQ"	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZFUOCNFJDMPZDFQ\shell	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZFUOCNFJDMPZDFQ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WU17sDZVZ12PQjL.exe"	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.BD	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe

C:\Users\Admin\AppData\Local\Temp\319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
"C:\Users\Admin\AppData\Local\Temp\319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe"
1⤵
- Drops file in Drivers directory
- Modifies extensions of user files
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:780

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt

Filesize
623B

MD5
d09d56abad11b8be5a40586cda2b4f5d

SHA1
69534e7d71c379cb3bcde6b37c217d7d5675dc01

SHA256
9bbf513c05697bf8a6a23b9015e15247b5c05039eb1f63fee5f54ee3dfec3630

SHA512
18a645a61814cdd5f838735dd2f1f97deb08ff6e6b93088fe21dac04f11efafc1e3fefad628d8e517ecf52f3198cefb8ec2dfc6a03d580bda672dea09e6bed5b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
5666c9cf38dff2d739cfc564c37e3593

SHA1
2c79e1950f589fc87d2e48377f08779a9e6a1b8d

SHA256
d22564745a384b8eaa3d96718aea312f5551b6cc7f00f6af166be1db183c5db1

SHA512
bcbe856253a44f1e68801bd3d517c904837efb5bd24870ef1673cda142800f321bab05299bac80dec8472f0e9fa7cf10b9965bb52b09ee56cc4696f4f5104044

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
0d6d9055b90631a1edb0b230884114f0

SHA1
9008d6665ac9741471367110dcc1e46940878389

SHA256
e1bc94031bfb6bbcec916d78b94c9c7e49933e8a2588280156648e7b6e8b56f6

SHA512
0e8926f07ae472ba78046ab0ae72ce78677f84ac0c98eccd9fc156f10024b1e48af3a2bab28fc4efa69513cf48cf7d3b1450f2b9271255e09224f8d349f2afb8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
85ab0fd929e9c6ea577dc230b6a809b6

SHA1
df9519143c73d439aeab3aea697a3daf1d882b59

SHA256
75df61b4143f2f33b58d3c08a89e6d3f49b16f8288627dcea933913eefbd3e2c

SHA512
5e642e326bdd32bd3b9c6f0130266d66eca951c6fa0f51d3fe2abc8e90c3c8aaf3c16196beb0a5e7beab6b16f54b392c19759e9e943b89ae5594b75c954aca12

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
e93fa5f8aeb993a0781b9c045fda4ea9

SHA1
f6fe9ec6a95c8ec1c27b2f68c10a83f66706e203

SHA256
1163919f2d0cf23fedbd1ef7f7c07d8ae52b20dd87ab31ca5a02be950c6b1ef6

SHA512
8669efadc88112561d2299c6380af0c91a738a711cc4b68a273064151378ac11f79a34ba3ca8ba786a6e135e0f4f5cafebec2837657a6eb5c8f2c4b6d6a0c19f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
0924f3e9e132654e70ff7dff580b894a

SHA1
40ae8533db4b549782b512fee43d4e24b7149824

SHA256
b46a1c636905e2f55f09f183bffe4da1430c168f81ca0e8d75b50b6f402d3a47

SHA512
f7e3eb34bcb7deaf2293627f090052ca32fc8eb4f3cf7bd8d1fc8f73c8129d9e14ef8bbc0317c66617a1d98522843ff421e74f3efdeff46379e164a110abd4df

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
873d99a77a5c3c8d904a4188aa9a3e3c

SHA1
0dbb5325b16e3bb860b5da74a3fb9939a266dbaf

SHA256
9770044b3dc35dc1436d6add2c5117ea1ffe6bf3f7b83dd8a033313c6aea797a

SHA512
cd8d81ebcd00319f509a5656a12f4f5caadfaaf3a162bb1c358384794961977e38526564cd0c02cd3d3e2dc76431b87a9de68ca5aeb7c2c5ca61973e79e353a2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
39d1ab547126427b53f8fce018d8faf8

SHA1
52b43187de7d758dd38370442341c038b804b1b6

SHA256
bf25103a42b4720d0afc796edd90df8883293075bfb8fd15e0415a61d9cd7785

SHA512
e02be89c38683d6bf7db17573c8ef6bb37df2945158e7c8ea4e68037e33c8b9f56bb1425a757c6822fe7eb708267cb58c0d7b412d2509e2bd5de439e60c1e303

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
98cbdd2342bb977153f743a1f4b9d1c1

SHA1
2094bc59b36073ecd52eb73632688c05c79c2deb

SHA256
66daadbe6bd4d075e48ada96d6ced7fd39986716e347036bc8d459ab6be23852

SHA512
fdf921eb45967c16fd9c4fe6585b91800b683942ead20907e4aa37584f1d6e3b8ea9df54026af5247513d92365961271cc44e66218bb8c1fa71c060651617f48

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
67b59ee39f255e0d732450ab74ebd02a

SHA1
63bc63a322b56fd07c3b16ff5313032e65a4d431

SHA256
004f5de12e2afe82d9be1723a078a7ca51f550a467772241524cd3cdd8dea505

SHA512
8bfbc3b5f8c0e078e66bedb1575172efa5a539fd3a238834ade718ec84798fa3c5cefdcb66ce69aa725ec8be34ce0c64833d23bfae840f7706008e75e1826711

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
9b9423cbdb252c9ff3f9ee0604a6459f

SHA1
c699c566790ae64a395bd7067f5c035566ca3f4b

SHA256
0a31d6856c65d543f84b5058222927cdc97a29874f7cf481862c038980e0e771

SHA512
8b23a2353232210cad2395483daadd514b79f1e871326ce260334897684a7717fc0391257715a9ef9a92d39a5d1e74017345485e854d8b88ae7c495f163d82b4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
570a721a9f51fe7246dac02d7406b14b

SHA1
29e267691f5670c2a38cafb3ec60f45f4b8ad079

SHA256
32e01b2671dca4dce0c0540e2b7d0043dc8e455f5bfd15a714b4015c7245f8b5

SHA512
850d01ed9f156f661c3dc1b49034b9a2443de0c715735edc09189dacb51372665cfcd242fab0dc1dbf6d23dee6bf2fe92acb42278b985bc343a46d9e1572946e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
2691ed2c70a67b61aa68539364549b68

SHA1
e392c1ffafad2b18865478dbc91bbfc277648403

SHA256
a4d197f84a34cbfde7022f59d2210e1b65de99563b23965dd771bdcd01336375

SHA512
eb3a955015fd10af3e8b9e7f3fbc718d22d125aaa6a4e15b2b94572cc986bdc7f35f06e0a63df3f3bb52f07d0dc3ecb8f8ffd2e2bd1d3bf123f25ab19fb20f03

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
74d0ac28f38b99001335c1ffbf7820e2

SHA1
a87f63d2352e3dbb3d1b72125e40f9c35bde6040

SHA256
df147b93cddd6f60b72a91c2236ad0243b5f95547bdb7558e3fe90cbcc74d6a5

SHA512
8d98ebf387359a993fce8267315b9fa387180aab8a8dbc4b9190423ba68cf78153ccea74e8f6ad69adce3abfa8834f76ba655d3e0bfa54fd01e938f53010c656

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
f9e274ec08ed757c19bfdbecd4d18e7b

SHA1
be80544394cb1334ae021eccf8e3a815effd6ccc

SHA256
6094352d5aa5b5510768ed2a5b349c7e30c9816e01d2a62c0b412d133c05492a

SHA512
8ae9fbb6afd3a9cf0ff3a04f53dbfc99928b73e2a67bbd35174f472537ea96752ee232b30a956c78e74f06c55e19d6f0319825130f47877e92d9f11e7894a431

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
af55a71f6c6e86238b6a0a94e739de8a

SHA1
8218cbf627edf7df6085e90c94c31d01fc300fb4

SHA256
94b5b87d1bf10236cfc053b59b911622a80cd4075f6de16c330e5787001bcd73

SHA512
abdbc9d0f389e6936139320cbd99d3e958c4e3fc507cd8c7e455055f10e06187a45b55e66bd74e4d6f28bc0497618a08b33838b4cb88dfa920c9920cb1a16fca

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
143677573b6b2e7f6fe9b2d0121f0d82

SHA1
b204473ed228d4b4f1b2e678736f810d1fa979ba

SHA256
465212982727c3ecfde4c1e2d25fa9b1254a7a3931ee26af9f4a46d00432f49d

SHA512
55843433f556e5a501336b63561f816e1a7e2e5f69b04e64586c208b800c17204091b2b16fda894ad20ff8912d95746b874582a4e5e41a330892adf4b7289e2d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
a582f370844acd9c7129e2b798e5b290

SHA1
e30a0341e64aed2f09777b58f3966dcc05cc59cf

SHA256
692f43080df50a961078d4d4eb4e8769dec732125bcf1c9e3a7a84a42e745734

SHA512
68bcd543a8fd94f88c0bdc5c4a31cb6f228d4fd9225047e719725048963e466c11893f0a7b2599faf0a73168bb14fcb3f30c6e97b443d1dccd93a5af96fed575

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
3f7791cfe8f9eebbb07593990cc72241

SHA1
a5c65288e0a25f78e764286d43493365dcddcd40

SHA256
78e16062aea3fb4635b4564b99491d4f12580a1f56e897d7fab030147f65c978

SHA512
114f07cfaeae8f6345435485815d409184cf3ed904fb098d8a421078b69a6219d26eece85c74742c10238e336b912b0fad6cf5af18d041943647a0e2add411c4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
05e76654530b7bee7c2654ae044e2434

