09c91862d6e40c74f6edc233440b5f691d498ede6fb00bb43d309ca24e4e67b9

Analysis

max time kernel
838s
max time network
841s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
12/11/2024, 19:27 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
Size

623KB
MD5

a93b8e2d5292a52d6dbaa3b34c81beee
SHA1

10a2a89542eccc52da2d44f182a45cbba1f9ed12
SHA256

df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737
SHA512

b0016cc77c500c8d9203681268bc178f1f89d2e0b22d6d16d2a5a3e1a8538cb8b6cd736ceba033fa2c38c6e0f0e45bd431589fbe0ca67cf4f3d922dc918297bb
SSDEEP

12288:aKwdOPG0Ir+MsFwdOPG0Ir+bxuEvt1ztNz0479wdOPG0Ir/:fev0U+MsFev0U+lustltNz04Jev0U/

Score

9^/10

defense_evasion persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (1510) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\drivers\gmreadme.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\drivers\gmreadme.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\39201.exe	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\PokemonGo = "F:\\PokemonGo.exe"	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe

Modifies WinLogon 2 TTPs 3 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList\Hack3r = "0"	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\prnhp005.inf_amd64_neutral_914d6c300207814f\Amd64\hp6000at.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_scripts.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced_methods.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\oobe\fr-FR\vofflps.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\de-DE\about_functions_advanced_methods.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\it-IT\about_functions_advanced_parameters.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Foreach.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_script_internationalization.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_jobs.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_data_sections.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\de-DE\Licenses\OEM\ProfessionalE\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpoa440t.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\ProfessionalE\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\de-DE\about_Automatic_Variables.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\Ultimate\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\WCN\ja-JP\Add_a_device_or_computer_to_a_network_usb.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_If.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\en-US\about_functions_cmdletbindingattribute.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\es-ES\about_Language_Keywords.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomeBasic\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_eventlogs.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\de-DE\Licenses\OEM\Professional\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpl7300t.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\fr-FR\Licenses\eval\HomeBasicE\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\es-ES\about_join.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\fr-FR\about_escape_characters.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\fr-FR\erofflps.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\ja-JP\Licenses\_Default\ProfessionalN\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\it-IT\about_WMI_Cmdlets.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\Starter\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_logical_operators.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Parsing.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\fr-FR\about_objects.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\ja-JP\about_environment_variables.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\EnterpriseN\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_pssessions.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\Microsoft.PowerShell.ConsoleHost.dll-Help.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpc4100t.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpc5200t.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\de-DE\about_functions_cmdletbindingattribute.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppLocker\fr-FR\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.dll-Help.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\HomeBasic\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_requirements.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\en-US\Licenses\OEM\HomePremiumN\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\fr-FR\Licenses\_Default\StarterN\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.ConsoleHost.dll-Help.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_CommonParameters.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_internationalization.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\de-DE\Licenses\eval\ProfessionalN\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\icsxml\cmnicfg.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\it-IT\Licenses\OEM\HomeBasicN\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_PSSnapins.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_History.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\en-US\Licenses\eval\StarterE\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\oobe\en-US\privacy.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\en-US\about_wildcards.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\ja-JP\about_scripts.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\ja-JP\about_Switch.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Redirection.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpc8100t.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\it-IT\Licenses\OEM\HomePremiumN\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\ja-JP\about_functions.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\Enterprise\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe

Hide Artifacts: Hidden Users 1 TTPs 1 IoCs

defense_evasion

Hidden Users

T1564.002

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList\Hack3r = "0"	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Program Files\Java\jre7\bin\server\Xusage.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass_lrg.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Office 2.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\gadget.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.jpg	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_GreenTea.gif	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_left_over.gif	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_hail.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\MessageBoxIconImages.jpg	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.jpg	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\it-IT\gadget.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_snow.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\gadget.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseover.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_right.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\gadget.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\slideShow.html	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Welcome Tool\IconImages.jpg	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\settings.html	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\Internet Explorer\Timeline.cpu.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_OliveGreen.gif	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\20.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseover.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\gadget.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_Country.gif	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\settings.html	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_FormsHomePage.gif	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\gadget.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_s.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Flyout_Thumbnail_Shadow.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\search_background.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Starter.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\Web\Wallpaper\Landscapes\img11.jpg	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..m-starter.resources_31bf3856ad364e35_6.1.7601.17514_it-it_1bfe961b7188430a\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_Throw.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\13.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\500-18.htm	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_0bd55522881dbaab\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_pssession_details.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\20.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\wow64_microsoft.backgroun..nt.module.resources_31bf3856ad364e35_6.1.7600.16385_es-es_eb07b84d53fabc90\Microsoft.BackgroundIntelligentTransfer.Management.dll-Help.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\ManageAppSettings.aspx	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-11.htm	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_11b07c1bb446e787\Rules.System.Performance.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_6.1.7601.17514_none_2fd7b56967fc5c76\keypadbase.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_aliases.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_Arithmetic_Operators.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft.backgroun..nt.module.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0fb7f94ddcb90850\about_BITS_Cmdlets.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\novelty_settings.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\PLA\Reports\en-US\Report.System.NetDiagFramework.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0accb12490597570\clock.html	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\add_up.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\System.Management.Automation.dll-Help.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\AppConfigHome.aspx	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..terprisee.resources_31bf3856ad364e35_6.1.7601.17514_de-de_8d33546de1c5ef03\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_Special_Characters.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_functions.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_6.1.7600.16385_de-de_59f90b40a942117e\erofflps.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7601.17514_it-it_90d7f5ba1d001eec\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\DropSqlPersistenceProviderSchema.sql	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\Gadget_Main_Gradient.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..epremiumn.resources_31bf3856ad364e35_6.1.7601.17514_de-de_1f1c1bdbc5efe9fd\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_Path_Syntax.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..terprisen.resources_31bf3856ad364e35_6.1.7601.17514_de-de_97ababd9afb9fa96\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..35cdfcomp.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f1bcbca1e780b68c\SqlPersistenceProviderLogic.sql	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\Globalization\MCT\MCT-US\Wallpaper\US-wp5.jpg	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v3.5\SQL\ja\SqlPersistenceProviderSchema.sql	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_4f7e32f76654bd3c\Orange Circles.htm	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.1.7601.17514_none_1202940e4711971e\Report.System.Performance.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\potscfg.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_arrays.help.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\editUser.aspx	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-full_31bf3856ad364e35_6.1.7600.16385_none_ce3a164d3f0fa152\NavigationUp_SelectionSubpicture.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef\ipssrb.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\SoftBlue.jpg	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\ehome\de-DE\playReady_eula_oem.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Security\security0.aspx	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_679a6ba79b07a3c0\graph_down.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\security.aspx	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_left_hover.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\36.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\PLA\Rules\ja-JP\Rules.System.Common.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_en-us_442c6606061fb492\Rules.System.NetTrace.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\settings_corner_bottom_right.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_e8f2b9ab2a40e84d\gmreadme.txt	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..epremiume.resources_31bf3856ad364e35_6.1.7601.17514_es-es_18ee408c6e8c2e28\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_bfc9dfce7f4313af\license.rtf	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-powerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_9654ef966755d06f\PowerDiagnostic.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_webadmin_users_b03f5f7f11d50a3a_6.1.7600.16385_none_be918bff95b9bbc5\addUser.aspx	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked_gray_thunderstorm.png	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..35cdfcomp.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_da28cd796a2b1f1b\SqlPersistenceProviderLogic.sql	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dot3svc_31bf3856ad364e35_6.1.7601.17514_none_c99214378a23d63b\Rules.System.Wired.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..-calendar.resources_31bf3856ad364e35_6.1.7600.16385_en-us_39b468a7491888f2\gadget.xml	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2952	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2952	df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe

C:\Users\Admin\AppData\Local\Temp\df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
"C:\Users\Admin\AppData\Local\Temp\df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Hide Artifacts: Hidden Users
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2952

Network

No results found

10.25.0.169:80

df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe

152 B
3

No results found

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Defense Evasion

Hide Artifacts

T1564

Hidden Users

T1564.002

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
352B

MD5
71638742e05283b995bc0672266a8027

SHA1
59f34016d8d1dcc20f9271a2828d8bcfc13ceaad

SHA256
3f79c803478fca8deb659a693fb9fc618e1cbecf9e51177658b4d781b571a700

SHA512
e75e900bb0943bd2447e61ca561cd293995c3276d431a8bd9654661285ce26f877d7a102488f8f63cc17edded687943de429721391aeb2401d00d6abb5eacd3f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
224B

MD5
0bb0f8f0602623d75f3ebdbe38cd78c4

SHA1
d163e5c10f888cf98f85c6be32ef0a0715cd5728

SHA256
e82b31160324f998ffa909e5deedb3584414de73de59b4fd4b319a45a1c2bd98

SHA512
6334aaf5094623d78b8da40ea73c424590f1931e4a53089b34b294bcaaf1a087d85ec8dd556a2681f319f437e1081d69025c6109c365c10b7f52453e6f50048c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
c4b6a8ceff0b4dd2853fd87731a3bfea

SHA1
9dc450897f6a13cd9ea5d02090389e826ec5a3ee

SHA256
528a1b0e60f80239b6f41e5e151bef789b49844de7e463a5b159a3ea4222b43b

SHA512
523b4f759655775a9fe4d34344fb767f09cde55c1f84563a3fc18ece28b029da8aad41b927710c3103d953ce74cd86f4c4d9854df0da98969679eab9db176073

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
5827f4ece21a005974a6cc73545676f1

SHA1
32dc2b7d9d8c3bafffee4cd22893350e42188141

SHA256
cb6146ca54337ab89abf134a27db3922eb3e3670ec50217a27e70f5abc10cc3b

SHA512
c271705f39b8360fb565b471cbb961af6afef92bd24f3169bf1cf7890f6f430075ac7fa2455ad04f47a3d9258ea8e7c420f6d900f0ac97b9a9e2bc7ef874202d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
9228f469e30517dcbc04bf443eeb52d6

SHA1
bcb4f621f8aa6fa8735d22e6983a44b8876017eb

SHA256
ec4f4eb750d761c5ffcc2876bb0fbfb9283e5de023e1db7456e709ee90469647

SHA512
44a7704cfe99d5e0787f78e06e36f74f64df99aa0ac97b6e3fc980e95151b90ce009d1356888753e7bd12b9701bfac6ffa75d3357ba4a9780472c70e09b852dd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
0b61e020e531cc2c3138e92229d126cd

SHA1
758453bb48bbd95fc87d458e0b2627f497235120

SHA256
fb513dc5afe1cb166e10d76d756aa4a7ea71babb425e2738d9ddfc5e07efbf01

SHA512
4f24711a3a1413a8b8b572a9590f337e6cea9f51be893baffc57e270fc859e9abedd34ce738b33eba99d1d5b452859cf7ff4f79538eb00398959cdeb19012fd6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
112B

MD5
61a759443871119aadaa34dfbd69866c

SHA1
fc4a0b41c95db691b8dbefd4f459fa0538fa5930

SHA256
7e43ee38c681b53b78fd73c939c28aa11422cf1a749a637b726f0cc8947946ec

SHA512
d67b0ef2094b4ecc9596c88f2a4ef796d315ee59dc2bd15a5b1dc35974afe6bbcb368b9aec8be41a581c92c4007352556982f99b8e0161d9201e43c1e14b38a2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
1bcfff5f186f85fea522b2081a66d2cc

SHA1
5608d693fad7896a1574de02bee77a5fb64cb20f

SHA256
8d8b2ef08db61f96a8212353223c1ed71a87b1e267aa19369b33cdd73ea96204

SHA512
76751b37465597095fdd1b1b5cca8a1fb00bf0565f754006b81c7885349bbbe2a19ea52327e1819d8b70bd7c3c94770348183fc75ba3929d71800d526fc2c004

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
155c0035a2f2499036c30e3e8ce2d98a

SHA1
b3b5c6b6a234a2ce06fd8230400b3c1e5b705576

SHA256
c48d6a5e3d7f425aec180c44c50e49af379383d4abc50691d9cfcdb1178948f4

SHA512
f38af3d7403c2214b283d696bba24c0c80bf30813ab31ba335d62fe36b9b95f729d58823610752960ce06804c7e4dac6790e8fecccce0b3f090ff0a06a1ca9d4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
f85145cc7f4b29a04e242834f28ff485

SHA1
71775e80f182598b1e9c6011b0d1e5c3a4a74371

SHA256
e7e5d48dd9e23e3b34225bc0c431982181f8c63dd0345d0cfda0dc80cbdcf010

SHA512
7556a25dc98a17753289f112b88393bc4cac4434dd1367b9f1c3a72adcc69d17f0673ebee17ac6cbb764020e6ad2984fa7f5919104dbb7a5e50938841bafc083

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
7e522a864e1c4ed2fb523a6df087654f

SHA1
582a657745fd5402285b9770738892b51fa647f9

SHA256
76c00bf12ed66351fc4ade01b820a8b2312ec58aa0bf7bb25a425581448ea508

SHA512
c72b1f80c7b5bab7f52e13eee861a0513e89167be06da58048a5ffd5e49f245144da9b0f6a50937d9996988b12a6802f94a3a2ba736f25c1d2c75512b346d65d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
900cf152cfa4ac6df24d5a93d80c64ce

SHA1
a0eea00ffcaff011ccca7842fd9abe5ad5e09bcb

SHA256
eee71aaf5c81e6e3c3fa358e3ae40374a0d6ce320c8d719678499945825213d7

SHA512
9e61f51d041161592e45a18279c7c73315e31bc6b8386f8e3993c9eaef8b05d45a51336a9770600f7f52d32cc2939ea44be8f3ac6c50c1968701e6adca6f8411

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
49754b9bd4f8db9dd6e1c318eb1fe47a

SHA1
c6da11d869825fb161861de0e89ca5b78e16edea

SHA256
67affe86f290ac618dda982e17ec4e87290763606e5415b17355dde77554d0bd

SHA512
3c5019b3b54c7700d10b3de4984482d16bacc308c3fa7c37fa86a843aa192e349d76cc3d299a2ec57253f91bad9e86f6189d7697bfd70432df4648ce15e2694c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
b3ef46b7edfe7de49c127b5f356c370c

SHA1
4cff2cf8e30a9693798032a43df94e6189faf28a

SHA256
fb6a31ad8dd993df04d8ed30a88dce5fd476aab6da42b414b5aa3b4c6abd375e

SHA512
0855a6d5d6b4878a236beb5ebabd688940835b4afd336c1d537a44512f8b52e9447b2bd21cb31dbfd3a68260007dc5f1a7f04cacc68cf5da8d6fcff84bbd9b19

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
7KB

MD5
8f5577c8e1db8e08f9c0b6c44638251e

SHA1
143d5b4d574474a7f59301049ab3c736fd9e1506

SHA256
b7182f7d68fa589a910190efec8c97d9841e0fd5b365925646abec46e4717ea5

SHA512
ccf26b477beeda362635f0cdfa4e2ad6923a90a8f5e8818e15bbe532fdd3262b225909d1c9e3727ad079a0128c9d9762a4c5d00607445f14651cccc900863fd9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
336B

MD5
d8f1b90c88fb9bc54b17366a29175acb

SHA1
f85f4d07418654f4842192382c162e4d42bd21c7

SHA256
b3c43330ada9142cf6d9ee37c6b055138c510251602c124ba5b03515e2d50fe3

SHA512
74158cb9f4654a8c814a2f18076dc94b4479f10efd7079bcb7c4bc08c29d325e23022765108350668137b3364399ace377e4494c128b19bc5cc93bd116cb7296

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
240B

MD5
e1f7cf35a6ee4720fda01724625bbb10

SHA1
7c2805988f28f004e000b2d4189780fb2adc6587

SHA256
156c2dcbb13b1e3b4e3b0c00770dee1d5a16831f2936a15a2822d2c7c16e5911

SHA512
3be60d544d64e6b7b603b966c84cc68bdad940ae8290ff1cb3a29875d5e87551d21f789127f4998d960206c361c7086982df4033e97fcc2ae5e9b49179f28e71

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
402a3e4af633b45f2628b20228a5e553

SHA1
891c1988e05e083b8cd1c57df3c49abfaea56a4b

SHA256
0f2c0eb6e16196108bb57535f468d4209b147f093af44b950f234d30729c34c5

SHA512
f6794fffac7ca56645dcfb6aa007ec5b1645f57bb8e49ca67a07e179e86db25129a4809a959a8dc9e6034078a3b09151030e1a54d369461dfc957670078268c0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
816B

MD5
cf4c2f771e802be9bbab1f6d6daa61ec

SHA1
82c6af8b6d6cfa8b62558e93b97bbfa368241c80

SHA256
dfb991b1116495d485f4a9fc9e1b982f96ebee078de859e30d9cfd0198ee3fe2

SHA512
a94c8fa329f3c5696a03439428462f34829fe447d354cfa36daa1d827fe2f87e2156e055a2161dc907c86ca4910759535b5f406108ddac5bbc69e20b6290f4ad

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
2e12fe6ab54005573ddf5e8eb3270b3e

SHA1
db8e6697ec8b350f1cb22f2650bbfcce5d827254

SHA256
06f32f0ae65984a1fd3b3650f06a50eb99121f07b5c34bec7a0e8f36615d0121

SHA512
fdea4fda9fbc02b3886b8f3285e4282f73432a2e2f12a391f27a3541093c45fad5180af709b1a15766e28b0f46e10b4ea1d9a14815f2b06fa9af1f46423b5d6b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
cb449c88c9cccf5b6384d6b60314ebf7

SHA1
14a477b5e6daf94e7eb0f920a0dbc387927a6c0e

SHA256
83bf83b99dffa338d09368af40b9bc9122c71de5c9b319d912996a696701b792

SHA512
8356bc3055a2034c1a76d291f00b3b6829de55dd3294a60bf9f7def7f641f211ea68b83713ed456d2b61e750e7219bfeab8b96f6ba0be38c95fd0354d2bbd72f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
c131ffdeca46fc140c926286f2822422

SHA1
423e7cd0b109172f043a2835131f82e7e27ba431

SHA256
f88113c91e457bbd1f8f14fca5bead3b11fcc9f065d4d8af8f00c0452fc39cc9

SHA512
99af3aefc29c9bd30daed43cd52c05f91bca441ffb21c2cdbf218807699c7b93523a0b967c1c17e29bb0bfc54999ffd315e4c6457aaf749aec2bddd2b4f34839

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
896B

MD5
34b030c7f58e16983885927603537120

SHA1
b22b6e098d9919ac1cbf2f46823d4fa85075bf91

SHA256
440f9a7be6690b61a4e2f8f93f0f126cd82a9fb5014daad9281693e527dcd179

SHA512
5c3f944453620c61686de46a394d718f0c7456d701f5287de81526bb3b92cea36702bd323b9b99dfc19303a77eb859a51220796fc08e99360a03f5a4a3b79d8d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
864B

MD5
6c85fd954587a737f6056cd951708d94

SHA1
2c8567566a65bfc4dcbadef3c721ab9cc7f49d49

SHA256
9b1af44b9a36c2d3188059ca1295fc5a519677f36478a5ce70567cc8c3abb2f4

SHA512
3fb73207f98bc1d87d5a637a476d539cf4ac5a36716563eee539ebf249c24ba77699050b3066744bc99cc31a33a15682322c3ad230caff783d22c8073b8ba2d1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
864B

MD5
1195984b7bc105975061d678ffac140d

SHA1
65bf3f9e99f417663dd84701a1fd7b55f6ce15d9

SHA256
12ec73c8efcc637926f0f5d60d1cff8d75272a93a5f4aa38c150df566cb47a8d

SHA512
ff037a2452eb43fed46280ccf91f4c0a155c3cb61b13f9b7705f3a4c1285658eb886982942886f85674a6cce703e44c57b6d9b6e41f1e75cfc56e111a8825b1c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
30bb34414eb55937538d0da9c0018d04

SHA1
5ba12e83001df11a8bc604b841537600dfd83670

SHA256
7748520561c30740c27b0495fa5d0f8f3e07a45f76f425060f12ba876ab9962b

SHA512
f4655522db83b2778c59ceb36baca93682f43f854bf6760bb20ede89d0687f71b4edd686e634468af7654543339c0ab485ee940fb8804e36830b02fbfaee6a51

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
864B

MD5
bb333aaa681147e277de48bde4edc902

SHA1
98e7497812be4471c97dbed08612fd081540d363

SHA256
e26d5aae5bf619c0bf2ff2b58d4dd00814ffdb2503ea41cc04b39e1f8840e92c

SHA512
ef8d82216464ee7bf95e11dcbbf5d51cfef83641304ea4671685c48de88ef987fe73162af9cf6decf72fde5effa05225975ff414c658b12ef93d66dbe9380ace

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
848B

MD5
7949ed2b4f03bbb943d580daca0b9d30

SHA1
44eab57224489adc88932114c08ef4b3b9e64c8a

SHA256
3394f8274573fd388ae927d8a4adb3e003aea666d5526aa28294e1c7c8818acf

SHA512
84545c496ce4b920a032dc982d3788edd9d2b3c10c417593114bba247b35d95b7d5272e261f1cb8222541d5cefa21d5395713082d07863406a4ddecae3e8d721

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
880B

MD5
be62e2d95085e38cd7073b5005f22f00

SHA1
a90113d612f3f9e3b8b1a21ad5335b5d956f3191

SHA256
9b3812e18f87ffbc46eb3c7006090499fd93c6a542ed7f3c87a84c08738c91b2

SHA512
0c579e50492cd2c68ec31ea0d269696877e6d267e10aab98396f21d15f0c94c8aeca6c38290f956ffa9619725af8bfc3fa1a54dfc76e35c67c820224962f9f86

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
848B

MD5
28a9ce78048dc3a360f27251c8a7c538

SHA1
01a4edbdf8814d002ef268a5e2e1f757966e61a2

SHA256
bd5fee9bf850ddb1970cf3d4712cf04ae158539f839b28533d0520c4cd2ca43c

SHA512
0d40fc6cf4d0b1faade675d8babf340075861c3294a36454a1cf33595ddd34764c7811685023495b93d32c61baf719c16988900342e5b8f5558238f233ebf22b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
864B

MD5
c4a6c18ca8c300664d5514bbbc2f8f0a

SHA1
5be316f361f396b829743a11397a97ccb36a3c21

SHA256
8d1da442d798169b2c98c5bb1d4d41062461080ad8c808c12dbc0108d0c3fdeb

SHA512
c779ae6d44673d6cd956f50fab457847cbd8ce34607e13ced963f6fe972a717b2a9034e9d16110acfc2610e54b40c9d1787c029adc3ed60386eeb3b9bc0e8648

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
864B

MD5
45c6a32130287e95cd230369fc35da80

SHA1
5a1085d56dff2524b1994f0a311826dd0911f2a9

SHA256
198f909a8a22a13293ca4d5b2241198192ffdc2e25f8a3a50ac595d1dabb20f5

SHA512
646eedabc98ee9d32cdece5c883f37c5b5f90ee4444f249b8bb2d8eca97f67130ebfd9730039bce281a01b77e7203de33a6e49f02f7c3e7e2e0405303fa13665

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
864B

MD5
a736c4bd39e902325a50d104654e5175

SHA1
a3ca2cd9eaa60269cce34dc23c84159fa86c5861

SHA256
51a768c4b07e40d49a3e6bc2b0105980ba70f8443efd94eea806d9fbbfeaa3bb

SHA512
e8802de76f29ad4b8926a5a73c054c28689d5c0673ee18a196a92d1d7b7dbdce0b9a7605f3485370a3458583ce93274656819d7d2a167f9fc96fa64111b82c06

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
896B

MD5
3767f230e5b018b230501d97fea27c26

SHA1
8673f4a902cd3959cddf37436432cb2139aca90d

SHA256
94db4e8449ff5af8312b727d70cf28e6db93d389cdd2c6116fd48459a4488b61

SHA512
abcf810372708ffedcc4f84a4741b445cacc22fec17f09383165e9d342d23662d2020fa0052a22ebae6df7c97222ac9d7b718337b3f794f39a5d8e2cefec1d33

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\InfoPathOMFormServicesV12\Microsoft.Office.InfoPath.xml

Filesize
247KB

MD5
b7b72f23ba089370546db2cd35fa66df

SHA1
f58f4efc4a9c7d57a816db88b09d8afa4d825626

SHA256
729a2bef41f179c8c83c3ffc1c1edf2030f427dc9e310ce930a627b0dc22e2c3

SHA512
f08422b7264b46f2477e4eba6b7f852e2c7cd1736d740ccd3226814a1c007c2d03450e349a3f81003e752c1c2fffc4f01e80f1141a56b9ed49602f179d4393e5

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
160B

MD5
8df925aff7534ba844b1b8e8dd85f6a1

SHA1
90c3ecc7dd4323d9f1aab375384842e8cb96789f

SHA256
0e361880abfcc5e8b32b3ef4bf5b9af5e0db192e3f81da2f035e63d5ddaaba29

SHA512
7db8609dbcc561d1485ccd468c9e812ea879541efcf0160ec9cf9bd8c94f9808a8763022a752f7d7a0f8f526d99fb082db634aef7f2b214444c1bbfbfeb0ff7b

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
274463912623bb83370beb1c21753ac0

SHA1
8f69bcbbb3031e21f3443d9f6e29e805e578934e

SHA256
ccd288fa527d6edb02508f2937d0489fe7ade88eecd9f6ba1b2645e9a7cd82b7

SHA512
6ea6999ce5d1aecaa1e423eb730ef00b700594b59ae433ee6f587aa53dea4e7e181f183f811fdc37617e3d8d0a68a05d0353a24afc4eb80d71acba5211a11c4d

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
3113cea63d6bb8e6d2dca955ece7a8c3

SHA1
9dab61972188ca5a70eb09fba510d58544ecf341

SHA256
5a7a5df1c89200facf51e55ccd7a9e5fda5140e8ce32521e1a136b90d7bff089

SHA512
ab53f11f756c9ee2a6b42da39b4b47121222a48fee80d7580a7c1eaf3c472631b92cd2acfb76d5bf25c304559fc23bcc1c8db9570d30230d5acb4c2ab9fdc249

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
8bca02d34bebcef3ed4fe1ffbfdfa789

SHA1
72a242009e6c7ba38edb61e5619c08c76690b516

SHA256
0a7b53d0c414b1e3ce5520bb6a59e9a6662d7f554fc4b5c1da0ea0ff4875bbd9

SHA512
2f73f7f459cab53bda20842d8dcfff25e409147bd4faba5bde27fcb15c4206bd4e0340c6c41e34d1d733539215c26a37cb745a1ba8e9e67b155fefc7e2329880

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
ace385ef14d809e9722fbd249344657b

SHA1
0e0f65435fd0f69ba14fc442a6aefb0c0a796046

SHA256
4f23204ae0f9b67a9cbfc671ac5f6f4e6ba14b9dec0f8d7fdfee0e0bd18e53c8

SHA512
9207b9f0511078dd0055107c89d4096acb1fb188b1e38ec5b888dc45e7fbc2b40319c97de3a2a578e3290323179aace1a6cdbc42360771595070751c47ff2c0d

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
8ab1a1fcbf706f1462a6f4dc0a2c42a9

SHA1
da5c080e763132bfeaca03b382650c5677329031

SHA256
67a2a92fe5a82d77aa09e3d0ad0f971cfc57248009c5c3c9d338fbe6cabb7c00

SHA512
554ace2f20eca68cccc9230876c368299b557726c50f29044f3198a525d7cff52a34c7c66d387a8454a2f4837eaab59d42a08fc59bb8da302821da868d45e55a

Download Submit
C:\Users\Admin\Documents\CompressRename.xlsx

Filesize
11KB

MD5
93d3b703e50130c6103eba4e9001ebe5

SHA1
728f29c978e1fc884c5fd971cebfa8192c773c21

SHA256
09ab2da2e7137521ba44fe4e98e2baa749ecba7ecef20326e99b146a922e8a41

SHA512
8ea4c36cfff196aed74871258e81d44d2236d2530e3f6e10799697272c7c0ecfaffab21dc8894e666e00061792c05cf5818f8e003013660a803c5cf3519410dd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif

Filesize
64B

MD5
23065ebd19d9f96e62b3e8f59ca6b2d7

SHA1
75478de2827cfb40f45fb54f63638ec70ed54953

SHA256
6a713977e15cdc18b3a345666560b505b65bc7f5841bf7c25aca6451d8fcdfb5

SHA512
a171265127afe0b075ca0d0c771389f236df523d06238e36b4b4493d9a77d7de6b5432861f9c7488c540b0a00b881162dbcbc8886145f69032b3c1b92f4a36b5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
80B

MD5
b272e6ff36931c1d8b7fdfed079d976f

SHA1
273c8a7889950ad8bbeca8664ea8476f937e0093

SHA256
e1e9762e637fd6c17cfb62869f4ae0aaa85700398f5873bbb8bf1e38d8c086d2

SHA512
06700cbe87fb6ce00997ac94b8090f2551b22f2c372dd8ad7b23a0cc3aa172612656866817d5ae41fe730d5d3deb5c4887894af26cf2851296f404302df78333

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
80B

MD5
5a1397571b1981144913d2f8b196eff3

SHA1
e71c3f6362b4cea60bb970dd2db2684c0a21d1c5

SHA256
1e303d04789925b463d6076201415cf04a47d258a94b336f54a228f8b0fba4f0

SHA512
49271d2ad44cfe81f1cb7de7efd4996c6f6806fe357e72a687b05c0d2825bc47cd4550ed850daf7570ab569723490b2312f05ba240ac0e979f28d22abb4f4b3e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp.aspx

Filesize
6KB

MD5
5b0646bb60320e777592550ec463510a

SHA1
1398083feebca13462160010308638ab26d48e14

SHA256
60864ea7099b10ce072e83bca200702b5d3b38be3061b4de01471648bb787eba

SHA512
e2f82f478da389829956836d7bd0d404cd1676fd321f81a2618b351ab3cab4d0be784a77144c9ad42c149d7b05987697ae036e7970e21115b884f2db60ee85d7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Application.aspx

Filesize
13KB

MD5
607ef9e4fa685e9b1a605555d7221d88

SHA1
85a3e9480daca523b44919603a0f39c925913050

SHA256
e871bd77234b685e1b5e8d0c27f5d7eb998f95fa18669fd476483c63944a8f02

SHA512
ade88dfc2f4a1204489ddad86fa7107d606ed1baf596e0aa2088c5742a8706f1a263624240efbacfe5f45a817a38827b5d1c698e8e2427da09041dde0d2dc203

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Internals.aspx

Filesize
3KB

MD5
edcbb203b6617251be945987f8772360

SHA1
04f6cdaab6cb2024215afa665759afa34fcbb09d

SHA256
55c01d3f2be273adad9f26b18f231be6a5d34d8363686e204de4b3a3bc833800

SHA512
f33885be3416fc18d9e01ef720ff1e3683447895790176961d6f49cdc70800a57a8f55dd21caf345d7278cbccef5e97af2e24cf42e960f4057f93719d5c76310

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Provider.aspx

Filesize
6KB

MD5
5db79af2f0b0c09a19f8d85341165440

SHA1
ce244cdc2f9bb8f9e62b919626759d853a516006

SHA256
ae8b3126f9c569936bef02dbe021b5a6a209b2cb130807e56ed6f09b01c0873d

SHA512
5ac244480db702d886e4370fba608fb1016c81c6fea873d52c7d649aafba2cfa1dd15907140bc304f25c4a0d23b5c092cec9b829198803dbf1c3898d1fda4182

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Security.aspx

Filesize
10KB

MD5
0fc3dc26586991b8a810fa0db07d67aa

SHA1
58ddd6bd65d3a4e5aa2286e4315f852e38ffcdec

SHA256
c48ae7e5760dd4f0f74233ff29d379c9007610b3d229bbcd4d181fb0f42cc9f7

SHA512
92585297d318871f6777dfc840cf21cbe8a5f2cfd0b26650a6963b87cf777f810369607e0e9a408b62c20599779bd5c309cd4bb6c40af887945fb9f9ff866aad

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\DefaultWsdlHelpGenerator.aspx

Filesize
68KB

MD5
ce2c8565e84f4868e20b07e4f63bacc9

SHA1
6f45473693347abb19d26d212742888ce53b3e56

SHA256
48fde54d92eec98f1577dece4395774e813b18b9db88b5c568366481c4469737

SHA512
e65c8250c2ec0749b5fe0527937031dbc8e8d67e524dc2bb32636eecea3b59d534bf4a1a680c9934f10530ca9ed75555011e0ad419af7ebba506f73e2d509158

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallCommon.sql

Filesize
24KB

MD5
caaa4bc3d6efd044f4f09c348365f709

SHA1
4ef67c0ee39a3c24b40b711ddc9337381e012bea

SHA256
92089d95c3e69a0973a1171679b62523feaf8c65f4ab5c8206d387205cffca8a

SHA512
cead4cbc6f017410a3ca5666e2829026831bc21398b04f6b468ef70ccce25cb0f8040f45e40009dbf806b668f331660e6ddaedf31085a237c250c85e9bdb7340

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallMembership.sql

Filesize
54KB

MD5
de81f1dd0faf36adc393b4b883c91959

SHA1
6e8b8a5122170368373e2548ac1dda5db9733834

SHA256
e62f183aae1acb109c8b3ae337005dd94c73a6cee3ef2486f270976e29f63116

SHA512
c7114d644254d8f2ad54373cf8e62cdb65c3eed2cf80266d06fd94c11169663c7ed9355e975ef57cc9374ddf21c6ba829ba97586f5f8524856b72a5f003ec0f3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersistSqlState.sql

Filesize
51KB

MD5
83a9196b927f2761b315328a7fd06e37

SHA1
0d2f6614c567590ac0c1e3ef1ece7d9ec852337c

SHA256
346a5d58e08ea341f785f228d39d2009238de021678bb871b42fb764c9dc5d47

SHA512
2b3d8a1e499b40fdd686315515af566aa47554745bc6418efff6e1e1d4b7aba3ae7a3c601b45f1be89c4829ada288364332b88b41eb451ee6d17425b9addf0a9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersonalization.sql

Filesize
34KB

MD5
1aa4e30729150469efadc1e0895c33c8

SHA1
ee97ba7d82cff5012563c130bbe6de718458b63d

SHA256
9fb9175a2ea10c87c413d8a89cb54a53c6ad0a3fd8a1623e624552c338edd70e

SHA512
0ae4a76dacbf33d6b75ae5c4fb7b907f85dd6655e09cf5d53a8d7a485f74c237c0551e5213696da9a2dfa55bf596938ce83f0fc52b6885d6b167c53ab96a6db0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallRoles.sql

Filesize
33KB

MD5
5b9f71dc4805a02a323e85d1ade55a48

SHA1
c1e90a2bc8fb8a71f06f3fa8797289f7a4612951

SHA256
4344350ef883f53ec22be7432b95c4b0f64e43ca4bec9b4a6aa73b189fe2f567

SHA512
85431102ffc4f1d476a0fa8e8dc9fb89e33b4e153736b8f6bccab93d90f9d269eae16da8760a1816704c938e2ec042731af7c0becfb257c35ac990ae81e8d267

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlState.sql

Filesize
50KB

MD5
47d9b174e0dc712b3c7f2fdbe6959fc4

SHA1
9c954bae8b1404a894fc5ec721351d0a964275d8

SHA256
8a3c4d0c0fade7af1f7ba362383c149aec12e3980a00cfa13646e7c13c36910b

SHA512
dfd50788421729041aae0a14f9a919cb0187f86efd3bea1e1f70450199d825a42aa7d7dc266b32e152faee543393c5845aa7ef2d568206a75a420b9ce18ef711

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlStateTemplate.sql

Filesize
52KB

MD5
766579be2773757be80e644bd766d099

SHA1
c43437e5a1d2c25c1ced2d1b06785e51cc089318

SHA256
d183e49cdca04dd70449e701aeceded6fecc2725944956b350e0f9aa7fbbc227

SHA512
d6077c70c56003f6eb4c859ea8f13f586f5a7bff77480dd4e0374dad213615209169f4baf5eac471d76dbd4db63c4c0eed742041cae80b3ad40a92eca54edbd2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallWebEventSqlProvider.sql

Filesize
6KB

MD5
5d88e4ad03402443f7fa5632664dfb38

SHA1
7aecc1cbb5ac4dc7aaaba1fd645360cc4b05aab1

SHA256
c8f9be78e54700bebb6accac1960dceac4e4abaabb824da35a5d44035a5ecae5

SHA512
2ebb8091ea907b506e05c58593a769f072a9dbafe4a8400a7f8c9ac1c153a608f7659cbd51d178eb2f4534f070874d48bcfdb7764236015098a2d8f456aee531

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallCommon.sql

Filesize
3KB

MD5
9878c7bdafd236c9c3d07e7b1f93e856

SHA1
f90ff0367f0871694bbbb2583d5b36325027bf6c

SHA256
4362509d7a6376beeb305f11816981dd5da468f09380ddece72722505e25d914

SHA512
b20e9df914bf8027b55485a911476ca0c6b07f8790c9fb6b8cc80596ec5d6a1ddb41dd36e66f7259c03457de72b2f7372551d61ba27b25d21b71b80717bce3c7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallMembership.sql

Filesize
6KB

MD5
bb3ec946e760626365441a53c2d68229

SHA1
67e98439258a5574a2019b859e3349b9f7c19727

SHA256
09801f010ae950cf104d0371ca776de2d54596e0e0c6a36da61d94cedb24bb2b

SHA512
975ebaef23440452afded52f22cd3e05c4ff1bfcb6fd498febbe5261d5e375f052ad25bcbc45820523f0b77463049a8ca879a2ba11fd917e8356427fbdeceb57

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersistSqlState.sql

Filesize
9KB

MD5
e0e865859b69ee1a6bc2a8b2d323d7a9

SHA1
11a5848f9a0e97ed594caf527bc645b48b9a08b4

SHA256
855ebc9290a27714348a0dce7be8bc29e7787b32404e5d82d34334d4adecfeec

SHA512
5f773283a623884404b2efe075adbcd11ed0af55c7e889d25e0ac7fd31e247424c78f1665def9c642c3a3981fdc2bd6f17e0d1af396a3240eb9c0beca6428eb7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersonalization.sql

Filesize
7KB

MD5
c1b7b12f7026b79d77f893e78db2bfa7

SHA1
c2bacea85d14cc8343901dcc41b783cd46a57183

SHA256
22bd18260f5127300ef4c17537f2e4ac30eb5d6d0a0e16646a7a6f084cbb96b8

SHA512
20b217c3267dc25eb87a628ff29fff609ae59314ab989ef973ed2aac308b44ae8e336817a71cadda68845d70d6d28e029cd3cedbecbbe76367677bf42e4cb185

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallRoles.sql

Filesize
5KB

MD5
b4b9d7a5ff29d2546df79d3c561a0104

SHA1
b43a47684c931cde8be1061603a7b7e6041a7ee4

SHA256
69709c23635d51d9b5dad2fc22559b54123880627566d65ab072ee089b699f83

SHA512
a221e94137b3256e652a2cb5c047f10feb44f8b83c7dbe6d8ac5dfacb95e4a1d9148760172e6ba800689caa107258901f53d0d1ef5cf9fd2943441ffd9f6a31e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlState.sql

Filesize
9KB

MD5
3e1191f233a0b49e7afd8282e9e8d14b

SHA1
d17ba397a90c38c45fe3a814babbc6189ae071fb

SHA256
4a223a72ff74890f5b4331db74772367c5caf9b841ea0a5622825fd411eed7f4

SHA512
d051c030d1ac1263d46676cd5bd0a9faa9366bad51af04e6000360ddc6ecb82e232e043f323621504f2a2f7b32d4e4eaece497726fb59335ec60d546e092607f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlStateTemplate.sql

Filesize
11KB

MD5
ba42716b10dea0e7d68dbad5ca55c255

SHA1
e1cf27aad065a7ae8ade775441d1d3b56eaa1afc

SHA256
ddde1ddcec7272656ff655fb6e67c07c51dcd0376ee94a3622099681c198cd5d

SHA512
847ab9d7c55621f24c3f7501874bc02060aa927f7d04905d769223f1f7ab9e50368cf88bbfd662c690bbbcd9076412b657a777046386d0154e70be489f8cc093

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallWebEventSqlProvider.sql

Filesize
2KB

MD5
54843e4ab38ddd0a09c64f22bc827f3a

SHA1
b5bddfbf05cf7f71dd3f4371102be4e0216f350e

SHA256
982dade057a8e60884e67fc5fa46c18b41cb612e3443ac3ca91fd1dc1065be4e

SHA512
a40d693174b10b046e1e958b74f69e1479d9045e267da2c5cd47ffa5f241d85de197f0548edc7d9d3ec4748aaf6a2d7c1d576e30107a21fcf6d2a3af91bdb40f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\CreateAppSetting.aspx

Filesize
3KB

MD5
f462fb5d82334ccaf2c59e2b5a622e4b

SHA1
577a1757f8f50d2837dd22aa4cabe15dfc92f5d7

SHA256
82ce5e707c6c9a877a7702c9224d9fefdc3c080feddd0d7e89bfa5301f9f094e

SHA512
06a4f23919e4611b18c6332231ab32861b31f0704303dff42abf4ba7e8a868acfefb1cd1186bf2210cd6eb6b1a75a36bb176ac2a59a1d79d8752c7ec94e31464

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\EditAppSetting.aspx

Filesize
2KB

MD5
6a2ca787dec3ea1aa11766db15c0303c

SHA1
bafc9c6067f9feb3cced1373c3cc5e86e6102b6b

SHA256
09d1f509fe0bd92d5dd274c604d5af003f847f42bbd321094aa1a7a4365ff60f

SHA512
6f585bf8af1aa28112cf8e7a8de81a95602eb61e71c8690b498b2df7ab43141792b86443e588f561334d0c9f730afcc17a8003f106ba56f7dfe6468b2c184bbb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\ManageAppSettings.aspx

Filesize
14KB

MD5
ed4b871301f9e29c436f45ae1c5bb7d4

SHA1
bf74afe3ae19113f201892b1c2137ee865f4b312

SHA256
1ea515820b3a5bfcf6e3ba6aa66eb8c2383cd5f95e74ed63047e68529feaf39a

SHA512
1a3a2c1d34abd36ceb75a8172b6d85622d0dc3a2ecf3efc31fb7bd5cd03d6ee0d8f4e51c19844ff447bcab24186340e101a244204974c2713a14b86c496227eb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Data\GroupedProviders.xml

Filesize
320B

MD5
1200253f7d8f4d1e7f64f3d3f9575863

SHA1
a37a6be07662063c179b8f7daac1105578e642b1

SHA256
d32c8711f25f532d2c9417c3702c9510d391f2afaff9672bdda116c27a051272

SHA512
33fc3d7e27da0ef9e4769380e8b883eafb3e6dc3209f7c8a874e54894a3e12d550021028ee0118d50b2593d26360db0a1e823f9afc4ed64f10ab56164df05ad9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
9d707cb13cc12ddb20f33ed53ea03f6f

SHA1
c7c09e7b66f24b46897e38f2d06210b4ff792b1a

SHA256
870a0bf0a4fa7ebf78d1c78ca2c33d1c0256402508185466a1f7082e91d712ba

SHA512
c7acd007d7f29ab4a6bd7bc6fbda2d439eafe67536765827a7cc77a1c4b5e12f5d439845b39389aab83de07415d7a4c1997ac0835120f7fd4bc1b92876c788fe

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
23502c28cf86df4dbfd38f8481aea24c

SHA1
9332f38047f59d0e92ab9fa97b45e3099b8894d3

SHA256
b9790156d52933a55014cc7b240896d55fc802e28aaea7eca5de18bfd9870b21

SHA512
ecafbc6e51a5db64c3ec12bb91b73638123ffd0bc85a916dd8ccde7648387e5d3c73b27b217575aceaaf3e0e96226138542e74cac9afba770731d584a511cf69

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
960B

MD5
23d3fc284051e0f39af336fc1c5358cd

SHA1
f523d8306391fc08466712a798443cda76249ea5

SHA256
8f075376db752363d0321f4f75266bd28b9ffa11bcfecded63bf7a32b0786784

SHA512
213bd958364a1bd7f1033cb5938db8cb5447207acc674e92c21ba56b09e720cbdbe10eaf3b7ddb875a3111ea4a3f096ecff7d557c0617c3c2d5537b4887f6e50

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
128B

MD5
cadf4fc9283999f1e80a539d50ed8845

SHA1
b37a4d11a3ee10cc9c64ad446e1346d063423700

SHA256
03727dec10f6d59628b8f3f9e81cd083c893bc93c740c28fb3ccbaf34d28f13a

SHA512
9832e271e10603b1bec287fcdfdc8b4fbce954458d038185572d7601df5cdfcae7a29ae0b15ff571e2369f77e787f9d5fc66ed66bfeb7d4d790ffc2182d93d11

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
bdd297a46dec6e3eec4759a129460e37

SHA1
5aef938f058528e063a71b142a2c688bbc6c2aaa

SHA256
1f1b4fc5d21dc0703c6cafb1a6aa2d919ac125b89e96e9edfb5e507b64213bab

SHA512
81fdc87cafdc120d47677c6e6eccb0856ccdab93b3bf8f70ae6329bffdbfcf0d1c1c34cf52f42503985cf163eb6636129a8a3acf86d7a5962e521f3471b73b1a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
423be77338e818156c12755af03dc5c4

SHA1
c1007a7c0a9a55f9fb4cf934b6258a05db867107

SHA256
83d26fb41245837f914598e3186bae1f5254b87f4a0e729ae9c44e0f3544628d

SHA512
c2c45b4966c8af26bf92098634f2495a141d8845fecfa72fa3feab6b5b55d16318f77d24db9f924a6b0ed5620985aeca3084f36228a8dd5af842f44662e05ad6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
64B

MD5
2d24fa48700193e2f0c5f4a90585cd7b

SHA1
ac7664f61ee5aee5e8c7199bc800d600bf144e73

SHA256
de1847ea5fe343d567f15b753dfeb4f5c68f36620c174ff444b81e804eda69ab

SHA512
9348ef9211ccf323f7d4f3dca605a4afea410eb44f8eb160808765dfa2fbe4cc6b28d6516022548e691b12748f6eda563611e5392551d844d1d6269d201040c8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
928B

MD5
ac852f819d6a64e52fbaa8068a0b21f7

SHA1
775eb1ae21ec44ffc65fb7d9ccc1d437fbca8c0d

SHA256
de4439e133159385c790908539de9571f46290a775529ae1fcd45c61367e4157

SHA512
bf8701b2ef4a308ff69097e21bef7bba9f3e9c1e045913e308eabc3e50ea1ffbd14a09f5858da90275999a6fed9753f41bb9a19339d4613a9b9e5851d01c0479

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
96B

MD5
5325641214ed3899a283581e12d27f82

SHA1
df8fe6cc2b879950fa04613a50e877345126b950

SHA256
6fa59b6844d519b7f8fc23f1c54ffde9524beee05e9c3e390fbb06111afb12af

SHA512
b3f8531c09654da57cd81ca6004decb33abc67e473f75f1ce4bb6f30cffba58a06359c79e32e40a967889c0a76867f21f9aaeaaefbd6084a86a992e877db6710

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
96B

MD5
6dcd50d46b57dbe99a4993be0f38837d

SHA1
82e981aa4f98d2dd2531c6b50d3e82ffbc3406a4

SHA256
98f57d66ba80be5487ab7612fe172c26a8bf7fb8b8776aa76b590389b3afc34a

SHA512
c39c4ef662ac907574bfa63aa2560a5427de82674a8fbe24437086c1a4968927e188c958f00894aa8c8e80a305384b2b213c94b0ab8f3621efc6726aecf8d513

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
336B

MD5
e41377b9a7d3029079f0bcfd48ca74b2

SHA1
97185804db3c39c34cb333622c38e2e0168b71de

SHA256
7185f16bbc362d2481f866c0dd376c6ed3439160378101eeb2cae808a75bb1ca

SHA512
b5a33161e4db598db80f26132ca2e795c32e272dff61f094f54e2280d5ab70e6bfcdf2e4843b28b18f73943d65e2e100fdcc0d5bb18781bd6349971a1374ba9b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
fd919752149e62e2bf3a68ea3bfe310a

SHA1
2f3520f5363ec30695f00d9fbceb94d9d8752061

SHA256
2776fc9bc6df9af9b7553a2330553a214f173e422e442e32995550b33602426f

SHA512
390ac8d912ad8634272d0bd0c98427c7804e3604c1f4bb47237c1af195bb5754e77656e3f6bc6349f8a3ebc35436eec555ccfabdad1dc74d26f298536ad91a88

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
176B

MD5
e22ee03de4d22879dbc09c25e987e275

SHA1
6298d309e65a91ce0bdc0d65c63339ffd1a5d31c

SHA256
9451c576a5c8f38f123f8d667cb31fd883144e53b92be295545ef31686746af3

SHA512
b4259f87f8addd38f20724419fdf31f2b7c03e314e8219ab306de78b4be38de1cc9ad7fd6e79367e306322b3629ffe256812006b5d923199d72225864ef3f714

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
592B

MD5
2c4229fab0b3d795d6a1021f83b8bd33

SHA1
9adbabf6d11008144e783c44fee9896518ddd17f

SHA256
85d8573efd868234361d59d28f7f42e7a3bf4065d409d743c24ca1bf09475d84

SHA512
02bbd91896c748ea03273f8053f9cdb2c942e94396477ecd3c252191fd3d9269b211fb01f1a82f8ffc6d36320119bc00c13e68f258e94abfa063e3775ffbc81e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
128B

MD5
4abc55c89d75539747cdf16df4e2fc6d

SHA1
31788ba368f5fc8745f1796fbc435bcb984e01e4

SHA256
62ede19951c39e6884504c9d23baaa85149c5f92350621fbd2b693bad5eef822

SHA512
32b9dc4275c50e4a6e441e76a6c72056f75579704f5eae1b2b750b1ea645a4e17ae319eaa04e0e9737a9f66d7cc4abd1e75857e57f0ae5611df780980d925ccc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
2e827f33e8ef41a6754a3dd62542334c

SHA1
ab70f3052ab5d9539c06bb9fa7e856a7746f5b48

SHA256
f2c4b9e64ebd1cfd5ac88b4e36151306627c86fbe2334e6b5f2cd7958eab0db4

SHA512
1288158d4aa86570b85c05cea9cc6bd6ca505af9dbafdee43b1e4ef6f5010e804185e6ffa89d4aa44d731482141969fafd2560715b1b4f0e5a191add6c037605

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
896B

MD5
06662513e6cb50cae7034d20197a875e

SHA1
86b26b8ea47d89e8c98760c0f1bae670059a0a84

SHA256
d1fa3dcacc903da7f306afc7575358eb1e3f4458d4cdac402049c689dace0cdf

SHA512
ac30ac37ccf38db5af3697b225a657fab8f078ce301ab14abe22af417df6408e424ad1fd02d72acd0d9b01dd999485dfc97e8062407bef406fb97fee7d56ce08

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\ManageConsolidatedProviders.aspx

Filesize
12KB

MD5
aec1d2585c3f6205f97ab6fbdcd7ce49

SHA1
ba738bb2bde816caf9080ad977977ffda7150d49

SHA256
91ce474a3741d8f09e85c2722617eaf409b79435398d276573af1525988c462b

SHA512
580d5c8b8cdbda71cb02d8811522581dc082a6e1afc13f5aedb8f43e41c7c8a0bd6a8164ba781f0917d4ef7497108786b7cd1364283e1076dce6dde7fded975e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\ManageProviders.aspx

Filesize
9KB

MD5
863a2116dd325c2ab1142900959eb60d

SHA1
754044f2ebabb4dae822fa5b5d72bcb1b9e2c225

SHA256
d3d6e1a49cadf97cfd0d3f3c1b221d3141d8664fb121b719da8cdc3ae9f9f658

SHA512
3e424ebf15e5d9327089e2750787d298b3607151d931c8b3a922c8362b61968253038686e64b7f4facb3122dedd66f5a0ee4ac8500b1fb936d4ab1f52b59a3e3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\chooseProviderManagement.aspx

Filesize
2KB

MD5
3d2d330dcad9daebbf9daaae0ebe0149

SHA1
6328ffcb29165db7406e49393c95dc5086318099

SHA256
bafd54645097366b8faa51463629cced886b1b7c0e66155aaa19dfcb1f5662c2

SHA512
1d8060cce69242d55337db19939760fe1231299b40a00471813526457689971e2f98892270f04a221d76a6ffbc9dba839e010c77cfa8d405bc8ea8f67c008bf2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\createPermission.aspx

Filesize
10KB

MD5
e0ee9b1343eca405d78d6a4315f643f5

SHA1
1c27d5de3b86e8e498a391b81a7620f7b0002f84

SHA256
0c31f35b5a4d4e6f864914a0c001833fccb964f26ac4bd6cc56c793d1f257fa8

SHA512
9aaee7737739ba50c08cb5c10c8edf210a6f0d43ab37600c6e90f3ed82e3f1678e3122b5ca56c9f4bb080837309e8a82967676260b62788e4a671c57bd75dc57

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\managePermissions.aspx

Filesize
21KB

MD5
143a8af669993870cc524ac288bfee4a

SHA1
5e671cfa4b0b551d987c6b2c6bd6f977ba03aa78

SHA256
36934bcfcd04e35fc98530850987d50f4ccfc6789423729881d10b3821e659ed

SHA512
f6d12f3f8529f6a61482ccc9de6ff62dbabcfe0a0bfb2b9a69fb3a47b2b726643e2f6f51846ef05e2ee6fbb1a554a317dfe1108c57b019f8d91f03e82ed644bc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\editUser.aspx

Filesize
11KB

MD5
fd962af7e245a05961420192f8ba3df6

SHA1
acb01ab8f12843a8848759f96a15f1e18f677842

SHA256
a3ce2053bf8a0b518481b12cf80a35dae3ee9b4d1dab2555e3096d48d5d92208

SHA512
4cb885ac1337fddd438fb89c2e78a901e89dbc65538307c76419a9a4e896823e483de6a5ac3cd3e89756027af744c41ccdc1a98b18a9ca51fc1535c5bc1485ce

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizard.aspx

Filesize
10KB

MD5
003675271e5d5611d3682c0e98566b45

SHA1
a1d2fb85cc7908d977407236e44b9d87991a1372

SHA256
224616b640f0976155752cfbd24cbb4ef80d24243a4382cb9fb7caa27b859cc4

SHA512
a260db24965d104d85582dc56b4eefee06d2e86fae443acedee94daa898220c5389b973b269d7afb1bcbcf6c749c0a1d98b5e3333bf7871912cfd59abfae2cff

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\security.aspx

Filesize
9KB

MD5
a7af8a7c1859b1786c33a330d10d1e5e

SHA1
3bd41057022b1945df5400d8088e172ddcf4448c

SHA256
763a12a9cb2fe7c5fa5530dc99221c8a817a70604979fcc9ead2d93677e86637

SHA512
fa1234a9fc5a0f9ab94eadb76ef226b9e0b8b1386af33ba1021878c7866ace8fc51f5898cfa409677d61661c5966ef70c37f73581ed541b6f55295f48af94132

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\security0.aspx

Filesize
1KB

MD5
41d4a89d1f9877a83745e28b45a43027

SHA1
e42683517e3661ff472779ccfa72fccef3779b5d

SHA256
9a0c082fbe3ad4eb17168d84dc47cad2872f64b7a1e6ef7b62a9dc0336481d1f

SHA512
8aa595cc7acf15c97a998577ee62f68f763a1b3d2da175e7550755d4886006f2ae283f30c4b85cc25e187d7842ec60a46dc6d754135b4b745b4951d256a0920d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\setUpAuthentication.aspx

Filesize
2KB

MD5
472e1727d1e54ff83a07d7f7c0916a7a

SHA1
aec17b766aec272c47a00dfae2a2a5c04b044601

SHA256
e454fa630e1dd2b28d11546efc08018fc6adae57d0f1f04b4eeb6f968f93855f

SHA512
eb2a2542add83ac0810c85b0e1f7085376e7664d1c7ff2658e422772d9b988935c141d76187ef87feee486768a866caf2e2ff86e2ee90f1c23e4d7e09a0e38bb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\default.aspx

Filesize
4KB

MD5
a22e8b9b72601fe25f6093e28036d44a

SHA1
ac2e9e3e46d91e94ea94db32b9c17edff3b9fdd6

SHA256
457f61966d3210c8b20bee140fb6bf03a85029fa438545e9a1fd42b632315322

SHA512
a76613e1cf758666f82b2237bd829f0ffd2129a31dec3e5148f83671b5ad097d4cb98dd7489774a67f98f43560aacbfce4fd3191bed7ea18873c2ac3d3962991

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\error.aspx

Filesize
6KB

MD5
cb772d0492c674961cb967b835790189

SHA1
771bd14f4dd45db23e6f5794c983a41ab3c74869

SHA256
a65bb08919870d0b76d7012313c6e497106989bd2fc203a357c54b646562275e

SHA512
f692b19d6b80555154562ce9d64d2d5333a67dec98c7c59c9026f4f92aa9db5ac0a3a2748e113e53e9a26a8698da573f4b63673566215787d0db26169fea714f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\home0.aspx

Filesize
1KB

MD5
3513114fc6f4790d8778e64485a45c9e

SHA1
436e073f230da204c9ad17bdcb5be78f767dbcd4

SHA256
7b2c866c1b90a29a3576904b389e594ec698ac28b168c62f3e6a4a2f0babf01c

SHA512
021c16a9a1c25b68f389bc123a09d11db1444e027769fe23024d950414cc4b11c41b11232f991b7be8a8c1b8f3c38981d81f5de78f3936dc1f9dc73bc54f363e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\home1.aspx

Filesize
752B

MD5
dd089bc4636cb913fb959b9acd2e7dc7

SHA1
0a82aa0de5c39e38f5cfefdc698fa39496fb0395

SHA256
bb2f7829d7922e0f69de69889ec54fe2d5c8a6275ba4758070e2032fddf1f3d9

SHA512
52c8d5c8c5c98fdbebe7173b6bb60faac5bfdaaa9c08040720b7f7542ec62d309f9eac14a24b6de32a50e556565024e07a74bcbd7f722d847a9f9bd3a2bd6aab

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\home2.aspx

Filesize
1KB

MD5
92870e832b8e19f831ace3e115e45c01

SHA1
3b7a8423f7c766bfc1356db26f686e77f2ad47c5

SHA256
2ff76dbf35c2f296820d44f839b8d03c696c12167d5d8e5d83dce00c97addb1c

SHA512
f9b8efc22261a2b12b3d85b2f81226f3f70b815caa5ba6e3722800b0a2cc990831e0166033c7022c1c0cbebe314b3c15162a565b56a36abd3e4d43c3240c5078

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Logic.sql

Filesize
23KB

MD5
a09e07985cfc4dc044537467223089b7

SHA1
011efd6d939585d92b250a6160f2dba5395fa871

SHA256
edb4b0a400919affc4d96e9a03ad918c857f57cea16420b285bb3ccdc13f743a

SHA512
0057453e52787bc5ec265e8d880a21aa7aa0f15a76d087489198728e853a352065ac153d7e4001f2707f45d8847f0df578751114cefa0d3a9fb01e8c39f3871b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Schema.sql

Filesize
4KB

MD5
c91349e0b6b6c20be353dd7b294239db

SHA1
2d424bf6c5877128e8f3e5e2bdb50346882f918e

SHA256
424786899f332334dc6734ca31735826dd17355bdb66b6b1b3dff49e71eadf74

SHA512
c78cdfe315ba90b6cccac55c30686394fd4af381522924c836e0cde5371981c8e71fbb21d86b72277da49e95fb789f98f6e755777cd331ba533bd7a51b59c59a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Logic.sql

Filesize
372KB

MD5
8fac39dd38a4f7356607066c0d24faa4

SHA1
ecf3bf6859a49d3dce814cccac9e05fb876de2c2

SHA256
7f2d9bcd8db9f96b737a07b81489d4feae986e198a4bea7ae66cca906211b00c

SHA512
cb0b9f4f4c89b5e8b450502a213c4bcb61975a97042cd25cd49631a59dc1d2b3c37f4b3993ae07266f6022e8ec8f7ef944bacb52b4e106d92de86753ed6f018a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Schema.sql

Filesize
49KB

MD5
9b5a3a735153fb116cc2ebed223027e6

SHA1
84503d6e82166944141306b353c6fb23b062d4d7

SHA256
b8723045df55ba1c3c9a50c31c45078b247e94439f0b946d1f6a3b9e4a2dbddc

SHA512
7d5e0bc5d967313854a6eeff534700bb0775c780a48ae92147c2072a4b1446e3f2ff07775e07d6ed7e988bcf2f67223e5e3c092fd014cd9da968cf161dd0ed0a

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\DropSqlPersistenceProviderLogic.sql

Filesize
2KB

MD5
f2c6d1f85ebfc8ff16a589ac332c72dd

SHA1
22bd89d0873466727de7a27bec5b178668c348b7

SHA256
f25994230d9ca7441d1020a390293dfa9979d495af7f81a344a535620c91d7b4

SHA512
ee699a077a14a6630cc36917e7fd75d10cb91a4b9959e0ce62c658ae7308e4290203c96e327617c90a2cb03cfd79afeec55779874c47eb74aa7819785cfc1eda

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\SqlPersistenceProviderLogic.sql

Filesize
13KB

MD5
bc2665f5e11a4e5d7fe519ed71faa781

SHA1
aab89de4c18aa0a1bd71084c60c439d789741090

SHA256
5a709ecf34f71177560efba280c2988a3024f7f4309ac20bc168a6764ff76e62

SHA512
e3588e515bb920c0f0dfe4b786b3a9925fed1ffbecc6ef976a79d50b93d98fbac9f9ffcb83045d29413d22fbafb2016ce746354cde5d8c20466c0ae78ecac623

Download Submit
C:\vcredist2010_x86.log.html

Filesize
82KB

MD5
c91814747e9208a77dec3dda92c5b431

SHA1
c0a5ebe49a0aac52bc031e8d0d454b2f8170e1ba

SHA256
0dede397f44edfc0890960847c9d9135767526ab07f1db8b437f549d630cd95c

SHA512
0b8f96b4455b6f3e0959ca4ab55e75f398dbeec0430e9101f0297c52b61a09cfa685e9f77b16afe73b05385c0f06b237a46c4b05b4283bb2d4599d9fe000be8e

Download Submit
memory/2952-0-0x000007FEF69BE000-0x000007FEF69BF000-memory.dmp

Filesize
4KB

Download
memory/2952-5-0x000007FEF6700000-0x000007FEF709D000-memory.dmp

Filesize
9.6MB

Download
memory/2952-3-0x000007FEF6700000-0x000007FEF709D000-memory.dmp

Filesize
9.6MB

Download
memory/2952-2-0x000007FEF6700000-0x000007FEF709D000-memory.dmp

Filesize
9.6MB

Download
memory/2952-1-0x000007FEF6700000-0x000007FEF709D000-memory.dmp

Filesize
9.6MB

Download
memory/2952-3032-0x000007FEF6700000-0x000007FEF709D000-memory.dmp

Filesize
9.6MB

Download
memory/2952-3033-0x000007FEF6700000-0x000007FEF709D000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.