xorist | 3fe8fd2dfde21f0b79e0336fce36e5f6d28efc2452851cb5d3e9f3e1d950412c

Analysis

max time kernel
150s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-04-2024 18:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
Size

21KB
MD5

dc6aec10c0d6a6aa1111921e8787318b
SHA1

c639d565c2723471a133030b505ab3d6c708e1c4
SHA256

9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd
SHA512

298c5c63144e9f262d04e0188c337a58147239e9d956deb3010defee610ebc6170a399c5e858638c8d24d46bf5d60b13549c0752876b654cee1ef6b9bf150bb2
SSDEEP

384:Uprr1gkDCgSwvXqOBQy608DpyVwP3lGtgAB6Q0Ci6VBi:6rVDCyT2L089ZP3gtFXRti

Score

10^/10

xorist persistence ransomware spyware stealer upx

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt

Ransom Note

YOUR SYSTEM IS LOCKED AND ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED. DON'T WORRY YOUR FILES ARE SAFE. TO RETURN ALL TO NORMALLY YOU MUST BUY THE CERBER DECRYPTOR PROGRAM. PAYMENTS ARE ACCEPTED ONLY THROUGH THE BITCOIN NETWORK. YOU CAN GET THEM VIA ATM MACHINE OR ONLINE https://coinatmradar.com/ (find a ATM) https://www.localbitcoins.com/ (buy instantly online any country) THE PRICE FOR DECRYPTOR SOFTWARE IS 2000$ BTC ADRESS : 17o2F4pUNiuCkfqN9KWpRWSwn5pj7k7YRj (where you need to make the payment) VERRY IMPORTANT ! DO NOT TRY TO SCAN WITH ANTIVIRUS YOU RISK LOSING YOUR DATA . ANTIVIRUSES ONLY DESTROY THE ENCRYPTED DATA , THEY DO NOT KNOW THE ALGORITH WITH WICH THE ENTIRE SYSTEM WAS ENCRYPTED. THE ONLY WAY TO DECRYPT YOUR SYSTEM AND RETURN TO NORMAL IS TO BUY THE ORIGINAL DECRYPTOR SOFTWARE. For more information : [email protected] (24/7) Subject: SYSTEM-LOCKED-ID: 80012Afr1

Emails

[email protected]

Wallets

17o2F4pUNiuCkfqN9KWpRWSwn5pj7k7YRj

URLs

https://coinatmradar.com/

https://www.localbitcoins.com/

Signatures

Detected Xorist Ransomware 14 IoCs

resource	yara_rule
behavioral1/memory/2768-900-0x0000000000400000-0x0000000000411000-memory.dmp	family_xorist
behavioral1/memory/2768-2209-0x0000000000400000-0x0000000000411000-memory.dmp	family_xorist
behavioral1/memory/2768-3576-0x0000000000400000-0x0000000000411000-memory.dmp	family_xorist
behavioral1/memory/2768-4427-0x0000000000400000-0x0000000000411000-memory.dmp	family_xorist
behavioral1/memory/2768-5508-0x0000000000400000-0x0000000000411000-memory.dmp	family_xorist
behavioral1/memory/2768-7738-0x0000000000400000-0x0000000000411000-memory.dmp	family_xorist
behavioral1/memory/2768-9338-0x0000000000400000-0x0000000000411000-memory.dmp	family_xorist
behavioral1/memory/2768-10496-0x0000000000400000-0x0000000000411000-memory.dmp	family_xorist
behavioral1/memory/2768-11408-0x0000000000400000-0x0000000000411000-memory.dmp	family_xorist
behavioral1/memory/2768-12189-0x0000000000400000-0x0000000000411000-memory.dmp	family_xorist
behavioral1/memory/2768-13192-0x0000000000400000-0x0000000000411000-memory.dmp	family_xorist
behavioral1/memory/2768-14286-0x0000000000400000-0x0000000000411000-memory.dmp	family_xorist
behavioral1/memory/2768-16003-0x0000000000400000-0x0000000000411000-memory.dmp	family_xorist
behavioral1/memory/2768-16603-0x0000000000400000-0x0000000000411000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (6728) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 15 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2768-0-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral1/memory/2768-900-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral1/memory/2768-2209-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral1/memory/2768-3576-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral1/memory/2768-4427-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral1/memory/2768-5508-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral1/memory/2768-7738-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral1/memory/2768-9338-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral1/memory/2768-10496-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral1/memory/2768-11408-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral1/memory/2768-12189-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral1/memory/2768-13192-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral1/memory/2768-14286-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral1/memory/2768-16003-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral1/memory/2768-16603-0x0000000000400000-0x0000000000411000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AW9Uh46T9Q23s9t.exe"	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe

Drops desktop.ini file(s) 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Media\Characters\Desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Downloaded Program Files\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Fonts\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Globalization\MCT\MCT-CA\Wallpaper\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Globalization\MCT\MCT-ZA\Wallpaper\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Media\Cityscape\Desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Media\Raga\Desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\JP38OXIN\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Admin\Favorites\Links for United States\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Media\Sonata\Desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZPJ6IGS\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Media\Delta\Desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\AS4I30IR\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Media\Quirky\Desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Media\Desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Media\Landscape\Desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Globalization\MCT\MCT-GB\Link\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Public\Videos\Sample Videos\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Public\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Media\Afternoon\Desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe

Drops autorun.inf file 1 TTPs 1 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	C:\Windows\BitLockerDiscoveryVolumeContents\autorun.inf	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0178639.JPG	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\css\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGWEBBTN.XML	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactLow.jpg	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME45.CSS	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\PREVIEW.GIF	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Library\EUROTOOL.XLAM	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_zh_4.4.0.v20140623020002.jar	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Program Files\Microsoft Games\Solitaire\ja-JP\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\20.png	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectStatusIconsMask.bmp	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\de-DE\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d9\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\SETUP.XML	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SPRING\SPRING.INF	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SAFRI_01.MID	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\gadget.xml	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\PREVIEW.GIF	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\DataType\Name.accft	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\Windows NT\TableTextService\fr-FR\TableTextService.dll.mui	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL087.XML	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGMN075.XML	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_docked.png	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\Windows Media Player\ja-JP\WMPDMCCore.dll.mui	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\METCONV.TXT	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\tab_off.gif	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Program Files\Windows NT\Accessories\ja-JP\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\js\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Program Files\Windows Defender\ja-JP\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.CMP	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341561.JPG	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\CalendarToolIconImages.jpg	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_ja.jar	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\9.png	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\QUERIES\MSN MoneyCentral Investor Major Indicies.iqy	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\rtf_italic.gif	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.PPT	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\REMINDER.WAV	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_es_b77a5c561934e089\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\mcupdate\f30beba36940b5a2b55a32ea7f42d694\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data14bed3a9#\d0c8be245fc6926e7a71200dc2b288af\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\inf\prnky002.inf	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f1f58d6720098d7c1d51faf7f326d72d\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm.Resources\6.1.0.0_de_31bf3856ad364e35\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\413d36d1d35aabadf1c9d6f0a56cfab8\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Media\Heritage\Windows Information Bar.wav	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\28206591adfef0f5e0a2887209d9dd55\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\inf\ESENT\0407\esentprf.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\inf\MSDTC\0000\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\inf\rspndr.inf	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\7fce6bcd28750194d0343e473ad4f463\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Boot\PCAT\fi-FI\bootmgr.exe.mui	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Fonts\browa.ttf	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\MSBuild\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\inf\.NET CLR Networking 4.0.0.0\000D\_Networkingperfcounters.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\inf\netbc664.inf	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.1.0.0__31bf3856ad364e35\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Web.Entity.Design.resources\3.5.0.0_fr_b77a5c561934e089\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatio5ae0f00f#\3d01d2b7bde19d91d70c4ff96eea3432\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\it\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Fonts\app949.fon	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v3.5\SQL\es\DropSqlPersistenceProviderLogic.sql	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\Cursors\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\MUI\0411\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\ehome\it-IT\ehjpnime.dll.mui	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\inf\prnlx007.inf	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Media\Festival\Windows Hardware Fail.wav	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Security\Permissions\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f02737c83305687a68c088927a6c5a98\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\inf\Windows Workflow Foundation 4.0.0.0\0804\PerfCounters.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Code\ProvidersPage.cs	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstore\740a64a316ada107a23dd34f35ae3b94\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizard.aspx	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\inf\MSDTC Bridge 4.0.0.0\0001\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\inf\rdyboost\0C0A\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlStateTemplate.sql	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6820836e29efa97200d3fcfb4d0f170b\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\inf\mdmsonyu.inf	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\4a7ec1155d9e9e4b40889b171d16a577\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\inf\ASP.NET_4.0.30319\000E\aspnet_perf.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\inf\MSDTC\0411\msdtcprf.ini	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Media\Sonata\Windows Notify.wav	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\SQL\en\SqlPersistenceService_Schema.sql	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Fonts\vgafixr.fon	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Media\Afternoon\Windows Battery Critical.wav	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Web.Entity.Design.resources\3.5.0.0_it_b77a5c561934e089\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\ehome\es-ES\cbva.dll.mui	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Media\Cityscape\Windows Battery Low.wav	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Speech\0dc049d2993f3d0e2651581533093e17\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Fonts\upckbi.ttf	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\diagnostics\system\Power\it-IT\DiagPackage.dll.mui	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\Fonts\PLAYBILL.TTF	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File opened for modification	C:\Windows\inf\v_mscdsc.inf	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\Microsoft.NET\Framework64\3082\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.TypeConverter\v4.0_4.0.0.0__b03f5f7f11d50a3a\HOW TO DECRYPT FILES.txt	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\..remember_you_have_only_50_hours_to_make_the_payment_or_we_will_delete_your_decryptor_from_our_base\ = "CSMXBJDRAZQKSDW"	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CSMXBJDRAZQKSDW\ = "CRYPTED!"	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CSMXBJDRAZQKSDW\DefaultIcon	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CSMXBJDRAZQKSDW\shell	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CSMXBJDRAZQKSDW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AW9Uh46T9Q23s9t.exe"	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\..remember_you_have_only_50_hours_to_make_the_payment_or_we_will_delete_your_decryptor_from_our_base	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CSMXBJDRAZQKSDW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AW9Uh46T9Q23s9t.exe,0"	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CSMXBJDRAZQKSDW\shell\open\command	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CSMXBJDRAZQKSDW\shell\open	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CSMXBJDRAZQKSDW	9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe

C:\Users\Admin\AppData\Local\Temp\9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe
"C:\Users\Admin\AppData\Local\Temp\9bb8d77ac2a18950a244183a82fa3cc4fa47ef6b4ce2a0979552dd1ff46725bd.exe"
1⤵
- Drops startup file
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops autorun.inf file
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:2768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Replication Through Removable Media

T1091

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini

Filesize
129B

MD5
a7648d172f60e93ddf4cac4dae61e70b

SHA1
064b1d69528614847036a9382bd927b0a00d3e4e

SHA256
66c3b1b77dd344fdeee21869a25160919e4686a1cba84085fb15aaf33f8ce0e3

SHA512
48c24e661722d08fc3b36c414492cda735203363fe4d824d9718cc50a851957561b83aa1ac65ae8e07b483754385fc5066b108bdd8890ddb9c742de4157489ed

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt

Filesize
912B

MD5
013bec5e46fa89fe1bbf74a07bea6538

SHA1
57a3ef5c078fdde65825804204bf421207792c8b

SHA256
39c2377ed429289e722dbcd80b09bcf1d12c060821e27a9d0af062988c39c31b

SHA512
816f4a36dc40ae3c6aa20fc0df0ab452bb28b46ec4a941ccfd878a28711efd4bc3b928ff77953b4bfe13e6adb99e556a8ede72e5ffbc85d73e5509ade159bcce

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
5e02d0d82de7d46a3fd29200976bbbe7

SHA1
0762242ac6ad17771c3d4980497dd74ce02f97fa

SHA256
815c27e982851edfca220372cd5a3076c8daa2d18ae4a557c91b5fafe74b97ef

SHA512
2da47464f5b1e3ca54eb7a8c5ed80c9c44c0bc44711014d98025bfc8ef330481a90da36393290281cffebd9243cfc7ae9f5643e04e3dfe15a6af5f92f1ecca47

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
61821b62de8626c654be82044fbfbf24

SHA1
e831c36e47081970072f641782b4f31eec5514ab

SHA256
ad5516862a2a0f28366d62a7274234524c3172945176c739aada2dd7f3f02d25

SHA512
7939af1f22bf1e07f646432adc898d1794f5ed077247e841e1e78e51ab6c69d00ff6288ff2277a5dfbda114f3054e0123e3b65f1f073b8ddb7ae317ea1482738

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
6be17146c942036716bf52f20333daa4

SHA1
85eb9b6fa8b57b79cd01412fd62c0ca5e260be95

SHA256
2ee5b6079bd634bec63f0d1d89da7f49ba655aef1c3e7bac30c3a5a0a12cfff9

SHA512
4735a81d363504e0785ce21b398d5b9e27876cd5276ea673846ecf02d316df29b824a4f50c5fca8942d851b6856e83fd1ab8b8162cac77700d48204f3b887b87

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
3c8c328fe6eeab788013962418f8654e

SHA1
d0cd4aec468e04c6d03187b26684f18b453bd666

SHA256
d85937d4f009e271a2a7b11dba7b04dcc4c1d17a12a61537cd1c21feb3220bad

SHA512
c60c913030de2606c264cf7a1027e6e1c3f667bd79d0e409f9fb1a1ae50464e111236f7dc5f51e8ff312370108d8cce1665698d46d7aa84d492882b76ca97250

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
e7bd29dd57b03f2bb65ee9a06f3c99c9

SHA1
89718eae5f07c468ab9af0f97645e93babf32745

SHA256
bb24283828ff1a5ab10722df910c7c67d83f3298e3243a6d99bc46c5db98cf7f

SHA512
5eb1587aae408640126c3d983d3d117c27d0fd6d710521b3f15b9b7b307cb392b258e39e88bae33099ee7722c1e3468cfbbefcd5e571d977a3087cf0be9c0c69

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
5bedfd0307a0eac353e137a2680175d2

SHA1
7e6e152ff851ea22cf4512638831b757b3551ab1

SHA256
fc66cb46d048145c466059e9089693f4fd4056ec2a74e7b73681cdff2bc53669

SHA512
526d2d7b1ebbf2b6bc2936d84c3160f96c9501ada28130212761249f250a8d36c20474535cdb277142bb605097e3dd32382fa361230c848a8c1cb9577582d94f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
e66e89f76ba8467b5794aae401fc0cb9

SHA1
64c1327aadbd9bb57fb35a0b6823b244e44809cd

SHA256
fc8efe3055c3ebb39fbd8b412f06d98cf772395bb8599a8611de54977a1a03d4

SHA512
3d5c4e4a5494964fda053757ea5dd0ab1018d6f8241530a138f7523abe3c7d648dbaf7e48534d1bb81e18563977b5b3aa47446018da2c7e0db845f04017a2693

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
974e2d6a33a693774a589a833a791b58

SHA1
c26837ee7f86c7de2648e26c985c943dd86e3883

SHA256
ae1a439e0ad6ee50ab2163e4d794b652e8860d03debc4e47227dbe8fe29146bf

SHA512
cf2f24b65e9f48770355e861dc4b4ccf82ff69d70ff2d43a70afcd288c7c1cfb50b18353d7036582b2f83e47345947da1fb40ab2d6d8117b5d8ac4fa2acb07eb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
781f19e2440434ba124ab0c29972bb86

SHA1
a37b7843ee1a2fbda01ae954c06001bfac90a809

SHA256
0082ad33c5a9426f8e3701c751e51e7fbb368c6f0ca4ef1ec7929b50b7dd0292

SHA512
31f8cde92efe36dc7fc273e5dd3f0bcd5b15ddb218efd63621fe0df3ba6a6e137a5557b6f5744e6f8cd46e45485c311226eb5ff1d2ef4954f068c3190e6532b3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
b8212acee86737375e75c711c67e998f

SHA1
7a84dbe356158f5d96dc34084e7ce257b2d0c28f

SHA256
5754b2fdbcd66a8bfd917ae7af68e04cb1b7619f52beaca65b6b97690ebb282d

SHA512
3eca3a594e8ca1150365a9ae2e41ebc70fdba9072e1b06bbc1307d2951fbf4e4816245efeae027f6cd87d238c1839a98ab408cd203b435ae6ee7247481c0d1bc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
8bb4f3adfb6af8bc0c7155c3460369b0

SHA1
21ae302f8e5513678fd0eabc4cf40c514e07b96c

SHA256
a794382b9d7d71b291720d963f32d0b1e2a53347763a10d8b9baf8651df441de

SHA512
091c576b401555557bc7159e855af4df68be795f7ec4ccac21a91485f45b80c6d1407b2c7ce284cd33b99272b7e046ef44ebf7ed7b89c51bad4d8d6d6b175d65

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
4a8b889e37b08ac2efc071233712d915

SHA1
739d5026a8d1348b461d96d6bb41729bddf18fda

SHA256
25f325dc893dfbd717c14990bf8dafcf3543c1755f4189d61aafeff8df9a0ba7

SHA512
b73ded240c90a06cf8dc90ef61131d0617aef2ee9d2d9268a7bb8d2dbaa48dda32251656ce54113599a0c629154b79fbd0a600c76a0466c85484fdc510221ab2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
e1c3eb41e554ad10f626419539c23a2e

SHA1
5d095003c4919f5d87f7c001d64d2b3964d5c2dc

SHA256
15ea1475e3be5c2ca994291da322340d1cbef5d5df87ef25cf270cf62dfd38a1

SHA512
0baf38c8e7fb3b9f80557a79feeb72a9a156e595a49b7bf55cf94f3c724efc6bf6d7b60251ffbf9db108941fbbe5a392ac1e40d02a2267a9239bc78ac8c0d5a7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
1ba762a1d895f2b2f29d3e09cd01527a

SHA1
d86678dcdf6da3c867d768b5d98f25a8102033a7

SHA256
aeb9b0f36c8d20805848fa2106de4a7c790a4ecf05fd6c9c6a8f4f89d80d0bf2

SHA512
0657947c897a470710fd7c9866f8f0d3bf68fba161ad2b025d9d359a5d4645f46f3476b8f6684cd0120ed65eef93d220cd7ed7278a92ca67df17587bc25d6484

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
a8300c6cb784635c63fd1062b99f6abb

SHA1
1de2445a12ff39ff0b74743084e09c61299978fd

SHA256
4c0167307642f8f0469f05f53ff805332dc2a0c7f1bd6a2d216d8ae7c0b319d8

SHA512
1fe5c984ee551fea82ba95b63793994bb11b7fdd3c6801623453d426a0a6cf161edde92ae115e9996d73e817c2924d5aaa86ae0df6a0d24331292c9164e73353

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
0e093878f7b90ab0978af42b4dcfef7f

SHA1
5832dcf0456d1ee616216998ead8f0a15659da19

SHA256
0dab6ecaf08cba097e60009c26caeb4255cd44b1a5960b8d036089132a0fa68f

SHA512
dd1cd7d354cb1cd9772fd2e73a287236c1d60743d02d945c97c17b3b9e312a6083e5c024ffa29298eecf43e25fa345a1d5fa8e7c96df5346cdc915effdca7b40

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
a32186ee47f5be98ec6d75ce52283e74

SHA1
ffade3239c26e401a3834f0dfd4df6a72705c055

SHA256
5c6a43939debbbdaebd9b80aee94e69c3fdb0b918d7109e4e8d5a11b0716bf8d

SHA512
3d18957e9eda3ef76cc116545205ec4f4460541e2426d0a23506684aabf8808de39e974626830ac4573ebd0a63263167121262f2487b29b502cf88c3939b000a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
c40fff92a99320fddc4167d94f30e262

SHA1
90605bcfe5512060609b1b0229ee283b2d53114f

SHA256
6cbbc61b7c1b24fd72639ec3756fa07c9c3b5ed77630eb045af6534756bd8813

SHA512
29cfc36e56fd856b58aeea26ffdfc2daf160547cc9f498927de9f88a3253f8e8e2651bb30d01efa6b5cf97dca83a1b9568fbf3e59bcfc2057411783ce7fc25d5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
96979b55bd8a112edd8f4b070f602bc8

SHA1
a1a38493f370de0aa0420f78bf22cff8cba3ba36

SHA256
911be81ffdbb764d97327c321988dd1fdda66ea3d7b898f9207d86aa91f79cbf

SHA512
042e14b39979dc7eef7407905a59b0be470b31f42314fd70d0992fe4ab69c8b50a230a0b11148b500e9f1d8ad23fabc3831b76634a646af3bfb676af9edbf6aa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
3d84a4fe47f82001c97fd374c582a249

SHA1
a4ebbdb923018ea16905ae5311f5e0b430b88ed7

SHA256
c2bbade93a7f75123f0503cbd99dacaf3d590d77e7f054c36ec47fbd5129cb00

SHA512
09efe41e05c59bcfde5a6cf7e4b7e02dd45429db9bda746b2e2f7f578cc1ae76cb4eecdee947c08d8b1be483236b2bd2e9b7e90a0ef34a3d5e1017978f52d781

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
d12f40be6abec66a823af39bd1d38549

SHA1
12457d64444596e6581cf2dbbf11b289da477ada

SHA256
69c0780f35e256d94e99a01b68ca8f5be2fe1d78e18a7ecabcd1b410d5646ca6

SHA512
14cbab29e2a51b76b25d84a1b2ad11504ec263ef550460b867c3a5610d9a8eea35a260fcff66dcde6543093fab594f606dc1136437a83cb8600952b212c11d6e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FORM.ICO

Filesize
318B

MD5
68a1c555101fe37cb416e0dce71e2a45

SHA1
f81755c8786da759ca3fb40bfb22d532da0e8752

SHA256
94216a260af197fc7d736e3ccbf398d8ba92d2ac8da293b79f7a5028fa3d2867

SHA512
93168ce5a3fa806ff3d18d18b1fb40962f5ac1c9280eed76b71c02a20a167eabdea4dd3f964a419fab7b4791f7654dd3f8b54fc6f69c60ae95bdbe1f5007e50a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
5ebc8b511663dcb0a07bf2d74d464433

SHA1
6d073061f1f2edf29f8d672440b5724e9d4947c6

SHA256
30cf0cc9f876253d3504fa6f6eca4cb52bacdc294daaedbbd3a69176e445d456

SHA512
4a4b4ede91e0eaa91e8828ac83eab5e3aff5063892483493f0d30471a2792880961f34e35da9dde327e95b81e40792420fcbe6d7cfb2a2f08d688964f32cab2f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
bea4329fb452ed692b6ab3cadce0d70e

SHA1
6f12c31499fafb3813f50890f848f7e1e82e17ac

SHA256
f6a191df4c557761ff53e2f78b8a60895bc911a86325134df16619b2cb87cc34

SHA512
56a89c7d8068f28cd4ea05a805a74098bbc57bff4d4a987edada12835e5428f0746c07d303e597bd74597badb39d35f3502c8457a7c54aebc17ae431f7423338

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
c61a5d1e4eb81e6a98eca7a80391d543

SHA1
99aa972753b0f62332267a12b5fd617aa9a99e88

SHA256
fe4deeb2925e76091dd5612c0d936d408980a70134758b1bd53b961f742f99d9

SHA512
9989586300fc21d4c07d19e458a39577224fb94df07e59f76066b750db2030367a9e9aebe29daaff55c1d130115e2c97e1ff5da378981de66a59fe75f412e683

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
d907fdb3fb4d1e4296a2d8336622a82a

SHA1
678fa6f7d0a5a1cd5258cbcbb4c518b37957b157

SHA256
b06c4e566c20172191dc12ae4702ac9a700e160b260889a3383d3f98ec212af6

SHA512
14520af0e7826cbb1019b7c74f6c6dcf8897fa53e7cdbeaead51d57538b632136d1806fb6762ed6c1a2f3f5f6d58fac494128ca411f79f0e3e03f7f1ab2cada3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
21f8486a50f4857da321ac2eded52f11

SHA1
6ad18d9b690bd3b648943eedc590233f8ad6528f

SHA256
bb9c3aff07e2c058688552523838d767e8003863353b04ed8aefa527c4938951

SHA512
e8d5b5d2fa0efacbedc3c2f355863e38db9d3751ab44b0eadc93154b4b1461d88dda2490ecd73d032d583e5228b4815f994da1e07af2be9a62467a8fec319bda

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
c93df482417ebecbd616dff6b1688987

SHA1
a3dbe273246ea76a26be8463ca71a8da3cba15ca

SHA256
422804a6a86e2cd5615847095ca20b53bd3c95a021bfb61388cc981ac11ee27b

SHA512
f4c63536f9d768fcc7cd30654a9303b7e703c8cd819f950064153ca50bac81fb2761b873464d8293dd9c9b35be6365ee0c3e6e28c7247339008b0b299a099f32

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
d8224ac16c3e55613ca4ea0040c2a6df

SHA1
b8fef158ab1c47e19a7c7d86bac166751b07efb8

SHA256
6431114580aa4e6823d7349701900fa3fa455497db5e604fd418266573300bfd

SHA512
1f690ffdc84f1eba1d79bf3fdbb0f7a6639e1e295da982b47964cdb3ccc096218287937ac4b4e029c87c5e9a03e84443db5e33104e685acfb36bd817c12e337b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
ab7f54cd2d5621b057c24324a97be4fc

SHA1
a057b4eae227fbfd27d4c849ad9c20aa92214781

SHA256
c23cae4094e3e7414d39fb4d2647a6633da36c4fc0dc0eff67d165910d8cefb3

SHA512
5c671dbf2387447a8b4f597792632ffc447061542acfb9ee0f76f380dcde8b2ce9559c655a7761a9ef33d99a04409106c648e4f2430520cc1a8297236a9ee6fd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
9f13a35d42838f58fcb3fdf98700b596

SHA1
e31a8d0d9cd22ee42617ab85be7bec46b5cbced6

SHA256
e0a459bfeaac30c053944c2cb275cb8e064ee4aeefa0a69f3f7f846f1467c1d2

SHA512
4cd8023a6d3af90ce346d744dadf2acf1cb2023a95fca623886ccfd3afedbe78242ad89b6d31ddbfd50010cafcc46bc56896ba5a911b5bc6febd117ec7ddbf27

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
5f17d7497fba82d6f365fb083b17193b

SHA1
41a51ace0dfac81ad30a87c183bc8fa513e8ea96

SHA256
3eca4f51966f6d963e28c5f7649c9b4bb99591d5316024ab2fbc4a9d72df9e77

SHA512
a35b3d987b8819c2afb0b8c06ecc7dc07201290f20644b77d82854fc48aeb5e343da56bb344d64e28d5584af388f8090e84006c178728d589c3b26dcb5929d0f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
197ae9947e0963ae54e160301c5229bb

SHA1
6457a8e89e03c83119211796cb8c8ba774ca7d76

SHA256
27b0b4402f54c40f96bf076b0f883e5b6647e7c522dac13b250c8f8f569e1ce1

SHA512
07585e1157fc11755418f358261356a20b3177c50876c5c350c9448682601152ddc0b237516c89faf5e4e8cd37f95090af47b9dac302c23e8db90a36445c5150

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
2476aed24c4d09010abaeb2e38303ad2

SHA1
01d28290b72150ba83fd50474144ea516d82c3f7

SHA256
a3c4e4703ed67683898c13c176fc9b6144aba80ef4894782a0e3573ecc887b72

SHA512
5437061c3874e5fecab4b51516a2fb9919bdcf33c011cd90b27d58972e94fe2acfa3acd011753632294b7f3dcecd8bc6678077ddfd1e5d86bd9e14c5465cb88d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
6eaf6d84af00500a8734abe2266fe6d5

SHA1
ff097d6132ae8e36c1a5ae4940622ede05faa5fd

SHA256
ca99d4a50965ae415d3c86fec8824fa6859d40544cb2894c1832ef8c21393dab

SHA512
57226780c51f607109342fcc583314816593a729b648b7f3d34b641f7e0cac1c24e62e4add8e6b92c2b74372d35774b5ba9d4234baeefd52bf5b4b4ce63ec8cf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
099234bc3ccabe10256481d5adc21e2e

SHA1
dfbee2e542671ccfbbed4c6a09a68dce4fe23e8e

SHA256
df31e80300cdbec7c38d33c6431e609e02a5948ac8cb343ab1563f06d8da890b

SHA512
ed2c47d107c5a97aa3a1590eb58c0e0090a0b283dbda9784fda83911d759a4468b973b6d9adbf6c556d3355db258831a95397803c4b0f5f3e80d4104feb1579f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
456a5c38a5b0d1e613d23874bdcf93e4

SHA1
f2e6eb896c8bce6bf91f30490676e91bc52267b1

SHA256
be8463e81028e4d9b19648e611c61b956dd9217ceaa16eca68d4b770317b8432

SHA512
38a5d2aaaff70d52f2817c40bee1dbb7e00e0a0ca9d8110390ce7766a303636525a59324b67f7fb477de5796aab57c653b3ef4465ad76a274de8bd56505d1c51

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
4c3880e81a04ea9ab5855ee6468658c7

SHA1
0bca6ef4b5f65f66ea236b0a2b02bd71c5da557a

SHA256
767b2e11d401ba1651ebf5f6ee41c1dc8ae562c158fb1d252c85ff38d85b900a

SHA512
7ce0b5f78a04ef72de09c6d2866e54a0c8230cd2dbc8775f47df1b8ee84e156375f31ad8f9c8f3ff654452f6b66b521e291a876a78b738350a83a84dfadcebee

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\VIEW.ICO

Filesize
318B

MD5
56e5d9c870588777afe9c4077b7a6b8d

SHA1
439fe938de4ccdb3ae97c800319bbc8b6a6fc358

SHA256
d3d51419827d553dced602ae970ab1eca90ae007507f6febb65d9c8afd10082b

SHA512
298acf7df3ab26539a9e545560bcbbed5f56602d9eb0067f77913f0c2f1dfee4b45c69dda7b2e3763aef5817308681f0147b06edd902ad958cb2ddd3c6b2d12a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
a10a596058f06e99a168de55d9027927

SHA1
e186119b7622b1608b2427503b249c95d3f3a624

SHA256
f7df8a105a242bdf124b42fb88e2ba56312dd8539dce6d3c1471e079722f95fb

SHA512
56b0c383b64f52120b72019e1af25241c7816ea142e815855ad573336274e540ba7e095096586d17a83d138da5fe517e1a0f662e91ed9d855e3c0b4e7f9d3470

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
23ca382227ae389cfdf52803c265db45

SHA1
2a947467040050aa392ac5554c8a67838cd0ca70

SHA256
7a3300ff86f89f8835f7cd748655a06c81353cfa714b4c39e58e471b2c7a9f06

SHA512
5e19313353cb2b540f61d32e82b9890cb877e761bc74901abcace231a450d203f9085b8b4f16a60c4439f0fc5fa6355a7cd18c9bbcb213d09902baeb9dfa44b0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
0094067285d0f0fbb856e4a369f30bf3

SHA1
e567c1e226fec5a90c1a423a99c7efb03e2a1277

SHA256
70cd00f817f776151a78c03d829605d094a79a46e9979b7435eb1ee001543a72

SHA512
e804d902b50d0019cd454a59bdfcaf6ebe39914b1a6013cce9c0d16436ffdbfe4d61d8304c69f8ce5cd7c7673ecfb135eb8cf89bbb24f12e3a7307a5861ecb76

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
d5d4f54fd01b2179b387cb98413a2244

SHA1
b98b7756ae2902eee3336fe0c1da089abc9cb8c0

SHA256
cb5b5147b48424aba32b360a506f44438f7e4446ffa12cb76f23ac045d311a35

SHA512
814fb62f089250552a816bccfb657ea1a07900ba81404162fbe50669d235a8e559cea6845984a3b586d07a7447a48a6700f1df6ebfcf9915a5b438812296eb1c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
4ffc9a57e8eb6096c6c03ebb3b5951ea

SHA1
42d2618bb45f0ea02a6f15d60bbe09ec74c5d175

SHA256
32066737f0d5398b6350cf7366ce84212ef009b66ef6a99399936f5be025953a

SHA512
599306e69ab5645bea2c2025542e8fb25d1ebfc803548447925c519b24e078275776f7b439ac7d67b2b975325076676f0f6a7a623f137431f487ddb112b5a428

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
218149271baa805a4f3b7298fe734a77

SHA1
7777aa72f76daee1569dc1b1e182aecc0d1a2e46

SHA256
44a1b1b850331f8ab57cbaacfc1c5f6eb011741228ecd2a472102ef0e78333b3

SHA512
6c3eefe932ae801c61493bcef375eda1ef56287228aebc1425466ad455e8093c98b0af89ac7b6cf145008c55367f9b587cc88b5075497f2cdd58eb3d06260219

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
d1247b50a2cf777b4412bf83ed5bae16

SHA1
abf39846dbf5c96bb76648eed43282d4e937209f

SHA256
e1b02d0fab8dce9cd236c77cd26e6a229ff9037d6434b705f2cad2da5bffde75

SHA512
917a89bf3afd7ddb03b54e55ff88c635d200960a10f04bc339219f206b2f1f2b944f7b3f7eb0973bc11d43ff84f04ec5590b59ea3477cdd7776536e7c13b828a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
c1d327bda42a1b389f8569e077f2aa25

SHA1
86c848a65ae257a426294ac3e988facf0dec8c32

SHA256
5d76d4dfab1ad6bfabc5a43403ddfdd1033610c84a3681a9e507e2f3a064a080

SHA512
d3237b1528c0dcaf69ea2798a305ff5c6d8bcdd46b3c96b7de703e5b8fa493525c713e20e972f8e9881e90a316402685cae8edd027b6847b1fa57f253b391539

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
194505c7af14ef102b7850ce77595639

SHA1
110c80275c299b402e264d316dce2d562403b653

SHA256
1f318da36fb1f9ec9fb9bada0546ec2479fddc9be79a0631887cb4869e3b4f37

SHA512
7a09e6f584ef96f7dbacb3db0dd116d5632c2bb544d17d9f16e5561c1bad422f706fa4124e8f25b6be34d62a10ff5e68ef8e93fa1f2dd912c749b6265c0dd104

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
c988fc0b5fbbb98a97bba5c4d7aab339

SHA1
656949ab4aee87aade69a75053438717fd4c1c34

SHA256
f5b2d4c5c44d431e2d0922669633e4969d6352ad1789d35c0986343a1612e50c

SHA512
6288e57b2fcc6f4f13d5dfc4d116fbfc522a083fa0e0f0cee04128f88bab451180febceeee2f3c112be30ad66a6d80e1c21e25bac1d81844c89da894efdbfeea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
d3259ce92ca762d29d7e340b98b5d24f