SHA1
3c8a0d76daf44543f3b5648b50597cba7e28aeb7

SHA256
118f746189b4aaabd5c238f32e5349baee921140c22ce0f59c7d28e5c3a8b34e

SHA512
a09f51c4bd11af1162ad74c23781f43d1427c62ca15295042d3bab380313efea7fac61cfa22bb58e0170593747c6d721732239de38b1d61b523937d921b29ca8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
3dbb1b7ee0295d02cc05ff885b29049f

SHA1
266ce5b1a0469dd5b72d73b9496a37325ab0a4c1

SHA256
2dc1ddab0e33c272a45bc1d1f4017bf944065e009990d3d0d00604848f1fc123

SHA512
ffdbbb592dd342f4ae14c0da5a0082d1fa8e2415ab5630f9fd12f279874c719f43cd8729af53b4c204ab595866eae2bae70b5e51060a26b239ee5d7d49852f74

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
a7a4742962b29f0a70b2ac997cc982c6

SHA1
34b463bd351dac2bac81382b9bf14b35ece930d5

SHA256
99d3811de949550e726ea2880b4c6a12e3d2d1c086d7e2c9def5135fd3053375

SHA512
64bb31c98d3a202b067689d7717b4ad2e7d128572c1adf6f428759ee56b974dbb8c9633bf5509f0637923ba9a1dbe6e4ec962ceb1fda01fcb5078642ee6afc91

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
ac6eee34ab464ce2f88712f4e8d87784

SHA1
00dc2a5e1d09ac0afdec145984c93a6a884f9ef1

SHA256
240e2e6c3f512d7f078e749242621ec2278d65cac1a2f32158565916f51b6e98

SHA512
4b597b4113c4a4d93a862dbb2b44ee890252cb2bd5efd14dc75c1f15940caaad1eeaa5954ba8d5f9cf29350464a358e1c8fc83f7e19a46eb089f6c3ab42cf37a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
1bb0cea5c7adcc0e0848eee1faeaa8b1

SHA1
43cfe3c6b03965a6c1f1f2d5ea5a5ab2ce730b0e

SHA256
2057f3c67a4c0b237ed9e45a672f79febdeb5cdf0da929a31f685f81773992ab

SHA512
bb41c1e13485078d136a9ecfb9d77fd8d859aa472323732fa457fde4489ac5f61f50c2f621600920f2c0423a037af3627781104f7ec4708295663219e086450d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
70324ddc8815cbd2321349c4908eaa65

SHA1
217df3a9469c4fd18b53953d41136f719741d98a

SHA256
c61f6ec0097682c7087eca8e05b956f2954ed4a227ff8f171a1342a02d5cbb4a

SHA512
ce838edd3219a938d790b5d6863887ff463263450eaa00dd7c1d1fe116e6363f6c81db6c3aee9662ae4f1df2fd3c0a450bd36bf8b2b6a876f38d8c0f62bac7d4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
fd780cd209c352df234f1d4f4dae88ba

SHA1
771063b6fc1febef5cd63ef7aaf8c673c0a7017d

SHA256
72ade67eef5f4373783d349c5ef589f07520e3b76b5a0bd4b0be3fdfae4eb0c3

SHA512
149dada2a7df19f8eb7001017a4bdb3cfafed533d10764997ed53b540988f0308c937483ae5af00bb49241699ba960aa94c36809b33598e7f0349e2a311344cf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
27aaf489c9abbaec1e85add7e3b25959

SHA1
0be80153ac7d98194572cfc877b9bb0ebffad082

SHA256
151a95536b14df1a3b1ae47482d3e7259256a0f9954977d3be6fe29f8c50f1a8

SHA512
c70f782c9066ef045201c6849fd5cca655f717be996de7fbd2ba4a5c57783a48afd85db50194fb72ddfe20fcedc866abfb0e37693b0a3c08712bcdd147940420

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
6f4d75bc8a5a2d5d49bf8a9faf70ab37

SHA1
0d71e01d4d14b40b033c08f02b903fd2c804629e

SHA256
0661f00d6a4ec508fc82ce08a0f2154ace8139b5e0304346774d24f9f1719663

SHA512
35d5658cfe7a3ec5536d1acbb3219fcff8526dca44e2351706c0bbc9e2777b407dd488783156233a15233b227b8170e21816ea04e53ad1ac88edef5cabff54b1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
eb8678ece3290e6c49f53852f2c79b70

SHA1
ac55262b8957bac12fb58cb1e6e253f939d40e75

SHA256
2242cb5fcd6ca593ae1b1c2886fcaeec163cdecfe4dfc1caa452ee6a311a58e8

SHA512
a0864289d8877d2a1e93d26d9e2da6076354e11f83a9018a9b927c46798ebfedbcaae41a21faa8a727316389921d03d13ace5bf06e008ebff80aedb3f39992d6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
80ea8702e590904704b063dee5ad14fd

SHA1
3d1e751dd8efb78035f7677829db7f4cef4c0b5c

SHA256
74543c5e6986c85409cf51a513e24690a8c56d62b52e6a32d15b624a88ed8734

SHA512
e096cd7f853039904dfcbd8978d7e54012b69b9c9ad5f02305ea661e41e2216f911d0962adace5884a7646dc250d5cfcb11a906e12f2bac2e6b41cc8c5473c21

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
fc97e7f1fbbece71a16932705931113d

SHA1
274c2bbf6d52cf83c055f2fe51ff18a8da05d9e8

SHA256
06a813a6c3f7e059d81c2a9455929822c83da5b30aa69f271a15d7219ec9008b

SHA512
05129b593256a593652773d7b9a39ace2a7c7f77010a909cfb5edd4e208795625b354659a88cdb0d832ffb724b2981aef6d0ccebedbb5228cf9644b112ad48e6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
090cd557bf48a7aec24107c505c7d6ef

SHA1
5696911f5ab07d7551940e67814b352c0788b1d4

SHA256
ccfb600efe8166b89ab7c52043f692991b387b2f6b38abfa61f294788edf6db1

SHA512
48733d1b4174720f353a278d25e9c5e01744007b0d94433251eeed4ddb95eced8e1a09b502eb11de391ca328f5ca6350fa126b48153be5fd37d8fd058f7b1bd3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
8f7e39c69943bb1b7c96488eabc35be5

SHA1
25698941f2a8ec0a6691280a361a858e26c18860

SHA256
4e02c3191473ed62932aabb26bbdbe027fb96a295a734bfb972f79ea98513cfc

SHA512
e0478c6e5f0fc245ed59b099299905832397f34a9b192ce5374c080a9e296203b1c70edf64aeb2916165bec7922ef5b1a93cc0f5cff9dc7844f51189ea5d400d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
6a215bc35dfb40696a1901c390617b08

SHA1
c8271a0010e4c0d871cddc03a10970b418a13628

SHA256
27b658219d348d57af2b134d940db80b524d62c2f695efe14aa69b20db913a8a

SHA512
05a08b1abdfbd40cbb0bb776dda95500c4012003e412da140fa6b062487b45237fe88b4db18d2c3fff58ea59b8d773c243088730d236acaaa2b25481b5488f8d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
f2c6f1fe027207b6f32e914cbba8d30e

SHA1
72c8661eb2e25f7ef10d56ab3cc668908a76432f

SHA256
751ac40a336eb02d31fa9ce43dec7f797776de25371c494ca2ddffe770f9b284

SHA512
1044e393d8f4f96b6ee46106f627a90e37ae1f1137607ef5a22357484db9310ddcb29c10bc1bf3f11def6410063efe9048b34ba38e56e2152c3d2143ef91ae74

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
de137a50ac4b0b932029b45e7af2b931

SHA1
101b1f429c18f2736a2a0fc998c1cb3d1a886a83

SHA256
837d97f19385a8d608ccc861c13b48f1f50ad7f5c16337d8fac9e48564aef08c

SHA512
ca101a292ee24dfc17a4b08bb5a6a081977c91724d88bef073b2aa17370f867b0181012288f78c03841547038cf845e4d4143f76ec2531619479351013f650e1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
2311f1cf323067cbe4002cf3c8715711

SHA1
3144634406baffcffe31a393619a1b2efe5bb544

SHA256
a81249392033cec4af224e21a7848db08db9cf9a44887369301c1ebf75ebb661

SHA512
e1e3dd16d3fb18c5da6ef4eafd6f93a20295000592eea397a4cbf6712dbb900f81737960afbcbe84f47a72f36b652eccd5dd410f9494d91d9dceb574b2e8f4fe

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
4e9bf100dbb59ce415addcb18f76474c

SHA1
a80764b82c8bc8c37325ba74baf89b64fc6de42c

SHA256
9684a71c72fb2ca08ac7765cc14979ba80090fe23425c8ef56af3df015b58022

SHA512
18c9d1f30180b98942d6a059b2cfb23bc60223a90aac20e51b98d27097d5b57a1b3d7a2ba9322b24b63899498b9ae4f7245708604496410b4147645b1b454b4a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
b22d1a4f40b846f2a42ee7cd028bf25f

SHA1
b335da681328a84371455729727695784223813f

SHA256
cfd88acb5b8d6b074c4960c3667ec962961ed1e3342413a0954169e1cdfa09b7

SHA512
b7febdac8dc30a88e54b44ea78b6ad01d6198df924a28fe9892aa28710a29041b971689fbea86c376dbba9ef02f9419ba788875c3f183d910f612af5e0a6a748

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
44a1b4ec073a821a737890647fcdcc53

SHA1
c29ef8f370253d421de6d39426d855573801cae7

SHA256
72da9d21fb35331266201aa46601d2277a2195b4eb3adeaafeb0625cd65cdfd8

SHA512
c633a9d128959ebb687ccaf2a2090608c2f73ca3f9ccf3d4ebf504244c63e84cbd63c29fc55a5b9401d697d793b2bc33a860bd2bf9e71c51d9192025b570c08d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
d8433035956637c300fc84b81af3f79b

SHA1
4d53e277641288f5dfbff00e6db148ba785e8566

SHA256
e47612db1a7d0740aae1e49e7972e270afec49e1842be8c8ddf9404d87afe918

SHA512
66321a9de774a2015298b2fd88828646571300c90c2a0b86a70fdb77e7ed7bd94842fb6e07a4509b7f7c9cf3761c0cc8fe4794ec06871264d9aaa19f4cf97e16

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
40790886dc5e8814498c867825d28c93

SHA1
f378d7a2150ff3f7e01e768058e492994e76b28b

SHA256
7ac95a67956ef39452774efa4149204d1eb7324afc844cc1505066056b1a3948

SHA512
34a3083d123294cd5005c80f1868bb9747561f271e4c54a6c4c7b4954cdd67502fd9a017a41c51003cd4d98848ea648852b099b41f6120f3ee8f85217f116af7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
c26ae4244d31a7500a1927ed8e9c2bb1

SHA1
887e80789552e80f7ea54675541a345cfa1db8d9

SHA256
680845bbe7eecb1ae8582180b3ca34b3e0c9206a4146e831780f6f9d1b9304aa

SHA512
4ccf726cada8a8b97cdc2fe78efbccc2ff55a9fc12c9676821cce2d3e0e60679f31089913035ca22b7fb4dd964397175ea1d3761375f3f9c0630f41d65ae661d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
4d8092fd6d5a9f631f45de7556f4b6c1

SHA1
448977ee4c611e382d85368bfa685ba168a4abfb

SHA256
52506c747ff19cd71eeab67cad28df00f0241c070607fe40e0c660c3b0abc1de

SHA512
e858c06a293f9fc7452c9340e211503deffedece84b9d50f07a9a65c12cb34d31709d5528b06c14f4af7c44f8874a19170b1923d72681b1da88c9531b48581cc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
15565a1abd5b9dfc3209e077c37619ab

SHA1
9ffa130127c57f86606d1b1c31057f46c6fbb1c6

SHA256
28e76c1ead6b119b29d56ba4ce7d5e9db69aac3c2a80ce219110ebf2892a6d03

SHA512
1c7bf7a027a25d693f341e8cb319c4b73bdda6065ceec29b5859c2b352f2c3004fc2ba45b8c022813838d37cef8ea0125ae2d9ac544b055ef4fd5a33755a1b84

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
deca241f0c6e7c5adbd087795a4503d4

SHA1
630fef69587b9e6015f1f2fe43743033c1e397cd

SHA256
99e5248675553863428155b93dbc1332be35472ca0b332f172a99c2004b5c3c2

SHA512
95cf122c9f41eb2b4960185b389569545ae060ec8d3436990553a72cc105725db4e3494793b5f6b59e5d3a9d64ce128622f6386b3da98a75a07c4b536625fde7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
1e1efe9e55d05f80c6df4a3047a4da02

SHA1
fa4ce74765ed8f6094daadf41989a5bf27494e03

SHA256
f16254af0e313ae59a768a347151817c9626daf3200b5f62b244aa260f0f1c18

SHA512
6628aeec254b3920fad3fc17f8f9103a282ff64a32859e6c21f81a57796b8fb0dde332125ef2c39c111522de5764e131a2caeec2e89821f939d9ec8f1b993f53

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
7d332acb0481df89c757d15551b93511

SHA1
832ba137ff6cfadf95530d678da4ee0fa8f61a21

SHA256
39d3d39e478e868b0fb558a3eed86a0d8e6aaeae7fff0df20fc65b5518b4065e

SHA512
e05b7606509b19042e3a6cfe0e09c2bcf94649f83ea552df0597e0d679db705102418ce8bd012bf9579d73221282b9a6c645efae70a0ec4477dc2aa729b8bf90

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
3f2bbeb382a0f59c423f1692dfa21dd8

SHA1
480b13244bf51e490fff9db130daad73ca6a1858

SHA256
4d303d0cc62028c72801ad917131d76bbdf772ffa721bbfdbe17f82b40e98b20

SHA512
8a989d3248cbe270883608929737bd00be5350d9e713157a7a64dde9e27af43fef12c29efd24844185948967d8c91c57cf535367b3c66976996c9f255d534eb7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
692c952fbcd65a57b1eddf3b6c802a5e

SHA1
857eeb2625b37180cfa99cfd6b869f780d931513

SHA256
1464019186868073c3accc5a192beaaca71b19013d55ca69777a2dbcce2b8ee0

SHA512
1106c2c1c3ecb002458f4442985c95a55b0c97a19f4e2fb04c0046b02d1f529eb724da6ecb22448db30af31628cf76fd4faf8ef1797b8cf5acfc640f47f36114

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
d9c622907f3ca89d751067f7c883668e

SHA1
5eef8c229c4831c15a07d6ff306230436fb3f34c

SHA256
78063d9dab8698b3dbeb872e96c7fde76d53a1af2fa1eaf61e6e861cb02a7d7f

SHA512
3da1438d0987528e0c5193e6d13cfe0c723ed6211d9d155fb305cbd5158cf3abe3e933de907aa215a6f907acb9aa12ffbb982430a8bdbac27afd7b45e9c20ff0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
81b53220d07131f20410de1ea5d79e25

SHA1
3098b2c68035b23ab9eee3281569e66674004c2b

SHA256
f742f36e9064fa9c50246b9ef69fba8b9140f8e87de131cdd3668ea4acf7381f

SHA512
ba519de11caeeb0711c5c09730f482aeeba0d4c53e556fed663ed39110a096a86c3a0a6d76cad2de3c196ffb18c6ce4d2dd617491bc0051b4b275c5003d10df1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
c62fc122132430b12c6c37b31c872fb7

SHA1
e52a330117faaced4723a30f5d7e204c14e6782c

SHA256
c22b47ffec98a035fee2c30952b043430b7b44a49751e5caf76bedc9add203c2

SHA512
eabb690346636c15ab75b526d89c0417118aa96d485fcaa550e7c8cec4337e725db21abf8978c888a78b4eab2d9a24579d4df6816f3db4d75caaac8b09fe960c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
ca195b9c0c739ca1de48bc5e13d57f77

SHA1
51ad6e8e3945356aa386ea85a6499f843968fe04

SHA256
0b3c953c67409d04e9da9ee281dd0a5246866e1c6efe3b1b8f18a3ff2ac7cab9

SHA512
1f87df78cec981e1f4810dd03961eeb7fb2d2baf52f51b6587ee284ff8c14ddf749576a5b39cfd5c7f855c34becb7ad269ab2f157764bb2ed87bf88da50da24e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
f05acd4cb13215fec46a65189a206620

SHA1
5e474234e588f0ff183e8d23d059f5a494acfc33

SHA256
f3477e3e67db8c3f9cc98528bd309246f12de735c54e0e443fe6cf9b96529388

SHA512
1dd71edd3a747418ca9cf72ae916eb3be7278da2d8daa520c8d60f50cd727fdcc2869a0808e2e8782b88ac7e43877f5285292168e18d8fabd7036d4e0f961385

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
f06846f389f1bec38c1a9aa8b7cbd458

SHA1
2bc92a4ec7aad885cd1e15e89b8e2cc54e780013

SHA256
525739c45acf47e3d8f3fc51d0864e5f627616cff3a71db705f964ff8ab83097

SHA512
7b99259a8c4405915a765b1a2f3776dfa78ad23f8653f3edaf5b5e3a7f2a33203fa6129716957384074d64aec85fe3e44815a825185f424693bb689a8d5ef6a2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
4c9bb1b2fc3a3339e808fe3f604e4d49

SHA1
2a7262acdde51cfcf5c7b0ac1106477f1aa44cdb

SHA256
fd28d5f90e34b6d127e22452fcaa9e40338819e55a2f01f1ee43c8ad7c678e3f

SHA512
997e0ce509e6e3ea1629b3597ebf9b097c15d81d8ed8d368dad61646a7f60ff2e2f94d68007e245271a0d3cd28357791480c9dc4ec80c8f60b346d58703182a8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
bf10757342e5552d8088591d09555b5e

SHA1
abe125f2edc50a310300012e81e889553edc0703

SHA256
5b753239cfe2060cd35fda986dbf3fe59cc58796dd203a171c795c3679a0ec59

SHA512
60c13197bdf932ee5e407f1d74c7ffbe77c2cfed6fd6276c361c35a35a30b54cbb74cc92873d9308f215d0d67ab9567ff78623e9dd54005d119121b6cc8fc4eb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
cfc800c5a36e74c57baa0196b28200f9

SHA1
5a9ced108b070c8e63355e92748d9b3fb597fd24

SHA256
ec82d1ac4d5ddbf3c35940fef37bd70d237ebffe2f3ba570811aa25a30cc3479

SHA512
4701e0ab10e7a97ebb727f94ec00d542affe476c82c95f6fe121e7a6545f9a0dbde24529301d3d898d4bd8cc421ba41385af00b9e85382b78034b9a3c363db8c

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
7c994bf890cdaf54b9fa44b088f966ee

SHA1
dcd76de3b377ec4f7e5a34400fe91d993805dd69

SHA256
b846673026e7f61c18b9cccfc9cc57faa2d5cc7e0706bfcd96ca274f34553f6a

SHA512
5dd2960c0444944ba789931b5dc472e583426ee091e0810201c267d939b4c01f7c627819147298ce0636bb94e64d44ac2bcdc75c9d4f519fc0ff61ef9f7993cd

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
906d9281e66888024d0885fe29120872

SHA1
33d1ffb26f273199a5dea04cbc1f0f4cb1705192

SHA256
ac9668a66998c3bed1c112bcff45a3ec859afd8b47d42ed3214a435416e7c1fb

SHA512
660c7a8669ac4e3acb8362cd992c526846901ca14ae7b27054ff16e51224331da23de9dfbc11ca0469fd99f3e9a956258b199d4653b02408f1f9424e1f1613b2

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
9244e88031b585581d75b6c8126ee227

SHA1
7ce39528b2daeaec759b98722351b791fd249c22

SHA256
b0c3e79fc7cddddac0f7a85241cecc10a3f16d3c9cb0c37e15ef150435ceb880

SHA512
5fbfce9383a19d5ecdd835cffe0bd6c719d5b1a8875fdd6513d81092530da5e53dcad246d40e481ca61914866031ab0ec3bd55fc7884830104c44749815891c3

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
2364d050cc96583ed0a19a67241d5f37

SHA1
8c3626b6b4fca9f351fdf69ce066dcdab3153d02

SHA256
d4c3d0d7067d94c39103ccb0c298abc178a7570a71b3d0d964988cdfb9dbd011

SHA512
72fa6fae011300a832408bc5a0eba0f33207a5c98ca9ce990b55ea43cc46aadab447cd00e86e0b9df2899e4133412d2e6d959fca7711c309c344c2cd39733e5b

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
82b593c951b0bafe8dbf9e7e80eb31fb

SHA1
bf65596f8ddaf90a13da4d53dc0b2ff2d8d297e8

SHA256
6f34c0b4540812fe632920ae3ce1e7cabe5ce08ec2d6171437a145ebbe476bc6

SHA512
1d476b0c8e282dcba912ef7fc8e275472cd9dddfc92e95e56ff1416253bcb65a1cf009208044ee5930f47d60eea3342dea409e1c46487ca956d20d54254dab87

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
a825238d0693e32eaac60b03f234e789

SHA1
0463d0a2d8b1989f8bd93d7dd0800653cd71f752

SHA256
4801fd0d7b0e69ed3b3dd01b433899347fc7aa575c6aa9f3887eb97a0f59fd85

SHA512
2ee47f3768d65ae717cda82037245a02f896685a9edabddc7d8993ef8b5740d4db1f5fb73ddd59725ce18a6a72c5355935eb6b4068446e687a86b47df1176eb6

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
11c8bf9f812437b542cf7b7dc89be10d

SHA1
3c64eced0a8d2a36d7d8a9117b8ff8346b3d306c

SHA256
732175c4182b8210216779afb615b9c73a582c3bddff0c50f0878536722f21fe

SHA512
a840a571663d814174aaf0098762ba7e234c11f0aea409287fb2b97c54fa294733fc366f4fbcf68465be573be5970c955bc1e73c290b8c8dc851851bd2a2a2c3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
95bc33753268e65dd81d2ef5e5f847fe

SHA1
e46e7c32400cbc026815cf72c189b6e5e023d303

SHA256
cd183b8dfae47cc01116984433665ac4b88b2150a1e1b09327437dfbc35f10d5

SHA512
479800c53a3d3f4e45cb56a371033a7d8a86cd343ce9b2fe2288bcedcfd726eed88efcca9af9943b916fe73eca74353bc24bd299db1ead77165b6a2b6c82b473

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
bc003f1bbc404d67ffb68d99e2922c19

SHA1
9ddeb82ae3068e6003d0ffd8b0bb463ce912f9e4

SHA256
1a3cfbd9b2cb80d7b895ec55ce16e0cbcb5bb20eb0f427d6c97bd703474163b8

SHA512
14ece60046a2044ae859de4a71242c30eb32e169c8bd0126a15c547be947ec43766161ea4308e079028f042fb0bc6c695d994e5e343480e7ce8fe11d2d760b11

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
4460fd08b7d0da62ea7e0552e5a3cee7

SHA1
30680a65c0fe3d501e1e6175e39507bd60100425

SHA256
057bac22ee6e5ac30f1453b33b5665824aaed172a2290fbc4ee03f7b475bcb2a

SHA512
2c94178a88170cb5560f3acce3aa8956dc2dea719398436bf4d2e904e0418977480f201e3761226f50dc6473f7a0c744cbb2ba35453d2c98ca1df3a19ba012e3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
2ec70ba4c76e915b16be00f0ee3aecd6

SHA1
a6d9262c85a48c48708a0f6d2b8af9e651526980

SHA256
73d3051634b052668c989e6b041865fd50b34d0bb2d2908daa9d02541910b58d

SHA512
746aab2ded5bfef90d0c74135f32c7f4f0a9fdd422da8a8933bac4af7fa225ea375be684975bfbf2ea161320516a2d5884e5131a5d04c2b01988586e3a59717a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
82b115fc0a19fe1ff2b3405d53d2238d

SHA1
a48bfcc0da1bcb551ea6438fa1b220d29a016717

SHA256
207982774e65bbd0b228f37f772c421052cdbb1d4b4d1cd115e12b65d3b95611

SHA512
032da2350a826366a5fb8e4ae0918a61dbaac35e666b69a90f94656a839d6b346ff762e4214b40fc5067a06cb9b418e7cf8729f6bcc193092b8c92899ceae056

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
98026e2f401c086a4b4e413e096fe561

SHA1
05c97071ce6694e22a3ef10adfc866ccaab19c09

SHA256
3fc19bfba9c4dc345271b98b3077dfb320789d411adf309f169b9dab44adb731

SHA512
cc783d6f07cf22973c84f631abab1fa064afd5b9ba1ecb5b74df1efb4e8e750fc305a17f1bec5c7c391c8cc53cdbff63f8405e3f848f95d854368f83d94b96ee

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
6aa0517a2cf3129794065204015cac1c

SHA1
8687bbd98018eec2df47c775f7e8eac58d8c5981

SHA256
20fe962b1413d8a1a27079bb62428bd39350e597ade5b261dea848362456cc3f

SHA512
f243ba36a949e60916d621a62ee5d6f04d2ef2b9813f666c071ab1b1a0bcf6a42140f9a5da88c08c5421c85161474f3fd14e304571e81ea0e748bb6b62d167c3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
bdd31022e69442599cf9dea252dce11f

SHA1
50c3d12fe8292403aaf0240871106e07e1b9a07e

SHA256
b464f29a9b2e9c5161a866cea67db8545202f1fcaa0536ae914297d6fd21046c

SHA512
1e6f41f12c678b5d7deef9ff69e1cdfe866ea45938d2ebae22ed06127e994bd829dbcc6288bc836870161f654c32f32f01d1bde79d19f586cf2d575fc8e2fe1e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
1c301ab5b813c45723fb8e6643b2989b

SHA1
dcb234ac6446f65af0a34d402028dbbbdc37f906

SHA256
a5429148babfb8a0f5b852ccb1411fa67ef2c014b2ef88c21ba871ffc489f754

SHA512
502ed33ce0116d6935cbdcfad3922cdcde07fb0b2533b50c1d326f83593b072775f59f89e02d4155635382d19871df9ee070b6af19d419ddd3d91064c397a686

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
8f71d34e2e90cef6b5c2db1cff6ab7bd

SHA1
fcf4073d0ac6486802f180d11f02f68a9828c7e0

SHA256
13fb5a326a65c5cb649a3b8d3df2e8015928531c09238481bc580883e14637d8

SHA512
9ac4117dc4fdf12e4742ab78b8a1bbf1525c7d5bf0c52bf7c3f15b33b8a144a32b81ee7e6a3028f7b36b5d7463a6ebae0441a3b29ec4ff21eb81cf844396bdbb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
98a8797a7d12112d9bf743517ce2a238

SHA1
4fa6b6d8c28715fae97161950e081521977b0524

SHA256
4fdb473f07c6eae16428104138a448af4f7b4bb7d5a1a98a7fa208b2ef2166c7

SHA512
e2ecac7cc0ba1a80e474b8422ae30573e4c65909717432dba0d99d01be47690a3bffdda79ca25a2e2e3ad872bacbc00c56aa1908d33f3f53c29276f840f077d2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
d2f4b997e11523b2d678b7c77f346997

SHA1
9acf952aeab0e8dcc9eabfa71f065a642578316b

SHA256
1b6bbaae9f2de5212558fec82918b7e4ec7babfb5824c756836991595dea4dc3

SHA512
e3696237047385f2c201243278f5c8e8e12c0b641eb96365edbd0784cd157f8073eec96260379e4b12d813fdae42e7199437801cc0346d253ecf674bf067e98c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
a20e461e05270d7d7f17817268d83147

SHA1
f2555d8d8a6262eaae1834eef9d061725a4ce30c

SHA256
1a7cc55f36e08e2653ae420d8a05820dcb0ba41a9d96172039a4db95e4ec318a

SHA512
c22b7c0dd3201548fdfe56fc87b132dc689abe0a46639b57f5e4171603d2d621de863c5a80d79e7c57cfc421b9604087b52e2f80e244c7bfc8dbcb056ee4d70e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
227980ea2788d316975ce7b2ad009111

SHA1
c2feee01fa8d4f7fa466c3891b1be8703d24169c

SHA256
b4684bf34089b66b0d72d7b6b94badcad4451e9d5151393ed4a4f725ebddd5a7

SHA512
0dfd625e22b947561caee60237260940025293bac9a1a841ff631d867957d53d507d14ad14d9814b6ee3bcdeddb942e91b5c10d911b68bd253f2bc313c6b60c6

Download Submit