xorist | b013b979c5af00f1bf252afd94595a5adfd0a88e53267d7c17c9e89d18ec4b31

Analysis

max time kernel
131s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 15:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vmpsoft.vmp.exe
Size

9.3MB
MD5

1af347b1b2623db94b2989c2a484f478
SHA1

e51910554a9f8cc0af056abf449ca176389ebc4d
SHA256

b013b979c5af00f1bf252afd94595a5adfd0a88e53267d7c17c9e89d18ec4b31
SHA512

0ee008b67bbba078c7a8ed526492a32416f0d33ad825a4b9d382d570847dff8202775b5cfd4e6a137d8bb06ea3fc184fdc6d88cc472e69f2417dcbf252de5472
SSDEEP

196608:1/owwGS5r7uSEjLucA1Qr+nXEU/NCevTkIFOylylEv6rcV/sH/b:2DdrSSEjLTA1Qrs1NCevwIFkaEfb

Score

10^/10

xorist persistence ransomware spyware stealer

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

resource	yara_rule
behavioral1/memory/2084-5-0x0000000000400000-0x000000000125A000-memory.dmp	family_xorist
behavioral1/memory/2084-23-0x0000000000400000-0x000000000125A000-memory.dmp	family_xorist
behavioral1/memory/2084-35-0x0000000000400000-0x000000000125A000-memory.dmp	family_xorist
behavioral1/memory/2084-39-0x0000000000400000-0x000000000125A000-memory.dmp	family_xorist
behavioral1/memory/2084-5351-0x0000000000400000-0x000000000125A000-memory.dmp	family_xorist
behavioral1/memory/2084-5927-0x0000000000400000-0x000000000125A000-memory.dmp	family_xorist
behavioral1/memory/2084-9874-0x0000000000400000-0x000000000125A000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2497) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	vmpsoft.vmp.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\HspK19bVp7X4fjN.exe"	vmpsoft.vmp.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\megasas.inf_amd64_neutral_395276dd9b7a7448\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Comparison_Operators.help.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\Dism\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\DpiScaling.exe	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00b.inf_amd64_neutral_4412894f52d39895\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep00c.inf_amd64_neutral_f0d9ddf52f04765c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Signing.help.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_debuggers.help.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\certreq.exe	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\multiprt.inf_amd64_neutral_988a34fc912eab54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnsa002.inf_amd64_neutral_d9df1d04d8cbe336\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_logical_operators.help.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmoptn.inf_amd64_neutral_be2f30f68f2a5567\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_neutral_86bb50f34c49ae71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\fr-FR\about_BITS_Cmdlets.help.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Command_Syntax.help.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Continue.help.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\IME\IMEJP10\imjppdmg.exe	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\msdt.exe	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\slmgr\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\TsWpfWrp.exe	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\kscaptur.inf_amd64_neutral_6cb3fb6811a3f83d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_neutral_4ca64d28e1be8fa9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\Dism\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\xnacc.inf_amd64_neutral_13c4e272a96185a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\LogFiles\Scm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Session_Configurations.help.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_escape_characters.help.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\brmfcmf.inf_amd64_neutral_67b5984f8e8ff717\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msclmd.inf_amd64_neutral_413d17c790177eef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc302.inf_amd64_ja-jp_64ee91a0bf7b132c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Quoting_Rules.help.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_output.help.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\atiriol6.inf_amd64_neutral_bde34ad5722cca75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcdp.inf_amd64_neutral_170c11f3a6d3f0a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\fixmapi.exe	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\migration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_arrays.help.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Break.help.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_If.help.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_regular_expressions.help.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Switch.help.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsusbhub.inf_amd64_neutral_c67606b3f53ae4d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\forfiles.exe	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\migwiz\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\upnpcont.exe	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtdkj6.inf_amd64_neutral_8087946c82068597\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\IME\IMETC10\IMTCPROP.exe	vmpsoft.vmp.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbadhlpeimbfkoch.bmp"	vmpsoft.vmp.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewAttachmentIcons.jpg	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21308_.GIF	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21324_.GIF	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\HEADER.GIF	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\TAB_ON.GIF	vmpsoft.vmp.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ACCWIZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\Shared24x24Images.jpg	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png	vmpsoft.vmp.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\TAB_OFF.GIF	vmpsoft.vmp.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PROOF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\settings.html	vmpsoft.vmp.exe
File created	C:\Program Files\Microsoft Games\Purble Place\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02810J.JPG	vmpsoft.vmp.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR47F.GIF	vmpsoft.vmp.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png	vmpsoft.vmp.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01297_.GIF	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif	vmpsoft.vmp.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF	vmpsoft.vmp.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101856.BMP	vmpsoft.vmp.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\QuickStyles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\glow.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv	vmpsoft.vmp.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\settings.html	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv	vmpsoft.vmp.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\Windows Mail\WinMail.exe	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\BUTTON.GIF	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceAmharic.txt	vmpsoft.vmp.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_choosefont.gif	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\Windows Journal\Journal.exe	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Orange Circles.htm	vmpsoft.vmp.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01243_.GIF	vmpsoft.vmp.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)grayStateIcon.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent_partly-cloudy.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png	vmpsoft.vmp.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..rsist-rll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_449cd72d797d6eb7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.1.7600.16385_none_cd7aeeff1897d018\unlodctr.exe	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_0ef77558298feb6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\msil_microsoft.build.tasks.resources_b03f5f7f11d50a3a_6.1.7600.16385_de-de_4ffbcc9075d0038a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..ce-common.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_32649e3ddcc6caec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\napcrypt\d95f343677c556b67e99818cc02f4214\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_kscaptur.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_66fa7e9a3c1c1331\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_355dd017d9254149\weather.html	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..-inputdll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7e203435674d1d04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\86550fdda6994a9c192d7a0b9b59ee5b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\Media\Raga\Windows Information Bar.wav	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..ragelayer.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8ae0c4a3630e5839\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..dlinetool.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ee9d0e0c5a29e375\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-x..nrollment.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a946f0dddb83d182\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.1.7600.16385_none_81d82fe9c216eb89\pcaui.exe	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..epc-sensors-service_31bf3856ad364e35_6.1.7600.16385_none_6e18bc60a12bbb18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.iTV\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-medctr.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_190582b010f65de7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_Special_Characters.help.txt	vmpsoft.vmp.exe
File created	C:\Windows\inf\ASP.NET_4.0.30319\000A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..xtensions.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ed98cf9800857636\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..nesweeper.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_19e9541fa2e24dc5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_prnkm005.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f58109fce4573c6c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_Windows_PowerShell_2.0.help.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-tvencdec.resources_31bf3856ad364e35_6.1.7600.16385_it-it_33d1f3108d482e7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_sr-..-cs_def48d6b183741e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_server-help-chm.inetsrvmmc.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_2e251a6ea6dc747d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mail-core.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6f57779365e0afe4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-shdocvw.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5443e0d485ba2199\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Data.Services.Design.resources\3.5.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\PolicyDefinitions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-packager.resources_31bf3856ad364e35_6.1.7600.16385_de-de_985e7717c199b9df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..umservice.resources_31bf3856ad364e35_6.1.7600.16385_it-it_54caca9fc5890277\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..onal-codepage-54936_31bf3856ad364e35_6.1.7600.16385_none_dad19c79a102ff10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..tiator_ui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_08f51f26d5ff2adf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_mdmbr004.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_efc890ea4d2ceaad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..eoptionalcomponents_31bf3856ad364e35_8.0.7601.17514_none_7a9a2f07e4e23a48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7601.17514_it-it_27607ce0d66d59f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..centercpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8cf25d420a51f0e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..g-utility.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_261fc93fdd5e6808\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-rssfeedsgadget_31bf3856ad364e35_6.1.7600.16385_none_07861dacd36a18f4\rssBackBlue_docked.png	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ntrol-rll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5b87d0094ca228b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-themecpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_41c9e9dd7888b22d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1543c3c503d80bbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..grams-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_88b54f09fd7b2c57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..-ehchsime.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d7be85f6ac532d69\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-iis-metabase_31bf3856ad364e35_6.1.7601.17514_none_9757fd443892abe7\inetinfo.exe	vmpsoft.vmp.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_objects.help.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..p-service.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05908723d0604edd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sechost_31bf3856ad364e35_6.1.7600.16385_none_e3b7ce84e6a73d66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_7.1.7601.16492_none_86b1478ba210d24e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\x86_microsoft.windows.i..utomation.proxystub_6595b64144ccf1df_1.0.7600.16385_none_9d148a8db8d32238\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-legapp2.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0426023d2cca87ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..etip6-pro.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_62edf30675ee242a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.1.7600.16385_none_61b8cce839a2db10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_Signing.help.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49\Windows Hardware Fail.wav	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..onal-codepage-20936_31bf3856ad364e35_6.1.7600.16385_none_528d1c754736f8c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_mdmbr005.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_90fceb5183a87a8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7871ea5b49da50fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_da-dk_58a1f0f7e0539925\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..ylistener.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c43672a6feead7ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sqlliteqp_31bf3856ad364e35_6.1.7600.16385_none_150ca4ff7cfab552\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-whea-troubleshooter_31bf3856ad364e35_6.1.7600.16385_none_124dff546524b2a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VFONQNYIIRSNELN\shell\open	vmpsoft.vmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.vmpsoft\ = "VFONQNYIIRSNELN"	vmpsoft.vmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VFONQNYIIRSNELN	vmpsoft.vmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VFONQNYIIRSNELN\shell\open\command	vmpsoft.vmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VFONQNYIIRSNELN\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\HspK19bVp7X4fjN.exe,0"	vmpsoft.vmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VFONQNYIIRSNELN\shell	vmpsoft.vmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VFONQNYIIRSNELN\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\HspK19bVp7X4fjN.exe"	vmpsoft.vmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.vmpsoft	vmpsoft.vmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VFONQNYIIRSNELN\ = "CRYPTED!"	vmpsoft.vmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VFONQNYIIRSNELN\DefaultIcon	vmpsoft.vmp.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2084	vmpsoft.vmp.exe

C:\Users\Admin\AppData\Local\Temp\vmpsoft.vmp.exe
"C:\Users\Admin\AppData\Local\Temp\vmpsoft.vmp.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
173B

MD5
89dfd51a88ee2ae5a5d5129b69d8ce06

SHA1
6f51d0a614f55c9f6c30469f90fe50c32a0ce00a

SHA256
9d89ef9068f0aad029eee71e5a3524b10fe5e438e5b654fb6977ae5a267717b2

SHA512
58a93c49bcb7eeeaa6b19eca58242a98a86a7681cbf309bf489af415b121da6e8d8d8ae0fd44a4c95fad40548d3b14b7185630c80749cc95466ea7442ebb3cbf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
02ba83927139d79f855be6e94f37db3c

SHA1
a1df323d2a1339f721bb24fde01f25d03726acc8

SHA256
fc3c8b47defc23df8eb44d047770c428d46f1b8901085051a833076b221341f1

SHA512
9b4b54a5030c4a797aca321d6f62ca55c812c57ef81d98e804d42a829755bad54a47aab52bd68591b33f3bf9fc9c00470251f34f67beae59c5268fd9fbce5883

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
8465ea757a92ed41ffb970b22df82587

SHA1
59067652becc75f8c369422ad61d59f42b68a093

SHA256
327b7d60013c791a0641ac1bc4c74cdf1372efb27bff0588634574d9d11cd6f1

SHA512
6c95e74093acc26c4fa844610d4ad1d9b1002bed7f2ba6832776038e6a3d4b9499a511929c88014933875d58679b969e34f9ceca2da02638344880bd6a1ffda7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
c8b032a17b04a63343971839478cec1a

SHA1
f6bf1589a0e314f61c6ba64447b11e5728689731

SHA256
d2b07fe43d7cf4fa6a812c28e27fac2d983c9ab1025e4662ad8e4eb2db9066fa

SHA512
8e73dbf640e9cdb694c3934fe1f751ad4a0925d4d6e293d9504c063ad9e809ba453265c152d9e96296d0ef4c00c82e627b9cb0b37dac395213d0b1dc5d806753

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
73450c84a8dca89c0d95b34095d47982

SHA1
5c4b1bbb7754aa43a0eaf1ae5e950a122b5e8acf

SHA256
a8c7981d505a2e4a754edb7f7f8d392b528a84d25f3fb87732550d448944155f

SHA512
d1b1ddd687c2e596e89f3544ec79e38de7d671502f29c93b4af878f728e37b2aadb6e5db479a95cd9890948fafba0efe495bcaa47522c9544f35804abb7d0113

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
968b85a5cb097475aab50160df7f1404

SHA1
e599025cf06d7c6aa52bf5077b983f18759aacb9

SHA256
6e1a47c53714245c657caed6152434e6ae381c2cb1416ec9eb94f88ab585217d

SHA512
9f29b547f6baf29d252ecb6c09d8628c060163f12a533f7f5c86b875d0dacf01cf563aaad43198e4ab108517bcc34aadab88e21cec6a51e68eeffc129cba679c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
86879dce68808ac1a858dc79cbb8c871

SHA1
3df2e2f3fa4b3219fac5f23ecc5e51a606cc92a5

SHA256
3ceab748420343a196003c437f33d4f5c1d3743001103bb86914997a09dac0af

SHA512
5510dba1103423c9b5ca821c96626ebd1f01a91cc1272a22e57a9d593afda3c3f6a03e52732a227be750de525b0cac7375e384a4784f906f5a5f15101a1293c9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
ed45f4dfb0fda1fd66ce153d117563dc

SHA1
9ace4975245043889df5dc496541d331cf2fd553

SHA256
2c7cd24d2b2dd8da786fc70a2417f6e6221428b9d902e9dc497d95e255930aae

SHA512
457e960f3840656d3fcaeb803b855d1589c8e79aa9e703600c44cef52e2a0a7ba7a8e5ba854b2aff17b8ab14802dceaa2ae48e1a69b4c67d494060b46c120f1f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
693b989449981615d0dc4ce6ac180c51

SHA1
3a2814ce780c8807f1bc91b9022ee5dd05b13f39

SHA256
65414c171bb6352432a6b823d3e769d0788f6f1e26d127c1e7e9d7fbc1c0953d

SHA512
c11dab99c5e2f2b9abfe7deec2c4ae6e280ef729a190e1e13241d9057c31d0341f155f05f5e4290655508bb8f1c27cbe7508514392aae14825036827c7a352f7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
a85cd52d5a67a89de09121217d70e48d

SHA1
02c5b3a70b51009698155a207c8ed2c399a572e3

SHA256
f9a7ba23ef55dad39f8e98dac89053482091bb8483f087b2fbe4a4b235ef72e4

SHA512
b28b19e69c7ec90d69c2b37a652264ce261f39334ae8da3b578d9b66e684b2ec8c76d3114e24d3d764d80dd92dbc260c6ff1e7b0edd8ddbd50b1f97966b2b2f0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
fdef7e86b48e11d842e73a29f5466607

SHA1
2ff61a59bc986b0045e45e9b8d30334994ac1725

SHA256
cb73965fd06fcff1aded52d007af9c041746be5bae972123f0fb2e3cd83b32f9

SHA512
a07d4935c2773df3162e6a50e8d2785e16ce0ae0fb659bd208f30e3cb05a2243e1d1f032c28da5c8723bbf05f9fed58f896fa3fd8d20801bf569febd2e2f1685

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
9291dde9f828754f33ee9fdcd336ea18

SHA1
27123e832fd300e737f0c32f070f9efe3923fca5

SHA256
1521be96a6a7aa6b96c3e9e14a184a51212122ad1d43ea2f3e070e1274251f16

SHA512
975f663cecdb73d56f64db621ba3ae661283f759f31431a85e26002585c5262877f0fa535b30766f02e5fd4ce2746bcb615a299efeeb4bd352e20ea00337caea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
3a78cc2998a456bb70365db6990b0368

SHA1
126416ae90e745e5f11ef18aa9dd426976980a46

SHA256
190d276175d33888a2d3f8299a0003af27826445452910828451370739d81420

SHA512
418ce479a5c633846cc485a150164d0fcff93904b54eb00959d9f51bd115208869ac23fc4e5b362dcb9acf5d4d70e291fd40528f8a8876b916a56f7709a9242b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
dbd0865b3892191cc54116b20bb76868

SHA1
522b08b9b251a986084e4c38063ab3404ed97ac0

SHA256
e37b5df0f1f92966783574ce790f5979c854fceacac74b8d3e92d93a07e8d3ea

SHA512
30da91e8493a9062920d228d9e7a19df13f6c369711e4eb8ad864d8f49250294dda34a1f07917ee3dfd677162be72091fdab2b7f1710543b2b1786c28dd1c238

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
d137f4e4c2ce597baa31c975944c3c76

SHA1
a499346f1a56a6b8e434e796f0f9a7cadaf28d66

SHA256
71d0a6c4b2e58f10241b5c12f7021aeacec8261fe53302bd79942c492ee38f0d

SHA512
8572d4e385689409cdb9231fda1254cf1b99e70969ba05567896de58eb4eea3e6e3f157d5145747decd56cba1c0aefe05572737c7a16440ab9d8e2fbd93fada4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
7010ddc4a4940b24d5c07aab8a0dadbe

SHA1
822797bae11febf87d6ca6851a07f25be393515b

SHA256
74e581a0ea67eb0b8770e404ad55f7310cf08f12e075e247ea7cdf4ecf9bd433

SHA512
b999cc7488b81dc98fdab841b95ba3cb879382b94d235f7f5acad3b5738ec90facc68503c9b9cbf4f95a0585bf60c8a5ace3b16c0df550c072da3c7aef33e31d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
f4042f4e5ce589a37382cd1cd387b59f

SHA1
9955f8c6d6ff313e67b1adae3d4dd809d6fe8fbe

SHA256
33790af5f500dab24d88107d7f3886b647a5b4d790f9403fb233e34bde00a7e6

SHA512
e351fe2c53197b712040d71b39ee163d291f3d5c1572d3352b6dd2a3f04fe341dd3b1a7cea38a231d5c14621ff68c6a370b4d6711a427a98f77e6ac13fa40ee2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
7eaefe12736c7c7d2b77f818e1d18a01

SHA1
ebb3d3e150aa746e3fd12c90b25f1d842cf22d56

SHA256
cd610f1f14cdc573a9b263bf4b00bc861d587bb2ea1c35f4493b89c40b027c4e

SHA512
30e23dc67f13d6c877842a8e85abbe54e7e41797060db675d3a782e2db0390ef4e72d5ac0889493128703406d8f58c3ac804cc5969f8618b1b573d67151aa99e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
99303ed089d90f22f3dd4d9a0fd23a09

SHA1
65e43d01ffcffed2e265a52172cb9b53d7c12c0b

SHA256
18d6147d37b513f3852975c49b2307d6be34445f4be18c00ba1bcc546df3c69f

SHA512
17bb49a49029503b0920323ed91623991c5ae45b0421b220646d1efe01da94485f3fe33ac0676770aa6c92a5be27a2b197abed502567384f568597d6fa903c38

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
3fe99df004a77b3550f72193ec6449a1

SHA1
ca8475ac626704a1d4aacd248b91f29d20a034ff

SHA256
0f92536bcc13979b01a5d87c5952c456f5012e35d88db2da62b73a7ed101668f

SHA512
f4cc3238c265a2df43bd21d792eb60c175e36d347247927400c4a697ff40e388891157cc3b2a3b28f15f9e4650396ffb3037e8339aa38e21c993045cbb772c56

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
f2daf3118a83be6466312dfca57a3af1

SHA1
56e1420d054c9bbb6aa784f3a77e9d99bc7853c6

SHA256
a834c286fb9e8740c2c507c123fff1ace02fec76ed7649039bdcdbd877f484f3

SHA512
bd4c9a37a20de2051689055eba0e3941d90456e2d07a86d85c8ebd6639b624bf0c7d91c1db3dc3906dfb8f1298acc2dc22a84788ce3f66eee320c569cfd95c91

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
5fd71911be757906aa1eb151542f3635

SHA1
139eed0ff229cc3d407be54974c174d282fc1a38

SHA256
3c7f82db65c44fa2c84f3777ecf74a19ecf2a01bcb588d301a82fa52cac32ea0

SHA512
9ef74eb4330bef82af0f5eec96119103fdb153d5866d221f9c90b7025b0095c070aefa8126f4701c10f7071c1b4fcd9d6ad08aaf466d6926c74e07f8e26fc966

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
f5b301bf01aa3c4a7943b126e9450f20

SHA1
ff6252118dd2dd9cb7ef26b96afb7857d3369ebc

SHA256
6dac0f72a6335b1c75a239bac6481ceebc0c25922ab30ee80ba62f5c520a92f9

SHA512
e6f7487728ac07e56ae3d63ce90dbd6fd00959516b20f40a8bdd8b3b5400be575713b94d9db00d4b908664ab43fc985f170e5d69e7010c8480728ab6c75651bd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
cb148b9e71afd170fce21563d4544e85

SHA1
75cb073573cb40405f7645e974678d8dbe9365e9

SHA256
6906a07f0a713502f5d8c6b0e8bcadf07f1781763c74bfb4d1ebe164debfc6f2

SHA512
46db09dfbf67407fe9415a41563fe00f3df0d13404256e7c39024a3db66b241e9e7d6b6ea9d010f066460fb5f71157c2890adfd67b24ff00906eb538f81dfed5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
e198d7b2d14ea7e6f34fbcaceb010f1d

SHA1
1faf1998235b4cd6493ac65e94cc1c2b17399e1f

SHA256
7e25fb47e540543ef32840e5287fd89d4aef45b9e72833c36f8e8daba7e6adb3

SHA512
f11156fde1643f5f9bedaf8fe9c046c39c684b2143fa01428d23d851a6cf64e1f7e3077e7d2e5b5a583d6074a72ab76fd55afd8bbef9ea6ceea7abe48c0f41bf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
3609d4a38c2aaf81aed038c7248f29c5

SHA1
ba81a2f5143464d23a569def6bb2028659af6f71

SHA256
a1bafd37109e3e11acccbe0a9ee7c6e7fb3a1370ac2506aa87a3e96bfab376c7

SHA512
912c54216fc8101164c7aa2f65e62a9907ab94bdc686eae109df45b99acd0e7af88c2c9d49261a35e56b214056ed0b1cda53287f642bc287c1c6d2f2d86a1224

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
fdc3ebef7128a14b4a2a3716a68dc127

SHA1
60b1eb8407504927cf6427021a245193d130ceb0

SHA256
20b1e17b4819ab5f8db97baa1441e9ede4bf06668534bad7f2b39cc7457a02f7

SHA512
9409d80be62d937479a92054200d76efa0ce4ae63ced23640d0a4802534b26dbfaf0788f6f29a31a0d7a9b306a0547ebe177d24ca811e956a8cab5fb50aecb82

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
ab9bca2394fde9d520d10a8dd86346a7

SHA1
d0c5b10a76477bbbf839b127c042fe9372212d31

SHA256
a35b7b0b64719d0c811df99e6bb2730447d875b122bbd3289fbd29d36e44f83a

SHA512
962d95e1f7cd2283b137cf487a80e579fa75e401928814553e82b4313a1503f1eedb8368c36526c1cbab8170a51330c4fe32ff0c3762e369ddd4a419576f2650

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
d28d1b2d23252ad16bfe3cf9acb64734

SHA1
a1500c88897cd17ada2a078ac6c188319aaee7d4

SHA256
34435194117979d22b39bb2db4ed45856846ecce7f94e43363b00e115e1b964d

SHA512
7064d8d4453686cb1bb5c2c5b6b4ad06e517e217cf6ef96e5931de443d88cb473b246bed87e58d1c923e3797495a3980b4a4fea7b6ca39fd488e41d7be3fd80a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
9326379a46d32f814fc125c475db31a8

SHA1
6552004c15c267d4d7ace7f176d4290906ddb910

SHA256
40eab22c814f8313c995bfbfb85d19e47995770583d9102e44e555d2ea5fcf43

SHA512
8a7b480a354a32b29c83794929b0f90c9cf7bbcd2664cfbc7d8496bfc07910c84c2b83b37eef0bbd098ab00c43a7228156cc04d2027f0347fe3ce48024dc1996

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
61dc894755404f8a4a740d8cf192a0a7

SHA1
fe1ec97c05e37790ea7e5971240b76b954ddcd53

SHA256
06c8074befd8ba612a03acfb12ee2b1b152512ee284032af33340fb1a4b5a9a1

SHA512
b14baa7cd4b2e2c5bb8b5139a62fc19099a6b07311a5024da5dc48fcabe37e3a930c3bda5051109c023f3b6ccb0153af14091c1997a7c00da23c4467be977674

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
e507e0abd72751c51957d71bd20821f2

SHA1
250b2d61ca98f4c68bded4e696a444ffcaf228b9

SHA256
a22269bdeba03d0810a6c2e0f9695cb1a9a2856876b40de7e2078c90dec42bfd

SHA512
3b3cb39f1a458ab706e77fea55989fc294b09a520f10868e3ad346c859bd7fb21105c9ce34139a2f75b172eb35ec814e5348f5e6afbc6338275caa28700f1f49

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
316a41e2520fbca1ee686c67e2601c9c

SHA1
9e14f42d75a6e8486b2317d1ee216808eb73c176

SHA256
6111b5118fd10762917b23bc3897c9e5dd8fdae748baf2bdbec890d5b3c222a7

SHA512
77b2bc2741b23014c83ce300acacfad74fc6dcf0920f79505be7417652b44368ce051212bf62a872bd795af60ad1bc08e1d60944dc40672c54a507edfac3813e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
5da7bd9c0408c9273f4aa9b4e52277f9

SHA1
58bac4553800c02ec1171592b9f4cc9a226c3de6

SHA256
bb1941c9c15efc9210735bf6212fb0758d7f814703c3036c3b4899f61ae74ce8

SHA512
981af3ea5b8f0eb0fdc98bf25291b37c8eae8da8efc0d67db8f42e393a54e8957a6f5716dbc9a28eadafe0ef40236b81769ff526debc2fd37ef4f23deaef6f99

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
180af00e80531c144844d073da787da7

SHA1
969c8b968c2226019a47b3cfcdc0024102dd31ac

SHA256
11a911e3449521205618c2603d81952ee4a94a16df83b8e7360b26e49fdaab70

SHA512
17b9bc40fc60017102afee9920e89b592c726c52cae929d35dee7882cfe0281dd7ad8072bd0a3a51f02373a4dafa1e03358d63e268af5aabdc8c988c55b96078

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
a40f166f2d8541db43feaf60637c4308

SHA1
a84332963369fa56678fbc74879be1327b40224d

SHA256
6ec0be99040e64cd89b9e139fd5726677e2fd412f3fc3a7be470a3c41cec7daa

SHA512
e82b56ebd9cd3715cac7c7ca4cfa23ab70fdc6f377dcc5bedc35741c1c393c1c0311555ee2fe08a47903e667fcbd0d9ae9be2b9ae9463fcda74d79978dabe8d8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
76dce07831d4143582a047518e791427

SHA1
cc5de6eaa946ac658d6cf9744f9ab0205a6e2125

SHA256
3b120b17ae832e1d69f3b551c1e299e2ffef0531f1120d748a504ebb6c2d79ec

SHA512
042733827b13a212e93a0e91586ef1a656b3934a268df3538dd87e970fdd68275ee9e3674891876947a48a733310e597813b05c90bba9bbc7271863db4775fd7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
76795f62baff0be097d1ec9231351366

SHA1
a027c6477256e6a290b59ff7562abd14b31891e4

SHA256
e3e07fc25b284ee1beb76a58712c2d8a40fc2de2efddd89b87e83426ba5016f7

SHA512
9f32f047a4dd831c08b617b12601af68fd054832c8d996095e8db9411b969c9212dbff536bf66a474467a5084566c6cdd25860ae7bbc7d1d18c8b682fd8d9357

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
ae339931fd0344b0cf210d6c51e19606

SHA1
1720c8bf8cbc418cf0f3906037e8114879812aca

SHA256
63e93f064f0a323f029462f13502bb2c494cd40b5416b3ae08e84b49504e9f7d

SHA512
4d932f198639208cd1ad291bc2a6408313267faf7ccfd954fe8429c62a38495cd7ff191327f970b03f4357bc0c71ce66042af261c3bfdefcb365e85fdfec6e5d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
85e6170e9d09f726279ded43cecc503a

SHA1
7c00a997f793a7e48d68f48476da1899f5e52d21

SHA256
5d37f1d76c1ebcdfdcb6c682716b2d4d6ac010b891dc48555a77f2b11ae3dff9

SHA512
9c38002e99b5be9cccebb2cb281072a6705ccf47bfe46426e4f62f6d8aed6e3af8975c7850689c78cd079670f24f9a53892537d0d5a31fd55185a59a1659f6a2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
c21b15c9fc6c0a0e398022c71accba8c

SHA1
aa0077f0b0e800a1bc3e3f30ffd69ddd1e1f85b7

SHA256
b7ee9e64c21091e9c89d323d22a6d43d89b765304b4b96061443dcd69f944328

SHA512
5f2e1cab5d1bc13254b81ff9e1829067857be0f17992cf4bbe77419d5845249f4ec469c291656b8fb3c16e868b72d783c854eda43ab0f39f5ab2b3f036d85215

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
9ea0b8f7212c8dc318fae4c087710f49

SHA1
10bf05be9d34d94d12fdfac939f1f59145c8cae2

SHA256
1a2be39c21304cc853f12b07ca68813dd7710fb54820268f940dc58e8e34bc1d

SHA512
3e830f6ad2fc922efacc824323d38e3a0dcbcb4dee565e5d23ef915e9048bf374a086a383be2e1377ea2cd3d34db52b47f3336a19fc07017e89a42f8d87f6bea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
5e8d861c2be993222fc1b625e79ee4ab

SHA1
3945e31496852cadf27a08fad8ab87090edb80d2

SHA256
865548b8b67c3d9d4ebb75d6fe3739a257ee97c8237d284d7becf3d6bbab3de6

SHA512
f0b0a78507e44d485e471fd34f3293ed5a33a4c0fd1f4b6555b16f8124c35eaa01d5c550622fe436c2204edbc8e27b18eed3b335b8bae9e69c61c5c82b0da0ef

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
0bb3639b4ee84dce798598a89ce192b0

SHA1
3889fc60b9a411ec99017ad9942fbd098f40bb4f

SHA256
b36bdc7a3faf91f3e381ade7abf202273971daf3904e6b9a5b727b296cbc4339

SHA512
0bc8fe395b7f2f60510d98edb7a9cfc1649381a6ce87dbc30df98e87a28db6a3015eb07260644bf35d9ad5f9acc5fb72d324b1bbf6a20d6b535192ad18dbadd0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
5eb481669a6e4b3b8a0b4c95335b7431

SHA1
a27222875fbf9941839063150588040b1d38dac5

SHA256
d61e92a7e2f3ab9552e952d290285e06a504842229ec711acb4bdc8a49f73d8d

SHA512
d62e28673848b3235474404bf1017ac18dc019a21989335b331285dbaa7d1beafc6e499e031c2bbe2fe90d611bb6737742d5afda04fc535960236f7591b01c18

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
897cd7e9b560f279665ce4518e763c0b

SHA1
3d6a5acfec7227c4566b2e7911932f66d6dd91f8

SHA256
7d4eb4e55ef10ede82cdf796e9820f44f987832eadc1763d66d6fc61e22b7f23

SHA512
c5ff873e07030a2820883c7c262f262ff04dd8f2cb561f71c61e0c4362c1d35bc130e1c1f5d3019a1535ed31391f10dead85b768b8ea5146b4bed2f85f5e36b8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
356b9cf3c159fef0735cbf9de74fa9b7

SHA1
05c663fdde4db3795b58baf70e826f15928cb46f

SHA256
ad1af60197a5a85607937de47a3dfa08975c6e6005caac13eeec38c11f960057

SHA512
4274a9e383b534faf4c24ae5d03d4852fc53fa020b9c1ffe2affa42ad4102343ad414a9b65b973b02b009a7e069f45b2ab8c7b5df9ef354c3c9460460fabad64

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
721b7411fe4cea7f54d081c802b4a029

SHA1
17b4c5a8efeb00722d0c46fc41fa77d98547a594

SHA256
3e57f90636b705193c66b7c8cdb3a57ceceafb29139f32fee08a5abacca5a469

SHA512
47ecca53b8c104afc9a45e6b66d3a9b2c23cf6338e8f43f4eba36e2513f3e6c43d9b6a45f087d450724ee7db3a49e4e5a52e96493292fab80207cdb0b41f40ed

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
3e1b273922afcb5c650a2376f64ac9d8

SHA1
e1cfda827fe5f93b900d389465a529f92792b843

SHA256
f0421fbf07439245c1f6ab11a8b6c4a0bf5b3f1911d67b0511c67f038a29c437

SHA512
d9e25b775fc443371c6ffad5d4e5a13b364fb32f7c84bdee0876898c8ff1cd1ec06664bb7d3c94a4dbbc888490424ed23abc77a6979213d7c7f25ccae11a2c2d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
0ae338979fe20c8d97d907ad4aab59c7

SHA1
fedf811f1fc5a955b9dfa92565125ba7b9a8bc17

SHA256
a53e7e05e2a5340153b0073e2312ce57c2901fc8b05a2ca5e5d614008288fae1

SHA512
7825d1e6b69a8d81d11dcc1f5fad65ec0fc11f58d104b122d6a2a3d25971101cc3746f460f3bb5c0fa1f8f2549ae7345b8f799864151168cd976ebf97b506c05

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
d76a04f5c9e67e1dbeb8fb2adb6413b0

SHA1
99324bdee73abd14c8c25dbfe92a00c3668e861c

SHA256
2540bcbe7f5b803058cd3b056ec1ad8a9cf792435e9f43531536c9381696fa14

SHA512
0b0e06507896dbf47b8f88d32da516fdc43bacd386464cd24520c53043ac9ed540fe87661f3438be75c3d656dcb31fdfed63b7a01eddbba1c808d6b06756d7b9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
b37df336b1a079ddc4b999d173865ddd

SHA1
31ea165a958da68f24002a4a4d01d92df5fa4a2a

SHA256
59143064efc6a15e7629a3e6cab6ba842fb1f0919585fbcc33fd991e656d280e

SHA512
84192032d8f8b57a11bcba91340a1256fd06bab8060b0028563b7c4472d61e549b91acd64347c2cb6d0d2741c82d864e88a2529fafc850b6b4aebaf7255efd7d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
1e414e25f19b115f85a8addb7102f1d5

SHA1
a44e7b7d1ac0e6f0ada13ad6804f46811b6e5cac

SHA256
329dac273d5f688221bbf3c15fa5520912a984fe228b672cacff12291a913a56

SHA512
e170c32c2f8b331a887cc4785fccdb2daac8bfd77c0c0ea967f89b88eef8d17d2233b3d1d0aa38cbaca6538609dcd504ac7f0fb530259ef482450803b00af5c9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
d09b5130bd2af7e4e7389d58e96dfc4e

SHA1
71d00254a1d115bed24f3b7e8f47967ba3def438

SHA256
e3d39ea2ae63e9fa31f0081542249cfabfd319f967489f81c07f9245eb7199a8

SHA512
edf0e34be98ab508c3a55e1611ce717edf529d017fa95df7662254efbbc703160e484bbc1eac7ab8ddd2dbe56a7f933c421cbe407b935b29fbbb55f823e515e2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
7982243bc3cc5bc275f58d6211545690

SHA1
3eb542bda9667be240369674ea22c333321dd0a0

SHA256
243f23c7cf4c6c4efef0ab6fe7959026d10ea71fc75c288f2b126e3033e342f1

SHA512
dc47e07b79e23840cfad537e54de749aac683061b31da84d12bd920253972465dde58da719de917dde6607117236741cb6045b3c03dc7d100f2608b6941e2076

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
b34be7aec507d0275087fa0dac61f8ef

SHA1
facb58de3259c899966fd429d537bbfd1856eb1f

SHA256
1396495e2107072800d31e2bd931aba4c800dcda064e45f9c31656625d70a1d6

SHA512
db1f208e9485691d4dc6bc5010b6982ced62a60f60c5fa0eee4bf4dcb60983d9cd386f79f944400840b852809b7f15191dcd9983ead6f63f302d0f5832b35600

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
378c7565ad53908ed4b3d3a60ed9b86d

SHA1
3791cd9fcb0b0fef1db8fc25b5f4881fc6c39406

SHA256
023e36dde7f83e221b7d218c2aeb549b10f3c96387fe78cb542cec4330330143

SHA512
1ef216e1cd00b595c95a26651446121e4d528bfa690e1f03204eb506fc8710d1c5618142ed9174759f29785eda37c1972dd322f6ebbe3ab9a7f58b7a1f7064d7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
7b2e855bfa04635e2b9668eae54cab82

SHA1
ace6b3da135bdf1ae8108f24a228fa7f1a05941a

SHA256
afa1f13136c1c1e908c4b34ccf1b3c090bc31288a1a06a578fdc2ad301adac39

SHA512
bb9015529d5a9258fd4b8887983963ab77efb776586f5d3dda8b6efad009bf95aa135c60394501cdb108bdfde48f5398c8dc836c98b13ea1c5277aad18e8d26a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
b4cd1ca97776fcc4a29083be804060f4

SHA1
81bd9f863542f6172513b14862ea8876e9711dfc

SHA256
df79663948f38c636f179b7b3c6cec28d486307ed3b2f17b3fd970bca1e20c7a

SHA512
444baa0e841563c026cc8b36c13c7bdb4c10b3528cb481ebd4af172c33def4b578cbf63a4f656d77117a3df912355ac2bcba58784c27d21f35b90d12f50aacd6

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
788b269adcffac2ae64a3feebbe1d4ce

SHA1
bb4eaa41490724e3535d7da09291ddd79af481e3

SHA256
789cdab67230bf34bcbbfc4c4295c623692aae24dc3bf18d7ce7443aa06791c0

SHA512
bd34e55c6d3822c5ebbaa753fd0a849b5a133efd241855cbf65180141c9017409bfe865baa8a3cee9a361481fe3ae6e395c0d518473640bc68d638c15c924fb0

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
234142b861e9cc5fea819232c7df4b5d

SHA1
ed1064819f867f4a8002eaccd35a0ea7bcf5e411

SHA256
1b6738877ff90e9407119ac4e506611b9e0c0c037a9b29e830e4540dea18da50

SHA512
80b6a57ef2cd370e4ea6dbb3e9924c39104492384c275afedcfa1f4466303d4f493529f320b6df88d60f920b1f3bd470e90b689c6665674c151b5ce55b3c4825

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
46e57dcbaeff5e34d3c3ac1012a7bdc2

SHA1
aab1c439a40e9fcc2d02227cf6a4f12617cc1f5f

SHA256
cd28f40cf5fd62c0bf411c0384ef268ce655f77baaa6ffa4ad0b0a3d38611408

SHA512
c106db3a819fdaa1fedee50253d17d53fb8058144f11132cdc66685f3d032a4a732fb7bb881095921ca599544a1f7f8d5710487a37578ea25493fc58f3b9eaa8

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
ca58980f23db61cf45eeb0af9d93de91

SHA1
e5aa18e29ee36dad53ae1f568fda9f350638c78a

SHA256
58f99e2a87dfc5f30f5e7c58a61ec1753e6d902b9c091363597cff3551fe277a

SHA512
94fe0ca578baa49e09e0236d53f2a2db698c727056a9dec5669d2432489e13cb9c9d64372e0c7fc7e5d961715899b91311ce69884af49e096690885a1dd0ded0

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
1fa63706d42563f76d250c8f5a03a57d

SHA1
1b8737aa8bb67aadb1944b88b0badb4b9a2a8333

SHA256
a652e0c1c0d72a7ab9b3c63c2b1f834f955a0bac1fe2c3b76856c545c91d5fd9

SHA512
a5ab002bbdb5d4b733b308b495e71587aeebf61d14c02509ca83ba731edde03ba65dc238c585d95d539be1eca1f1375f63390a1836aa66741ccab40ee776f267

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
a37f360aec5bac720b4c1242e52ccb54

SHA1
4a5ede201b9d06a2ed9a765851266d30dda2500d

SHA256
707d750c74ba15f4d08237b858b2e1b56e8908f6ed9b6fda09b9a2e87ee89b8b

SHA512
847496f5dd37d2055695119899e5e337ab5f6fa60645d1ebf48c12fa11f1729d5660b33a9366708b6f3cba46f3d40d35c51888020e60aae96b5a6853ba0d2e57

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
c2f314c569010ddad4564124af4dfa71

SHA1
b8d8d5f9bada77a6d98ee2a22272933480139604

SHA256
c62e777096b3c50e0b2924be0382d0f8f40c796967f99085fea942855c550cb3

SHA512
beb595ff616cecc46a2992d3a0e3c0922e8b37868c88bbb98c2cd51a15208652da0f81500b0c7332055463bcb088388fbb7c395800410d38737cb58a0650a7c7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
3bc238bd73b44da016b6876eb6b32db9

SHA1
f0274c4627dddda36efa36f374ddabcb3578759d

SHA256
6f65b2e4ecddf8d75fe6f4dcfc6d7aa1fa16039ac80e524829c8a9ea3eaf204d

SHA512
3e263c73a56bc6dfaa919e9019c4d664ddd2815df19008d950fd5af2881533cdc995bcdac11ef5a690043373e6c47e720f56967cb53c14cc80d93ffc482e97ee

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
1f577f9ee1e109dd0aa93d0b298a7bc6

SHA1
0feb7adde90f0749fa36b8ab791b8d9da7644ed5

SHA256
7faaa3cee046b26b6f88ba9b81eed987d162b5332c728a67844a4aea8a0878de

SHA512
d58eb9daf437c024427b0868c40f5ccb2b0d99bee3923c2c69e7d7f05b6eaf4fc7e2835260789d566af626e124c60c5da2cc9e07acf32f3f031c7a3609050dd7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
02cd6c5dad2931d01981175a4d32b3c1

SHA1
ad0bbac40cdcd65944ed2b02db5f7edc1b12992a

SHA256
c9acddb5956dff27e2638177e6af3de9e8facfd78ce8ed6add44f5c75c3fd02e

SHA512
be35700784e83db93a22fda858376873b01524cc3b90de23f39bea355310a285f1bfcdd017c8c774ec566d78b9d1f4ff60b965d0b3f8e66773f58eebf045a91f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
e2fc4666fb782b418096d51939470e65

SHA1
82bcdc2e894c1e71985cea2b87840ae66245fcc8

SHA256
41f13d29a1239e5362b81d8ed2190bd198bf6b930e34133d08927f5910152962

SHA512
8401c2305b93b52476e93c13274d86ec97d0e48df7e67d5918682c3657bcd4ad402ec551440a3cabcd04eac257f44de8234a7693fbc93a838aae1c0ba8651eed

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
d129d930536754210828fbb19cb0e4fb

SHA1
4526df5e219d00c60fc51ea7e710146fe4878541

SHA256
918a4456171a9834b1f27025f9afbe181c59ccd9121df8595f460461b6687866

SHA512
3ffd7aef5d89ed70a2dafd4b2281406dbebc19a048035085a85a39675d6d032ac8024fe30f4d7121e615a630f373c9d38fa5b039a3f61648f0787da0f701a90e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
f989d088751bebab79a81c67639a573e

SHA1
d09d258c719aa2aedd7cdbeb18c90ef9cad2f844

SHA256
76087aac01c3e940b08ca07b17ede61bc26763e8f1ac9f2b9afc4e72472d5573

SHA512
3b83f049a99f2f1c98eee5f330ed67fd3be52d5a29948024a5907ba68d99e63ccdd8d901d05acc1f8928ad61421d88e67d9a0d99239c869a88cb573c4013e9f3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
d265dc1e5a02b15742f8db7a5a102eb3

SHA1
e42b068819fd571e114a5e1e527d6d5c2882f001

SHA256
e7bb069b0d9aafb13a794b33cba807e981c43c901b122c8048d0a1b08c298e54

SHA512
c8ee3fad9d8ff9b2747d87a072bbb459cb4103a0dde315f8de2e75a75d547d43cbc07919d15f78efade3c2e07993ba949dc4cda41bbf90aac4e15a97de300f63

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
2d773f76a958a0ce459cd34826ae00ff

SHA1
f4d5a6fa4e3f4023867e288b174e9b4f0af3ffe5

SHA256
7736fdcbca6d3b30efa84f6610c09115a7bc14fa2f6b2f8087f906245cd5fda3

SHA512
999175211c6b2326b91597769f273cbfacd77cfaaea377be242480f8728fe07bb4a1dceecb264078a979e8a779b46776c25b673942526beaad7d7b53525b15d8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
9d138fcb2ee7732633af25870ef966df

SHA1
2a59f79ce6f20db4194f4e6bf69a5f359fd60b70

SHA256
a5c69d24503eb5f50153d6422604b98b51bfe415db2b412487919205d5672f39

SHA512
ff45ae6119de9d9c5717244ce6bd19763709f9837e185d0a9da201da12a6f2fdae50e16a0b3fbf34a1860b4633ad64f21231d49a2eaa47f9cceae7d12e823c37

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
13dc883e61ca2aa489e7a7b31c598935

SHA1
9c461ffc72d321b8e84ba8f9da6ebae1b287f632

SHA256
ea6c7602b7909cc6d52dfc0e866b81961e964507be54fee808557d219a2757b0

SHA512
31d0d9f1d07f810a9ee2f285768c7fe0e37d1f00284e3ed78f7c7a75fe6d843ce165b1148805e99f151b2a62264538b8807ac2289b4eaf17347f16f500cb6205

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
45b1f3c77837fce6a6147bbd227827ba

SHA1
90d0f587fefd654e35378e610d6cdfed7ec0a590

SHA256
7b99b6095f804917759d860e7763118c26fb474398e4313a1dd45c2ecee7f8fe

SHA512
01dbb9d83b827c7328c6f07da99af63487fefa6ba022d1fb9d6cb6ce2b9752913f767c7e13ce74241d05b42704a2d6c0670db064dc9d17650ec6c7cd509b97ec

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
63e04d8fd50f732ee16091e31b764583

SHA1
6aafc99b09bf55ccf806b91b908008056fef89a6

SHA256
5a58a1e24c58493d595b49b0835564d8bc3a82d79f0f32be28cfa0cb89400622

SHA512
6c380316a1ace94f386184262134f483643705d332a674b672b4f329100d059089d26cd6cee5adb43eb536f9a2ad1856f963e0ed2230b7dc39e772f7571c5864

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
2c9566e8e8ba4da4922f85e318994ece

SHA1
663eb8ba3c21c11236fa03df5cbebcc14e265728

SHA256
18b79f661687003f8ed3c83ebd48b5cb69fdf49886d4d3ede28207a154f38537

SHA512
b173e002b370b20a1b363d7bd90420c1e1e23db47d9c4d4b067e2457aecf908377ea324c8b927149b83bc39d8dc3cdc56dda8e9632c36442efadcd3ced3f99b6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
46dffe4781ac16394e94407fbd439592

SHA1
9f41b125c33274cd444e687b05094dce8bf01370

SHA256
9d48565e016fc5bd97b64cdbde631386bf6bce3a36d3122fee27318a8e20a92a

SHA512
d5173627b3786abcafcf30dcd91d07244159621ce481df47169cc1013343a117c62e6ed38f227ebe0ce342d555a4b1fae7a457ed2947878d3c71e828238937a7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
35e066b518be9ed28ee6254612f9c914

SHA1
c263da0890dcc3a9f3b54cf67de34768520bf4bd

SHA256
74ebb43ab8732b38be1407f5d9aafd1d24b774204773f66986e612d587cd1140

SHA512
b810afcf5f8c4651984f14684f31841b224bcdf23399fb6ff88e7d5d497c2306fd4edfb8183917e9d951075d0044cef61e720ba24b3c8ce5b4147ff14d2c7f09

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
9526b2defede083422edb78de0ac746b

SHA1
c220cac11d39bb48ea4c8d1af687a4ee9a87ab56

SHA256
aa0825c0bd9cc927efc47a3007d31879602050e2673c6a3215946026497c4a13

SHA512
bc44cd5e145bc1d82ec8c0abf40f03faf69b7e37d1cc73e819f7ced139802af41a36c7bad4ef5d43fc4bf0e308456a95e10012fb2e1f4629545e94e976efa5a4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe

Filesize
32KB

MD5
4982936bff89936c0fb37adc8c830f6d

SHA1
89c2853cd6f4afc6ee311c94c1804fc36801dae5

SHA256
29a58c24925a795fd07b5bb516dd2192000b34241fe23fd7785afa62afb728c1

SHA512
216e6d8f34d41cb4421c15d1c88871f9867ad6160d344f4a6bb23c85c643c9476bfe12910b06b96672ea1febf2396938d0ba7bcbc108eebf69c1c6acf908ff28

Download Submit
memory/2084-4-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2084-35-0x0000000000400000-0x000000000125A000-memory.dmp

Filesize
14.4MB

Download
memory/2084-39-0x0000000000400000-0x000000000125A000-memory.dmp

Filesize
14.4MB

Download
memory/2084-5045-0x000000000041D000-0x00000000008FC000-memory.dmp

Filesize
4.9MB

Download
memory/2084-7-0x000000000041D000-0x00000000008FC000-memory.dmp

Filesize
4.9MB

Download
memory/2084-5927-0x0000000000400000-0x000000000125A000-memory.dmp

Filesize
14.4MB

Download
memory/2084-5351-0x0000000000400000-0x000000000125A000-memory.dmp

Filesize
14.4MB

Download
memory/2084-23-0x0000000000400000-0x000000000125A000-memory.dmp

Filesize
14.4MB

Download
memory/2084-2-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2084-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2084-5-0x0000000000400000-0x000000000125A000-memory.dmp

Filesize
14.4MB

Download
memory/2084-9874-0x0000000000400000-0x000000000125A000-memory.dmp

Filesize
14.4MB

Download
memory/2084-9875-0x000000000041D000-0x00000000008FC000-memory.dmp

Filesize
4.9MB

Download