SHA1
c64e19f70ee14c83d2a2b1826c8102390c26c851

SHA256
440eb1decfd263a2f2da85f51b29ff851ac1b79b2209bbdabeb3e2423a5617c8

SHA512
e8bd48063c91ca634089ee052fcaa90fa0ac3c92c6df6e49c8720ceef14a9c39e8c648f65be4b4a2d75f3c3bec87c86274951b6d8fb7912c939b4f5a2c89d033

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
dbfd896d7510aa044292746f8ca6c48c

SHA1
a90cca05a384892dd8772da52487c1c2787d842a

SHA256
1030e5b77288331f4f03c45087f9c96999f65ee6ba08cdd6ccec20995cbf3435

SHA512
86659e662d5382804852bc037172f315bb54ed07165bc7ba42c6dda2b869b5020f23403847db3fdc15c80686d4267d712c60e53b081d8d43e08d567b17252665

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
08d2527c34a8c2b6465da5e77ab61f8c

SHA1
9a4920741db24d5b6f89586fbc1ab21108979dc7

SHA256
f13a08542490c3bd9ec71f2fa30d09f28c50809a28c918efd386087f0bbe33ee

SHA512
edaee2dc0db746ad0baebae5ec2b7e1bdbd1fa38772def343e2c9faf8e1514bdc720d12445ece2dcffff270514acab622b26d148e5aeadd4d915b0ccae985b20

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
4c9096862ab249020fdc718bdbdf921c

SHA1
7aa8b589419725a74ec64f7a9da45e94d4cf9a2e

SHA256
43ee4d2971accab3cb2272a42ba4698dcfc863892894d1f99542cf065e91d828

SHA512
cec6b0acf197b3dc6cae6fcccc66a4cf5f29122bbe47025b6815a9b9be7b9b958313dbe29c7b040f27b28badf6bfea912faba89893ea65b8c241f55474243abd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
e2f85b9c1c44ca682fc13e05f38625b9

SHA1
f0ffb2c92ff6dfa622dc871cd024fc4188f92675

SHA256
ed408190fcc112110a26e5f71c5ec6bf70bbdf3c2736d4ea35abd3074040bf94

SHA512
e467087e3f49248247c71ae8608a64ccb91192e08ca324f704cf85d2e3695a1b0445c609cc24ed6e57b687566766e687973e769ed23974fefa013b48357b05af

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
909160014f6590d95321dd4405a979a1

SHA1
38592cbe617482335f6ae3670119e9d7fbde3c9a

SHA256
43a6bd604688c2cf47a3ed7546f46dff082a8d1722a9102bd5f09cabfbe1ec53

SHA512
ca2037de656b3aa4783976361a834ae1000758afc0ed3e1ac36d8d2a9ef8356d337a40422ac1db73340f226c7f9c9d48870b217a13f8dffab2f1a80fa1e261e6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
a6af6c6acd0093a4c12b1009deecaf72

SHA1
af4cf79d57a121ee228cf8a2b4c3726b76ea04df

SHA256
f77c8ea300544e11d9ecb9dfa2580e884f95d4277c1a23daea5f96788eac0c45

SHA512
926018b43d0358b02ad9c110afe59f09a9a75f45f2e3bc5895346ae6dd3d6b3f58cac2d5555e3f1ba76707f6efe318981f01c4b0e1159834da0c038a32fcd990

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
449f1a1f39c27611d35ee7fae28333bc

SHA1
8280b94d878b7ae76d159e9ebe4a83ed1619b585

SHA256
8c7fddc0375896d4560c799a6dce6869335c36bb7e917f404e441103c722e330

SHA512
3d72440d443239dfd9e65d81acee19ad8fdb44420817f67da6f90a477878543b0f436aefc7b5dc750d3657ae7eb969aaac399f0cb2a5a2c6db4c2649c0882dea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
fc641e464081e8a0bc01b8705887024a

SHA1
e28071976e13aa56284b635a62fb0cdf9f04839c

SHA256
57b03fa11028e232194ddfea97a05ed5e4d9f1b69a54e2590485a6210c1af68c

SHA512
7cf015a40b18b545f6ae7c1ac41a294b256abdfd205e097fb638772f30589c19627ec76038c0773bdbf9a19361c165d85443c3877673ae3c1154dbdd5e3df3ea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
e3a2a9202bacd8d32b4a80f7cf3d8456

SHA1
e2878feeb5bcaacaef90c5c198b521a319bcbcaa

SHA256
3bb2ddc522562ee5f927d9664ed9bf2200a65c9524d9c868d7853d66e6d18e7a

SHA512
70e7088ea00fc38b72da4920ea6f57d573472519e9eca608a3c37346df8fec82a925da738af8dbf222b6ac5980cc9b9d19a0cb729f9f1ad1a2426ac478f14006

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
ed432aef1835c356fcac11a446375ab0

SHA1
882517b626d8e06cd98b2abcedcfc25b2c240bbd

SHA256
d1a9ae3817b9533895164072f84c264bc98acd58ad76b3a423ba997865733654

SHA512
a34c153e2079276b1673d3d3897b3c82cd08c8bd001085f1f7769647d3b74ec8654546440eceffcc3ed14cf32f4bc769802b4a807640870e4066f0d440a1a0f6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml

Filesize
247KB

MD5
ef1775375d2ebedcddc114d94ee47b7b

SHA1
d82dfff50021b4eea6e9bb8672cad45ed19a5b2d

SHA256
08db61d19616251ee6e922ca920c97a45e0b3c05e13284aaf3e6fdd1bb07abab

SHA512
39080e2b1d32f6045df95cac73651e2e707378d96bf005769b0ae40d94f8e078587bf6149dca3331ed99ea2ca00a647afa618c8aa51bc36e098590dc57f3918e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.XML

Filesize
806B

MD5
64f416df60508c646bbde36c185be59e

SHA1
9f7cf079e7079720a7cbac88ce1c00607bb5a315

SHA256
19e9ec24ca40bd6c0b00f8aa46167d3312dc4b40e569dde4ccbde0152b143c5a

SHA512
6c78601eaf03a888e951a7963bd3327ad4221e43eea36f4dd3cd2f9ce84d78e5cc9ad12e46308c8c2c9e8cbf67f913441708a677a6edd2b6d514b5521a6c8e26

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
839f40cdc706e0494de424a094da5466

SHA1
c22d93d1fe175a07b7d3e55f4754ffeb8d3bcee0

SHA256
6b58ac8adf36204530d64d2417c7737dea9c4f328c0caa3dfd93c3a7af8b0361

SHA512
8c43a87a848baff2f406e25b227c029d6245cf0299681cfa828e9abf4b84dc74c2110e3a786cf6b660300b6c6346669fe14f01c9ffdaf79b49872331b42329c1

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
a4796466c506dccd40d3e70032a81bd9

SHA1
36c535aaa7f721a975bcbc4bc967f9fc4aeccfc7

SHA256
7620f619e21a011aece02f369fcd292869d135468db2fd39beb48650ed35bddc

SHA512
0ec6f17a822ff9651920cabac80e2f3d092225bd3e1713e9ca14d8fdf91e09634b8b5c0f1d2640c0bfbc356306cbb66436bcb76638cc5ce8b14b6fb6a435fb47

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
0403bd21d8921d37f692ba2b5dee6f37

SHA1
6883a06a43ca2a63227b5fb30cfc18c4b98c4823

SHA256
a2630861db9b38456ad72c5a6885b36a7d1977677263210f12780fd428e88a99

SHA512
912cde21729fb7437d6b028b1e2c311bbccfe456dca7e0e00fa2f8598b7a6bc406c2a0dfea23191124cdac4ae8bc9c14273d4bf57ccadec1f06f14fab7707053

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
7dc1b5bd1eb62b9e7d628b30f3c3606e

SHA1
77416d33887828362602e1b6e82ea3b1dc80af18

SHA256
57c0126d3a0464384d69f5b6379196353247aaf3ce28e9f856a5e151b313ac4d

SHA512
48ff39d207f79dd0a74799dee403385b104748f9a1cd6311ede923260ddd5f4862e98aae5352b3482f67267dae9e2f078d4f6a2e631927542c16116bca6da4de

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
defb661aa5b62d3ca5014574bcc8e11c

SHA1
9fcbaff0767613d2160698cad1d550c6f1c6d78b

SHA256
fe53e79a83fda312bd921de3446ff4907d2ad790afacd08757292301e3562453

SHA512
c0d40f9e602e5af56311f809eaa97efc0ed0af233d413d22faa6b2b8c6a9b78f4258d3028ce8d484e2853ae6808d35f055599e66cb97012d75130fa89682de79

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
dd16bf8120df7c3b142fff0021ad2382

SHA1
bec07654801c944ff19c511c4a0d85a8ea701484

SHA256
8694b56b3249f4dc5d4904bdd968bd9a62c6d270173855da27a40693ee0073bd

SHA512
67b73eefde4869cc2d107769fdf89028c4ec46b110a647b7304f840988d2d3c3c196a8e510a9ef5a5c71d1564c5c759a599704347f2dd14f4ac9f3fb9f512014

Download Submit
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000

Filesize
240B

MD5
698d6f2e51e3ceb92995fa71981b2e3e

SHA1
e29039f9bb1752671b3a751f7be8e3387cbace66

SHA256
0ed94b59718a9dc776c25c31e4e4bf8b938f053f0720ee00ec698d7b9a134641

SHA512
cb7ee30437a9442d2b1f2050636c95d68b19a2ed5e5a90902c43505c1a9c8b9ac428e6474740f292799f76783f065166e8a02313f820cb480b2d83a6594df5a8

Download Submit
C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi

Filesize
180KB

MD5
6f1a616efbc9b5370d3a7ee82befeab1

SHA1
c3c263667db275b364bd4c456d79da730fec0a83

SHA256
d602d8c64733bb72c269e03e1baef06f321ec09196cd0a4b2790f680c6db3caf

SHA512
4d56ad3f03b0814fdb1c8a7ff333cc4dbab094c1cb2c6ce455140e33a49052a07c19cf70ec4d0e4828b4e743ccf2490683dc71f76b9c71e099947981eb3606e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini

Filesize
645B

MD5
dc7cfeb3d816c1a0f77bda304288abfe

SHA1
26aabbfd0a290fcc71c10e6979f0a67c6af7971a

SHA256
a28bad839b990b17c07b0ec676e55f986e026e72e84bb66716964f91f7923276

SHA512
09e6446c8d9ee3476c909d9b6aecc8b958b22edad8f981a7bb19bea2f5dbf3d25b2bfab5c83ea60344e0a4ad0b6407b4b6914944fd7028feb50c52b3518e9b6f

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
b2339411963f1bd873f396ac10e1ac7c

SHA1
4ebb521582fda8223871353c7b63326bece7a71a

SHA256
976a6687bb848dd7a51d24e1cccbce192d4839569d8de74e7ce6541a728bd2dc

SHA512
7851ea0a318482b3e7c9845ddc6b36769f177cef22933ae9adec667635f1b671439d394c2f37fadff9acb6dd46576fd868038181af0de92057018b1b30a5b10f

Download Submit
C:\Windows\Installer\579f.msi

Filesize
180KB

MD5
6fabd3bab4ffe73e5f401731ac88bf7d

SHA1
69ba67fad83b1ddcc373cb6da95a6655beff4227

SHA256
b0955a6c1a079efca016a68122abb8bf06974eb3b85dbec3be3b2d5ea8459a74

SHA512
b753fa6fe8810a860afec1130c6f7afa7db73d1226f2ac353b7fee768de13689e5182c6cfd7a99e353932a60f55231104beb374e98655f7bfb75b4f6fc4af113

