Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system -
submitted
02-11-2024 13:47
Behavioral task
behavioral1
Sample
aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe
Resource
win10v2004-20241007-en
General
-
Target
aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe
-
Size
12KB
-
MD5
811de651e578578df251f2600a4cf96d
-
SHA1
452096d7b12a25f91e3b07154d713111abf24dec
-
SHA256
aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4
-
SHA512
9f37bb1df025ee7934976b96b1da84ad869098df777b03e0237a2656ae00166adc29f65d58b75de73e350a598d0a840cdf64dd900abd07b2825d3f8ff20d298f
-
SSDEEP
192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMC5Q0Je:eebFNw4Pk1itKkpAjjI2YpdmC5Q
Malware Config
Signatures
-
Renames multiple (2214) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
Processes:
aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exedescription ioc Process File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe -
Drops startup file 1 IoCs
Processes:
aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exedescription ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exedescription ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ZcWGl71Ec9XY4gY.exe" aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe -
Drops file in System32 directory 64 IoCs
Processes:
aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exedescription ioc Process File created C:\Windows\System32\DriverStore\FileRepository\prnin004.inf_amd64_neutral_c8902ae660ab1360\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\System32\DriverStore\FileRepository\wialx002.inf_amd64_neutral_71f4aacee1aa9f06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Variables.help.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmdcm6.inf_amd64_neutral_b1db427ce3d2a1b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep005.inf_amd64_neutral_f2fbc5759618d8fb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\System32\DriverStore\FileRepository\ricoh.inf_amd64_neutral_66b4504d1fb1c857\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\Speech\SpeechUX\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced.help.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\System32\DriverStore\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Networking-MPSSVC-Svc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Comment_Based_Help.help.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_do.help.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Return.help.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00g.inf_amd64_neutral_6f76b14b2912fa55\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\en-US\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\sl-SI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\slmgr\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_arrays.help.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx008.inf_amd64_neutral_75545721835fd863\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\es-ES\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Session_Configurations.help.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\winrm\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\System32\DriverStore\FileRepository\prnnr004.inf_amd64_neutral_3319ff2548f89fd8\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Signing.help.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\System32\DriverStore\FileRepository\dot4prt.inf_amd64_neutral_e7d3f62d0d4411db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_neutral_db76873d4261eb11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_neutral_085226e1dfe76c55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_amd64_neutral_9b214cd9b78760aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote.help.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\Dism\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_neutral_cfffa4143b3c4592\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\System32\DriverStore\FileRepository\prnsh002.inf_amd64_neutral_42b7a64f45c7554c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_transactions.help.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Foreach.help.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\com\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\System32\DriverStore\FileRepository\wpdcomp.inf_amd64_neutral_11bbf54c8508434e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\System32\DriverStore\FileRepository\ws3cap.inf_amd64_neutral_eeaccb8f1560f5fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\System32\DriverStore\FileRepository\wudfusbcciddriver.inf_amd64_neutral_adc3e4acb1046b4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\it-IT\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Path_Syntax.help.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00i.inf_amd64_neutral_09ff5ee0a0cf0233\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\System32\DriverStore\FileRepository\wiabr004.inf_amd64_neutral_b1d90b3749c5e6a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\ko-KR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\en-US\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_type_operators.help.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx003.inf_amd64_neutral_d1510a8315a2ea0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_try_catch_finally.help.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_If.help.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\manifeststore\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl001.inf_amd64_neutral_9209e816461a1a73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\System32\DriverStore\FileRepository\prnok302.inf_amd64_ja-jp_708c81a8b0ad8846\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe -
Drops file in Program Files directory 64 IoCs
Processes:
aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exedescription ioc Process File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0175361.JPG aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02218_.GIF aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files\7-Zip\Lang\hi.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files\VideoLAN\VLC\plugins\d3d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\settings.html aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101867.BMP aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03205I.JPG aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15185_.GIF aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\LINE.JPG aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files\Common Files\System\msadc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files\Windows Media Player\Skins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files\Microsoft Games\Purble Place\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_hov.png aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01749_.GIF aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\22.png aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files\DVD Maker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files\Microsoft Games\Mahjong\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382930.JPG aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14869_.GIF aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115842.GIF aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\WHITEBOX.JPG aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\currency.html aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files\Windows Photo Viewer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10335_.GIF aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\HEADER.GIF aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_thunderstorm.png aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099185.JPG aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR45F.GIF aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_orange.png aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files (x86)\Windows Photo Viewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files\Windows Sidebar\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_mid_over.gif aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\settings.html aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_few-showers.png aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\RTF_BOLD.GIF aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files\7-Zip\Lang\io.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe -
Drops file in Windows directory 64 IoCs
Processes:
aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exedescription ioc Process File created C:\Windows\winsxs\amd64_microsoft-windows-aero_ss.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_3c480cb0b9748dd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-proxy_31bf3856ad364e35_6.1.7600.16385_none_d9b2cafed4f953d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_transactions.help.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\x86_microsoft-windows-deviceux.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_11d53c9a0172c986\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.ReaderWriter\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\x86_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4bbf0180b1c4f68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\x86_microsoft-windows-i..riptcollectionagent_31bf3856ad364e35_11.2.9600.16428_none_3bffbf97f57b2b91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\x86_microsoft-windows-l..ultimatee.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8f61d429da487087\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..-multboot.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e5c8919b79afa59c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft-windows-sysclass.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcfd6ebb93c36606\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\x86_microsoft-windows-rpc-ns.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_164805efed52ef24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft-windows-smbhelperclasses_31bf3856ad364e35_6.1.7600.16385_none_46321726efd38801\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\x86_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_a8b009b400805afb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft-windows-c..omplus-ui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f4b02bcc7062a17c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\x86_microsoft-windows-shimgvw.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e47cf29a2790c4b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\33f2c8336e497fc65c9d414c2a7061d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_lsi_sas2.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6171950539a1824d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft-windows-alttab.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6d4f4871bae70f0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.7601.17514_none_d8c6d6f2c817e75c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft-windows-setup-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c7f40c37236ef58d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\x86_microsoft-windows-c..tasp1.res.resources_31bf3856ad364e35_6.1.7600.16385_en-us_117a2d73e4f54b47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\x86_microsoft-windows-n..ion-netsh.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f92707eff9e0ccb8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_digitalmediadevice.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8c830372a86675a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..tshow-asf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c1073dc0cd7df600\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_prompts.help.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\x86_microsoft-windows-r..izard-mui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1af6befccca22aeb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..ork-msutb.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3cdbbf730995aac2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_de-de_f9e0f1dfa8dd42ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_job_details.help.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\inf\ASP.NET_4.0.30319\001D\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\schemas\WCN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-domain.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ebb64ba3932cc74e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft-windows-r..-provider.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3c7cdc8d05d38b7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\wow64_microsoft-windows-msdt.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f7b7417764ce5fbe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_logical_operators.help.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft-windows-keyiso.resources_31bf3856ad364e35_6.1.7600.16385_es-es_664b4fcc8de8ab6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_it-it_63229099df249f44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_11.2.9600.16428_none_c1dd845a9c871e97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\Boot\EFI\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\diagnostics\system\Search\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\3082\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\x86_microsoft-windows-computerdefaults_31bf3856ad364e35_6.1.7600.16385_none_064cf7cf249d0026\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\x86_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_hu-hu_8c9313d3f0035f71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..p-ui-libs.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2ba63e4d83a96381\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..tore-main.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7ee6f65a4890452c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_prnrc007.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ced3be0bfd4760e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\x86_microsoft-windows-c..rdefaults.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b0c6cdfbbce028d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\x86_microsoft-windows-e..extension.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e6668857b23725d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_mf.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a97119d065e0832c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-fax.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1fd723a6d5ae1b62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7601.17514_it-it_b12748a9bd27a24a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..i-printui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ef46fe6ab560bb96\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..nputpanel.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e96e1884b70edef3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\x86_microsoft-windows-a..orecodecs.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9b01fed4352f9579\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\x86_microsoft-windows-enhancedvideorenderer_31bf3856ad364e35_6.1.7601.17514_none_91a9e7972ac8981f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_keyboard.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_17488c5a503a28d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft-windows-bootres.resources_31bf3856ad364e35_6.1.7600.16385_de-de_94c9843d817470cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..rverifier.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1ec173f83bb7093f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft-windows-imapiv2-base.resources_31bf3856ad364e35_6.1.7600.16385_es-es_34dbfde7238db15f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft-windows-themeservice.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4a0808bdd68c01cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-pt_12eda1d8afcd225e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..ttpprotocolbinaries_31bf3856ad364e35_6.1.7600.16385_none_f5c9ab3453234070\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe File created C:\Windows\winsxs\msil_presentationcore.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_01df16e8fc13b120\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe -
Modifies registry class 10 IoCs
Processes:
aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exedescription ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\DefaultIcon aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\shell\open\command aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\shell aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ZcWGl71Ec9XY4gY.exe" aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "PKCONOIIBFRWSEH" aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\ = "CRYPTED!" aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ZcWGl71Ec9XY4gY.exe,0" aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\shell\open aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe"C:\Users\Admin\AppData\Local\Temp\aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2140
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
282B
MD509b8180df7a10d1cba4fcbe40874ead4
SHA1a17d19446016123cef9265fbe95ceeb43f6be6b0
SHA25674127f4e4e71499a6143e92287aa4da75f50aa281e37ca4c0dfa602a27ac6256
SHA51294930c91ad55243aff9aa3a8e21ef0b2bd1dde67d868f36a7c89ce3505c4e65e8aa6f014e6503b0829540d85991e81636799d82bedcb804374ab5762a7ad05ee
-
Filesize
341B
MD55bfe7baa75205e60743e43bf63318b16
SHA1d2ed412ca1501c6762b4c5611449bf742ff3d7c9
SHA25641f23b9a8942575c04f969a0ae7691fce14396751d232d909d6b61a3702ad45b
SHA512b5de66964d0f02c4c6cbb25696323069306f2bebe7db96941c5004e9d3fe4706636e7f40009f1f4379d4b63fef35fedbf47cc8830de2695d651bde54acc43060
-
Filesize
222B
MD5ffd41c1953d890f6ce8b83b8e42a345b
SHA13fea294755250af086eb5cfeca79102fcde111dc
SHA256336682fb3b11f72d6b6c8e4f0a82080446f44555e5209e50c089c422f508e68e
SHA51293bec2f842be1e15f04ea962885322303593a107ecad17bee733252de442abf810f5935686c683ae28e98bdead5910dbf2bb955cc1c5c25b66427c963cb25ebb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD5014e1f0c4a53339154cd61c71980f8c5
SHA1802667f6ed565b4bbdc3dc2ebf32e772abf1be26
SHA256d55448482c9964123296ff5e31201a23cb778c2c793823f2442253ddc8930e07
SHA512c8ef228066fb82b2109dc483fb1dec6f051430e75d2adf9f9d743d2a55c759954045d381fc8a6ef2898514871895b83f31f340bf848c8483ef9aa66ab28464f7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD57ba09d527c3727e5007985bdadd531b2
SHA147b458f1743a7090cbd279447cb93c0806ff7586
SHA2566c0f3102f905283548d0c0c9492ffa6361dfc658634487969a9825b07f0c8e48
SHA51232ae0e81090da40deab1750e219477ddf025112b1dae1c9e98eb7290741d05db5f7344a913fc6586a3c5382901399981ba97b00ddc6130199d54c54e8af84fb4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD552239a216a23dce2d89c9d3a10eeb6b8
SHA11991bcaeeff4b839fcff554caff81315963b82d2
SHA2565d108cb0bb4732a28c95556fc65fb031dc52efac08c709001ebfac399e7a1538
SHA512a22485aa71882aa53033372d01be1719354837f865fe41a916bc81f780bb1690d2983ea0d342273f78468d7609fc640b1fca70d8c3e99506fedc71e382b87f2a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5c2bca5c54a35b51e431aff917ce33ed8
SHA1b0afd1cc126b0d06f8c7fe2a1964fcf89dcf33ca
SHA256e846a21d903b518c4c75daf6a2f1d84ae8a1f287d0588732580ecf951efd5713
SHA512bcf1498bcb1a70e2cafb7a24c1b9eb60f6b8848b51ad0a72414de95dad445ebb5de0694717b685e90e894d445a4ac47ce67f14af8304feda6b8645dd33c8dce0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD56b9e0cd15935233db9885b05f84bd807
SHA1c35fa60a433700fa07786b0b96c0b7247028acfe
SHA256e55549b973bc9071a420bb901264453dfe885b4930dd7631c61c7a5a2d47198d
SHA512602fd48cf7cc47d1378bb1b5357f64a8ba5c66225e53bb1f4ec272c42192011d8c593b4dd203ecb7ddb31df149caa07de0d8f82e7aabfd4212df30a7a3d4ef0f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD5e70f51d71be05d2fc12a5d4501824934
SHA12cdc040e48e6e7ee2394bb99b450f9e3827dcbab
SHA256e667d2e42240d2f5478335ad33a21bd6a93cac745f2f9131b498a712f154b98a
SHA512bfeb1a15f6de42c51a45dd77b8dfdc4ec1b31afcf06c3d73fcccd5189f86b42a5087aa451b872ec64fb7c11c4d4ded883405eab83d04e9b1dcfe3bdb0034f2ae
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD56e4c8761b470678e7c563dcbf46629b2
SHA176e219428b5d194d443259bbcf23e901b4febc87
SHA256ab96018ac3bba8d5090c7ada7b0baa96e11353a0ee19e8648b49920dac332700
SHA512ba4592df78deea87dcdb51cd35534659edb0ed0cac27cce1f1790aaebba3b7d3f9a9ac513ec1eae93bd32882d1209fed14ba123a8e6b7c8b1e31b12234a73424
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD506ee63ad2488eae3c84ab89ccb63d5d6
SHA17a15e42445efb174f16f8c7e0cf23f0558639813
SHA25665638142711edb4e144559cd6ecb0110be9b35457c66db39bdb7d765d449b6e9
SHA5129911809e4bfc565288f0fa20aa51c5f418ffe0b58713cf483c69ac0d8ea609beb08be7e66b217493ce5367c48dae0fb44d57da6453d999a516951e70a0bb6158
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD53a76e2dfcef604f1cefd8292c66666fc
SHA1103832874ffd35f858f8621ee68ffc76819b7e65
SHA256b949d8f7e078e56d338ebe95d6c82de025261abe98adc01e72463954d54b11aa
SHA512b2463f3897a8dd39103d93f2330ae0b2c345cb1d2ad50d612495675d32cde310da3931a052ad2fe0b1daebae5076e035a8fd62f4489e5c59b936daf66430c670
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD59e234cf16c404b66eacb41d2ac82f507
SHA1258a381ddfe17c832f041b53ff82832e2475d613
SHA25632953aa76e8303c067a6f8e9e48fdb7ad5d26ef70ab8464f7d98d71566734a21
SHA512dcb37d9a78892e109a1b8d384ffe04a4f5c84e7bf5c81ce7845c42324ae246e4fe29bde3c389f869951397db3c8fd72b62e1fb55aed8e3fd98016b2e786c9b51
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD517b2a8d7947616b4c84e03a618948227
SHA12933334be0635fa7095d1a0619ae6c56cfabb73e
SHA256aa9706fbf1478d85f081a84bbc73aa84ea30f83babc069046fee5d66a8100d9c
SHA5123c806633401364743136f53b531bf23ea41b4e7c49f2ad9f85015daa475e7a545ed44e93366ec0b62a661374901ab438aaeda86536a0483439732586dd81a0b3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD5ff68ded4a763f5aa954e03951256cd4e
SHA1fd5ffbf370d77e6817dc17a5bfe230bb7bc55b52
SHA25618907b3f78f2f9886bbdd7dace7c5830f8934fb236213096fda115c11c3d92b6
SHA512dcf784447e57ce0dc5e6f878c4216bd553320651bef56874df42865e013eef09e23a7eca1e93124d0b5a9fdefab20db5eda3c4a07d1b271dce9ced2b987dbfe2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD57d2d366852bcdb9150af34f104b57695
SHA1e14d5c03d28269c5cf6c106d3a036b1c41cf984e
SHA25676bf46e3adf9337f3ec7ca34ac5180a780fb7a0ec5ce581eb56c3a10a6d1672e
SHA512e5ed02868b3a52ebbfd95bd8a259bedc5059d09c86d15aaa38e6f139d826ec1b0deec5254d467f2c1935af525b21e532ec94f25558ea0e6200814309f002e53d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD5d5b4819564a914e3e729b298c9f7d599
SHA13e65229573dec5acfb7bc644ffea90b14d4b6736
SHA256ad741c319d0573a2274093966726963d56b88db7c586a5a3fd1f6cca28619325
SHA51238b4b948efca227bfa29d75caa694852e2d4beaa1be1e7e0dd5cb38627a8fd06ecf9ccf93e5d4c721ccc519432e35f22cafa30923c6ae419a9fb9a1655cb4a77
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD5d9cd16d8f88b959d9e70577403807989
SHA1811b1cba8cc2ca786a31142b486a0c708c461569
SHA25692bcbed2c9cccdc5a4a3d19e5fece788d12e93f66ab4daf90f49c27cda84e4bf
SHA512c8564492fae0a63c0a6e0c6f7b53db2b71e482caea620eebe421ccf5d712f0623fc51b07444f4c8807fe0b8b6c796826f57eaf8d8710d7a816dbecd47c97f143
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD53203720d7514cc3e0e5fec80de20804f
SHA1e242d3f7eeae300e10be12d58195b3ea8b97ac32
SHA256dab1d591b83227ac45b48bea18316d9bfd258cd7eea0e21ff0b9781d4038c58e
SHA5121bc47dacd4795f9cd8e99589fac42ffd7944afe0956ee9415dfae8bdccdb357107c2347c060f9471e947ef700fcb992d91441fb0f5dc1551a6a0383579416458
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD5692b7580f9244bf5e145e97326c1728d
SHA1d2d66ca74f3689ccca7779d8f4ec67412cecef30
SHA2564559a1768e69bafea2392fa3e58aa88b9e9e37a48408974a107c84ec689b55bc
SHA51240d4f412496454f3bdb2f1edc97bc6caa7b845d0e7c8a397a433cf54a004ad377204efe4d7aa2f050602dbda6c624fa0463749cce9ea60944d0b8254972794e9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD5e0b03a53ba7e3c3995fb6a1b156b4f63
SHA1a6ab95f9cf6917d5bbd374cbbdfc92f3c00c2830
SHA256cb5db78beb49a2da4785df9fd99d7803563351a1e34211771e83f672b8cc3ea9
SHA512cae3c218d02430d8bbf4d3c073c91ce173cd5281e9ded542aed98c47f3eaf0595f4e7716222fdce7667f6b29deb3784f263cd9e2ce52a9fe973234fb1afaf2f5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD512ffb684a891eb6aced4feb7e05531c8
SHA1923f5afb213e35d6ab1e52d36b20ccfe5bf1625b
SHA2568d81d61aa2a0bef4f7e569f89de4338127222c14281e0891627851a51019c39d
SHA51292d568ecc0030703c0caf6ef25e7cd2e6b55b6629f3fd078353441b235182cf3ca90e696164ff907496dce2fe82087872e0b7cb421f3b15b0b1aa765d4d766a4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5913368c8b6c991d4d602874fd9a6aa49
SHA11f696c728bcca5af5745fae619a36766a9fa99a4
SHA256f83bb17d8c7bd8e96b092d18f0a18ceef3d4612a6cb958d7e2b870e389cc47d6
SHA5128e9510277ce6da789724478d110a9ececa582101f0ce560fe7f2392b8405a57239fdfbef1b90558d94055ba3ba6f200f6aa56a1b49293f45ca0d63dc0768b044
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD596eee646e0a5a843b298541584045a59
SHA1210e28d5c0079ec26094dfb9b17780fe61190e52
SHA2563810fe040f16f76636bcb30675b17be8a84fe1f1e66ec6d7d698754667a7dda7
SHA5121f0fa703d6e6b87da070a4f5fc1a11af78445fe03c053941b959aae43b129f89f1b1d21a4b385b7e272546dc5cf49de530193faec0b9bc0bbd03add8c6b637dc
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD508f23a605d387a3811835e214009822a
SHA11a866085638f53fe9625c3bf03ea297110d90d6c
SHA256246a9909c8df34ca327e84d8ded167212001e2256d5103a715e303e6f3861597
SHA5121538fa2ee3add2bcb0fdbba6abb991579f4c20d7ae7e97fa18ed75cee8547feeab0e6cf6952242694a399d4e84599441cf82203da9a8fbd705555c3f04fb8465
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD5d79ead36c906a180bfba12b9ae036a93
SHA1b563cd9cd79c39704cc32193695d51452a03e9e9
SHA25660c779690f9907e54d946e70422c7b1ee63ebe63a4bc6c997dbb37778759ede1
SHA51241a7c19efae01aa1216a492cd690c3e77c0dbd9f6e99c8aab96d349e407fd8ed483e7c2bc878cf7b444b7d328e952336b7caaf33e1925f3253c2c5140ff0546b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD5a9e90c7c11122aa8f1462b0068ffcbdc
SHA12ec556e9bf1a8d0c339593c568e693fe4e9297d0
SHA256a05e8d629a24b5c80886fea4e5392d4d96813aac8d36281e74fcc43c3e8da0c2
SHA512029ff15f1ecf86451764ed851eb5f67e48d47f5af3ed32c710adc149016eb849a8348c0cb1bf5417d87d91e49f5f5d5f506ef05cca064bca749cbe80c6755700
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD53dcd03903ec54ea6b3b9bf40c674f1c1
SHA19ac62dba7bacb5cea502bc336dc553192217c806
SHA256ce1a7e6b8b71c0ddc5b3b61c3bb79cfe8cda81bb1a0830ba84b8a9153871db6e
SHA512337e55b85c6424bdde1f53eb54bea9666a7c9bd65415af1ccad6f454773b2269759dc99a9c471f59736c65ca7cccc778dff839bc367c7e13cd3679593b739aa0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD53879cf1cbee62a5d943d76bb5688a44a
SHA1034c9359a834aa0cefab462f77f6038d6ccc5bff
SHA2569cd46842493b06df7579c4742f21f698c63a190bc0a220d0af0e8d3fac221ee2
SHA5124dca26b3173ab429a2afc5aaa2e76d0c624523a510cc326d37afc03e35c376c342bd863fb7dc70a9dd57c46212bee35c094356ee0bd138034931660fb5a88d39
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD5c2940384770e5ab3b687d3f526df79cb
SHA1a733075aa7f56dc99cbb1b0f1751712e97b8b47e
SHA256b87682ffa7f09d96598e28ab7dfd6a5d65fabab634c2436385212b9e9a208cee
SHA512a3eb92cc39d50aa1ab3c74f6ac35b4d0c0b088400742b5c211b60788696d1647b705ea1ba3d325e5aeea16d068ad9eced8463a6c21f62f3fd931ba03c94ca24b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD57c9622f37296463360c7881e0be83566
SHA1b6c9d6a4b92c3301ce700645309b46a0dc45263a
SHA256ef711ccb49c4d3201c63e1087484fe82a93c1c96f997e2c273145f7c585e99fd
SHA51247eea2059e8d6e77b5510db258d63d1d9279ead0ecc64b4870dda50e8c4e4471d34e2f930c37da2a968aa57ac38ce1b76457bac212d0d92c6101925631713188
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD5641ea8f1d5fa2e79dfc08a114c04e99e
SHA12f7943d558798a74ec8bbe95f149c52a50e8f349
SHA25699123c2f43029c05fdeda9a6e66526348aa7039c389a26bbdb100f0ae6fc76ba
SHA512a849419ab7797118e2c234f34c8c0396de7e2b2d059b79008bee7e08ad451e705928ec5952f6959513748f45fb1d9ca7bfd9b15ccc09653698d1b64c786ecb12
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD5d86e07e8af22f799a8cac4d34b038ad5
SHA13d11cb21993119a45b78fb05ac50f47e0e00e150
SHA25647953f3b134d3c56d35f625e96960d9e57232f7d1a053e34aa575a9e9de167dc
SHA51226f070e1c3a90e9d568a06895faa31dbf429abfb6014dca40e73ef133c65064f6aa0b706aaae1cf433caee6c26db4d7417a522cfacb96d74ba148d8e01a63e0a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD5256583d868cc125b7b91bd6909290ba7
SHA171132153c3aff3bd7da67de2733ccf98d829a61e
SHA256207abe8034aee3f4850bf55c20036d9baeca9377b661cd0a128be01ba32c3b41
SHA51237f7375917f3e6b3878a17d6c0b185e5d9169576663230eb13d77e11e7151170d5a5ef8294dd5464e9b68bdab0a3ea4335f702c1ca0167ad560717935665d6e1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD569b6ec20ea402569c44d1eac54294f58
SHA1bde16b8f6491945812c739b2ced0bdb15d5c15f6
SHA25654f882928748cde20cc13c8779edb8a78c1b861b8e15a81fcca7bfbab76520ad
SHA51281c3577907c823d6a9a643de9639b39ad7bd4bd5f670e81f57b0c09c5992d838cf4e6cead5d145fb7bd93a701131eb6fa597cfa49bb29991328a0ecb5fdfe3f7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD5c84cf561b7245d1b3d45122263ca4cbb
SHA1185ad66cd1ceda6290958e20be81400ff97daa88
SHA256f835a0f908551a52093ad8da152a14651b0f64b55fdcc41c98137997f92c5607
SHA51215c240257210d2cfae0237830abfdd8b5e2fe10fc2df4b70075f759a31002f0526ddc05e6ee9d9756bf96225e34e2783883e7027b14921112ef1a0e94e5f1710
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD5a08c7e82066c1e2a1fc8bb18215ac0a5
SHA13295abc5969eb2a4cd130198a87f3ab4c2a48695
SHA256206e959717b61cbccd63c7d8532aa41080fd8e652c4306da04043dec1ccc9894
SHA5126a845b5771bcf30f6caf7d0a270d16623eff33c7b6d6495ba16297635192e4e8b54878d8aeb6ec3480bda1c5bc533692e50b4b800e9624e9b478c7b7cf85efc2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD5ab6ab590fb610d44ca6d2717d11feff8
SHA1d2b31160de8962f1781cffe6ebdd9d06da549477
SHA25655f87ebdf9769a2dfb2c02318420c584d5c0c412a53481c9c2ef998197644f2c
SHA512ac087a68429e18ea58bdcfd3de3ec17fb6caf40debf2e0a25d37c5705fc8c6617c9509bed7b090cd73453ea38cb814a0caa9be2db85a2c7980d551578408e06e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD55ffd3d391da2286dc82403fe4026363a
SHA181d1af1fbf708ffb3d25bb219c395299b154ce8a
SHA2564158a426fa0a5184659bcad12c2afc6d7f446b7406765ad06f0360c0ff79dc0a
SHA512edee121ecdd3e98c53683e54963506ce9dabb059bddd8ed6ca0c1b8a73c87465b45757c8c7b8571c9e626cdbc22b0984590f7642f506e5a3c2b40d7d7721ee7a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD56eece678a077616360d4684133d6fdd3
SHA13f8819f6fc88d994a9cef07040c6e61fcccf41b2
SHA256d6a573e0b4e465ddda00822c15949403ca538dabcd0e345fafe54ff9e579ce99
SHA5121e83a59dc8b9f7e74055facaae2222fea0de56a74076fe6162a4f74f942234731336fafed13ce139e1168cc4ddd74e92b5567f33598c91841eaada031a6ff931
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD53f1ed4c7ef2a8ccc6716f8009537f1f5
SHA1cad7efd91fafa5e5daba0fe427d129d49d18d026
SHA256956387a9f696d08d3adb8d98dae0a11702892de697eb34d66cdaefbd49d65431
SHA5121377987156e99868a9a15f3905310ff1838c4a5507bd5b034ed5338c20920253bcf9dc635f04412606f95bec0e887f8cf34d563fdfca894037810d850e3d60e4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD57f2b95352bbdc302cc87b9be7691eaac
SHA191ab699e82a606905e6a13b794f2b582fc0cfba1
SHA25665d39e0f700c77d3d767cafe94e7cde5f6a1db449526e16b5bf753fdf42f2b46
SHA512afe460be0bd63c5c386ea4d9f3136c2ebd103ed4bb5f5c7067d27983c5f95d74e30037b46e4ce440f668d0b62388a1272841ed3c9486fb157a3a0b9e11ade2a4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD51f51f5ae55f6994e58ba1e883ee41eff
SHA1becbe446143903bec67cb7527ccfdf69ee574574
SHA2565e37b5a2ec9b0d047aa370993a2cbe178f2bff41d9a183b8bc24db305ffad546
SHA512971cb99d7117887e93462c48c67adc3ca0eca14ecd4c2aa580f364926613e4d590315af138fd7e52a343174f68d5bcf2b9e3b096d1cfe54657ed3bc7053988ac
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD531206305f37c9de8fb3f18c20bdf4746
SHA14941493409ff1c331f642dcccc573d9bfbdfbe8f
SHA256010b03053f887795a880bdece383548e6046ea663a54d06b68eee6ae8a4e3e7c
SHA5128b5efa5a836bd5838722eec9483c39681abc507864c62b43bb8144f7c904dd9d97c034a99f885692fa990a28ccf28bd0f05480a96c251b8b5a13b5f8035d7d59
-
Filesize
580B
MD5b6cce76bd59502fafbf2b599edfcf12c
SHA108b12f3efda6efd744481733e08a79f72aba8dc7
SHA256e0d25727c45487eaf840334a9f5785e4bbb435cb1eef234d34c4850bc7847f3f
SHA512b22da2abc7c728945fd025d7b6778012e7a32e78b90219b8f4091880ba2e47d718164df395fdf9cd42b85bff5f22f6660d26a70db9a459cc643a1c0c844491aa
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD58a44cd8f582b4226723b62f7c4294999
SHA1cc520c2b3ccb6fd4721159bc08f675b4a0364940
SHA256f04a4c234829adc684089a124c0563db645fe7d6eaef97df2e5ef21b813791ac
SHA51228cdc9c2370bf9f09491f38c5c78a0f565b8cd22cb786bc58bebe7ffc9d6d47c088a663320fe26b3c9c88bd5568ee2a19563bab7e400cad7efe66f21ac26209b
-
Filesize
625B
MD585c43074ad52b2bfa004926da8495bb1
SHA199bb954e7e77830a4c59ef665212da7c799e5e9b
SHA25641db8a9f46ed66eba7997605501d5c549fde0919b5da4095dbf9b3283e34edd3
SHA5127bbf6380a718b2ea258a7cff18c9bf377a5ac4a1693d2bb962c3930e41f1ef4b9b112ce6a50e08745c97db632f0e9397a7540268785a45afd229df549b6b3678
-
Filesize
873B
MD5fb7bfddfda4fb32da614ed5f6bca1470
SHA175e0581091298b98b14d40a0d224a33946d9409e
SHA256684549d5d72c830540220fad26d015ae3e3f75145934e8b98bcd15c9c640dae1
SHA51207a8ff044a7ac2a6e2f62e4e9c66f0c101bb9b5bb59c28c443f675f95cf12a0b97bdf32c36dde701a5236da52734477f1ef368b29e2c23cb6dee100452c5e562
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD5b97a8740b3c770881c0e17a490552ef4
SHA154b6d5c6a052563da36ca22b1f6f6708f8120a85
SHA256e5125171169c8751235c419009e1d2462b06c37902752d21b1723242ae2cc8a9
SHA51232667ea7d4ea666024daa85f0882482091dbdc396dc72d3043ba38e057f74ba1f8bd9453ebe0836dd3ded7e871652224a951b30681f8c93d0cc0d8686a5cc982
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD5c2c1c69ca7f4e4f1bb5c747636665aa4
SHA130461233fb118d05e2bc9c00a811914c23e7d7cc
SHA25677d851e7fc14eef5a5e222b2775ba4f045d479faefe1770b7569b73085d50638
SHA5121c70cc01c2bdf716cd015e4295fef83b50057064cc856c5dd7c35495db6fea81c00a4517960535e7e5f0f01a3578f8caef7142054a2829d44ab401784fc18da0
-
Filesize
615B
MD5a696cb04ffb04ae25db81edd47ba7d0b
SHA11a31cb7e396beb7a8f7a016c520bd07d4b0b70c8
SHA25699bbb7ec0e49285bc549fafd9f22ee392b464a25bc616ec218d3a0ed8048ebe0
SHA512dc84743082941a78b58900630e6dda9fd4b1b3a8e874bf61247dcb6d35b28644e67ee0a72e6f93993ad4d78fd32844f9430db76c72be2fe5fdfc77df5d5948fe
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD591cb4f66290842330201f4348fac44d2
SHA1f3ceec2ff88d97943cf6e0e2b7ff56e23bf95c79
SHA25631174aa1cec3c0f4fa04fe6df11bc1c9796b3c2c2a403539f105881eb289a4de
SHA5125167d40fd84812b1c9a4e6b5c6a52fe8e6698603fa648a578cae39aebc4a04aff7b8bbb124854675d2389e59b5c09046b9d9e36f9060eb61cf79593172f477a9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD5a71d7d89c55ca164750ad3b7b503cc0b
SHA17a4094c61980aab49e5184d607cd569b714dcc40
SHA256350e2cc7066c17b614de9f579a1f1d7df5c2852d4bf17d011f8bfc2b2a8974c2
SHA512c92d280bdd0fa704e4ba8c17aaf3325f8759e56d44072ee53243748cbbe7931a7f23dd4234cefd548aca69db5077df451187cf5354264168f21ba8dce82d78ff
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD5e9b2fa831bd55e26e6fca01ae80d8e55
SHA1fe3feb257793a7fb0de275053f943c22ed3a5952
SHA256da848d600cbc96c2381ae18df0d4ef36db39f187545ab272ae1bd18612355ac7
SHA512b0df3a24580cd6697588d61dd4f2a06a904753dfc6aedd6f5a754c38b2509d2a737d18ac957531b735e3f32bbd54d7f7e81824dddd8789c5f7db136115360a6f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD538b913ff170821d73061f5a1b1f5b571
SHA154450dceb377e96b34e154569382a732a26da62d
SHA256009b0dfa13d058d07b895e9f18e8fe3f86a0fbfe19e89302589ce59f89cfd240
SHA51289a5ae5f3c223ff7252a2d07c9cf530a5c71287165d9d9b7f536af40809d92a14416e2c1feb91a5f03f3fd6841c715d416b4f34a43c55324798efc5e0313c240
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD5a3d4150921f604450c723c368b53db40
SHA180ac7dfdcc17e892e12d7e5ad4cd2f4f1d660af1
SHA256e2c3dadb0a1407aa1ec45f70cdec126db431c6c9bed8c5450f01201a12b5b938
SHA5129172d05c99dff9b7d0f32ea6be5de79ca6937ba37bd59e07a09a1e3f1d5066a1ccdea83a2db33491db0289367b97940548ab7ac6c255dc1d0c63679055887daf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD5a41d7e0c318fd19292b8c0e4efb44245
SHA1fb4e1e311521754ed1a9975c3f99e385e56a2172
SHA256a90d393841acd7b09784c632b437aad4756aad31eedb43db48f39e8eb1fd64cf
SHA5124eb2e7c082842f72e64d55338c5cccfe6a983849e33fa4f43c9ee41959bc96afb87451b48a2d394180eff84ffa3b48adee9442b61e054d6887657bf7d2a25677
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD529db219bb89e44138317b91b68dd0327
SHA195ad11f7a39bd482340841c7f9d8a9d3912b1a60
SHA2562532c8bf3f004add3934680ef4c202033b85a7e3ad59c0ddd0b4dd10c0e2b11e
SHA512f33b23c90853d3f3aa6247ac2800f618750bbd72a60f5214a9fe18efb298081e5917b8e5b2c3dead970fb1370f34eb82a3843f408b6ec89df69be4004664f8ec
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD5a6964076189ab11ad9c545e1630782d6
SHA1e77192fed6d03e64044442cd47a6f529ef3e1e03
SHA25662c528bfcc3c859b2dc432b4463f323931bf0eb5b1f0b2bf660a47ff0dca7fa1
SHA512942bd44f50820b3e8690764720ac01e7bb8bb6e4a1b1e390e3b78a17b3559e9410a92bb6e9a16d1a580d2f040f9bfe11d6808a50da3679fd4220f04f36ef0ce4
-
Filesize
153B
MD5b9f5cbe76c9d62c63fbcaa784f488ab2
SHA1748cb7f6be8c8d982d7d2a5754b575b6a4616272
SHA25603f8730ab17c794cb342ccfa3d4e7ffbdc8a3fb45690a5816e7a5b4261431bee
SHA51205ac89b6ab713539e06456382cd8712672bfdca0bef2da75ad8560bfaf549890a202c1606ea239ad5529d9b740e6da8e3f6fa68fbb481ca626828f3d7ef787ea
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD5d009bd0e18eca8292db71df533ff0910
SHA1a4df894633c069592f3ffa68a2c150633bf2176b
SHA256fd5c48be64d505d4aba332b73bb7a10b80ea040af89c0fe352fd6fb04dfadf4a
SHA5127188f84305946f493caaae2584e24ea70942bceafd70672824400348348797f84ceaea59c492d4c773cfa8cab890910f4719080848ccee5d8063c6c8753564e7
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD534c804a58eead10727be354bed92d836
SHA175b03d41ee56428a663e1454375b04270fb85152
SHA25697a9f2bef204695f3389faa6ec1d9add9f3fa9112483f41c92d3b20c48921380
SHA512051d8d4f0c9bac87671ecec64c6bfa8f7c5adca009038e334bf9fc540c7a60af75f55744fc6c6ccba00541bdad5fabc3b4981785508d00dfb489992d997299f4
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD5b24e280cd667f7be82a27072bee24e72
SHA14dd2b7bfb667594cafff48557b7d5602b861b400
SHA25604cd8de130f72311aeb5eaa1925c9b8dc7fa40ed847cc56de2f72dffa73ca0a9
SHA51274add11570dc44ca891083b34f31dee6b07bd454ed6ecfd20b84b45581705ab897e80dba5bf52a234c878abee94aa35ab5dedc25af579eaa104d77bfb88816ad
-
Filesize
109KB
MD5948486d0171c88a1af8b8ce15785dfc0
SHA1d91dfb0f25065618329b9832d443a977fa0e9105
SHA25675711d0bba29a0f8f66393feb636c50975e275f7ed069889647d2f6aecb32a68
SHA5126c237081fb124d76e2ea63fce416904eac273215cdfb010bd4a46711db22e4983d49d348f9fa273561502b4914197efcbe6c3fc855a551d5bfd05b3776254e70
-
Filesize
172KB
MD5fd8ee63fd1f74bcc26882d9677137322
SHA118498233c984c3d1362ef82edd738a1f5315f885
SHA2566459b9b3a412b46f3251aa7ed161d9f16c47789a423c1efa1f7fadd38f1ed314
SHA5124182e0f53f8b0f520b596657d8ec20b758973d25707114ad0ce8465f0250de31536f0402527552442e955f6430947d0feb7af670bb13c66164cab3ad6f6735e4
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD5604e64d74aad87d1e735fb8e47f90107
SHA15e0f9a726dbcc4cdddfa45c53dd76516a00e599a
SHA25634027867fcb4f1a71a097c72871d8ca672e292d91cebc3daece1bafa8d95a615
SHA5127da34c7a136e5398f31352642959d2fd60d8826f85cd1d787113665e4fa1030d01313a544e651c2578e3ce37513c2be09eb1b6a7daa6acd0649a04547d4acfac
-
Filesize
21KB
MD5ff90b3c73b332c9b798cbe3430dfb3ce
SHA127c0280c1d3d1d683973a18b6e534a369e0bd27c
SHA256488d8a612961b51552397f7bf37bb3abc3808dda2ecfec05395e1618e682cfe1
SHA512965516ab64903dd1624ece646a2e559234e6d921cef6d3e062a7922fd5e6ba559519621f2dc67314d0cad156604ccad0e45f096e6063091af00c536b68fa8586
-
Filesize
1KB
MD5017ff9eec228ea675edb4c54a62eccfd
SHA160b919e778b156d72c332bef3fe8708444a69a7e
SHA2563146f190dc97e0bfaa64e51503b23aaea5d38e1555c8877c6e84904123a478af
SHA512c0b2bcac4c86b5a92513d7f9b1371a939fd6307ff2385d2db07468e390ac4e7d6d602342ac79e9fac8de8ee315c981cebd1b6e79301b1a1c9e0a44d3a75418d2
-
Filesize
952B
MD5a765b50362bd043207476503ff1ac3de
SHA1063f4c4bb556d0c5a5b38b80e4ee9811e1070066
SHA256a82e72edb49d0ea62aea03c428de9cfdbd282e61f5a2aa858c349fce1427b2df
SHA512dd50263cd96b0065ead1a73c02d84dc4be1beb2050701148312d6c313f40b1154413fa7bb06f05db38fe39baf3ff94a504e3e9c2e7dba35bb44017195b24d039
-
Filesize
121B
MD5d1a2c97a2f096be740ab49c353952c24
SHA1511a7f2aeac0635b741c7a52b887440afd1b53bc
SHA2563baf872bca6a054c759e53b095d65fea99a987e0c40c65bd354b16da2ab8a94d
SHA51236361e4b9cee4269e742857c7c03357d06409079b70caed4e74632657518b8ba47c1813de0cf60cfdf261f4bf09bf0a3987fafe705ed40370fa06bcb7aa13cd6
-
Filesize
1KB
MD59b42abe43451bdc04775eeb47921fa30
SHA1d250076c4aee1d04d52a383f5e5853a13a719b4c
SHA256eb17812b46daf307e8c638b27e62b1c4aa1b53dbacb0c7185d7a2763e24b71de
SHA51292344be9408759514c653bff7f3700e0054c33db677b9af0e97fcd75e616bf4398057a530e72134cd3ef1cc1ff7f744383c4bb49da8b8174fba2b378012a386d
-
Filesize
8KB
MD537f34ee5b21c698cc670b4e9115bbd3e
SHA1f3e542454ccc442e6a9ffa012a3e5d43b36c1399
SHA256f0eadd88b1bf7fa176002de0e5e430c1c8d33fa5954df669dc604074fe6f6f31
SHA5122b01cc8f8d4477037e5519ac2e432b177cf1428a5aaa8d5b4731ce0fc3c1e4912d52f99773aa917eb24401f0aec89bbbc0f0a363ce1b7109397461fde0df60c9
-
Filesize
914B
MD5c7fe26ed3a5493dd2e24e0ff4a243dfe
SHA14e09cf9a3911045a895f54d375513971c3976ae0
SHA2563b4309260cfc2df173b05c310a1095c036959f9bc87f4821f290bfc4ded6093c
SHA5120537a046b10ad27364ec4d38d4542e95dfd55d5bedb5f97dc7f1375904e66618ef17c8e858b5c2bee8ebf95888892d2ced2569cb03a38515ae24a670c60dd70f
-
Filesize
328B
MD51a16b7763bd6dcfbee9034dcf055d991
SHA13972b70dc90de6e08011c07c7ae3e48cfe18eec7
SHA2561a19845e78078e84b4fd436040c544980d28eb38a2be326873bf34199c525fd5
SHA51215691455ccc5d55a31b83660549f463ebc2fbb8656b1ff2dc6c09ca93aee9d3db2c96db1704149e3520ff79d8c325111b6f1a6049ac12619ccb497d4df1f5cdc
-
Filesize
1KB
MD515823a28ddb2e4af1e91a73e06d70bf3
SHA186889b43ccbd0417609c00df4ad4522145d57cae
SHA25673b3fe71ca45d827370f09e338fd65d3a750d3067aed4fd45d032a6a359dc0e0
SHA512dbd73873ad2d680425169e25dffe0323324b0277031d37f37d1285dd70b0375eb8c94d93ce3959bc03e1453105c119cf653d80847ee68bc6f2976b0e655ae7ed
-
Filesize
162B
MD51905f8d589e7dc321bff0c88a2ea2568
SHA179438541a5bee6cca4a5c5fde4752c6d4cb81483
SHA25628f29e6799d4a673ccc8973204f86a3006b2d15cd04d51bc33b5788245dab5d8
SHA51238244ba73f9cd96166cea8b7701df6555bae7e869aaab07d290e5f9178c94f68cc6792c05de328bfe96c9456916304178aa2ecf82097fb2bf703adab0ef76967
-
Filesize
586B
MD54530c9f378ff2b6015379b9ec62cf10c
SHA1680d951952a68b3ef07332a80ea5e12517cee163
SHA25652876db08cbe8be9e599cf16733ff153a74e19de854670ab526c3b5c97169764
SHA51289d331dbfa2f768eb2a93fc6bbf89fc06379cdaa95c07bcd924a083f75805b0812111e6bc2563d4139fe58d867ad0e4d0f572ad7452dbec806deea51bdccea06
-
Filesize
124B
MD5ae156564b15c8f30b8e25891e1c6e55d
SHA135aaeaf8f9a5fa5975bdc22d44b915b67f84f672
SHA256c26b8baf5383b881c769551a4d307bdd7b8c7467d5cd9fb67f1429615cb4be28
SHA512a08385569c827a32adce738d6c044e1e9cdf13e3719f9915555ccce86ff86ea400b7a195c0050447ff5f642de2bd2b1ddc85c3ed4263de8f9b5b4c7c5d7ec1ba
-
Filesize
8KB
MD5f5fe5ed615945344a3e8e5e23e5203d4
SHA1433e3049138c33813e2dad5386393310400f8947
SHA256509ef3a79c2b23821819c202ffdf7b7c7d6be7c722fc37475bd2e1d0fd2add59
SHA5123f09dd041f94c3a47b10cbd92e26dbcda0eab4195ef1353ccc387ddc07aac3f229706ce2a4ad5e78770cc1d5a454eb35a18972e0dee6f2014eaed2b372a8672b
-
Filesize
880B
MD57801dbd0528e6e752bedf197970ce2ec
SHA10f95a54ecc456d445f34839228258de975c2d72a
SHA25657ec98eaf9cd4a65adfeb42c802d98c9990b64c64f4eb4829b385df81e556695
SHA5121e563721bebee30a8f0fa47e8b8b84349477b8c6c6c6e1bff31b244699e1e321bcbb54e41ebdfb6fce2467de05da9ba9ecade1bedf7aa555567908fb92346b56