Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
21-10-2024 22:07
Behavioral task
behavioral1
Sample
e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe
Resource
win10v2004-20241007-en
General
-
Target
e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe
-
Size
39KB
-
MD5
5d8c6e9022da9cdde7c83e500bc09660
-
SHA1
fc8679bea044346912f09ff17ded0caf53af9b07
-
SHA256
e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392
-
SHA512
373ca7cbcb63d1cd4bf33be6c524a8104781a714aaa0d50991cabfe746143ca18f355a592f681128ffb829fe82d7f5e3f4d2d5e956a520f2d4b9a7645f37e4ed
-
SSDEEP
384:HebFNw4Pk1itKkpAjjalraxkqYvjSXkDCgSZWQbxpwMB:H0FmBkpKj1xnY7fDCpHxpF
Malware Config
Signatures
-
Detected Xorist Ransomware 3 IoCs
resource yara_rule behavioral1/memory/2072-0-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2072-7507-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2072-9087-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Renames multiple (2204) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\llsyriQkU2dpajN.exe" e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc0.inf_amd64_neutral_c24bcc939e6dfc23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\en-US\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\ro-RO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Windows_PowerShell_ISE.help.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00f.inf_amd64_neutral_777b6911d18869b7\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\Speech\SpeechUX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_troubleshooting.help.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Special_Characters.help.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep004.inf_amd64_neutral_63b22bfb6b93eaba\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\es-ES\Licenses\eval\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\System32\DriverStore\FileRepository\bthspp.inf_amd64_neutral_1b15060bdfbd09e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmracal.inf_amd64_neutral_857b8ff74e5a7073\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\wdi\perftrack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\System32\DriverStore\FileRepository\lsi_sas.inf_amd64_neutral_a4d6780f72cbd5b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_debuggers.help.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_troubleshooting.help.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\pl-PL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_methods.help.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\System32\DriverStore\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmjf56e.inf_amd64_neutral_328dabbf0aeed9bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_neutral_c81780c5dcabd0a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_neutral_4616c3de1949be6d\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\es-ES\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_command_precedence.help.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc9.inf_amd64_neutral_ff3a566e4b6ba035\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\it-IT\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Comparison_Operators.help.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_script_internationalization.help.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\System32\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_arrays.help.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Foreach.help.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_properties.help.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-LicenseServer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\com\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_c86d6d5c3810fc04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_transactions.help.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_wildcards.help.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep304.inf_amd64_ja-jp_27c560b15d9928c0\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\hr-HR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\it-IT\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\Speech\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Command_Syntax.help.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_neutral_8887242a56ee027e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\System32\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\System32\DriverStore\FileRepository\wiabr002.inf_amd64_neutral_b4ea26a49ad66560\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\System32\DriverStore\FileRepository\nulhpopr.inf_amd64_neutral_e078ec466987bb3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky009.inf_amd64_neutral_8e54c9ff272b72f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\System32\DriverStore\FileRepository\prnod002.inf_amd64_neutral_a10c656b6c7c053c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_trap.help.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe -
resource yara_rule behavioral1/memory/2072-0-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2072-7507-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2072-9087-0x0000000000400000-0x000000000040C000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\settings.html e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PROFILE\PREVIEW.GIF e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\rtf_choosefont.gif e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_center.gif e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new_partly-cloudy.png e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SPRING\PREVIEW.GIF e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\settings.html e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145810.JPG e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21533_.GIF e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR45F.GIF e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\weather.html e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_s.png e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_settings.png e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02750G.GIF e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10289_.GIF e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR48B.GIF e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files\7-Zip\Lang\ar.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_h.png e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\PREVIEW.GIF e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02752G.GIF e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01241_.GIF e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14565_.GIF e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_right.gif e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_right_over.gif e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099165.JPG e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR12F.GIF e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\TAB_OFF.GIF e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_windy.png e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Program Files\Microsoft Games\Mahjong\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\settings.html e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Program Files (x86)\Common Files\System\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR49F.GIF e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\logo.png e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\TAB_OFF.GIF e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Class.zip e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\settings.html e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tr.gif e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPrintTemplate.html e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_m.png e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_foggy.png e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\PREVIEW.GIF e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\wow64_subsystem-for-unix-..lications.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8a2303b71b4db415\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\x86_microsoft-windows-encoderapi_31bf3856ad364e35_6.1.7600.16385_none_3da540704023bf4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\x86_microsoft-windows-scanprofiles.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a6b2c5bc94701aa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\ehome\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_dot4.inf_31bf3856ad364e35_6.1.7600.16385_none_3868f74cf5b51f17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-capisp-dll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c6f5b12ff205670e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-n..-security.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4cad8e6b513d95fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\wow64_microsoft-windows-pcw.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9f360ff648a30232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_ksfilter.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d6a123c7de7e6168\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_c985fbedc9886bd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\404-15.htm e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_wiabr00a.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_65e6f6a681aa6bc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\msil_system.speech.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f2ec7769f14a5656\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\x86_microsoft-windows-autoconv.resources_31bf3856ad364e35_6.1.7600.16385_it-it_934ae970c68162be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..er-engine.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0e21c75ed3103f2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_narrator.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d8792205fa464fa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\inf\SMSvcHost 4.0.0.0\0015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..quota-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2183a0b83789bca3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..-tlntsess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_898132382e2e918f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\msil_microsoft.powershel..nsolehost.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_fe252a15724f453b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\x86_microsoft-windows-taskkill.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2eef63283cd4a887\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\assembly\GAC_MSIL\System.Web.Extensions.resources\3.5.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-drvstore_31bf3856ad364e35_6.1.7601.17514_none_4f1a5a9a5a24b7ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000042b_31bf3856ad364e35_6.1.7600.16385_none_58f1c8306ff0d14a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-winsrv-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c01e7ca36d3191ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\x86_microsoft-windows-e..collector.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0bdd1a1b9873aa8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\Branding\Basebrd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-iis-bpa.resources_31bf3856ad364e35_6.1.7601.17514_en-us_f646fe79b78341b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-kernel32.resources_31bf3856ad364e35_6.1.7600.16385_it-it_25ba7e4f09206dc3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_ts_wpdmtp.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_743b10d418853fa3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\x86_microsoft-windows-com-dtc-oraclesupport_31bf3856ad364e35_6.1.7600.16385_none_ed468092c9bf2870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-e..host-peer.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_289865aa2d2bac74\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-international-nlsbuild_31bf3856ad364e35_6.1.7601.17514_none_f1f2ba311c97a977\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..terprisee.resources_31bf3856ad364e35_6.1.7601.17514_en-us_1051f5dad299e574\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_netfx-perfcounter_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_b6b11074a7789633\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\msil_system.workflow.componentmodel.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_dae5d518096dcf8e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\wow64_microsoft-windows-p..opeerbase.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6e37e53191205bc4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-f..libraries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e6e8dfde09845c37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-mp4sdecd.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c642e24b1919d78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-nshhttp.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1277606c6260258a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_Variables.help.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\x86_microsoft-windows-shell32-license_31bf3856ad364e35_6.1.7600.16385_none_70de2556f6dfadae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_mdmhayes.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_02979a084b1788b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-azman.resources_31bf3856ad364e35_6.1.7600.16385_it-it_fa5544fa4e40e5c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\500-18.htm e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\403-15.htm e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..splay-driverlibrary_31bf3856ad364e35_6.1.7600.16385_none_7985d76e9844dfab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..track-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4de8220dfc038640\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\x86_microsoft-windows-c..er-office.resources_31bf3856ad364e35_7.0.7600.16385_it-it_34d76e9b3fecc430\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_de-de_15cddf79c0b60008\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..-platform.resources_31bf3856ad364e35_8.0.7600.16385_es-es_420ff4a22b7f89fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-securestartup-ui-libs_31bf3856ad364e35_6.1.7600.16385_none_97aa510e566e45d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-e..converter.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e68c9d3fc84d6309\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\x86_microsoft-windows-imapiv2-base.resources_31bf3856ad364e35_6.1.7600.16385_it-it_659ccea935343c09\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\x86_microsoft-windows-rasgetconnectedwizard_31bf3856ad364e35_6.1.7600.16385_none_39ea34b42d8bab89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\diagnostics\system\WindowsMediaPlayerPlayDVD\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\IME\IMETC10\DICTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-mapi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_867011d903e930e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.1.7601.17514_none_4623a247a9e41c27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_prnbr006.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6e3da27bba8125e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-mmdeviceapi.resources_31bf3856ad364e35_6.1.7600.16385_es-es_23a47ce11eca99a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..enter-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_09b5fcff45606326\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\x86_microsoft-windows-n..datastore.resources_31bf3856ad364e35_6.1.7600.16385_es-es_86d45c0d960f68f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe File created C:\Windows\winsxs\x86_microsoft-windows-shell32.resources_31bf3856ad364e35_6.1.7601.17514_it-it_e85bf9af0148aa84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe -
Modifies registry class 10 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HAPVDRQOHXAYMMB\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\llsyriQkU2dpajN.exe" e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "HAPVDRQOHXAYMMB" e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HAPVDRQOHXAYMMB\ = "CRYPTED!" e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HAPVDRQOHXAYMMB\shell\open\command e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HAPVDRQOHXAYMMB\shell e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HAPVDRQOHXAYMMB e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HAPVDRQOHXAYMMB\DefaultIcon e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HAPVDRQOHXAYMMB\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\llsyriQkU2dpajN.exe,0" e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HAPVDRQOHXAYMMB\shell\open e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe"C:\Users\Admin\AppData\Local\Temp\e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2072
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
210B
MD5ab9da5ed186b51c64d4eef5afb2e2a09
SHA1b8220000a28a18c74667236a0c17c52d2ddbb6df
SHA2564664789a35bf0a204358a5f17ff1949a9656ab90ccee20ef004b65e305b6d745
SHA5122b2ff33612c0abf492319f30f952b2d2ce9af45e92fda421474725c4cf11d6587500c805460e4cb82824cf920d9e7aa810103ef47bfa670f20155773b1bf1aed
-
Filesize
341B
MD535eb3a26777aece49f05e6cd3e3850f6
SHA1dcbce229c7989f179f3566ea30c6395c7f00b399
SHA25677ef0d221d3eaff7869101de0a0627a743430cd750a7eb1d538628cff120e1c8
SHA51292b79e1a648b9ba1bc3754f4887447dbe2f53545818b1f6c2eeb1ea52a25009c3ec3e96bc4e4a63bdc35e719391667e13668099a484ab52da986c79012abf675
-
Filesize
222B
MD574a950b1d2ed31899bffabd19f9ab986
SHA19946be18713151bf2e80364db07520b72d99d557
SHA256cc03cc6c05e1cb8cdecedd4b1c4b133103b9a237c2d4ed9ec2ac65dd687ca661
SHA5123d45df7adc78de3e9ea9a798255a5bcce642b844e146310b85ebdc820d97edd9c4a956545f35e06ae45f19a3aea11c8cf29eb7621dfd5dc09b55d6bd7c42be0c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD5e439d7571777f68fa641b4928b4c1cd9
SHA125129906c806ccdda7a7b6ea1ad86c60543ded5f
SHA256398e5d5043540dd53bdf62ac5c4ecd36c26df52db07b5aa7de79efaf0f9aa500
SHA51217a7d73aa535b701056893af37d91adc50b3d8b3c8c50e3844a36c11273646b60f73140ba51ffa29ce239f6f6abfd7ee7299997e336e0f3e6f614271fe76c96f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD5c23f56aa11644e72483cffb8f39255e0
SHA16444563febf743551988ec92af0797c093583bf4
SHA2561c5ba19bc0ba07d184a9500dc9558588f770eaea4a82a3a2e6847de5d90e4890
SHA5126668be0a7f47a68f44ba6b206eb967e4e9a1c0d5105d3d15a3ad3a326b1fa502cb7a53837395db17115f51c8e26610b56f3bc1eeb3464e6db3b8059b08676b9f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD5237057f3b54fbf4e24c814cf99ed4c2e
SHA13013b14eb6a2a325e5a027dafe5e8e46126c25f9
SHA256a97dd52e0562af029733e8c11363970f245a8fce10fae59bd2a9335ed171c73b
SHA5129c69140e01b1346f8a37a9557fb7a30617c011fb99c45630f9694c04903817a9189fe8675b8274ee14c3ca1cd609f9cef0b96af42aee971f60365c9d4bfe6daa
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5cacd2df424e21d146c9fce136e56140b
SHA16a7fa343e649f78947f54042ad3b547254ccca97
SHA256e196cb4f0854259d9d50777b0565396697bf1d79fe19e6c08e2b5780787d29a2
SHA51261b6eebcc13c8e743d2100f95c51ce2fe8d2a1419f43fd9ca9942a3ff12e299ddc2b82bdb8f40848dca698b082500f495d18b1272848f71304754331072153dd
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD5a85f5623810ff0bcdede913d6f5cccc8
SHA115d92718ac7d9417e36aea332ded6f6835da69e6
SHA25691bb1e81e1403ed92fa4b0934cf2f1187a516d2d57e3f2ae730e0f8089c7a8ca
SHA5123945438879b9127b52d5a69941f8d536c14011c1772e3deff9b7168ac948cfcaec8c53aad72b78c03a2e455c270917059a8caf2cd778d95701a7004ed6dba0a0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD505a8d43eec1b1e17ee9aab0003c8acac
SHA13a26831db81e2b227a0c1fc7ab81cbef48759743
SHA2566d5d787b1e42393f358db8ab12654c24184fcb485df65a60aa238308bfb92b8a
SHA51210a6fb823eb0666e1024df37942606566ca936dc08606eea318a512b6899d6b3603ab0376309746662b9e4f62902ce343a866d0ea419220138157ac07c62bd9a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD51d59e4db879a2b08c2acc67d85031b8f
SHA154644530dfa871fcf69975a680df18e318856f41
SHA25627da7d071f8b09a83b668a6a162ad531addbdd93f124dc9e5e165df19a415708
SHA5127ce2ae1d580b9f5574c96ffebef3b721ff45617f393c45f1e50bb93b101c987265506e4d3952d9eeb9d9fc4dc51d36163b0508ee69d8aa2c35676fcfc1e66547
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD5c86a497738034011d5c7465e253e0441
SHA1d19fe9264a49da67ee405efde3e1d0714df53251
SHA25645b8fbba4f8594078dce6086ef7cbf6841fa09cf94818cc317ed5c0a8d5733ab
SHA5120f7de0215a2c0c3d489aa775b8faae68d3f8f648f1cf85d02fc8f304afb4c7aa84611a1d113c4ac0446a49f6a162347784d888c9fa639362bb6a9b5c8804230a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD5274d32107f3bdae1d17d5a5dc21aa965
SHA17f2671c47cf03000b182724a22970241203222ab
SHA25679b5b1acc6cca8c2c2a6486d0bcada3b90c97c6d983ce958eea247f6d43b9707
SHA5120aff0305e269809d19eea9299e08325bd1d7db047f7ca12acbfad622532d6f76d7d7aca49802543380b17fb632e9104cf22504da2f79e0ce58d4c449b950f2a6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD5bc56b77d912f59b1dbd5b198175211d5
SHA19802a0b7be406beaa4795cbbc2261642c02d9aab
SHA256bbe8536aad9fbe188f246be664c8d18670812cf40aeebdaf1782ddda377b4f7a
SHA5126d44dcbd723564e5b81f02ccd796a42ca325aca7bfc57d3f49008e52f8b38115a68621bd953e9e33f66045112d4132ebe905b7e3e4e6312ea8902ac6c61601f7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD54c2112c7cef300f5a0bf95b4643f94d2
SHA1d00bf4c6e4ba255df301e37f924690c9180e82b8
SHA2566a63df73cc0c0ddf0ff1d455b6b28cdb2669361c5b7b02bdc9e7da338de9df25
SHA51221b96126a97196e38bcb565d087662b405e47c40622bdf91866543da425146cda45ad4bdf1418ff67efdea66fe8b41dd665e1b1d1b88b56e42547aa63fa1a7ab
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD5fdfd42c816342465ce3c61f4a363b4f7
SHA12bffe38a8b3324c6c825953166ef76d724facfae
SHA2565860bb1400cd1ac3cd95580d95c1d3f9541560992a0a2305109707668d273091
SHA5127c679c694486d0085985e147dee103ac2876df78ceb2cdc16ad21e3b8356a693e914074d6a9893049c4a509867016a0080f821ec2e8323a852dbe30e8347b51e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD5a4cf956d05783170da071662b9cc3f66
SHA12520c29675ce822168636138a8d1e7a9de1a7181
SHA256139480c1b23d39ce6fedb68fc159c629b599ffb760fed608144d05135bbc954c
SHA512f6e90be4336b033965a7a21c79bf87e4f550b89efc41e29a51ce6e5fd3420d9474ac507deb7e39c3c441d2233e29d9572d0dbaf2d9cf2ddf16e054a4e2da68ee
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD590e5a0121a3ccb87f7e5b3f29642e87f
SHA1d7250b6b5f0cd4c9b961d7eee09b556b73483601
SHA25650248fce09cac25fd2d36ada3a27c527ab0416bca97de79e7f33886cc17162e3
SHA512faed9eb8294d87c4f32b9de507b78cf97f8468a94831c49723a44c8f0d091076172af07505f06368d932c6b3232f74a155ce5d5ab1d81fc0cd4feef28f5ff5f5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD59c04f37bf5148dfa42d01f2dbd8611c1
SHA1847932ff80b312be215711271e24f639686b2c46
SHA25616c7d7948e0159cf436e0e7ebbdaa9242adb0f4b1f015e693b6a5daf16cd3924
SHA512018efda0b33b1a30f75ac711b276e8d9f01230d1a76ede48ac28a05824e6689f474448d577edd90a95e508c0959aa9fb8fb65d6b5946d7307c05c56da3228e8b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD529aa0f44d5f6e9548be32f8d5a46b7f6
SHA1887e8056a0095a92f2818be0e7be7b67602cbe1a
SHA256696096ba1a3f1d8f198245c833f1c46b5fe53898427e136fde7bea38f37aba00
SHA5121786c6ecbe11ccc73d819a1c6d624c7b0658782a1cbdc31bf935af3c5641f085469d88201204b2b598788715301a81b4bf8c994ea69fb1968628fd1f22772409
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD506dc16e223ee39807d680c627c90540f
SHA1ea4ecaca9fd1e0182752b938b9f7a58f33f5695f
SHA256a8598603bbdc6729c8c4d366a691841bf401b39f557a450a2225fda8642529f3
SHA512a047f43a05a151433a023c87fa466afcb3c83619d64809caf136a3f1504ff21e103c06b1c155257f063b011a898182ac91210cfac033455df8b678cb1e0ed652
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD55813a4f6f83305aa0a2abd97882b2cec
SHA160a9950d84fa315aef0cb6608257a39a62b02197
SHA256fffa5a220c779e0d7d6fa514c73ee8e520ad66b17fba76ddb61cf161972fe644
SHA51277bdf00bcacbd598f8dde4f4c3e3293a6e43c4883cbebf49340cf53f79e0afb46fab5684408f08a360b4ee4505dd80895e182e745887582a8c2f11d43b53eca7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD510484e88c47a7e8de1a32c3646b727fc
SHA132d70885afdbe27ea04221bc944d00f244f22b97
SHA2565695e04cf4afeae8b364b0bf3c14fd3a2b12519d826c523ee4b706d06240f3c0
SHA51286f5af16a43b298f78b20361006679ff4bf05e7dca1ca5d407b6edca5986741cc739a52d51092439aaa2d8fd6208117074eb7b5c9828eca1352f53d6abd91ddf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD50a4857021fd4f363e9212129a931ceef
SHA1da9087ba72b1e4f64712511f7eb2d87fe3af79fe
SHA256fd51ccf19cb039986300a6452141aa14933ce1fe180cd741cbb23110ff601bb3
SHA512ae74350ad2c82692b486f31a17b7e8d15887c0416f0ec2293dc77f43f9a31d9a045a84d9da16abb5e8c870665bca50abb74568f51f2ae94c4aba7b19670739ff
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD5bfed5556b68f6afff8fd8eeda77f4850
SHA1e06fda615f9f4eb12dfccf67a20aeff450ef7e83
SHA2565977c07d884066c0d726386e58a72fb23cc1814737ed0e8e4ca30f8a94d05361
SHA5129a82dcc03708421441be63953da42855aa9461610af8aed5f64b39043046afbcd07a85dcd62f7b73c4e07610c83b4183d86fcd355718166ff81dd58b09b0fd15
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD5f4ebb5a958c858d98225aff3cef1930f
SHA165015ee91c1cc954a6f0c713b5130fb4798c0e5b
SHA256c48336e9e2f0d3541a3604eb531e4a52d8e4c28acc89f8fcbafcb27dc1528095
SHA51276d10a8c795de4a0a71e0e487f11834bd15cc92dfdbeed505ac5052b0b4d371582e515df3da5c1d16d54eab22d57ebce1554a75c583ca1a3463987c412580885
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD55f6d3207fe1454020dc9ad74736a28cb
SHA14efcbf9278220d5988727ebe16f71f2f2edbe64a
SHA25674222600978077743faa8ebf2e8ede6ccba73c8d254a6096dad5783091829f5b
SHA5125e0100fd5285e70a21512f5bc47ab45c690d8ab950c5e573af251fb63ce54a89cdc41d6d162b21f1b94c86ebbcb8e0bea941ac2489472d98d62d3e48aa3383c3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD58906b273736911a65c69e6473450c2d8
SHA1a0e01c2d2c0aa0390466de701706e3b842fd0c22
SHA2567b24f766c2c0f7320df93356d1e0dd4fa30dc0bd4d146757e82d9804685c323e
SHA512c06db461e828bd1b557f249f53ab0067bb4bc66aa20446211e215a9cbca27d7e08a85014cf18f1816204ea0fd919f63b8bbf871bd0e870eb63d4236878f9a654
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD5d21a21bb6d3f4105dbc7479d7768fd89
SHA1a76d45ee33f87d8e6e312e107c30705eed344a09
SHA25623c06068cac1335c06b4c37e867461e1db02d14cddf7235bb32bd011bb67ae35
SHA5123516056b2b0fcc5c3df9934a6311013e280ad5d566ee3f605c2e8700c5a447dd57d23e99991223e622bc8b1bc421aa7aa31ac0221c674d8e515586f283b78237
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD5bb144fe96e1aa5ed844c0161641a6f83
SHA18dac78f7444e20f41d5ce1a2eb399a126c9ff839
SHA256cd05a4c1b140b4d075425f484c2f13d620d693c977f92b12ce1835efa0cd3cf5
SHA5125ae930c9774a3876229034b1e02b56132c20f920e544f13705b34babeb1beece06933701763a0943ccc8b4a89328e840f26a69699f4b838853b8560a55506088
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD511102ac8bcd4197b5697dc016bfe6897
SHA1bebd28ff69f5def8ad98f15d93057ab55751702c
SHA25629ccec10b116a92063ba5df7dc83dadfc516f5ea8f495e7711fb72d79859f809
SHA512c14c187165613914dfa0f9c0e8cd0e40ee2b78fc7962bc1faa097c3b104bc49f3f5cfdd4e1632591dc027f0313be379e76261033bcc571c870ed87b24088c05a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD5b374791ac0406787926563f8c701e171
SHA133b7da0a9f7d01fe4e0376fd80107fbbb9139dae
SHA2562575abd1bbe9dc704c99e9ba093733276df7eea3ed9d00db5b157022998f95ce
SHA512841e1d619463254d8f0cc7704bd5bf793bbc34b79efdd19a926d30f9e712a02ef38b183ef3ad2e32d6eeadce7728d5b2320af422ec239bef24fc3144b463ebbe
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD507a82eefdf5a53eaa2a68e959698b061
SHA1031880e80cf1150f7955f21c49afb47b606c497c
SHA25685dad519af966e87246db850020d320c20f2951d57f53832d0cbd5ee309f296f
SHA512a4cec5c5c8d89c69c8cc3e9069cb9b967031c1612f68463987350dc39eb42007eec6efe382013c1b5ba55fc2e39485a918e52c1aa81a73ba872220b1a043db20
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD58bc7713809e2ed8154daeac77e37e927
SHA11ac5e236dda6e2177d7f5c8c1398fc147f2a18fa
SHA2562ba14cf7b5f03087156e4925354f3a1f5f18f6afb56aae23dfd6bd2447ddd280
SHA512574e705d58dccb29d3279d33bdd1ad0745ea4aa26bd9ab2e916fb424159dcb28a94d0eb21287b7e2a5890292ea8493b211fed0fa6da4347197bde536f368b752
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD584628da4fc35370f9251eac4c3eefb00
SHA126ffeac3ac64b5b59330321a078bf929fe3eb2aa
SHA2560010fe6b03bfa68496acdae699224f04810836493c064ea7a9d552ca6c4166a1
SHA5123d4515a79531659ab94a07c5d679a9addd0c9a3759f5e19b2017f56c17d23d5725f988e19a28d89495ff39dbd02b8f4a656c1c7c90646824a736a00029b79723
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD5d28f8cf6eb9cb22907249d8059491a97
SHA110e54deb7054333856b8dc1cfb69f5b29b1e77e2
SHA25650f558da57867e85c8d256ae00c13c2919374d89b68fb8626d4244085b2384aa
SHA5128acb35a4b4f070f1e5302f6708bd363312f86c5808a79c56f17c7c15d59dbc6d1fa7215778035c66352d76f5b64aa6cc468eaa79d9ac528d182fd8ae95dcb6cd
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD5708647b0613288dbc5db8d0e78825252
SHA14999941c848fa7c08344ffb79002afa837357ff6
SHA2568c3762fabfa258131cd1f9dff8f8339b5f0485488423c727f0ecd644fa3e8a97
SHA5126e6239fe8f0b9c144480401fb6fe8106e28ff2a84980e08bc5ac54c401ff35a814da5a543551852d2685da68f36c668abc26153d458895b619f0cc44b6287a2c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD5cc988773ab8d1270199997f302aded83
SHA13ce1c8dd583acfe6e1161c7a500efff14a1813fc
SHA2569101fe2c9f5f23166c9019a71e3b9ddf877f4b26810046f34b259f43a52c166a
SHA5127036b8e4e12d3de94a1789bfeaa70e84efc9fb2199da1c0610c05641e595d4f2567a3e41672d3c291faefbe3ef90ec7628d10493c63e3462b3c84c21f271846e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD51f5c7186fb559e693ab2c4da75fa46c2
SHA1ff3fc4460968a6f03b95edec159565a80dbdcaee
SHA256d5fb23dfe0004224b48971da28e5f6ecf4e2ac546fe2b0edf7d7e1b3883655df
SHA512d00c83d0473ab1d453c739096d8a82a641a69fa2a4d7e5012ae366cafde496b0f79d75e61604d7188d52a2fccc2235bb818911f76d9b91448a38fd1cf8c30716
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD5dfb7c19017496ad7a159594f1b6c90f4
SHA1904382aa686b244d13dd80cefc00f45f60de735a
SHA2569b58b46da8fc6d9e639cb9cc67c0061758840422bd1e78d5561f6ffc2b253127
SHA512d665a210ece7f3ec52768c8474a7fb0099fcb27a4c65d4aff77c046c5406fb31d3ef825b2af019da9faed72634f73fabb69c033f8b388b697cf5cf144a76ace7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD583629dae9d6172208b9fbe91988a6af3
SHA1ba627109bb5bc3653c713026a2feff698e724765
SHA2567d14f2fde2ca948fe966adfe4fbed2593f6ecbce1c49dfadd61a327b5f1be9a1
SHA512499d9e353c1d62d19692862a2e9e02615d5910a51737d5a5bfe280b08c48bc782f852cddffd1859d6bf6393e3e2506b8c8ade6c0ae57eb1dd2bd889a4c17e2cb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD57aad800ce24b8e9379ab968195169731
SHA1c0d995c72c829eddeea5995a7f2fb4fc6c92ffbf
SHA25680a1681c79a461d9be220c10a7dfc85d3a8f7998ec5c9e7174bc2ceeb5e6ed17
SHA512a6949eafe0267445dfc29221a6516cada46553d675a69301f0cec2d1ba0edd1c0bb329eab82995da2ddfe36452f40d07c2783aecddd2cebf09b42f728944d688
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD5c8573d3dcd09749be0491c866c38908a
SHA14ff13a019a2693a1501c940109ba890c3bc2e091
SHA256c75b9518a8206cd4b4da7617d726f54730997c6a5bdeb76419d21133cd726f1f
SHA5124c9e90ea36cb9212c3fc8360c50e64d94db59478a9d753caaf042bbb13f977e4ef7e4d15a4eee5a2860a8adf53e52e10543aa7790a1508d426cad05a406ff734
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD5033eee0feb185fdf710a96d57b7611fc
SHA1492f449cd806ba3a19fe37a4f80f93e73f353717
SHA25688438f2ba88a70ed5529f0a82369064eca9f488eca22bc72126455d1d9ccd568
SHA51287c8d1303ef6136e4980d805c5582174e7164869d43007ce019501e736958a445bba53c2371f26f61f7f25073701f42c65ff6c064d331c26c5a3ebc4611a3ae4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD5ea5fd406e35fbd946130516160bebe7f
SHA1da37f67f5b41445c95653274affa72a18466bd05
SHA256070c36f173aa48e0939d6b7dcf47e08b7d0587be898a93b5b4d9479681c3534e
SHA51228cfe02c1a841a4279609fa35f7034ba021dd2f60bba5464964815bdf4d091bc103b35c80eeb0e8c85a9b18f2021c074e7ee08e4ed716d0ff669c0cca1b40df9
-
Filesize
580B
MD554858e1cd128ce5b4e4cc0976aaefb85
SHA1352deb6969d2ae7a133fc9485e7ddf4e19be5386
SHA25642bae6f0532368fc878808a4256922636e4f8e5138753bdfbed74647e2361346
SHA512f39f524ff2166e07ecbd40df59a42a365b0c2653b3844d74e5d324698433ba440644242043477d7db84decbf7834d0e572c68ca622cd45b8a12e40a77b33af39
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD513931853d6f34d93046df390690e5c94
SHA18330dbcfd4b70ba5b408eae4f12784e562c07e05
SHA25669ce0418705073ac9463370817eb14a009137e3674b8f305ce82f8d2dc0b1897
SHA512168286867d91b16930a9ada06bf445525274a1d81edec8848a8b5269819d61ddf8a098e3744a7cee04ea70f70988d3d6f703ee8cfca0165bb351778f0473ce88
-
Filesize
625B
MD5805f9f9003daeea5b776fadc1d2dce97
SHA1f0cbb804db13c2da7a9c050feb81c0a124acaca7
SHA256f00b307eb51abf7fea37aa5144f0f8484841dbc69c2d049fcf3f713cb439fbaf
SHA51282a1c4347951ffea12d30bdf71034e979954b4433189c5d56221fd48ee6da60c55841c14a19ed45cd5a77010c53b25b73269ca74930d0cd08eba6ff14e93482d
-
Filesize
873B
MD57c0ceb5d247cbef9fe103535f1330bc3
SHA1269093d2c441dbe20abe6b281c182d1698bf5fc5
SHA25630261295e8352c5342c704a7e1f738b01b41ba77963cc6e4eac389d74d01ea97
SHA5122b7afdbc4728bf1b4fc79b4cf233fbe1013fb35dd13fc3a2ef265b4f42f1222e32d1ff6a1364f7e82de152bfc54002083f1d5e00ae5b0e748f9c616fe0824129
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD5c0b0617ca0111b0d538b55039ecb64f5
SHA15093374297b223b899c373285ef23671a89ebd31
SHA256b87150a26d069113cdc0d563eadedbdb9103cfed779882c946af1bf0300928fa
SHA512e5da67cf7f664db290cfe3136d88242421116d93deb876a6b8cde651207d5e65e50bd2166fce110ceae60e39571e4e4e4b033a17150bb5f6af9b75f84c23b014
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD556a75e582d8190f6d109feff02c09a55
SHA1e7cb0076733e086a42a65eb9475c783dd6723cf3
SHA256f3f6698e020058f077cfe6877dc3c18cfa138003cd0d457157a741b7f04d43f2
SHA51252b882770c54639f1d7e2c951a8032c20def013394ef6fbc0c3726fd9c32ecbeb6851ecd1a6d58f944910d952c59425e42658fad80d75a19b6aec3b83bf98152
-
Filesize
615B
MD551672583fe61a74fe1ead14c296cc162
SHA1c4fa7af156e76573720cef679b5e1cba07d4e51c
SHA256459baeeadd403ced1905b4ef6c81c9790c5038ee34ce9b97b9051ae3e6eec5b9
SHA5126bdf2761937e2f1904fc2f6e58b68b8f924c2387a9c6e29d5ebc70e6bce470387bbff5f9996eea03a412d9c2673b43c785b40e5a485e7ac5369f49643d1433af
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD541e13532c8fda9e900592eb126dcf770
SHA1deb523289dbadd5ecf7a7b62dde66ded11b30a47
SHA256c918240d1934546d50eaab4fda37e06ba52cf55e0637221b305cc11d243382fa
SHA512e768e9867549b46d50ab07d3f52174fefd84fe45c785729995f483382d69145bb5a03fef890dffe5c06d36ced46ab8f2499bbb9af4851d548f88aac71911be2c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD5c4f46f55de177a5a965786a419d266d2
SHA1340c39e4f3a43e5ed86a998a107cc270615e2508
SHA256a5f8029daf0c57eaf7154a848ff0e67f0cf893a90257fb36e2dea9cea498ed57
SHA5122a8c2ddecfb675b23f63609473e8bb97089e702ccd2a8570967f2ca7e23f453d668bbb5b30c772b56b8440f9096ebed84750fa4e062cc8655541b6497e72e56f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD505311ced486e685e622b79d710fd689d
SHA174b86aad63532af635bc7f515d7ce47ef4b0714a
SHA256139936fa33b4611c2525cdf1e1d4f57ed084324957fbbb68cec3f783e117f9ec
SHA512cedd52b8ecff7b3055e37d7da09db7367c7fbee3d0e3b02acc3cb9fd7b5f0deaabe212243c209f638bf662ce97c075706cf4e0f9364f83441b3bfaa46e9f8668
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD502e57150b48247591225a53e60ede8a5
SHA14ec31b7a093743dfe7a91d503e86c87cc1e6e13c
SHA256ba1062ab72f9d9fe3b5607b79a71cc6b17674fd6b8ff46e080fd821ddb6396eb
SHA512cfc0d03479188d57bfc2de29ac2c864f42bdd108ae67288184b4b9952c3e8f526b4681f4a480f4df460b2eefaae3c2ff1a46b49ec8439fb1f641fe2614d7e89d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD593fd68732920695ac68a14c3b8579b76
SHA11cda0e81b0d6b38c4a3d6f11e59e900e1a9cb737
SHA2569379fde08883e065bfbca9d94e3d3654cf86247ca629fd55c6e23386ccb32b21
SHA5125fa9cc3dcee377fc83176cdd2ba90b962f3e753bfbc551ca062372d32b0e4743bd70045159438f93846ea0834df0601e9ad7d9ac1cadc34bcee2c091bf0da19b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD50083a9612b25f3d73c6ed4573c7e5c47
SHA102b5c54191c7fd16bfef683f00a195191bd85fbf
SHA2560523519ff0509edc12964c0d2e232efb69c556219d18252d6c8e4d099ec515a2
SHA512d6a474baebb50324176a611b10d6bbd5bb7f5d3c0632c957c3d6c3627d1768ec4b7d3cb19bf4daf1110bdd67ddfbe414519e6b7733803d4b05aa5234d09fde3a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD55d4324c828d2c550de25883223635752
SHA148f3a783584f3fb69610e3227cf6a02ecffbc10e
SHA25669f3cf7e54cf28fc222174fdd80cdf42024b7f95cad89f2183c1056b22bbe0f7
SHA51233045f01c29aeaaad1c92836e6b9b9444fb88db32748efcf2a6bacb917b9a9976c27254232a3dca7939c7a5389f01356da20f7e1500e334ed6ad439d023cb22b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD53fdab1fff0b8c6f4deb1dcab3806df13
SHA12e396bb5517ee1067d2736ab5c2b48a5f4fab9a3
SHA256c92e6b86aa8b729f698e551df1c1de5d34d6b0fc0359a845ef68fe9f7b23630f
SHA5122bdf323980074b7c68ccfd6587ad378c7ba22a997255e3283d8aae67eed63fd616d7df3cb159b4d438ea38470ec33824c5abc2a164a9cacb73eab30c0d462e8e
-
Filesize
153B
MD529afb79f9f745a70ae3dc62665a888dd
SHA1abb8cf627612eb9c358aff8f22c00277fd81c9d4
SHA256c8ced006d22a9cbabe2fcff58392e2210ae953d82fa7af17437244f81d816965
SHA512098b4941a78935933710b45f512c0badf541f5ad24bb096906d71ce73dea44360236bf896367ee4f9896445d0845c462a1418c646896e1bf0dfffe780f896c1c
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD58aacaf93680b003cf9715a37bfc22029
SHA123e92d67540e70e1cf96ce3abd5872d4e64222d3
SHA256fa23a6db76921598034f542ee362c2492a17a5244cf9a47e9af5e2673f650633
SHA512859324ba4c7c4a8ded2f4754db0b1c9f0d4ac8f54efba885d11c56b1dc4c78443711d1d53a095af3d0e6455c1929a5e797f9553fbfcfe23a71170b2ae420b94b
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD586bd4ac12d405a8ad2ef1b2ee753de2f
SHA11bbb7d9a278271db8751386e0d46b5843d223d61
SHA2567e51153a2afa3c559fb32188b9d81535e0aa4c69fea48bacd17af05bb3dcb128
SHA51241f0c607cc284beb42364610d1c92f16c6740ccaa9a168844f5d4fede30121f81aa55eb997e39b8a8952dcfe9848b8801ab01d307e652e2d1c8f53555aaef854
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD54a3668968b56c51c5d793db0c84950b9
SHA181924e7d44d16e1d1197e484b86e2a56236de732
SHA25615ce2eda7d419c22a614460a9a9c96933aeca4b53439d056ef551da12278e829
SHA51232765032620b400cfb6c31861f483f7fb9eeec8386850d37211fd15506adae5bb8e7215480f8805a9500e9ed53b30ba21bd979eec4e13aa44f44ae9c49636dbe
-
Filesize
109KB
MD560b0bac94d7f2a19ffecdd2ea9147982
SHA1a9137a5fb754b0f7f5da5aa0ab283c933a4a4264
SHA2562fc72a0637673b008a5fc70df956a350d83d0384411ffa2ab1e67db773239e69
SHA512b4fb505acfcb6da71c25c4985e7a83c2e574a0c47f77570ce1f9cc80b668d25ca3c9ccd33f7aabd51322fcec3631e2750c4d2b2e8a32f41e73ba6ded78223f37
-
Filesize
172KB
MD5e4e91baeb8d550ad64c2fa7af631b795
SHA1dc0e4a39f9c8c371b80f08fe5e16c590b0f29184
SHA2566cbdca26bb88db147081b894794a03bdcfa7283f29d263f701f2993feefd07c6
SHA5124502d636bfdee3d988dbed8b07b165cd417d2625a57256a336163c59c3a4b277685f69d326b92254ef4bd19008b7301b535ad04b1611bbfaa953e645d5d299d9
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD548f7cf0ca4d2d35e42d8ef095b749b71
SHA16a6855835fae02960577263ab9628a8a3ad5139f
SHA256fc308e964bf6fe268550258b30b053287422103a2ceb6a589c532427c853546a
SHA51241531ba567746ceeaf63c26002468f56a09516e5d4aa23514fdd82e09a5fd6b3dad4258330b2cb0d8d31596aa06392745bae4cb82093c4d1f4f9493f95bf0c39
-
Filesize
21KB
MD5478bc7fb1e62c56eb647f0b389ab14bf
SHA1f15aab0f22d2fa8c223df1f1364468136c39eb41
SHA25675b709a30c0870ff79d3d09b08298374a1127766a632b59d90552606b9a9a8f7
SHA5126649bec4581a1cbbc62ae53dc9ef41c100a9740073101145e949e66e67ba49003842a0f07febbed19cee7abb3447b466d167eaad6f74ab2bdba23d4efd8ad91b
-
Filesize
1KB
MD5fae7417dfdebd87f7a94775c73e52627
SHA11d418e20238fb07c220c4fdc444567282f896f5c
SHA256955a23a02a001ac4b838483fc71ca9d0bfcf4dac10f9c3bf0c1fa5222a4c464e
SHA5123f3ce0850058270ca4928c9adb319ddeb93a8089c4c3e4e4811281fd7eadd213542257c00ec31eb84030eef8e170067858bba46ac4d4bf173a57a3a5ebad81e7
-
Filesize
952B
MD5016e89f565747a7d1a7b3a7d8837ab62
SHA19964c197b04171916c6360f5970cd13eba3c9a2f
SHA2566cde67ef60a3afc121a4553093f2815259eb933ad7616d3251bf1fa6678d38b5
SHA5125718ea140f2f1657da81a12afaaa8427049f88f50eab7ca4f605e6ebed8ef82a04b4fb2bef418289d1486766fd7931f768b7e20b626823c3f48d64b57609dbd2
-
Filesize
121B
MD553fbcf4223a6faaf4067f1db44a04bf5
SHA18a76614ea63beea032045ae6acb382b3b5beff88
SHA256c503ecc783f016516208790f1dac8c144f9312386b382ef3027bb39162178d27
SHA512c5e8a1872aa067062031a6dd6b5b9f5ff9433cfa53264cd1e32140e8618f9560fcbaee64054e4e86258391ecb96e59a39a5ff92f6028283bafae68e7486885d4
-
Filesize
1KB
MD5884cdb8fa3ce2aae101da048a2dcb65a
SHA17dc51dc749da5c536bda245749780417781d0a27
SHA2564c7f9f5e4fc8806b9e55e912d54b7074fe3c2021c14b89266a8524b6d6d6f404
SHA5126479bb4600fe22969897bc1f7429580f96761790157984599f1248f6edc2cf7082c05b13e8190979c4db6a6cb860ae6903ac460c3ba25f7f65c0efb8e5fdf8d8
-
Filesize
8KB
MD5713c82ad2b2d4a6b6e3c48b1cf4bdd04
SHA129d8b517438eaca2542defec9e2a997377eda98a
SHA2569b33e31bd4e9e77e233f2dd68e8de4f3429c595ae8289c278f88faf1500c2798
SHA51221eaa5118f68ea07b6f53bc4c018d60cf641708737b5c0683d2d73b9348b6433faf69472cebbd8370a5eaf9fea6cf296c2301fdce2817008b338610a7e14d234
-
Filesize
914B
MD527698a0ac195829f55586586cc6c3812
SHA1c96d174e7a88b9892fd938b869ead305b3b1e25b
SHA256eddef17a6563c1013d9f9de7face2ad059e76529daf0b132dfa2ba66edbfee4c
SHA512609c9ae7f85a696686fd0738771e387f1bfb3125f8d16ec0c2e7890f49118f2fa559748926de10591445789cde7877ea78dbe51d994b184be34336be24a6de32
-
Filesize
90B
MD5435a7d0a8ffb995138b68ae1b83b0103
SHA16d58d94d2588688f35c0eb74c4f5ba7efc50c091
SHA256eb363739f1a3552750c219cce7c3412ab5f437ae1ed6cac3b53adf5b0620a232
SHA5121921f0b80bbcc5019cfc4993072bc7878d9399e84cb20614f807e18f45221c7d44d21fdbee1e30df8cceb0d0f68f0091e49bf1865eebb575ed757d820326757d
-
Filesize
90B
MD5a4858bdfc6a8c2f77c7666b9cba76f0c
SHA13d6bc50e18d155c41261435546c028e9bfac5d9d
SHA256524d28a45b8635deaef0e96cbeb656e30e3c2a3089519d3c0b87ebfe1960c4de
SHA51292d56756f47453801b0645769a4590fcf2e03847f054f65d875c2c6e891c34b7b379719e8096a804a41bb5e9697fa19dd7e2af79ec1430430db5ae9214140b66
-
Filesize
328B
MD5a99b9c6bf5d1ff63d1ac0ef972e463d1
SHA1cda93924ae927936370cb338224d909c9de810d4
SHA256975da1839bf8943614981938dd62e2603423100c58034fd45438296666de30b7
SHA512c0dfa3e41fde33b016b4fe82346108f81c17b793ed0b5e802b44919e88bfa17e4adb872aa9c8a4875f6d9c187b78d4932352857ed2fcce63f6b18f17c7e2e219
-
Filesize
1KB
MD55989bac9a43cc4b5b5a22de974f95d99
SHA171f274b84f02eae83c2c3c3af495fc47a61c3ab9
SHA256af2e8600f159e79955d860a1da9e8b1c62296c7a2489a99eb2ce67269f19df5b
SHA512ce8fcd7591a4385cc75177d494ee675efbd9be8beaa123950b0d186162c31873fd64b0fb0e3ffd8cc802c5a7be536dcf6df553290be966c34bf8d9a6c9b6ebf5
-
Filesize
162B
MD57f56946d5a45be825cac8f32d9c4ed67
SHA19331a7d122f83d6928a887190ebebf963c77ac1d
SHA2565902ded570dd007f8273b7093b81c2fcefcb1432566adccbba01307e205e6a8c
SHA512c50a9bcd709c69370cdfd8bfe7a6f551f9522b53f232cad445102b569a5ac046a42ea8185a69e0478fb1497ee830379f8f49ac54a10b0b0027136e66f03798db
-
Filesize
586B
MD5a483635c4f2b164cd6d857b19de47df5
SHA16d477f60dc4f2f225c51945c05a48ceee7b109f2
SHA2562cf68461ee0e380cab6054a0f2c67851ad9de5f32e60af00c8817090ed2c5268
SHA51212b39120d0995b7b6c74e4bb6894ed8ff9a01ac504b0adf3ac4f030107e7587e45b2cdeec5660ded42569ec126ca2f13a392f2c8dab5b10bf8d85a5c62f9c22b
-
Filesize
124B
MD570407595ef45b9d275e15ed51c5eb31b
SHA18fe998aebd97ebeb0b9c62d6e3f9e8c6fe254c68
SHA2564b7ee53c74631f9955b3e3ae50ad28628c40b7ce412a065b5bd39ee98af7b03a
SHA512d84642363f4a263bf532a19ff685c807784cf67eb5d087235d4f7d28fe1eadddccd846f6aca230001fd0efc2e16f4aa1fb944d581696c694317db0a23ba1f5bd
-
Filesize
8KB
MD5f47a7af6d65bde15a1d1dfe16f2d0ba0
SHA1012dc88e7198df92273c9a2930aca779ff1046ec
SHA256eb238989797d4ab61a029fbea8aad931dabe65c808c176375df08d201fbd6004
SHA512a397d14c10a2d601f89f2401fb4014145b5c188d19068603637aefc388a2aee8f160f5b7d7666eb3b1b424bc4bee0ec8c33543802140947eedb7ac94d18b7839
-
Filesize
880B
MD5387367947e081b8d0f0568788b15183e
SHA1c9244514aec2cc2b5edc8a5ee14bf3af5e4845ea
SHA256a5e577a92dda957cf77c30496e705a1c9bb31596d0b591e30ed89e609365b5ac
SHA51263b10e9eb91ff46289b15e29d084f22a9f4f604ec4e750ea9d5783d46c6d10f0325da6a8e7f381181517b590c1488f12d7b09b003d14d9e02dba808c50b26bff