Download Submit
C:\Windows\Media\Characters\Desktop.ini

Filesize
1KB

MD5
0f5d3bd44aec3eec8e62d843b7a40e35

SHA1
c8deaa322c2538f64c99cc857cd0ec7e01ea81a5

SHA256
e6d6ba9d8fc743dd76f6877b7bae0aa0bb34f7de3b4e5dcd3bd28d3a0df2ce0e

SHA512
6177b8319d7415dd90b7384252a2cb4b8778b10a9e8aa5edd9619b3c590753b74f55e577ed6cab3489f882ca8f87ff0296477a163c0943727791175b482c3123

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp.aspx

Filesize
6KB

MD5
66a35f82e53c222ea733e3988fc80ce0

SHA1
0d27060d72d3ff0c6e3f17817520e0a393a671be

SHA256
17001cd2d7d1f66d971c25a251d71894aebd940c5c21fc9861bae702eeafc93c

SHA512
797c6148ee81399d8969694b53ac8ab0263a682162411164868bca1a2e16fd624474c6d3ebfa8192ec6b0e5f5094be8b26de20f0d5e32b13847923864b2140ad

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Application.aspx

Filesize
13KB

MD5
163de07380003c29b228b274a872d7c0

SHA1
3c6c59a27b7df0cc4fc1b9aa80e1f8e42b83c313

SHA256
66e047a05b4df14b651705845bb0e878e1d9514d6584e7520fd248f991170b04

SHA512
b7d84b22ca2a67a069676ac359af7b81091fa486521e02e0ea46f6103cdcfd9de87c2a485b44e64ba92025cec8fac02a957a1970a2dab72a24a640774d272a76

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Internals.aspx

Filesize
3KB

MD5
053090079322590192a1a4d3cca592c1

SHA1
54e38d7f496c4ae71917cdedc4e5372c841a3d97

SHA256
991d58691803d383ae7ae0b1068f2d42ecfe4095ce9c42ffeee84f87ddefc48c

SHA512
a179f5470679d1d70d216105a8f799eb05302a16364527f8364aaaff050730dd88bfe12a31f3fd7c3b8eff71a00ee26c0a7e8d959e0af3726cf9ef2a1b695577

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Provider.aspx

Filesize
6KB

MD5
2bc05baa646cda0d034668db4402c743

SHA1
c6f84c909fe6f48f03ce96ffe733df181864c3da

SHA256
7a9778ed32394866f6f7552846eb6757f0e1237b74821aa8dda2ed23e87d72de

SHA512
b834bc755843c0b2524d1fbc2b04ee4eab797cd48415e0a6a6699f7e0f759933ccab62dbd60b7fda3624d1c1e7b43be1bb186107047e5b0671ca9bc2c02e5069

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Security.aspx

Filesize
10KB

MD5
ef728b61ade6271a7d9424128d6351cf

SHA1
2ee1fde7b875fe5c391fb21e054cb59f7196e509

SHA256
377b5101c8980e2ee78b27ba160eb80afd2ba9552f91c21923361af9ed351ecc

SHA512
9c80c5077bdb9c63b7462b3e70a75d5b86adf34ab2708b1f0af4af393caf2563da3ee9ae2ac044b7810ecc8740f90c63be6bd42d6506646260e061220f2a7150

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\DefaultWsdlHelpGenerator.aspx

Filesize
68KB

MD5
eee5eda3255d4d48d2361cc0cb677239

SHA1
c875790726566e23f4ad42c170737a5443895276

SHA256
aac2a0c363ff5ede02b767ddff6b22dfe85b24335588250906c15339c38cf41b

SHA512
1c6d54419bc71c816cb9ea1871fceeffe57063e22d8a790466d060138ce9d0ea5cfcc38657606e4d4cf8c02c5cd3061fc3f464d306b03e7d8398626b17adad03

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallCommon.sql

Filesize
24KB

MD5
8338ea9a73f44292bef82f421e0cf875

SHA1
13f00d13c52c218edbd088223545b986fc130ad7

SHA256
96061d508c14c28ecea3483d111cefda1ec96d1246d298a7b6927c83bac25ae1

SHA512
e3a0edcb4a43418e96173e0c30f32fe893c129910eaec3345ae7307d8e8beff00ca6f9ae41c1f01339f03437a7523756015ccb00f27cc20d79de5ed311011254

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallMembership.sql

Filesize
54KB

MD5
e8ba9d09d86a9d9637813049fe76045b

SHA1
5695cf66f4c30229fb244648c3694ff973681a06

SHA256
dd853107fd04ae2449459306d043a4c06df3a1190a17001022a8c2347b85188b

SHA512
d0e673380ca3b0bd4fea68287c7b8b5e34ff6ac1ca4cba4cad3f4deba45d2e214819a23128909f02e22f6cf9d6b44e31a822ee368151872799d5443c8701ca77

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersistSqlState.sql

Filesize
51KB

MD5
2176e2a53778027933d8934ebfa653c3

SHA1
d95d6699032b183d88bc48978324f207d03b2576

SHA256
281b7cddd4215455b431a58126b7cd99a37619aa0cec3194d156f14408d55996

SHA512
c60b02e3fa03c43d49b1a4046bea232272871ca167277414e652caeaef701ec7c21ee25c97c530c91c8139f3dbdd39cd7ed3efc2a71681f1ac92c46dcb277ba0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersonalization.sql

Filesize
34KB

MD5
38aa9ed22c25ddec2ac6e6d5004c6cda

SHA1
6856d62d3d27ac92a7caa9fdd6aaace721af3482

SHA256
8bb72a0a06ea67ac0afb395f5d78a8897f02a4a6b94394783ffcace38d2e8190

SHA512
a251d820bdb53d808eda2c5e5503f7faea9b8fa72cc0210bbf0afda65ffe1cb4d35abfe166431abd2a37461f6d5d28137410e024c4b59e36b54ea52bdf937017

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallProfile.SQL

Filesize
20KB

MD5
2529cca91b60996b753e7b86d9e6ada6

SHA1
12b8f7febaa6dcc17dd5c54f9aba4e0abaac1312

SHA256
602126f0d1eebb582ac84c79c4cd6241f88ae9e2bd273dac0c506934afc3558c

SHA512
287244ad0244232a1a0e5348387cea9698ff74c7e65001f23de77f6ddadb76fbeed43c318a480c045827ebc5c200b47bd2f2f8758d3cb1139f4dd3163ac37570

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallRoles.sql

Filesize
33KB

MD5
ba7d12369bdf367965c5cddc6785e633

SHA1
197cc6deb41b05d76d0db3a47ae68345e31166cc

SHA256
a0be071b8d06c1999e20b95c668c96da967a66911c480b71f02210683fe4f4a2

SHA512
dcc26c65e02c79ed56fda16e1898733768d5b4ab646e09f6a8d75cc762a3096a8c4e6329a3c6e8afafc34caa402240ee198a52255ed51561a423024b96959836

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlState.sql

Filesize
50KB

MD5
5ac5c066864c3abeaf4c24dc33f4be2e

SHA1
1b56fb4ae2b7904bf272ad1e9524827eb545ce37

SHA256
42291460089fc1eebb1d767357615aff8e712a40d0c5dd8d23d4c260a9fe6355

SHA512
4a3e9c18db682616f83dfd6f7a6f28cc0b9863d11f7036e09d640817cc821de130e1e7662de9be862ed4bef64101307688196b0363e1e754315d490b0ebfb6f9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlStateTemplate.sql

Filesize
52KB

MD5
6095bfd4790024cb51da577e14070ec2

SHA1
3885afb1f429ce12f7b8e73aea5eb04882dd351a

SHA256
ce9c0c2b1e653b347fc505eb5d2125aa3a9877fc0cf443de89438e62700415d5

SHA512
ff40050e63e38c8775309456183136efcac3e980ae25d48bb39149d1c9bd35ccb76eb09db483b86e378b0addaeddbabc43527d4de34ca2a3f712d1a5024480eb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallWebEventSqlProvider.sql

Filesize
6KB

MD5
3a3c8b862d5f365685760b0ada4d3cb0

SHA1
6af66ba136b684bb905d4945428a3367c97f3bbb

SHA256
2fcffa7530060c49d0a4a43e92eefb32211079bd5777498c5a084ac383fb956e

SHA512
0261382c83541e4cb0acc5a6260c4a31c6fc2e9c7d2cbb0477c01a7b9794a2bf38ee3ba7d64f2f13cfbb47e9558b53fd25826c18010aec5235e84a75269ad795

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UnInstallProfile.SQL

Filesize
4KB

MD5
6d2f88ba443f150587b0c2672393ca61

SHA1
6721156fe0c5360d60adfe32b0dc8eb0e8f2b1a0

SHA256
096cd375b1f055ff8969f65502e8ae6bbbbafac3413e4d5888b15eb4430dc0b6

SHA512
a44b506e931d0a35c4a543eee5a263d2e888c07038ee0d0c6e8894fd1bc4416284437b47c9630c3af49178778cc082bd0946ba58edfdf2588623fedeb0ac9cff

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallCommon.sql

Filesize
3KB

MD5
bdb53de27b04d9d3a466a1cc59903891

SHA1
d006858766f741598f6f9f94bd3bad1d010ea6d7

SHA256
81cca9fecbf3b2ac9b243df7b0c795c158c7ad99a7f67ab4f09f8924bb7d8bdb

SHA512
235f52f825201ddc9d1db1bed3e8c111d4901dafda474dd50820b9b354614c9104539d2b4dc3cfc67573e4ebe3ba3ab9472fe92e62931c8c79827f2fb5cf628c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallMembership.sql

Filesize
6KB

MD5
c9b9c7a9ee6c6e0b9f0733055b1f5405

SHA1
b2f701d54a6dc1968a353e807bdeede98b148f78

SHA256
69b1e3436d5bff270efed774d3daa3f64088458cbd5bf12e849c1fe952610d35

SHA512
ef47f9ae2bea05c1dc0dc45007a6b91a9a7a123ee0639f86bafbab7ceffd17a1260d29c4b233f4329e400cba817bec73d05b1ced75b13609b59fc22f53785323

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersistSqlState.sql

Filesize
9KB

MD5
b96c257fe75c7bb5fade67d7bb860cb2

SHA1
66e9330aee44b1ee99b445f94eba2740011a552f

SHA256
f1f56ee0a9b256069831a53f65a9c4a04b63c96e59185f8add0897200260e5b2

SHA512
4d53dbc9af1fd07b34a6fdbb07cf992d26147ead51f0f56143b0abacf522511f3c4c832495bd09dba93e046a4ffc2910a3f13defa759f151b7526134bb8d10b3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersonalization.sql

Filesize
7KB

MD5
bd62ef4629686f7fcc4805603d7e49c2

SHA1
010cea11e3226bcd68b86a114b7b2a92f0eaf1a7

SHA256
53eb7af506e9ab4ac2c6783b52dfe2ae06b766d36af8e47ec8d1af56192c5616

SHA512
a6455f15dadfbb2962c04c6afba9bea71dd1860642f0cf2bb1a255d7f5d0343bbfd5e738bac1de6decd9a06e233b56e39ed7b9e8c855c505e66b77dacc41ca21

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallRoles.sql

Filesize
5KB

MD5
8a4f21ac677095e8e677357624ee7e2b

SHA1
332de6377efcdde3ae6ebca6d3059b8799a33b01

SHA256
ffe326ee9c2fade0a1f1038cb74480fa9b57d13ddbf737c67935b7a8fc052fc8

SHA512
a57450d283954a4d2e1c55c109800fd324625fdffd5e77fc4da12f23a4d7ede069ca1b5d1418b5f384633cd09ef208168351243d9f707957b36d43a4528f33cc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlState.sql

Filesize
9KB

MD5
16b39e45d0614bfb9f9e4625c658ee3c

SHA1
bec8ed3bb8e386b00a128dc005a3f657506bed03

SHA256
9e783a170c9ef4a0c52fb786bc6b7fa8ccead09ea45c2e869aef11318223c6f6

SHA512
2295307492ea6f153ca3d5454691fb0dba63b4a5ee9dcb1b265161e67aec563c98c3842c5faaa4c0954426c514a98bcfc61517b6348663a5bd18d201b761f8e9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlStateTemplate.sql

Filesize
11KB

MD5
12aeed44ecae53c1873e4428286904f5

SHA1
649b1806022cd3678772b92ec2f7a967d8ceffc3

SHA256
2d7102823d479a192958152bc2c2a5c11c29238fea37c42de22e08c5376a4fa3

SHA512
42e221cef512a993a310c31643ea60d5003a05b53a5239b7227c2137b2e861f03d71d71cc6527648cd76a9188e89316d1e95c37ca746e49a7a2e408cb011b727

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallWebEventSqlProvider.sql

Filesize
2KB

MD5
0aee543fc92f47b55265623526317a7f

SHA1
c0cfb08ef3127cdd2dcf2372a7219dc0d13711ea

SHA256
e98c325e465e31f1cbb554b1188c0b3f91a7a949bbe38a90879290ec60c3c5d1

SHA512
6d12b0715a0715e3f4f4bd01e8ab3360314fa670cd3edecb7613f45b7df02eb2d911a310b96c248f7512315f1fb6c8ff34a047dd89ea4aff7c1755ac78b0b6d8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ieexec.exe.config

Filesize
181B

MD5
14b5f3b013ce234f1a192bccdfa432ae

SHA1
04e65c73454c9dc399189f31fa4b3f9e6a6d8197

SHA256
aeda767454de54f990a21eaf2a239c5486e3bc41561335d1be01947520118951

SHA512
bfbddade533050c37ba6fa45a8e392c8b888be12419de1b999083c622ef63e941531f5df84e00b4505e0e19f71cb83ad258affbb7a75f1f5e732436c3a873055

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\regasm.exe.config

Filesize
181B

MD5
f0a1995d554def52e93b92fe0c4c6aca

SHA1
be0a1222ff69f4a042344202991e5137b5f0b55e

SHA256
1fcf982c164bf293d6a52c62ecef51d610d59b0d1b9a921c03a40d80a4cf788c

SHA512
fac351bcf5bb47b7b8f1bafe45da59c1bfd374a4ce65315892c537bfaf695aee1245d64b907949e0b9443ea02fdfc1d6d255c1740ae01a8472c8ce5b13b23206

Download Submit
C:\Windows\Microsoft.NET\Framework64\v3.5\DataSvcUtil.exe.config

Filesize
156B

MD5
f3dbb5edb8bccd55fdc130a48b5b6c05

SHA1
201a273975e3e72162e3f54f990130a81de34bcc

SHA256
217611127bbc30fd3362137636deb37f028f55030f999968abddc69d467ea243

SHA512
a6aeefbc3b4b86631ff3ad25159eea41b2c136f1d281c091d57dd843d1cbb2b428c3559ff23ae460b799648dfc4a109d1485b875f1eaa42ef0023c4a5a519f9b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\CreateAppSetting.aspx

Filesize
3KB

MD5
85f8a48019e73ed0984f6706271fc3a6

SHA1
0f2f04defeae86994a0510e8bcbcf43e83ff64e8

SHA256
38398e93fa8b5c5bda1df47af72a09a71b1522631d3c3d62ce59a01c7d106a19

SHA512
0e30e6912b7a539fdc083dd01726429c86cea7098908f2134b78101577245e1226fec5ca1415a6ebc5664aebe82efb1afad1f8541433f8595d18684f0bafbb6a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\EditAppSetting.aspx

Filesize
2KB

MD5
faba70f49c00909b646121c765f56156

SHA1
f8500a715fbbcab2d0c3ed779a7ffc3bf4a421c6

SHA256
0b4a25791ff7ffecd3edcccccab8969c32ccc1b3a60ac51db6c7dad8bb1fa64d

SHA512
84d8224b16256f77fa2378713b5c9b4907d8b5746cb2806e310b4de5c6fc866de48a85f235c39febcf8206c3d4a8ba21fb782e46a8cc9d6832828b03000f4254

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\ManageAppSettings.aspx

Filesize
14KB

MD5
970f44796040528c75d8794ef9f5bbc4

SHA1
3ec14aa2f3b553c02098a640eb049f48c7bbd629

SHA256
0eee3e3dd3b70251d09c9d4bd14d28fba05774ca66f5fd223bc6e2cb294b417c

SHA512
bd7b73fb5e70aa7e97371c1d8f0f09ab3cc5c4f6d158a26a16727f29b3bd0cfe90a9db10c96a0e0feefbd5aad2a1861ed3c22473aa944b7e0cb4661ddc83ba30

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Data\GroupedProviders.xml

Filesize
317B

MD5
014b9c633de76d98ef18f9803a31935a

SHA1
f1fb426d48c820a3b3d21c3b222a95e35cd0b96b

SHA256
445b9849655a69586c0f7ae557ab5cb4cd0f11fff904b05d19e9074415ba80c9

SHA512
a558152b48ec285f2662661a544ec524ec1a1fe3a0a6be696aac36c6caf9e1586564574f9f82732a82af2f2b90e3a10e070a8d9fc993870c4438f0d528e0bdf5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
1119ca5a5add416c6312fcee2a9f239b

SHA1
4f7ae46382863ca1b65b7bd1f8af8911c27e362c

SHA256
2421b7126fe133d4fe20569e56c3f8b0bc1202e31566cbd74a9449138660e37b

SHA512
423288283fa5b7ac55e67c56335d9a0e0a0a9b504957dc97942b7183927ced38989211318b505c5c12ef6bc198a8b74e9fb218e1af938ff832f6e054ad5fca71

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
34dc724a155610e53a814c9d1084e3be

SHA1
8c127179d52c540a3fbf02dd84654d59faaaa0f3

SHA256
77c8a9f2acb3496d93f0a1850c11fa2295b3d7e6b696b63665d19792514cd943

SHA512
d3870f55f2352dfc417d1a570c9f562e7ee7929e6af0a700fc8f96ce3d312550e35edf8863b4f206fe56dd382d4e47fa885b630827f207bdc77675c9b63bd6ed

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
826557e0859fbf551484f1b8c43308a9

SHA1
d953e4f659e2a6d1526f74df8dc88fddb6b6844d

SHA256
79ab316c57709367d6440677175aedde935c6cd1913766c10df85c04f561a8f4

SHA512
01fdb92df39f68cf784308d35bad0905cb4d74e316be9310ddb93cba13fcd2d167176392c98497b7d4f4414565168771fe77202929abcf001e2abe38770e6dae

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
e944be4de9a1aae443e84f1b1a0919ec

SHA1
2099759abc0cea6642242da85ea610c3b3f9c636

SHA256
c4fe15b95fd047660abf36d4edd91a4d356589e32d055b9ba290e414aeefe40c

SHA512
dff411b474f3745511130b12c2deb8f84b9bf7b5712c6fcc912a61fb9e2d3573ef28b550fcc71f65f8d255320a44a60ff187ac08cc339bfdffd07f6fce436a9e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
551d27ae0b8b44220e7dd44d91215c3d

SHA1
5342312789866f82d4c9b31926f3267e47b0d332

SHA256
89ccb1424c474fabc33313c0d6e884fed64be6693c5effc626416e487d9cfd26

SHA512
446808a60bfb415a9368bc80473a040bd4362ec87a98264c69ded454c16ef3ea97293bd8ab4ce20dd48e9ed994cdfd04ff1bd4f5c4ad4741bad56e332bb1a658

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
735132ae250d3eccfd592b44d75649dd

SHA1
8462824c29f0e52794bfd973a87725ee01bcc2b6

SHA256
4b757bc81108fe24e5d6ad7514b1dd4a6cc45446fd01879f139f4771705450bc

SHA512
e2cf2859d6935a17e60a9646625ddf67e99303ac996c0cf25281b6a7d49fbfcb3e1b514de293ce1c9e516f0645f8d0e86491b562b66b2fb15d7a99404608be3e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
89b7257928a330a602b6bed0c54b4611

SHA1
d551bcb7ed0cbd3b209bc570ff74a5d128905942

SHA256
23e6fe264c318a2fa8c952264f89e36c20bb868b3205dcc9653af47528ddc2cc

SHA512
e73ea9ba3810ff5874a133ca67420a4bfb1ded9dd65d687015a3ccc3803d248bdec7bed385cc4d110d2fb4ed86b313c9d928ad9c9d752eef80878e38be9edc44

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
e8a5e7301c1d14b416649a3c962e0d1b

SHA1
57e3ca017c3f42fc95353fe55e38eb4d55eb706c

SHA256
c976229f2884354e2776b9277b71327c3b6a82714cc7e72c5a027fed83ee1181

SHA512
b90568fccf1dbecdc2cee5caeb0c643833b69ea596832ae0bdc70edaec87a8c59bfd6d147eb110b7530f904c29aae8ab1558947e1af4bf786c0cd24ccb255364

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
db936aa0b343e6e9f8a815b65af76b32

SHA1
02be7fbfc37f6b62cf7013bb0e90dc36f5dcc3f2

SHA256
216d8058a53dca8532d1b747e66787e8b684d7acbcdb4106f0dd13f697c1709b

SHA512
d1e5b92fddfa5842d8ec4b0504ed088e7f61afc15d80dc4f4d969056c6d76a0629c4e8eeeb3e036c389334144d42d511208e485ec5a4745be0c181cbe0901501

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
10666cd0e1b62c3734bac9c5f602e8f6

SHA1
d0a8ad65c3718d8b0cd4c699b8ca090072a747ad

SHA256
34170c0ebeafa4161697f9dc824eeff85693c7f976d342e3525e23e3896f3247

SHA512
86a435db00ce285943239cb6449f6960311f256da422679ebcc10d14d0393b3c0f17961fcc8e1ddb5f4ec996a469840c306b55a3d60e1aec70412b8d04dbb004

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
cab6d38117ba271d6b8d3cdc52d7536c

SHA1
9ffb889a0ee5e0f6425be7e136407c228cd55ebc

SHA256
2a3f8ed5d56ac50940cdb34aeaf36443ef1bd00dbb58f7f4c17412cd90659343

SHA512
9cc9e82ed722e15617f9a67b21d341b26a7b16bb45be6cc20018aa3a6aeac0f161e0253d9e6586e3f5cb1218ec907dbe20b86ef001cf100ad88d8a09ddab32bd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
abc773a7aab41d6707d00a7c6b204bd7

SHA1
0e183125bd51ce71c5a04e029a52cf2a9fcb3cb9

SHA256
6221cddcbad96189b9dbf64fa677ff199f344efd4bd79bb66664d12e08c373b5

SHA512
f86e5002fc2d88ef8659000c94b377adc088162b61d0e46aa0dcb7903198cc43214b276fca7a5cb97542a146bca4a2c7adaf65fa727abbc4b6e2ed4542cb07fc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
90f0c1264c05c5ca140912c90fbd1ba7

SHA1
811c98781d50caee118e3b243607a1736c6e855d

SHA256
2f5b60e8a62fcb2ebb219272a188447994408b4296fa84aa7976b1b1b355735b

SHA512
13d6e43bba72eb41c9dbe6e9f115b9f56607b139baf52c597c4fc340da4cd0d95d907c161419d66ad0b88e9746953c1cf1e9e7ebcdd8b3a20a73671151bbef5e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
c39b597b7965ca5adde28e4e2ea74621

SHA1
ed08e44f644bacbf4bf1559212f76583c4bdb7f1

SHA256
c41bf691353a1cbe376f360e46d6d47b29d8e0832c393fe2b34db6aa66905807

SHA512
5be4f138fe62d43db1bb508e7072068feec585e0aab62b9b926576a51ac37a8b5424ca635cddbc27554b1b9fd31648400cb94c49ebba9ab419d6dab54d997d0c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
7426bf82cb5db04e2ed2a872da4c2429

SHA1
1317935e5bd9258e60615b337a81cacf00f42a10

SHA256
a14cd5cabdd358949bb097b1ccefdbe1df8b425170c9e85c04ad6479b4501ee2

SHA512
19d915485ca84f459c1c15aafd873c2972aa2cf616d99cc57c218af91e65eb48c5c2068bffcddd7f32abbb8ea1cfedf68e46589e1b862fce49eb968c3bc28c3b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
c435ec34a7024244d1742424f8506ee3

SHA1
205fa71f7c22d669948ecaa5b5f83c9ec29fac5a

SHA256
9580420390b6a4f087ad295d75184f9bb52d3aebf65fd972153b7b97eac5e98f

SHA512
1783ed0870ed352e30b9181911ca54602993545f17479e1394a96f6400bd31bf5d991e5925584b9fe540a336458743540f4eb52297f99d9feb4f59e9907886f7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\ManageConsolidatedProviders.aspx

Filesize
12KB

MD5
a9fa076ddf0c6de935cb0b433285be4d

SHA1
1030ed4b89fc1b0eb3e64c442e9293d495084d8f

SHA256
b6aac50abde5d841c3bba970069e0955f752b5f4e5a111978375e665a31a4e7e

SHA512
96cb6672f0315712e488cf8b2132e9b67469c3f0c34a5255cf7bff371312c49bd344db509ed572ef3c50f00ec0afd7b76ee1dfa045c130181ffed6b2ae62c794

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\ManageProviders.aspx

Filesize
9KB

MD5
bfe98b88c088315338f26ef78e3f7644

SHA1
521f31cdf4f3fe3185e7564f85f36f76b2ef3707

SHA256
884eea9d1bfca856cf5d37bcf9498d2cc578538c6bb236638ebe7349e574aa34

SHA512
f3562da76ece72ebaebdba6a3cb48203eebc45dfed689a90eb300ff1b7cbc6337f3cd5846b8d0d10309722ff7599824d4f2f361f0ddd5b744b1b0e4c77e8534e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\ProviderList.ascx

Filesize
9KB

MD5
2be56ab5c67c971dd984a17a7578f71a

SHA1
4a12da7ff23e45f9ce70a347837818865f0d7f0d

SHA256
11a7aad532fada9b6d562598497cb05b994680e366a612affa84a13df4ebb276

SHA512
5c6ddae86252e6681709ce0538ce881da236e0330dc9209fdf776b3065b42ed8b3204d1ab6b611eea257c6eccac3501d30cca1d39dc875c7e2b4a6655c19b2b8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\chooseProviderManagement.aspx

Filesize
2KB

MD5
bf7048833901ddedb8df223770e32ee2

SHA1
82b728323f8dd35ce958e2ceb58f139d7bfe4922

SHA256
dace7cf2c829d0602ee6c13839229994b26081b572e4786832392d8d71c4fa56

SHA512
95a241a714385869d7e2e8c49314ab26ba49f65551572cbbb0fce8ba86a23c8b6c0eb160d1a77519f5212a84e16485f8803b6ae47dc1ed465a2ecfd35aa70eb9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\createPermission.aspx

Filesize
10KB

MD5
bb02d3dd69dd69f1e301a2c17859ece6

SHA1
cd0430c1650cc96df54c6821eec42bcb28a7d2ad

SHA256
6c6aaebc4c9039a33f253bfaece6a66675de4f88e2a73ef377667215693cde9e

SHA512
796c221e58ce46aab0979c2c03a7845948f1b1d46e94e14857cfe2acf745b8e2fd65eb14ffa566a9838d2adc79637302e197e69194f6e9400b857e2887512676

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\managePermissions.aspx

Filesize
21KB

MD5
98d0a0e5e7d1f0caef128f6d60995079

SHA1
290b994f39619278c7b4f73dc3ca6ab7c3f45002

SHA256
41e62a6da45d07326fb4e3276d18f398244996d9bf62e50f66eccd7d6f40064a

SHA512
21374d677db81d89e82ee23f55fc39d1a932855e1253957fde10db52869bf2ffcce9e07db53620e1b549492cc7c98c393b1ae18db69441c69d7a460de60e5080

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\editUser.aspx

Filesize
11KB

MD5
aaf0354b8a0f0091414c4292b455bbd7

SHA1
6eb57829eb46407c31b08f8848a1a43557cf1a94

SHA256
92eb18466f36493a98f5c11a207ae4574445812c9db3ca382f76f5851224c4a8

SHA512
c11a6da1838c3ffef8f98b57357c90b65370682c9ab57c2fe58a9c9afdcd090fd5a64f0c34178219f4ce831c1cbc5d1c6b4d26abc008c339e2abec46273f977b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizard.aspx

Filesize
10KB

MD5
e82cc7aa684a925e83ddf3b1449e08b7

SHA1
69655421497b311382b48c3a0403de1d4450067b

SHA256
4a6886b1ae373b5088a3b5f1c9d82006e67ff465ee3c7f228dfd24cc68c08a4b

SHA512
24744bb56e2892b41b8e93f917f024d0c3e89af941315cb3a72599292f0c409c9830a22a0379c7fea543de57506f36079c7855770ef62310ab869015fcb5f350

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardAuthentication.ascx

Filesize
2KB

MD5
8f0b6d8cdc7f73c706e471db01716b18

SHA1
0e7aa5b9107aadaba7ebfc55662314fd98a1a13b

SHA256
6004d2c916a04fcb27024e54ad759edd854408c2c739e95a95b2355fa83a2169

SHA512
3fc49a4cbe6640a32fd06abcf6d7cd84f2a4159d9ca62bc310cfc43bcec8c7bcce2c1d505df52b20d09e40a9bba85c8aa2e0a92d8bef190acdafec9d99535e6f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardCreateRoles.ascx

Filesize
7KB

MD5
b09996cd60bc59e4f63388860a4380a4

SHA1
c7914796b1e3119506b9516f03c3a454a18878cf

SHA256
a6078f0326adf05b51c7e3abc69a632caa65e8e30ad87be9cfb5b3b26ecc80b9

SHA512
810def44a7e2c6e2dc91f4bcfbf1e88d8a51baff9cbf5153859f614a8516eaee73d7fd903e455e7d55f0338e3e33ecba2be9ec5951eb70bf5c383daa49cb9290

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardFinish.ascx

Filesize
271B

MD5
90b474fea2e399c02c7e903dfafce5d7

SHA1
e34e8b75632c69bfce0265bd3bf5fdd0453c6ced

SHA256
5a1e3e15808e1b2feecb069eace2d1b54502291aafb4b8f07c994a62a5377f96

SHA512
7163f96a6785bd5910895b78d4bc6f8ef03f6ebde29f0d9c1968b2738feedc2eeff41bb2583d98e798df785c08471ce1068968c33d605b2fcee65ec2f62b5ac0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardInit.ascx

Filesize
491B

MD5
82b686b74274c66841363d11d4cf3d72

SHA1
b86769fda5ee1655bfaea6cc7ee308f8607dc3f0

SHA256
47ad523ad7bda3bf2f59c8a6cc864474528ceb22f5bca315a928261565f70b95

SHA512
763b12ce03a8218aacdd16cb2bb176ee48668af0595108c9510d09cb964a4afbebc2f4540af2ffce61a0b56337d3165164496c017280341477e6b4ca10046675

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardPermission.ascx

Filesize
24KB

MD5
404058a7d1ab1b83d75c76127a995550

SHA1
2c7054a9240f6e2dfb64b2b51a95540572a66874

SHA256
65264ac5a366358c8a073334094252500a6b46a9f383c06408e64d22396027b5

SHA512
a2c38e6e4d955309778c7722a343db5fad7747b1258f44c74bd95b612405f186630a1fec6bff69eb825e4244d75afafcffb1ee990c5ba6ef5c57fc5de18765d1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardProviderInfo.ascx

Filesize
1KB

MD5
58f4f692672a1c276ebb742a73250384

SHA1
a1f1a151f52ef613d4266ef07cbe429de762c03b

SHA256
160af3631e99f96e4b6583d799cfa2ed1f02bfd087595b8bff57eb809f1519c1

SHA512
420d363548a88af8b16ad783096a5a998b15799b9c34b72dd895615832b5706d16e8fa591e1185b089c6d0d0ee6676a3e67622882805d12e86213bc7b251ff38

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\security.aspx

Filesize
9KB

MD5
5ffc162d83ab638e094a0016d22388cd

SHA1
cc7e47ab103f6467fa26f05b4058356057c58103

SHA256
c1cce7164cc081b6e117221f13131eb341e0fcf603bd8eb495d9d2c14714e0bc

SHA512
c9c30bdc2914535346ef0c7e63e06952efdbbab9ed0d4424e565a47356ddabffc3eb01c8263a066e7c640161eefeb50df14a84ec6b48f94bc2e778ca571bd8d0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\security0.aspx

Filesize
1KB

MD5
aa3c49dda261828b521e2fc3a4e31d1b

SHA1
8d5fa490e814febbfc0a03d561f5aacd0c0da7e6

SHA256
c5c8db499e8823ffb220a2a571cee293ee7d7683ef86c3ada8bb612988bed258

SHA512
c7163ab3b4579747c5220afcbddea300e68fc64f9cf2b10cf1fd9e09836eb7fce285a6586cbd72cf0251fd33808f417c023a4d817c3dec7673270bed02cc19eb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\setUpAuthentication.aspx

Filesize
2KB

MD5
5d1a91cc30abd925b76c7b91c46b6782

SHA1
b6865afbbe132cfed5d8e1fb3e349e519a19403a

SHA256
e815426ce79bcf3bcf7df87a9cc3963b05ca2d480a8302b1d08e0a3bbd33596e

SHA512
6a4f3e8d16828e5e9a04fbb1aecee9b57def6a248fcdf5c8290385f29ee8f2da78bb18ad26dbfc20e34d54dcf0d18d048281296d908f5ae607a979b2f41afbfa

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\default.aspx

Filesize
4KB

MD5
bc304329f014f4597c6765a5b1e50761

SHA1
cc32aca4a49c7f3ec91bca2a2d2ccf1636dcb82f

SHA256
f608162505903651b366579eba5f8fa39f185b19993bfb870c2ab104ebeb13da

SHA512
86c9a4549410eb13490d00ad6e917d0cca60ea9d9dbe837de96e8729e5c9a81715c7c59a1ea20b40f13f0c7d1e405755f95c33e74e7fd54dd6223244cf80f081

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\error.aspx

Filesize
6KB

MD5
f8ae2d54dc4e85e96f138de4339948c4

SHA1
b98951d72224d717e606e8272830dbaeb0cbee19

SHA256
257c18be3327d29d7156bfecf700489e96d6d865720cc273b165b4fb39183b19

SHA512
e46afa6a9d343f9e26a4faf33497c159d84162432a1faba3beed5f29849c4c150cc02badd89269b63eb6d04e417ea6756d9c76388e1324fe5606de2fa9c4403e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\home0.aspx

Filesize
1KB

MD5
177f3151c32a04dac1aa4714b025cb6c

SHA1
be697d388c3b15992f48266cffd43896e948812e

SHA256
0cc1a63b8a33a1f0834a2c5264cf1135bfd7b809e8d569d378c1f37fc3fd9b81

SHA512
bd2fc910e61ddc65a123c892c929c68b6ae3306c4ec92ef273126db10be32b6d3db922d25f53ed961cec8146e73849824764c95c4670a3cd0d42408353965668

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\home1.aspx

Filesize
740B

MD5
b5bad5747cf8fc42f97563523aae12a2

SHA1
b0a511a83ef13bc1563a7db157eaadcfd78ab86a

SHA256
fd06c51a14d924496e7f27a6a8abbf47fd12819560258daf0f50a410b08d02b1

SHA512
7e9f7fe4092535ec70c3a1120067f6692f8444544481822f15e6e142a3528e0d8df006b6b978b0d851dd0d9313a82b2d8fc007d2e9053e635e76fd0d6171d20c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\home2.aspx

Filesize
1KB

MD5
6d2e7d502b81d2083d8a5d13ada8eab3

SHA1
fb6554a71c3e8248bd638a7196663b1778aa0242

SHA256
6312f292e2b16db0b9895203fd0056909d1d26af003d7f54c9f80a97227eb729

SHA512
52ff9a6b473740ce15b1b493b9ca3e1ef231d33b495de83fb591e3e198f832a3026e755da53ff89d407dc217e68bd36bde5d299b616e78abe4e297b3fd79b812

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\navigationBar.ascx

Filesize
8KB

MD5
79798355ff2703f82e99a3e5cde44391

SHA1
6eba1e54543511650cb790a37f3d4669406cf473

SHA256
353d125286c8ecf1e21374019b821293a56cc82357dd7d7cbe802137243cf57a

SHA512
2c854406baddcc3b898d4d1afdf9dbb81afc88c807e8bb21f82df131fda805e4d0a2f44e251e0e933222c4d820d6f52228848fd335a36667899835380071ba00

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state_perf.h

Filesize
318B

MD5
fc3cd7c41839d0b464bb9ae4d566b5f4

SHA1
284e85a7e39f40f96e7c2a292eddbfdd145c1be1

SHA256
4ac1d18b65aeb335b746d22662e67f2b912b4d6845c11fb12c7a964ce2080150

SHA512
bdb288a8f714776acc54e7e8144aa24f428420b116bdfd33f9ffb03e3a1b8e37abe1bab792663550b6c6079867ddb19f46b8515e6555fac5ced0d15ae176a833

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\DropSqlPersistenceProviderLogic.sql

Filesize
2KB

MD5
4f541b95e9c89528b8cbb6a5fe4ea299

SHA1
1a8893f1172b304d24c4f479c414d850fd6db57a

SHA256
302a0b8f76b191e28cd89b164b9edc90d4bd7a120f546a2c05bad7097a8f23fb

SHA512
d65bf298585974bbba8e312cdff03624d052c8e0baac9b4a46f0bc2a81885b80531e1725b3921169c530ec6370611585ff6f1f0bb5660b5cb483ff9e448f016c

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\SqlPersistenceProviderLogic.sql

Filesize
13KB

MD5
1ef66e3351377483e4531b86bfd608da

SHA1
5c29bca05af5ceb0d6d1b855a5efdb3be6f35455

SHA256
3f2ba65c279e946a72fe8f7150023af4fb8f7c02ed0fb365c7b81d0d53af0f34

SHA512
146e5a05b466836c500e8dd7d85fcdb356f6cc3ec7d772d6bac64fdf3986ba299157358e3edad7a20e0829f124127da5581a0308e90b4dd4efa999672f685ef5

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe.config

Filesize
161B

MD5
0f0caa23bcb998279380895d62adabe5

SHA1
eeac436cc4ee74da129e62ecdb669783f32bf1ad

SHA256
035dec7dc5dad13060b5b89fc13a9948cbbf6376698a862fa8f95fe7b8df8961

SHA512
a05a8625a7595693aeadb9950121a15af98282f91d0ad3c7f463c25aef8b0cb7bf8cdf55768d664c3f0bb97e56bc88f8197c5f6b6e6e927b5e8f4ad79f2dc3d9

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\PerfCounters.h

Filesize
844B

MD5
3c330181719c8e50bd46d4000b4c0b97

SHA1
9e18de0f3772d82b149df96a619ab676b606e031

SHA256
79b93a32cae2a57c04e88d66fe06b569c2e9ad42133178bac75a8c31d77ff34a

SHA512
e90309bd5c8fdaf51152dd22797aefc19dab336e81ff65656ede88222cb1303c8dc3721f0a29d5266c1bba35398efb947548de4a555c22325822f50a087734d2

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\_SMSvcHostPerfCounters.h

Filesize
702B

MD5
34e2f08c527bc5f68a1fb80b73db1f6b

SHA1
9b824b4e31e7ae146d6cb2e8ea7b0a90effbfc21

SHA256
3459906ec2f1398e99d204ba961c2db28378c99bfe149cf0eecac23948c91ce2

SHA512
2825730d94682969f3755e446b6f0296ff7e1aca1b8b87ed214829f9f44d45996e3917954159d9fbae472577c370c417df26e229320d3aa079f612d1db6387b9

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\_TransactionBridgePerfCounters.h

Filesize
705B

MD5
bd0612395ca0a429aa0c5a614eafae06

SHA1
cf1fe285e25034697c89f2fea5b5fb1fe2e0c0eb

SHA256
c958aec40f76da005a041dd555e59b508e3c9ca11b91dc09ae3616312ed07791

SHA512
db69f6cefba9a3d76c8b5b91d8e17670d73a41a523f88fb48b55ef163c4d1ad6b0fa6131f80d8c97fcac21789836166d1ecfcd1f2d2f4c36c3f9454b14f5b917

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_perf.h

Filesize
7KB

MD5
cfdacd0819601a8c9e8fd6eaccb7e720

SHA1
a0a02b0b2572a93da84fae91c38f45307036fda4

SHA256
3fad30cc1d518edd380e24517e2623364253ceee7fa510a21c3bd5360699c6dd

SHA512
4207acb95167c7bfd9746a2c966e9c780ea71c479b72b17c815d5215f3108dbf72d5c1eefc14a4433e682d0b47420fc27a3b6071eca581ccc38c823be0183a10

Download Submit
C:\Windows\inf\.NET CLR Networking 4.0.0.0\0006\_Networkingperfcounters.ini

Filesize
162KB

MD5
31c72a17e6ec7c557f75c6883952b8e7

SHA1
03a4edeb5c2cbb6b205daba646feb06ac2f95f28

SHA256
78c7f90e803cd50976698f886f20433978d10355f46fd0f5bc9e34fa5932d6f2

SHA512
5b70491165c51a4461b3bf9ed8298a6b5683ae3656709e96896a1745fb084fbd85636678219d2ea2643b54c4c56cc182f1250a311afe421573fa2959c982c6dc

Download Submit
C:\Windows\inf\ASP.NET\0005\aspnet_perf2.ini

Filesize
972KB

MD5
87e34ef1bb8f4546da030d1de196674e

SHA1
537ed005553b5b6357f45d96e254f5778da4d6c3

SHA256
06ac94b5925f67d424874570b9e046b1cb56069b7a92209b5ea2b564c45ccb33

SHA512
b7ab67638d3b2e3a432efc5714ef9c9df518b875278e3fd4feb6fdca62ccb1549c65842e1ebe3c2293e4c0fea8a9aa7e8d3deebdf5f7e6c8f167390fac6f0140

Download Submit
C:\Windows\inf\ASP.NET_4.0.30319\0005\aspnet_perf.ini

Filesize
974KB

MD5
fa75cfccba1a2da3fac6c4c5630fd326

SHA1
9e881556d9544efa3d97cc021157045c499456a7

SHA256
41d72d022e323cfa87794f30f7e76cac667e150a8f5b35fb0dec177b4725a2e1

SHA512
d8f69bfd8773c626044156dd34bf16707878de7333ed730a07da1c37cb5a7de09b484d4152274609c024f16d01d99a6c64b83a3d75eaeb5eec5e68c8c85e3119

Download Submit
C:\Windows\inf\MSDTC Bridge 4.0.0.0\0006\_TransactionBridgePerfCounters.ini

Filesize
132KB

MD5
3042206781bf54e7d785fb5aa69fa035

SHA1
5c7a566bd7d42818523ea5f9efc28074b8df9e56

SHA256
9ece3c61f15e81c7d86f5fcde9b2ebc48bd7c6d88e6091691b26b42ec960c34f

SHA512
b5d9a7cb47b412dd8b234132750d817bcb9cde779e88f19f6c82f9d1d94027e5b9f98203d5d840ce9d18182fd83fa9e417360c013fbe8fed68e190501a9f26f2

Download Submit
C:\Windows\inf\PERFLIB\0409\perfc.dat

Filesize
30KB

MD5
20786e2652cbe865f903ad027e832e6c

SHA1
10c499901d2b308a4010842bd720c80ad1d2b979

SHA256
f695cd415c530d53064d506e5e05934bd51fd841cceb2c16e578a701c20102bf

SHA512
cb502ec5bbdd7d33bd4a4c025d2e79f02a6e11267f971434d1d474679564893be22bf03ba836dd107b191a75b0ef89678ccc49e87a44ecef9d7310a8da9f5388

Download Submit
C:\Windows\inf\PERFLIB\0409\perfh.dat

Filesize
284KB

MD5
6a910a419f0efdb1b09bc9b759c67a00

SHA1
128fbb7fb8ceccadf33734ed4b38ae3f827f3746

SHA256
a25397e172cec0cd0d9ed022adebb80e3b74ceb22906e2793644b225e61ea763

SHA512
bbad6e9a510047c44bc2ba3a25e0818cf8dfcb91a93a2900a6d18c98cb4c9c1f5b32efc72656bef00c9af7564f18bf6fbb5b011a5272391918d6f311c34282dd

Download Submit
C:\Windows\inf\SMSvcHost 4.0.0.0\0006\_SMSvcHostPerfCounters.ini

Filesize
130KB

MD5
27a3001ebe0ccdd3e51a95f30bc93cb1

SHA1
2a6e6d513388a55d5ad66b4a59bde49e076c8b7f

SHA256
2da65f7389b2c76e9dea6dc5fca087eb50bf804cd09b930afe1699250ad1789d

SHA512
06c33aaaaa4ac756d623e7799c7fab84cbc8e5d829e2a0f0594e1c48ac336a76a931809cb2a1cb0af21063d4c59ccfa04eaaf93fbde119e4899ddcbd23391d3d

Download Submit
C:\Windows\inf\Windows Workflow Foundation 4.0.0.0\0006\PerfCounters.ini

Filesize
150KB

MD5
21c3e11c63ead733dbe74e48bfca36c5

SHA1
0dfc226b9fdad04b0fc2273980ce92f890ca1e8f

SHA256
bb24db20c41a231ea3b715e7dc82e4c4f52ff856f83f7c94facba4c8d1a1aaf4

SHA512
3a7cb8f24b8a96e81ee7f2ef826623916cdae6db2ae42e767ee00f8bd9f5f9874f30f55322822268c07f094be9b09cdf0e7c1f1f4967ec996e0fa176f1ac0a9b

Download Submit
C:\Windows\inf\aspnet_state\0005\aspnet_state_perf.ini

Filesize
41KB

MD5
64d2cf4b57759146a5d86e2d1ecbf163

SHA1
fcf60940f43a71c1817e69f231ea95c4f911c88b

SHA256
c3454d8eb16076376ee452e0401737de480d518d0f7926c13046a6e8772cdfb5

SHA512
845f8f531e3df3771adf32561f71547b5e1be359f4f31e9d7eaa1a7fa068740cc483cae48144dce1e530fa071286dffea792a3e4a78d1129dcf9f4fc3ac35536

Download Submit
memory/2768-16603-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2768-7738-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2768-12189-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2768-11408-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2768-10496-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2768-9338-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2768-13192-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2768-14286-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2768-16003-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2768-5508-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2768-4427-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2768-3576-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2768-2209-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2768-900-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2768-0-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads