xorist | d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2f

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-10-2024 03:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
Size

366KB
MD5

38d9aeda5745ab2d524d8f29628790f0
SHA1

3d971bbc61c99f5cb5a1c8506be5dfba7fa813e7
SHA256

d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2f
SHA512

7a11d80b36f5213ac7a9ee7ccf50bcc652750e8a3521382ce40304ed2e4cd1cb20b1932070bd9d176b3d6def43ed109ef6af87b28cea33d26f7e463ee1ddf56b
SSDEEP

6144:3/sNJUbPaYnJ3deKx5kkdsg8jJa/R9QwA0rM7WqMkCGbRQ:3oJU2YJAKxznQl4MpbG

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2692-8925-0x0000000000400000-0x00000000004BE000-memory.dmp	family_xorist
behavioral1/memory/2692-8924-0x0000000000400000-0x00000000004BE000-memory.dmp	family_xorist
behavioral1/memory/2692-9152-0x0000000000400000-0x00000000004BE000-memory.dmp	family_xorist
behavioral1/memory/2692-9153-0x0000000000400000-0x00000000004BE000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2209) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

Processes:

d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

Drops startup file 1 IoCs

Processes:

d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b7q7TsuBvQ3W12G.exe"	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

Drops file in System32 directory 64 IoCs

Processes:

d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

description	ioc	process
File created	C:\Windows\SysWOW64\MUI\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_environment_variables.help.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcxpv6.inf_amd64_neutral_f62ac4bd04e653d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep00a.inf_amd64_neutral_92a4c727cdf4c2f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky302.inf_amd64_ja-jp_dd74fe49601b74f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0007\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-shmig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnnr002.inf_amd64_neutral_37896c5e81c8d488\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\System.gif	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Signing.help.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_properties.help.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_operators.help.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_trap.help.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmwhql0.inf_amd64_neutral_23613e3dd9401f10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\migwiz\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-LicenseServer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\xnacc.inf_amd64_neutral_13c4e272a96185a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0008\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_For.help.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsupra.inf_amd64_neutral_c4fe81ea47c6df87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzyp.inf_amd64_neutral_b64bd08009e7444f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\migwiz\replacementmanifests\Usb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky004.inf_amd64_neutral_5db759db19acd3ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_CommonParameters.help.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_aliases.help.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_transactions.help.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmirmdm.inf_amd64_neutral_fadec14b0a37b637\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnle002.inf_amd64_neutral_c7564163ba063094\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc007.inf_amd64_neutral_2df575afa0f7d35f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rdlsbuscbs.inf_amd64_neutral_351e56205fd4c200\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_requires.help.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wiaca00d.inf_amd64_neutral_2c3623fa97b0c28e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_PSSnapins.help.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdcm6.inf_amd64_neutral_b1db427ce3d2a1b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsun2.inf_amd64_neutral_242c76ad2e288fb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_neutral_9b64397618841a19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nv_lh.inf_amd64_neutral_bc69f20e3115af59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\XPSViewer\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\brmfcmdm.inf_amd64_neutral_af49d2f3ffa12116\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc303.inf_amd64_ja-jp_b0dcc6693f67451a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_neutral_3500779911f7f3ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_preference_variables.help.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky009.inf_amd64_neutral_8e54c9ff272b72f1\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx003.inf_amd64_neutral_d1510a8315a2ea0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\migwiz\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ClickDownNormal.gif	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_operators.help.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_split.help.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2692-5-0x0000000000400000-0x00000000004BE000-memory.dmp	upx
behavioral1/memory/2692-8925-0x0000000000400000-0x00000000004BE000-memory.dmp	upx
behavioral1/memory/2692-8924-0x0000000000400000-0x00000000004BE000-memory.dmp	upx
behavioral1/memory/2692-9152-0x0000000000400000-0x00000000004BE000-memory.dmp	upx
behavioral1/memory/2692-9153-0x0000000000400000-0x00000000004BE000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

description	ioc	process
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15135_.GIF	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\TAB_ON.GIF	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\BriefcaseIconMask.bmp	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\THMBNAIL.PNG	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PROFILE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_pressed.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\DataListIconImagesMask.bmp	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactHigh.jpg	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AppConfigurationInternal.zip	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\flyout.html	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0144773.JPG	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14866_.GIF	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\TextFile.zip	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\46.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099162.JPG	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14691_.GIF	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21332_.GIF	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\3082\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_up.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\clock.html	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR42F.GIF	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\InactiveTabImage.jpg	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\TAB_ON.GIF	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Stationery\1033\PAWPRINT.GIF	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\33.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_WMC_LogoText.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\9.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_left.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\34.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent_partly-cloudy.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

Drops file in Windows directory 64 IoCs

Processes:

d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

description	ioc	process
File created	C:\Windows\winsxs\amd64_microsoft-windows-aero_ss.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f0d463d4d79d7a05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-fdeploy-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_303d2bc461b95c4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wlan-dialog.resources_31bf3856ad364e35_6.1.7600.16385_de-de_35fc7b588ae3c354\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..-nlsbuild.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7630bdc4ef751623\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..entclient.resources_31bf3856ad364e35_6.1.7600.16385_de-de_505bd2cc2e0db258\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\inf\ESENT\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..icysnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9781b899aa9124ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_44140bfbc11e0b1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\x86_netfx-dw_b03f5f7f11d50a3a_6.1.7600.16385_none_a223bd3dd785391a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-profsvc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f1814dbfdb6aeac1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_pnpxassocprx.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a0f635f16bd7a4ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-00020418_31bf3856ad364e35_6.1.7600.16385_none_96e2e3d0956cf5f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-cpfilters.resources_31bf3856ad364e35_6.1.7600.16385_it-it_11521d321083d211\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..anagement.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_087d3c4a07336bb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7600.16385_none_41e26933a436d37d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mspaint.resources_31bf3856ad364e35_6.1.7600.16385_en-us_185ba149ada3245c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ndishelperclass_31bf3856ad364e35_6.1.7600.16385_none_c6f86bb79ad6ad75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..terprisen.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ee45d5239172d495\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..pp-client.resources_31bf3856ad364e35_6.1.7600.16385_es-es_950a665bfbe586d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b6e52d4a605b78ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_adpahci.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_155a3270ff8e0e27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-ultimate.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8ee5e5c4ebc12467\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..-usermode.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b4cd5acb2c49b651\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_nb-no_3f6e68e43f840f25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-absthr_2_31bf3856ad364e35_6.1.7600.16385_none_ebc58bd310d87143\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_73e472e09a1a05d1\DMR_48.jpg	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_ds-ui-ext_31bf3856ad364e35_6.1.7601.17514_none_ce73310d1634318a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-dpapi-keys.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e88e719a875d9336\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..figurator.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1cc2fe3a7edb26e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..ents-main.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_405d09a695c177d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61644a76f0c0ce28\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..converter.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_946f709feeaef639\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..components-jetexcel_31bf3856ad364e35_6.1.7600.16385_none_1de500b1a390aab9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-devicemetadataparsers_31bf3856ad364e35_6.1.7600.16385_none_c6c96b821da83d30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-netplwiz.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2f34fe131c8e7fa5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d85986ba7e56fda6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-huecycle_31bf3856ad364e35_6.1.7600.16385_none_810df6f57d9f2a73\NavigationUp_SelectionSubpicture.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..centercpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_193fd295d49ee841\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..oledb-rll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_19d1f5ff4e03eb4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_cf55796d9de5582d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..terprisen.resources_31bf3856ad364e35_6.1.7601.17514_es-es_76b445ae591253e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-snmp-adm_31bf3856ad364e35_6.1.7600.16385_none_6505282792f20e24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-spp-main.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1caa2c287378295b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_server-help-chm.regedit32.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_dc469ba2affc26b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-c..c-runtime.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_287b0a356c80901c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..tptracing.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ae462e4c869b4567\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ooler-ppc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_adce0399fac645f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..ar-wizard.resources_31bf3856ad364e35_6.1.7600.16385_de-de_970a7644dc297d48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_security-malware-wi..er-events.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dab3100a21f7543b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..plication.resources_31bf3856ad364e35_8.0.7600.16385_en-us_6fee0a14e7e25ecb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..atibility.resources_31bf3856ad364e35_6.1.7600.16385_en-us_44380a3e6aa83bce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\diagnostics\system\Networking\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\Panther\actionqueue\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-migration_31bf3856ad364e35_6.1.7601.17514_none_e02729035a3379c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_it-it_8b8c9fa299ec3580\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\inf\MSDTC Bridge 3.0.0.0\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-diskcopy.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_fa4335b7e2e55ec2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000405_31bf3856ad364e35_6.1.7600.16385_none_44fd32aa7cc4d24d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_properties.help.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..atibility.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_28aff8f66aa65f67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8ef1bf7026e3473f\settings.html	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7601.17514_en-us_d5fe5d00fb97ccd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

Modifies registry class 10 IoCs

Processes:

d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.leycoz	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.leycoz\ = "GJXEVPQMPNXFJOW"	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\DefaultIcon	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\shell	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\shell\open	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b7q7TsuBvQ3W12G.exe"	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\ = "CRYPTED!"	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b7q7TsuBvQ3W12G.exe,0"	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\shell\open\command	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

C:\Users\Admin\AppData\Local\Temp\d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
"C:\Users\Admin\AppData\Local\Temp\d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
422B

MD5
1ee5052508eaf02a5fcf6c574a83d175

SHA1
29bda576d6c06f8f6031df7cfc56b5df6c42dddd

SHA256
3cadf5cca10ae2f3ccb227c09be5d789f1aaadb0ec471f9ad60ea511c158a471

SHA512
c28455f45ab22b02406f347c725d6df5167c54a58bbe11369ab7bb84dd677b393e9f9fbd2565cdbace4d7f6a54716cb88f936ed058b65f9060cda9cb96424f89

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
fab79b14837145456891c046957ddd92

SHA1
af83881460481db16b4dd456fbf3b535e5c1a5b6

SHA256
4ef2c3011a3b8d8fd9700d1a7c34d76a93ee8e8c25f87a2ca83e3b9b32e14321

SHA512
bdb241ddad841afb7db2eff03b1ab6944a04d4be8ac83ab7b1e973e1fef56b5142da9114dce607bca266173399c8d5f0ea873fe81a8c8f7c76ff54a629ecf247

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
dba5f4e597aab312ad73594b254330fc

SHA1
4010c2933263a6460acd0fe1c37234bc5b0304ee

SHA256
ecb68b3cb3807a9a47804e23771ef69985d86e137050e8662f6ef642886fe297

SHA512
a98659aecc3059b17853b6d2c29a7abfc512a0b77672c2c4188011f772b0aac087d18938c4322c447bc3616be8d12fadf997e36acc4f0a6df5e74436690cb45c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
ff984d660b76c40800fd84377364c9a0

SHA1
5a5f802b2e19c2ca47d6ceb8ef9e5c4f9ca40560

SHA256
b6d582138aed272658808055a54f2453028d5be42e567130aee1ced390f1a53f

SHA512
193bdd12056bed864ad3c1fdf780f67f319436f9a25bebe2437a9424caac587dc11252b24b3359bae6cc4fe85d84ede7c31de0945d30cbb6292ded16d59a41de

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
e7530091acbc4f4f590f3b923ccd2655

SHA1
19e58221ad3fe71b8d15b7c7cd9a8140280f7980

SHA256
b89bbbbc7428c6c26725f646c805719a4357ad4824b16cd5e9ecb75f5e3c47cb

SHA512
9adaabc7ab1b2ae44a6f15a0b6236bd7aaec398fc711201405a549b2de06ec239fcd2a2bece9ccbfb398e448e280933f64c6f9cbe99d6d6cafade2734c65924b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
64f02d23bcefbcd9c72e0524dbd8808b

SHA1
8beb4d585be87fc7e2e9ce93f0243c715d05e043

SHA256
9ca90fbd191787f35ea0d31d5f28235a31957db5e95579c7dc9885abce69714c

SHA512
7e4f9147155235723b8db0e7ed016016e47d6810cee6a85ab8af94e79d97665176ecb3a2d7ad843492aab0c2c966d1dfefa21db89f653c7461abf3514b0725d9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
ddaba71f9f0f631b7316e5a149f95a0b

SHA1
23d072a8a110f0a586ceb5577b63c82395493a2c

SHA256
7cedf21e98c915cf479cf8fac2c96488e39c2e9b9051d8fd209997a4c5f358b5

SHA512
6af4d54023060ec2119180a5c24e7439a724e4618b74d768143a5cf97a2757e7090472e605192cedd8bbf587bcac58de7619c4abfdf0e5c2cf169ada4d74f9bc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
341B

MD5
52c58cdc2124a6b6f76abcf35796b175

SHA1
7e5754be95fdae38e25b558e54f30093e9e62b3b

SHA256
3b3b60c94b4bc1f5073fd30068f7cdc0deb60e837f04fe57162e80047e17e22c

SHA512
f62e8a8727830e2365a9f56895b137fbda702c717f3ad343a72b661cf6c40b69a71cd8717ab25b87c89994860052625e24b6ede1475546e0bef242061974336a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
222B

MD5
8996aea5fdb740fded44696022a0d4b8

SHA1
fb77e5b415ea5820a608db0d82058118f1c21183

SHA256
bdb3a095e159864a1df0adda7401173a2062475401780ff9b1c43931bf0b59d7

SHA512
8adae966620a0a5ddc8c70f9800b70b797bbd5c1ccbb7bdea9897737eaa2dab79f08d90706a70bda12b1376462081979eb6fdf21a62dfad17be18fc4cf02343e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
ea041f1911dee6ba089961bf76405eee

SHA1
16be4d2357b857ce525635fd4f3cd527904d20a0

SHA256
4d360a932bf5b8a60189a9b88f018515192195a5e9dcfddb9be4c80ff8548d98

SHA512
79d2c522bf7f3adc6af7f4d4dc525fcde5aaabaa89ed4f240cdf43dd05231a14f9ea823c6f68f1198a8de0bd82ccd7ac1c65b92c723b68b723c0523c8affacf1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
3c08982a4b2e1f3aa0b701abd411916b

SHA1
4528e3f9d95c01bace3da879df3bcbd6ae0ac10a

SHA256
98acaf8f18623492d781c52ca142622621550346983b81fe91f7971810efef2b

SHA512
2c4e98a2e4d54b1b4b71dc6e87853bfb6d0fb5bad1798b1176c530b8b40ab351dfde59263ededdff59db7e41a78738528544ae19439d388299faf099ba839a0c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
f7284960f994f7b9eeb38cd4fb58f030

SHA1
1028201e24ee6e6c61908cb28ed1c22036cd4385

SHA256
1c98b52ad3cf3c4c62b1c53f86ab8652bd87783f118ebc2bee164b009ba1ff58

SHA512
fb01f880039b26d133c5de375454fdd7ddb99b864bfa16219737dcdbfc7dce054c066a9a82e11494062bd6566e5fa8e867921cf99fde83e14bb5d0f2a1d1a576

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
81747d000374d966cc6ad7d7817efc45

SHA1
7b06121cb3b92d0b0902873e5e9ac1ec1aeec376

SHA256
035a4142b60a2ab0bbb2d06cc1490fda1d643dbfe64145a0fb38cd71c497da5f

SHA512
6f2eeda1d412c11a12a91b148c96f4d9c0383a09a94b85ddfd57697808f4dcc840704c9b39913bcbd95ea82e56fa056b013ed4c0e32a9e50387125fda79b21dd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
7e32f379ea6502587c8f16b822782319

SHA1
9a8d94b2b5eba43e4ab70271b04e4b3c8e32e81b

SHA256
7d8bac769c3ca85dfad56f0ea489712148b025f7d6dc972d3c1c862954dbff62

SHA512
8e0f27c9da6e60ebabdd3664b8ebee4cfe4ade54cbb06c8948fc418393c5dae21d73972eff3d87f161ee196d190d8d9427eab65c04e88159ecdd5452c7f3b3e4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
7c666ff156d392ef211247438bc7aa26

SHA1
434eac29022d2297e4ba7c22fa5fa594419fdb63

SHA256
f79540a2a5bb7307a018f5a5edfe5dfe338ae9859f1dafb19affbd9470eb3cde

SHA512
4cfb42e18cc9e2e40f9978d9ad7c7aad5584685fbd9f7566beb65fe83d8284b76d904e8aada5f1473c4ff0c50d2e54d546a399fbede54758bc0dfaa3f3d3ed4e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
6f523da27c161283d1f0322c3fdbb9f3

SHA1
71fbe193c0eaacea0a818925c014b8cfaded6f16

SHA256
1e776d2975f07d27fe510404aad0cef528480b5982f9418bd0b6f8511539a756

SHA512
b9ac749078004446800f45984ef2a7cab650ab9bf4cadedadbc47314f11647c7c2351731cbbac4eb82b3826fe17f6feab7d5cae139287eeafda4580ca9dccd4b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
7b85907306d458d331a1544a63a740ad

SHA1
97290c948c1b3db9382d8a824a91ef3579c5848d

SHA256
e74e66b7300e38281740d6d2375f9eeb708966aa8d1c8e8f45e54467d4e7b164

SHA512
123fc57e58e148b9fedaf4f4d6f057a1336e83be48be3a7717449462665060c5012e950d351f756956ab38530cb37b48b86da2f2bd54b1af0b7ef5fe7cb12ab2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
14a720b820cc05e07be4e7c1924ad5c2

SHA1
f5e1bf7ce813b9da7f422c9b65229d5953033dc6

SHA256
be0b73e3bb5926c129e3b8d0aa5fbfa479c6b5ac3db74545e032c8b978577545

SHA512
b0b4d116c8267f0438629607ec705dba0eacdce60ab6c8dff2c071a8f712b8cd0acc3fc4520c63a49c2323ba54bba11e33f73daae6172bb527bbe1f8a53edc20

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
2c013f671893c70ceeb326b622862a49

SHA1
c17d7ecd686518649985c94516bc2b01a791914a

SHA256
1b42a5fd9bcacff8d0dd225052b752e7a96d745d0e9632d58c9307701bb0da51

SHA512
d26c4a5fe268ff2329ceeec48bba26e3b6690f0ef80edc65ddc9965c3eaf8d483f2a55d6ada066fc2618755288aa839801c34728024dd282e919afd8d3173333

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
24e01339a4c420c113389f0ca7df5677

SHA1
3ba48002281a44a72ef3be9b5d7014d595292ab5

SHA256
a155e44b774fc48adaa919f19dd23bdc5f9034265228f536848106806b868285

SHA512
486df75446f25c30a37213d1ae3e29c8fcfc5b2f0f4e0aa68a536e828cd99dff20728cd4a4d4ffbb236192b58e35658851f7c5131944e11c80bc25d71a01e466

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
bc6f2316676afabd8007a5fe041ac9f1

SHA1
580d2c54169221a1482dc050d6e978161f7aa551

SHA256
b17138251cd08fe24951105c1d7a9e8c96c5a22956bd00eece0cb45d83b41429

SHA512
55eacbb7f2ee5c85f746a9a4a0a74929400c84f76baeaac201bc710c4a58f4603d4ecb1bfa67e4398987c374d349d3891eae05275e07302d6e57723842a82886

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
baefa7b468b15addc301d13efabcfec6

SHA1
255dfd1187df3254477744340c763369dbaf14f0

SHA256
0a8110be8ad191cbfcc10a0d38b1a115ae2b03216c512512822b96dd0ddc14cd

SHA512
65e8c067e97c6da6e19db4e6a82378138dffbfa4a2a65b946f7bebe7d9a92a8352051b857f146d09efd6894faa8a809a45f8c657996908f53eecbd6b3771d111

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
613cee383b76e0564f831faee7784c68

SHA1
9dc40ebd45f1dadee1b52abab861f03329a3d86e

SHA256
3ade95c6d8a847c37b497acbc5c7ea090004d25f767cca8cb5dd5d0827174999

SHA512
2ad4746ee0481e0b82ea85f62dcbe911b3dd5f1e3ae539cd713737187f5f2944af178344174805d09a12c16ef6de7141ff7a3057284dde1d4fef021369ee8d88

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
f4ea1ff455e416382446a86dfa0a71ac

SHA1
2f5716f621e63c85f219f118bf8bf9d45a51f55f

SHA256
af2e637dbbff85e4fb325fd7a5e794f5d7800ebcb09694369dd14ed813a1a590

SHA512
e2c340427ede16ddee5f10fa85fed87830f858c92f4eff7a8f4b81f837050d1e42ece43a7899780eec873a8db988f9a10523e472ad2ff3d97001ffc66484264c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
af7269086d9c344987543fd7d7152c54

SHA1
51bb59e0eaa6839a68c79b929164e35571223cd9

SHA256
2a58e8ccd41fd392a2d7cfddfcfe37bd7f4e2e888625bd3e24a92f348faf6b2d

SHA512
8b33c294e7522960dee0bab8dbb20246ececea8b578d15251a12adb6f9e9f2ac44328ac8de575155abba55c83e3f60a6e20a41b16d49c1df67806efdc976f3db

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
16b55298a391c2216b41f89a7666f900

SHA1
da79ed5f72a5dcbfa9a164f8da95b9588a65e681

SHA256
1c974dfea68c59f1a61eab6f3b6e2705760ca8f94c54e55b49fb5186f002d3b4

SHA512
0b7b1792ca2720fdd36ac508a795290996d2b16cbdcd449761d60238363ef42f33dd8c861e2e79da446683a0f52a4221595be93c7014b6f361adeb01ca246699

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
6d45df4ea7a6926aa7c15ba0fefbcec5

SHA1
b246d80f61bf8f3ca00f2a6a5b229433d3d7ebe8

SHA256
a79f19f1ee9246213effeb86e533c8bcff8ef4ab827a8afdc30d5bfdbbc98b52

SHA512
d9b8aa9323bc988b404beaeb4580d68cc2bad72421eb4917f45f38692b02ff68a832dfb74c35886f6b7e43ee094a428d62d42b9b40e24426a5295712478ab856

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
dce1047b300e73de436b3d9702d7c682

SHA1
5208bc1125a205ffa4e025cd78edf46a48780ae8

SHA256
b58bf731eb4628abb9eb80297e8628b9d8329211cf8b3b87b83733fbb457f1f7

SHA512
818ea729bc16b55ddba6ad8700f3b39a7a6fc698e5ea1eb07abb446936f8e78a13862382bf91d7760b4363dec1b8b454fa118ffef33d5814187527cbf17a28e9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
9780be72df9957a0d87f97e0fd386d78

SHA1
7639f5543c8d13d846186f2bb2c388a7fb3dec22

SHA256
3ac6746504383ab5a9f63e715ca3223e396a16829975ca02fc0bb862ebea7b26

SHA512
eca40045b49c386cafc7d9835e07d2fc5d776270068cd23994c3eab884e5a08be56745a9d2a1b4fdccc8ac84490c9280d6212447d41ad31c3b6bbe0520936bea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
aa9522e56e817043de24ffce2a49675a

SHA1
24eae5d4d5cd19201ffe4311607735d87e9d20f2

SHA256
dc4582625f803ca9b35e97eed0e44bac6b27770e2b9d791797f6ce6bec919b94

SHA512
c9d00afd8459d57fbf2c3b988275c6106cafc80f787f3eb036aff9736110f370c36e292a720cd3b92b0cbbcbfa2b067ae4440427090ea9d48f42a4d6ab181e89

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
9cedc186f84011a6d2a63226f0ea3987

SHA1
6afd9a2ca22a00f658d8d872605c49933e938b7c

SHA256
64f607938bf9187ab95ca9d71a2e0b8d3d85653e966a8624098ba9c10756999b

SHA512
40ccab459742d6d08ce411bcafc18f27fc89162d5c58a82db13c4e8074cdedbc7467776d8040d7389ba36a0963dc4e66e11538e6f4374893759d816b9f335176

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
4b7cdee0ab598df7cbffdb553eb719aa

SHA1
7e7d8ac12d0a4b09b0b09a09596cc6667eb19629

SHA256
ba2b824c8680a3416337529dde304b6f4ad147ddaaced65737354819d1fed244

SHA512
9fb26cdbe5ddea90255141907b36f705d79f9e7f90d8ff10909611c1d9c53826d94bab50940c1582f510732b80f5549394c86a9df14aea705b539a60ff65dbc8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
420586f41fb2e3cc1e34d82e918e57bb

SHA1
cc5fde435be407693633964f551549c00f838768

SHA256
073a91890e440d7b32a40fac53845200f16e7357734a1a10a824c640fb5dbca0

SHA512
6a541f19b96f725d743f15a0fdc3ea180a587d81097ab3da18d1979dc313902cd4d1b5b11b317b938ae70c4e538a0190f7bd40d03b141d89e9c02fd3676192e2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
e89a9e50378ff099cd05f9c7063688fc

SHA1
0d50ed63d2ec1bef17eb5ff6b80aca8f56003878

SHA256
ae6844a51a5f2f1dbc9a62d885e9ae63962a7a007ece4b19da20d2779a51e0d3

SHA512
3aacc43d589b0f9ece36df37f13128f3a36b003539b04f4ecca9de6cdfde75454ecab94762b2f9e68c24f05e1b51c17cc2e333193bc1fe5552bc063e69fa72ea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
8cc7f0813b49d8121261e59e9bbabae0

SHA1
4998263a7ba58ce9245a4e28bb91b9d4c09876f4

SHA256
114f47cfd50376c6efda322992a20f6f854932c546ff4a52fbc025ac8a7f1b38

SHA512
ca23a8b765ad944a533131a73ac45f88b1640ffdab72ba38e96513c79137b3666b9b40bbf6437b2c6374ae83a7ad0923220e2eab5445630007f860507be2a122

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
6c83b58cadccc9c31973430e81d6704b

SHA1
7c26a94323c0965b736b86b9d6cdb07b7383b043

SHA256
d927aba7c8bc2d4225fe9e60c675cb551db7e85af4c295c9ddb808e0d5a0fe4e

SHA512
e7b74b9151b32be426798b953d9d8332c5998d758a9d0941eab835e64aad1fab52e43bbfe7b685788505e2701b6b1bc8e2db2461e9c84d461d5b78146f3bc418

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
3ecb5fdcefdd77dd1e068a26bd7e1d87

SHA1
0d47cfb18711d6152b848d692d6f9c40eeda21cb

SHA256
470be76ab8a8140edaa73a05eabaa99601e73c42c9d7d804becb5d33643b67c3

SHA512
1a50389033b416abb15999d71f92102442cc4edc383f97a8ed5023616bdaceb04deb03a16a8c589709e3f3e050ff5920d2d0f0383b0d34dd9ec3ee9865818cb4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
a718ece47d04eb9262c0ff88730f80b4

SHA1
501b1bc291efc9c9dfe1cc2a46937f09bfa7726c

SHA256
030e1260f87d564b3c9e6fb9cf25edc1aede983b6ecfd82b2b4f6c2fc4b44fb2

SHA512
ab27c9b3acf71c5ec323402af3dee2f0548e9f64f6066abd2acdce9400009f3bc939b2591c92222ac5042a1a834b7c229b6e7b5ec3f1ac0293ae775ff84ef658

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
2436a199327daa56718fffb60aaa9310

SHA1
2b2d3d4c730bcff3e33cabe0d2c62594a3431687

SHA256
c86467677f7be4af56db26d162e669d57627ee6a7517d331bbcf6b9eab21ba02

SHA512
912ef1204a59414455e424542b49385ce4bc02cca1398045a6372949c3c8898f2cb5c048c1816db6fa647829b1b1a56178ffaad8bff900a54b31377a90cfdba2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
f56d1e775e651354294ab72ddf9817d5

SHA1
fce0d0d8e5ee24beb1b306272b3f71da12eedc99

SHA256
dcae4cee65f82df3e9337c4ed264a0b7a98cde847112a223290a1ffbdeb21785

SHA512
7e024bd89b40d83271e76a446f732aac1999e7832cd385b1cb5cc3ad5e5ac5d245b1516be7eb1b91343019041a3275d272e60f31ae9f424400a22252334a8aee

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
6b6788b8705380840c282f35ba3e1293

SHA1
2d84c6fd180587cd8d2a04d92e94adc0600e67a8

SHA256
651994886d686127d50b9df4a079bd6a887932ade22a03f16aebd165c8d75a17

SHA512
b4d9450f45fb6d7af9eca263fbc63c44f0ed3a4f241c4ad1ead01393f762437e255805c394844eb68939572d65ce73a8f9c4cb706b370923df50931328d5fb8c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
11df471326de6eb8653d329e4add82b2

SHA1
f2d0e73da505a1ea96ecf339153abaaf7a231cd0

SHA256
038182b40d9e8e3d733d809e83463c27e694395f3b31214a6242c4d8cd0baae3

SHA512
715066119d38382b7806491607c9220a13fa56d6a8556e91441159bd3ae04cf668bdf321f03c291b7f3e7888a1f46820cf958f29f029bed4a57fbe80050653db

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
b8b7bdf5b085c741903fa825522ea83c

SHA1
6efe0c82f78d1b1cb50a722184be3dde32ff8ed6

SHA256
e5c886a88589cbe3c3306b0abb985d3a7f6fe153ddbec368cd06d81966efbe8c

SHA512
57fd0681bf3b01b67610abaeedd1d156ebcdfd3f9d92ad58c156475872018625a9b6b72896aabdbbe98390b887626bfd8333214f8afed3bf9413a9ae84a02e36

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
b14fa5cfc73263fdc6110365d4b78e54

SHA1
463fd93fa39a8a88fa8895b427f24825fc861269

SHA256
063c3203a66a1955f31110b3eb0fbc2355a586ed22b59a050366b6da9a35138f

SHA512
3470d3d8788e8a5d77bec0692774ddbebd50c7613ff9f158058f145a16241e2e07b624b807d533a0cf8d1ccffe310b1d71c2b11ff31ede40a00cfbd39bb88905

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
b7aa29d71526943390d5ef3fe4159d8a

SHA1
af92585ae15b5b6cc3048f8106b23e027513624a

SHA256
f4432c0ab9d911f1f100fa1bd91d8de9fa67cb6deb5301ad09d43e1f725855f4

SHA512
ee683c180a7aed37dde335f44e4faf7eddd28e9bd3ca51f22ebf33cae6046d546eceb6d1ad3fbc262e47d09e81602938a38ddf63054550096435d4f636910638

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
43a135fe5444d6be443dd52e21a7a571

SHA1
29578773452d9b6bffe5f0f0593f0a91bcd76058

SHA256
b12a9732d305c26d7ec5e0e33979d5d022258b60219fca24a6a3017fa26c993c

SHA512
9f9c52c0e3f96ca6da1ee2b91777dd4a780b5c6e2f26462e9626d1961da8b3c2ecb62f32159cb9725a804de8373e3a042194bee6a78a875567069458f6891d03

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
2d4eeeded6f36a5c92cad56d4f6546e3

SHA1
db36c42312fce7d0d3d0aeebd0e38b954a8d69b1

SHA256
89214f456f78c2754fdc87e8cd748728bce65c37282015a85791ce385a1172d5

SHA512
c0bb1d5d909e066c54efc4f16fe04eacb5b6f486f21de6cd56e7018f4d2ea6d94b346dfc2530ca17ef84ebd53bf721bd38893e7bf343310813d64aa5aef9ed35

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
87a47105c2f3e8cbc64b10334f476212

SHA1
6e8efd8c99e7cf0e0de04788a38b3e07d2a7e3e6

SHA256
9cb13afa43ad62e76a2534adb0e6536d01e9095f185deabc9f1e911b9766dfdf

SHA512
6960475275023fe70d43c2517000545c201936e4115078b8798ac0e41a08669b5bb33bcc06b859e2a36e8e10f338981093e41b663fbef65584d51b4ef74d807d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
509ee8dc1c698a5858b1f12b7f5b2383

SHA1
339d9df78e40c3abb54cdf69fd1205276097d5e7

SHA256
2740284f825cb2cfca50047559b738d02ab0dc8c205ad1c3dadb0545211c36b6

SHA512
6ab2b900524e3e34b38fa6aab46791e96cb7b7ad5c2075915082432e5be9e286355459f5c09b56b28fe62266c08b02a8c546dfba848df11945f097667ee1fb5f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
fbde99110a6290e96067639f1aed6b50

SHA1
bd282ac03fd582c554fcf4bc12852e119c53e79d

SHA256
34b40780b83c53eedc868076d62bb5cfff05f82446d2699caf9d844589fdd154

SHA512
a63be140165eaa2c19b21c5bc9848f8b5bf00a34675d965a9b5d5a1ce59d3533839511aabe906e7582ee0cd022b336269063027a6e5efc1c5c993f1537ff7cfc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
71bfb242658155bff22183fd9b7cd1a9

SHA1
8def653f3c4371aefa5fb95811b0315606c918d1

SHA256
e6b8332db07950f4481368523ae1a9267e8fc5ac8f3915f31bfbc26905eb8a70

SHA512
1d4b58a1cfcacf462d8890024a133d5f62f07492ce87904142aefcf2e2c34c5733e2818915549d381f1b7021a3063f54e6ceb9454937bc230b9bb137ac44bfa5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
e98b3e567836f34609433738b225b1ff

SHA1
f14b4455064cd41ffd712b5ebbd9c69d648632b9

SHA256
417055c7616e7c3d90e900b73fa37e135c799013ec45ad9881bdcfc293b26704

SHA512
542ea1075b57e9dafd64864e093d0ef43f0225b046cb3f5fc9673c1a78871ef351a098807dab883382436d8e1bea8e2813267f6169127275b6734454c0e0d223

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
019ef958d6e485ffb90ff65c7a1a4a38

SHA1
66caeaeca0d54a19df231fcfa00c43d599d4fe74

SHA256
af6dfd85a9b6bdcc68530d616b245d6593637b5862f3b6daa16a1bafee603864

SHA512
c537f618ec8e5670937e1d904fb5bffaeed894176bf611c92c4fafeab95bfc2dae46c93c6d1c4040ae90033bbb24d19940dcb4201569830047378df9546e21f3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
c6636beb4e458ae87584640673b4e44a

SHA1
325dadf5fc15e2b08960a2a6382580b757db416b

SHA256
74e31612bc78be94878a8ca7527abfd3173209dae683f33d8112bce5377e060e

SHA512
aeddf1aa09a5eeeae85474c4116418f3b26b325d03c602157fe2cbacb736ccebd9fc55532d26e05c688e80d2c549fddb5a0ebf6c72e78e2dcdbdeab113806ac8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
69a836db9a89609c14ff2705b9825f16

SHA1
dff5da772cd1ce0c52e76638d274401ccf95773a

SHA256
614524ab8423bbd931d1f525a473a7e434be3689036acad25b196519d52c4f8d

SHA512
6304e76e82b6cdd5ab4a4516298220b23e6042616a797abca8099ee1807124e9eb49e08c0827454f5e643b293e5649a71d6b3e4087e41e701e74bc4e8f7fca49

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
6ec2083eae6d01a8e68c9d6f1efad207

SHA1
ac1385e1fb10985231ef98c74cda0c094be6ad15

SHA256
3a958283224de54395013cfbd10eac3f7d0ae5b7e270c66e8f7c14653b8ef667

SHA512
20c1757129834d717ed3a0e2507ca8bb95735bc078e5bfbd538171722f04e1fc734e5b98a27d901ed82fcc5ba6003dcc9cff3926d16efd0e59be39a976c1bcc8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
500ee5680477f4a2ec85d156362d61e5

SHA1
f42f7711436738898fb8582a7fb3bbca313b58d2

SHA256
6435d3e98350a877ca445116fc982b59df18c9c8bf2a9cec3918e5f15d0e9b0e

SHA512
2d9bf00088f947f8660d3548cec071dcd83473d7797e1c01555c0fed3d1bd542ecd4864d0d03468be3744270c0a9831ab53b0f15c4c3ed8161c80c2d6fd03c09

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
4106c3c6ca8ed4669fabc224c66e9a2a

SHA1
ce9e1b4e862db0ed699379e61b36b85b50a07af9

SHA256
300ec8aeea7e658544e0968d56465ab274543d9cd2623c31b821a45f633663bc

SHA512
8f87ae58932598064ec7a15366c313eb67a5025abeb09e2ff9c26f47f67d231d4bdb2a249c6934abc620b2e852b6516fb02662056058fc16d0225b1af8bee570

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
a46eaf1b6b01e07567ca65d29449cc35

SHA1
aa492940e2659eaedd277834b8d90eb2b82b218d

SHA256
a6b800088266c799ae36d2b49f301e32fa24da2a9ed05c452e9d5a017d370b48

SHA512
68c538c1b6b51023502e3ff8ba91fe1aaf27a39327ed10967e20f2ba3de305ea8275a1ece0e755d7d5d8e2ed0b294cd51df2fe1ba38ac9473d70296a2306f6c1

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
190a4d6dfbec070570623d62a05c7ced

SHA1
5c8cbf4a27375e75b5715ec5587288a97d78a2d6

SHA256
daaa944809817e7c5ef6f218a14663698715b984c07a6a3ac7d5ab5bbf479ee0

SHA512
fd2e60d417e5e19a48d22660db497900891bd3bf9b41ded5bf917b03d64ada3b32c239405be3804e328356fdba32a841424c04673d059473fe33135cfcd5da83

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
d2a12111f17006f3edfcb76e535b5e33

SHA1
dbf85b11ffc2e17ecee785452c68edb9cba6c619

SHA256
32cb9a0c4f83908a0bd5a5e5b5538426dd0ef0c1ef48d5c3b496cfdb48e964ef

SHA512
b26d476be25ae21309778f4a8281e52df7dd573df72afa151bf56c77e858d10e8af0457bb15b8e968872052d3c3d86701a05f34ef57a5fe9253f314f89361e87

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
e5ecc9ce82be020ace85b0ed66d05702

SHA1
e57291c7a0383ab2cbb4b2042280d7ba0cb4922d

SHA256
e1f18801a9a27f48b408fe1518e84b1732e9442ad522809fb920e2b996cef167

SHA512
126aee9892046160e31b96889d0359cdd463f86b39aaf88bdd1473e92e8a62726803118767cbc140e769cf04c4a500fee82be78d816fec0b6a899d66d29e8f22

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
f2b88559ca319309d1590e4d6bb0b26f

SHA1
53ae64d95c260cb884d4866f30da050f6813f95d

SHA256
80ec4c79918dd2ca47d0cb4c1769814fe0b7731c9c0351ba465b47de713d6f63

SHA512
a82d6cf087df6d59d39db77d6f8e10e0a8ab477c0595eccfc582f1b340331cf6e9f716404c7007e8da20d34b7b74aefe1a40c027538f1bfdcc03da030c844147

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
5a393b60f646b40ea984d00845073456

SHA1
30e46524e677f4ea0bd54525e82a3a8bd032447a

SHA256
cc947223f3bb56785a7e9d21e51e8ef7ee3cde874fe947995afa327be6df9116

SHA512
7109bdbf6c64283cab21dc8e6103a87f47c97c8915b2424515c7dabb5e6b060487de8f83141ace3ef4b2c69ca52ca2bf911d49ddcfd80564ebdf66e51773bc11

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
71063670426a286f78de7c68ea42d4f0

SHA1
7bb07ea13d3fee0edd9d917df64c26f3038a6f97

SHA256
045bd182d0d71ac5c311954bcb241f23b6b2f3bd8598c930b275cedf6d315e3f

SHA512
ddc05ed88ae862a77e4be6ed04ebcefebfc4004c3e5ec0c87654fe15f8cdd689d9937ba6102e90d2caea78c86910820f0880852c867ea8d8cd849a25aa48131e

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
99e7704afb7e050123f0c9b7a21bd3d6

SHA1
92c28dd36c68167b31d26282b03cdd483a68033a

SHA256
462ca6de5eb8f5546be5ef4014de1b970528771fa98da6e6899b47960217a0ab

SHA512
a8ea5aa09a970ae9efc35b398f7aa41be99c4ca27548a51bc2e216420b43662589e6217a8bba9156dc7bfef2f338d05e70d5e0a3339802aabd5fc9e8bd2a64f6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
60ab67f9b776a7684697067c292e9bb5

SHA1
ebbca44ec73c6d0d3c587b6600185e1f6d9622ee

SHA256
a90324434911cdd8beff915385c492c8cfb47288e5c9626d92aaeabfcff16d44

SHA512
44de40c5292f2e6c86318f9af2bd856d7af3e3c2432db0ac6a1a5556a0c8c761cae15ab2e2835863ebaa4e3cbaa1df614e6095c6f23550f9a6852123045bbeec

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
ca8ec462edad386f065c26f364f6a0aa

SHA1
1958bd22de7ecea713e1150b3dc4e19058259682

SHA256
383cf8b387e7a871428e76d4c165f60876ac666f95fd9549aa92ff2a19cc8b83

SHA512
712dacd6a7afdbea862b52c7373148d833e832f28038584fb7dca2f31d6b8fc3a6957aab9631e990fdfe32a4e7207673da03293ae25514c3aa1a7f94cc1b130f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
6db99d1df393d7a67084a2c0160d6a58

SHA1
5011f5f89b071e38387de32319c6eb805525893f

SHA256
07f998a69a0960902da083cabdbce52600086f259e979eca16ddf4feec19d8c7

SHA512
66909332b1154a2e8cf4056a49eadd4610e7a95ba890e698ca49be0f9857cf65730712751dc3ced4b196e354e96c83ddd2c2a56655239de2d52854d972218ba0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
9efc0acf68fda4ec5b17f6b5dd841e67

SHA1
d5f437a6fccdf937825b80acfd08d3f13191591b

SHA256
cf52101bfcd22a7e76872be349170826df267593ea84f87a2991e4fce337addf

SHA512
45dfbc7a3d3cbab9d22fe6a53c0d9bedcc0cdafdae96aad9a299b9e8a7e0de9364865bbeb4f8a175017a2126ba40d832f2c7f7729a8f048c2359fbc591df1ca8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
d5e366806b979e3a33e2e12ddab03035

SHA1
936edbfff215a13fc528d7f86f31997049a3a220

SHA256
c5319d529667a2ec89fe142b69827d4700729537e175ed185adb945936271db7

SHA512
9e53353117d90362cb04663d07a44f4824952f58a80a9215bbc761ae4a91091abfea070b533193fdebf5c519fb6d96c50c4091b721e783d8e789755384e71558

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
5eaee4d83586101ca94cbd6db23419ca

SHA1
fd5653258c2c7932e3b21b43b62895d5e3726010

SHA256
66165c9f5673e46189a6ae110483ca1f2f8982256c38ec33a5586e7e76b66ab8

SHA512
37982a9f3d21abae069b0fc9d10f3f8ecefe7d46fa99659ca9de628fe394674731452e5edae487885a05e19123f7f15990a6a1a40127ea7acef114084ffa6e5a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
72046d9ce2b319185af8e439624582f6

SHA1
46fbb2926f66469ae85f39082fb46dc868dbedfb

SHA256
fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd

SHA512
17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
7f4512385e062b8f6169e308de3f2519

SHA1
c6d872111ec511176621d003624adb148788bbf0

SHA256
7e1ef2719b5ab8640221112697806607bddeb2c47cadba01b968c87294b23931

SHA512
3cd4e005e07a9f7a4d3204c60ff8d6d007bf6115baf91c6adf480eae8268336ded6256a743c039f6c631776f41d42f5652e82466e1c1ace1f955147f0fa0b59c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
d118f5558faebacdef6d4f6800a8d8f8

SHA1
c491a38354a52dc0d77ae50706aac7fb412e7470

SHA256
1bebaa6e3bba24569c14e3f3b3d88b35d7b4b51b261dbc73fbc3ea9125edbe52

SHA512
9549ceaf47ae3abde83c1db029e25033d8d94908b92fb4bb20e173c739f3bd41b02f324fbb3a7551b3e158e95849768ae946c57ce5259313a5f68c45fe90ab4a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
c3a6cbc73d2959018d1c808273483d08

SHA1
f47f5efa301e88d9cd7137c1584dad94b9b721eb

SHA256
ad0ab299d5b9e06fa45a2d3430300374a51a92020af46390aa10374bdf6ff6f8

SHA512
5ab4333b3adbc3f56cbfdcf5e3013b4988727fd7194e2ecb944fd955b8097614ef41c904b83feaf701d3624842aa69fa78e66066e9872cdc652fcca7cfaee542

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
a3a2e8e4018769171634369adced8d53

SHA1
8542679abb36379dd4c99d54191c73306ba97ad0

SHA256
891a38ae41ef4309bb412cb344cf9615bb9eba558e20eb66e24fc3e3cf96477a

SHA512
339e3b054c7d00f3c8262a8e28b726f751ac37d90490c9891c79b34d5b9882953a7dbfb033317c8ad27239da4b160f2363b3aadae695877d708b7a1ac2c68924

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
c1dd8ad38d7a1f4613520f069f0d0646

SHA1
74132395034ac3decc4fb06279135417769cbc8c

SHA256
230157fb1f1d8fbeaad9d76575a074fcc0dc6004a6bb4fbf065990ffabe52ce0

SHA512
061e9fd698a2ce38a2b74f9480f4c8c65147e4aea70f4bac75f74a0c3529c4319cb2e6469a37c1335eaee757d08b44501cdec9b674d99c316cfa7cbceb60dd8f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
cc570935f09863c5b030dc97480c530f

SHA1
8a723dbb7b77dcabd135e09dd6ac5a60535b02b1

SHA256
585af654ce19f1d03fd1086cbb74d095e5fe2a201a44ff3ec3ac1d35eb7c8945

SHA512
aaa326847fb77e37329f6d232dae8a7c97b61484296de6941a295111db650ca7dca6ce15ee0e802e731588e803fb1f3d7fe40183a83df701d9cf752246ab31ad

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
32491050dceb3e33a77722a372cbb8e0

SHA1
b31f4b75cb4076ea8ca4de7af2f705d406137210

SHA256
c8b12d34b12ed2206e24562e9d5e5eaf7db456baafb79dab5a299b23f8458df1

SHA512
cdcccb0bde6cf65ad40092edf33d687b5df808fd8a1272a46b913570b9ae2adada2434ca3f8db939b7d0bee44f7eb800c0495ebc33e62b1d39e448f7356d7f3c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
bb6fbdffae67128f0c4d1acd64e52f96

SHA1
4d2bc7aba05c36fd1df6baecd3ed4cd292743533

SHA256
4f4d45fb2da2953cc003a51b7a0ea5d439c7fe163f90a703c446c7a9b702ae26

SHA512
8300d6e9bc28d8e61b3cf01b13011f10a0d2dc59ecd05032a14aab42a29af1e61af6ae13856c69b395d9e8689ac01f67bfd1c8b3a0b1e5e25c4d88b64d589d23

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
18d028b4888b6f6e9db8ee0f427854d7

SHA1
3748602bf75d436827e2176147e6ff08fb8f691d

SHA256
f4007d94f35fbc83e87bd2fa6f7dad1321e80db6dbbd0175abdeb530f56e68a7

SHA512
65155193b7d98183be24647d628ef9738cac380c988fab3cd775f89181dc5adff5fee1b1f6aa2fc43e5650f8e11b99e23c28e7382636307e361119aa871d773d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
21b2f81c7de3321ce7004af728d11a81

SHA1
cd7e72941fd5e7980e8c81fb8dcaad45b2b05581

SHA256
30a37cbe50c62b343f48af376084d51ad5f0f4a38bf0e21e8bb72d633a206fa2

SHA512
466a5be67281b38e9d779dd2f696ecb85618b000ee7f748cfe47ff630b7f9ef0d2a7c97581c4cc0c76e79e0ee640f684c26367aeace89836470c285de2a2a52e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
e19461030bf2b8f5bb805b7431028e56

SHA1
d4645d105b9ef395d26b2e41cdec9af3279438c4

SHA256
e0cd484a0256cc274c15a855d967da47298a9f373851a82b77e0e966b3602b6d

SHA512
aa1d59368c1461f5c3cdb07565f8e7939e731b185ef5e540048901801e1e19b326a582b6ae3ca84d990f4f62bee2e4a7a7947135f966b0b2effc16cf569b8f80

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
eb84c814eed81f69ef49848d03420206

SHA1
45b76a995aaea76d9ba72fcdc8560b89a7b1a0dd

SHA256
d9fd61b1a3e5fc7f7d39a3b1bd6b5f8227d85b53786146f3960cbdf32dbb203c

SHA512
e3b5bee34e28b56e8581529865cd10747ea96e9be558dbab8136c0dcd1160b0ce2382ac51c1c09052536a969f1d03fa00a6bc7a91487cdd0f76d5e0b67260bdd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
7f92eeaeab07437f434742ce0c4f2827

SHA1
8edc9fd784dcbb612856ed32a28ee49d77267a9a

SHA256
e9e7c651fba92b26a74573d452b2dd9e2115ed06c411499e04445fd86ade2eb1

SHA512
7a49ba34fee8b461cd2e8b554a38ae8cc1bf69f0b616676565d061ebdf0827bc5af89f53161996f05974322c7e7b2de86e4f589252c09eb0dc9415b162fcb78b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
3b7e64065cc1094746d92a408b05dffa

SHA1
985e0b8f5ddaa56efeb989a2f8d70cf81a1b7609

SHA256
f533c7760611fc66630e5ce4681fe9b57579a63eda2a311fd74ac6fdf55d2081

SHA512
83109513ffb1b3444869925a509b63313347e28a0ace4cd10cd9a2e7523af242fab28858d0f8829ed30fd83b052f0ed18a74712f5ca6572960351a10594565d8

Download Submit
memory/2692-5-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2692-8925-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2692-8924-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2692-9152-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2692-9153-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download