Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
30-11-2024 04:11
Behavioral task
behavioral1
Sample
svhitsa.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
svhitsa.exe
Resource
win10v2004-20241007-en
General
-
Target
svhitsa.exe
-
Size
7KB
-
MD5
06a9c10159921f27917d59c473adf1a5
-
SHA1
b1f3252512aae364126de0c7047d3830778c2094
-
SHA256
06f6b90aa9db58d3a1c0223397a3c2ad3e59cdb313462df903374030897aacc4
-
SHA512
a62fdb6e18586f382d78c5ed51f3952c86cd9a533505cdb83f42beaad90fbc4c4651f53f86e75e5ab5cd1cfb1a77051081d2260a9a9674a2e22afa93cda99325
-
SSDEEP
96:ltZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExqoXAU6hARhTjq16lX3c:Tzdrr1FG1WDCgmjPZFXnNJX3YvubMUA
Malware Config
Signatures
-
Detected Xorist Ransomware 4 IoCs
resource yara_rule behavioral1/memory/1960-7399-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/1960-9065-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/1960-9066-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/1960-9067-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Xorist family
-
Renames multiple (2168) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt svhitsa.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EyB1f6FNc13b72W.exe" svhitsa.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\cxfalpal_ibv64.inf_amd64_neutral_4c42ac5f00413365\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_parameters.help.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_For.help.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_jobs.help.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_jobs.help.txt svhitsa.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\it-IT\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Path_Syntax.help.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\acpipmi.inf_amd64_neutral_256ad642985694b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\synth3dvsc.inf_amd64_neutral_bccbc5fb46a05558\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_neutral_4616c3de1949be6d\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\Speech\Engines\SR\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_CommonParameters.help.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\angel264.inf_amd64_neutral_04b54b6322607cce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep00g.inf_amd64_neutral_2926840e245f88f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_eventlogs.help.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_execution_policies.help.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_do.help.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky008.inf_amd64_neutral_9f6abc54cbf095f2\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Comparison_Operators.help.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnokia.inf_amd64_neutral_a8e9a41983d33a0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky304.inf_amd64_ja-jp_1b1a158086a263a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\prnsv004.inf_amd64_neutral_fc4526bbfbd5feb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced_methods.help.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmusrk1.inf_amd64_neutral_19cdebd3e1182874\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmvv.inf_amd64_neutral_14cb440c800fe9fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\prnsa002.inf_amd64_neutral_d9df1d04d8cbe336\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_While.help.txt svhitsa.exe File created C:\Windows\SysWOW64\XPSViewer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_neutral_22118b1072f57433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\it-IT\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\avmx64c.inf_amd64_neutral_8ebb15bf548db022\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\bthspp.inf_amd64_neutral_1b15060bdfbd09e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-GameUXMig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_script_blocks.help.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Throw.help.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmpin.inf_amd64_neutral_2415474b9db0a888\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsMail.bmp svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmke.inf_amd64_neutral_3e4daa83122b1559\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_transactions.help.txt svhitsa.exe File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmisdn.inf_amd64_neutral_061c61abd3904560\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\th-TH\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Assignment_Operators.help.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\prnbr006.inf_amd64_neutral_f156853def526447\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_environment_variables.help.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_properties.help.txt svhitsa.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-International-Core-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Automatic_Variables.help.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Path_Syntax.help.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_requirements.help.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_If.help.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_History.help.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd6.inf_amd64_neutral_ce587aa61510da51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe -
resource yara_rule behavioral1/memory/1960-0-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/1960-7399-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/1960-9065-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/1960-9066-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/1960-9067-0x0000000000400000-0x000000000040C000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Games\FreeCell\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_OliveGreen.gif svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePageBlank.gif svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\TAB_OFF.GIF svhitsa.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png svhitsa.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_s.png svhitsa.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png svhitsa.exe File created C:\Program Files\Java\jre7\bin\dtplugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Program Files\Microsoft Games\Chess\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\TAB_OFF.GIF svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR47B.GIF svhitsa.exe File opened for modification C:\Program Files\7-Zip\Lang\br.txt svhitsa.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Program Files\Windows Photo Viewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\THMBNAIL.PNG svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR47F.GIF svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR46F.GIF svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\SUCTION.WAV svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip svhitsa.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png svhitsa.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\THMBNAIL.PNG svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0146142.JPG svhitsa.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_m.png svhitsa.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15057_.GIF svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\LAUNCH.GIF svhitsa.exe File created C:\Program Files\Microsoft Games\Hearts\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR20F.GIF svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectToolsetIconImages.jpg svhitsa.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png svhitsa.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html svhitsa.exe File created C:\Program Files\Windows Defender\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\CONTACT.JPG svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsBlankPage.html svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABON.JPG svhitsa.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0149018.JPG svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00516L.GIF svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14532_.GIF svhitsa.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg svhitsa.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsBrowserUpgrade.html svhitsa.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png svhitsa.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21480_.GIF svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15072_.GIF svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VeriSign_Class_3_Public_Primary_CA.cer svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsPrintTemplate.html svhitsa.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html svhitsa.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files\7-Zip\Lang\lt.txt svhitsa.exe File created C:\Program Files\Common Files\System\Ole DB\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SLATE\PREVIEW.GIF svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Main.gif svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF svhitsa.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\BodyPaneBackground.jpg svhitsa.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\x86_microsoft-windows-c..rdefaults.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_dfcbb94e79ff3691\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..c-drivermanager-rll_31bf3856ad364e35_6.1.7600.16385_none_0f71a9754bbe406d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\Media\Quirky\Windows Default.wav svhitsa.exe File created C:\Windows\winsxs\amd64_megasas2.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f8e6c48ed4ac0bda\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..-safemodc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a91fb2cbfd3260f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..rgraphing.resources_31bf3856ad364e35_6.1.7600.16385_es-es_72a54dc2d9272600\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\Help\mui\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..vider-dll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_59e97454786d5b5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_wialx004.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cfe4b321af4846fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_mf.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1c91ad8a9bdc874c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..p-listsvc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_494dd8c9f3f02706\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_server-help-chm.sua_lh.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3ae8c923b696f7c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\x86_microsoft-windows-powercfg.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b57b7e2495d17dda\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_microsoft-windows-logon-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9127638fa65bdf7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\x86_microsoft-windows-class_ss_31bf3856ad364e35_6.1.7600.16385_none_17723c290c0f2178\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\x86_microsoft-windows-p..ndservice.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2dc97b99d5774267\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\x86_microsoft-windows-p..peeradmin.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_444f9d0b0c1a6ce4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\x86_microsoft-windows-userenv.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5073632e4ef0764d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\Boot\DVD\PCAT\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SoftwareDistribution\Download\d881ecfb1357f383d18f1e4fd0554eb0\cbshandler\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-netproj.resources_31bf3856ad364e35_6.1.7600.16385_en-us_191a07ae389ab840\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_de-de_2aaa1c64192cba05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_microsoft-windows-g..tallation.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9ea5d52f2f6e355c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-errmes.resources_31bf3856ad364e35_6.1.7600.16385_de-de_18f43c9af640b849\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-pets_31bf3856ad364e35_6.1.7600.16385_none_d0d7ee773d711005\Pets_frame-highlight.png svhitsa.exe File created C:\Windows\winsxs\amd64_prnky005.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d8cffb3c64bec778\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_security-malware-wi..-defender.resources_31bf3856ad364e35_6.1.7600.16385_it-it_79f5de8574c9f19a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_microsoft-windows-qos.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9722fa79c8301db4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_netfx35linq-linqwebconfig_31bf3856ad364e35_6.1.7601.17514_none_b532bb17fea7ee9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_pnpxassocprx.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_cffb214428f6b2aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..ponents-mdac-sqlwoa_31bf3856ad364e35_6.1.7600.16385_none_19575e8bcec889b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_aspnet_regsql_b03f5f7f11d50a3a_6.1.7600.16385_none_dcb42ec76404494f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..-wow64-setupdll0021_31bf3856ad364e35_6.1.7600.16385_none_4b10e156c951416b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_dc21x4vm.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e0de5e21554d8506\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_microsoft-windows-b..dlinetool.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7cce12159227da31\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..stack-msg.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4ae5495c772f5647\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\msil_mmcfxcommon.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f56e7e8fbf484ed1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000415_31bf3856ad364e35_6.1.7600.16385_none_44fd1be27cc4ebee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_c6ff5262e5f5bccc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-babyboy_31bf3856ad364e35_6.1.7600.16385_none_f13596916b261f67\BabyBoyNotesBackground.wmv svhitsa.exe File created C:\Windows\assembly\GAC_MSIL\mcglidhostobj\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_microsoft-windows-n..s-package.resources_31bf3856ad364e35_6.1.7601.17514_en-us_fa4f858db62e951b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..up-notify.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1c3ac8797585f9e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_et-ee_9ed31df1798cc171\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_multiprt.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d4a1da3b30560ab8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_prnhp002.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_15a9be6cc36d1ca3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..egacyshim.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0c13ea4afcee7844\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_microsoft-windows-runas.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3c984138d615a085\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..inkwatson.resources_31bf3856ad364e35_6.1.7600.16385_it-it_83df74751d14c3c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_prnlx00v.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad7f69318e9cbdb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_microsoft-windows-u..dem-voice.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ec70662fc15a0fe8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_netr7364.inf_31bf3856ad364e35_6.1.7600.16385_none_ea139236d3140569\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_wiabr004.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7eaccb55382bb7cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\x86_microsoft-windows-a..ecore-acm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_885589e9229621f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\52873358b397c328168f0a5be7f3b9ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_microsoft-windows-opengl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9dbf4596e183feec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_microsoft-windows-terminalserver-adm_31bf3856ad364e35_6.1.7601.17514_none_e09a4d44afffdbed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_mdmtdkj7.inf_31bf3856ad364e35_6.1.7600.16385_none_0cd09f551c1e4fca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\amd64_microsoft-windows-searchfolder.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_081caacce2fe65aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\x86_microsoft-windows-c..n-comrepl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_06eea27505cb38f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\winsxs\x86_microsoft-windows-irprops_31bf3856ad364e35_6.1.7600.16385_none_a179ad7dd292b00e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\ea53e69de4ca155788883a9c2d18f31a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svhitsa.exe -
Modifies registry class 10 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\ = "CRYPTED!" svhitsa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\DefaultIcon svhitsa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EyB1f6FNc13b72W.exe,0" svhitsa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\shell\open svhitsa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EyB1f6FNc13b72W.exe" svhitsa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.Binwu svhitsa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.Binwu\ = "GNWKXAYEWMCZSYC" svhitsa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC svhitsa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\shell\open\command svhitsa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\shell svhitsa.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\svhitsa.exe"C:\Users\Admin\AppData\Local\Temp\svhitsa.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1960
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
286B
MD53f8c536ce623f82f49206d0e9a39f839
SHA152a97eb8ce4deb96d648b0080dd2b5c305cb5af1
SHA256adf8343e686d7f8829c758facb4f14c703bd5e009eae121247a85d018bb71055
SHA512785069185a0fd33e3c168cef58f54982976f621db4d3f66a7e91f778a94782349725900a1910d8d1607d0ec06b774536215604b005fd4a3658e3843c338b2721
-
Filesize
341B
MD5ec72fc953ede8e5159ca0f1577304e82
SHA1c9fb36b1cfa3dbbb0d3b456dd3e496f8367d4837
SHA2568cf6be59ffb9a0ab9f526073e2a1652a60291c48e9214a0ab86aac0afd1c8e26
SHA512e87bb20e4864a8c3edb6329fafa56b91070fca214978cdbcf65d322abdce87543a8af9964812f65bcac5980268a2238f2f67bdfb11a8326cb2b23b567695d6e5
-
Filesize
222B
MD501a9080bfeb899b0bbf884aff4151565
SHA1c0ed937bf2fd5539430590f63aae3ad24edac5a5
SHA256f7fd7a5071d09d3249907cfae53c5269deb15719c3ac07c1e5c832de2e3f7731
SHA512f37a7168c410a9badac18cfd309fb7cd42b54d2d3a803e645587b06008af462c9b798719b31b249827b3355380cbf494b7ead63678783ca0d315edfdef374e16
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD5a4beb79b26229df50a373fcaf8ad53d5
SHA194042ffb3644bd68e2d3ad693898581c5ad53f12
SHA256194f983a4b8186165495400f96822e1c17c268a6b6668ce66e8ffd321894bf6a
SHA512213ba01e303045199b72af09acbfa0a2298d8e41439dd6ef3dfb25751d7e298ed7afd9d7158f0a4c7564ed50231792f49d0ad5601543fa72c25b7609688d3b90
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD5971ba264791837a1c18a96c52a50085a
SHA14f62370f21f1f7cd07078540d93d46ff096696c9
SHA25622e7a412f8e38fd1e45a5657d6e910b4f07ca2b9c7e7d37cab72ec3202e00674
SHA51292a62f5d707366ff27fd8ec01049df0fb2ac058ee11ee430718dbc123ae21f1c38c7f79208fdcd43443980358cdc6790d01c171a8f8a3a4f29f357c2ceacdd45
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD5442f46e2c58cf405a9e0f48e8d31dc7d
SHA1065dfdab66d28554683b1a38fa8982f27233b2b9
SHA25692fbb54ceddb59f4ce6225327bf5ef5923c834034f8702b8290f4942d31eebc0
SHA5120fbae85b0987f6fbea4e346853ce8f4c4afda7564661683e161abbc1fab9c06c65dcc89d7d398ee204d47039c7401920f3311e06689b30e93968851b6294c9f5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD58a0f0863f0eec747e3652888dfbe2009
SHA13bff2ab21773d714673fde94c6df9f580e335720
SHA256995ff502395d5f9afccc24d5cbcf9739328e589ae97e8740674a20aae396f85c
SHA512f7060d9f853035af5e982e597bece9f1008250d7585af33a2a76bd99c0bb621c5512ad14dfd3f6ca4096140cef495a556609bdff5e927e0908211e07d24eb20d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD556b7c65e11ca61a596c4be07810e9477
SHA18a8fdd0404cad6158aae34bd4c584a119a7e6832
SHA25657702b1dfc893cfc24b4a66c1d09f0a4dd79b17d34070c0d77c184ee6173a939
SHA512258c8d16fb3a73045bc1281bacafe74c65773692fb2dc1c68ffdfe37c040aebc8badad9efc91e1b61f5cf33847ba37f7422f6bdc4a7ab17ae960edc6e7293755
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD5adc5eca82cbb23e97871c7a973c4d13d
SHA174e798dbab9157b0f3b3babb52cf2b867bb9e22d
SHA2566bc7687a2a45b743dc44a37cea854d60dc4ec7e3019b9e0f4e41a4433b800906
SHA5127ed6b8df872415f9a64ecd965374ecfe21f707a56bf94b61a0d5cc10c9d92a8fedabb1f0322acfa6761b6870c26945e10ccd784a2c29382e5092033cd66fcea5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD55208988b5dc39d03645857d52e9c0aa1
SHA1b60213e69629720ac4effc7ece7a8f2687adc874
SHA25641524e155e9ae6b1ab0c7f03073f03666cd88e4ecce6e6c00699a16567cd2012
SHA512c2c0e235b1853118982104a80a641d9c6ca1d6d0fe2bd54bdfd05afa1c3a9dd649fa730328c522d7fd372b3a0d15eefac197529f8271d2e1356539d507f6d458
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD52ac9f71cd720221ee7d1b4c85367eb8c
SHA159a90f5fa6f07c7a32527830ca9db7e9f5141a65
SHA256c31a155eaa03544f9e4d85292f309e917f7d2e0c69d57ca4f915b24756a5dcde
SHA512c579588c9bf7d795a825f4c34b53c9a3f6e0ebd36d2f012745b90593208b0603ec8045f7200693affcf0623afa0b47f507036005a6ee0e2c40cf9ff05edff339
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD5a91741db96565ddcb6581075cace2c01
SHA1dffb43e2612879ec38215d6916058c1adc3069c5
SHA256c7b2a680ced8e3c13bd782107868135a62bb501e4b6bf327e7b127bfb17cf0cf
SHA512f4e285d927fec7f0f3a021c58c75e75b55e918594ce2f806508de6856249d757bc4ccb10a89298425c14d0253c977b8f34acccfecacb58c0b6d4e684b946bb45
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD5d07b94db2eb049c7a1698446392ab7c7
SHA196adb2fd9fbfe265eed2e8b071368e32b48b77a9
SHA256e7b124eba9470f85a7b4085c72bdffa4a150ccd2d6246a515a9f97cc79365573
SHA51259e6b645bca40e107990ced713f0733ab14bfbb4f53acc24a6b30e9549cf81d146fa522245072735b6a6517f11af7fd1804c75ce8c558dd865524c4f0ea9147b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD50cd27624f2493948d30d477ff4ea6122
SHA16c109a8027927e60f1bbe49c6cb6212559789e63
SHA256a471a47068758e8399f0e7402200c928d67fb930d5f465ae7b9f0e0df71984ba
SHA51209fba4f9865c7f8a34c752d0a9b7f7473a09835063acd1341ebb5c4eb698e0e1f0928febf0dda2c3608b6e62597d5a972015cdd9ae1927bdb54ae98c1aa15d90
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD544784e5b2758c5e2f52f1b6f3605f966
SHA1cbe9dd86ed07821548c5ca92f1686e0e74539579
SHA256cad1469aaddd96288e79b1fd98f5a5f8d34826d166a851089a8c1d00de4e4e71
SHA5123180e0c082092b24d01a9f00e3e9181a1e1bd4373b262a7f1bbea263e9aa34c2c7376b40c061e22bd5c72c887d1e9cf911efd5b27c04957acaa5a3740e376c90
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD53d8c41db61032d5c23d760949157cef8
SHA1ec027a1a8f2bce6415c5a39614db6568d21deb46
SHA25656180fb471c17912ffe0107b35be6598596a860dd258bc801e27644df5f6ddd8
SHA512f0ad0513542cce89177d715fac9acd9b036bff914a5bfc09b4bf617aecd75575ebfd4fb65f60d3d81a8a66c1a82214d559dc949a2b69219a856d4daa657de3f6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD5664697d080b94842f331d0a345bafaa9
SHA18d1107fccb1c5e807b76c7bf323d99a05f662fad
SHA256f76ce4dfa40e575f2011b0d8b9d4bb6c5ba4cec11b8bee4f9de206a5d77a7134
SHA5124f8b2c523bb24764300e49e408141fc570785f5191a2b626c98db0b5e3c6433235284ef19bc2e5ec4ba432e2087d51d0ab6aec5c1afeab552f542ba584f60473
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD5d221a44418a541d9e6039d247b41e624
SHA1bec33f6a65529bc83a5182089af9f2101d2068ef
SHA25672a0f83f9659484be5776ca4b4a383d0a3ec3aa59ff066fe4719e9d48e80a271
SHA512d0c95ec0ddf9676199cca071c2dbfc41098e2a4560ef9a6b435824420e3bbad8ed00c10e0bd8960f92b3f75af8d4588f24da33663894acaf5aef1aebc7f54579
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD57e46f910d5e5003a3135fdbeb8fd0e09
SHA1fd7bc38ac6ee02424c862c2527d91a250fc7ae89
SHA25614c1b7ce16e630dd0068ec2f463219dd9f27519567d9719a8465830e602ec7bd
SHA512bd330b14f0e167b2b5babbfe23d56d46a9cfdaac9af80fe869368f0b446b270a11a9653ae20f9ef77635a4184c47e8bf974cde32808b74dc91ebb711fa0a514e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD5468e71ae513c918b961fdbeb19f6fb2c
SHA1aaec00b22901062c0689f9baa07fa6539f489fdf
SHA25663cfae1d674f2840f6af4b541a1808a0453957707690f0603f107e32223c514c
SHA5128646a6f55ada3a15741e829ba2d5e1ee416d9c4e9179aadd806861f4bdfc447668bff85ed053971582dc8c8e05521909e7abf70c8071bbf4f497b0eb0d23857d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD522db329a8491e4503c86b6e714c22200
SHA135692c979be3126fa44c2edae4040b6d514e7a14
SHA256653b4e52924d2aec7105b4b0308f3c71746c6218bddfa571bda953d7d2bd2244
SHA512df27eb96cb45bdef72bd6e8d2bd62e43e598a39514c9eb5b96b64755aadb2831bd246a9c47419f2d26b4a68a89aa6adfabc1803abe4b5983a3cde17ba063c121
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD524f2da7f49607630cab2b23f20b5d375
SHA10cc873ba296b69e97004a72189a4c92d2ff7b5eb
SHA256b3c68d2e630bad6f0dc2b0f6ab8832fc958ebd0f7f19c4480f61980839aef421
SHA512e91970082e9fbafb94f920fc581d3508c00240293c2cb264458da7e7e7ec0d5c00776925dd17bed77531e18083c94a6aded9b527047a442058087d2c4ebf367c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD50e853f6fdd5265c9967aa52102ab7953
SHA158b7516f206b7982f12e10d8829d33b61b9ae58d
SHA256fe58b7dd76edcf9ce6a1406bd2c89da0c98a94a1831c949dacf60c047f921b86
SHA5125ca73eb48086928ab5b46bd4a01e8f2a3a0ca71845601035489ce4553be085e997cd6859354393a691ebaeeaacf377fa943f3550342cccdc1e8301e0d420e239
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD59a44244c56a26e5f023cd43666b4c557
SHA16b3c772baa2bee6b073bfeb52bff763be67815e4
SHA256aa7b5ed29dfc1c3f2ae6e626fb61521d125b114759643e9b281048cbcfe8d5a2
SHA512e982a0bea6a19aa585b1fc3839ae200326c6fc2d91bc56da929f7965abcea6500315074779a0b82d4f58a649ae892cfd688986768624a2e271d5eb87b5c7f86d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD51bd82180c1bc396a76857e1bbdc01daa
SHA1c3d599a2ec0324de4ccae25ec2c9abad4f8b234b
SHA256855b2c048426daaeeb06ac511b2f2b00adce5644d5de4bf09e70bac3f0036d1b
SHA512241802139bc21a9dc8f74bb51cb1178f6ee51cf563c2369091bc0b64d17f40b13c9e754c248dbde4d2ef55a4a1c4c3a9bf5c872963351ac3e60d6729238c7bc5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD50adc29d9f5ee9127db4146b0f844f001
SHA12871f15fc3ab900c5bfd8576009af25b06b2d78f
SHA2562d709a4b041b9c4d242fa32924aad762d3488ee38f717aeea7a874b21dd1a09a
SHA51254e139f016b194ca9d31023401eb393321b904a833db55a4eddc8323764ba22541a3051cb772c650f5ee69a302fd97cda5f0773a5d87b3fb08144adcd80ee0c4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD53255b47b6e713622c2dea383305f0f34
SHA18411a3bce6851cb38882f08f6b86030f3c6f4419
SHA2567790c37c6d7fe7b6a673cf829c5c91bf4690f19a62fd3ddf2172fbb4a94e6c82
SHA512eada910f67b6f715ee0f9a84018a9810e1445968c39f31825478a2e30e15f893b8b0b7a8d947681d24d967f17c1b3ad40f3efaed596b4aea9a8078dda0fc7df7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD5f4399de1120dd1f761807014b7f65414
SHA1c23225a6b5337735c118c47025120ed0ab608da6
SHA25693e60f853c22bb1f5b581d8ea7ff3411cbd877bbaabd4e8417c582c0d69c88ae
SHA5121d4a22da3e6404b2dca5dace196d2dcc815d5bf1153295b73a37dbb8c71ec36683e83ad3edea8f4e0a3e95d27c6da8763644eff8c20ec09dc2d165348b20f482
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD5160266ade42f539a5bd81b9343bc0afe
SHA14cbb69b47a51e912d3980722135c670629e8e4f8
SHA256f584f1cbe2a733fe62dff3eb53afc682c8c1a14ad205def42b4770b0e3602d0f
SHA512ead6e012bd010b21e98d8b23d0b6c6af59034a4a0d4b9f100d108c0c5f09b49087134aeef2bb54e4a2d6751ca27dfb9b8648cc4afecd2271c8d99df23ff8069d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD5210ecefc3044581b60627aaa04a97694
SHA1da3e0f43fe8cea2ecff3c9281c3a23b7441d6ee7
SHA25635b5095ca647d175d3483ebeee73cf50d7680c0337b57cd51e1e053033210595
SHA512219064fd3f59c5e6ee9cd9b883c0a8f5a6d8b549d2c11e94b72b86cf6414eef2f9b76f83f947419de22ace396c0762fac99af55b15d88093b797fe5854417669
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD572100ae0423a1408dc85427ce5b1bd19
SHA1ed983604edd6b56540ea3a8854ddf8e9ebd20fd1
SHA2563bf14c0c8b91123a782f1773d104c0c7ca36985cbb0936b7fff5c4eedaee52a3
SHA512ef93b2c861bc374cbdc3f3e801255f2c0ce574e60962717aaa3eb418634088ccc1eb5724a2a200c04428f600c6776a5cd774042d6cc9a0a29f10ff5ba07db10f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD54669545e7d11031158f4ba4d322bafb6
SHA1c2f7d8537787c5e2836d44abe9bd3386e3b5e2fd
SHA2562f1fc8a971995a6c050470705877c519505cbcf2fafd0e90d6e6ea342fac3790
SHA512d390602fe3eee9a17d8bb8af22e2e4366403b0852f9dff3bcf02a970464798eab16e10d58edc26ba5eb25e3183955b865ee2564ea379de2e1fd5f65606596eeb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD57522b22c77c07cc7b4170b24c1b18aa8
SHA13e3e1c4500a18b9e00636cd55904c868ce75e688
SHA2566968ea875b9ba64994924369692da9756501e746c6d956d85b4f7da2cec21823
SHA5129fb221554917c091a1c57ecb5d21e4002f9f905011eafc832b1fe91836bf5f182f9c41101ad12cd5ea7d0a634eef76fe08bb108e7552707281cd088f18bf9f3c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD5b43e755430a44f52107845fe6a8fb4d1
SHA17323d88781c580f14d946c8d890f2465c92f9285
SHA256d18faaeabebb4538578d654f7e811eb1de950fe21d3a37e2b91f8394ecc710b6
SHA512110b577269b90bf1ecebb17d676aa3ad24f57950effafbbbb50832f453b3cf7066acb19ba84b3b2d5afd12b066cad118912f819899d3d6b30e689ca1530b6f82
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD5b91378e9f6a36862be624e54003be181
SHA17cc10ddafe312806e52bdd3fb2ba43940a0c9b80
SHA256ed730173ebbb3e6f5d239a666cc84800bd683965496a5dfe710382c2c4729bd7
SHA512af905a1768062a8d6cbd03aa86945fe7862b0614e0496b859908859595e5f82d4961f7ddef94c5ec27fa51d8d2c3677ac549f5c78b6718e3d27fa2feb184466e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD52e288e3695524cd1bd5dd5ebe61336e5
SHA1a7e8a17e61e57a822e7d443331b73f1c6ea895f0
SHA256df20b09b205e57874acf53c61d3cdc612834d19b6d9ad252c74a38c2fa70feb0
SHA51225bff02414e12455bade7815384d603d9833d3ab3c1b57580cc489cdfc52242680163105e9e1d1b0caf163e6024ea93ab6c3db8880ece3e0bd9aadca0524ecd2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD52f5157f3cd16f1ea947ac23594c9ba18
SHA1826f01b8696cbbb9441b386af8f681ff8f8af33c
SHA2566dc6ce0dec804f47a3426d23719e13b0773891683ccbb5081b9e3e2ae5ea57dc
SHA51243d4667d2a8e69771e07a241427be557684b17a7ccc889d1bc165afb2cb38732910845ff4cb3b12ba4d27660dfa0bfeb8c08f7fc015643c75dd318646b591a40
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD58904945b6fabaac69b7709241c6f3dcd
SHA1f785e580bf7c8231c86ac510c985c5f35a0d7962
SHA256dd5e40e0f9bdcba5521e27445b0230541e176debd4c8318c96ac4c49cbbb57d5
SHA512f517b73d46e2acd4bdbd163aced5de6e80b8ace463530ac6853a88ad52cf4b5d6b2b0f41761a381c68bd94892c8d7987811e191b001f0f0fa9a495767172122a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD576babcf58ff6eeef46f2c378cfdb6745
SHA15c61b7118774805e8b61cb227a58deff45e028bb
SHA25684dd4e128f78563aa59ddcd15b015c2c4ecd711baeb1ecf315c01bd6f2b55787
SHA512201513c942be57e464cfa9c9d30ed01550f7629d16625acca009251c499a90b798a1560c9c3110c845b0c3bf197130eb9bc6f8fbbccce074eda7839bead10515
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD586f4e77252381c4f4a450bdc36a41fa8
SHA14d0ae5cb6982acfb88dd731a1dfbf077732bf4dd
SHA256ba3e7f7167eda8d2b37c35738e804b4a55463137bca9abd6977ad8d8e5cee6f9
SHA512ee9374b070afa352b7002c6c357a0185e6e151e8ce430c970f1cccfcda73e765bbda1f9f1c22cc5926ce49bc9b3ed9f72352d0782bc03717112710756a6c93f4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD5eda65c21214bec1912dd4797e65084ea
SHA1426f04d6970708d68c353547ecd878c595129d5c
SHA25688bbf4376979756e4a801c77d3329c1b8b135f55f6aaadd6bbeb2930ea42d3c7
SHA5125584b22184148efa283fb2e16db0048a0c8775bd4f1912cbfcb453c7b21b3804a5daba9f719aa70bae7ac890c7c91a8d0ae084aa91458868ebf055cc9ce3609a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD500f63f702e0565b25370caf9f9a2dd07
SHA1957c841bc7585844eaa6767b0ef9934f82488a34
SHA25653804b993eb792cff865481175a5fed4ac0760665db163ce8fce4c5411d23803
SHA51218b74af486612ed2cba34d58bb73c024592f35db783d0b478439a90cd02e27ef127b5deb7f92140698793de1ed0f4d4885851c8caf48c7f1c69ce10270c31054
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD5f410200e2fbf433db09c9fc3120d349f
SHA130b3c175af33d86125fc47c672a23519430cd235
SHA25656e47429dbcd946b023bd8c4ed75e30f730bad691bec26ee5f48ad9d7ff615dc
SHA512ec6b12be084f4802d56f227ccdcce8c9521ea88f2e9a701e956f355f46a88a331bfe4f536b5bdc65963f1e18173bcd3b6697a4c400370df437f1bfdcc5a0b3b5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD53abb4dc3eaf2538c42160d45bfb488b0
SHA129fc1183acb329c1331612412d2ff7dc82b3ee27
SHA256354b6ea9546a1a31e789ac31cfc9ef267e0ac82876d3a6fb353a7c594c3996a2
SHA512f90a132642627d97396ddacb3e899622c07c9344ace78706ac36009b037ddae87a7faf69640db7045f555ed85ebfaa963131691a92b5e1b922ad93fcd1733edf
-
Filesize
580B
MD59ee8ec32b11ae2376b69c44c93c7a5a3
SHA1b23369107d7fce8afb2486872be7896ddb77867a
SHA256b265f8eb4b042e25a89765ca03ec739463611ca7cc88e911229e2f2ef845d127
SHA5121620125ec9f07469383e7f9e0470ca5ebdac79fd629d8930081bcf0946e8c4426ddc2f3809190fdf6fe6665f959f698a6edc61a57cbc9999aa3cb78441d7cdb2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD5053bf89f05c203e8657c082d9e56f986
SHA17a0a8254001d2ee3b2638424cd7aaeb9da3f8345
SHA25684e28457c3ac33ae4b57ca909061f8ac6ebbb1c22675a5f244672e552d74e64b
SHA51296ee8d8ea291d62d38d5da4e465aa34fa64777d36089db4ca9028c8542a2fb6966958e389c2e3924bdc7911d8ceced4455fff3ac83711f46802e71303501d35b
-
Filesize
625B
MD55920bfdee5e6b3d8ed8f370d084966c9
SHA1f61b2e3d89aa3e9dbf26afc2c0798c5fd521f5c3
SHA2562a0b31e4527e11401fabcd75766b7fb1d08e3bdc31fb7310fc4c950f83f158ed
SHA5127eaed81ad26032021584368dc03ec5f41c67244c4e00cab301d1775d2bbb28da2b7e3fc573d4be21c34dae664032138e24162da48bf5e461704deb0a50c64b43
-
Filesize
873B
MD5a0e6945d9c119f62269bdbe4204c4218
SHA10f5f8760453d30812941ffa850f0be09b692ebc4
SHA2560df618265bcc709a78800e30b19d160639b15dac69e714f6232a4c571f1c0c32
SHA512798d221bdca9c4c0fc1d3ee31f15a5e6dc448179675321cbcbdb34e30600c3751859a6a3a9a6b67ede5d2d0fcfa7e67e39ae4dd20a6a6ffe74d3ed704b8c71c2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD5b4a2fbb5a8cc97eb1026228a3d646333
SHA1c2e591a9991c7004022d6ab0447e3ce7df268495
SHA256e305f6c09a7f78177c6f2bb2dfe3fdb015fff7b10333c38966af458a4b12915e
SHA51214cbc571804fab8fd4cf59ca735d09ca4d293e895e47f933963219b0ee18eccc6e853e4928fe6af117014c48c7bb37a419c5b477c544953b4d3d886d583b47cd
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD57bfc8cfaf66fca701588232070b5f832
SHA15539885918dde385ecd4da19e685618fc25e978e
SHA25619c2be2474bc926b5eb2700cc3df25152f6740dd6e7e5606e506db465dd2c21a
SHA512be5605294bec73432dd0787664839bf4e9401005beaafb55afd8808cdc043d733ad61125c5b9837b9c2065140bddd692b881462c57801fd1dff5f377455e2c96
-
Filesize
615B
MD5e52c9be21e4cf4890ac4edc5e1b41366
SHA165f0192b05a2ebfd9f04b0eea7f385f6bd031727
SHA256ff9fae6ade7a57c583a38484f04cc7d0b1fe7151e26ae8ca7ddf4d3692adf5b4
SHA512a4295d398b3de8696a59baa478473926f85777912ec79c77d1f6e76d6cf6426145e2ec31f36a74339fa100df09cae917e1a66e7c7496487567ab083033a4b229
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD5036aab1c90e47428fb4fd12320656f2b
SHA1401cc5cf9397517e00b6c06666dad1226eea891a
SHA256152cc6a959d83db85165b14db413eda28eb6c7a2dd7b35aecf3a9a9f44099418
SHA5123ab2fc02d54c03e1559698aee16dbe9dc5f60fd0263ed33828b498fda100d6b60c4fbe84e89b441e824ca266bb12f8223281c593fbe3d8877215327244087395
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD5bc356b72a931f3b959e930f60aed8111
SHA1ef8d3e7e3c82fe4881704b5150c63d9e4f2a169b
SHA2563b7610686d5afcf4176d1a0fe2a10b0754ca57a974d48c612abf45ee713b2b00
SHA512f0952bee0176003c7407c201d940478042721abc1faf2a583965284e537fa81f1f7d5003b260b3afd0a5f79b1c12f307415f193d271e3be405bfaa05fa8d525e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD5a0966d8acd6e94722a4e70c655eee0e9
SHA1a8b763bf7517000341f1c0ca3a98685e83c7b390
SHA2565740b041f40f73e330b19ab3f75895a02a46e295d0abce30e064726b9411b16f
SHA512f827719e265e9a0e91b422bc988546f0e24ee7e6c3fa3ec7ff114154ede047a0e82495fc2cc53d561b1be6630698e0c4de94dcc387b87b630b834c162bc2f48f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD51ea4989f0db1a7617daf9a500681225b
SHA13ea0daee58d87f13729a283ab38226cbdcd932bc
SHA256c6a788cb61685098892d75bcf030e124562dd45d06997a7bc2dc31837b242dcc
SHA512cd8ae429712b4c7a0f042a4ed042e292a321f67e89462f790928c541644e27be4cb5072493aa88ae3a4a4ca5726be93b38520cbb247b04f4deac371cb5bab395
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD5cbc59588cbd0d8c859f7f5096d3c1e42
SHA138a76834647ac4218b4816e0354f07eace7877d7
SHA2565e8e26068047674d70d53879390e7f9ae53e02c6e3e64438e47633a2a497c236
SHA51267322412a024055faebd46d283d122c18de3d2316bde0f915abd4dd9ebedebd93690b6cd3e1ff0b0efa87d54030359320838f556d861f285af45016a5bbcda66
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD5fa1ccfce097f52286313e245b555288f
SHA1510237adcd2f34e5d28d47216627338bfa4f6b49
SHA25658bb6d1c07965fdea2f3fe4c123df18950385a4e7325a38d3a23a5f16e7c94bc
SHA51275ee9aea2235eb9b2558130680023a1a520f522721551d0a4d183107b5be823fef51e7aff518608c60d05debc76b855bedaecead2b44e1826fe7adf79b10910b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD5f79c0b21fc70abfb15a515aaecc25ed4
SHA1c3a064d7cb99e9efdd3edb6f34b38211adbcb230
SHA256c9a4cff5d09c95fb0c0aa90e6bb70f27faf50466b878def5b9f7fdfb38cd31f8
SHA512ce7ae0dd3f868ccd3769342b50aa41fdccc71aa818288b788b6c899dd8cd252150592ee70b8b520e15ec42b100dab180256f0fa55d3b87775e2b10d3bb4cc6a6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD51a0bcddc8d57844603ac42e57628cd0d
SHA1fe7a72049baa229c42129d0ff93d6cfbecf40599
SHA256b27479b292b78fa2afd484c058b5112117babaaaa79d1d60aa9e9e193f662883
SHA512aba26c032ef86f6d19d3a5ebff5f0c64f52bec39f149243b8cf986f11f5aaa4912d274313fb2fa568f018b40147a36c6fff979330d29e197ba267ec991d457b8
-
Filesize
153B
MD5176d5f85b9c69d42520d8761025ca156
SHA1cf033f551398bbbb420ecc7b0fc72f13bca38f84
SHA256fb0eff8033f2bc96573a1afbf9c2d0bfbd1106eadf67b6862397942d566d0399
SHA51214cc7acf7f5cef9b226a9c8c9489a176e12feaaab0df736e3370e6e248c644000e79f9618d11f32ad97e06c7680d67400c7bfa0071904f10d7483d3d88da36c4
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD50109ccc83a20efccd8db9d4daf0a8073
SHA17288513cc1d07e92df29fff51781dfa24ccd3e57
SHA25618b79dbb49a35e8fe241c974befd5233a5fd5abb4f507be8a15ef0e754b1139b
SHA512cadbe03eed6b6b33d21d3032d743a70d3c4acb765c8d41ce64d1afee139bb6369009155529e6cd684e4307d7b74fe359c2d003a2720e010ad6864a242adac106
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD51bb1b903378b25384e4a197466b1300f
SHA18c8c0d0e68b547b19fc67459be62c8f2c9617b74
SHA25617470176ec939c3ecbac9666b33468e649141bf264219772ecdcb427cfb6c123
SHA512f3b4cd454fea86cfe02aca5c64dacd608d45663e5e5b01b54e3a2c9b7c11cec79fdb357d1aaca521c48e896ddf03f697843f22e3cdf8998948d727dd2b37f0a2
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD54edd8621bed2fcb1647de1c8be154f52
SHA1a0ff1e2b9e7b8e3506efbb096dce1562c7ac7b9c
SHA2565f4dae1e18a3e5bace51cb3cfab6ac7e35e73625c24a34aa01bb972fa9fa5e50
SHA512541a870a8cc82083259a3816da53161c7524d6286df821c52fdffbdfe966e0f7942e10257fa924cbdaeccdc81243375a45ecad915ae6243d9ba28d0061cd2d05
-
Filesize
109KB
MD5afc755d32a4ca743606388762d73fc74
SHA166272d9dfca637250a574ccf57d134549f0307c0
SHA256688ee8048d1f9ba5e3815dc4a9b9832dc3b0c27a9125680e281140bf9f76f6b9
SHA51265d600f3d26829211839d9806262cfefffb2f9cab321084d7ce399e86368dae84e4b37f0714a1f23f12d5bbee1b5da7b83d66765cccd32874c63384d1c819c6e
-
Filesize
172KB
MD5afa6fc7d712bf10b7665ca0da0972d16
SHA19548cf33a38042f30c727325754ed3b338b3104a
SHA256509a2d5725499813beac9685a66dadea64a2ef50cee44bde80bdf95aeaa4ca5d
SHA512ba205957f4545989121ec252ce69776ee3f7f52eb31efd95c86d7270d57c5565a0be8d1e408cccdc6ce53f4456adc89b079bca900b785bba37e9b7158ffd8097
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD596398b2b17036c9800cbf44885a6ed5c
SHA1d067e7828a0da40e42cf6353658add34c53d33d5
SHA25665a388bf342d3b55c494baf41b3efcba593aaa69b2fccfbcaabefdb5c0f5adb4
SHA512ecfd27f10dc1d913d18d2efa501431728e7dc52fe7228dd9af05ee2d2d43b480b35bcd03dd657d1c42b794ad559eaed08bca739accabc59f28bdfea0efa88091
-
Filesize
21KB
MD5f31bd3bec4e83b3cea140fd944cfb0f0
SHA16a337bac75573f09c773705dee6c4b3da9faed35
SHA256b39855fab149e81bc269105fe1fcfb9e2b76d5ebe2b0f3796e03d192731e566c
SHA512908dc6ed114f275c0e2631d04e160f484c6f28e03af49eaed49f1a3bba5307682e13de9f2c4ab6ba5f877453386be4c414c8880b58ca3b73d387ea47b1d6f364
-
Filesize
1KB
MD5190c50569c1675d75c001af746f23c8e
SHA11eaa9ed8590b2158e8cfc7596ca9b14a9db7aa8a
SHA2568d9ca111202ed4dc262e0640d3476e73f5bfffa2c34c05861e26df655bb4b41a
SHA5122bb0d5d4ca36f3fd536966592abf938f50cf6d9f30976cfa308e84116f7e8249163313a547a242967fb1dd7b699f6f69d7d863aa063b82fc2a60fbe6f2128032
-
Filesize
952B
MD56e181d76605f123bb90b49289ef7e0b0
SHA11d68d247957e318014232623f93e324d309f0771
SHA256930b18746bc3e3a575e0b067e57476163ea1a7efa5e72a2defd7fbb451f6655a
SHA512502dcb8f8b21f5d7ca8f40670ee041d66a92f5912462ab3171000548e54ebf6bfa8099e783c66b6392fbb44cf52f5b788836679c6098035ca46b0743694c6be2
-
Filesize
121B
MD5946fb25bc60fdff325bf1365a2425dea
SHA1a5745be44154b558fe793b5204f85e87a003721b
SHA256635704a65a56082d38d6c2d309f8516287d4173c4dc1f4ebd11ecc4955b3320e
SHA5124b6e1f6a18541d1600c2239a8f492e0d033e378f7ccacfabf15bb951dc5e3e9440c24ec96d248e4ce0c6f8484e9b04fea74b08dfda222e16070cd0a06e3c1f71
-
Filesize
1KB
MD576897bfba85f9f42f729503e8af324e2
SHA1a3eb3069360cfc4cb48038f0b722765f95b525c0
SHA2565d75631cb12a1acda1d8cd9dfff2006871fc02a3d92f6bb352db214ec9017102
SHA512b02cdfd8b7db90e6ad2ff1773830785c70e7a1a1f0aac919d005bc1c40fefcba6811705ffd72cb4db6996ea2383406209af95b153c899872d3060a57d967b284
-
Filesize
8KB
MD573751cbde54c32154589c2bf1ba05c4b
SHA13c98085c593f393757775658117ac4287158b1a4
SHA25652e51059e85f4e0f7d43f013a3d2b0b6f2f73588553eb0c74e430688801bea44
SHA512aaa8edd8b9a214392ff4cf6e33e39d45c248718c72a0290c0aeaca89049a3f7b8a39af8f041fe949659fc70a759997d446d1f0fcc066264c797dbac447d14150
-
Filesize
61B
MD569e340e1c8cb50056eeade264b8444f2
SHA1f87ee8c362aaa06c226dde199d4ea46fd4d378d4
SHA256dcac981d84d0cbfc32fda974d40968e59ef932825756daf43f5d25a93bac3592
SHA5125548412d3dc5fd5f6b27912c0483a2fa9a5b4092c8a020085005270ae3a2943edde1a5958359f614c0e8dda1beaa88dfa8a9ec062767f8af5126aa27c86844a2
-
Filesize
914B
MD50efe1112be7a869d755f3af0ee606cfa
SHA132eedaf97b0626140f1c0d1c284bff08473e582a
SHA2561b29c2274b608d1468a453375202b426cfa53367b8fea357ddfaf0263cf82027
SHA512ef93bec42a428b98bdb656a87448237031f82b953dc39d28310bddbd1edbefb34c5ea35b171321d56ea8b4d37c4c622500c2feafe64ba2d64538c6202fcf0d0e
-
Filesize
90B
MD51370ad9dd9b11f7b87d44c621e02c6e9
SHA1d798a3951529bb39a8fd0b2a17c92848507ff609
SHA2568e973061e855174d463f393cd8abf3137e89c1cf83524b4ec61a5beb477a48f8
SHA512d0c696e180e48972367078405dea6d2411222375297ea96f99dc8a800c2cdbca77f0a84b55ded78c968dc4321b34bc778a74311df73b35f2d48f89aee90648f1
-
Filesize
90B
MD527df5b551e5456e09f1cae41327fedcd
SHA15f88625a6583ecf6a03f0371f88187f62a4b9ac2
SHA256f60d073397d8057a614df597497f723fd8a5637b5bb7d29dc7c6fb9cdf3ebba1
SHA512d2ac12a35eb0a70a929b8c9e2954851465c608a7d82125bb2d819e19974785b91b741a1832f9501b3190379ac7a6435e745ab3a2a1708e9bd34d38d2144d1740
-
Filesize
328B
MD55d21590742c2476bc05c94f0c89e16c3
SHA15b1f119802a546903d114a1cac68f4190f97e449
SHA25675e63014b3bd8a91f89d150524fbcff4fcdcb069e0478f4c43f63da1a65339df
SHA51276746ba34b45ac1e4e21d35a81b39c11bfc4f8a319ac3fc648d90ace1ced01327a63295edffef9eeecc6f50379a9441bd7391e9bed15247dd2aacd94c9ac4ec6
-
Filesize
1KB
MD57d766639b6336e9477f8eec2e715456c
SHA13445f66f3c441202ad8185998cd730ba8f77d7c1
SHA2561a1ff0896e087103070bc78e48187f6a7c2ed7da2a96edfeb4a81721d97b07da
SHA512b3caae50aa1da0dbefd8367361d81f5d5f213ca4ec90d4306eec525e73931ca912e7dddfc462960056c800a277fa84fceefc74ccaf0597d8ca3f5a4ef7c57031
-
Filesize
162B
MD534282eaa1eb773c6b2e47a2f1f277d0f
SHA12a87e94ed4ead66ec702b99cc0bd4daba3dd233d
SHA256258bc91fe92b5650f91ca2413f31dcb66d6e7aa4006bb12365ee1f30e059dc62
SHA512f0ecfcfcd27c45746b6ab951729badade1893ba8fd14730deafc1a098a5f94a63b1579bec8d00bda8525460446662c999c0e6dd1923c897ce3b35f10235b8e1b
-
Filesize
586B
MD5e2e990b0c00aa032c6f4d5f6ec2061e5
SHA118114fe00f679c34589c37d46693fe70f539a959
SHA256459a466836211c994b695fd20b825c5e4865c39df937785b46a2d1919f8edb68
SHA512f255e299dac1cacdfc0a5e7e4c15308958d5d5af4dc578c1a6788eb2ec1359d0fae69d0b98b5ca2f1a4409b929a47a8c7c55df6e7cd96b2b1429b1921179a25f
-
Filesize
124B
MD512e59171483f9656b9fa4661c266e321
SHA1d2097ed73a624c2944887795ff50ff7689c0dc9b
SHA25681c23a4a0c4b4dd89211d18454e3885785a6066b74a386e60fcbfe3bbf178d24
SHA5123e1e986938964b76e285b1ae7626750eb908fa3244d1b412a4df7e604424fbcc12a2d6e2821b7b2c7d07869c5e6b9c2f772aeae4ddb2b4a10843ce17f3210d86
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD5a25edfab6f2b8f3ab63379451c79f24e
SHA19076ceee65808392dc2d12452289f510d145c04a
SHA2561342aac2074796e50bd82e4d4e0b090e2f69077d421dac0355d7e3ae421574aa
SHA512c41db6febbb52eb4ed5ade0cbb35e97eef1dd7052866b3dd5582e154e2c1450766ae764d00d2e5f3e6cafc8b34b170ae430aeeeddf52ae9fc58c6b9932afe28a
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD52667b616ec8c047253b9327532ae2fc1
SHA145ca399a4bb6328e1fd9345629a04ababa17c19c
SHA25625858cdb6f77ba693dc2a7231cbd093394c1a117f602f02120b99c1efa5f4d53
SHA5122d70c77c00f459af80f6b6b7bfdfa2c11abf235d422522c24c7eced7e1bba83c31be18db8a76ee4e47332960ed5cfa62a987aa56394d8efc56c428cf8e0c1a0c
-
Filesize
8KB
MD5ae1b3d40dd08bb22fee268eeaa135446
SHA1293923534c02e0fcd0f9d0851d7b52f8ba512634
SHA256101009f3fd28de75d9cf8f3ac59ce91f2b6a5ee2189cbabfdb84a7ed443b4db1
SHA51238dc7510ff7dd5a295a945b2e2af1a56adde5f5760dab89ceecc3dd23ec7f6a51c0cd4cb52d796561c743db6e7d7bc095dd583d9885c01383b8f7f82207125af
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD579f2f6a70c060739e95bf36e570ae03a
SHA16011025072eaabfb4f0f7d371f37292ba8ba8c5f
SHA25659429c8721e1ac5b78222ab4eddd4964fa7a91e55ec3b228ed21ea1d91b5a74f
SHA512e93c8eb1e5e777e33ad869075f6223b5736f2596a14849ce768119c6fec8295399e7feb5f98fe05d7ca169086a14203148f1ee59f4275db28b15003b0ea28a23
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD5265494c0a9df5ca61ad1e63ab8f4b3b0
SHA1efd7d68852859152f10bab885a2364370c90f787
SHA256f124d984f07017c6f76fe0e2d1b2f9ed0dc85a779a27ac10e9b245b6849a76d1
SHA51251f8c6b27a05d07d4aecaff4a6c3f2fdaef3bf57964d6d45a0d575bf72ff9a933ad70cc721e6fa1c37377ab826aed1d0b64569af77f0233fb1ec3c6504a5502c
-
Filesize
880B
MD5893562c6dcfb2561f1040a8702a5b838
SHA1c8d0d4c2eb147619e672b7bc55fa9a4f62b3d84a
SHA256469ee031bfd14e3da5ebb27f05233795d9bd4adc3274a2a440875dc85d449cbb
SHA5121552c469676ce75a800fc71513abc9a3d7c4b6f82f60e834c0e8ce29acab34abfa39cbca327b4fdbb0e296e00ad471f29fa0972d058f4dd4252eebdd8983cbf4