b1968b4be3f82fc26b1e2decdcb8f532915aed847603aeeaf254722bdd411d26

Resubmissions

16/03/2024, 17:17

240316-vtswysfd2y 10

16/03/2024, 15:31

240316-syg9xafg39 10

15/03/2024, 08:15

240315-j5rmgsbg5z 10

Analysis

max time kernel
1566s
max time network
1570s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/03/2024, 15:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
Size

12KB
MD5

784d3d48c9f583292a9928697d7cf87b
SHA1

c6dbd334524d6e6361550995c33a76ad0b6793aa
SHA256

4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325
SHA512

ae2a34a08c35dca812812d21dedb2bde3f2153b5e25dff18b866be501630a7705f93a64e428577af7e3588a301f0c9dd309cf79513f4a7bd0b0b5e66edba2e52
SSDEEP

192:S/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMonWNo:SebFNw4Pk1itKkpAjjI2Ypdmo0o

Score

9^/10

persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2148) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\54kK9pAcy5Z1D7K.exe"	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\migwiz\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_command_precedence.help.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_If.help.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_logical_operators.help.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\XPSViewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\migwiz\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\winrm\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_neutral_86bb50f34c49ae71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx003.inf_amd64_neutral_d1510a8315a2ea0d\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc00a.inf_amd64_neutral_565c5d04cc520c48\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_prompts.help.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Session_Configurations.help.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_neutral_8887242a56ee027e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\spp\tokens\pkeyconfig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rawsilo.inf_amd64_neutral_8eb7e6403ddbb7a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pipelines.help.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00g.inf_amd64_neutral_6f76b14b2912fa55\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00y.inf_amd64_neutral_64560c72e81f6ad7\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\System32\DriverStore\FileRepository\termkbd.inf_amd64_neutral_e561157e16aa2357\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\migration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Break.help.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hcw85b64.inf_amd64_neutral_22b436d5d06ab017\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00h.inf_amd64_neutral_96a8e38189e54d71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_neutral_a7f5d9f34b621dca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_job_details.help.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Reserved_Words.help.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_WS-Management_Cmdlets.help.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\000a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbr008.inf_amd64_neutral_2cedaac353c381da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky308.inf_amd64_ja-jp_d90af802b607044a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_wildcards.help.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\sv-SE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Core_Commands.help.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\zh-HK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\System32\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnso002.inf_amd64_neutral_c3b7ce4e6f71641f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_modules.help.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\it-IT\about_BITS_Cmdlets.help.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cxraptor_fm1236mk5_ibv64.inf_amd64_neutral_b81bec917adfaea5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0008\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidserv.inf_amd64_neutral_f2223e39f37c69f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpp.inf_amd64_neutral_a9cb77fe1985cd2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_WMI_Cmdlets.help.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnok302.inf_amd64_ja-jp_708c81a8b0ad8846\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Switch.help.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\row_over.png	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ViewHeaderPreview.jpg	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\WHITEBOX.JPG	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341455.JPG	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\icon.png	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\weather.html	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21333_.GIF	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_h.png	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21331_.GIF	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115843.GIF	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Program Files\Common Files\System\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files\Java\jre7\lib\jvm.hprof.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\notConnectedStateIcon.png	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR40F.GIF	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR12F.GIF	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR28F.GIF	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Program Files\Microsoft Games\Purble Place\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21482_.GIF	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceDaYi.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-2.png	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ICE\PREVIEW.GIF	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309598.JPG	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_hyperlink.gif	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)notConnectedStateIcon.png	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\grayStateIcon.png	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\SectionHeading.jpg	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR50B.GIF	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\keystore\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Peacock.jpg	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Program Files (x86)\Common Files\System\ado\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14691_.GIF	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\RADIO.JPG	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_m.png	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Program Files (x86)\Common Files\Services\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Program Files (x86)\Google\Update\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_87c4b8e18e92255f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_windowssearchengine.resources_31bf3856ad364e35_7.0.7600.16385_ja-jp_432be24beb1530dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\msil_aspnet_regbrowsers.resources_b03f5f7f11d50a3a_6.1.7600.16385_fr-fr_0a47f67bdedbc2ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_Reserved_Words.help.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_sv-se_69bdc4ecffd622f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-diskraid.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1c9c0689f800ffeb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-multimon.resources_31bf3856ad364e35_6.1.7600.16385_it-it_845000fd0a08b2dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rpc-netsh.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a40e755315c43491\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..er-engine.resources_31bf3856ad364e35_6.1.7600.16385_en-us_133138db7a4bbc25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_netfx35linq-msbuild_targetfiles_31bf3856ad364e35_6.1.7600.16385_none_6ec8fca242b4dcc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_mdmnttme.inf_31bf3856ad364e35_6.1.7600.16385_none_c33749118dbb2f7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_divider.png	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..e_runtime.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_21f5c90d8c68ecfe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-u..re-atmini.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_206fe7a92ead27ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..onhandler.resources_31bf3856ad364e35_6.1.7600.16385_it-it_cacb573fa36942d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sidebar-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f1854f32e720ef54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-icm-profiles_31bf3856ad364e35_6.1.7600.16385_none_f5547dd01f628131\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\circle_glass_Thumbnail.bmp	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a71dfb1ff90be233\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_prnlx00e.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8561dd50df009b72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cttunesvr.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ac55c720383ccd71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..tallation.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9ea5d52f2f6e355c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..mdac-sql-netlibs-np_31bf3856ad364e35_6.1.7600.16385_none_4ad0e0ac9428f959\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..nsors-cpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e6f1def5cd50006b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mfplat_31bf3856ad364e35_6.1.7600.16385_none_529f8a546d2657c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-msgothic_31bf3856ad364e35_6.1.7600.16385_none_34a180b79866a79c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-video.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1eb090549ca8f9ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220\Windows Navigation Start.wav	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\inf\SMSvcHost 4.0.0.0\0013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..yer-wmasf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e5b75a510b080a6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-wmi-core-wbemcore-dll_31bf3856ad364e35_6.1.7601.17514_none_4a3a62a521d1fab1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_mdmgl007.inf_31bf3856ad364e35_6.1.7600.16385_none_cfee2604c67345ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_45286e597214a485\403-8.htm	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..filercore.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_0907d2ca42255393\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nshhttp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bb339349516522f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_97c2246fee970dbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\msil_napinit.resources_31bf3856ad364e35_6.1.7601.17514_en-us_7b39d5372287bda3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-certutil.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2c17be8337e2e190\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cttunesvr.resources_31bf3856ad364e35_6.1.7600.16385_de-de_76ba27fd7f33d427\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-lz32_31bf3856ad364e35_6.1.7600.16385_none_ee846ee2431a083c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-proquota.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e778f7535ea96486\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-r..onmanager.resources_31bf3856ad364e35_6.1.7600.16385_es-es_89dd32fa1cfe2718\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\msil_microsoft.web.management.webdavclient_31bf3856ad364e35_6.1.7601.17514_none_8fba96db23caedf6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..trics-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_dc160164dcd1eef5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..ragelayer.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8ae0c4a3630e5839\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\403-2.htm	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-audio-dsound.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8aa10aa67be8b4ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..irectdraw.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9d5be3a38b80bebf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\inf\Windows Workflow Foundation 4.0.0.0\0005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http.Rtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..cognition.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_dc568e2e32e30943\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft.windows.d..ackmodule.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b65fadb214ac7473\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\msil_microsoft.applicati..framework.resources_31bf3856ad364e35_6.1.7601.17514_it-it_bd0718b12100104e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\msil_uiautomationtypes.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5871675c1bd38509\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..licy-base.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c10af1bed239c523\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-ratings.resources_31bf3856ad364e35_8.0.7600.16385_en-us_d06c65741a79bece\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-regsvr32.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a40ab2ab37f0dc92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..-usermode.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6e34804ff1d51125\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..spp-tools.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84dd12e1988d1a10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-a..istant-ui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d821625628422836\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ringtone.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e218b286eb401969\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cryptext-dll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cb32cf05d00eca11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dpiscaling.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ee4747fbdd1701d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BVFLDSQELWSQWPV\ = "CRYPTED!"	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BVFLDSQELWSQWPV\shell\open\command	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BVFLDSQELWSQWPV\shell	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "BVFLDSQELWSQWPV"	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BVFLDSQELWSQWPV	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BVFLDSQELWSQWPV\DefaultIcon	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BVFLDSQELWSQWPV\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\54kK9pAcy5Z1D7K.exe,0"	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BVFLDSQELWSQWPV\shell\open	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BVFLDSQELWSQWPV\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\54kK9pAcy5Z1D7K.exe"	4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe

C:\Users\Admin\AppData\Local\Temp\4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
"C:\Users\Admin\AppData\Local\Temp\4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:2388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
39B

MD5
78771d2ad3aa0fc6be1a0ae14fc17868

SHA1
fe1c77717a03f08e5e54190a6e351260bbf6b8a8

SHA256
99594c155e27207963837a2684b7c06bf4ebe46020a3abb0a2b52ca51a826a22

SHA512
f1c98e1d81d0a9e2c99cda140a6303c848a5d4338716aee42e4ae695a9b20bb0b047abe2e32b8634e5f6b00654c7afa26701fa50a37f5f006ee4a3c9e91251b5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
2411d6d2416612a3bf747c67d43ac9cb

SHA1
af48d13424604334d0b9af832ad0a28d16c43856

SHA256
342c4761ac5c2964c9e916b84583beac43caf1c7f7fca93503ba7670375b5cce

SHA512
8b4d83a3229b472a878dadab21a6f15935f5e20026ebea7af3439e5ed911edd404c51aaf91a0156d19cd480e195a3570af5733717cfd7b4457293027b48048df

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
c4edec7305a0dc5664a8ba7e14a38e2b

SHA1
10c967593fe8eead775cfe1773b5102e7e8f20e0

SHA256
d6f6fa7c38bb3b129f1383ad24a695bd045f9435b32f0021a1a35e2d5f1d5461

SHA512
9d13c32edd0600ee455cc32a35ad33c22ed2ddbe9e26ce957d9bdac7b654bf995e7aca049d417d60d7ebbf9aacb71ecdf996d3f94c0ccf229e59b812d6b1b920

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
e95aa3d51b044fe3c38939b22a8a8a90

SHA1
dfe2236bb17712384cff9f81cc4987f2277bef67

SHA256
dcda2fcbe9c898ad690c2335c0d2a696f95bf0ed6718674a601298c0000c4d12

SHA512
84734d89e90b48f94b00daf8fb39ae598fe1995b32134521adf8d071e8c32f54ad6ba98063e6f246d9ee2368e327b3394e881c0dd794f32eec5e411a61a62303

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
29d33adbb5af8ac860e827ff8d742663

SHA1
1c532b43b60fdd819f77a7fcf7470cda6bceaa24

SHA256
009f5784c2a51e99cf061225a8b092c8824cfdc5e8f78b91b374e50b511c80f7

SHA512
741acd8f60c0ff1bcc2f1db60af3aaae7f11609abc0a277d9f7c51afadd9b89cc4fdb82e7b426ea16c375833d9b8c8d4affb234addf6388cb2f16b2e9a90d61f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
ea345ed51d22da4bfad7f5d2aa474791

SHA1
129e233f90451525927c8d094856c38d7433b53a

SHA256
b4268315b49f586fe0fae746374504e22177eb677b1d0cefe33f252367731712

SHA512
3f97911a408594838df4f0a2c9f475e1d269e4147e0176e630e20abbdb7d0ccb76a7c058f1c5212fddb97e90bcbee4056e543cbde3e157888a238aa0f8c409ce

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
681d1de82e90a73f2fa71caadfbd084e

SHA1
0549e5068b24d0ed3ca6880dbd90e00d40b10610

SHA256
f6981b7fe0232bab3960a7245d286040c5a09692fd8c28ba23cb4f376e9b8da8

SHA512
da23daf0fa960e8d566213d5f3649df6d81c26f881feed9c57d07eed71f82c57db952d7847f32a932322ca8fcf5dbf0d5361732c6fb5a80e8ed992e63d6d1c46

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
d4259f4bf6301a3f5b0e232f2d364709

SHA1
4532661c823f217a6a8ae65ff088b7ebf826cf4c

SHA256
a9a63a2d9bcbca835fa45daba2d82257f43c19ca137634fc86f5891ed1ff4210

SHA512
1201dae5d9a04209b7ec5b83612eac3a9b8f284496828936fb3d40bf4bafa62e2277d0073c79d24e48df746dc3cc8474fe55da9c9121f44feceb18637d3e1946

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
7dc37303fc7261500dfe10f52f9013b2

SHA1
d18deaf9b426bce8ef410112d31fd4f7a84b3794

SHA256
951b790b61501488d22b71277c6ba98d70ce2d490a2bf93f580dd181aa571920

SHA512
3b294c6e17826a574e475e85e8e677bfc3a6754fe26a6d0e754d8b1109ce516d0e3de739b2e0941a86c46c43eb44c3fcb228909a72364d78039753513c396c11

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
35255516ea3f6b11f3f8348319827065

SHA1
60ead8859e9895092bd50519de0c71de8a698636

SHA256
85d947829f12fd0c190ca82924eed6b8c787019228bfe818078a9cad565481b3

SHA512
b76e9efc3c640f6ea05bea2bce1f87a40f793c1dc19f1f3f00e7f3dd4bc7bf56e57ab10dba5b779422e80bd300137a8f43412b7b43ebf38c1d455e4972b26cd2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
575dd80946029b9584cf3eaa0574f66e

SHA1
35ceb6a5c29d60e681db692be24a36e531880633

SHA256
b8d3ff03f90f65971699b462c03cfc4d9b6412c1aeb806edc2a40801e27399b2

SHA512
3f2c2bc1cc7cabf8f3afa1a21f01fb250561c0dcc1597878d328ea00bc7d1540e4438d045b01a418aaeef4aa79db6579abb7d5810084c69aa5f84e5788c12470

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
080000599b95dd30730f00a5d99a0112

SHA1
aaa8402d7f87dd5139b4d5f2d10934c8101953c8

SHA256
bebe266e3071a540f984280a1a7af88fae20578ec4cd6d873ebda1556c0b80c5

SHA512
81ee3203d4eacda04eb56b2dce17c41295a243d0a09de6c927a1de6bfc3e2953370cac3b43eea52d466d9d07a381b3966629b3988297831ff39f75aca6df108c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
c0cc0e406fc650e80bffb8d27fa8d546

SHA1
33a45f09df521cd172ec5870e3dcee3d84e911e3

SHA256
e749f4f6788440c686e1ba02cf212319da0ff15e95a698a02a19fbddcfdba922

SHA512
6521af251fe14590b0ce86a8fb96c5b5c2ee2a86086c00e5bbe155858db6fb5d4bdd5a699bdfa57b0899f807bd4f325005ad038dc3e42a6b0bd1bccb04d0d518

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
2c69f44e31fe59a50996b076959a0139

SHA1
5dbb9f253a3bc1cef6c9a97abffcfade989c5be5

SHA256
96d05e719b9683344d7cfb9cc4b223a3b7a9b11a260b2b980534e1b1bddbb48f

SHA512
c7e8cb00de89aa7f178bfe2ff29c8bb7c2228f302939d581ee675aae4a9bf11222671e3c0b5613fbe6a08af2017c4188d4c2ae6b3bde8b5cb195d3670f58497e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
ff851be9efd7537955d69487a462e2f9

SHA1
8ca8316deaff3dd1b3ed482adb22f2dbe6ded09d

SHA256
3c9cfb102643a7a47b2b1c2311f8d09ec725ab748bf0e9d39d1c61ef72f6b18e

SHA512
9d4acd2ca1b278bbb1c42e61c69ce9cc480321b4e7d3832508425b351429839f8ad15bc59544b98d278654cf49ff69731abe3fa7358c499a37d9def0c68e1c1e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
3904915afbad7dcc9c5c9e87459c4cf4

SHA1
8a3ad7cd7c70adcba029f1505eb2b9cd590cf97b

SHA256
d3ed1e46660c03696e696c357d26ddd8139edd52b9c48a12dd8acd99fc579fe0

SHA512
822de392e007c86e5dc000b1e3ee37801fe8bf7d506091fbcf4ad58e91f1e254d6e6a3f996b4bf75d32dc5164ab47009c2055434e40a03859f77519d35934a3d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
695c3b4de8390879326eda407f85524d

SHA1
92b5580143e9f30eb84f9fa9e24d99da2ba2b668

SHA256
76a7d3c7bfc9987104f015f886a8b4b986e19b77f3e37ee405835de1a86d9a2e

SHA512
3980743aa04b11c5deb918e8e84b4e82bafdf2863507ceb07bd082742db35599b6c12889bb108632c9af3dd1ed817da369a7267b7546a8f807513a29cf65ebd5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
95626319a455cc7bc2ad5e599c91ea27

SHA1
b65de930af6df9c9b739eeaa46a6d931650d6b41

SHA256
fd62f5e94af8559b1e2daa796f1e61ac779f1954db93f513cd9a8cbe4b8e247f

SHA512
fe964d460ae00a5d08366b459018149e8c9b3817f04d852dd19a35579d01fe5d3a53eabb117055799943a0dd20c0cd9cf58270cf5e11f5c5576fbd93093b2a5f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
1e3f13640737b8caf7ad217f3b0fbec9

SHA1
380abec5dfd6aac215c1766fcc529141129701c0

SHA256
cc29b1e89afbedca30ceb30b1195c4129ddbe49e6eee3ba436a65e14ea403399

SHA512
cbaaaeabf1947ae421c43dde292a8a130a7be075160979060eb01f6e4b702b8e549b1a3e6f1c9e51527960e30a75402c649b68dc1f88e3f3639819caedd349e3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
834efcea717239f8e00f46104393a88d

SHA1
f815c8b77fffa18187267221a94a50a7bdb74f84

SHA256
b22b87ddd5ed51fbabc05eb0bb01bac747ad0156aa12231aee6935075774cdfe

SHA512
70ff3a4475bca93aacd4d5f261472048bfc383165f83aae84ef6e9f80f16f0bfa2c5a0d2270e5603bdc444859ae9480fb3cfa27929e33acd6ed57188792415e9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
7c98051c757e220551a213368587e578

SHA1
076dc68879866b42f65518594a1aab7d76483847

SHA256
e78ce0274d221ee3a3f35145f696d095494fed5fb14db9b9888b3edc1f01cbb2

SHA512
b6b2fbf9bb42de5832c500810e1838e203905f8f46ec7ba04b991043bef53f9f060df81bc36f2d2eddbedbe9eb09f3282b17f1e2117ff9765db53d6baf9dec77

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
289bbcfd8bbef4ac609931bf391621ad

SHA1
d23b03b29b40437912cfec3c0643314373a0682d

SHA256
f9ce60200bf4fbe42b70f931304318aa2705868afd51a9940d916dab92841e43

SHA512
fe337920a46f461ee1cfdd679a85bdd2b86b7f53d4d48bdda2d14dcec811f3bb28686a4b66baf754105a5957f796800fd521a601ee589beca7a94c9e676116df

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
3a0cd0453d1515a8a8d90455e38309ad

SHA1
4dc597ab6f952a8ceabbf2e0be7431d3e14ace7e

SHA256
0e3103d85540dacef54256e02b9c769366018dc2ecb1860fcec179d9f7076755

SHA512
252f1301a82efc42cf7d5da9ec6769694dec3cc11e2a86acd168ba644d3682d216fb680a4c038e763094c8afe4e6e4c0983b5a7f64126fe188e808fe0ced141d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
a5909ea837dd574987b3aff43c2c6785

SHA1
18c8fb2a0f495b6df162fda5c6e7b4556b2168b0

SHA256
93f4818a9870bf9a595514face6cb16a690fb76d5d06e658b734207151fe1b71

SHA512
c6b134987f143d5a10502d26e68d05654a725b6986afc34b90d7b60ef2ce2dccff758303152e9b154099b2c4ae56dcc7b6e452a013a8a0c3a8ca3a3e78110ae8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
6ecc536416dd5749b43278eb8e0e48eb

SHA1
31831f64be2ce6846453d2e7851b74199a8f1061

SHA256
38c147b2ea782d37003b243ec4b28f77b2bbf4ab4cb29e395cf233d3cb9d84e1

SHA512
15e3f770449ee99c4725b8c620147a54840ee005636498ae55961fd9751c0bab33726a48b749516e96aa0f7c923ba3ea2e0cbec40e8ce380c1c4bb11446e67e2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
64d775a6394665a4ed916471aaa8bee5

SHA1
f76546688de62af17c17e082939c4e27c95a3256

SHA256
5f47b75cade98732c82f1a2563a967fa5f4d9915682da8165160dc14815cde1a

SHA512
573c9b09dfacb3e1743e29c725bce54f99f26174971375b2ef1be42117ea72562e589aca64746e0d55b64fd199fc6e0b137a4be5145494f31f833c21bd81159f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
7251495d20065847d92b95014958e63b

SHA1
21518c566817243eee80b242ee2ca5f51a8a2125

SHA256
73b0235e9607363b904c4e891219ec79c10ea8c7b8d8324b624ecb5a5c59fb26

SHA512
2fb596665ecbebabe04fc20af4700810d8017afe543612bcd20a5538160d9eacf22bdc039dc5d149bc578f623d9aca3de494ccc34802fdb60920df3d050a520f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
eb9a15b96ea36eaf70b0aec3cc862634

SHA1
ccd66b4eebc3eed39c72bdb72aea1487be041f19

SHA256
9aa66e03c97939b6f04d8572406995969583baeb175d7285e03be036b3ae2146

SHA512
1224b6d9d6abb7bdc5217ef56dd90294f693255737e08eafdfe55dcb73db27192ae1881bad8b43438e007279dc8f0cd73aa515ba9d74cfa449c5df2809113e58

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
c5bb72c887232218cf861bff899f3f07

SHA1
57b110a6186f3278cbe68e1bab238041bedb6f3a

SHA256
59f8269d8938e19376232c0bb6dd70a537248c1c9c726f348d2d046983c2e4ca

SHA512
6d1b264207bcf6159ae6dffe837e384bb6ac470e1571df968348f400a169db9163a93ab4d310ac5043aded6e7ace152b3f1caa0220e474dbc31c7c4e67704d0c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
97e70c3a36d25437e308a675fdd9a71b

SHA1
52454b890f6ed0737c78e2dd3d851bdb5074cb4c

SHA256
639bbdaf4e986f821f78ffa23457551d84f1bb7b663d449990772fc45a8d8c8b

SHA512
2977bb57773f8cf1614521a73fe53f6092ad04e2824888b359c675ddec61bdcd9ae0df80bb94f29a620e5f765c8d540ed554a5d857fbf777214ff06d181ba5ed

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
ce2f5bd89caacb6b5551be4037156572

SHA1
8456b32de8cbc945e087b5fbedb74f2cef58482d

SHA256
383246c750d4c6c504b62cd0a3004063d572d147ec5698e8535002f6f67fb848

SHA512
2671984349b175e13b9399589c60a8d908d1b7e8dfbbf3c852debfd89d3585f0a40942810e763d3ea3976e36a9631f2567b98208937925b7254360c1bd0acc7a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
4d4cb73d107475a04b41183b8037fcd9

SHA1
73cb48819d3b22a3567887d21bd652df735c268d

SHA256
5be1b3af02fbd4b5af58cf626f32e893e06eb073747d5a1681949830fa5775da

SHA512
85049804220ab8402e41f6ac292efcf60113930263931696c2e471037e68d2dcf4dc13e329de3df24fafb5fa22e92297dc77c2e4e1b248b0edfd134920423a9f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF.EnCiPhErEd

Filesize
364B

MD5
fc26e70994a1997a7f2d0852b68b5f25

SHA1
904554b4ac3e9f16739d58a2c644b7e2628e1dea

SHA256
4bf3009b3737e1a5ed479f00fa371ead0f35af30eb1b31dce9b9983325a104a0

SHA512
dd7fc78eb1a6d8a6913f948d90132cc453de4cbdcf7519bae94be1a8d4249207e3f425b0537337d1c03ced6d58663ede178ef844a2c6ccdcb4be5f107f358e3d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
aa538a85be1e61c065eb53bf607096f2

SHA1
ef9e889187911e993c8f5f992e3d6f2c27fcd047

SHA256
a05538f9d74b7beb46184c8cbadd587c60721bc7c35fd9f199a941a453160164

SHA512
1522ca41206063f72cdc19ac9f2f9a92a4b4582a5d3bf1f93862673586c1ec823067fd4ebb76dd1a495c2befb76f7e07ecb4f122106a55d963ebe54e23a251ce

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
1fb928b415ace8afd54752e4482d4b82

SHA1
336df08abad458e73f2b5605014af5191fcc1e63

SHA256
ecb04cc9a067119f8ce878941050ae733d7cb0e50e50cf944a7fb51f065deefd

SHA512
74b7ff6357a9b1348aa99f188e8731fc06967f31a7e2e96deedb986accc7a8cd5bcd0bd8d4e5d2507e400ed38762a4334b5314ad3fca1ca0f0a0d8526a46fa53

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
ab632ee823bcc63ee6120b584f88ad13

SHA1
974587b15510fa0cbc59e9a9c8b37c940109887f

SHA256
7659b122a44037f84065344cea81dd515e70a95cf1b002d53352940c5f396b6a

SHA512
3994706badd0b16d7d280d59c8ed16d317cac966f17cd7fed626f22fe115a30ec8e856faeb869e6c3872b90a35d5777da9bd8d11a86ef6683ad51da5c5fa509e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
c5b87e156ededba4fb735f2ee2704e20

SHA1
7cc1474fb2a8771114c31a3e30081af3f7f839e3

SHA256
ca48ba136ae74aa805c201eec306d2288da15534a279a01eb714a4e031f699b2

SHA512
eaef3a59aabe86acae20dd8d106b04c43cc154236cb5501a206059f7653dbbbbe9ebec47f3da12e5b9879c459dddac3844276cea34c0bece2e6d3bcef8b8e770

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
4e055deb27b99cf487de0cb9c54b3e75

SHA1
5192fd77b81db2985bb5f3169401fcd24d411e51

SHA256
97703060637c53a88919274d9e8293745ebd318b4eaf36c378ee78bb0c07af8c

SHA512
eb71ee66efedbb0c92df46dca145afa346882980d7ac00c0e90687447189b6cdae5dc98c34eae5021f97e6d7cbc65f3cd095f3bed2b7df5727b582af048c9086

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
b8946dff3d7db09337c35b592c173acb

SHA1
c64f1355c29f43302c597131156c36b8a35c3bd2

SHA256
70b72a44744664774c7433723ea297d5d56389fe6fd6d9f01340386d085f40ee

SHA512
0a23e26e4ee743e748aa60dfb661a65f7ddd7b7cd86e93c368413ad984ff3d768ad242f6aefeea99058106b62b54d9cf564f5c77f88faa19c2e0f6aac09579fe

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
4c0b9ad5877a54ede85528ba376dddc5

SHA1
58e96cd13d7a17c5f79bc0377ea7ce4f91267335

SHA256
161eab569f92e891d5f9b7cf9ed4042df040b60fba0705019929bd46de2a1169

SHA512
7dc73b5ec605eef8ee3a2ed7f1c9c7346b33ab727759e29c43768af80fb1256dbc9084810ff8b1aa964ee98365512f3b9296dc10f56ce182d1971a99a0e4cc66

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
3baf282a52aac52683c416762216acbd

SHA1
0c1056613d807b67dfe51f280f2b7f3f8ee1ac39

SHA256
04e935a253b0357644e4322ad0e0f43da6cca382aec5d8792176acb7f38e8727

SHA512
34b68a3bc335eea3cffeaad1f037293667217205e05e21b579599aae986d5e71825b31b712bff8a259fe3421dfd82d37c6d908aa58f4a2dba777e0c24db005a3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
66d8d0d647c07ceaf99b412768d045b2

SHA1
f44432e73a14112f39b8a27b0915834d7790cf5a

SHA256
0e650845dfdfe50aef6330cf97c897a666031fe8418fdb9e2570ff83022f9d5a

SHA512
49d06c7b1daf808dd27621e52da237674599083d3325bd61e0a337eb11834ff4549cf150bcf35082390c8d847590ff0b23b2344648d290d96b92b39da9b0fce2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
ccd60b65e8c4b0c3a0f72887dd386b58

SHA1
11b8454eadafb864e21daf5159dd1c674988859a

SHA256
89ee0eb0ec0e8153c9efa347b26da4d0cbb2bd0a1306dc2cb01c15e9dec81230

SHA512
c9327566df17f7f1a3f21c85696fe0997a421bc696cf960fa9aaddf6a61024fe5a9791a68a7240cdac10c4c734f1e7462d60cfd71634fe6d2abe751f0aa0a8b2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
f9fcc69028a7e30a006c896fb3cf77e8

SHA1
b4dd24d0a5fcad3e57e15025be88b82484f53046

SHA256
cbdba3356f6fe367c8f40d682a4a8ac67e6450c98641c1ce7b82c384b2d0761b

SHA512
7afcedd7bdaaa8f733bb9910846ec6809a4838a2a2d3011e2a5a4436816407292eb7b660272452b50132dd1373f61e5bc4693d2982cc2946cc23b09a44514f2e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
27b5170eed1056225ee79d2b09b974ef

SHA1
bcd7694913f95d3217d28d59800d1e1e81f431de

SHA256
36c755a36ea3aff017a41586a85cd2c2fa88ba3e03b3b1ead1d288ce579bc03f

SHA512
fd3a6d58f8e18d29282859b71f3c37b3db981bf42da5d506f403e7e208fffa5db023064ffcf7c45a88ae80e87c1248fa64aad8d67190a37bb95cf0f44622c26a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
6d79534bc2b6e9d17831cc181741af74

SHA1
f77991b34933d900c9fd3bdb5efe9fab8aafd119

SHA256
978af27199504cb6827d0759724af319693f13ed6a2fd94f17894cbb374f1a83

SHA512
575d53b73cf6d96aad405dfad8ffa228a899c036c09df3dc88222d488f11b0931189657e8f0f8d26fa565cd0f9afe5db6a8e32fbb361e69f708b257798398706

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
b3bb7b0b1ab525703f754d090993e845

SHA1
d30020adc85435f29ce3be02a88b2c3543c297c1

SHA256
ae63876cefd521c589578177b2d54b8358abd522a541af603cc38db851bd8e80

SHA512
645892baa8c3c4bb3fd877bcb7a41360c3f8d8da56b5f536ee7e63bcf58c7996c44ef7cb50c0b7697a64c27fa05566c8b3891ee096d45849dfd3f8d4890b6f47

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
c312004360ad900db9aaf1b6d059e551

SHA1
5ac64f8af554c414f398f642cfedce2bb7428ff5

SHA256
feeef584d5eb2ade62d14bbac7f4112d6e436a2d334290d18b6682cb4cfd9154

SHA512
e5fdc24c9075ed32aad5dcdac6dc9941eabb7c8d3f91df2695e7bb9fefe583fab95c8868a12fdf8987e24a1a24c59b670d10e65e55333da30d2f665e024d870b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
ed1bb35aea83d1d0ab2619d0846a20b9

SHA1
d53fbf8cc449d73293fa62291e6ab6a02d56a404

SHA256
d258a6d1652f16260f7f094e30c385b8df297eff16775061df9ffb5c9be5e91c

SHA512
2a8794c364979629b248a1beeaa219479c2d5e2b50a03d62b6b298e90d80de4ccbacebacdfe3ebb2c1cb1a2f663c14ea82b4ec4452c169e74db21d149f2909fe

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
7ad759294223bbeb8ec30f31a73fc52f

SHA1
b8f22c821a893ef3a769a0e2dbf58d139de42c70

SHA256
45a7dcc2808009a6c9371526ec769c1ee0088bde5dfc72be011984e3eceb959e

SHA512
dd17e32594d454bbd25eab362cad2207d87e36afb6332b2280bd31697e68b29cc4aa58a2a39386e87eaa0b13299d465db6a86e64c0998ec96d7da0db744ffe35

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
e0586a15e056840887b32021c114780f

SHA1
388a52024a100a029012288a52647d1c88c1ddac

SHA256
d5a4abf7226088f6eb0d6663f2b2630b94869d735ff835914b8a3bf29ceb19ef

SHA512
c75b577aede194572739f502e226fff87e00f775619a404af34668a2204148d627d8982bea561e56b482a0fef7538f3af6b01d4b779e474ed1ac29ce6dcaa822

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
9887ac9baf94ba0ebf7279a34278f070

SHA1
117f0a30c94086f24c05048a735ee87be2e34ea8

SHA256
cc57afb98f0447f7b523fdc65a95304452a65c375af992a2b46ff55eb29fac7d

SHA512
175ad9ba66c139426c61084eaa5fa83aaecea6cf30c30b72962d3346d4eecd20e5809ea10356436a543df380f3b63da99cc779f62dc61c62dde5b5d311f140e2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
a8b3f095a9f3c1168c8c3d934a6c7d01

SHA1
b9a01ff8dd2a9704e4e30f9e35c6f82cfab00fc7

SHA256
0b781a95836e112b3f5c251a733c1c66904c4b63a74a356f958f3c2deacc0f80

SHA512
77265e8ed76b37e2f24133c1d94c76287884890d08fbc991eb1c87d8e8e95d0386da4202ce105b977762a7ff9e2d8f2f5a5e18430e2dc61aa2c33efb3256f6d8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
8bd4d43f6a02a10758d34839a9635028

SHA1
6763ebafd9701b74abc876cd75ba8ea4cc09d19e

SHA256
8250bbd198d8835059e22c85af4a797541dc6678aedf7acfbd316c40c3d9fada

SHA512
091f94f77b6bb0210e19297a7a27439a1b065151377a1ad921b9794a241f03449f42ee0b966831af9e12eaf4972a2cd8ae8e437a85c6031fbed6a1653439f30c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
60c4ebdeb29a0927f5ba3076187ce404

SHA1
8457aa778ea953eb90be164bfe7098c1b68baee5

SHA256
6be13083419b2816adb88536e6680f7d9cfafb9d65462901ef2f559a3a37ff9f

SHA512
c05a23b094a7af25742d4c77afcffc0646d5507d0aad467cd287a32e8b2fd6f9f8eb826206d514a3974fdd227292f19833882eb6a6fc0b25270ade3fc345f4a7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
6d648775b650a1d8034e266529f0babc

SHA1
26bf812e9c5c1744a4a78261de12ba0c7945d668

SHA256
9d8f567132c4a961ca83ffc311a1426592b830652d7ab9b3c9225a8fc8a80e6d

SHA512
77f9cc217e5ba0e6405c9a5eab18f202a878b53ec1281e77a8b37c28e3df06a06144e3c68ab27e2c4dd03674478a4043f449ccbbbe2928522dfa709230d098aa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
561528ba374ac17094fcbcbbcd64e972

SHA1
f9689dcd9bc1bf163d480b9776e9d0ee8c381452

SHA256
5fc87497e5a416660b512c3fd957c16901129f5f65f5b51b4f65192f1cfaf936

SHA512
4c86a3d8c555b0e6e044679a7cdaaf0565e2daa5fc959f21bcea7d030ef5806081d80d860d2625458315285d58e89767696e2557ad27086f57f33ce14e76c7e3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
1f33a7eb30953088757899865dc2be21

SHA1
885eaeb7dcb08c2405d7bb17ba9c9d71c44387f4

SHA256
0b7273ef4276155eb3de563391e3df7ec0291ae90aef9478c62a0f744f5f5a22

SHA512
f134595d804e4ef126b74356d245dfe504ad95cffb04151801339e1dbc513076ec1e0277e6eb61d84c9f721f3b8eb2bcc065deef78a44a320c6a0a3b03d9cc3f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
9f540960e2b260732a22a2298f93f431

SHA1
c905f895ee186fb9633d0e222783da3a250375c6

SHA256
6f006280cc2a57b4cbe39ca57541ab4aff894443558c1b152617cdc460c19759

SHA512
bdc7e0c7c9ba2d4b7951c1e01604d90c96f12fc4fd3b0e469a25f01d65d8fd27c8e43c120906d6c4463ddf34fd620be32b7e5641387014a3cb4a93eeef325c55

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
7aaf992026b25f455e030894b6fc7be7

SHA1
95196ba16d45bb91981680af816f7a96051eb890

SHA256
3c9930d02454ded39634c2dd0b787ed20e228de78cdc0af4b26f8d5a205564ca

SHA512
6f4d5f6612dd03629e341747481adc21f911023aa6eff271166c140f0432a3b89533b966119d51ed9516379f1b17b78dcfe0980d917be2d1e232f1c0e3b14a97

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
cf09388cf3478bf249fd7dd5a241229f

SHA1
4e16c5d4a04559e05071e3320446753f21183f81

SHA256
e347c08d45cd23a9545c67d0d0363d2890091395eaf4224433817edd2f2a0b48

SHA512
b61f6d916b4bb7ac87af62bc26e251db5f2dbea7daf39fec79f432ca570429b372b9dae39a473648628dc51b463e21df7dd8b01e2daf75b7249dd5d9b8d0212a

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
a89546a09eac0c1630416da781771565

SHA1
bc0dee0d2fa5dcf23c3501d72b2678871498baf4

SHA256
359c51a5b855e03faf6644c79e185d039c5461ef7b349939cae0db6c654b0c07

SHA512
91202cef0a22a4a09b3538d5066974eecca8bbd75df78d72e0cd7f42fa3c70262b0b50fd45886116f9f5469a8cad8dd1b5753132489167571152fefa33f80a9f

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
55619122ba87a2484f7360b6b010968b

SHA1
6835b2384e8a8b6af1acea9737821d4c07242b91

SHA256
d32f7b95ce506c99acf16de96796959a355531d2bfe1dd2ca3375877cccc0c90

SHA512
ccf5c5d29bd6b1ef7bfcfac42c8b726bccab3320010c0291066e747faf7c3b8f4e2f7f265f6aed1fc3c17878acd2a0cf768ab818f07d0b2e047ce043e96ca526

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
f59e8354e2aa8bc855e15e54d4629a5a

SHA1
eeec80e115d61c52ec643b23e14b2bc50d25f624

SHA256
1e967ac9e7a7db7182a2ce41cb2230b13a3684a9d464ca6330b0fc67e8764ddd

SHA512
20ac49fad93cbbe23e20a2768cc2b448fedb2b7c54fdfdfd38d49aa52c1abf7803346f17cca8c33e4ae2e9f88a0ab6dabd085e8030ba90e917fb2bc46bf0a16b

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
52010aefb33564d390e964bb647dc0cb

SHA1
ee385351223e6002ac7686ede831d11a91c3229c

SHA256
95e48ed28fa190ad42e96d4ed31257a90246e76718ad46cee6bc82c8b70619fe

SHA512
d3688fb2bce0f3127bf84f87a0007b94ee7bfb5826ee04f76bcebe8be2d2f970b3415bff2173a51ed5fc72b3cbde2e80da61ab6e5a0ba3c3a14ba47172a860ae

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
db40a64cbf9fc5cdf8d9886e4d5813c0

SHA1
35670fd3f8df84e795f8d52b49e1e8aca9c994c3

SHA256
16d264510c37fb93b5a3fe08281f946324c869d75b2d823a91b4b8fc4a62419c

SHA512
f49921c9a42c5d6e898abd3632cdf485b30750d4d822ebbdc36a49dd6f3c65e3775426e26f54ccd07e3b28189f9a7dab32a0ca8973777774f72c11a4637d04cb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
4e9bd1662e3c86b490268f60f0370df9

SHA1
055cc55938201d540a0934059c7681316aea5b51

SHA256
3efc28209151c3695120f046ac13c52d5a950954d6cdcfa79d03dbb780e2d51f

SHA512
9025be4587d52075b94762e03a8c9e977f612f76f7a9e52bcf4bc049301141a7d31354dfc5a068dfc4809801adccf1ef6260eb53ca876fd0a5a30d9aba478626

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
f90ed82b697231f17ba10f629efe44ef

SHA1
d6151ec6c72c75a254e5c06fcd1594fa0a46f981

SHA256
dc28cf09048d66ab0129339a18146d84588597bc5586338812a2835b3974325b

SHA512
18a345d6202e37cb56918ae43e872e7a868f70fdafbf665b867d7420725a8a4a978b30e8e634f69e48e08063fe9c1bc029b8947270bb9a8e0efde65eaf06dda2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
25a769efb03040994955eef27954ca24

SHA1
dbbcc24b6dc4365936fceec100074091f06683c4

SHA256
e20989e048c8f5466d7efd166ab2124fb4bd1922fd0650a34b2d687227a86d9b

SHA512
dfe8554020705f8174a67ba5b0d2239084bf80fcab6100941ffc42b3dde94389ea5ff24077e39c98f6ca114a9fc71d2d9ba0b75d113e7936c09b10979542a97a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
3dad5da626305d85013e2d700434efb4

SHA1
0787bf6c78023a14060e2ccc610d2e76c9df4b71

SHA256
6f30daacadb60ef9912b4a5a67fad7de3597e9769cbe9e60ee6148ca64b98362

SHA512
2419cd4e46c37c3f34bab854223c1df152460b4a8dcc80b738e22f97fe7e17c5f0f9cde934123cbfaafe72f41bd7c544a4d8ceb3ee1b7d6bb55a56d5bd2f7b00

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
e04c48fb41a9c352aaa4b43d7618b84f

SHA1
142c2d706f2f50f94e88687de800b119fbdb723a

SHA256
eb602dab772062b939960b4c465015dd5f3cf3b64ad29b07007ba6b8e082f15b

SHA512
61338d1f92b7c3b8bbebeeb42080c3e1136f8ba31306a8085e955fc1080068a9142b77e71f122cdb7a918dbbd8fc79d19ce1fc16503ea7a695d451f32f7215db

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
cb4a0f2cd13295753ff5080af282f684

SHA1
4df50b7d3ea9ae83a8d711ebee41062797a27921

SHA256
87298130b9eeb7021a40d342b068034f2c96fcf9492e0f89b0f4f89b85197c56

SHA512
bb299f46af5f7b3ff4231e6d41449c50af05fac6a74099e5b7214ac0668db99ca54841cc622595ac3717689367b34ffa646a0b7de03fc95d301a7ef6364fb349

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
72046d9ce2b319185af8e439624582f6

SHA1
46fbb2926f66469ae85f39082fb46dc868dbedfb

SHA256
fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd

SHA512
17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
cd3469fa3569af996b11fd77b0047b25

SHA1
6fd891c935d9a7f17c1f2ae55f7efb2648755961

SHA256
aaa9f088b02489ef8543f4ff2f03503939196e7d9d69524a7407e07b5491ae8c

SHA512
db4a8cdf8e8ec4eb295243253fd267a9871bce4a38c3528147b7c8f946e8be831aed46647e6cc2862ce0adbf38ae51f90d3110bb4f522f728f8f97b1a4f7626a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
4d9af7e894bad4a396c7ae22be8efe02

SHA1
6d0accfc60d746ad8259c59984e82a112868b548

SHA256
ee0418fefcd0ada010c14e8c7fcb7bb15a0ce12c6530f533fd17fa21a8fb281f

SHA512
f66c10adaa18112d49e512b320fbe8b23318625e96ff77d1ba8ca34f79b1897f16f8d352bf15f0e654fe6c25e3310e84c3b1be4bee7bf1718f5a7f71360dcbd3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
56a5bb316b3ca92e57136f38198e8f9e

SHA1
50f2158fa898fd9d574a7d450df9419f99a286e8

SHA256
088ee5d37026045b099de001aa42e12597801c1b4d057587047e94b2cc5403c8

SHA512
816f8dba44fc2b6c8ee6862e9370b49eba9c58c059b936683dd39a68c20afa2454b00076fe3a995cc8aa241d7890638e7504dd3bd84090779188bccac2bb415b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
a8f0fc4f401ce9d4d5c2203bc20dc8ce

SHA1
7c5b31b9672cd0503e085e78e4cec9e68fa4aca8

SHA256
d7b95234ea24f37c48d66fcaa6542de7b418eda9eadd746cbaec0a19dba111b2

SHA512
fa38604be800ab670814f00ba1a3d71f6d9f9bdb8f4ce4a5f1ad9152697f67a18aa19d46daaa130bec9dba9bd6c3d719f4219abaea08eddb58b9184644dc84d0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
dc0b6c635db8c9811313ded6041d05b0

SHA1
4edf58beb29e40794e106adb15bd5396db74b74f

SHA256
c95b3570b2fec37c02230fd2ecdac70ab9b4d7ead34ef6f75e7a00cd3ddc6939

SHA512
6fbbe6408285d7b7b654b76551e3bf0a7051a1514addeb94246eb11b800f65f5f96bbc9ae55114f62517cd23823c791c9f4b102f5c7deb8d500d78f0d4482ad5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
a88b5d305f0e26c15bc525f36ca2b11e

SHA1
ab4e2e7e4ecae47ef5f6832b04de878243c0531b

SHA256
379aa705781c37b496295a31afa66d30d88d8d21b43a5407e61b1cd08f7cb683

SHA512
bc8b1a261047f0ce4bd2e2421a2ba9dbf762dd7763b827af75a66584bcaa473c283d5590c7b830d60c725cc663bd2c1e62a0d8246d75ec2abfa94b038d117ae7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
717c46bd4b928ea7e7814ac7fe2ae2a1

SHA1
fc81973a36813a4d4c27397155f47aecf87dabd4

SHA256
f234caba1d1e52b67dbb2793221c74996f554669836738f9735978b6e3962b01

SHA512
c0588c4309449eda5d8f868f041e58a3533c99eec6db59f6a6297d901a56540abcf7dda9a40dd28f37ec06fadaddb1fd26d3dcbaabbfb43afa492ce63da6266b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
d3ffbfcfce62735cdfe38ceb8dc11e73

SHA1
8eff71660a567a2b1da3009633947bf5e1242c44

SHA256
4120637158cbef2b74cae8c26afc0bf27de7bfa80dbcdb38772e1a280a76cb7e

SHA512
9b47e18df55f1d8b4a060cc83865b3de120cb7fb7405e0d95f4e0253ee12d83462f5e43035cc2e41f724f48d70dd13c281bac00021d666dcc0d66e22d325988e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
09c87199022ef6e03fb9a73b0414f031

SHA1
7611d16dcd4e5a93fef4fd6aa159007a6b0df945

SHA256
b6f268ba9e6f323bf67883cfb8dbf0f9bc10bfc91de5167407dc10dc78913e73

SHA512
f952346a159b5859f8556e32a96c3f04d3e32e014f0e7bd2046456a4ca89bfd8d0e2a36e20f8dfe5962d529c72d27dc8b1e5ef7581dcd0efab8bc9fb20044808

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
c69887aaf74575fe8407a0cd9d5d7f9c

SHA1
8d25834dcf01d3e0669f708da2166332e271210b

SHA256
9460cf2e9c36edaec12fda4385758cda47d5c7c46bec33befff5d07fdc3c2bb5

SHA512
7a298562682fca4313bc1754e05e1858aa448af55df5689b69467876b8e042e775867f4092e87f8fd70e3e0b67cb2cb2ae05ca3921d8d5ba7fa12a7c485e4e7f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
e185d32b9a341edcfa8d051ec389e7a4

SHA1
a7d07e2e3097c04687fe54ba3f58d8807242257b

SHA256
4961f5335c0fbe3933bb19b0b67c570c236fbf91425548f26703e0c7caaa3262

SHA512
85c47652934f7ae242202775b75952200464d2948e5b2940b938a6982e81b88d91ae2c51e9770b44c8c11b000abeee9d2a2bbef189ea5fcec073565d888c72c8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
ea4616303ceabc4a829abce6fa896b92

SHA1
dcef852c42e7f486e7a2ea55ba2c07ed3e05012a

SHA256
e1cb5f47150d8b6d472cf54514ee609ce8a0a6539cfa3456f42d23520d854022

SHA512
92593d4ff6fed4fc71a7c230f368159398defba12185fc0459b01c91fb9bc8547cb35e6afd69b32af89acb489844ad2c49d9529e9e4c0744785358b10bec58a5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
fbe0d0f9cdc002e28777629bc8f5b7de

SHA1
4ff06bc3e5ba20f898927b782cb5cb0ee3d970ab

SHA256
2a8a4bfa1cc2f27a97d2d05aee9b0e984080bb7e54323f756c0dbc886ac3d091

SHA512
28c6740cffda4c55301ad6497ad0f0f9110bfaa4bef70c37605a5c5b67418829ab004dbbfe49c27459d7036708c5f743fb1ab411f2140c74a9ddabf1c3f67355

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
28f18c16d1c15a9b7d1b16c7105f0865

SHA1
84625ca8584a4c1b99c99f6fc18de044db346565

SHA256
3ef56fdeca3a26eedfab7e2f090d92df0e82abfb388aa577ea33a6451124a90a

SHA512
dfd1d48d0ec7aa04f6c7a8ff5a9fbabb595e888d0d1c322f5a7cbec4c220e07fb98a1d0c6a01b33243c713d1bee43cb9446080e15415cb99cd4ef55c5a7ef9d7

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads