Analysis
-
max time kernel
33s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
05-12-2024 07:44
Behavioral task
behavioral1
Sample
735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe
Resource
win10v2004-20241007-en
General
-
Target
735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe
-
Size
7KB
-
MD5
bbf16f6cc96daed3d907ca260f542334
-
SHA1
85720c94e0a73bc1c8690d3d88eaef9989a36bf3
-
SHA256
735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0
-
SHA512
85480b003ba7d3b848cc5cb7949c6955adc9fe119cf62f5ea4163efa16390222cb14fc5ee4512a37d5e385952673ab50dfeafb2ca5c019d33423e3508b4fec87
-
SSDEEP
96:1AZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExAQbodG7GqqKZMUAi:uzdrr1FG1WDCgmjPZA2ZpZMUAi
Malware Config
Signatures
-
Detected Xorist Ransomware 5 IoCs
resource yara_rule behavioral1/memory/2104-3-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2104-8821-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2104-8820-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2104-9053-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/2104-9055-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Xorist family
-
Renames multiple (2186) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KYiWj5yFXd01P6p.exe" 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\IME\shared\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\WCN\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Break.help.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_join.help.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_neutral_7f08406e40c6ede2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00i.inf_amd64_neutral_09ff5ee0a0cf0233\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\migration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_History.help.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Quoting_Rules.help.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_modules.help.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_neutral_b9280780a8000d4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmar1.inf_amd64_neutral_b8ebf59556c3dbf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00h.inf_amd64_neutral_96a8e38189e54d71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\prnnr002.inf_amd64_neutral_37896c5e81c8d488\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_pssessions.help.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_neutral_ea1c8215e52777a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnttme.inf_amd64_neutral_ece4b1cc5aee6a38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00c.inf_amd64_neutral_510c36849918ce92\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\crcdisk.inf_amd64_neutral_d10626d1f8b423c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\it-IT\Licenses\eval\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_type_operators.help.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_arrays.help.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NetworkBridge\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_parameters.help.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Language_Keywords.help.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\angel64.inf_amd64_neutral_6bed16c93db1ccf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\hcw85c64.inf_amd64_neutral_96b71557b416d04a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\en-US\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\es-ES\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\wiaxx002.inf_amd64_neutral_fbe080a7dd77c4a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\es-ES\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Failure.gif 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_type_operators.help.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\prnle002.inf_amd64_neutral_c7564163ba063094\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep00f.inf_amd64_neutral_a5f6001b957bd7e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Assignment_Operators.help.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Comparison_Operators.help.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\termmou.inf_amd64_neutral_207a02df8e9e6552\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0021\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsOutlookExpress.bmp 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmdyna.inf_amd64_neutral_7e4d690d07ee94c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\it-IT\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep00c.inf_amd64_neutral_f0d9ddf52f04765c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_For.help.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_requires.help.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_transactions.help.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\avc.inf_amd64_neutral_3ef33c750e6308ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\hdaudss.inf_amd64_neutral_330a593eb888237c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_requires.help.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Session_Configurations.help.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe -
resource yara_rule behavioral1/memory/2104-3-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2104-8821-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2104-8820-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2104-9053-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/2104-9055-0x0000000000400000-0x000000000040C000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files (x86)\Microsoft Office\Office14\PROOF\1036\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\PINELUMB.JPG 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-2.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mousedown.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\THMBNAIL.PNG 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsPreviewTemplate.html 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosecolor.gif 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_dot.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\NETWORK\PREVIEW.GIF 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10255_.GIF 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\HEADER.GIF 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\CAMERA.WAV 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files\Common Files\Microsoft Shared\VC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\VideoLAN\VLC\AUTHORS.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_OliveGreen.gif 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\EmbeddedView.jpg 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099157.JPG 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile16.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\WebToolIconImagesMask.bmp 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\5.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\7-Zip\Lang\mng.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\logo.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\7-Zip\Lang\zh-tw.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_rest.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewTemplate.html 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10307_.GIF 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1033\MCABOUT.HTM 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0182689.JPG 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime\TAB_ON.GIF 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewAttachmentIconsMask.bmp 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_over.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\icon.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099202.GIF 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01238_.GIF 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21299_.GIF 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_Off.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\amd64_winusb.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5b6e51218f4b05a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_wiabr007.inf_31bf3856ad364e35_6.1.7600.16385_none_09776fbee41415f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\wow64_microsoft-windows-icm-ui_31bf3856ad364e35_6.1.7600.16385_none_a0a25363eee12f40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\x86_netfx-sbs_diasymreader_dll_31bf3856ad364e35_6.1.7600.16385_none_a68583f940737324\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..s-utildll.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_cba8045b90e5dfab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_wd.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f358ed81eee18766\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\msil_comsvcconfig_b03f5f7f11d50a3a_6.1.7601.17514_none_bfe4d387913dbb8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\x86_microsoft-windows-n..idgenetsh.resources_31bf3856ad364e35_6.1.7600.16385_es-es_229cd9b570ececee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\x86_microsoft-windows-netcorehelperclasses_31bf3856ad364e35_6.1.7600.16385_none_e1fe941aded5555d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..ylistener.resources_31bf3856ad364e35_6.1.7600.16385_it-it_50e13bd0c915c530\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-mof_31bf3856ad364e35_6.1.7600.16385_none_fe6bb73bc9e20a39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wpd-status.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_06efd698ce3b5af1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_0dfaaaec65b0831b\logo.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\assembly\GAC_MSIL\System.Web.DynamicData.resources\3.5.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-sstext3d.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1432afb7b9ae4e68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-opengl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_524b9cbaffaceb20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab\gradient_onWhite.gif 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\wow64_microsoft-windows-p..lsservice.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e0470e20ded3c434\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-notepad.resources_31bf3856ad364e35_6.1.7600.16385_es-es_79a6269ce8d217dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..g-jscript.resources_31bf3856ad364e35_8.0.7600.16385_de-de_21b4ee41283f5575\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\x86_microsoft-windows-d..iders-msi.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2a35225d7d848db0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Servd1dec626#\9fab28f14be5a0da526b1ceaaa04a4c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-mystify_31bf3856ad364e35_6.1.7601.17514_none_4e37a08175fccf3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\settings_box_top.