Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
27-11-2024 05:24
Behavioral task
behavioral1
Sample
f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe
Resource
win10v2004-20241007-en
General
-
Target
f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe
-
Size
12KB
-
MD5
9690a2513021c69025be547b2ce313a6
-
SHA1
3a727cc36bd882844072e4e79bae64a772171005
-
SHA256
f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395
-
SHA512
56ba2ce43c96e096c3c6fd86fea3cab7ecd7d0e5317c19e8163f6354acfd50129fb9b15c07caab35fcd65210981d2a74756acf7d148472a602e9e5b20d80938a
-
SSDEEP
192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMUDt:eebFNw4Pk1itKkpAjjI2YpdmU
Malware Config
Signatures
-
Renames multiple (2534) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KyN5377FpuKUICV.exe" f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\mdmati.inf_amd64_neutral_ded8f26cdee953c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnttp.inf_amd64_neutral_18b899bdc8a755fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\System32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\SysWOW64\ru-RU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\shrpubw.exe f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_eventlogs.help.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\mstsc.exe f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\newdev.exe f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\oobe\background.bmp f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\PresentationHost.exe f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_trap.help.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_neutral_1c5bc8e71eb90127\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\System32\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnokia.inf_amd64_neutral_a8e9a41983d33a0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\find.exe f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\SysWOW64\Speech\SpeechUX\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_execution_policies.help.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\ktmutil.exe f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-international-core\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\SysWOW64\IME\imekr8\applets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\msdt.exe f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_operators.help.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_locations.help.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky307.inf_amd64_ja-jp_e40bd14f18e8ff7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ClickDownExpanded.gif f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsPhotoGallery.bmp f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\SysWOW64\Speech\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_History.help.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\wsmprovhost.exe f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_neutral_b4e8ccc6ba210e97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\System32\DriverStore\FileRepository\prnrc00b.inf_amd64_neutral_3338d41663aad5fa\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\SysWOW64\MUI\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Switch.help.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmirmdm.inf_amd64_neutral_fadec14b0a37b637\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnova.inf_amd64_neutral_b52d8db82d8c3be9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmpace.inf_amd64_neutral_f5caca1789a3c28b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00b.inf_amd64_neutral_89b555703683b583\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Session_Configurations.help.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\SysWOW64\Dism\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_67db50590108ebd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc9.inf_amd64_neutral_ff3a566e4b6ba035\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky007.inf_amd64_neutral_e637699044f367f3\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky308.inf_amd64_ja-jp_d90af802b607044a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\SysWOW64\en-US\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\rundll32.exe f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Ref.help.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_type_operators.help.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl004.inf_amd64_neutral_1874f16002601f78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmiodat.inf_amd64_neutral_839e9ee1a8736613\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_neutral_24c807694f614911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Ref.help.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc0.inf_amd64_neutral_c24bcc939e6dfc23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep00c.inf_amd64_neutral_f0d9ddf52f04765c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_operators.help.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx008.inf_amd64_neutral_75545721835fd863\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Program Files (x86)\Common Files\DESIGNER\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\THMBNAIL.PNG f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\THMBNAIL.PNG f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VeriSign_Class_3_Code_Signing_2001-4_CA.cer f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous_partly-cloudy.png f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Program Files\Windows Media Player\Media Renderer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Esl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR3F.GIF f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\UKRAINE.TXT f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14516_.GIF f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_over.png f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TipsImageMask.bmp f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\PREVIEW.GIF f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\TAB_ON.GIF f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\background.gif f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02503U.BMP f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21375_.GIF f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Hand Prints.htm f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\DEEPBLUE\PREVIEW.GIF f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_center.gif f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Resource.zip f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_docked.png f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099147.JPG f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\form_responses.gif f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Program Files (x86)\Microsoft Office\Document Themes 14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309705.JPG f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Person.gif f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInTray.gif f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\0.png f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Program Files\7-Zip\Lang\ms.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\amd64_microsoft-windows-i..ibinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_527c841acf824599\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..ng-client.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0b6784e7abb50e88\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\x86_microsoft-windows-d..sh-helper.resources_31bf3856ad364e35_6.1.7601.17514_en-us_12354d05087dc778\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_microsoft.windows.h..r.media-driverclass_31bf3856ad364e35_6.1.7600.16385_none_f6a491aca769f33d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\x86_microsoft-windows-imagesp1_31bf3856ad364e35_6.1.7600.16385_none_e43e4c6053ffb2f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.ApplicationId.Framework.Resources\6.1.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_compositebus.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f6f2bd35efd4e8c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_microsoft-windows-e..ntication.resources_31bf3856ad364e35_6.1.7600.16385_es-es_af29a5cb947bb312\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_security-malware-wi..-defender.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ed4b155baa9f0415\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_64\System\adff7dd9fe8e541775c46b6363401b22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\inf\.NETFramework\0000\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-u..ountcontrolsettings_31bf3856ad364e35_6.1.7601.17514_none_e1cb175aef3b13bb\UserAccountControlSettings.exe f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\x86_microsoft-windows-fontview.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2af1986d004758e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehrec.resources_31bf3856ad364e35_6.1.7600.16385_de-de_866165959f87dc9d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-shatter_31bf3856ad364e35_6.1.7600.16385_none_0cd72f8900478c68\NavigationUp_SelectionSubpicture.png f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_prnlx00b.inf_31bf3856ad364e35_6.1.7600.16385_none_615675d47bc222ae\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\x86_microsoft-windows-d..lient-dll.resources_31bf3856ad364e35_6.1.7601.17514_en-us_57ee6a4218527f7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\x86_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_8.0.7601.17514_it-it_cbf71fa4879b221b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\assembly\GAC_MSIL\System.Web.DynamicData.resources\3.5.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.16428_none_290549f61579b5a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\x86_microsoft-windows-msls31_31bf3856ad364e35_6.1.7600.16385_none_cbd629da03c7535c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..re-server.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8a4156361be8320d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-irftp_31bf3856ad364e35_6.1.7600.16385_none_b2af329397f29f60\irftp.exe f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..xe-common.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e687bd72ba054f0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_prnep002.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4748b24b19a6eee8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\x86_microsoft-windows-a..core-base.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f6ac93e01f514c9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\Media\Landscape\Windows Logon Sound.wav f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_it-it_47371910bb7e9c6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..rsist-rll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f01380ac074756d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b\usertile26.bmp f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\shuffle_up.png f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_microsoft-windows-nap-oobsha.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b856c4c605edc086\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-security-vault_31bf3856ad364e35_6.1.7600.16385_none_4d5e025e54ba15f8\VaultCmd.exe f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_microsoft-windows-winsock-legacy_31bf3856ad364e35_6.1.7600.16385_none_3f5a28502b37c577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\find.exe f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\x86_microsoft-windows-secinit.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7c6ca7f2f717b8e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\x86_microsoft-windows-i..eoptionalcomponents_31bf3856ad364e35_8.0.7601.17514_none_1e7b93842c84c912\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Globalization.Calendars\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-recycle.resources_31bf3856ad364e35_6.1.7600.16385_it-it_356ec05871df5212\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_microsoft-windows-setup-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c7f40c37236ef58d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_zh-cn_70897adaf67ef72e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_server-help-chm.lug.resources_31bf3856ad364e35_6.1.7600.16385_it-it_15c431dc2f3514b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\x86_microsoft-windows-sxs.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f1a7841ae721d906\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\x86_microsoft-windows-userenv.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c3c89a0484c588c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_installutil_b03f5f7f11d50a3a_6.1.7601.17514_none_0826be6cc9481df4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_microsoft-windows-btpanui-mui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_436bd26aeeee1760\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ie-iexpress.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_c90506c872cc37d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ldap-client.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8e70050b51da13ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\x86_microsoft-windows-n..structure.resources_31bf3856ad364e35_6.1.7600.16385_de-de_451fc49d021f96e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a933cd1241698e4d13d80c8cb31d7055\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_lsi_fc.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_937cef3e8cbb2336\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ie-ieproxy_31bf3856ad364e35_11.2.9600.16428_none_7285f76d5f9ece0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\msil_mcglidhostobj_31bf3856ad364e35_6.1.7601.17514_none_0511883c277e4ef8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\x86_microsoft-windows-fontview.resources_31bf3856ad364e35_6.1.7600.16385_it-it_608d378fb9505231\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..-binaries.resources_31bf3856ad364e35_6.1.7601.17514_it-it_e3dca8929026e05a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\daisies.png f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_microsoft-windows-grouppolicy-script_31bf3856ad364e35_6.1.7600.16385_none_c10c2a29895d4994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-full_31bf3856ad364e35_6.1.7600.16385_none_ce3a164d3f0fa152\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..iprovider.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_456c41a693e747aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-mofinstaller_31bf3856ad364e35_6.1.7600.16385_none_6e1250e34571b3f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe File created C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.17514_none_9c12e14f7dfecaf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pizdec f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pizdec\ = "MCZJGRNOTVEWUIU" f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\ = "CRYPTED!" f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KyN5377FpuKUICV.exe,0" f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\shell\open\command f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\DefaultIcon f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\shell f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\shell\open f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KyN5377FpuKUICV.exe" f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe"C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2440
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70B
MD52e07d07f927a600d6f86d0f2c149828b
SHA12cbfab45834837739f49bafaf63f1dec1cb96acd
SHA2567e56f0e84c96de7dc45391cb351be97fe564a8275bca88e647f03694572a6926
SHA512f9f6c33a685f0b324db426f1027fe61b2f81ba3842231c76ce7394912ba9ac6cc285bbdf26d247df03bc45fa74450d1d4a1c89eead09e41d6496646737148e7b
-
Filesize
341B
MD5e8a384e7197ab98355f8fdf9258fe654
SHA131c122eb15ebe22d5b4089f0c84a5fa26f81ba15
SHA25607249074f13816ba8e62016b72bd32a43a68c8c1dc0f460c606c2d9b2db51372
SHA512ab0bbc74e6c2e98256a19bd7fb28ad1ca589f1fe9322beab326028acf707be6571b5a865b11ab687128cfdad8753d2268a0f775135afb32d06e87cd128ac80f3
-
Filesize
222B
MD51cf2315081b960779f0de0a5aefb694e
SHA166e2193f49ea00006d136abae7cab516d37208ef
SHA256851bb8a5220681600790bf7add7e818795f0b9895e179f8be73ca00855927feb
SHA5122f1d1701ee962c73034fa2af23de738bd895a847ff89dc1b2724410c022a7a2e5acb38f0f8e034f3b44781f479fe79984d24eb441c1ed495a0d5e16f8d0d92ee
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD570868140a995c83d01650b041da49621
SHA177763a444aae53e1d37ba881e53421ed8a4fcc8e
SHA2567437abc6835f1d4a6b37495104c36b5ccbaa3ce6da248c6bcd95684a59d4b851
SHA5121ea889d0770049c0b82f040e3fd3958b1e09d76eb4348e67f4050f94faa6ea1c6c68d0fe41877fda4f62bd92ea0f8546e6ca9604a76053707b53815c133e9ae1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD50a6ab87c998d2ae9bdcac2e544662820
SHA10c74bb97420cc8f491c6a1135e69944fba09c4ca
SHA25629516df3c3ebb19e88dfb15f2500b05ac815b360e3526e888009e3dc3ae5973a
SHA512ec5e037b4917bb5380966c6a359e8ac622b125ef7baf2e2854b4e9605a018a1111d5826f720eb2e60239f23f91ade66fd165a99ce683f043f2a67c8b791cbb66
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD57a6ad7cb398a80d33709b240066308a9
SHA11edbfd07d8eca2a2c440faca94d4d21b309a0887
SHA25623922a96216cddb32fcdb17bf8eea33c9b22494804403b012b4e97d6ef6f3e75
SHA5120e60520035f34a5d9a24ce8f9c877ae800b6b2b53bafda35a9a8496f5f92cc0b37839064bab03821a1e18dea7d80d68ef45e281991eebe4b82a6e2942b52f313
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5106e81e0b05caddf249f36884cba735d
SHA15ee51ff57bdfa8c21d41d0562f8181846bfc9f76
SHA256dc5c48d84ffde73a3b16b35e56e05356bf8c9cdbd11900c68a866f7793774611
SHA5124bf19337dac9cdb22ac3d214cae9161d7c4512a42eb6cbf34a76512f7cb382f28558482c506f8bfa17eebef01ad3219f3a7e84516a4870672443de0849ee2b51
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD549658ccac1563c0eabd0d44152787947
SHA12dbab69366e113913d34e060ba83e7fd607faa36
SHA256701fb0f2888bfd3d3b6d08b9e223a99bb0738419e83dcf1502c5bb63f3c0748d
SHA5128e6db4689675a6008ba790ff983c5e8e1ce970ee4922624702c8cac0e53308a82a6ed4db881a3596e9587cbdb3b2e3a5d1347243492eb4190303d733a2073fab
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD562f58203f45d62c8a5ad60a9c0c965c2
SHA14bbe57826279d359465b221d1bd3a30965966a45
SHA2569d83255810e149e8526efea710f906c33c7b5e685863c0c4b59dc837b1c850d6
SHA5127c03ee00731cddfae00b58548d74ca2cea104109b43e80199431e3f82c6425e8dc96babbc90227589e2dbfdb8bc511e5b31a1b718aa9746dedc97f2fda5fbbd1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD58bbac39d12af89e241b126fa124326ee
SHA1fa594d51a81984bf565645318830276b2547c84a
SHA256616da254c6a8cdf8a6c38e859af8df32f71d98f7f8b1530edc1339fcfaa22202
SHA512473ef89a13e1da5690f11b83428a11ffb9438b7b54aee42f2d27787c7dad3f88c616255c31ff27e4192e74dd2088cb1e5f573cb1cd7fcbb3d1ba603e014f3826
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD519c7564df3b780d99bb4e85c68c8c735
SHA1fbce33693716c0f02576c4aebb99a048ade53c6d
SHA2561daaa9281e6f724bfe962e519ac8f648bf4659b3483f43b76a17152eabcce951
SHA512a0173b2bba80bd40ea9260d25bda4ee5278bef40278a16d502343e67d32c7cf1e72bfbcb4b1ba90d6e427db3be2fef3a572bc4384d19549a823f5c7cade78563
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD5c40313d267e4f9605771172948b71468
SHA1d2bfdbaa80674a400cdfc46a2115ff615e88ef0f
SHA256bbeadce24df5a9597da8936a48186f41d12480ca957f061fa2d9a7afeefa3b24
SHA5127772ec178575b8c64295f94d6393774204dfda59e07c6136bd95e1685c340064f01788b5c68a7bf6bbe058c5771a15f4c3fd1d01273928b600fe72a9b520c7f6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD52dee98e41fd4a52a5803347b48974a53
SHA128e864343e66a83446ac800f8aea9c1e745fc13c
SHA256d82522965a5f120cc39ed89a9d509f6095842bccf135282a08a7348b90fb0a42
SHA5124bf1c8872d76ab4de7a5d5771342541a6d7c5e216a8d9229e47873d80884cc91e1fa92e78e74ef4cc28d39a522dabfbf1dd3a4a2c715ead14a20ae5c73f38423
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD545d99843d41c1ad9d946e1cf601f4bcd
SHA16a471da368d35e84ba074c9216e2a66bc3153ea6
SHA2569aabb29020f5d54c07233fe0e79e637e0872b6804e602854343192d6efa7d12b
SHA512c182111a7e328134ccfe29bbc204fcd06e24e5725e034a83ecc5cfd8e86a88db3bf80d1a67db94d484f5655db67ad79ae1d085014ecfd8c50ba3a12dfc7c482f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD5ffaa54b9390bcd0cbe1d32e3f8ff44e0
SHA1bb3f3cc2af86a883ddc11128b8f2251a234e7ef1
SHA2562f90db83977b632ac4202a86d240d782023c22d444f28d491ba1ffe876fedf44
SHA51211a3a55bc87c0e9a06640ec752dc0f17d13f22a676e46572adcf3831d6088924d47b3b993200ced0609e1e33235b2ae6a291afc3e452988b740c9a768300bb00
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD5782889c42138fed532ed305b10e2a214
SHA1173281b7a24272b0534ca2b30d35d18240119de9
SHA2564bfdb07fb405a3951c3c12e8bfd614e7cfb13fb6e365e11f18818d9a9f7a5401
SHA5121ed30661792cd95fe5b0e48d20bf064c387158692cc2b760f965f43a1c5079834a166cd6f7f477c9fa084c4cda1dc95bf6970f33e6add09c1aaaa382661c3713
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD5eb242c91af5ec8d3b4a24bebf019016b
SHA1d46f2ea26641cfa38c4461d08f7203143f1e3c92
SHA256c2478bda5a7eb75420078f4678c8059ec7a9f97dd92bea615cf9d1934b7944db
SHA512ad1aa3b9e670464626fa8177228e6705b08cd8eb684fddb605622bb2a3c50acca481d0cefaae89760ef1f1dacb3d3afb36fa97f9b81790c1772a5696390b14cc
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD5856ad4981c174144667f232faa6f8e41
SHA1d184e19a9bda13fbd1878fcb8d515c18d81a4f96
SHA256bc3d39c56710f4463d2ee0db43934e09f282f4ea3ee13525ee447826121416ee
SHA51239c1fb23eed4cd1e67a39ca0ffce773304ed0c3653726639fd9c552513737bd0803aab7740ac0ae2b10aaad6a7e17b67967135560ba421b011652a0af0f73977
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD58ca8b87d0c618e45431d86922f03342b
SHA19a06b7ff6af196bba91d593ba643708b0e4d3a10
SHA256fcd5ede561bfd9c15e0a8feca02f14bffa393a4182e514a8bb3aed9b147bba91
SHA5122e2ff7ba3f2cd6c1ea725c83846e7f7dd948e0c3285ecd56529fd6eb5ace8ba86909b24da397074ed41d40811de36d590f8727d092fae50ca999ec6134cd5df2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD52edd0d46867439c8626511152438a968
SHA1eb7c1bc97e595c05eb56a7c7f71acaa07a79f39e
SHA256e3eef9cecf546c439f7fbf1b509a45070b1bdc1d33a9a4c17b96adcbb616d507
SHA512f28aca2cd89d0782257dff03dae9067ed16615db211f466f3530eebc5bca1859fc86c6dec134a4380ef0ca03f5e4ef1bdad1f820069d9e6afbb1aea04fab880e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD59693dd3bc1e3b16a048342c7cc1315cc
SHA19422424677f9a97a8f6bd21044be2fcb8e7b06c0
SHA256c6288cd8c0e860f10f84172ad196d226a6c8ac4e9f3ab5745d84e89e1a91f6f8
SHA512cb1186e0c9477dda41c7c0696241baeba21611fb52b812cc56382ef2abe2e51c8406be9db6510873af35e93af8adb2e3dfbd0908d8b5a91dbb5e0455b2ce72ee
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5d2812c4d31821f93bd52f61776c1611b
SHA159fa963eaab2ce5f2ad127cb0f4659631aa9ed2f
SHA256d46541a287106810b71cdb2e931c89f4de12f0b9b30cc4bba7ceb424bba0bf25
SHA5120c076683fe0243b4fcc3a2c9fb41b5ba7c5359dc893ae93148f00876e48f21faf0499122e592544f8d923acdc487ed65d6cc3083560c95fe09b6f189176c5528
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD515136134f315c6a9da8f923ea3a6101f
SHA16eeb6b3c176b6eec2f69ede560f307db2407f20b
SHA2569ff90b78efdfb19f3334464fb7433582c492e0e83bcbf91ca594720fdc3ea03f
SHA512ffcecd2cc302516cbedd465c609e9cb92351013bc10674d822c45f012e70cf991883f546383af9d637325d978e3de37268b0acf75ddb100331ff8c0f49acf02a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD51d96694575b2d80f65a027615e452d44
SHA1ed50983286db82f4c06d62b734a10ed32ea6d977
SHA25649e82b42627746babcb5a473708fe8273aa91c48220d6288f0f5afc02b6ffa23
SHA51284b765101075302ca5d643305bb221c4d61f8f2009cfa004480b8e80bc34341c7a96821b1a16e008b0405a4ea4275029e45f71a38ddd704593426e33e1fe9d5d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD55e9385048d76b9a07c05898ad75d6bac
SHA1a02fa8688c60a42fa2f0fb7ca36f15be030e2f41
SHA256986f4ce2f3e49c1f4db87bef5d71f1628b863a9913c617c3e048c77d8a169d75
SHA512a685127599f5ef82614336a1b9566223bbc9f5ed5a033b8ff02d02c0a73a735a6fff0be47819cf763ce3cbf011e80837d163756c926057e55a1621399a49f723
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD57db5d3fbf26d762855fe8c189959c767
SHA1659f023906b0258fbe9ee3cfa245d2a7068e66e9
SHA2566e043af6526fb67706ec870fb5e3ad6b0465a1989397915d43574f739d10ed98
SHA5121eedaa87e1d96af4742e858d4b9b030e3ae41aabf1615d5cb1b495958ea86c7615b77beac80df8f80bb9c0ceac360667792ddeb5c8a7d7fb99b630d9096a4d35
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD55bc3db37b9daa9af02e1aae389eb3aab
SHA172d0a85333abe8857bbbbd66ae5b84937b697f3c
SHA256e715c047430171be317e0270a91895a96580af26b921200b67ff1cf54e3cd22f
SHA512ba23ab32b04407205e3c2d33c3b63eb9b8f84947b7d8ba5b3095fc30d56154bbcf77fc16781c79c13e0ac32f2d387fc8267b2b410203a237a9b7d3f4ca0a178b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD51439433fe5e1830b45b2ad3a7b973074
SHA1acabc678abdbffeae80842273813585404e29e13
SHA25604c8d019e2ba39c2c38e7f073f2fb56f83fcea88d2c2f4d90427dafc4b2588ef
SHA5127b72bddbf275a04f5183c42ea0827ecf80e8837411d82d77a5f73135265e219708c5a9999f20a0dd3020d6e1fb8c2a00e3486e81a66b5191d244b9c4faffcd84
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD571a5d86f87a4e437e9a8b289851156ab
SHA1cc4309969bbd22d48329f6d771dfbae09dbce47e
SHA2562395a8a63150e9def4e4fcba69563cb94377c57fbe99f728765cf3149082b460
SHA512fe7f5e1ffb412fadddca8318b017fcfc109576adab824b4eb16fe199badb4ab1eecb5c6c5cbd06a0d0ec1ba12cd36c79f751b04e50a303e9585ee6d77da27258
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD58d27cbf447d85f5e003dfd2d1c7432f5
SHA1c79e498c6363457857d54a797b6e0c49f62b4d70
SHA25603cf871fc7471c62721551af99fa028a099e8d30caf2a6f30b4f1d7ef4b21be3
SHA5120bdb36ba6293507dc79e1562f5a9106b7246cee96386aa0ba5067953a010321a9a67fad3719b63e8cd8596825a7c400f02bdb514fb9550a3b1323fb08f029ee2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD56320f2cc8c6d5a0d409a20e025ede0de
SHA110662ae4fdac755aa9237177e0054ba005307055
SHA256a88b652df4d36e1e0c7225f11288631e77585423e7a902041ed8fe79e31f4cd3
SHA5126195f9fb5d90bdf35506925e37d93e0ab73aec9d787ed87ad88e2d213950f169799a3505c92db51d922fde51ebb5948130c0a09f11bde23b20280dddea09ba3a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD5b010d952012ed3b37f896580c409c67f
SHA13eec8bf8030ba0eb40dc261cb86de110367692f1
SHA256b3d041aadea88b17ce6886e3134b65db3b93ec46b763f69675edada8c4c5d0f9
SHA512ff7419ff3a831d12e1a6aeaac387ec976c9c38a08cd417b2f0284ebf3327813d7859bd632c1239f35e725c32d38cb9ff47df560295f665dfffb7e3cd1af025b5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD5038190b71dea6fff329abcf94c26063c
SHA117cb4df9121e186ba9079afab7ff21e3a3e9b4ec
SHA2561c4a4353196bda1c50c4e7560b80b61d3a27362349da6e18811fa3cbab463cd2
SHA512693164f76b13a8ac40539b647ec34247fcff06fe4ec2cbd58ce958815344405395a440b82e6746a25730611eaf65cfb186f7e46876d68d59d8c95005b1078ec6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD586e5dc0c81102a4db2c92d25b93ced20
SHA1e60e03bd79a0fa45b608399f02584e3ef605a3f4
SHA256818be666e58fb8de6b604bdeaba1ee87f898d7a1f413e1a4e928f89bc4561ef6
SHA5122ce33faf1a2513e6bbc108c40aa932d26a1e9d6568fe366fb9eae42ce3b9eb7c3a2e12ac6f8604a6cfd91774aa2efa99b6a9f6933aeb23b8bce49371e63e7c42
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD5a5cf636bbb623db7eb429d884d856468
SHA18137a7135524cacc62fd71deb643d99cd9d72329
SHA256b8d85a7fc58223b78245b2c6f438182367d13406a843b8d6b5277bf91b385697
SHA512b63775a15d63295c753d3dffb9e0bd3cd05c578f90ac6dc148174db0598e4996400905ee26b7708673ac4405cb9f2d5a94bd616133b64b90e16398f70e8b63a4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD539612200af6cec89f6a5f93c9285038b
SHA1ae88905c40331aa9dcf8c7a1cf64060b324d68c3
SHA25677cf6c86463c7fdc857bdcdab2c993c8ce6371356ffbfce300c1485bcec67464
SHA5127e68b183d5de739392392ff7f7651a553e3b47274884842c55c8d926a4b7be9b7808d37b37123e86271e9410ae7050750242439d7079eaa45986f61ebccc1ca0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD520e1c7965bf1912233fe2d843133b021
SHA1e1ee06c904c54ef9ef85998d2b2455a5ca2e3878
SHA256f4fa21e727e927ffff7fb3f3db33e3ddac446d6776bf0dca5de34c5c0dcafe9b
SHA5129481eebb85f0fdb89c61e524e97d322d3234d6b2e8def913e106eaf9e6433429861be22ffcf2120ade4d7c6707f7effb9cd87c722a2cb824e45bdec0a6d47d59
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD59734f739af130232966a9472f5fd6b4d
SHA1f5639c52b45169fb4c0a929b10901666f24651b2
SHA256cf7e2354275877b6b1a36e0de6143c14492c5efc4575bb4e2a32fc178bb5ab27
SHA5125bba9e47b9528bf364a540f85bed13e1d154c284c32516279515b84f10dfb7a9ab8e10531bcec05f3e77a9038e48f3eeca5c0f9bb7434d4cf6a745faf0a57e09
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD5e6fe97919f30498c7b2382a05d5113a9
SHA191aca640f37feb42037c8315ec43bc591d64b78f
SHA2567091952103cd73ab7bcf1ac62f91471ebba6675b7fba8a3a42c10de2ddb673f2
SHA512eb66db8c189bdd20dfd85383b5931d3c3b111412881896142ed5dde07b5fb07c83d39ec03579787ffb98f9cc536a8ac3d24feb83f53339eb11bd9c3db507ae07
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD5ec60b41e0b5497812d261bf11992874f
SHA147c513917e0ee340d119d3be764b9cf88210c598
SHA256437e72611d2570e04a2c1ff299f0001ef1ad4276d12753239cf2162daeca3677
SHA5121a7b1bb9ba46883f0c587cdb4eca5e5a8e1bcd7c241faf7cca196dc45a8d9ffaecb639f600e9702b57776f27f79d4fc88d44b963c6fb839bef2de9fcbfce4b66
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD529aae12bf5c2d8cc1c2ba175db3a5e2c
SHA1c27fdd4ece9c019f1f7190d75b9d0ff2d861a118
SHA25627d90562eef2545ae7ad4f6d9b4ba93016abfcb255be6cbe5c1ab46dbe0efca2
SHA512358bfd41fc998a80a69e9e570c4c3cd5c5b0a905d233551667470e0c691fb3746a660c709118c3c474e5dc8f5770d0038e1c14c8fc0343de91158151aa149469
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD51a1825dfb68bed46bead0424b6972037
SHA1d1152c38e7f4d27c1c6d5585d2b0c69485888d9e
SHA256c1208b58e7913b87ce4379e2f780fdb76e6142fd44440e592007d6807dd6a4b6
SHA512cb058b05c0011e0cc2f41fefef3470e22f9ad37477013e5b2ae92e0be8c60aa1cd1cac820a9651d59bfd9d99a194a7cf1b1257856d9d28febc69f2aad9df4453
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD5d2b405430a247efd6e49b9970bf71b7e
SHA106f9c69023ba164f126948ec14bae13efb9a1c43
SHA256f24b96846b82b0de2cb88c43a86f2820c02bcdb13e86807bf1774a8028a3e826
SHA51264ea30c17cda6880b519c18d9a60474f6b2ca404eca8d4f4ec51abcce75bb444121caa0e1a87b5ab280033da3b6cf9a9b34b15e3cdb0a3b21bd003b91fef9ba7
-
Filesize
580B
MD5772596fe07a31c7fcee23ec9a0c42421
SHA1845012fda4cc92435e4405027e45ca54f3255bf0
SHA2569b138ba6bc949ea5573cc7696192905bf082f1d6e517832e15113f1cc3b2ddc5
SHA512feadc8726f7ea6daf7793d13215b3119e3f3b9a46291ffbfe2515e2ac4317b27992226fac1e6706889c733b087032ac97156390c07f1f1138747c6f8f54993f5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD50d7011bb3661f36856cb095aa3cb736e
SHA109fb1b815e2d19e7cce2c8d6cf184048a1763681
SHA2569501d4bd3c01626ba6dab4686449e274449ccd233f3fc8b362940efae15b1a49
SHA5124ce3f5c411d96c652e82d6dcfad2d0006fa3f0463d45e355fe609a09ae56ac286bc3d74c8ebb15679a8fa2baa0841332b498a624225b32b2c1dca1571ccf15c8
-
Filesize
625B
MD554a408b6e0c498b75c651cf36c153660
SHA1101938142541ab746c4ab1f760259196a1fbdc51
SHA2569d796ef78a613db9272a64acf5a10074e906ef9dcd1ed9444142a8b414550058
SHA51262ef8986b967e7aa01e5ec535a61333d45b76887f48b762cdd004b09c66ed07b9d076b84b6ec61c20011b1b24536b2d73edafa000f931a6a36087b6e9a314f76
-
Filesize
873B
MD53a7633914bceb1b783261b02884ed73a
SHA1dd393148df9d409b15032bcc37c16103e94a7aac
SHA2563580467d3e70314d2e29e68846121ba3e999a02158ac636f21726af71da79a3a
SHA51219cac3da3615c7681475e180fc8dbe0acef9bed37552c00127ded446f97b75c2aeec01383c723ecd8273656002ee66d48b884a90b6c53502b14074d4ad6065dc
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD5b9fba64ccb5dce5c26054051c9f97918
SHA13ec7887397ef208cb6336ec7bf0ea44d06a38afe
SHA256274ba58f35802dc185a881c9eb283cf256d7a825de2fe44ceaf63388d2bd23d8
SHA512b810d17a3ed8cdcecedc024260b1f7b0421f74f30f64aedeaa96596e24806dc372bb6cc4c58f48b0c4e4d3b5f1f090695d07125500ee6784395645080eb7860c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD5c2696e4d6ba7149b28305c1e60b18950
SHA127e5772b310a893e1f74b54cfaadea31c51b9f84
SHA2568f2c0d0ae37fdfc43df63051881e4ba6be02c8283d57f2f85a84b6a4014dc3dc
SHA51209acd456e6bed2af02b4e35259bf060a7ddac9aa3b7b5204986db4e55f9fb0c3603d6168f29d4826cfffc283e73885b91037a2c9658887ae2543adc4e4ea86a6
-
Filesize
615B
MD5df56e85b42d4afe613d0f868acdd460e
SHA1b60e3436db76092d1689dc055be616d8806c3655
SHA2562bfef5175616e2a8414defbd8b6f8497cd333ab669daac3ee1622c3d913224ce
SHA512c295218281e9587e5c49d9f88263f08730d260ca185dad8d42502b9d660bcf4409e1545f00699450aeabddb1ec32e4215283ca7a41a175f0c4ea6ae627ddf14c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD521866f34ebf8de2cee587060cb3deb49
SHA1655ed9dac1464bb77f0873e7c27329e3c57ae938
SHA2561529745f4f17e144ac0a45fd8b6db2ad2e53656a2d9a444f1b100dd13577f52a
SHA512c804edcf5e1edded28604de10c598ded5daa8743815c42d66b8454ab17cb0f5f558af688f694ace987b5781fa87b05b689a44a2a271adc2c393259a4d27e08a7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD5cf1b9b0d093aed5d3dd9c1f3a5927f88
SHA120d0b8561e87615a46862c39685365812c8cf176
SHA25623da459b9b292fc832827b7f8ef729dbc7e706ebc9015e051946aa1cd2c39529
SHA512cfb3f03ea6c4e783a4bb16fcad9ee2cab376bd412064fb1b02f4fe8c88df94a15efe3213294a0936d8ccda9a59a78f261a9e1a21df8901081aea3ffc7438517f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD550ccba10a9b966f924c926680ac083c5
SHA16ff74ff58662b35877cd564d689102546e511014
SHA25620e1251bc471892c0183f7a136a5bbb29976b224037cf6fdf7531be3cf41b2e8
SHA51256855e893416d4dad64b12655db35021b5a73c836e8e5792c02f8bfa7ab1f834c2225649a09a085d63f5e63a96b92ece2f7fb0007fca4b53343ddc3509c62412
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD5bd5e0ccfadcb2f8ac0c25b2821a202cd
SHA1afec5cee9c7db83dd210b81d62afa285dec72f99
SHA25605ddef3bcd5fa7e5d1bd966a4e5cfab0472d996a02d254e8e9c5b54c38b814a5
SHA51254df833a968d779518d8e1ebe301f23143281e27bb9c4fcf6be68f65058f4abc453729c1aecbe4c112bcf0113d7b2212e3c51e5900a7a7cac20c35b923a1eb31
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD5742af9170470f351fc52b1e7e975b4ac
SHA191387b91fadd260647d04baeb303f7fc415dc223
SHA256e8f589a3455214cd7a11d60ba96fc1e71fba29bc8667d7054b6fcbfc9fce0858
SHA512396c1aaaeb097cba1015eb068e7700a83c78b6120b540f03caca479ca47c9246ec276c8453e3f586cf7b09d5d26a4d4de18e062b3dfd8c8bc3c52fbe7b299342
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD50228a84138757101d7ce089c61621b4d
SHA141c49df006a6ac81192541183fb93e35cbda31e7
SHA2567562a5d0b60f7c7cc9b263e0ce528e9379e8e63d649e809ad783b26c417093a7
SHA5125e70f015a37e5e22ab0c1c9b42f5b23ea8849615b04fdf5f4b428ce22f616598395873ca125472193fbbccd7c00dac8f13ec4a2d5cf8a8225e328c3b55e45452
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD5d2f6ac1d327676afe7eef4c29f3857ea
SHA14ed9d0292168528d9a767cc8486219cee1a5c364
SHA256572f26ccfb0391b73ddeecde9eda2d5935c4848b0662e1a1630641bbc0eee476
SHA512d78622d274ad6488e1d3bdefa2c1a90e9a8455eb8b8bfbb7f822aca56c83102b645ed00a088c728503f4b0350cf8ec76fc6e2b76563956c2aa21f99da53f5771
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD5755d7eb88776d9d4632dab2c568ac1a7
SHA1ff59840f5781f3c9cb6d0ad56c003a111ebd4ca1
SHA256684bc866088f2ce309f3a24cf049d089838066e69bb04f1ab6241f52dffac6d2
SHA5120e3310ca1479b593745671579eab8e9c93488b33f7094dc8e2e2428ec81f1f17e26238a96d6ed7ace9fd7ea6ecfc9373ee120978d1c3f83777bb12985cee2675
-
Filesize
153B
MD5a0f37f3b5889c51f327baa9125d2eb47
SHA1ddb1b332b8ac74a10c6351cfc81464c4c5b48ef0
SHA256af5525e659bf85c0a7118216b68f7f6cac015cf520652f0699c1de1655b22716
SHA5127523f38e3fd5d221e98486d4587c7b16a856510ec20ccd117616f6cc75c8237416bbb4994798dbabe7f847202a035b18411c2c609b728336f07f3c38e79469df
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD5dbc15ff3d5774c7548e3cdf9cf777a30
SHA12738a2a5bc1438d41db17ec703025cdfb4aef1a9
SHA256fff8b38a9c1d0d434356e254e9fe308ace74aff2111fed152b3181673bb785ad
SHA51286cb21ae99fc98ec3671793bd1920c467b9336b1a38e65eafd27e143e32329eb933fbc994bde23ca471bdac78b80330d04e75e075725a238d508af059439e506
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD534abdc9320948ee877fd26bc46151f98
SHA1233927fc21233e09bf18bd1f4ac870e1fb38d2de
SHA25681eca1a8f497af02aeea8c3688d7977415f307fe4514052b4d927554e8f1c45d
SHA5124b76f3679ca1f3c366b174198cc4e578f281e9e806a6caa2a6573918d1de29bdad145fb5adc8a45168d87cfcf6f6e70876d922fdcae06286dbe02063f77a0250
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD59a7041be0b5bbd5f1f9d3d02ed1de85f
SHA19df3c5cd93da26c2f9a891641b5071041b32c09a
SHA256fe217f46040979be0d04502383d01a53423865d96c0a861cc99fd18836c59698
SHA5126e7c3c3a3f719621fbcb3a0f1be40605e237dffedce43e44e45378dddb905feb97b12acafefb9e9de421aa4c9219df23e83dc8178fc1a9f1d836d9ee8160aafc
-
Filesize
109KB
MD58ceab995e8b6ff46378c3cf4368f9b2d
SHA1ca0be62544da425aac813ee41f25e888d79d0a3f
SHA2569d129bc4cc67debd8467f17afd606ee3b33574acd1c6cb19a241bd2a914f0823
SHA512cf2a5ef6d860aaeceb94bc80de63f2dd02ad307663eb046e3111543b734e4c17719f79f838e3cc4949f1b0cb497012d42d4086a80eee4694df17ae70a1b78e46
-
Filesize
172KB
MD5950f5eedec48457ab0796f24295c1818
SHA14df81873eb10922bbfd4db60d90657a1dd9530ab
SHA256e1e1bbd639d803594abbe5d505a6677adcb0b329f26b17678cd8962d50fc5e5c
SHA51215b999d76ccb06d48acfecc9d0be9fe316d43b10a8c8d6a39c8ccaed2ee1f2dd7fca04b793b009534d3c1f3d5dba7906d68f16a217fda637c212d216a1e798a4
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD577285e2a7db1dfbd0689083eae321329
SHA192296cec642cfb667828878272c9052c01a39439
SHA256041fba4089de082abfa2cdaa6f21674feaf7d4d4552098d6f60718c0e0c99a9b
SHA51269e32f2236a872e6be5719ce5e0eda28b303c3146c3932b5445ec4340b2fb00d59580db4c0e54fec98da179d1ffdb529d02bc0b73343979e001c28414a3ae44c
-
Filesize
21KB
MD58287ea96cb08582fca386b37bc474fec
SHA1166d18e2cf8b200dd7c9b9cb9192f8d3e3f520e9
SHA2569fe45e6d150b703a4974ce9e956b265db742cfb9a66fdd112823be3b5256b013
SHA51293824fea1ae8a188bb88070f3867d6452094669ec86c7ce042dd476b8e79b57bee47d030bf1167c7ecfccfa8ef4dc3a00cdcf72c326c0701e677759a0416cafb
-
Filesize
1KB
MD5357fbf42ef0508bc44b271f28fb6420a
SHA1b9343cd2d5bed9a98150519871a9a58ce80cfec2
SHA2566241b37e7a4ba7856571f24066d05170a01127fc6b50760765524a312f54f976
SHA512d87c12ba767ecfa063e0dcb0438179f6560ff6197a6140609c8ee8f18bf8b2e81dcda0d2ea16d77971fa14cbf59b4e913ad45fa71c03d8ac7d98a1975d9a2061
-
Filesize
952B
MD55ceddcb22b10b4b11dcd0688038ff539
SHA100c17e6ebe477f9cd1e4aa163002e33274ee33a0
SHA25692366fcf63bb17fdd37338417857541d96ede2281d3517a1407cfa684009d36d
SHA512529f2223b2a86065a12fd79b4ff992c1bb72b8286adaf43062e72a7ea29f70f88c32005cf93759c4022011d669b5eb2499123866917c0c56058f5a5004bd6e3f
-
Filesize
121B
MD528ab2a193772b3d47cdfb7ac311c2004
SHA171782f5639da464f39c262f4b45a9c5927b40274
SHA256259075ef3b6609155d17a6c1e73d272f4c41fe46d5d024d88b88305535965581
SHA512d25b0c003df4bcc8225ae25457143eefbed1e231b71571694ca25335a5f81b9d44c7ca026482fc8b2b21a02f8bda6823429766fe6033f522ec3fbcbe7ce9862a
-
Filesize
1KB
MD50ce7f593a5212cedb1e6c9847c510850
SHA19b2599a91a9141e4632483e36eb45c149adb44a9
SHA2562699f0f85a3a6fd6ba7b223eb1a45437a89f186bcb312b42786dfd8ceee50b53
SHA5122c5ff148cafe1c28384c1e02c78791d225ed7ef7039fe79ea08a2f4329bff51b9e07fc6ac89cead8d7cb8960a4e5df449d410560f866d174b68d926eeab08413
-
Filesize
8KB
MD51d1836b02dcf448cbf897265189f97d0
SHA12514f529e1795c6e2f6f92065d194c9ba31a4b07
SHA2567179a94fcde23259219aff694ba90ad13c9c4cbaa3a73d9f5ce67addfeed7608
SHA512bb74c57c38f20b809ff61f55b79543de3167fe6e0949d4fd78dd2ab9c156e9d68f4b46e247f99eb094bea0ee8b6e912999f3014109c349af673691ba7dabbb15
-
Filesize
914B
MD534b8d6bd229d9302d81139fe7dc09552
SHA1e9d79f7dd51e614d71d61a8e196c95ca822a06fa
SHA2560e4d7bff5391fa9bbb930922f62dd35f786c970a63a14fb80a482d835eb71f31
SHA5123691907f66d78cf2c8f778904678f2821ab1555010a5277201bf13ad00921255461c30c30f82f537bf5b5c9b3f5c90fee0bdf776b63a7b67457a5c150f1313fb
-
Filesize
328B
MD57aa0b818a4113175516894b33e99f895
SHA1c331834e02f0a03baaf4dd40ef5e2a3adb41e6f3
SHA2560b5a17b8cd706c741501b1d30dc2550dd1c562dc7fddba023057b48ebb9d7666
SHA512c8eb1331e5c695a2ddb81f13669b831d1e31528130f814eb62e16f4094c65dc1cfe1b7fbc7b3b419579936e000c0210a48fb298893207684d13cb0c1cfd46ff2
-
Filesize
1KB
MD5e9980532d30168a8fe89846250472071
SHA1c31b8066d1e597cab2b7ce67b83a5ba8dd588db4
SHA2569ff84f55559d59b75da28e10e1ffa7248b6f5715f0e4a126e3185f8798b72e43
SHA5128e14f4110a40232ba7360cc317891cc5ff4124a5e08ab851f761a74b8df8d8f545d0bf8d0a0856ae250fbef6dcb6585b0bd34d8861b5094593766232017b6ae4
-
Filesize
162B
MD55d8fcc29e88ffc29db1fe1825405ef74
SHA1a0c963addbd06fcbe36cc64fa3fec7f3ae20e59b
SHA256bbe0ed4cb25f74c39f6cdffb6e63ec13e6f3b41298df5f8a3526005d1b0988bc
SHA51252bcb14399b41fc46a17f05061e5f1753dc1ac4bb413914fb6230a1587e19f05917b1a7b3d71a00c2262bb5d2199504627ecfc3c28b2b1f399db332bfd720259
-
Filesize
586B
MD5b4098e9d79282245b59849f54f889703
SHA1e736d78a7f38408b6efae59ba30d38c1ab43d0e3
SHA2563c1d92680cf5b0434235800d1ae866d9e3183969ae0275ac38fed1b38b183030
SHA512cb3114c731f9592b0eb5a7dac0d7cf4014fd1ebc16a25d250be4ae66a6a6dac591f7e3bcd4f8314a47d0f2f9cea669a080032f3bb351604036bbb68a45e5303a
-
Filesize
124B
MD5fee35a49a8dde45f6e0701ab5aa27a9b
SHA1528eb637978350ed17c9b2022fe972cecfb9b27f
SHA256445776130c7cb28390cd0e92a9c72f6e58c6e76c9c4a0c85507ecfa6f1d90119
SHA512696b1ea1172b9e391848b95262cb4fcf596956f5c6f0798db799fe57c4699f1e1394380be46adcd3e731f6804f43c37e2230f2a65089441bf52bb2df68ac84bb
-
Filesize
8KB
MD5b93afae955631b4ee22fcb8260cf111e
SHA1ffe19972f652a2c6b84d5a5ce2a774debf6fd849
SHA256362f60cc08ce5f66edc74d0659a07d61cb3a6921bf751dd27f67b0a130193cc2
SHA512e9b165c241c75b841787f3a1e203ae50427512f5ca3f5cf3cc77540e1469994253fc3bba2230c27d9b0c51877881a36ae19e901929b2a3f6be4caa291f7a5c82
-
Filesize
880B
MD51a4aff43c9d4e13543abd603566b10a2
SHA108d5637a26fe7c21309223d8b75d789a2081402d
SHA25669583f6ee7e97e7af96a05d01681507a51a9619a3f315afa9bb252783c204dc0
SHA512536d3f4bee52c563c76fd368b2f53390c61dda51ed3ac1019facfc7a3a86385f422a1e8a91eb50c248363bf208c132763c3570808654439fffbb60482a760786
-
Filesize
32KB
MD56b513c2c4f3a1a43fc16d9d7e9261148
SHA18ea28b165bdd769cfcbaabd0c8a3fa025f1c9e3a
SHA2561f9d4f52c7aad6ec4f33bba8c8da11205ae632c99f00ac4b807cf67bf7c11694
SHA51219526f10200ed6af744b1be5370aaaada2df60f292026a3375b5c831b50d2506ff45854cc439fb434deca53d7e6aa2867d43d74b43b8c8256b1b711caff3e0f8