Overview
overview
10Static
static
10samples (2).zip
windows7-x64
1samples (2).zip
windows10-2004-x64
104035f6fdd...f9.exe
windows7-x64
904035f6fdd...f9.exe
windows10-2004-x64
70ed3c87ce3...07.exe
windows7-x64
40ed3c87ce3...07.exe
windows10-2004-x64
11ce291b079...c9.exe
windows7-x64
71ce291b079...c9.exe
windows10-2004-x64
130e66f95b4...49.exe
windows7-x64
830e66f95b4...49.exe
windows10-2004-x64
8335160bee7...cf.exe
windows7-x64
10335160bee7...cf.exe
windows10-2004-x64
103d7dd597a4...67.exe
windows7-x64
13d7dd597a4...67.exe
windows10-2004-x64
742dcc46f9d...46.exe
windows7-x64
942dcc46f9d...46.exe
windows10-2004-x64
84fcaca23e9...f2.exe
windows7-x64
104fcaca23e9...f2.exe
windows10-2004-x64
105994300c1c...a7.exe
windows7-x64
105994300c1c...a7.exe
windows10-2004-x64
9627a5569d4...e3.exe
windows7-x64
7627a5569d4...e3.exe
windows10-2004-x64
10kf12.pyc
windows7-x64
3kf12.pyc
windows10-2004-x64
163fa775052...2f.exe
windows7-x64
163fa775052...2f.exe
windows10-2004-x64
1645b8dfe73...79.exe
windows7-x64
1645b8dfe73...79.exe
windows10-2004-x64
164862ec699...1b.exe
windows7-x64
964862ec699...1b.exe
windows10-2004-x64
10741d75a02d...5e.exe
windows7-x64
10741d75a02d...5e.exe
windows10-2004-x64
10Analysis
-
max time kernel
120s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
01-01-2024 15:12
Behavioral task
behavioral1
Sample
samples (2).zip
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
samples (2).zip
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
04035f6fdd921309391aef9c88e550d8b3d31c7a4ea80267cb436f491aedd1f9.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
04035f6fdd921309391aef9c88e550d8b3d31c7a4ea80267cb436f491aedd1f9.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
0ed3c87ce3ae58f3dcbf46fa022acd3cbbe0b96af2e9f7a47eee0dd50af88507.exe
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
0ed3c87ce3ae58f3dcbf46fa022acd3cbbe0b96af2e9f7a47eee0dd50af88507.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral7
Sample
1ce291b079977e7a3f81c44b644fe1f63ae34a0a1a5c264e9f6085c184f7a1c9.exe
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
1ce291b079977e7a3f81c44b644fe1f63ae34a0a1a5c264e9f6085c184f7a1c9.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral9
Sample
30e66f95b46c8162c921648e31f8c4146ba3f0580f4e5aa3b4c4de18687f6a49.exe
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
30e66f95b46c8162c921648e31f8c4146ba3f0580f4e5aa3b4c4de18687f6a49.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
335160bee7e253c4ffa69e5164c4a36fe5fb4be2c246958dfcc509d8202db5cf.exe
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
335160bee7e253c4ffa69e5164c4a36fe5fb4be2c246958dfcc509d8202db5cf.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
3d7dd597a465d5275ef31d9e4f9dd80ed4de6139a1b3707cb3b0ffa068595567.exe
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
3d7dd597a465d5275ef31d9e4f9dd80ed4de6139a1b3707cb3b0ffa068595567.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
42dcc46f9d6e6e8efe3f95bc09dbdfb6206a52a4347dbb652f315cec483a2046.exe
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
42dcc46f9d6e6e8efe3f95bc09dbdfb6206a52a4347dbb652f315cec483a2046.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral17
Sample
4fcaca23e9cfb7e5448f41bb520c9c35c68fd795ac6b3707d0c64cf92738acf2.exe
Resource
win7-20231215-en
Behavioral task
behavioral18
Sample
4fcaca23e9cfb7e5448f41bb520c9c35c68fd795ac6b3707d0c64cf92738acf2.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral19
Sample
5994300c1c7d099bec13d2a6aec942a6a866966e9545773d3fbe26cc5e308da7.exe
Resource
win7-20231215-en
Behavioral task
behavioral20
Sample
5994300c1c7d099bec13d2a6aec942a6a866966e9545773d3fbe26cc5e308da7.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral21
Sample
627a5569d47d6c66be6888e4f68f0a50e491404a08da1a7d9242c2d29e3e8ee3.exe
Resource
win7-20231215-en
Behavioral task
behavioral22
Sample
627a5569d47d6c66be6888e4f68f0a50e491404a08da1a7d9242c2d29e3e8ee3.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral23
Sample
kf12.pyc
Resource
win7-20231129-en
Behavioral task
behavioral24
Sample
kf12.pyc
Resource
win10v2004-20231222-en
Behavioral task
behavioral25
Sample
63fa775052a5c7258d44a00d9f2b4a9263f96fb7c61778cbb1ba9102fed2082f.exe
Resource
win7-20231129-en
Behavioral task
behavioral26
Sample
63fa775052a5c7258d44a00d9f2b4a9263f96fb7c61778cbb1ba9102fed2082f.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral27
Sample
645b8dfe73255d9e5be6e778292f3dde84ff8c5918a044ae42bcace0fe9ca279.exe
Resource
win7-20231215-en
Behavioral task
behavioral28
Sample
645b8dfe73255d9e5be6e778292f3dde84ff8c5918a044ae42bcace0fe9ca279.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral29
Sample
64862ec69991a7d454c3ea3a0c3a8f1cc9c80192078740b9c753abbf1b7bef1b.exe
Resource
win7-20231129-en
Behavioral task
behavioral30
Sample
64862ec69991a7d454c3ea3a0c3a8f1cc9c80192078740b9c753abbf1b7bef1b.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral31
Sample
741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
Resource
win7-20231215-en
Behavioral task
behavioral32
Sample
741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
Resource
win10v2004-20231215-en
General
-
Target
741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
-
Size
2.4MB
-
MD5
675716e76d329c21fd1c8584c4bbf4e0
-
SHA1
3f31361a356346980a458f72639b167f8557d997
-
SHA256
741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e
-
SHA512
33990b75e05409956567e2c417c4af3cefed346d18b1c990651ba9ae55f4c41e448f48e708ebb3f0a47dd2f95a648d99fa49b1f53bd68275754a98662451b75e
-
SSDEEP
49152:T1qnoAYJ+dAyibulZllnhELJPA2GINhptUhwRVmif4lqKw1UWHgCw8SbdkYMy:pMoAYJlyi8WBAypSQVf4l21xw80ke
Malware Config
Signatures
-
Detected Xorist Ransomware 8 IoCs
Processes:
resource yara_rule behavioral31/memory/2536-2755-0x0000000000400000-0x0000000000A50000-memory.dmp family_xorist behavioral31/memory/2536-4132-0x0000000000400000-0x0000000000A50000-memory.dmp family_xorist behavioral31/memory/2536-4291-0x0000000000400000-0x0000000000A50000-memory.dmp family_xorist behavioral31/memory/2536-4292-0x0000000000400000-0x0000000000A50000-memory.dmp family_xorist behavioral31/memory/2536-4293-0x0000000000400000-0x0000000000A50000-memory.dmp family_xorist behavioral31/memory/2536-4294-0x0000000000400000-0x0000000000A50000-memory.dmp family_xorist behavioral31/memory/2536-4295-0x0000000000400000-0x0000000000A50000-memory.dmp family_xorist behavioral31/memory/2536-4297-0x0000000000400000-0x0000000000A50000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe -
Renames multiple (2144) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 1 IoCs
Processes:
741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exedescription ioc process File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Processes:
resource yara_rule behavioral31/memory/2536-0-0x0000000000400000-0x0000000000A50000-memory.dmp themida behavioral31/memory/2536-2755-0x0000000000400000-0x0000000000A50000-memory.dmp themida behavioral31/memory/2536-4132-0x0000000000400000-0x0000000000A50000-memory.dmp themida behavioral31/memory/2536-4291-0x0000000000400000-0x0000000000A50000-memory.dmp themida behavioral31/memory/2536-4292-0x0000000000400000-0x0000000000A50000-memory.dmp themida behavioral31/memory/2536-4293-0x0000000000400000-0x0000000000A50000-memory.dmp themida behavioral31/memory/2536-4294-0x0000000000400000-0x0000000000A50000-memory.dmp themida behavioral31/memory/2536-4295-0x0000000000400000-0x0000000000A50000-memory.dmp themida behavioral31/memory/2536-4297-0x0000000000400000-0x0000000000A50000-memory.dmp themida -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\u0m269i9MFZ31k7.exe" 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe -
Processes:
741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe -
Drops file in System32 directory 64 IoCs
Processes:
741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exedescription ioc process File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_History.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Break.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Quoting_Rules.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_profiles.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Windows_PowerShell_ISE.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_debuggers.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_job_details.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Throw.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_types.ps1xml.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Continue.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_trap.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_preference_variables.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_types.ps1xml.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_prompts.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_hash_tables.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_troubleshooting.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Arithmetic_Operators.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Windows_PowerShell_2.0.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_script_internationalization.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_troubleshooting.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_scopes.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_jobs.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_transactions.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_do.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Windows_PowerShell_2.0.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions_cmdletbindingattribute.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_trap.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Return.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_If.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_escape_characters.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_If.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_transactions.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_trap.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_operators.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_PSSnapins.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_cmdletbindingattribute.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_environment_variables.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pipelines.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Foreach.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Throw.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_advanced_parameters.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_requirements.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_split.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_try_catch_finally.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions_advanced_parameters.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Parsing.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Windows_PowerShell_2.0.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Quoting_Rules.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_hash_tables.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\ja-JP\about_BITS_Cmdlets.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_job_details.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_job_details.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_logical_operators.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_environment_variables.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Session_Configurations.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_methods.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Redirection.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Assignment_Operators.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_try_catch_finally.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_try_catch_finally.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_CommonParameters.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe -
Drops file in Program Files directory 64 IoCs
Processes:
741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exedescription ioc process File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\2.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_snow.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341654.JPG 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\trash.gif 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099199.GIF 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\BG_ADOBE.GIF 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21548_.GIF 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\weather.html 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\30.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR32F.GIF 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_over.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-horizontal.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\logo.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099165.JPG 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\settings.html 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECHO\THMBNAIL.PNG 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0313974.JPG 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\THROAT.WAV 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files\7-Zip\Lang\th.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\corner.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\43.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02758U.BMP 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Empty.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierBackgroundRTL.jpg 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow\TAB_ON.GIF 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_right.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\SPLASH.WAV 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\WebToolIconImages.jpg 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\28.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-docked.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR26F.GIF 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files\7-Zip\Lang\uk.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR11F.GIF 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01842_.GIF 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\THMBNAIL.PNG 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\GRIPMASK.BMP 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\picturePuzzle.html 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341534.JPG 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0386120.JPG 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02757U.BMP 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-disable.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_rest.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01235U.BMP 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02466U.BMP 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR51B.GIF 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\DELETE.GIF 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.jpg 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01035U.BMP 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe -
Drops file in Windows directory 64 IoCs
Processes:
741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exedescription ioc process File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_data_sections.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-cityscape_31bf3856ad364e35_6.1.7600.16385_none_5b48f43248490503\Windows Navigation Start.wav 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17514_none_75d78dc0bb37c026\Tiki.gif 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_remote_requirements.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2d42a6783ff36048\currency.html 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\41.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\404-12.htm 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-full_31bf3856ad364e35_6.1.7600.16385_none_ce3a164d3f0fa152\NavigationLeft_ButtonGraphic.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_properties.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_Comment_Based_Help.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\logo.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_de-de_82258a09c9170bac\settings.html 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_escape_characters.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_do.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_scripts.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_pssessions.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_Arithmetic_Operators.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\flower_h.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-e..eady_eula.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ece294d84b2f3159\playready_eula.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_providers.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce\chimes.wav 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab\image2.gif 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_scripts.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\Media\Festival\Windows Navigation Start.wav 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-travel_31bf3856ad364e35_6.1.7600.16385_none_f2a7c66510a5395d\passport.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_debuggers.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..allpaper-characters_31bf3856ad364e35_6.1.7600.16385_none_bde0eaed84920a21\img19.jpg 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\6.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\timer_down.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\17.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..tyle-resizingpanels_31bf3856ad364e35_6.1.7600.16385_none_bc51073aee3391ed\Panel_Mask.wmv 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_aliases.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_While.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\Media\Cityscape\Windows Print complete.wav 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_Command_Syntax.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_History.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2ae1bce6b81c0916\RSSFeeds.html 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fd3784c9b57cdcbf\settings.html 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\Media\Heritage\Windows Default.wav 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-sports_31bf3856ad364e35_6.1.7600.16385_none_c1c84490c211896e\SceneButtonSubpicture.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_logical_operators.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_Path_Syntax.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220\Windows Navigation Start.wav 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..howgadget-insidebar_31bf3856ad364e35_6.1.7600.16385_none_a8d08d1343d8b261\slideshow_glass_frame.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-m..ttheme-za-component_31bf3856ad364e35_6.1.7601.17514_none_a5926b147a413e6a\ZA-wp5.jpg 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bNext-down.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\404-15.htm 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_Continue.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce\Windows Ding.wav 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_arrays.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_31173e7d19fe591a\settings.html 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\Gadget_Star_Empty.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0246f6465cb859ba\settings.html 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_format.ps1xml.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\Media\Landscape\Windows Logon Sound.wav 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-shatter_31bf3856ad364e35_6.1.7600.16385_none_0cd72f8900478c68\NavigationLeft_SelectionSubpicture.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_join.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\Media\Cityscape\Windows Feed Discovered.wav 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\cronometer_m.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd\curtains.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_functions_cmdletbindingattribute.help.txt 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\Media\Quirky\Windows Pop-up Blocked.wav 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\setting_back.png 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe -
Modifies registry class 10 IoCs
Processes:
741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\u0m269i9MFZ31k7.exe" 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.kmbgdftfgdlf\ = "XVFHASZDBSERGJE" 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\ = "CRYPTED!" 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\DefaultIcon 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\shell\open\command 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\shell 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.kmbgdftfgdlf 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\u0m269i9MFZ31k7.exe,0" 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\shell\open 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe"C:\Users\Admin\AppData\Local\Temp\741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Drops file in Drivers directory
- Checks BIOS information in registry
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:2536
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
341B
MD5c209945e7abd939a4c66b28fc2770369
SHA17a6d688e5f67b638cab216dae1bc990ace964994
SHA256419f51687e494e82bd75080714c218b0ad607e8a13db893866cbcf4161acaf69
SHA5127734296684a24db56ccc29e6094ff7f91b1032ea8f50de41676f63568cca9a67612bf43e703b3b28f6d8cf2c92e8b6d348c7de4dce94af7e014ab07023719cff
-
Filesize
222B
MD563fb355044eab78f7228b87cb6ef5843
SHA188bcee4073a7c0f67e01e442bfb51f8c72fcb68e
SHA256cfe458049dc5cdddedc47b37cefdbf07e01d7c8c891dce72c9b52ac7f8858097
SHA5128e0e1523846c5615b8718475d9e58a256882c809ec80ff52029923e3b15fbe05aa8f3769643a36a646bee86b5e20addda0a1ec32a1c020c0531495f9afe24732
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD5804b11374b18e7fec23dc9e9db731961
SHA1b917823728809bd46aac48753ed7441204f9738f
SHA256b1dbe8db91c4d14f001927faebe3c046adb54eee64e4b56bfcba2c91015ba7c9
SHA5129b137c4fac47ab60560983f55cb6c2a5416a012c50f1b84e9d9dca58f29d07628e724c39cd4f03d14c1743b435b89838156a46abbbd9a2378c7d9055e5a2f672
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD5361a9c52a997040a4becaf3273912f4c
SHA15266ef57ad838e48f6cef28514b41e450b121692
SHA256b5f9546ba6f95735064cccf6322f02caa0d0c6658db7c0b9d1addc2fe007cd4f
SHA5126dcb6c1f06619cef1e51c74e1e817ba4d91257bb481f03ed1eccc9889ba015c83b5bcf31051b0804d1167ab60710a9ffa0f5446f89fb84623e124114ad90c0ce
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD51109ff57ce47c72b12b4b6e682c0180f
SHA131902e8510a4fc9e5c8c382cf23379bea8e8aed0
SHA256c53c5318da56e8add364c1f24d66e32337d77a403901282d372abdd21d0805f1
SHA51245d55a0073826411a7f90c0e81b9c3104338ed14b5679ed68865c74b4212e9fece804521ebf4d5bd670f60c23195b71b6a2b23173c7629ee3a24366cb6032d35
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD529c590f07fc56acc37377fbb605199a4
SHA150ef0ee700072738025cf5ba65f2f42f2f1b7538
SHA256e39c70c5d1932f3e757799d0d9bddaee33fd98cc421a04fa9346e5155108563f
SHA5121cce21b9503f1d5f6464f63623a34a92c7cf5c48c2793d8d64f2932e1383e6de349ca59a4ca25d15a11f9799d7ec8e9541239ba987ba32708b96c62c42c48a63
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD5c9bb91fba64270406a8e131cfca0d536
SHA19463bef19e2285332710876d21ca6a2f5c33d202
SHA256e94d1811fb2cd526ab493d6849e5fc0746c0b1bf3b9ffacbe7a14c3118a6b1f5
SHA51247af41b46a76ceaaa01794e32889bc6618840d6bf5517500da155ed1f1115b4d1ae6979da308d9646855d53ff8f7985c4fd99c126d54c97e42c8e4ebefcc658d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD553929e0130d6f6398102126dc717cec6
SHA184ba8c6af90f8b54ecf41465ccb92dd5b5a0b8d1
SHA256e0533aa9cff2263b2252a8e5631e65fe8e171be71475ef3776719b68253d293e
SHA51246cbace0a37e7391a52c508a09f8e559cff39b4b1d860d69e4c7514a6bd16551c59b763f2b9536ba11165db3217e31fd2750d77afaab84171384723677dc7c30
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD5c4f6fc695402d6e4b857f1c792f39ffb
SHA16bbf7747ba8a3fadfcc08403bc321ccbc5076266
SHA2564fff97b2863a4aee40cd15ec7cc2e1ac9eb5107c383d871856c6517f00b56cf2
SHA512726dc19f0fbfd6f4e1142346155401bc2da499dba56864b17be640c2ea0fc88048002e00a4b490b72989071ac5a239f7fa653e7c48dda800fd3d80367bcb0c30
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD5abacbaca84d831b28f5cfa8696132fe2
SHA108f75c589a0885671439259be6bd7ca5cd357d59
SHA256ccf4c3d9f48bca70bc991414be843c7512dcde8a0090f8c5faa0b9c4e603f9ce
SHA512a3448f42d66fe99621a481b6d68aaf99234912834ff91511445531f0a47117c6ecb22275a4359c9b8e244119ffe8a6615fbf0deeab42c2570295044d86da52de
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD55221ddd6b588fd6593d91adf42a79d41
SHA127b3ef8b98922b80c1583b46f050db035fca58e5
SHA2562e363ab337ba3675eea1bdaf200e8dc70c06f37e0105dde509d050800f5381b3
SHA512d023b5873ac9fd6b506c810dd8a5191dd8249274966e6fb37a3d33dd6912a596bd8090f77447091410c1c8c5e88aafa4030d67460ec4a6d0efae680dcbe19d03
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD56edff3271d50a368fd77849f37b093de
SHA154574aa232d046b400d00760a5641f7957802931
SHA256c7a4adb1dc6ab6540ea3cb9197a7c3564010ae818a6ba8b9ce266995528dae89
SHA512d7ce0df4d3246649882ab3612ca670ba996a5f77308c2dfcde67d874eaddb8605e891066b10054d88b2f752fd36d32e5f7d58db4f5904114961e5474a81f6dc0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD51956ad0924806a5723b2603a5801b03c
SHA13ff68c5102b809d0d57d28c3428af41cfebc3618
SHA2562452e9a54923a33d93362ee9c5bb1a4d7ced03b62917ac0937db5ebca4d0f91b
SHA512b64e3887900e263f60be694ec5f4a7ffa8f24a7e2a13588ec5d4eb9e8299401c8c710e166e74e727c877c2cf7f92aec9dd2dd5e72c6307134c4a629d4518e660
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD52953b650ce2da9c51e6f1ccba46e6d75
SHA12d450b8f2712a64a46c04af26ccebe22e7bdbf12
SHA2564a8cf872a82d7e4fd55fb319b92d50f587dbf8405fdfdccbcf078e06aa5aaf4c
SHA51290e89d79e92afd35aa600c2fc3e391ef3f2dc6389430e70125b3c44bd0cbe1a5fb51de523e7a06c8ab4e72e190680c37796e8e47f450d4b0b5d8f9fed6264648
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD51c55a74c690172876e7c4c9daf7acf62
SHA11fba6396b24d79fa3b203f4179d82ad9b1d55061
SHA25605f7019744aeb4756149408b379fd98c5fa4924ccd910a1c39281a6f914019f7
SHA512aa9bb0660fa7c3a5b84eb90835028d6fc108aebfad9e307931036fa52016f2c277134d69f988fc6238558ace3383102f5e583a1b24660ad7da6c8cd189f349ac
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD50504a31adbdd527b8a08a47ddcf061bb
SHA15928fa34d8000d2b8c6288910a385a33d4eb969e
SHA256a7d8ce549c608624bba36db4cd773710e48bb24a970dcb960dabdddeb2d32d46
SHA5124bb533aa25f6c6c26b1c9819b4d88a821e227d3df5393354aec715bd4f3bedf029657ca204beca211164834b206e4a7b3757575b5a9ff9682718ba43d1908909
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD580cd12d97dfcced8f03b61ce920a6706
SHA17e5be17ecbed9eb07b53d712aa2e0c85c36e9302
SHA256c68b58f8d03dddd486b04393c019382953168ada6f6f59585d00c1fd6fc197b5
SHA51242f6dcc51985c7c4cd51f7ea2f8c55e4687155a3cab8d12f0e12e3d0017408e776347b76601ef68879159af769f7402f9406583c9752e3310b33a53a8606b046
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD516b72641b26fcf8b3f1e2930ab3f43bc
SHA158944ce2f6c8f8f0bff4e732377717066e87bd2f
SHA256d8eedc8afd6135f1b4d0d477f3c457c31dab8c50adc227884a3982a32c8ec371
SHA512aa67d08dd72cbfb4f96d6c2ca58c2dc216d046503f039dd09edd1e8c5cdd236c4251331c04902592fb31b9b3e7d56572b7ea8e27a8f2b718d0fa8db62fde322b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD5b0d5af152f74899ee6cba5f9ffd19c5b
SHA15606f61d26508234fc2d875e1f57c1ec8417663a
SHA25671ad94cfc618f7905d0589ce7a5003f1eacd55cbfdc453ba0ee59403fe96cb81
SHA51245c83e2a89d80054db251081bef9f101b1bba39e9d89f035db0951f4b1c67a6235876aacb79ec9fcb4dd0bd17cb940c5907e3f1251717bbe586770955e4c1c27
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD5309a25780d3f5ec1aa268acac4df2bd4
SHA1a93626908bbea2963edaadeaebce6ee158238ca8
SHA25661551d2acf4576d84f5ca9a5acc129f06316429a9781a597808dc16fed6fa985
SHA5126ddd1f0074b69242eba30e0e54f0fc71cda63f4d4586d0b3156fb219a57a7c0346a51860c1a14e0a44c4a93dd32e39fa87acf0ba6dde2530c4ef7b2dae6ad97d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD5ab26cb367babac79a2358bcbfa4cd3d1
SHA11516a09132b4ba077249d17a9d108f6a6414a5fc
SHA2560a6edb1facc916f0bf49163973fd263a6265ff6fc3d61ba9b2f05ca7bd04f8a2
SHA5127d93b71be0e53cdc5f29c4a6cb41f6ab3108e0527046663279b472edbfc05101f45eb80b9c65bda579a75c34a9a2008937a32a271d462092e39bba88de5a8c81
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5181863d0c28be014e32c9143be3936ad
SHA1b9b12707c10554ef21154b394043e68da4bf4899
SHA25652b1691384d7bdf15feb37ee5baf8a21aae764149c255b46f707bbf63b906950
SHA512255a9c8c309139c453a3cf7d670f9b13b21f853f8144904c94b1fd9d23d31bbf50c3ebdb1d5398c180ee29eaec8215bbb799a5929f534a653f6758e9ed415b24
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD584ddedc44003e48c2609ee237b2f00f4
SHA16f818038b19068a2cfd138878ef4d862c3353821
SHA256e4b6a5385c572d20c09bacdfc8282f596049b6fcfe55dcc6e9af6bdfc214c623
SHA51272513cdaf6c6a58323a2e888db0f984a8925f9fde1f141c0013ccfdad675b536e55d3bc9b8c901acd9f06a7afbb7029af372ec1cbec69a7762974f34c5b97e9b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD535b47e3ada60863e51dd6446034501d5
SHA1ec0ebadc7fd64a69a1d353731f9496a6339e6e5a
SHA256daf5109f99fa0f8e98e12caf7d27037320fc120382accf5d3b4a93134acc0cbb
SHA51272454f1453b74f84d8e9a89ece26be5b256b87523924c10127af4c17e69971d52179c074660b0da7076438a3451e39989e8d3e392ae7b8281e15da7981869e00
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD52505094bfa9c91cd5d0585e61ad1c7aa
SHA12627964a78db5722f800d8a4ca6bf67960da1f8a
SHA2561cfdf84fc416ca1fc051c62a48df3e54dfc1bcc1e41b424025eadfef6cefe28e
SHA512010a760050341e6fc7e7fa4d6d67c795726930664a4663b4967701f9ccd304cf384cfd34b4b45c43163597a96ecf3b7bf4e1592ed77d13f95cbfab285a3e71dd
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD516f49d8ede5dd812660e27249384a113
SHA1c06d9a9e8b43cacc91268fda10c9231292a4737c
SHA256490cab4893ca5e75efe20f6b77ad7689a6adc48e55c6aac16931ec3f6f6f568c
SHA512c12c398e71db454dfaf43163a47df82a01b702e7a95fb9739713ffac00943f4cd27d25509648554281d1ac46f6add1d4ab43c83ae3e02e8506142acd799c0476
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD59301d80020a2c1ab4c04db0403787ba4
SHA1f7d35aca4d87db2e3f95a981888a7f02b3bb219c
SHA256a9a28d7ff88fc49f16e314609c2b8e937994d60d6632b8f12d4f184aba297fde
SHA5125a1c4db6826ad7d31adf3453b34bdde37cbab6a123929ccdf4eea74eb76a236428ad38d93d4967e551bf3af14787d3e0cac2852f50e74994a1a917ac55ffc54a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD5246d69e01cb77c9a7ae3437fa84a1d2b
SHA19eb10b9722f42339bce8ca8c3e6c9719c3b069d6
SHA256c3d274b247de1e44c5e346398bddee19e8ce9469d681fc714db8b2e5378d4326
SHA51275d00bfe84473ce27476688ba3848f930f639c98535af32c8e686ac78b662b16de26b7befc000d21d61f30e58c03c0a1940438a7074f12c6005d18b472cc5332
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD5dc92660c3339933ebe7a143388ec54e0
SHA1427c92dcb648a7504bf4670c9508d0719bfb60d5
SHA25672611d457f28be83fa97147213cc057ca573459ec64d50f039b77321bd983780
SHA51282ef57875f3cce66aefdc29dd5b86659c17c63de5736a956c003997c78b6b4fc7fadc087acc26d43dd1a7c4b604acc07de3bd871755d0df07eca26e6bb4a6009
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD5476ec1abee9625e31f4aaff98e4a2ba3
SHA1e1e1251feca8186f5a7f21c670891d08a5d92ad7
SHA256cb21583143839ed786356638bc4707bf7f01e798e8281ebb1a9cdc6c22a8eae0
SHA5121dea4a028c02258d9acd0428340670a7dbeea5f9b8315a348c8f94e16039b3987825f33865269fd34edb0d3292d1ed7a5abad323c15e7e64c777844fc351d8a9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD526a2f64bf1da4869406d4cc4d3f6de1f
SHA130d13ca9a6331c95e54dcbbd1a01d667470e1cfa
SHA2561e6184e8a03f2ff79ed7db2fcdfb2b5c037bdbe8bcc37c5f0ec4cdb7654fe16a
SHA5126f936463e1fe8a5626dc80ea217e3c6a9e2f1a95c3d1626e8109359f5186f266741f6f7cb3dce1f8190e7703921c2f791b3eedbd5bfdbc940f3de21d099a9c4e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD53e155b23c56155158e04eee48b451f62
SHA1f873ad4f6a80340e23d0ad869c78b9b5a6f91fd7
SHA256d7599822af408e37c0451373c04787d101c3d9ec009ff9a2376c1b3a62f71a01
SHA512fdc3c3965d8b73e531fdc7ba78f77ffe6e7a3c9d313ee8752fd11e78ec6d65acbe88c7c7afefa6e776fd263e241a1d22ec2f40501a5761b0073ebeae3c317497
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD59db731cce3d7c8a1cdc6cea6c3d9ceec
SHA15fb9903ca876254a3cd4719d663079a14c83b404
SHA256ab0d4d7f8a5dce11557092d04af1c58de3ab19dc6ef58f0cd585b0df9cdf241a
SHA512086066f477ce3ede3068cb696b3e9943c35838b443360540df46199918703e42dffc5834ba258ea5e5cbf7a3402ee7d87803b503fd1314eab5a8616c5180a990
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD5dc33745404f61b8e63c1495d5e4f105d
SHA1a40491bfc3509de2da6a7d8613e703c8808cc48b
SHA256af8c29bb6e9809a450170d76607ff6bef266464072e7c103c49ba8e05f5cb68c
SHA5123b0523aac88d294c0b5a3640d43bc63d42152b2b82b5b0bbb501a6aa9556aa816228879341b1dc1cf3a6d18093e8888c91076b927d7aad27c60beb963cb2f969
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD51c9ee1f57b1e493825244315cddab61f
SHA1134bb78f48594ad993efebc23e14e3656f72e3a8
SHA25643b9bc2cc860b57334dac3b994fee43aca38aec7d902b3256efb9b444f4e41c0
SHA512bc1fe31808d2b45624475827e5cb5c1cfc92782778402111c2aa2949c16fb92491275de6d8a66ee4da7a1b87e4400c267cc68247bb0cd54f3b47b54b644fe5d2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD511c1db8fabfec691506126128063bd8f
SHA154e7d5d9234d2bd203dda022a94d3c982c50ec60
SHA256dd6a633e01653fc0a7056515b2db9e233b07d2aa10cf179c24a20267b92cf76b
SHA512f87920d5cd4a6371877e74d1b817ea3f431728e4e95e208f96c4ce8f667d5da9bf0c825ca685ae1d12bd7654e266c71a1fcff83dda3da809b022ba4293fbd9e9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD539453ef5dd82f6d2e5d6fc0e4433433f
SHA138ed635eea699c59370f4c34eb6ffa2e86cb4ed6
SHA256ee582ef56abdad439fe781a45d2ae02f4d3b08195181eba746dc851190e85003
SHA512a85ed94e18c58c42d2a4b8f77cf1e55da71d96cedcb31dd03f006c502b0a0ad8c112ad27e27379f732ddc000c02a6d68006912513dba54b227c1d59a164e25d3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD51156b38788aa73b60593b54a686cffbf
SHA1e33711691226e21d3f10cd00c80420fa0036a6c7
SHA25649d44a560bf2636f6c6fdb0fcb5423f6fc3dfe5d7ba4183f0b9636e7a93d1586
SHA512254453600772382cdefe0e30592c8c9ea42064bd59fb3224657caebcb8f1c9faacace7f5664cc1a544a8e4a08dc9da926a27cebd10ef9eb83b7102fac4ec35db
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD52a7311bef1f35398897557d3f457dbc9
SHA1739433b7474464e2789afab3ca148519a64dad47
SHA256523affcdc401f959822a190561328e62a7166533c96d946b8e004da0fab7d630
SHA512f44019115ccac3392ebc0cb3409506add0fdefea03866814f30f6c695fb3d399261debfc68192a57a448f58179f3c5c5afaae152d0f081a1f637037a70da35fe
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD5b7105fe3d152f28d3359e58a2fd54171
SHA11f765f46c40bf38665b760c9806f0dce32cf93ae
SHA2562a5f9a42c2cded8bade329e3e7892d885a3efda6a30b5ab0179a07571775ba05
SHA5128c4fbcd220aad8bfbd1d7f6203d85130495f7468f4246645d713da4a675e313565b29a9540b0267031da998e9886690c76520d47b3ae62138faab00a72e027ed
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD5c9a1057c9b495f6209384083af936a8e
SHA1aa069e51fff610daf2f9f84d34a1cb4716493f71
SHA25644affc00affa0e3e9ffa36f5e647637557da51991e19f7b9ed7644f82835f771
SHA51282a857aa004a4433cd26fe5a037c854b4a47446c597c6524f2c38acc7ae8d208ba4d6663940ec2008c779a123faaeb4a3c118214b292ee20272c195b8f3c140e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD55da4fb0a99b6147a4f2a647ad4a8723b
SHA1ad363c76bbc4ef5c70cbc226d36c5e5bde1ce818
SHA256b3f05f6092a3f1cf692f108426b4ce2cf87d8311ffc2d5783b8d0ba14e7620e6
SHA512f603bba865953a94a2af20d1462f2f6d5bd6e312f1bdfea843de67500274e5b50505c5eab2fc0262b81b9c1a8e89b61967599fc2afbf904ada848d32005aa430
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD5f10ac68b0713af6aecb798432d3185dc
SHA1ef17cf137b2028c379ee366e8d8bd7ff79fe6a67
SHA256ad81e7be0773b24fd8d1ddf58c1d52531db6b49597140bc9a308a325937555ae
SHA5128ae29277e2c7f0d5e55cb7c1bf23de01340ba45adcd9bf6d5db55b975d901c6718a9c9ca6801d060f16e36d588e1d8298e28a895d644bed655e520299ff19c82
-
Filesize
580B
MD5946900e769f05135619a773df5fabb75
SHA1ebf7433a157187b7ea1c9e5d208143226b3a7f32
SHA256351320d06d3af27ae99a54170593930af63657513cec0dbc0bfa343f51274dbc
SHA5121f63d4682d4b252fe58322e4c3dee09bf22bafef2216646959552623d3c6d40a56461c506e4bdad49ff965af36d34149a28c6c5495ca985310ca1d4a6415b803
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD5ea47980acbff36583183903534552158
SHA1575aecd34eb0625baab30dbc29f8ccef3cb18a09
SHA25639a2498cc8277455ac5bd6699835f2b7850a1327a9d0c50cfa65f9de407270d2
SHA51210b6f3eeac961ef4daa3d9cc669463494a9a8429fc7652a5ccc15bd1e726270386d083a0ad6a677b2e351559adf815c2862d9f15b1c2dc971aeb5209ebd92caa
-
Filesize
625B
MD563a1e94bef1c9f7fc8991f96e03b904c
SHA157da748ad09ee91a9b9acd60a519f2e542680989
SHA2568d66b86977d563fc7709a2ea2cbb300238c6aaad70622a02477be53afe4a037f
SHA5126920694ebb8ac74c6f2a1aaa1bbd10f0ed0b2d2c2cd10b6dc504018e764a2179604cccd12a443fd2f7ae020af1c6220055526921969fb4a5e9cf2f58c95b6f0d
-
Filesize
873B
MD5b91906b88b0c7c64ea47c03abf281258
SHA1368bfdc3812ec2065da532ae816ea50a9acebf32
SHA2567bcddfb44d9ca2811684634b06f183e8b2102110fb289f81734e373035818f4e
SHA512726d99af71ab286b5167758ada1ccd8d4f9e24cbe3c4992b3a03ce7196a6244971e6fde766b84b37017e92dd3c94cdce049e5690dde6141346412bb12ef19c7d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD58c64aa39d46deed64de232d24ff38600
SHA1b0d23a9159847a99845db498521a149fde5e5627
SHA2560a416717b57804b6f0f34921ea1455cf4064f37e070bc2470dd04631151b55b7
SHA51294d9df128f23e27190fd6f2a7be9516be0ed454461a0dfaf449b23425b85397868b22d3a8f23e7591b1398c251976a5a10b8e2fe09b3926c9e61f88ba40b8b02
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD5bc8e6defbc789bdce70c76a28b7194d9
SHA115cd4585b3d43c8ac9d7fa2c0f29af523a07efe4
SHA256f99083f6f7dd18c34bc3b6b97c8749e55de4da64a2327b8bc6b7ce86db85ff83
SHA51211cb9b71839e5e3b847b63aab5d9a02144bd31732f691c4d4a8e0f80d68c0041c87ac809bad8cb6640115c2cfbb538672fb1078c15f6eeca856b977ad14860c3
-
Filesize
615B
MD5e173dccdc21040c79ef90f7d0fdac82b
SHA154ce97a1597df336ee9aae2900ef9e48c9ddca45
SHA2565f50ab08c60d731e682914f7206aa89ffcd426030ecc281e2bb43cbfb6fbb777
SHA5125b23556a1001a9b17921fca1f627c96da1a072d04149fe6d33f7bd372fa5ad3e46c441afc25f875f054ef1f4a6075a0a503372429e13de773b7c1a9d235e938a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD54db8a3ba2852b6a152c4c37a1235ddec
SHA1d32baf71d309a933155428ece4b270dabcba59b0
SHA2565c9f56332d17303a7ed3e0114e8c4b526075be6809d2e287647c5dbf2e8fc7fa
SHA512663d1dd60cba48a1a41bd7096719c139d0bf7e0bb7d431cf6d33dc6b2f073f3386db7e1866db7c918456dd39d5d4a434c7601b1e5b57abb4f7318c240f3e295c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD55d24752abf81fbaf26501ada700d3995
SHA18aa5cc633f20e97581380b18eb06ce13edef68d4
SHA2567d5f3212face35cd5b95db0ee9136d66ee715e495691de992ab143e589b80896
SHA512e038fcc0cd0eed70d9b26fa372a3174cef4ae05f29f1fc0aa3dd358d5ed737443adea7ab3b641154e5b314d77cbf2614649971a5a35fb5f28e1792474001436b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD5abc85a50f1fd66681555b214bd5120ae
SHA13f64eef2a1386137fcbc21f281c63e0b8849a05d
SHA256565f29a3d830fbeb604c03963c2d334ec33a5b877fdbe2c202d24a9f541eafae
SHA5126f760430f6ef780709082be8785ad710b1982e007f5ebbd59f87dd4b82704ce8907f40e66346afa3a4a5bfe3cec64b9624a8b917dc151f85cc3e5aac3e54ba51
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD596899674c5c75184c09886b11365d194
SHA1f0e0a61deda257e556cc05bcba17e238e802ee06
SHA2562e4a0b528ae223bec0c445dcd186d30783595bb75170a393a61b03b73b860fe8
SHA5120bbbee596a375bda38be078ea63a1be3e8697ab0f1675c66fa5bb0ef95593492658f31fdc819c54668113046a118a72c91528d9401232bc1d35fa39be448dabf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD59fb30195d6baa480c32a940edcec339f
SHA1b0994ecf70ce4621b0179923b2b9c9e0e741b206
SHA256916c56cfd288f72b2379c6cf62ba249fbf8fd79dd9f9117006e62ecb56169702
SHA512e44bda25e10e2281379f088388a1d7e95ba67bdb0304a686a6e62186a54aad0d86c9d0beed5fbffefa122fc7c4d69961f41d9d2f51fc2c59323ddc53b8f992b0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD5a2b5d636a014c9a0a84258f0ccf98f46
SHA114277de2722b1cdb2b62091fea0f4a81bdfff710
SHA256f3ac26dc19410e95e6cef93a6afd7985a8af11b07c23c01c83cb746a6822289f
SHA51248c47ece3edfade5f1516b64e40c3f1edadba51ee52f0ceaf070e81c4df2d176ea206281e92ed69303371510b16929e8d914780c900ce015e123f8730a261215
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD5832842f0444f27c05f15789de8d0fe9f
SHA11649262a4ec2a319012ed5fc0eb15dde1ec88369
SHA256dee216b0c0534aff117280e3cbb76356239da0c3546deae2ba02ecdc1f37db3b
SHA512c1d8ad1942d09b1ac708a34558c6a97292ed0d5a0f93bc35dd142c3aeb241d7c1f04b9cbbf2ae5a3a3891e1e9cd0411dfbf78c840abdd281183605d3db2e0d33
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD55218c5259f89c6e57e8f40ddb91fc737
SHA1dff0cb2a6d17baac2f64469d25b9c8f0783b1964
SHA256cc4250ea237ddba3102325116873131e2baed30643c070fe9aa12d9d5c65f42e
SHA5122ee879685b9777240c475f2c7919252f663aa99c6ae7681361158083da4dad144905a65bc8c4f672d39e6c1c685b0bd4d9e56b629607d9f301cba62c4518e4ef
-
Filesize
153B
MD555aa628a07550ac99de252ab78306f61
SHA11fef9dc3f77821bf750bce42ffb1f6c892f74572
SHA256839eb695666f96062e1ded9d6f1c97056f6fb6dd78d8f265e437c48e9d0675ca
SHA5122e1e0fc7de510c92aefa23840cfe5e5e14fb98e597aa626cbb2f3034294d54d6cdde51dc0bf5a76dc3d40da70a5ac3f774f0db9e450c17d1b416607795643715
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD5d5a632a41d602a4eef588ebeec89aa12
SHA134df371469031d9087f2468a9ce0e88308eaeb86
SHA256ab3ac6b6cc56ebc63e65dfaa1363bccd598608bb0fabf5549470a205ffb2c937
SHA5127c3e2e68c1a08df580f1e261ac111265f40e28be3132b23802ad563770c13468577a1f16fa2accd04b0c6b1bb29b49322d4112bc2453a2ff75291537256edf25
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD54e1670acb3a2b78b210a839ba54a7107
SHA1c314081ebdba5e9b4f34903e139d8e677d18192e
SHA256304f123c7a70e8965f62addd8ba5acc5bf2c9fa0ec2400e218cfeded28ccb2a6
SHA512fa391e26ce105668307eef1e9eab540ed82d3f0dbe85bda1fef50f2d0788e5547651e29d5bf0fd44045695211638f335ca1588e8c703df8ff370abe76af355ff
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD5218e3267e227b6bf183d122aec8f78f6
SHA14db1510aa06eb8c0a8547ec0d0b13fb2177303f0
SHA2569bfb36c85186342903fe7b458cb6e28db1402ec8ec6da30db4098575da7e0007
SHA5121cff54e7380010fb85932b4911b5633d15282f21c830ab70e12ec83b15fe36f8f6f051d9f671973fe14375dc771948216c2127a3daa4a64c6913fc230fecfb77
-
Filesize
109KB
MD5bdf7f015bc99980e0848d4374b6b1afc
SHA1550924804be4e77041db599216a570dd82735796
SHA256156cc06ac9a324896c98f8f3e71f86a6203128b8634f20a00dca9ec47304d1b7
SHA512ad875f6252bdde6c9f9764f1444af074fcb0ce96f270def4f6d337e6a4bdb3837a85f595eb4dbd82a761cbc8a76be59d1499cc89688a9166c69e6e53ad6f0d1a
-
Filesize
172KB
MD5e84954bc75eae1dfa4fc8604dde17d23
SHA12db0a0cd0933ad0f49af4c614b28317d7b4ee3dd
SHA2565d5cf3705a5425f9338e1d026827a1270a4d85413f54c1fda312db0dc4145fa3
SHA512214b118670d67dcf2886e73409fecda1c6614365b6e9a05ae9caee9a5dcb655702e8750731cd65b47e35723e89a26317ab0add0df23485191e07807cbe3ee7dd
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD5a18fa877bc346c2d6a5a0ebecaf582a8
SHA1a62cc7d2ccf7cc483f6afadcdf7c8018b7c8631e
SHA256f247084f30876e748a59bc72ae577ff3429e89ce3fd9f9ed8ccea05f278a916e
SHA51279ad00d1e81de217dc922eac792c7f5764b600883a493822572b8ff86efb3d7fa9906dbc1094911f70c40b390c3209468c95060d99c632836bbbeac0721f0491
-
Filesize
49B
MD51bc0708738f800231c2f2fb48b3b9509
SHA10b59fff429f22e8cf7f885b327e48041281b20d7
SHA25678b881ba9e3b61685fe049e795f829792e9debb549c3ece91a2d1296f9fd71e9
SHA512a727108ce70a2cb117ffad9815a14a5ab0aaba637ab7cc1969c8d20abc721710fe1948ebf2c6d594a706436fbf58e933702b40a1f26c2c34fb3a94b9b24efdea
-
Filesize
21KB
MD5a020bb28bd35fb03f367946b4faef444
SHA1d28c059f65960f8a812f08906bb1b75662317004
SHA2566e657a8dcb8338a48860a04a7bac4f5fda6f4cb67fc7765032bbf394d40c95ff
SHA5128f1865a86250c2de1dd6959e61d23fc5904167d97648aca558d755ed93f13124b5a05c2679382106bf986452e3c78704540b511a37985b6cc0d5973c022be5f2
-
Filesize
1KB
MD51460db39e48809697d3ba5e675e44aaa
SHA13a6a7954c5bee8ec192cac49da32daa20b68ee40
SHA256b5bf8bd3be1ec2ec951a05dcd0a3b830365aa6adaee9a1bef4c4636b996b7ea0
SHA5128dfe019557ceceae9a35175ffb38152857c532c15617ba1203f379356d2e8e43918f64cfdd575c7abbab242851b755a28d22deab04631393dbbbfeb90f9b7b8b
-
Filesize
952B
MD57c9bf5da1c349c270c334f553e9f59dc
SHA1470555da3fc3b416035a9ea6e76309cffe700603
SHA2565e8b1ace18acc03e54ce8d7950c1063ea0cd962d8a879cd69b16a0b49880d800
SHA5124590553d7cb465f7a6b0151ba8c073aaf99b63d3e311a5be5987c682bddd58a6f253149c0f5943dd78a282bafae429b3b3247052c3fa7ff0f0d0158df4aeb187
-
Filesize
121B
MD536a3f40b0a1dd2196f4acf3deab70a24
SHA1afcf55ce3ebe2ef39efa816bce8bb2b7b4ac7ff2
SHA25654f57a6d0b84f50b0985689a39aa5957d05b95024fbd052ded5985d4d3de8ca7
SHA512e78e7108673257c829bb92896cdde4c5ce1dd34543c725cae3009c794078023e0f8eda84ae6d6265af5304b012b5b820febeefd4dd81800ecf8862f11820f644
-
Filesize
1KB
MD586e6c0fe465279f0aed32810180900f0
SHA1701b620cfe8fe50b41901b2bac427c4fa2780816
SHA2567f6edeee0bf26373516d03c513dc5d474cb0609f70d375a431b9bc43659f1993
SHA5120d43ca0f4eaed9a122f31147f48be2ff5012751725f699e5a05d45e8389ed8bd387a9b6b1c38e263b93fa7d33da56c9d2b1620a998fb6e563fb4779d5cc8bcdd
-
Filesize
8KB
MD560a572ad1bde9f702c5e3c9335ab09e3
SHA15f7e8383a934762316d1d41888b3a7394c4dd085
SHA256448e5d4a8adbf750840b3ac9858369583f0b4f3cdf0ba41a8fbdcd16ff3d97a9
SHA512d8630e023068e0f277187f70fd1446cfd9244a5e49e3268b9037966411cb451b49e3cf9dafbe363456af1f9a604cc311ab2298736558315a589e8ada2c65f6f3
-
Filesize
61B
MD5e7c9c85f5f4d62c65c31acf49842320d
SHA14307d892d4255939a79ec70865e8d4230ea6e9d4
SHA2568e12cd0290d025231f50646753ffbcb2a436691ca3ded8550cce1ee781e46cc2
SHA5122086dee0ce633ac79bf4e8cf8fafb750f1f119f4f24635bd30475b3bb581ff5f84c28991d9da97edc1299c7cd186732f5a09ca757c148596115da0f9062dc85a
-
Filesize
914B
MD5773d07547f47e381629d2c3a41b6947d
SHA10f36939f18bb6c3b85dac66027e84ea9e6828a38
SHA25638ed93714e8b54c12ad02210bf47a15a88d70c71c987d81a1c60d79aae4b65ae
SHA512042552c3ac84c8c9bdd273a8f90d5f6d46f7e65df192f916fb049920f5bc0abbfe9309645ee2aa838e79283ce2fae6060282bd3ec88c880ca0263ac0af688087
-
Filesize
90B
MD57a8a32d97111cfa2b1d4c72cca943636
SHA1bf825267627fe94aac445673277ad6d40f31fafc
SHA256055348c654b7ad120831d2c53c0d260e28469f099b70c1e47d0465101cfe2833
SHA512da5393c8e10808fa8f05140958493c063d20ab4058d38da83b841809b9673bf13bf03fb2aa06d131f89905a671300c6b82ba5641e4b99a45de70534947845f42
-
Filesize
90B
MD5c18e42fd079450d9acef51832f19c807
SHA160f113a0600c0cfbf896db2ed982562337126e23
SHA2562e3ab0f306cf390afbd4c29b7b173d24177b657efe9d1e10f129893b6eec22e8
SHA512cb9a0bf0ca20c656f00b34a23a01afee12fc8078586d20f6a0dc78c39182155f821a917a14ef9756882c79ec27c86801612aa04a7ea0d7bfd7afd9d26daa14b4
-
Filesize
328B
MD5efb0ea957deac176d69a9b308b74b4e6
SHA13d777c666f8a5b0d9935cc4eea7e55400325e035
SHA2562e93095604d6b1231d0a5246af2e9703ab604e85b6ff22a8ab16fb85a72fc8f0
SHA5125a1f26641e911a17d3e4e350399e5a026be73bf03ce6bcd38ca24f25652008a2acccffbde3d5e5e0291a56482e20fb2c95dd62ba3ef7b5d36b1b433433aebe69
-
Filesize
1KB
MD5180076facef7816ce6473b3060f825a7
SHA1ea1d8fb79e96c42a6251b1435fc746546bc50a13
SHA25656336b8c7c5624c4ff6807ef754431749a8e49dc506247516c92294b8b6009d4
SHA5124805edbebc66d89bc521560ce2c2dbf88023b608a5274bf7b05a87b20e0c3d76e150cbbd3bedfaf166089f64b42a27a65e85c628b05d2081e1de7f015ec6b099
-
Filesize
162B
MD5cc36c0eb353da99d7bd74e50d6936c28
SHA1ff3ca9160b56915fb42cb1a38a368126715e9e72
SHA256217347c58c413ce4be41efa7be1e68bcc94ad12b608ee44b3dafc25a6ecd455e
SHA5126964926a8512d3d0d4cd633eeb6f784d5a7ed544699ff331b6e7f80eae3b8e26875fc72a89c71b7fb1428169f913e20488ee2c74a50c09cd0157c41f731cc031
-
Filesize
586B
MD5a004b0668d0ebface583523e6d7ad241
SHA1f3e1fbf9e6dca294aefac7d9e34b53966f2681cb
SHA256662e096be08b8e82e8aa39e6deb7b95e1d52d213ca5879178da2226a74c5b284
SHA5123569a24f2b3a55bc1f68ef80172a007c9f6ec4d2d51c9bdaa6b9e1e015b7145c56a643611c8b4939ba4f50d6d1a6dfc72d704e70c4576be489244f5a05abaaed
-
Filesize
124B
MD5803d54daa282f21be1152996aee9a2cd
SHA1ca4fe19b5632d669f3fca3eca7335c94f66c2bf4
SHA25617b0a4a0f1657872cbe1a3118c2d62f52849631b45dae43be4b9f692f58db8d7
SHA5126aa406e34766a8e9ee635179906b55a3583b6ab81a44f777f64aeb5b3566189f443cab6d8ad62ae16cae96b52be62354f43bbba421b62314f636bfacd436d1b4
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD52dfa1c99a049073a4c9505bd935effa2
SHA1b0741e17de03f1764d7f2f32aad41d19484f834d
SHA2568a84304686f35c24ec6b46b4a8ca16ce003dc2f38a13f75c0660571ec0ce1cec
SHA512d7491bc882643a5fe7dd6359599a2505ee53240c600dcb8f24cfe9dba14f87f6dea3842c9cebf7e07b2675bb6e12b7d24d5e56aca84c372341f79b729189ec5e
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD5a26905f1803d640b46f11df11bdce796
SHA18738620276cde66a037c41d0d87b7052c30e87ea
SHA2566068f4efa77101ee6104cd6ab52b457989502d304fd39e01a20d0dfacacb24bb
SHA512c38d3a3f0f104b061aa9935fcf4540a47301574a8a54d71b5479108943d1f9124e44a6096b5c4964aea46b165418dd4369f8d930d4ed8a19261da965543a0419
-
Filesize
8KB
MD5d4795c5698ad24feda0e59f83d580b23
SHA1221a6ceb847d7f70b14065eebf1e510f62bda8c2
SHA2566bb30eb5f649f46f86dc29c1b4b55243ff4fecf5920dc804bc0f77759136da2f
SHA512cc7a6619e2c0d603467f32bc94845fe5276d60b700698098e3e65cbc42a7dc13054cb9b3e144dec35519ce1031f7b7eecb341b73ea1f3b4afe349eca120abfad
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD567fb765610c8abf76888e7495ab06336
SHA1a5a84df7407f11cd843f1c4dbf6454d9be957c95
SHA2568422b56e579f6e042c2797ecde2f90a309b1b9bdb7d6a28d68c17b9a12c03cb3
SHA512c73db2c48f17a5634cbfee81e879138675dcfb7ab23fe6e8ed7535126dea2decc7a8707938419c8e0a970525046ae92a633534359a1c8a578e19fb2469c14c46
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD509541b880b28fcdbe91fa78b2e26e0db
SHA1c0ae4c3b10b65556b8760faa68f8e149cb63933a
SHA256a859f10c6975880b2dd4830513bc1084b4eca069a9a8ff489453b703973d5d7e
SHA5127903a75c2604c00cd2de9df38d74039272076c6939fc241326b52d4904555820d58eca5d22a253488e01e395f1a36c38edc739c41429bcc8f04f85951983c12a
-
Filesize
880B
MD5cbf19257d583410b336eeb203273acda
SHA10118e2952b901132bc9b9c1211f628c9a0ff6adb
SHA25613ee275b05640d6db78114d6634028b7b4b2bb573f45c304d8e96d537c87b17b
SHA51201a3c5b838aeef1f38546487202e2b6cd2a03c845ecbfb8e3bc29f3c983a5f3f33396338e1d809ff96315ed87c452bcb68045e32d69ba27a504715ea59831d93