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a10d2391378d5e6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcx2prov_31bf3856ad364e35_6.1.7600.16385_none_3482237b32c1daff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\msil_presentationframework.luna_31bf3856ad364e35_6.1.7601.17514_none_1a2a55cbce85dfcd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..rk-msimtf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e4d46cbfc094f384\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-netshell-mui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aab9c72954531b4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\msil_presentationui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f1055857b4a2b4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-mp4sdecd.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0016b8d0e744a61f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992\Windows Hardware Fail.wav 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..ingfolder.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5ddb73c774e93f27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\x86_microsoft-windows-l..essionale.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_bc81c6f47434adc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..w-dvdplay.resources_31bf3856ad364e35_6.1.7600.16385_de-de_331ae4f7a8e80a22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..essionale.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_789a038687e73e79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..scheduled.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7b9b82aa242001e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-sysdmremote.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0c53587702412160\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_umbus.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1aecb5602df67cc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_preference_variables.help.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-b..bitsadmin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_606581884a1501cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\x86_microsoft-windows-i..emsupport.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2e8f9dab6e2a5481\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs.resources_31bf3856ad364e35_8.0.7600.16385_de-de_ba19b5fdc1addf01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-n..ergrouppolicysnapin_31bf3856ad364e35_6.1.7600.16385_none_5beaaa2baeec35ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-r..rvice-mui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7aab257fcb5a97d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..cy-engine.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_508fcede0c563f82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4bb6a2c1116afa22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_zh-tw_1dd8e99569324a3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..rk-ctfmon.resources_31bf3856ad364e35_6.1.7600.16385_it-it_22fab47661a2fed2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\assembly\GAC_MSIL\microsoft.transactions.bridge.resources\3.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.1.7600.16385_none_70ac69bab963d474\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\msil_system.web.services.resources_b03f5f7f11d50a3a_6.1.7600.16385_ja-jp_bdb26af015505132\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\wow64_microsoft-windows-t..utcontrol.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5e2636f1c14c7eed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\x86_microsoft-windows-i..onal-codepage-10000_31bf3856ad364e35_6.1.7600.16385_none_240f5e8729f07c94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.1.7600.16385_none_0703ef18cc0efa5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..tebox-isv.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c0c672c7816227ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..ifffilter.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3d4f0e97b16f4350\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_microsoft-windows-n..lientcore.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_386c00971060a77c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\amd64_server-help-chm.saf..oncepts_v.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d919cfebffad4437\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\x86_microsoft-windows-displayswitch_31bf3856ad364e35_6.1.7600.16385_none_ec98071c85cf09eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\winsxs\x86_microsoft-windows-e..ardplugin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e86e68b92763e0bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "EGPKZMQGRDBQZSH" 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\ = "CRYPTED!" 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KYiWj5yFXd01P6p.exe,0" 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\shell\open 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KYiWj5yFXd01P6p.exe" 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\DefaultIcon 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\shell\open\command 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\shell 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe"C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2104
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
299B
MD5b28829aa51a24c0452689df2364c7430
SHA11765a7cdd572757ec40616946ec022e75ca77c7e
SHA256b0ab3473bb61bf150b9112814c51895be2cdc6284a1a0f9e8c04ab62367755a6
SHA51257e6c8f60dbe1c0e2124f918bff16c5b9809be0163cc646f86336f612fc087e70f300e3c80bc3ce2f81c00037cf1bf47ac24f2172110e1b20cb104a645f1caff
-
Filesize
341B
MD5ffe019e61ab357c4891f85abb5676488
SHA13eab2453f5bb691e1c99d30f54d83712cf8e7404
SHA2563fcfe3237ec26e104bcdc61af3d46051ad3a91387c1ca9e2da4aed8821e2524a
SHA512edfef15274e0081d69bd78ee42a15763c6f134cbd28e4b81a0ad9b4c3073130dac238c86bb1fc07863e04b0524a4e8859c7e27f6a43d85abb9774098b0e49df2
-
Filesize
222B
MD5908de2bc98a57f745f483aa2e0931bd7
SHA13fef5eca962a2a654e05cf6bf7fb3f0104311a74
SHA256f9f59447b925112e172c3075a4f4ea6b737b5fdf05cf33159f1fb725d44fe366
SHA51232b7b8e797ac5853029f81905d767f8533a60bbca37660718b8ab76529c881eee543e425ea5278c4dd37c3c2d0a01d1638fe00fffbe00d4d0872c2741d3adf3d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD511033caeb9577a569cd716450ff9cdff
SHA15c7e7455e805c5db3e6b72f5bc5d24c2c629f5fd
SHA2562097e26eee03a26a857fdfdf1c528159e5a9249284aac059d86dd92bd1843b96
SHA5128fe218f09bc9929c715a21ad2483fc5c457426de390bd0e8f140b46e49e3482782b8b1e39eb2414484b83390397a25064170273fd3bec2d480b949030bddd0b6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD58f40e69c0d24b16e431f746d18c2d15e
SHA1c6ad22ce548ad6316c0fa4bff654cc57f0d4cbf9
SHA2567db52bb36766aba3b5ca795ac956a31e064a06322be5861f40cd99692cc270d0
SHA5128e94d9773e4dcab5c6a0c6ba406ebea0effe97a3a74bb7aafa89455b0ea0fcb862c68bfb78c1be53603614b360a334a439356537f3c9755437a649605bb8c42c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD5738d5e8f3f54d5f699e78abef78ecd74
SHA1a752ec36a39109fcc183d0574c95874872af1303
SHA2563ecb95c1af724c801cb2f3d914fa7fc0dcdd909fd304fbb70d131bd9210dc1d3
SHA512062188f829aed7279f14fe9ed41b6a3af5b3472446f559f90da7941e8f9a6eb951b4e22147a9dc069486e9f95e37ee35f45817430301916edb235beafcda5d0e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5ace2fc946c21c16003ff5fcb1d0ac1cb
SHA1ddb3b2d78b7dceffae2b8b6d24243f5c4d58ada6
SHA25657414850ca9d258f4eaa034557838dd9134bce2016c7f7847049b0bd53cfc11e
SHA51206e50d42c3c96ae23420921ebbdf9eaeb0ea135f68422aa4c8886c0011e4c037a30e9cd776ba18afdb79848c7ba781ffba128a576950c8d408943fd7cf6bcdef
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD57525b625f68016d05220d2022ee1bed2
SHA1aa3956cd35c99bfe6dee5cb90576dbbaa24683cd
SHA256c8a862e8f459e70d92ba1a9fd45a1f8f17917a450dcba7059be486c14b51e984
SHA512067a05129cb886abbf39a644811b484fbf33a341f7c8acddfc3aac1e869f8f09b9e1eb055d20e61b7e3c129e31259ecf3e02b239f0bcf05207a08974a9418743
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD5a0d0d21bf0b05f1133220df787f77cd1
SHA13ae916d954ca9e9edb8b3b1877cb320caa50b06e
SHA2562fb4ff2239c9d4b142c2b66c632d88a41e9554cb5bc8f1a245882c4686989578
SHA512b4922ed8af82459542d5ac83c7e264af361ba7990fa44d4642f6562500f5208c059bad9730668f2be8032f57fcadc851eff1116061ba4db5117b370678297bae
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD501902b822231643ca127fa6fab68e7b4
SHA102ba0697e1278238ea88f21948daf4100423c534
SHA256f84536d5b6d4496b52a4a3f647bd5b313e7a213d39e3266ddb562827579cba2e
SHA5122f21cf81897468643dda1aba658240ba13a3d858ca5b412a6f6068107dad8717afdbe91c1a053e12c037e172b83e4b1b56888c1e30c157651b26f873f1e5f954
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD5208de0b3a7c2b121f7d08c02e26f0b49
SHA1b0102d0c973fb3ee7048c96193a26c1c5ef2acf1
SHA25609888624af65a29fe9e319a630c5991b47f005f959868cccda67344e76ed2835
SHA512bafa72a42097cb24b9c590cc156b1907e548861612521273254959bc2830ce4747ebbe5f8b53b2a97821b566e30ee98a672d404d494eb867bc1c8fdc3675218e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD548940896ba43b2e557343a6fc32318a6
SHA1bf8a88d1c3e2fa4c882c299a9424fdff41ef9b9d
SHA256e8441e88e3e33d8dbfaa6f8e718d58253e32f88c83c649de19c1bc3d36152021
SHA51294ab53b16e22c3bd82e015fadc31d1f4877612559552fa04b87f473c7937cf819bab120dc12d6d2848d4597822c49b4a4586adc15ae1bee29e161552d4e1a2e3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD55a732b5b44adb74fdf4f020e17b32c57
SHA17823dc316f3cf1a85fa5d56ef7ce07fa22e1d71c
SHA2568b3cfb4c0b9ef59e0e53b7d961e8117c2aae22206f43b06d5dd59a6c8adf7346
SHA512fa982670c0bd23a15e6ff670d26ecf984ea6a04bdce4d05fb0ce7c455ff3abe9f738ae21e43ce272168351c9c0295415cc0e842b3c303a6a61915b18dc5d72b7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD5736d9277ab02a3a8c099c44f7e0e03e6
SHA11eb0fe2f0b1c949b73c14e4ab401d1a13690327b
SHA2568ad2df4912ba4fec336b41ae644e7fb1ec010e95a720d98a8cb6aacda2aaaf77
SHA51257d31cb297207d47981f23f324eb4c8d6a1beb3c1d5732538ed9a0e90babed96eb6b67938d2dee5f0a52d03f6f877b151e623ab5c588af9a0dacb3e808ac45c7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD52ac9363472b820a74e66a0fdc8013066
SHA11a3fb44feb1170986b8cc996ab55ce873e895732
SHA256c8c2c037e024dfdd4e4dd34212bd623cd41404c6d27041b2b691324db59787ef
SHA512c2db9547bf6e638372c0accc460daa8345066843e8c81e913b4fb123747c7437d20189755ad93ce8d5e1fe870ffe36a99e520d5dbe03ed64f123149f58f391a5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD557f0c1d2e9dffcd42b77ed5330312c25
SHA18aafaf27d3d9601860fc8d8f89583e48373318b6
SHA256c68c6965f21d5fdd3bbd418a2b002486877a2b30162a9995cd6c0fbdf6ef7a61
SHA512ec63c5a09341cf3d936a64a31736e135c81c3878f0bca8a301e08719a85795003e85168337ce4e2ca6a3ac3c63f8e58493f6fe7d5fa40cc861a3b9f91b2a2ffd
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD5b669a7157d1c3241a67822adbb0039dc
SHA1f599f9ae2ced4eea61116bc91c84c0daa18f935c
SHA25624bed6699ac41603bf45b3b863a1960c65e01b0f4a23b7a5f65a7e0287e02b93
SHA51246fccc7cda32b2f91ea0c05790109791e817530d2b98214574d690f6e16f638cd528186af56fb3a1e1146b6cede03030dd4bb6d3919e4300a6467f52a6fa42e0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD5ef6ca8e5c7c86f11d1d47f6ca8604185
SHA197e771ed85ec28312c8e6c6628382c802b79d9f3
SHA2565299b6216059d817dbe3b35aa0223bd4f26580921ff648ff061cb4826f7a3772
SHA512c6b4d310c9d4696c15cf8191c19c20f35c243d85a3e82251bcc4a117f9404ae94b6ad110ecc1518d952617a04b9575fc910e54d4d1a902baff93cd8ff9f22a77
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD5fe2b4dfe7bf65532e8c232294dbf4b41
SHA1cdbdc86ad4e5e8faf62516d6a51828258331a7a7
SHA25617e47dfb83f8839db355d4edc725b3ba793a0f93efa0da0546af3ee53b11dcd6
SHA512a22b5f1e834d1c7589c6d0e8b449f41c53e87954075be3003251d7a7e4d20e1d3dc23570cb846e4b02e983a62bb2970fce9863e556c7836caa7eecc6edfdfd7e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD5afe0d1582f9c59ca55edfb32735e4cce
SHA1626f8b4d8ca1dbea3625d213d430d21003e49a40
SHA256b0ea40603667802505ff49702a2f9565864ddf976f5c6a7a9a98e29260ed90b8
SHA51212bb44f83817cfd3e488520e7a290607b4b694febebe0885ad555d8fe5a4183322b2374b1907c4bcf94546b7f0305087d11fcca74878bc07fd005b72a4338861
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD550796f7db170be8c7228ad9afe86c4e6
SHA1d299887be98233fb49d29560904b2fc9bc9e0f41
SHA256441baccf55b265cda3b1890d80710e4d5f164db366f763929cab14e5ce18fa79
SHA512dca7b95c1e4feeb51bdea09b2ed3bfc1c36d0a24942531043e9eb7e0eb9892aef13e1e554b7e9af79ece194d033bfa2965a2cc0f3b4f16fd9e257659580c6939
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD50475d3a01c163cb6fd6f6d6d2bae944b
SHA194d3862836362225c2c1aee0bdaa59c94bd39a25
SHA2566b4340553e1a9070f94a4becdebeb3016ee7aa0a74db30bc46acc2da7ba55466
SHA51278c8437f76abb7531debbfc634dc119aa532162eb10efa06c567287fb84246867eeadc892b148a6a1bea06de2117f7c37c4a77c8e31df5c8340927157169e4ce
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD5995cb25640d37f92b8c3606bfaa3b5e8
SHA1a6fc80678446b15a62128269067962b1f6de57ee
SHA2569634ce4feb46711164e5576a3c1d6381e6385799b75e254e0a4ac62d0ffda091
SHA5127f39a94eb3d5bbc8e17c1ab8bd94924cbff13685a827c48a625d685a8e150b9f08cf3b320786f7efd67b3a4c979a1f75c5844c3366bf781612317522b03bd874
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD594f23cd41518b85b451e30f573cb2877
SHA160442f5667a9ac10a87ac2d5526608f3af7fcccb
SHA256d1860940f2672f8ee9df1526247dbef8eb58b7ab2c3489b438fb8225971c0e64
SHA51235c9e2eaf5a3fd420b0f5a85262a92b40717a0b4f3d5e1b6083fb9da8f77fe1b0f3ba1017fb6bcacbeb80b435098afda82d176e3367d99ac106417e2523abfa1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD50327cde4692178cb9ea747b71564a4fd
SHA1329ea497453277535451bcafeaa399fc0da595bb
SHA256d7b55732121abf6b7602e85bd50b74ba3641a76a768b1215010bc62552e0ecd1
SHA5128a6c39ead090bac619ff5a7b511841301ffd0d97b64e54f7ef24e2fe4f61e0470dddc7ac984da68b7ab20c6831ca225d30513a606072e6249c0819dd8baf759f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD544130a125e3cf7efa7572831bc0946bc
SHA1455d0833bacea948592fd0bd1a05b2b2d3f6e4fb
SHA2563fe90f27a2f44cd7d9dd96d35c68204757cb496fd76bc90f3b0290cf40f3e2d0
SHA5129dfa6a37bf367177fe2cf6383281ce8115f19d44806fe4e578f8be4e7d85e4ff91b8198151edaf564f316623d430b5259fd53027a1c0a98f45b56aa47b70d9e4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD5f08bc94fd429fdf68e7745a28bca344f
SHA1bb999041afa2aa254d9197f2643ef47056f1b531
SHA2567439ff9252ac211805769290e2e674f69016cf71f0f10c6a3e8865c42e517db1
SHA5128c25a9de7d697e85cc1b2aadf9ad7ab8297c169d29c6a7949c6249da5d8ef9e05253497ceafeaa42432272f86e70f11a6e46737f60f41474b7a38be4b0fccf13
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD587545ff0f541ccff91dbaffbb35b41d0
SHA13f1053c860ea5d5e3c2f6a4d7ee99074d2c0bcab
SHA2568ce773dd8cfd0cf2952088cd295dd1444734deaeb1f537d69b15a6f1e744f580
SHA5126d07f7914230638b6f9aa6c4283f54d5f0073ec377042727d04901e25542393d070dc7ab8bc7c53f2140179662674a2fb5929bbe308bb8ac94e4e699fd82d637
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD5c54e6516d60774c41bf33632d856785d
SHA16e8e7ca0cbc7d04de2da757916c2fd30d275ef6d
SHA256bedf996371059475314609fcfaa204b7a3c04948ef23fc10068afb3f05b4b65b
SHA512f194070a4798703b46b89472d3ba5180e170e54fa3bf5f6e9fb9efbf7838c3bc38deb691041771b555b543a81c37f39f4e6f5a2d902d7ee4e20e252787892772
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD5ff914c132a9765885a9e02fd90b931ff
SHA183ca3993b16d708be226965730c7b27d269d88e8
SHA2563f9f5b4f8a25ac8ec65cb2840b37db4ec47be54a377f197ea4d64576ca6bd8ca
SHA5126d489256ec936734f117d47fd2fb9cbe108a8613502b521f34c5f5c2b3eccf3e0f3fc884235037dd2cfbf3ff27f59b266cb23ea3777d0c16affee3ed1fa0f035
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD526bad873faf1b871c033bc9a96ee11e4
SHA1e34ed73d06b874b1cbd43285dfb01765c68419c6
SHA2567a70e2e3c717bca7a8500a486faff2bd037bfc00b3af9f960bddd938c191e0b4
SHA512a948342625dfc0944c59a936cb743493e7028da557e3f8263a81c6e32d63d1dee124294c202afe924562f68216cbf40a73802c29f75a46b76b4ba86c4a00a281
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD5b54f773e4444d7c9169947ede8750a4a
SHA1191ef35642aa870ade3bfdb122509e4cbe66702f
SHA256dab1dfd88e39fae75c40c6c08fbb06ec001b2ad91a3ea06741659ba1858cacbf
SHA512f62da12d288dfe3a326d4e6e099f4fa564e827f4a527ea1796128a77fc91f5c0792a2f6bac2c21e033f0f976817a05e779374093f33bf7a7412278fc088bd3e1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD5d7e7a719a8e24f172dbeffa06a190c30
SHA114192f875a04bc2453e4ce89b04710076810fea5
SHA256f18a20671986b7448e82c69504d67ff80c2d24b39effffdd1547913f72247888
SHA51290d45d67904bf8aa67d77eee718711ecfc90afc5b9ea91f744c59a800a073ef114f8dba41edbb3e5dcf40d7e8efe176d780ddd8857a82a687ddbb865eeed0d1c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD5d7b83fbb366ddb9f74602a00a3d0cc6a
SHA17921a966f9ac06275f94606c72c0aa9477ee5d9e
SHA25677e9ff49264b0122605f991feb005bb76adcc29814c5377d9ad8c58d1a660e90
SHA512e0bad0cdd667d7202077026b8ae6405a2b799c8b315d694e469d8198199b8d19b6b300426de6c1af8d45fb11d7367ee10c302ab889a252029bf3e0e233ed276e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD526d4dedaee75438fb2d2fe1d247e9345
SHA13b741dc207a6c46a699a8745c67d034ca2a28a51
SHA256f6f96f412a6d8ddb03b82d0caa84747b8b777cda968c2e4b2d1915cd81eaf5b4
SHA512ba84ff061283df7eaf4648dded6007fa4324d80cdded465feb6aa42fbfa15c7992307327cc961ea6f502133b5bbd99c7ca7bf92d43d311cbc43e00605a29745b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD5d8d036fa9ef16752c713e35f5e5871a0
SHA19ea852179888ab56f97c2ee849d32d312053bce6
SHA256dbc438ca67d262360bfc8712b7cd69150494ca21408b8ab15fa879b86af48200
SHA512406009b492ecef65f07b1d9722cccd9fed3d23ceb3ac61463cc98143bdac7f0c154035e6bd5ade4d55c960a3fa63fae9c42c6705fc5639cb66da08b1c80c8899
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD5f6fda4cb190f4ac4ab2b5525bb1d94bf
SHA1af32d2c897f4cf6c6718b889d090eb620c441654
SHA256dbfe259772dd54e31e97b79d2a7db9d7b41f8605016077dcfa2ce162ccf67423
SHA51239efc74f12a243b92441c896b52a8b68802dfd220d6a067d054f62f6c145050f0e753e47fa982a88d2a217a626db53978c3ea0bc0e0ae4f189509c2950a96284
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD51600a40472815d6dd83242a6c65808f4
SHA143a6960e29e7eee0cfc50d992f9d0e22d4f93609
SHA2562e7fe4ebeaa07479cf6f5cd8ae7e8d668a660929a60c12dbf74dd8fc9150cb71
SHA512860590433a76422af37849276755016a3cc5528e86ed2c8552fd66380c754f3791c59c732a5fbfb74e43fac632f23f82973d7a0bdf759e0e3762d3446b8a1c49
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD5e4186daaba22bfa478dc51a9a160b5a5
SHA1e5962f35adad84da9c3bf7237e635c72af6b6e4c
SHA25649ec688c48c3ef28bed9660de39f64c3663fb62af7a849a40e78762b86ed0e09
SHA512449150afb19871f2ad7524933e7d28cbdecab6bfcfbe1743d73a9ffd20fefa130031d591b7aa845519f7e48cc125ef95dd40ee7cbc4b7de923d902fbc0a2d373
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD5a6926840f590a909b084a1a8d02b9256
SHA1e4c097d72d51202eceb414a344644c8d90d966d9
SHA256db77731fffe53a2961e976a8b9a463b29998c243648da8349ce098bdd8635625
SHA512da80893e100798ef51a07ab3f3a8455508d9ee7ecf59b729cd945ec0aa82931a8b0227d6eb3437721b84225fd3354bc56ea989748313f6b15a45dbcaecaacb47
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD569b6d2ad6c4daa2ed21198224a37be5b
SHA12326f4be3af23e3503dd056d5e866c1adeca768e
SHA256e039a34aaab9194050b4828e9a5f2713a4b078bffed66a56a09663ee9e1d5544
SHA51220baba0abbb8e390576dec02b74d464f28ebf7a0382c929dddf43b6a0a1b09ef586802a0258517b185a75f5cfe89cfcf604cebf7cc504d9573a9ce3e30897848
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD5503e7746d715ad64ef1f8c02685de687
SHA1018a39ec07a995e5aab9c6aaf2d2a547f7f96a80
SHA256b3cde8261a8b1144dfba62a13b53db75706927f0c8543c765ec6372954ae444a
SHA512579a0450a7b380d32c072e7cad88613c913068274495ccb34a316210f7e3131e480c2541b0487ade42793a6665da0a6514a759fbb5ec06db44857910d43523f2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD5fd16bfdfc3f011ff41455d9fe6723732
SHA1ac437bb579263a60f010b57b891481aca864023d
SHA256513c5af4a335e5f40dc46df8a8db403cb7b958f9800156ee870d00d2ce9da2df
SHA512a67e5ca3e32bf6a1492b863eb53795e64b2501d64cde9e9f54e19bc1705ad97d0ff04538b03246c40dbd4bbb32917d5fd3523257be0ac5940721fae891c47e10
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD56ca3041ed3e7f4e2ea1ff32dc13f0e16
SHA13ad6c72bc7410657983bdd036545ef705419d765
SHA2561f5132c8886aa9dd43f1fce7a9aec89d117ae1077010df52b3adc43ae94091d7
SHA5128361ca578c404796bb676e3b905a83efbf8bf596e102df17d3de13a6c379e309cbe788b7e03d5702d46d5ff507a25be21c9e521902d666be5d8d89e77fac7f0b
-
Filesize
580B
MD5d92321254ccdba68458180940c8bd3cd
SHA18d26fe3829ec31c00ce2a09d9a9a3e85f8a3b3eb
SHA256a98a6375b9f5f1593ab590cc7d20c55453ecab8fc08fdf5ad4b240a2856dda5b
SHA5129bf9d1684bda3baa0bd9848d0466a7c505a606c7552f7a5e4fe14331c954a2593614c6e3dd8119d93bcf837f129b56c947a602dff8472d43bd5a47abadff1e7b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD51715b76a1f99acc23638924078a25f37
SHA1bbae72b14eea92a66870428d0c6cacb2872ad1c9
SHA256f17ae9b09c89b493034d02aaad4726834efdb91c14e8582f2950bd7a2c17b056
SHA512a6a5cb7a53cd1e394a7b324909f21ef663e9282be6f533449a7766136abe33791696d6838985c8445d8ca48bdc5ed3563b612cf20bb0c372e47f3b2aaa30d4ca
-
Filesize
625B
MD519cb483fa74c8d56e0ee06c8b8379d59
SHA1fd444693c5766aaa8e1fd04da78dfea691dc55e2
SHA25655b86800dfcdb8a458ceec95ce92f2c633e45282dd0dba81c2716ad7b24b6dd3
SHA5129840feccd5885d84c6eb23d3c30a69a62c422d5cb6e5ed12ffd88030fb753b2563d355fc92a02b32aaaa492ffc65afc3e9d8bfe18412301472dc1abb831d1ff0
-
Filesize
873B
MD5ff9d48a5852dc7119047d5463058911f
SHA1a66711e67e693d5ac8d9faa56f028a0b71aff100
SHA256cdc388bafee9575c6441046d276ea009ad5899235a8505b1a8d87dc4b86d88ff
SHA5129a4f2eab06a3b4511d8f6000ecf560d903a221c822b08a719305598b5e5b8b779ea195d85370d1058653a2af3f35e05363d1231f9a2e6ba95594f04c627db0ee
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD5660dfce18e3553d4eb0fe9a9c742b8c7
SHA10541bcc091e513bf63f66d22f1138a01c8923ee9
SHA25669503202b210f7d17625ad2149d6a355169dc484cc984f07bd226ad89cc8c6fa
SHA512fe25639d25ab84ec4e90d30439a28c3105b1b5d6c75f0344c7409324e247901d95e1f13d1ca5eb9436e4c794dd7330334de1e5de666e1d82c880ad2e963328b5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD5fab24f0196b783052b835cfac43467e4
SHA1653f6ebfa2a91065971c52c2840d11cc1e438398
SHA256ec3e386fb2a85ac7257e05c60f8d3ce84d9a30b2dc4789c2e6631b9e81fc0339
SHA51267601d1d56728ec1927c6dcfd27a387bbb88fef3f41addfca1336049dd3714328aeb3820d650d9844a29393fb064cedda2d2ab009d97bc748951fb841f80d068
-
Filesize
615B
MD50640d2f3ef7cf477eacb4235cfc8c6fb
SHA179f0eb28fc40a0bd73e787843604d11beda1cb7b
SHA256e739a77b184d82b16517ce2538e63f4864922c5157840a4b2af5f5bbcd163e2c
SHA512cb1b01bf8071d199aff34b05837ee723906c56e48afefa86622a8a5f5899ada5257e1e1ec5f80ec6038910d5ed86af4ba3b7c3f2b7730660eb1f62e5de46a95b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD50bb6eefa3954c4ab5d9c7996923dd970
SHA14a3c88791c7f38f9e8f8af618df48f426c8e8d5b
SHA25627cec81cd638fb47fac81fccbf21ae4e22ad616d04a96c9870db8d3685cdf105
SHA5123fabc5fd9f17de06dc6e33212f41ceb1329c46937eac7a22b17f8ccb12940c0d3ecd0ff8bdaa402f0da487333bf558bf2acb356f1eb9da021753e39fff7d964b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD5f225ddc9638a2d1b11a53e9e98021448
SHA1b73906332a22763085fb4bb15dddf5d74586b595
SHA256aa25b8b874b0c1bdcf854592d82fae4469809d20a8e61db490fff1ced0bab912
SHA512ae93ee0bec8a4d607009f1e33ea79c7684387fea481566787f64623d4cb082e0a4aed87dfc820ec2be3c6ba44a1e89d6c79fdd942e924e76012d009e8ce32734
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD50f1965d16a525b3e8d944181917296ee
SHA1ed17a1be61349f36fb0a163a0538a04fc914aea2
SHA256997bd3d613a978ea70bd9bcd155ba68afaedc1605eb5f8facb6b2e3eb49fee82
SHA5126e111e13ea4ad321e230df174930fa997876a5541e610d7863ddca0c9549a3204e96ce15bc8623135e7abde789497b2e8c8b9779d239d1eea378e4737dbd2d9b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD5b0150f58ac7302df844f5adace0e701f
SHA1baed9bf1c8a7422b539dfc26148bc4c1ec6b02df
SHA25669af0f20971a938bc479a93278a00d2032053ebcea78d8236e784a12f4cb97f0
SHA51208cb20a4b010f6abab23a21056ca74007f95f15e78aac959b292dea5556504991088862523f8478ceb73c2ecfd6fe9cc1d733de438f86b1f38bc2e92b3405659
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD54dbb5a129a0e5065c435415b8f6b92ae
SHA17d85a63151e3d0bcd52bfdf91fb318c2e1f2aa81
SHA2560a93380b9e06aa5bba122345213afd6a4732361827450ec5edee221cb2945f3b
SHA51288f9e02437b8c2784b36d0bd25ecbc4dec7ff4908296e29114b7d27de5b924852dd172172a1dbd637a39caa8ab56a416789de7483a8426a2e219e837c8ac4c11
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD5392dde70a6a2f09030a1b157c1b58896
SHA120dce5a5a993bd094ead12005824eb2fa87b958f
SHA2560af42ce7f7f212535db72956833f076bef63482321f4a9c03b965594e0ab23b8
SHA5120108ffc34450a8ef27fb3e1711ba9d123c3cd056e7951fb30a7e58d6d26bc2fdc5432c8037732e7d70da9f95adadb3d1b4dd461e8fed2a742c6fc24e1e7ef61d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD5a69c53ff5b46f4a774e4b1abcf3b5c2f
SHA1d6cd5b92e0ea256fbe9443db7577001a63189944
SHA25699b9e0b47301203215de76531b67bac8f0555a2c4d60346d4c80bfac189c602b
SHA512df3a07109ddd9c921e94fb22a7410b3163aa0cc74207d14ae8d0d39ba98406ae8525c46990701b04b69259835eb7f6babcd20922858cc0a203b07dc963031389
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD5a98afb980e56b2a55d58dc8d13d83af5
SHA18fc9e2b80a5254ce0bf191c29e394d770586d4f4
SHA256d13bb032c4cfc14225804e142f649e8827c7259f1bccaecc2939088c9aceeed2
SHA512030d83f02e5bcd1ba231bdffd7456c5e6bf743b7683816d5813940df979c452053f45509d5f8330d54fa675c10f6a6c92cc33d5b90c547fe14158e8f156a0764
-
Filesize
153B
MD5c41678dd684bf06e53a6245b53968128
SHA12a027bf562fec840a1254e9ba4c48029ac7879ba
SHA2568b46f27c26058882537eb34553d3d54c7a8c31c960286c16c95b6d90fa81aeee
SHA51231016a9419edd42cc14d1f4e002380ac65c6d686e62ded7ad1e61dd507ef81930ccd2946f3bb54d0b2de16722e6b707043cc7fa8cc4f7b9aba93ad0f6c92de9d
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD53b1403c22bd7611593a032024d74ec50
SHA1b09751bdf0a8ef6c32428a20483530db5a429830
SHA256920b424fdd13306ac01ce4b7aaa9f11501958737650771b4cadb90e9d69772be
SHA512d6c34859346b6ba3aaec2719ed6cd12b3b98be2cc8a67d539868453cecbd9ff2a9f30c750e7bd18948d9850ba6d5e32d20cdd58efc2db35fa9a34866ba0128fc
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD50e0e5839556df9e904504b261ca5e5be
SHA127ea17a924900e8ef680e0f81508a8fd87b456a8
SHA25604bac402879bac13719d12e992eb8c877455089db1ddd5186d356b1712f6b2ff
SHA5126ef95a1ad5664a77edafd25df0f021657963267477573d05b27f8bb03df320f3f90d2ea686492798962641d29c0e9c73de2299220bd66eb25a2ded2c560eb9c9
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD5cc302202b2c12a88b06b97f151a226a5
SHA176a7d71200a0eb54d0ba3c0d77106436da863b98
SHA256eb9ce9d755191c3d605f4eba3226270fd05d053d5a1483fa01200c4019571771
SHA5128b9913b719ac2e610341ae0c4f1343ce2b0162e7ce42a69e99afe27140f1afc1485142ba43101dd7359916cc42f516ea7542b0495a19748b4f4d4e9947936309
-
Filesize
109KB
MD58cbd3f245d63ba98961f0c62e7b3c109
SHA1b8bc3d81a0444e217a027ea8fd96e068c110d790
SHA256e3463ed21321e58fdb158594a6c59dfeadd030992e5acc11fa2dd16dee5be4d3
SHA5125a788eddbc8adaea37afcca036ff282b68d0335aefa4fc975ce72164a19eb1a3af2be461e7c8beea9cf1dc6b6d38a6c270f5b575a34a2bf3c99a4c03a99ab7cc
-
Filesize
172KB
MD553cb5133c51d10a2591bed7d459131ba
SHA1441787b95798ac59c84a24d8fe3a623961b18ddc
SHA256d1b92ad38ac64e056cbb672d070bbf0848214510cdc4a3764624344278056604
SHA512a23942d8479d82eab58b0f0cd403db586094cb4c52b5b9b6f5a2c4c00f53dfa435db7905ac0c759813f062296c6fe1b2fcb70e52133d480d739b51194c3a88a5
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD51f6610718bb7c4c12208478af70b8313
SHA17469149a60f41fb362d4b06d136be6f06e3b077b
SHA256c763525e208cea91cd8cc8803ee0756b51455c2648f4a19dd11bfc20ceaf6e94
SHA512666bed9ea6c8fe7e783b77aa26cccc957b61ab0728fb11992e625d79e3f5a9fdb3fe9aea67d43ea55c31c08bdb7461761cb62fd18620e6c44059c66db64b3595
-
Filesize
21KB
MD5215a0341a30a24fe9212d079a9b771f6
SHA19f3b1f436d9dec24586ea21eb8104d4619107e64
SHA256abb6067afa90ff3508cabd61f9ca121d0f9c90507fab1b76d10f6331999d5e12
SHA512dacd58c8c6736618e535e38d2e7161ffa010263fc1431626abab931623a5b203a1a0540afb0ef30bec06d88d3693d5602fe6f798b77100c24c0a80495e4a19ef
-
Filesize
1KB
MD57601755b5dc9a5fdd884aaf45b1153d5
SHA198cda7b989d5807347f654ad8cea8761531b5b7d
SHA2560c05e957dd1849724941a1e1e19b200de91dffae39a65eac2ee5a2da648646fd
SHA51229504f0c4cfd106625367d401ebce2238b2e7083546e667627dac42bc3b41ed326f5389ad2137821a62fe02fcffeccf856515cfeb6f4eabd05196c36393db477
-
Filesize
952B
MD5958ea0e3c3e4d9d1d0b14347588ad087
SHA13cac504e31e2873705bdf0ce0d2a037a3f842195
SHA2567b834141748e5b88b22e7481b2a02058875a3e784e20f773e04c676ac88223cb
SHA51284cad66f93a1fe6464b40afd3f6a5be62342e123e43e85cda773a8362594a7c6d0395eaed80fe3ef9c7e2aa807d4bb9539c273ea2aafb2266239e3ef97dd982d
-
Filesize
121B
MD5a5b2a9795e86ed6a3d1e0609abd402af
SHA1c4c26660daf86eb2fa74af68fde94acefcac13cc
SHA256a7c8a59ea1a7b08496b9214a33c28177f6f7c7e9749fbf0660527f72382f443c
SHA51245d8c2f92a62eabc76f5bb30da5b36ada7ad2374aa0971ec38b87488e9fa986ee1b61c18998015775df88048bf673e94fe74dca3a1cefa8e4ca6a9817a79c513
-
Filesize
1KB
MD55cf7971f5124a38214350c465cd3aace
SHA1cd4e0f6ff4e19d2475b303d8f9c5a186237b8af4
SHA256076acf7238d73824dbe55ab10e2ff8916a4e03c5205f46e59905524fa1650641
SHA512735fe04c4e0d436e36255b5f399f66db807d280d627e55ec931da7f022136b3f6cc8ea56102e46a674baf0d2b6844409bc06edb092128cc43f91bc4ddf89ef1f
-
Filesize
8KB
MD59a21d6541be97f6ae6b0ddbf5a39fe88
SHA1500855f31b919d5f10b46b2a3807c022e147b9ef
SHA2565b6af7e20b6b90c44413900234e9ebb461679e9017c2b52f2f063c416bfbb96d
SHA512eda142a3042cec239453f653f92d3a9131ef1de39a6fcca641a6480c92e1a056f2fd47d3c89ca2892fdbf3558425917b3746b25056cb77bad71eb80c547e5c07
-
Filesize
914B
MD5722240bab399566bc270306f9df8600b
SHA19132894ed87ceda4a1f66e6d89ee502d57bdfb08
SHA2562c2636a6c3c53631a37e5aee914478ac6a224187ac6d48be5a9b9baa7c6e5fcd
SHA512fe79a9826ded6be6ed8d848884dbe46b7402567794159b8112a549ff6a59869afd5ea19d7cf5a39b8423bc3ca57d31ad6f2a5ca4f72acaac7dfb60b8f9e627de
-
Filesize
90B
MD5435a7d0a8ffb995138b68ae1b83b0103
SHA16d58d94d2588688f35c0eb74c4f5ba7efc50c091
SHA256eb363739f1a3552750c219cce7c3412ab5f437ae1ed6cac3b53adf5b0620a232
SHA5121921f0b80bbcc5019cfc4993072bc7878d9399e84cb20614f807e18f45221c7d44d21fdbee1e30df8cceb0d0f68f0091e49bf1865eebb575ed757d820326757d
-
Filesize
90B
MD5a4858bdfc6a8c2f77c7666b9cba76f0c
SHA13d6bc50e18d155c41261435546c028e9bfac5d9d
SHA256524d28a45b8635deaef0e96cbeb656e30e3c2a3089519d3c0b87ebfe1960c4de
SHA51292d56756f47453801b0645769a4590fcf2e03847f054f65d875c2c6e891c34b7b379719e8096a804a41bb5e9697fa19dd7e2af79ec1430430db5ae9214140b66
-
Filesize
328B
MD515d544996cb9c3a47615f5de052ed8ff
SHA133e535373ccd36515bf12e566df82c477e413db7
SHA256b4e2bcce0b715f490ad5977f0bcffafebc9c1558c42a6577d2baa074498ffdcf
SHA5124a66a869ca1fac68aab8730f2bc559468db138204a4dfdc1be760960fe5d5a1fb755ffdde9510f748820b9878ddbe54be3c56365191a3cd7d4e374ba5cf4c846
-
Filesize
1KB
MD5fb15ada5b4f7cd0bcc8d0af4d0d7ef7b
SHA1253aaf914b4c6a5219e7ba6575731d6358cad098
SHA256c43e561058463f7264a3859e4a700bedef54dec862ac1d264082736d6327d933
SHA512fe1c7ebe96a5d65cc25c3fd2ae4ab311115c076c770cad3cd9cc25e9f7b294fc4ca4b2d7481f4516cc6b76be0b7ed71059be07694a4506f9665ef7dd41ee1867
-
Filesize
162B
MD5567ba6759c00c7773e2a2423da61089e
SHA1cf4272372a4c1337abd399f17f051f9b6e20d846
SHA25683a5ca5ac43f9ccd9c705802d8134cdb31f6095a903d4b7b03381279c0c542ba
SHA512cd13dbbb01b5468a0634f1bd406fe65643dde862259d7008433894275d64da1985c9bea6f69656611a17e5cba0694e336be84bf43ede1ea1a38ee0f78454aca2
-
Filesize
586B
MD5fd41b5253c55d14fd75253b1e2639e88
SHA19fe76ee44322b2ab4908ba50a286fa3baf2b27fc
SHA25603d00a628dbbe8a63f9948ecc618928cdc37fe818b9b2208fafc6cee31e191d7
SHA5124a8d49245bb7dc3b86ee52bb0ec9fd4435150d44700e94d650f574a77857a91f4af95d734ccb3bbbfc54fadd0c0bd76960599213441bbb3e57daeb3cc26794b4
-
Filesize
124B
MD5171a23b90edbbbc9781182967397e2c6
SHA15b0f85aa42410d06e375888ede0c335deb8f2c7b
SHA2567bc1e27c44ed401fddf1b63799e45107c830ba8bf39d0eb953614a0c4991b47e
SHA51216fa5d38732019292a329ced8b136f30b482c449fd2c28b8519dbd848d12bef66cc5abf6e8f30c1c65f9fa86447a41a92e10d6c6e04ac7631e8997f1acadbf68
-
Filesize
8KB
MD580fd59f8c4eea72d54b11547efc6fd88
SHA121149de9c5e9b6187de1a66b7de1c8670ad0904c
SHA2567094c18efe63460741857977ee74b454a0d7eb7238d9f1761a9880f9313cabd0
SHA512dab9abebae58b1e55e6b083cc0d471cf07e57fbad7f033a5bf62796d5921c1fa0d8d3ca863c12983c7fdbd00a4681eed6b9dd08de79bbf9e914cc2d8b49fc300
-
Filesize
880B
MD5699f2fe8a792fa2ab89e49233d47875c
SHA1ddb5d48ccfca7b02203038c68db3e3e50d66d655
SHA2569477a12bc94c0e94a243db6d5de6328d3112759ce45b10ff7ac34ab0fb67441f
SHA5123e2d15ec534cf8e1e4ce2c7a4ee01b0e7c18b6f6ce0901e59aaef3ff9bcdc70516f25672007e919464c7285a47efbe2c8a25bf3538f9ce0645ad53233a4e8804