7149b0e9e0c9bba01dd8740d2d5d6540e70b00bb98bb461b33847aaf97b67373

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
Size

380KB
MD5

c9c4711355a76d5b6549cc89946a9b08
SHA1

25159fcc503288bfd9565000b9ae24f1f1d4e5c8
SHA256

41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b
SHA512

5fca202356ff451b15a620b3df5b614a455c33b9ccd5bebc1c9d57714fb4e7cd4e7d61a467f7f1b3ea96a0dfa609cb295878b9583b3016539433c3ba46cc9ca1
SSDEEP

6144:fsXp2SJ1JvKH2c+VW3v3AOco3L0K6lOFEGfykp2sSzbAnEHIgA/l:kZn1JvKHLMitLYNGfya2/3ASIt/l

Score

10^/10

persistence ransomware spyware stealer

Malware Config

Extracted

Path

C:\$Recycle.Bin\ANIMUS_RESTORE2.txt

Ransom Note

<><><><><><><><><><><><><># animus locker #<><><><><><><><><><><><><> SORRY! Your files are encrypted. File contents are encrypted with random key. Random key is encrypted with RSA public key (2048 bit). We STRONGLY RECOMMEND you NOT to use any "decryption tools". These tools can damage your data, making recover IMPOSSIBLE. Also we recommend you not to contact data recovery companies. They will just contact us, buy the key and sell it to you at a higher price. If you want to decrypt your files, you have to get RSA private key. In order to get private key, write here: [email protected] ######## !ATTENTION! Attach file is 000000000.key from %appdata% to email message, without it we will not be able to decrypt your files ######## And pay 100$ on 1G5TThb5tcJ3LQbF4C4Tibgd9y7m3iYPFH wallet If someone else offers you files restoring, ask him for test decryption. Only we can successfully decrypt your files; knowing this can protect you from fraud. You will receive instructions of what to do next. <><><><><><><><><><><><><># animus locker #<><><><><><><><><><><><><>

Emails

[email protected]

Wallets

1G5TThb5tcJ3LQbF4C4Tibgd9y7m3iYPFH

Signatures

Renames multiple (1940) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\UMDF\ja-JP\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\UMDF\it-IT\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\ja-JP\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\it-IT\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\UMDF\fr-FR\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\fr-FR\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\fr-FR\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\UMDF\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\UMDF\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\UMDF\de-DE\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\es-ES\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\fr-FR\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\UMDF\it-IT\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\UMDF\ja-JP\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\fr-FR\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\ja-JP\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\UMDF\es-ES\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\UMDF\fr-FR\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\en-US\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\UMDF\en-US\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\fr-FR\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\de-DE\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\de-DE\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\de-DE\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\es-ES\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\es-ES\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\it-IT\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\it-IT\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\UMDF\de-DE\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\UMDF\en-US\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\es-ES\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\ja-JP\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\en-US\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\it-IT\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\UMDF\es-ES\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\de-DE\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\de-DE\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\en-US\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\UMDF\it-IT\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\drivers\UMDF\es-ES\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Run\MSFEEditor = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe\" e"	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\rdvgwddm.inf_amd64_neutral_dd691eae66f3032d\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\migration\ja-JP\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmrock3.inf_amd64_neutral_9fdc5d710dd63e80\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky309.inf_amd64_ja-jp_afbb421e3dc1cb6b\Amd64\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\slmgr\0C0A\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\040C\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\sysprep\ja-JP\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateE\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\DriverStore\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\migration\WSMT\rras\dlmanifests\Microsoft-Windows-RasServer-MigPlugin\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Bluetooth-Config\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mstape.inf_amd64_neutral_c2bb3ef1c45cd5a1\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00b.inf_amd64_neutral_89b555703683b583\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\com\ja-JP\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnis2u.inf_amd64_neutral_de46607a02fe2552\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\oobe\ja-JP\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\WCN\fr-FR\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc005.inf_amd64_neutral_31e08a1c2f933124\Amd64\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-GameUXMig\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_profiles.help.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\InstallShield\setupdir\0013\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\StarterN\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\sr-Latn-CS\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-International-Core-DL\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\0407\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomeBasicN\license.rtf	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\UltimateN\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\wbem\fr-FR\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\catroot2\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\ProfessionalE\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00b.inf_amd64_neutral_4412894f52d39895\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky304.inf_amd64_ja-jp_1b1a158086a263a4\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_aliases.help.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_environment_variables.help.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\Dism\ja-JP\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\StarterE\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\migration\fr-FR\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prnport.vbs	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rawsilo.inf_amd64_neutral_8eb7e6403ddbb7a8\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\it-IT\Licenses\eval\HomeBasicN\license.rtf	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\System32\DriverStore\FileRepository\fdc.inf_amd64_neutral_bbcfca39fdc02275\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\EnterpriseN\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasicN\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_neutral_c239ab5d36a3b3e9\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\migration\WSMT\rras\dlmanifests\Microsoft-Windows-RasServer-MigPlugin\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\Dism\en-US\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep002.inf_amd64_neutral_efc4a7485b172c07\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Sxs\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_methods.help.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Redirection.help.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netw5v64.inf_amd64_neutral_a6b778ba802632cc\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\EnterpriseE\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\0411\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmaiwa.inf_amd64_neutral_560c956da9bcd8f5\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\EnterpriseN\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\MUI\0409\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\fr-FR\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\SysWOW64\oobe\es-ES\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\System32\DriverStore\en-US\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Country.gif	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d11\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\localizedStrings.js	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tr\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Triedit\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files (x86)\Google\Update\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files\Java\jre7\lib\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_hov.png	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierWindowMask.bmp	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_over.png	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files\Windows Sidebar\fr-FR\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\settings.js	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VGX\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_right.png	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ky\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\service.js	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)alertIcon.png	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\ActiveTabImageMask.bmp	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Program Files\Windows Defender\it-IT\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\x86_microsoft-windows-utilman.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ec3a411cae651c61\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wmvencod_31bf3856ad364e35_6.1.7600.16385_none_efd4b2035f8b7c3c\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\amd64_faxca003.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5b22e90423063cb5\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-commonlogservicesapi_31bf3856ad364e35_6.1.7600.16385_none_caaa1808998835c4\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..devicescontrolpanel_31bf3856ad364e35_6.1.7600.16385_none_8094bd7b62d2b435\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..tlocation.resources_31bf3856ad364e35_6.1.7600.16385_it-it_98ea21b18ee4fb73\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_48fb7a6e69168e50\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..i-prnfldr.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b8d32132501806d2\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\msil_microsoft.windows.smc_31bf3856ad364e35_6.1.7601.17514_none_ab698c2bf8d20bb5\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_es_b03f5f7f11d50a3a\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..ncywizard.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_efa09c161a737ac4\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-f12_31bf3856ad364e35_11.2.9600.16428_none_d00b4e4cfd710fb8\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ntdll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_51346de63ffde7c5\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..leshooter.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0fb6edf7972284e4\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_left_mouseover.png	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\amd64_server-help-chm.nfs_client.resources_31bf3856ad364e35_6.1.7600.16385_es-es_eeb03109ea448867\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\amd64_ts_wpdmtp.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_743b10d418853fa3\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\inf\MSDTC Bridge 4.0.0.0\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Primitives\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\fr\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-s..iveengine.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4fd161061134e728\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ntlanui2.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e560288e34f95bca\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..try-agent.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_65e0536c28c9d9cd\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-netpacerinf_31bf3856ad364e35_6.1.7600.16385_none_e54ce8acbccc0d0e\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-a..mecontrol.resources_31bf3856ad364e35_6.1.7600.16385_es-es_dcd9ab0802196857\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\wow64_security-malware-wi..-defender.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f79fbfaddeffc610\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\assembly\GAC_MSIL\ipdmctrl\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mp3dmod_31bf3856ad364e35_6.1.7600.16385_none_49101b8df35d67af\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ntshrui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8314be35eaafedff\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-r..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2cb9f2652ac79e9b\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-where.resources_31bf3856ad364e35_6.1.7600.16385_es-es_58c1c5f67ed2e3d2\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..erbox-isv.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0773dfff86ec05f8\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\inf\usbhub\0407\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\wow64_microsoft.backgroun..r.management.module_31bf3856ad364e35_6.1.7601.17514_none_41c7cf8be5e02774\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-certutil.resources_31bf3856ad364e35_6.1.7600.16385_en-us_cff922ff7f85705a\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_73db80f37a680574\localizedStrings.js	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\divider-vertical.png	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..ngsupport.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_802447e51151acd6\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\amd64_wiaca00i.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_17c76a32618827eb\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..plication.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_640c560c977f8955\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\inf\ASP.NET\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\inf\ASP.NET\0006\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..libraries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1c847f00c28d5581\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-osk_31bf3856ad364e35_6.1.7600.16385_none_06b1c513739fb828\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-uianimation_31bf3856ad364e35_6.1.7600.16385_none_e771fb51894d14a5\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\amd64_prnca00b.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a5e5dc6b6ec43ed1\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_zh-hk_00d123a500a7d4f0\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_uk-ua_1706c73dfc4b3026\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-j..buggeride.resources_31bf3856ad364e35_8.0.7600.16385_es-es_2e4a0455742dfed9\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7601.17514_en-us_f62c53c2142e10f3\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_8.0.7601.17514_de-de_965b8081ce9228d1\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..do-backcompat-tlb25_31bf3856ad364e35_6.1.7601.17514_none_ece8864250806bbe\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\assembly\GAC_64\napcrypt\6.1.0.0__31bf3856ad364e35\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\amd64_hpoa1sd.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_08e27c34c758f731\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_divider_left.png	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-seccntr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9c5ba90c9a5e7f80\ANIMUS_RESTORE3.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\msil_microsoft.security...ymanagement.cmdlets_31bf3856ad364e35_6.1.7600.16385_none_26b1f4355e49a023\ANIMUS_RESTORE2.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\msil_system.data.services.resources_b77a5c561934e089_6.1.7601.17514_it-it_f572ca6b47de2896\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..orkclient.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b96369a01803be04\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
File created	C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_fi-fi_f70334504d66c1b8\ANIMUS_RESTORE.txt	41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe

C:\Users\Admin\AppData\Local\Temp\41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe
"C:\Users\Admin\AppData\Local\Temp\41ff378dcb0c1eacc3766a868c8e0245782c7f849d6e78380c7799b7771f2e2b.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\ANIMUS_RESTORE2.txt

Filesize
1KB

MD5
fd7aafd72a53a7c792f731c0f270cd2b

SHA1
a70af1806b71827595729def05f39f1cbfc31a0e

SHA256
7e1f8b3e519d3892da85a861b160faa16ec7f9a2455bd5a538100f9b03bcf286

SHA512
7a316558529e59c4da8646ed430c4e113cc63bdf4d55478f1ddf0283290e591ad0fdc40126464445ccf0e1e829e80561738aecdcb9b82c77e8ad3343d7221ad6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
a00cd389c5432960047abfc4cc34f894

SHA1
b5b54a73f73adecf2bb7a92c42bd4be100b2acb4

SHA256
79fbf7d272439bf9434fcb9b6c27236e9eb27eea120e7a4eff989a5ddd51850c

SHA512
71e636da149e146009d3169b6ab14b7ee3994b55934157cd7fbf86de9cb67818287b72b6a007b017619869e98cbfd02214e2d9aa725d2abf3851fd0ff3ea386f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
cf0fb1f68d35ceef56824b9322587010

SHA1
e812fd7e714795e9c2343c2d5cdfb360fa16674f

SHA256
7088f03755e352d205626895310765cc8f06005a109a7a33125dc6f944bdfb17

SHA512
aa15a05250e78711798e0d1fffb0d83ca4e5fcf84b3cf0fc7dd7abc6efacabe7d3e717f2f295cab1968023fa4cac5a0690214c0017c69d475da39b82f9e281a1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
f8dfb933ae4b7d802c6bdb53bedc6c81

SHA1
7fdf049b4927b7c9a9137f402c146541613c0644

SHA256
0a92e6296ac237eb14c02a40c57d3201c169f9590c234341a8a3fb4c2abc0475

SHA512
246ebeea9ca30e3b45b503ce764f7d5f1f14329b3ef34e71e314a96dca458f95b374018edc190fb5ea7b27804814c1d2bb60705d97710b581ddee03a96ff9375

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
ac12000bbf63a505bc929f5f2bc2a438

SHA1
5c37f753e9beaca62fd0a196fa0566f453b99d22

SHA256
44dac8f3bfdf57f81d23b0920666a4338ff8f346fbd93b257f94fce79804c9b8

SHA512
d7701af1c089aa96031a717d66215b640af48c8f7b1a8a4d87d45b9deea513a4a05c36accba61fd29c4feb47864f052872e6d4485bde25cf2f4065ecbed87ddc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
7572cbaea31639db5c718b2d42c6dda6

SHA1
817b2299e55b80dc32e7f057a3619366ccd1f60b

SHA256
da70370bc3d08156b05f0235a4b1c9da73ab5c770a7cc77c36838f8d8366a95d

SHA512
36c022dff4498d21d35c9d272fccd1d47dbd864c6dc565c002a529549817e3efda02ccba85ad13041c86fd2d831623424281bf517b9b150db507923e62c005a9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
fed662d266fde7e0417b45fb3dcc2b24

SHA1
f4f46fa033ad6b820ed6865ce24672990cfcdbf0

SHA256
c632e288eec1e969b9d04526868e6757bb37c232f7c02c430644513fb5b17d1d

SHA512
c7bf96fa1a07b6576b5aa8d05432c080009904880e3fbd6deb1a7d92f8e6dde4de5983846a411f15c2b2b48cc70b7eda5527de450e383c830e9382f96f74c15f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
6e9c14f7a442f9eff4808e70e7b454e6

SHA1
fd4742b90fb3ab1f4e8fc6c835820ac57b4dd2d7

SHA256
01991fc4eefb7d2f7607513436e2cb13d0b63f43253342308be2a06e0e0675b7

SHA512
782500fb950d121c41feeb2a388cdad6fa6a94b0d6381e302053c70270962d4c836581c7377f5b70508e2dcd491636c0992c009654575f9245b59a3748d73575

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
940b18a18beb834d90ebde93d1591221

SHA1
4e73de87b0a535820c3ac514a18b1bac440b407e

SHA256
588b58b0d7230c18de09e9fbae776dab874e45b03b9a72965a11e6fbd815ab83

SHA512
d98cad2155fee98a898a0410cba1e12a06e1da59f1d212144f8b9f70feaac3c48125ccdbf8cd8fe247e026a98297223a6f07c2ecc937936d6239bc864f7fed98

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
6df8a5a5117d2fb1653392b9d3a7a351

SHA1
49b77f1d7eeb96a8d1d6181808d615daba8d0310

SHA256
d10a8f14ce57e82e2e53a345b75eda4824740205205c511c85bd115ad21e969f

SHA512
9bd857876b4094dd43e66f3e45b9a8805042e97c2d54e85e157e92754b408b1815447ea5ef535af2366e27d5761bcec22b3232880c547b7e7cb7fee248a52716

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
297d7c06ee005b2b395774796ef256b9

SHA1
bee3ac4ac5f67cb6260921afeea3cdd28931c12e

SHA256
0182f0cd1a17424c072da75d0764e0dcd1fd22c93c882402209b19d743450e0d

SHA512
98b6728bc94266a80b0a0a43ec05bfb937baa198222be22e312b0e1befaa67c7c204e7ca7e8c754884b3eeb78fb9d4413c358dffee6685ca7b329c315a41dc98

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
f5aec8cd7954f7d79f161ec639518f93

SHA1
9621b9e399c46a9d37591a791c7ba37929eea03c

SHA256
2b544ab114f9b47227c14b714095ae7cea6129213c60be065b8b808a29a5ba84

SHA512
f42157ec77c97254c61e81fbf934220df0c470f706aa4bda3a4508cfd6fa1b29269dc15ef20123f9f86894172d1c1afb1b23108816820c213833a6ac6422b61b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
136f26360e0a80fd145c7dd66c5dffdf

SHA1
a67514e23f0e87a4e05e1a9046da6cd1ceeee839

SHA256
305f6745c20854bc78fc96cb0ca58ff08e638c55deb24e3741bf03d56eb377d5

SHA512
d93234e1adb4ebf31590ce153e96b01fc3a42e97195f8ae82f634c6702a8b8d7a5056dfaaabe770cfd89b81efd8681e126e3523133e7e8aa56b3074d037fc299

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
2af7780896baa57c368e4529be569c4f

SHA1
b681e9528b43ed7f8b969306d6be586c5779571a

SHA256
a0f377b741171208844ff3f9aab77a39a113cd282a7afdcd8b3272190c106a4a

SHA512
e2012f2ddd1cb59c54b78830e34d06e87ede69eb0929e8679da9ab4bafcb55ecb1231877e4a32557e1836af27c8f3141dffc9e21b737b0d08171d3b760a3ea7a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
a8a4681236c861fb59c65ece3a0e2306

SHA1
0911553e6f677b179c14a8ce1a53011060622998

SHA256
41d4cc2d36eea792707455aebcb20e21bb919e0959f9941284b31324f9c49e83

SHA512
55b86d67de9a4f82cd5829655e286b1b88936975ae1c8fcdc3d8bd814aaa303cc3bc269b2d4db34ab9cc366ca2c75b381f1e12ed4289df792534719e77944865

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
447a57534f7064b3a14b06df4cbc7cb8

SHA1
457ebe4fe320b01253f13554fc92fd59dec3c8a4

SHA256
1a07c24b68d4a363927e08cfc2d2df93f3aa2dabcee55e454843251262ca05da

SHA512
2b43eaab8de107501477cd30cc9a5fbb98395c4ef0f172499ccf67b904eb83a6d760a5c7093118d36fcb462b2a963742a9a9fb3359bbb09e83130b76377fe8d3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
677796299af424eda8dc158d66b9f07e

SHA1
6c80c1be9158593371a1054cc5f485c044c6625b

SHA256
05ea8e5061c2c3a6b80bb010fb3b084c08897eae04a900f8673884d4e8976d0a

SHA512
b1f73a30409897dcc4a919a545ba38c9fcf42d1914b421cfddc93d029e8ecffde6f23f8a2975e48cc6da1f735ac28486d3bdac08e24415732cabb364e7252741

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
8366e3f4a96a43bb470e7c3a489f2f15

SHA1
758712af98bd0ca0f0d3a523577ff2ce799c8eef

SHA256
65a972674ba415be546ce5e008f81066ed0e16e5ad48649456395a281b691042

SHA512
24b86657946eb0db5b60728faf4e7ab83d9142165d5ed58595bcb2aed739ca1b566af5f9fe6b7e3fa270bc22b6f670110dd163b3a378898749f0a693e71daa17

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
9bd596853ce67cacd931d657cf1b64c4

SHA1
69a08532238eac59430657886b80acf71692933e

SHA256
01701ae5f982f4ed697c9964820b214ec1bd57f7a18e80056b2933947f188a02

SHA512
df820e3fcbe63557cb211a2fea82e8f2a82cdfa088c120dc33af66b1585e5f8a09fc62b2766fa362d84953cd2d13e07bb7a645d9b5cc447c6a6d8ecd64910e0e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
89924a552a598be0420018d8baad1e92

SHA1
792a6ad56feb45d88257bb9b34b71ac81fd8a8d4

SHA256
e1d780f72f8cbb57bd5705428b2b30d375d060ba6aad176f4cb858815bbb98bb

SHA512
216a6abd75b9800c2bc5842c22e0d6c5dc3e728604b0975b744880ec41163199ce0ed8c7a70c517eb8ff9fdde55ef4fe7a23afd9e7690b815b2688cb36d017b3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
1a338271f045cab6323d04e23b551bdc

SHA1
c64bcbc31b101e003992288cff94120485976b17

SHA256
5e82c50f5eba17ff3a34dea399cf5fc12a9703551bc407aeddae2905aa046205

SHA512
03cf6f48513cf7bbfc5027c627a71216f849b4c0171762e46c0efe6cca6ca171fdbe5e85cd5c14724c0826435a916f867adafb023e1b2156bf8020dfb1d0a875

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
ddc537767077ec7d98a3a4b4705d508a

SHA1
206be96649db71ceb32fc7cc5f3544f742f729eb

SHA256
8dde878618160a76c6d8813d6082b4bfb4abccfaca9f4842c804864048e726df

SHA512
e03052260704643ee9de0b44689683e03a5d494d680a786079b30142158359a5466d3f8bd17eab77143f9458536897336e2699099c54d9b3796ac17548f254be

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
1a955f582cb0a2baabe4e9ff0cfae86b

SHA1
3d4ddcd2e5ede7ce2e9fc2d8d7e2583f4b6253ec

SHA256
627b3cb38b7f741762bbcd0aa232d688fc85b0d99c5c1c6b48c13dafcbe38ecd

SHA512
28f53d0ea696c30bbfa199a68189ddb40a1a5ed59ce9b88eb8f9aee749a51145e51a2986f3a56054c5b671ce8352d87c5c3f575c91b081377e6840d6ebba05c6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
1bf5228a3d32ea81597468d9d704edb1

SHA1
a9989c98a83742dfbc94282d0f78d447802662f0

SHA256
95382b717330cbdc0518c3e642d5a064e45d3931bad42b085cad2248f6aa55a9

SHA512
56e647ace7731d5d4821d7d9046d4a11e528ef4a46f0b3222ca6b12f4640efa3de9aa9eeb3b9d07d58b5fa76281c24189a3e95c2d688f9fdbdcd72f72aff6a56

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
89ed62f66b7d22dc66b4fc8699ad4656

SHA1
e890d21b4d8cf6ef5aeb7e1901bb2a0770e149bd

SHA256
2ac90cf064d3cb1b4bba908930c83ae59181ebf57e3594ec69f209f25d0eafde

SHA512
e6b424641dfa3e29c040ef9a5e58ab10a5eebef576a57c176b07cb29d4ca7d49e56a152585ed5013e9a774f2829ec9fceb1caa5fe87ba017bfc7109ce9a95f4f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
146a69d2b66c04e5df2fb3b517a3bc46

SHA1
c8187ef5768e1ddb6527b45f22611cdb1dee5bb4

SHA256
0d459a6493b6cd46ae8e5f9d27e616390e634dfd18481020bcb310c0deda7966

SHA512
67ac4c7bab369f68edb3c746dded1455c12cc3a96c031199b1da8d463add8656804ba5824f081aea3736c2088a5a6dba22432edf005954c2540b52fc086157a2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
3326ec32b3a73e29fbbd7314f9b9afb2

SHA1
1e194f44dbcf68870658d28df6937a04641dc240

SHA256
f5dd93fd126dae2616e0fe716b5b4dc721adda32d2f61996bfa9d2444558aaa8

SHA512
363337f21561f6b8a35d7d7ad3e2c4b4e50bc147a3647d96f0dedf6147a7d5e8ae534c7f3283bd6f0f683c88d756974157674415dd3bb35659912a66c7987e1f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
d59d3af7fda61b58575627059985ea34

SHA1
ebae609adb9aa0e5be59969819898910deb70c40

SHA256
7da516556d70d42da21ef278d30659999115bc9434d7ebacaf90ce01ff5ac9aa

SHA512
8f9488086bcd327ed9c4c2f7eb0a8c0b3210972017ef68d0c6379ed7f7ba153c7bc047497556173a231ff121f1434ab49e46da827dbd651eb62bf8629359b60e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
c878d51c523520812998c497537dba51

SHA1
238f80bda852e029cbcd33faceaf39449b7d1ab2

SHA256
4e168893349aecc8b91d34587c9a98294fcaebde7d04639e911497db67a23343

SHA512
79fbc6c0f03f216c05664c04d96762dae39bc578738d510c4cfa8f8a45a67883b021632443a9d1c67c33086df8fc22838c9eb0d09bdc557cd30d6a6048d63a97

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
36ed723264eb1cead0c6306b8f4e7c71

SHA1
7108795b791172ccfd42748d139c0b15a4e4c2ab

SHA256
2c6cbd83b4a4b1a922bddb0aa6313de61e6bc8eef2818a72aeaf8a7b2d830d29

SHA512
5130f529efe37c97dcf5a8168046d142b889dd1b3b503ced1ff80712e87a9114f1518d94b8cca52f7aa3aa99915a302c23f52ff85752584131c718ead2e87abb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
2e645b09956b0b34d774745cec84408b

SHA1
77ea05ac76f1cd867b857d938b96dc3d92a38381

SHA256
6eda1dd1af92126fc2c5cd6e2509592472518d45a90445cbb2a33d2015a496e9

SHA512
95044fabb42fc310adb58700a81aa46f890985e8ae807ca43f21b0d0207ab2a8d98005766adcd10050a753a3915dcdfe4f3c4e794abb7cd20bdffb03d8f0814f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
3956094f1a7655ea05daa21c9a8199bb

SHA1
ad03261843bf779407740527041300c4e989b6a6

SHA256
115208b116e203be53e90c0d7a0e70f3f2c46fee4c23dbe72145883f3b5bad85

SHA512
6ae2b735b679a011ddce0bc1fe05f8a271b49857769f17c9918e16e4c340be7908a920f226d6620bd3695a978572b7d778ba58d42c9c0d1f6ae74434699f1bf5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
7fce3f1c85dd847e95812916800aaddb

SHA1
1961bf5447b1f8105e87f1c10681e7b7e3978be7

SHA256
70a19e711fda43afb1766d3da5b6069b61c2ee103a5d9e2aedafe90bcbabf874

SHA512
8e5806bd4cd7da142af4c19d652904232a0357528a6b3f7a1a741e5b479a07fa91b026b86c5d96a1d42070ebf81178ea6467a02d231654fc7891046ad3c9510c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
26ffa6e58b7c8a48d8b14e119c79df59

SHA1
d8c7162467870ff1344baefdd3f141ced95a2b7f

SHA256
e6026dd6e998093f86a1d43eb4abc1d22e6c520b34945526b3c74ed9fa94955a

SHA512
24e0486186b42734914236b7b7af6bfd8c78726c41a737c9041895623ee28c97c095b5a365a0e9f140ab4e82a76240db04bb2b259a58fa2158c6e9c91175970d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
73e68fbe0ee7b498accbbee2165c3a0d

SHA1
2da654451e4963c7328a841567ecda0e5348fe66

SHA256
0cf534f31f07739383042ba84e67d00c6dc1404ed1919f59a5f7dfab2cf15686

SHA512
591fc750bda8d89b35200daa9f15df705c8b2c63e07886cf25fa8761e3643e50223264c544c83a7fa1cd17d79ff560de2effc6f5c2dfae607df614a8fe09549b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
c87332d1082ea234623fe022b971ad22

SHA1
b127ac85ad9ce7be018ec8086d3073929e41a970

SHA256
01f8d69aa070d58c7ab5b1d14f97b95b7b65fdf73f9e0ec554399f19adcaaf08

SHA512
54664aca107070f55036f3c41f12590e4a510097cb429269aad903df9f1edc33d2e3a5cadef52e1439821df593b8415751ad7d16eb645ff901974d2cd4fe1285

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
c32ccbd87f6262bb733b6a742b61c55c

SHA1
1b1ab01346a59bcc6ed7bd3de50821ab0373803e

SHA256
fbca986f15805ffd849d48fc2394065b764b25a67e966bb5cff6ecacff5c975a

SHA512
2005a9846a1d253da72bd48b1dcdae843aefe2faa573303ba17065f6a18e18f81a4332962b3dbbd10ddcd2e87e6c19ec6eb65d8df9e538657efa04a5f3d68dd2

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
1a27e49be951f262602c27daa8bfc5af

SHA1
84a1ab5af58b25f3ebcfe8ea6b1b09874b6fb122

SHA256
903416225e2f402ecb0fa801966883b1a325e4878b6d345f49d935d12a43fa20

SHA512
4cf90e33aa1bb6cd2f4de41d5b6b1b9668c91f27be5659e34244c50d5b88e0df1cce1ffdbe66e728a277a9e94cf42f8bbde0eb6c29d650683f722f48e83e9e61

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
ec4bdd9b919eb1c561e0e86ac60bf767

SHA1
1fb0cbbb6a09867e91fb1cd8fd8c9fd72f983358

SHA256
441729048957b23ee30499af324360950fa73ad19a4c430f252afc802558235c

SHA512
d2570a95fe284b6df966548df700d750e0aa4ecf2634eaa32f17da0c6c83768f839d58b9f5624d15f8e4cf91591ea374390b6bb49fc7e0aaaf5eb28d0ccb70b9

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
8903227d02817174328f734c013d8876

SHA1
433541eec0c7d93fca24e89a1f22ac5b9cf25a6c

SHA256
fef7de608d7b194d1cb767c0b5171b49253a7f3af45a7ac7dbbfed4ec48a5c95

SHA512
2d9f752c384cdfa0e997caf307806a404f13fd4efd1bb7541bcba872799ac81d46cb5534daddf4478cb6c04fc8f2f5c0aba63cce0f9d454a383be2da91efa2f7

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
ad1d9acda958fe614e60670ac8fef021

SHA1
cc53bdefaf26b680f33114e79f1bc0199bef6ced

SHA256
2b45ec32b36debd2e1e51fea5540f68242d523178611dd1a8d253d8a5cfe71ab

SHA512
81081f65a1b475c5928d9c3d7adef4f9f3cd04a7711761e77f098050f8a52fb5f7db37e47d0d3703552efab111397d27134dc68fec1e0012a5df6399969c74b3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif

Filesize
49B

MD5
363a8a659d8e55a6d1c22a82155ab2f3

SHA1
329068664e7fdfd697f9ce7b2aea135e16aa9d0a

SHA256
748090025b9dab4dc70d496d5c367c3338372b07b3754bc1a3aefe845c2f0919

SHA512
2fc3dfecb63ac01fcdfcabc6331ace8bd07c42e1d452373174773594a5272d39bda3dc42727be7348c90cab8cd0c9add894e7e26db8a1c993076b61ebda081b6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
6ad397cde318141817b174eed5a604d8

SHA1
403db9880780e27935098262ead63a26c5c94eed

SHA256
8468a3321b05b2bcd365c2331d7668292b54e7277c95ae9c18b7ff0ac0019e9c

SHA512
52d46e79cca2fbd8fda26ebd9b8800fc7cae3e0e126a1e32ec3cccc83bea29636eeb9d9c6ffe1be8c3c940ad9a194c9546f1947d95a912578c0450acf2fd8c70

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
7112539d6fa0792ebcb5c58358adfaf1

SHA1
dbf952a3e561460cb8bf1b31481212c088147f3c

SHA256
fbf62d012229f454016dd1e4975b94f0de07dda858a09a209c0719165046fa7b

SHA512
ad9e1217deeaf45b8c8c08bac2d8bf7e5280f520b4980001c4e434ced83dab7788b3446340d442a6e1ad28611f3a7822ef167efe8d51151e9fd78a03ec95c0b5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallCommon.sql

Filesize
24KB

MD5
97b6fea30a0706bfff0efc6be32f0b9a

SHA1
ebc979d67c89a1aa5243c009c8a93951bb498579

SHA256
5572abc21c709a20e314ebd5bee0462cd38d960c21404bee7af0934a53aba893

SHA512
bf43974f42ca4592d9732b4ecc238fda46319f5c0d854e321a776e4889170157032f075d380982728bf3a53bd9757e9b132bc1d5c585fb1e0ce0bae50e6aa6ca

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallMembership.sql

Filesize
54KB

MD5
cb821371e5707bea5c583e3f050efdf9

SHA1
6fe30b1677b7b4f67bd0fa570c61f2577c567df2

SHA256
3a9f621d00da9f716ea262ec2392433fa3cd5d6a1b1052e1b85bdd51aa7eb7c2

SHA512
8fc199cb093534f163031903a03271ef9865053bbfb04aef6455d553c27e1c7b895b875f437b6c8ffb773d3bb293e14b6e002a04605e8c6cd858f0b7f090513a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersistSqlState.sql

Filesize
51KB

MD5
33aa1dc7732d530492b173558842c0af

SHA1
c7124eb706f309461450463ac92026b3b462bd71

SHA256
3c0afb224f73d415a4221a693e0a08f5f8c60b3b568901683f21517f2257ceb6

SHA512
584b89e7ed77c73c4d614152bd1142e297ea9ef3785b63ea1b763b45aeb432532c622f712c972cf9875541de8c37f4d0b667e62c2eaf5a617d796dac14e60f69

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersonalization.sql

Filesize
34KB

MD5
14c394ef1c75ba5f065c5cd4715b0461

SHA1
69615463c1875b918c1c77f66a81e9d7a0199fe4

SHA256
64e0578cfd5be7dbcb3ed4ac311797dfcef8a5d1271a69cec6a6492631911977

SHA512
c5ac56e93d37bb73ee17f1f64fc73b34150697119aa2ebb5b70cc97dd33ce8641bc8aa3a30f54da539b75811b370ed4ff4e55d71e2054a5e9f20b3c431dea7af

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallRoles.sql

Filesize
33KB

MD5
c798edf55afc03e7467766d934f285f8

SHA1
94aa7dcfff2a49fdde8ec098221b168985297a3d

SHA256
63d9468cff49f22a2e2a4c4ecf4447085638a43aeb7d0155126a7a5e5d7bb439

SHA512
5b4e6dcc37a1cde96fe5e0c5be3688d12351983c914fa16dd8e6b86a20ab5137ac01a2fb11059f7519cf2692de00d27c5c49f714683c8dfc21dc647300a77ce5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlState.sql

Filesize
50KB

MD5
6d8e7f3d8ce7ee1300e42732653d4739

SHA1
6298fdf5b34a8046545a3cc8eb4f76ff639f785b

SHA256
4ee4ad088c0b3eb3f6bf6f03215e00a8cb4954acb669961464b7c2285b15923b

SHA512
f8f24821936b77c1a750e69fd69258b55bfced20d0a439e8a1878ac99ccc3c44bca8558eb051de9e804acc82a804362c0288e14ccd2e6368db5909a25c53743c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlStateTemplate.sql

Filesize
52KB

MD5
db1d3bcc77f90b311d7e0f0e7344899d

SHA1
5932858244c11679d99fe374933b52f15c1441c6

SHA256
2b5b80f54187ae506da6dbde5331d9be50557fd8d60a59849d089b6fd4160427

SHA512
9a00c1e33cfbebf1b5523008498293346f00be54835191d3fc2d632c20963119db367e6991c250240fff67cfae3a8ec33617c44ce4c14db1f5d77f75fad0b726

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallWebEventSqlProvider.sql

Filesize
6KB

MD5
70e639e279fbe8437ec128ddad2fdb55

SHA1
9cdb8a074ce6eacb445b77ad07ef35ae62a0ee42

SHA256
3d9169c567de307f09c93121039fd141482c6866754f7c65e25fc9e18ec4064c

SHA512
b0faf893921c6510ed927709467cae3fde6c8d02250ef2543cc3912500111532a80e6a3cdcbb5e39e58c2b1cf45f9d944de70a8215103349a79cb513bab19d7d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallCommon.sql

Filesize
3KB

MD5
3becddb501c639053483ab108b37ef39

SHA1
d4f6e57fe42e6e12552061e746ca98e6648f0f4c

SHA256
92ebe8274e338ccccc620609ffdb6cfd7548b2f0a7b370535bf12c5b23aae6f8

SHA512
b92656cb78ea5767f4f11d0db107747958386d5de6a4628c978c23d3a6f11e0e7ebce18bc65b8541ccb86fa59b3a204b2ffdf1b6c0714141016f55f60813405e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallMembership.sql

Filesize
6KB

MD5
788219fb8b636d1c3235ca1b347cf51a

SHA1
ae9f52cea97656974a994ecb6b34eaca6cbe2159

SHA256
1ef9b80bd7dcc0433e7fbb898ab31c266f9c08d68cb8e74ebb9fe8584a6b9aa9

SHA512
e25841ef2b8d51b0d2ba4ceb97d069fff73cf1b192c6ae6dde74d9235cac1419f5dc12e209c9ac4c9a03097e87ac1131ec2f2b1c6483f5430b01fda3f51b9071

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersistSqlState.sql

Filesize
9KB

MD5
7b3b2f701f379a08b6e1eb055fe96735

SHA1
f602a5be5d5b1f33fa133ce369fe9794a02deab3

SHA256
5d3f9bd1f4f7f02ffcecf7cd347796713948924161c546d850be9f8480c47c26

SHA512
4f53dce94d5d4a7fbd35703ce618275c40ac8437a3e35e2341db06e38742040c69663a4a95d8c56bcf0f35827ee4b67eb98658770745f36b414cd035e073b1e4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersonalization.sql

Filesize
7KB

MD5
b92eed94bf4aea2528eb7df34ab3df53

SHA1
5db9ca9e36810c7b1d751df97ba2988cce0e5a92

SHA256
6745f922787147b28d3290d79445a092a7f4506c49c85877e0f9b86a6c02e2e8

SHA512
e7324b7bb0c895b467001bf03876c49d4767568a80a0d5078a27e694b7413c544762b9b9467276ed61f1559434c00b28e7ab258de8587118eb90355b9b6e10c9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallRoles.sql

Filesize
5KB

MD5
59de68ac1eee35f1b967da1dbf1ff2a0

SHA1
5235260302e1e57594c8ad727d0dce378f513511

SHA256
645b460175ff58583d4b751b0581bd655be8528dadca429aaaa20fd48b1ed2f0

SHA512
dfc90323f7f44c64f97f87fe5360a4fa25e3d41b7b3a7dd69d85cf7e5f00ab286180744b4ac44356942ea75ad3050cda323019a25dc6ee1abb523c9b41bb9703

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlState.sql

Filesize
9KB

MD5
179b3b59ec08656424332984a1ab4ce3

SHA1
a029353c153e893a615f2597740aa5ede86072b3

SHA256
ccd5b31f0c1fd98c398465c5a9eb5ff2c0c9438f09f09906eadd3b2807b3e433

SHA512
09f50cc18c2dcf21d4aae01d0a67c13b04040109786ac8df917fccfed4cbf67e403d1ec947d7f92dada8bd06b0c35b4b9c419cb90eacae2d19dac35ad5e0f9fc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlStateTemplate.sql

Filesize
11KB

MD5
3df546666296dd5e8ea3e80c9a372f15

SHA1
52064a06deab61b954873c7ad0054c23fd3f4439

SHA256
cb6c532caa24ba6af2c185277f1a15b1fed5bd5306b91c4bbcc0df26849115bb

SHA512
8a2257390df84dc39dffa9099544e75c02ed21a6381ea68ac93be8fee2f9ff074139ca459beb95cc55a39c8c2540f0482aaee5dd75497f3e1d875acc2754d0e1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallWebEventSqlProvider.sql

Filesize
2KB

MD5
58b193d10a25cadddfc42e8978689576

SHA1
779c60e191cad386c0e264886153c64788cca9d7

SHA256
bb140cb6d7af6ac431f4f0cce67a8b338d40dc81c46910929791cd62ef0cdc0f

SHA512
583d62ae37ac40e3ac3830036a11f37edab59e89c411277842d0c84df32706f2615ef5a5dfd9428ffdba24a422d299b57e3d9f2804951fa3714988fb1f682e2e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
e40d13fdd14a7a931abc4e026522dc0d

SHA1
1bce6b735cb583b04d4ef3f8eaa748418ab4c2ed

SHA256
5ada7fb29e37f8db5cd48ba42e98cc325c195cf50af4d669efa25338e639bd6c

SHA512
82251c91859ac62bde39aba3d899790987c3ad80a6d71f17ce58801b9bd4120f436e2de65883e5a1e45f46b7610770b6fef4a44b77ca213989d75e14c4afc4ce

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
3841454f506f603015808a6f8a848269

SHA1
5e1e58d900898d547cde29c91c98166b885bf29a

SHA256
ad32f15d1e17d3a98938c25bfd8d8708f520908eff456142c39734bfb328e783

SHA512
198313f8a7036d0200a967d6a8aa3de62d55cfb9461831c0569f1d98c1f75275d15473f4affe184d52b67d747f113eafb154676c7c08d9c1fbc9bd51412ef1d1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
cf16c45fc3dc05ed8253821ecbd62044

SHA1
0508bef13417696f2074d45fb5eabfc8ce558945

SHA256
0ee2e63f6307edc7079fff6a6a9dad20018e3aeb86cddfae89088301456d6961

SHA512
a275e7f6e04babdc5cff26791ce5f08fe7d2172143be4820f3c1a166fbc86959f75b539e3a8f90961a40e843723d11421f1f5d9289eede0cfa9c0c544aec664d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
278526e2303a21da6c202abeba54d29c

SHA1
b685149b6d8222eab2d7eac3609d2824f414c79c

SHA256
3b0862576206a3121dae3fb69c216f2be542f41d55a0e8581c7545ae35df2f6d

SHA512
4517d53ee850ce64aa11f939aa7ae8ce1b245005276b1b8674f64c56aadcb4be9ceeb76bff2569b91f593d4d0b5366cf31cb9bdf5e56565235290da8211d8b27

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
1396be8c3f122f9cb1ff5385ad6b6bab

SHA1
fc1ab8c1d5297b5bd488de3c1b30385993e4cc3d

SHA256
4c44e40e0439e2818ebb808b4f1fad826ec2953b02f9116db9bc39ee5a639ca8

SHA512
951b75d9184a55a2b0daa3e928c48131d9ff89ca18e07268a8c1ada2054a4b0d2ae18c4b9ebf27206a073fd877d4aeeaac952e019141500fa87d8d6d58ccae82

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
5d4b32a04819dd68b64c35f1d204f8c5

SHA1
5d24b3cfb38b005ea633701fe571a69880d5aac0

SHA256
5d3ae545b65fbb9c8d6d6253ee04990ae3e2610c78728756b34c101f9f7131d2

SHA512
115837b2548648bf764485f62f6365673c599c5663b454b998ffe18f9d6925bba87f68477851c4d642aec980ee614b1995ba9b383ec96f4d346a6a6a6eb1dc2e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
b591a21dc3d90ad1aff86cd378624d01

SHA1
6e9872f256b2acd5f27c3688122465d8cd079247

SHA256
35bfb1731d91b78a8cb5e33228dd21fc62f2c8826b90918e488db352684a7696

SHA512
9a86823d0413ad533a06a3fce48212bcd568fc02838ec01fd0d39a716b51dbf0142201bad01853de76d33270dd1955492b8ea2ccf962d3e39da4d143ecddaa17

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
18bbcb927ea0e332e3a509c6ef4d20da

SHA1
e011a064034a011514e6954710a4a5653d5a5d08

SHA256
6077b4a29d496cc4b2f401d59a8f04d4d233b75605d1a0b6f61b9fe97a8d2441

SHA512
555e3d6c4eb79e255d1e90cc6a98bf8d0b36fe66ac38ba07a74bd2a0750cb6c44f985edcc605083b49ab141a07f7f16409eba2408710f694e6666229d1be7e43

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
d68cab0291bf52903f4f15f8b95248ab

SHA1
b9758717d5dc95074534159ae3c6252993e1aba6

SHA256
c94b657ed0b2c79ef5cd83f47c129fe2c18fc4834274cfd2a08b6f436b9898c7

SHA512
cbd316408451c120ac61a13d08145ee66129425c98d4c5ff5a75646a1715dba976a6acf120b92ea99019ce2cfc76f980b83cf4a099fe6a459f56547e74a99783

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
2b46196033f886437eead4bf8bbbacb6

SHA1
dec852a5264c504bd2c0ef72634a5a0a68dcade3

SHA256
b717d9c5f36e8c9a0df18005d3376a8708f18ab0631e832b59c09150bdd17829

SHA512
d608705cc57627c01acf0b279ff79dc8fe637c315b94891163c6b752719d22755ca0bbdbbb58605802c7859ba728ed61564eb3098f45a455fa0c6fcf4bf38a3e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
65f6d87eaeef1058968a1b616241e6f6

SHA1
7ff74d0cd04597f41eaad1900a5eb78d79b57bbd

SHA256
7335333656528b517b9990c6c17ace2f1771597e8542500486da3692871383e6

SHA512
3b8073aae02a5697ab37e9edbddc46cbdde7823e2e4e4408b62c70476d6686d3655cf6c0ff10e31033c5e22d1aaa61acd5571e61324b9aa6a86927b8505c1a69

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
1f18368357007acfe1166004a63107eb

SHA1
0982feeb1a82170ee53eaa8a32b5fe5c7c391806

SHA256
a78993fe965f252aa0c4e6bbe0b629fa9330fe6321c898535d11fcbf41f86882

SHA512
1b876638fd86557577190397b0733d1d4b0cd80895b2d882a8cab641a17ae1d81dfe026a40e7e3dddb8a5edacd0db3d3fb86285bbb3e2c0641ede58a7bc99ed6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
fbf1b705d49bfd3b1760f7bbd869e1a8

SHA1
607161d1cfeb6f5593e7e5d04fc71fd64aa3f9ed

SHA256
0644e5dfd6f42936967bcfc465c003c188c2769ce70a9862570bed9486229e44

SHA512
2038b80891409818a9959fd1ba60b36e1232c81d8c7efd477fa865292ba8cc66ade2ab0106f3a1d8485671ad162a898a94c1aab75d72ce8d5c4b998f34585f34

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
b3e245605590ce61d9d833472e2e953c

SHA1
4a42f874329293b3ff645163edde506f87dbc059

SHA256
552ace4178528271423ff0fa0ccee6359308a2e7d0948a8359bf699f57514d7e

SHA512
64af58c85f089f12c8592b99946a16552c218dea3872165e3721471babec688c6e574d5d7cf14e93b744480e6747d8ed0c0284ba481d79195fe31e98f24c4727

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
1a4dccc97b228e7b0ce32b6e3c6d0fce

SHA1
d5eb17e27e34ff4a60462b03f08b599319f66bc7

SHA256
8138613d7df07da23b9e660253312e6bbfe91ff1e689b2896c9aeb106236956a

SHA512
e696c4cb8752e8a954e639a226c195b4e98041846ee265e1d258d19aa59025ca2aaf951f8ca591ce5050af8aa0a80802d9049e046d645cc18906d4779c35614a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
52967540df15002c75373dcdc52faddb

SHA1
b182eeb500978c326fa6c7ebc307fd8a9db50a73

SHA256
7963a70916587f943cdf35ad2f3e0a7bbcfa11316b2a92f1ed9227cf47c0434d

SHA512
ed69bc9a9aa872fb25ba32708905e2a4ded099f0342b36205d38336a53961f9a7f39a2f6b19c2b14bd2d767780428444af98c11fc015bbcc4842c8a1b7133a77

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
aa55aa4f363cb55b66a1b7593aebf49e

SHA1
eaf2a2bf9e4ae00a9352ae0d781de876cf22e5eb

SHA256
e80a1177d736a88f1b5f369ee6803b589477fccc0a334ab254ca2023e37c73a2

SHA512
596c0476ff4cda49d42ecc014e525c0d87edd6a8e50091c436f10b95e067fa1ab005bd628230d67a93bfe4c80f77c37d311ca120ed55d9044853b57952e8c710

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Logic.sql

Filesize
23KB

MD5
fbd6ebcbc302188a908ea183fdae3ab4

SHA1
141ea17b4a2f6237ca6a9237ce819ddfbfe845a8

SHA256
cdbd0d3e10dc8df6e46ad08767af7838b5fdd7cb9cb4c1989b4a022ec1ece73c

SHA512
44dc3c639dcf52a05875acc3682cf6d2e192d7e574d89c9d3a51a579dd3ee05c78cbdb58c099ec19e872d0af1c2e222296fa99e3c8258a6c261d7101fbbc2305

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Schema.sql

Filesize
4KB

MD5
c108c401b98bf84d6847e0da882e2351

SHA1
3414864a6d1db2f671893f77b04ff6d0635b09e5

SHA256
dc0b0722d77422524dbf2828bbb1394c5e7a175447fe91002c216b524c398905

SHA512
ad882eb9d68db1f8349b864ec0eb17b672495931467b6e2809f76bb973af64cb47d747374ab4e70b764b4fce988c67d2cc585e6852d4c05f2089d0102ee2e98c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Logic.sql

Filesize
372KB

MD5
90c115cff5813098481f990be01d4106

SHA1
73c24c016ec86d4a6254572191b3d4e61e33d750

SHA256
42bea92e3b3427629b0717af00f12dc72ea27a2ec99d1c0d90d66a989729c07c

SHA512
26c24b2092d003a47e52d77ee5782c6e253028460ba0cdd8c4521e1e6af190f6464f3b4452c95f02c12c9b1ed231b3b2d37dd9d3dd4cd42547aeeb1fafee7273

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Schema.sql

Filesize
49KB

MD5
f3d1f85aeb5fea527e18bb4e1d40fe01

SHA1
e29f190558750bb4d220186e22296f515ff904eb

SHA256
ecad335dae076259b6b8a07a6b1e9619cced00377cef8a83897d91fd1c052bd6

SHA512
fb5ea324e5a107fe37aa4568a03c4d2971ccdcf8696fa095fbbbe3b61a77b6e1cdfa5328c71aae4ec4f88f67a85b926256d7fc29affc56942177512ecf05c818

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\_DataOracleClientPerfCounters_shared12_neutral.h

Filesize
444B

MD5
122f90207cd41522b27881d1a6cdae67

SHA1
fea314229a9837821660c64edf4b58ea67e91a4f

SHA256
59283117aae00c441ee867891daaddefc99447ddd0de2d042b4b203fc5c30a3f

SHA512
9373ac9e758102fee0a9c38f80b9362748d5c49078d92d8dbd687e1de202136f3261fdb510d006f2e7e9ffd717470d6f6eae5cf5266042c4cce83c14744b5e1e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\_NetworkingPerfCounters.h

Filesize
1KB

MD5
fcb9283289c08ffa2d9d084086c341a3

SHA1
572f3ab44bfebaa6ac74497cdd1980e64748b343

SHA256
b80791a008d07b34da7e3ce9287e4ccc888071961d371a1124681c310643e22c

SHA512
b08a2f8aa6eda91d69a3134631a334c15e90c35671638f6b6efa2084ad45fd6e799a72d7f6f0188a8c364230627dee3151c9617c1fb7beb6a82e6b7bd44ff336

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state_perf.h

Filesize
318B

MD5
b17a7494ec54c9d9cbc3fcf9db5f7529

SHA1
293c1d08426515c096e8254be5c761bcbfec05f1

SHA256
b0e5a959618b4112bdf724d9a01fb6c6d137b02db360b78b6d88574309679d26

SHA512
bb7aef5f987c29392bf879886f6587f8746fa74283c9fb230c49955e4a17a9ee82e0309a2b871c7464a0563b7f3a959af7684ff6c72b68ddc164022b3f40ad77

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\netmemorycache.h

Filesize
381B

MD5
01385e861f2c19001ab073a6669b9dc9

SHA1
0584d3ee66260e92cece4147887ab6cf7e1f0d25

SHA256
b978579c120c4faabd9eecbea3a4834257e4360dbda2cd54236f11e91c848204

SHA512
59fe186ffae23b2153b08020799bde5cbf1b2f329f1b43072b26451c9132d539f4306a41b3c69f2a23cef653794764ad60f730d9ee02de4c28a8584c345f0539

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\DropSqlPersistenceProviderLogic.sql

Filesize
2KB

MD5
c38227a1e9ac944393b2c6c7399220bd

SHA1
6d7f8920542e88a04f667a5a7b7c0dbbecfbd4ad

SHA256
0da9e9ef58c0dc894ed426baf9cff0cf3f821e32a81e50a0a4327d0cbcc6fd1a

SHA512
4d16404eeb98454fb4449f49276b88f8e10be07e22ac4fe0f963a48c55c8a9e321257f0982d6fb7d7419cb31dec61835d900be947548fd76e0844bb20297622f

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\SqlPersistenceProviderLogic.sql

Filesize
13KB

MD5
2889ee90d5611cb584f458c787024722

SHA1
f67a7c22e829bacf2ee5f2ec9c94ce489c5ca863

SHA256
970f76171cafc5d1ba9a0fb0812b8377f919e1dc2bdb99cf14cda7c1dcbd30bb

SHA512
4d82fb854fdd4562272efa87ac6ad2023c059c33c8b6b8f7c885593a8e351ef0d2329a16137698cee8570f6a1dcbc9f150deec28a68d35673fb38ba379b13db3

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\PerfCounters.h

Filesize
844B

MD5
f1fcf2d600347aaf8e91c4b8dd04d3fb

SHA1
9217997a4d685cdfffcaf2d34f37bf5d405b46fa

SHA256
3acf36d8ec59efad3f08c4578e9e74daa852d78fe107378000a44f231eff8ca3

SHA512
b357b9fad1895589cee6da7f8b12ec2d9c2ac67b885cd30a411a0f57cdfd7b167e082c6bf8083de1060378af080b9f77ddb64587cf4740e7b4d26d3e754e02f3

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\_SMSvcHostPerfCounters.h

Filesize
702B

MD5
1720ee50d8d221ccb10927a14f3720c5

SHA1
63a226a2d0b1411418102c7e5e07284c23f42fde

SHA256
8d89345e1d6d38bfa377fc65dc0251601e6fa29aff15af1103585f55d0810b77

SHA512
5d6ec5e87f09aa8178dd4cf35a362c72191f2b21d8452c799feab85417a936c261e75ad5838289924cf1e924a9a3affa7dea814088be5046c53a7a16af646c27

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\_TransactionBridgePerfCounters.h

Filesize
705B

MD5
446ba2fd45b03d94a195b45837136960

SHA1
edf551911e0b453382fef2e6106b45485729b29d

SHA256
e2a74ce720ad24ecfd57da6fa5c20ff36bc2c772ad25fe1b9d9bf7864a78154c

SHA512
20fb699858f713b424e4c0524aa79c98d3530e37bc288c9473314143118fdad93ed761e1a98505fadcb84c44ca240c07fc12088d43ac4e245ac2c2ac05ecc53b

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_perf.h

Filesize
7KB

MD5
31c86622a93efc230b11f88a556d5b9d

SHA1
e7b0c58bbb6cc4515c2c1712470559c8873f0c5d

SHA256
4220bed629fc3605f3c570511fe7d432600a25dbb98d58d01d4d7dd4be0c38f3

SHA512
da292640b3df78dced2fbc39bae3c4619f1bdaa51f43aeb15076276ba19ee326e5f2e0387cbf7985944d6e77e58f01f0568d71daef87b5627c324bc1d8d662af

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads