1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0

Resubmissions

17/03/2025, 15:15

250317-sm4zjasyg1 9

27/01/2025, 19:46

250127-yhdvfatnbr 9

Analysis

max time kernel
154s
max time network
245s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
17/03/2025, 15:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
Size

3.0MB
MD5

ea128897b942f50524dee89eaa28602e
SHA1

60b79bfdc7e8ff357a95ce0e5d18d7e69ecefedb
SHA256

1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0
SHA512

e0acaf72e50852e708cdbbf936dc884b6c126c0217e41f7125439c15befea7e0c201509bc928381954374f2a6295122fd5614787d9fc5459766f757dcd137a84
SSDEEP

49152:/Q8W7cWu4TqnEU0oMMQZA+Hli8smlmzowBpmKn+2ZlJOtMC2eiCDUSZk8F/gOedr:/Q8ecWTUbrQ7lSawHmCJ+hDUAF/gO497

Score

9^/10

defense_evasion discovery ransomware spyware stealer

Malware Config

Signatures

Renames multiple (1011) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Renames multiple (117) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Renames multiple (135) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Renames multiple (170) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Renames multiple (175) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Renames multiple (337) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Renames multiple (742) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Disables Task Manager via registry modification
defense_evasion
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\HomeBasicN\license.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\UltimateE\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\HomePremiumE\license.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumE\license.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\EnterpriseE\license.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\HomePremium\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\AppInstalled.gif	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\StarterN\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremium\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicE\license.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomeBasicN\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\StarterN\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomePremium\license.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Windows\SysWOW64\WCN\ja-JP\Add_a_device_or_computer_to_a_network_usb.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\UltimateE\license.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\ProfessionalE\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\Enterprise\license.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\EnterpriseN\license.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\Starter\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\Enterprise\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Windows\SysWOW64\es-ES\lpeula.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsOutlookExpress.bmp	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Failure.gif	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\StarterN\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\ProfessionalE\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\StarterN\license.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremiumN\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\StarterN\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\UltimateE\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\UltimateE\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\Starter\license.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\en-US\lpeula.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\UltimateN\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ClickDownExpanded.gif	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\ProfessionalN\license.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\ProfessionalE\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\HomePremium\license.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\fr-FR\lpeula.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateN\license.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\ProfessionalN\license.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\Starter\license.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\eval\ProfessionalN\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Windows\SysWOW64\WCN\fr-FR\Add_a_device_or_computer_to_a_network_usb.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Documents.gif.@D0glun@gif	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\StarterN\license.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasicN\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseE\license.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomePremiumN\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\Starter\license.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\Starter\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\WCN\en-US\Add_a_device_or_computer_to_a_network_usb.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Failure.gif.@D0glun@gif	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Users.gif.@D0glun@gif	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\Enterprise\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\StarterN\license.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\EnterpriseE\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\fr-FR\lipeula.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\StarterE\license.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumE\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasicE\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\ProfessionalE\license.rtf.@D0glun@rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasic\license.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\eval\HomePremiumN\license.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\ProfessionalN\license.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg.@D0glun@jpg	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382926.JPG	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115867.GIF	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImageMask.bmp	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309480.JPG	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01268_.GIF	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\InactiveTabImageMask.bmp	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\flyout.css.@D0glun@css	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\VelvetRose.css	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\localizedSettings.css.@D0glun@css	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\info.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR19F.GIF	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewAttachmentIconsMask.bmp	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\settings.css	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\15.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115836.GIF	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files (x86)\Internet Explorer\en-US\eula.rtf	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GreenTea.css	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back_lrg.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14692_.GIF	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis.css	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_down.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_hover.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\localizedSettings.css	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Maroon.css	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\30.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tl.gif	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR45F.GIF	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\weather.css	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382948.JPG	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\5.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_cloudy.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\calendar.css.@D0glun@css	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Full.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21311_.GIF	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_up.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR5B.GIF	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp.@D0glun@bmp	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD19582_.GIF	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME44.CSS	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_docked.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14538_.GIF	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\prev_down.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\0.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\ClickDownNormal.gif	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab\darkBlue_GRAD.jpg	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1\prev_hov.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\cronometer_dot.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\settings_left_rest.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\27.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\docked_black_moon-waning-gibbous_partly-cloudy.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\Globalization\MCT\MCT-AU\Wallpaper\AU-wp1.jpg.@D0glun@jpg	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_right_mousedown.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_4f7e32f76654bd3c\Peacock.jpg	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-o..iadisc-style-sports_31bf3856ad364e35_6.1.7600.16385_none_c1c84490c211896e\SceneButtonInset_Alpha1.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\39.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\Gadget_Flyout_Thumbnail_Shadow.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\graph_down.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-huecycle_31bf3856ad364e35_6.1.7600.16385_none_810df6f57d9f2a73\NavigationRight_ButtonGraphic.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-o..isc-style-videowall_31bf3856ad364e35_6.1.7600.16385_none_f0f97c9a09073b00\203x8subpicture.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\14.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\Globalization\MCT\MCT-US\Wallpaper\US-wp3.jpg.@D0glun@jpg	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\Globalization\MCT\MCT-ZA\Wallpaper\ZA-wp6.jpg	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-shatter_31bf3856ad364e35_6.1.7600.16385_none_0cd72f8900478c68\NavigationLeft_SelectionSubpicture.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-memories_31bf3856ad364e35_6.1.7600.16385_none_51190840a935f980\background.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\flower_dot.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallSqlState.sql	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\Globalization\MCT\MCT-ZA\Wallpaper\ZA-wp4.jpg.@D0glun@jpg	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\play_down.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-o..tyle-resizingpanels_31bf3856ad364e35_6.1.7600.16385_none_bc51073aee3391ed\NavigationLeft_SelectionSubpicture.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-o..yle-specialoccasion_31bf3856ad364e35_6.1.7600.16385_none_01242a21ddccaf3b\SpecialNavigationRight_SelectionSubpicture.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\activity16v.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersistSqlState.sql	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\Globalization\MCT\MCT-AU\Wallpaper\AU-wp2.jpg	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_right_pressed.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\square.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\btn_search_over.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\SQL\en\Tracking_Logic.sql	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\trad_h.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_0dfaaaec65b0831b\drag.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\modern.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-rssfeedsgadget_31bf3856ad364e35_6.1.7600.16385_none_ab6782291b0ca7be\buttonUp_On.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_corner_bottom_left.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-memories_31bf3856ad364e35_6.1.7600.16385_none_51190840a935f980\Notes_content-background.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b\usertile25.bmp	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab\headerGRADIENT_Tall.gif	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab\selectedTab_leftCorner.gif.@D0glun@gif	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_0dfaaaec65b0831b\icon.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\(144DPI)alertIcon.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-huecycle_31bf3856ad364e35_6.1.7600.16385_none_810df6f57d9f2a73\NavigationRight_SelectionSubpicture.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-pets_31bf3856ad364e35_6.1.7600.16385_none_d0d7ee773d711005\Pets_btn-back-static.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab\selectedTab_1x1.gif	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-o..c-style-performance_31bf3856ad364e35_6.1.7600.16385_none_1d8aecb671a2bda5\TitleButtonSubpicture.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1\logo.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_4b7bf556f6fe4db9\logo.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-rssfeedsgadget_31bf3856ad364e35_6.1.7600.16385_none_07861dacd36a18f4\buttonDown_On.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\circleround_selectionsubpicture.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-flippage_31bf3856ad364e35_6.1.7600.16385_none_0f19716417635239\NavigationRight_ButtonGraphic.png.@D0glun@png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\modern_settings.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_4b7bf556f6fe4db9\dialdot.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-shatter_31bf3856ad364e35_6.1.7600.16385_none_0cd72f8900478c68\NavigationLeft_SelectionSubpicture.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-flippage_31bf3856ad364e35_6.1.7600.16385_none_0f19716417635239\NavigationLeft_SelectionSubpicture.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_left_mouseover.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\main_background.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\calendar_single_bkg_orange.png	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Desktop\http:\33333333h45xwqlf3s3eu4bkd6y6bjswva75ys7j6satex5ctf4pyfad.onion	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2364	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2364	AUDIODG.EXE
Token: 33	2364	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2364	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
1736	1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe

C:\Users\Admin\AppData\Local\Temp\1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe
"C:\Users\Admin\AppData\Local\Temp\1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:4824

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x524
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2364

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
352B

MD5
9a62d89244698242136d805615f4da82

SHA1
9d6058707585bcb90b3b3ae81fa2c2385a186744

SHA256
398bcab14d5079ffa04f2d563cb37dd75ed987dce43c8e798829b893c0b423d4

SHA512
72fa0e46a5af5c3716bb5c12d142f187e8140fee77f86e68667485e095dda2368f5d7279d2c0368ef0599445c0ecc76dff00a9063b4327f10ede668a50a4837c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
232B

MD5
45b0f6bf35f1569a00e9679b727c9af3

SHA1
c63fe73f9cc9c06bd667e896003afa03894062e6

SHA256
e46ade65df1f9be7f6603c5ab0c0c5021a1a8db48b90c1c4614968d8a249470e

SHA512
da613c325f52e0907fa0fbc3819b072d6068ffaaab40484be91f777bf9b84f5fc522c5d0376b33dfccaac9d20182ce9472a37996d39f307b7a8ca732644f3335

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
12a7c115879ed2a7d3d0d5ed04310e44

SHA1
e2697dee9148db7885f21f31e44c0799b689b204

SHA256
f5b84b65fc2a2bedc130c78d9b9262f5812f0c4ec8d280d26da3ef3730a1aa8d

SHA512
0b92056647460792a8cd6b8d3f58b7d32f41d43a1ceb655d01bf521f96ea0e20d157ce085a7b62f85eca412ac6ca6c62ae31608a16c6c00c77f59a9f2e01fc02

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
192B

MD5
06845e56b3d3eeed8c2465d43b4efac1

SHA1
74e0711fd1969bbfbb4a3659f942eaf9ed4dabda

SHA256
d6b3e6a512eb15938cb2d2a217c9c72247f2bf0e0c73bffbfb36752bd91eb1c8

SHA512
3b9e50cf5c3dc5866eb43a7f024b943307ec46be920676b30dda221bddad658817457d4f976b1b8b7f292af22c08682147de65eec7f5a94b17778b3d14dd0584

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
504B

MD5
9da633903ff6ef3bfd2a22a4157d3172

SHA1
850b1b02feee04936d69b159f1ffe7fb8f69e15e

SHA256
37ce7f4bce91f896030ea3465d9d868204a6facc9bd3f62eafea9e63124b1ec6

SHA512
0cd12f758a4187d615a47874887f23b96f053ce04ef5728cef879d2c386c3e30679ec77c2bde81e9caf771e8a855e8c41983ddf9457d8db31cb00fc4c4daa6b0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
32aa1bab0aec6ff431703e842ecad069

SHA1
44e95a9044f9e84644d34cb0d1501dcae93822fd

SHA256
a6eb9b631d40431259aabdfcc4d101f91f716bb184180aec7bc7315b21a5f122

SHA512
8676786902d432976a846c73345d55a4a1cc0db95b3f2c0b6fcc5351e224ecc8dd9d4b1dcddd98cc47fe8971531fffe0ea71c29156c020d2ca4f247099881da9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
cee6b80484b5e19a2387fd69e3d58596

SHA1
995f715f5312123776fff1bb95fff9df3556a4b5

SHA256
533bc638566c8e38df3175b1227af57028ece2ba11e5ce16f6daa0271c90d186

SHA512
9bd86c8c39a40f4e7d2127a022de329fa8c845de08e735a58fbbc994922bb5813e12882e1f6c288984832a2f5265d722f0ecaa16219744669dd278171af5ecb6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
5c1110f91b9edcde7176e6796af40e08

SHA1
f26727ec174ef0a68eb2e0064034aff69f3184f3

SHA256
c14386132651d42543d994540765343cc1fb2ef2f36536c0861949e24bf24f23

SHA512
c28dd7642a2146b419b5915161e6109dfb9f035dd57fdd502ce105ac73cd740e60db3452b354b55a7242a262692c1278169351035af2cab4b9f973c60712f3a9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif.@D0glun@gif

Filesize
4KB

MD5
a742308e6f2be7b4cf844ad103bc1e21

SHA1
14b4ab09017e69d5b8ee918329c6baf6d56c56d3

SHA256
cfda7c22a6f7d8d8874482dd7cf91cf4c8d97ad724dbeb52c54f93fda8a09848

SHA512
8f4ace99911e6917fb1309473ecf287dd4cfa1fbea2ed9ee053fa35135751665ba5581bc7c5286bb7bdd1f9597a7a24bb6d6495dd21714ac807008c37fea3510

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
5d9254b921ad5c4c9d93a82441ceed3d

SHA1
6852fff9dd18e7214cddecf72c8471fa4b348629

SHA256
ed4e95834daf168c16105f91c3e354fabed334d2174ad2050fbafb2178e3b7d0

SHA512
ea851c714b9f945c8c4f9a7eca93b9f5d5df568be03ec3f0469228f1868d5e062f2d7cd58ec6020e8cec727424cb6e3a6bd4c8ad4f280b6c478bb5f8a03810c4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
112B

MD5
b19bcf7141ede6740da336a2f691c741

SHA1
7c3726ed791a317f04a2822e548db66335bd2381

SHA256
495eba57dfb1b8d8049af7e3dd390734796b39318838d11bddb8ac90282b2f16

SHA512
4fa6c239939d2e3298cf78fb52a9ec9f7d565d9210a3ce53340fd3ca31bcc0283b55d8c44c9e9e408e195406228346a9ed6664b568e133f60bf3c968f8a2971f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
8db091c222a28085c77b382e563d92ba

SHA1
7a4bdb61b92bc21dda151ceebc17f65c35672204

SHA256
29a7ffa95442245ba1fd93fa6323e05060c91598d44eca0281cc9b1c66d1e9e2

SHA512
bc4807f35b6d6f6b12b7de463a0399d22682268a01f4477b1b97dc10f43e7b5011368adc05175ab9344cb11c9982f19bc63079192b75485c8c0edd4491b68b67

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
1fbd06b468f0cfb92f55dc6a4806ccef

SHA1
02251d06fcd3d1e9151100712382caddd4f49c1d

SHA256
b4543d107f5dd2393aa65fa3db11ad547a3e8c92c05fb8d331bd6ae5fd722242

SHA512
affe497076adb2ce5cfce1f3be2a273638ff29a7ca066396e343c89a4b2e0a7b7ca1100346424af75bb49989128fcc7e2452c29b263b62b8f06ea61615ef0592

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
67a6465af82c79b7f1499ae9ec623138

SHA1
b32a0d9a3d11a5fd7741f335bae64d5871f8a456

SHA256
eee69d0424384da76011ada0f60bf678cd8086c3c1ac925c7b262f3ad867f392

SHA512
bbabcb439cd25856b9347ebb1020fba0fdfd50c5b33619c24e7c13e074d745d4b9b7d794c816b508f9c2b3ac8c203681156bf7e08e0dfb99d8708aaee8345427

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
029b1295b88459fbb322490cf75c3760

SHA1
286b72949435217a9cec3ee9e9c9767ed62f9c8b

SHA256
89de7839666f2dba632af7c41bda2419d69ce676b2a071e8c8b0966a20e72b8e

SHA512
1a26b5126ed658bee4e5b75eddd44f1e1d9a3f73b08b18eec19c21aa8c35e4443a028eb4b5efc86f94f7123de7d1d19ab3920b2d4ce842fc84efea9a453bda8c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
718ca84f92f2d8dd99c6ba3b094675aa

SHA1
a0549a873ac6fa81672242e44eefd135142fa42f

SHA256
0be0a5e5bd660c8913547f8cb2cbd14e578a8a0763f479654ec3ac1b1e682206

SHA512
a74717a3e6b5e943592c73d367123832ff7fec758c1fbdf387cb644019e32e7d86e98a2a1645884be2410f4f1cae5a27325a8057040e7a8865ceaa5efdbe1be3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
0b574d1f880946b61d82cdd761ab92aa

SHA1
9cb8cdec5bbbe72176ce8645278161749732cdae

SHA256
747b9c3a4473bc117b1777d9c3ce9f419dcb2850b52fb36f0534fe62e157ceb0

SHA512
de8a31025fd9a3dc3288a31d7a0ff4556cfed0642108283c8e9e415ee6e3d1e1c79ce050aeb243301c7f05a05f0bf6c9738d21d49a9493dad953e85fbf9fcc1f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
cf7c927ba96643168d8b75f1d7df6199

SHA1
5c758b7a88a145eaed00bcd5180817c1c7ea3425

SHA256
2cc5b49dbece7ec79673e87a532ea97f78bc9aec57dd920ff09ef359f2abece7

SHA512
a28167b4f4122ea62ea78207b706118de5f76d7b72004ff66f73140f4ea87b66b23331bb8f276dd801b7f131792de32176258186567aabfc410cd8ad90a1c595

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
4b82ffe6fb82c6da93529fb727fdc2fb

SHA1
df1d8e5e81e4e3f39f8b1353dec4ade79b20c3e9

SHA256
6c3a29cb5ab4c41f28f54c51aa46c709bffac0feb183a88db82f5fe7af4c3887

SHA512
b80d173ff750fb959e4b7a1f910964f7a0b52bb393168b67d4df35c8f3c2868e7334ca4f98181b53bf1507dc1691b4a120c24c5070091db9dd18ef10726cb67c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
7KB

MD5
4d1b4d2c1e26093e038e59ff648e91f8

SHA1
e369f40721d80a7917ae917982e33d3f6d124a3b

SHA256
9683e3dd5973a14abc5860318304c0df45ad30484675115456820a2e0cfc4771

SHA512
4ae80e9c62ee5c1676503f99d96afc92dd36b469d1ef3dc98aa824e19e1b8e970d89467a4ede4757e761bebac429d6322e93039c7bcc27b2da51ba8a78d0d93d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
264B

MD5
95dea44b498082b44da7ebf26bfe0384

SHA1
bb8be9876e38e273705ef22ff12a6147cbaf6360

SHA256
5be7ae378b124d7fa52d26aa6e5b09a35a7ec3fb0167dbd5c003581207ff7088

SHA512
94f1432f6f28109ede84bb4f23097b48cad7fbc54b1c564a54f31ea60ba95d1a5fa7ea127801f130ec1bc0501e8a104b21c032ad7c9af16f7c18ae089a4fd220

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
328B

MD5
6a7a686c1c2be8e0067fe6a02c1cb5e2

SHA1
8781acc819457edc9e90e293b467e70e60390945

SHA256
221824b65d17416743bda627ee18a94db78983be2f27999fbbd154f29ac541c9

SHA512
8920cf764e864d2dd3675e361dec140906d45536e2ac66ac10a948999aae47d64388303961f9e034b1f2871aaa3dd966dc8a5512f2c34e09a94b42d549cc9e1d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
376B

MD5
4bdc561875f4200d47b870593bea6139

SHA1
2c4f5f425f02d8ed702ebe4de14ee110f18dae14

SHA256
a3d5468d556699b69d4267bcf9fd9d960ff211ce42a8bf0b527fa562c03b2898

SHA512
23cba35bb822e6ef4f52b62e9941cebafe68229cb8f7ee9ef352361df64e99831b778eb79f5e3640f171581fa29db7dbac161d858bd1730b8993d6ae5fe5833f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
152B

MD5
3238f4b172cd0ec45988ed20836f00a4

SHA1
f3d066fa94594d942e455d7f8cfc47195d5bdd9e

SHA256
2d1e65160493035ff90a389cd608221c7dc16e37feda03bb1aaf34e54e83b71e

SHA512
91709e8ae4af8d86e1f7249386762166a220ec40aaedb37248f2691d874ffd88875bd14b874a3a482e0aa39de746e73ad51371b2fe0c10ee3ca4e898d01e2097

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
448B

MD5
6bff40c08a7c896a5e6d4ee9a956075d

SHA1
c121809840d3bc53bfb85e43b2f468ebaef54745

SHA256
8a119e279fdeaa29a7f54565c580634244273fe301ef427f8d5f26061323fef8

SHA512
9f92312450232ad5b5be5e135d04d448c0cf14c0fef9ee272e7b2436c776a2e8613feefdbe813f1286b3630b02edbdc3d06dc3559d669991165b7d5217659306

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
472B

MD5
5e9db1d4ad40955bc8dcac50464010c7

SHA1
f7866b87bcdeb7ab31cad0dd09dd809ad0da0468

SHA256
9ee4e8aa9978dab1f4327fc9a3bafacb2eee1d80797fa713b4b3717e9ee203d1

SHA512
31d0b77d2d3d859fde657d47edd1d83213d0c8f4b3cec49b696c7cb8d13365fed90296344cd0342faa5ce9e61a93197c48aea08201f2eb986ae35077e847c23d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
272B

MD5
70a510a810f8a8b468286ff1042592cf

SHA1
20eb45188652b69f754af3870665174da2ace92f

SHA256
dfd2464fb1fbf4f7eba44fbd537882baeea391bccf1b2495a9353c413cfa04ab

SHA512
d6e827aadc352c2902d663ae5c309c39543b7f64ca7a3a47274148282dd568576348b7769ebc38fcf425113efebf34992ce2a7cdbc5ae604a203bd92494b03db

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
fcedaf6c32c3cefd7ea410d50646ad97

SHA1
3c1b76a769a0a5b6a78d5e6a78f5b930a6456e6c

SHA256
10b7dc684da13122e6249ecf60e72558c382777add625c7aba3d6a720454405c

SHA512
a547e4ea0c8a1a719de1797c026cdfaac4a9baa46c57751dde482d5f321cfa6f6c82ba34fe91344dffd7906339d618ad70ca34b7931fa92c5f4e3529dff2583d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

Filesize
3KB

MD5
47e93a7fb751f0c91097dc3d18ac2956

SHA1
96282b8d3eb7dd45f9268dc207ed886b8f66395f

SHA256
3a1298b3c530433e155e78bfb7f31c9337ef0c80f037cdebe2c573db3893c3a7

SHA512
3607bf6c99bb6b8a2b113738ee2a3b0ec7bd5abe6c23520a1d4f19036d3c1f869684bb6f4d9c4db5814147d83372dc8ddd5e554811b20f2736bd592b773e1849

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

Filesize
472B

MD5
4fa9e38364ae8eff72083096836f9521

SHA1
53e2d6e03f59535ed2bc7843d7e25e0ce5bf2e08

SHA256
ac315a02641e7b6cc0efb0f8981a1b1a9bc8e2c3cfca09551469f1182eb23658

SHA512
054a7d4c8393f8fcf4e2941ffd42f45083ea0da375ccba4cdbfb61ce8413444cd36475c92a4b87e5c74abae6acae6d0f96fd3f65198c814305f3b839708c9773

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

Filesize
272B

MD5
3818f6c95a96a227fba95015629c6ef7

SHA1
e3221bc22cddf49e79d63cf44ddeae2dbe2833d8

SHA256
8cad7b67a76f46167e07d1189a3c824fe3f7a6bc02124dbd52e2b893388e1fa6

SHA512
65be112b8cc48ccd87ba81f3785412bd01414a608d43be57379e0efc5d758e340845f3a1d893709f82453714c0dda92e3d924073f6ab0ce6aea5a23c39657c89

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
240B

MD5
ec920ca4a255b067654ab667de0e020d

SHA1
aca904366a870da278a45233a246d0de72d8ef6b

SHA256
9f1c59a130e58f00b848b5b5641b7fc25e25cb3c1d63f3039ebab0b4bc960354

SHA512
1c3b2342adb97a095655217120b7bfc7d3f59008546858c9323f0bc8f50b918bc069e0a8eebeb3474e0dc9639e5f9cce01d7499417fb025c72c5e1a44372de6a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
368B

MD5
7b3467211194721cd4622332b75e7ea0

SHA1
17f410ded4cdc7d7682ca5d7f94c9fa954c4f27a

SHA256
8927eb0930ee5d20a863e4fa77f6749b2c50a9fd2e1db746f6db719225abb0e1

SHA512
2311c3208bf0dccfacada37c5aadb8e59b300e2c8b0e3f9e717a2022882fef089eef686116f5f1218415b4fc202a20a62a30dc720f20d5537c3fd7a7acf3f7db

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
368B

MD5
6d8960fa1214e4e768fbedc9ed9591f3

SHA1
8132967985488b2fd0ccd95cd6c2fed15c50a52a

SHA256
e18ae2170c67d4178a47821f57b66eb0dc065ec6a2ac0f3d5e0eeefcb14f68b3

SHA512
ff099bc7321011441dca7952a25094b96a360da273945e03a9cab751bd8f07a8e94f4e0ed1d48b3e00e91dc828df009dbfce1779e5b1afe95a9533a77af7b08e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
9a08b069cc8edb592b8fc77ec7aaaab0

SHA1
771b85279b7c57c8aee430dea38f921a48f40ed7

SHA256
833cdaa7b78428a07313e3898ad4cadba07d1ba94bf27447d16613dafd137758

SHA512
3c9711a2101c3e545b6d1476ecc012fbd08261b9cc26b912bc39113553c3a65bb47d78632e4aeef35f48122b82a119fce798e04a9e22a7e73d3e71952b6a2036

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
432B

MD5
57543e071ca652bcfd661b8c2d312a51

SHA1
4b5782cfd9b6a3e94ae0cb09cdc532eddcbd8df9

SHA256
e02a2d9b08f0d46c0958fdbf8b26e7d1abc722624cbc8e2cc18e6cb5c9134cd3

SHA512
aa8509529a0a0d6f47d50f4d5e6fda910c544e4c48d4059185f418c0002529fa9b8c80f292f44b768bf6e330d7ab7533582b0da536d90e6a80a603a91e93b9e1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

Filesize
26KB

MD5
7f54448e635292766bb31ab1c5f235cc

SHA1
62acd1da14d4b97c5d74a0e5fb20112d6788be40

SHA256
559bcef89a1c0ec186942e47bea03f79b45346d8b62ee1e92745bf98a8057c1f

SHA512
64d88dee1797d013b7b4d9bb5f58857aad2f1b87e50571eeb089d18184467612ce8aa2da156be473c6e50bc4f9a01b99be4dcd307739bcf0162dcde4df551e54

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif.@D0glun@gif

Filesize
824B

MD5
d6e81437f4bd2a0812d39ced24b1be98

SHA1
fb2f1b3d6102eddab3516ffa0f5b1a2fd986ba19

SHA256
3f35741e55fa5593076234c338363472d4670231c0f01de56406d6d32b003bb3

SHA512
6c60d7621071c271adb72f09b9224be84e68afd713547c88f917f7c837eedbd6ad4772edbbd7748eb56b35af27341278a451e465818fb92e149d21806ac9d90f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
880B

MD5
4403683de87d248d56dbc429c5460723

SHA1
49a3ae7df9b6fb1b7c6e0db2020b4e47a54d4151

SHA256
cfd3d40603feb5acc9f3e9610888525e718839a414df9c3aa4f41fe63d749811

SHA512
3e3a81c23039c6f79608d934b75271a547867665c48f0eb940945f4ee8be6ad03172ef440658acd8c2a2ad10e6a05bdb6c2bd7475dc72f4f8c745bc4e4cf286e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
4132d2ab413535f6eb89b921c9230408

SHA1
7a23491059481c98e67e31be92b606beedc66aba

SHA256
5842f03943d58407e52a133c3890049c82d2c5af2ef731b4ec5a8602946ae716

SHA512
e59374ba1fc0ff321c1d963aee82829fde84761bac070318bf65a244f402b147ada014c055db439df770d30382cee73d7bc85700578af92f5435bc7288ac43ca

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
042685152b1c5fb6dff33eb18719687c

SHA1
20109411421d6ba598327cb45099f92090d5d720

SHA256
fd2822ae43fd4129d0509f2e65f1ed9280d9a64938cf103c38ae1030f0c0cf9d

SHA512
6f0908fbcb9db86d3f37882e4c89c79c4d5dddf7766c004027ec1ab3caf9433a50f65ecaa8ce76c4052185b2af7657db1decafc90a8d47b9ad09e3e4c1f30266

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
d45fb7a1f3c51532b5c11e8013278194

SHA1
b8b0c80848d6abd5d884f74292bffe5ba9a3da10

SHA256
9b49b6c087c1904dfe86adf1a2a7f90501fd8227cda5fe0029d0806c84ef98bb

SHA512
877b32c59342fcbaaf2f68b8bc6542341d180af1330908d026a70a2dade3ff621b677db83dc99946cb7c4373dc6b4e11870e3d6fed9129a5735ccd8dcb30ced8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
896B

MD5
e6cf6d3c7721aff3ef626c800a9bef1e

SHA1
e6014ca61dae678a5688c38aea376f2875092df3

SHA256
9cba3212595cd82747accd5d57447e98e5a67bbea93e313d8eb62333183b5945

SHA512
524f43964ed893686acf3115e947d345aa21faedcb75df836b7ad4d76ae5413e203a1c7650f1cdf43f8968821fd67fec5e7258828351f6988dce8e62692f9196

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
856B

MD5
1daeabfef4cce43419391ee38a1c3c53

SHA1
486c5203149c3560b9c39a8e8664e3d5bb3104e9

SHA256
d4106f2acb4c8bd6b7fb515605dc2a3696ca8dc085bba3d80efa109c73c2e9c8

SHA512
d28e4921fe5dcb137e54b101c988e401e052a2532f1b96e8f75f6ab33902dffcee314618f21d3fabd32e1f340104997d46b870fd9e081dd6257ec5a5668debb9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
864B

MD5
15f498a674876edd6a6b82de0ba69fc1

SHA1
bad8de50d6ff203a362c293092777905852898e5

SHA256
cebc7b9b770d768d88e3d824467ef1ad64b9371431c95425958cf1d6f6d89972

SHA512
af2a2f79328fa2d141ff090a1073594aa1b297a1ba51cb879b816d1f96ac01c5a673cb934df17e5247acf3adbc36aff460dc834d33bad2e9f00de00107dd418e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
584B

MD5
f5fb1bfe9f47beb9b006bcadcf6056ec

SHA1
30f0c59d7721d2ea53ab3809bc316d1f29822a41

SHA256
41da7601b518d176b59a7c07e656a8f1feb10a4a32c254f07e80cb89c950792b

SHA512
ccb82728370624f0e976782c9f93dda49dc64deb414b63492f2f677a93e02d7ab07ea8962dddf58c8f0e228337a672fa789bf1bb5c9d0692d3c6d954dd6eabb1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
904B

MD5
59bb98105fb693d11f986eb412ec36e5

SHA1
f660c5c4c829a6daf01431aec4b2bed4ad229e5b

SHA256
e28fb50d67e8e1add0abddb24a5b622798c86a2f359b3700bffc9819ab23ef53

SHA512
c29ca8c7a83061be37a1813c31875a76071c7d10b9d02a537b19e3abb26f3193f468d69145d8a8e4de30f58491822585959080aa8189418cc1e864f5e1bd6776

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
632B

MD5
14c5adbe2a09ddccc1b9455269c64258

SHA1
689cdad8f544ba8411cd2f6cf819074878c871ef

SHA256
7958a2189847f52f1c470b9ec1b2bc2261f3e56a88c870a7ac445e0330a307ad

SHA512
1c50166029629f18d96958ef58f35e8d06e751bf9d8e0afc011400e833b283b391f3fe1fb3e7d8d2ec61ada4bb1ae546c685a689692f915477a2f1a6d88d9a64

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
880B

MD5
382cef27b993cb1ec60994e553bfb2c2

SHA1
2d7477676c70ed2d6bcc987c184df5156fadd734

SHA256
047052489c62458315057e624e719207be0b0a6a1c8ee79a7b3dc21b88af9fa4

SHA512
3d266e9d63b40ed60ee637510dd0688f41a9fd0fa18fe6ffb36a87f025d8f8548cfbd7556360ddf609789f242b096090b95a0d85bc95c1b65d0d5e2843b7c916

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
27d1b67c253d80d305914153ff6d7e8d

SHA1
555a23c05d1c6bb149228824bac80e1d9c42b1b1

SHA256
17b3d21c5cea6a2c7c7a1090edf248432b34fe2014203c2b69bc397eef93ff0f

SHA512
581df326cfe7ca582fc10fb98fabf4747be72aff94f582efa3473fb9c308a522d08ade7b52cc4f7cfbebe9ce3ac0937112b51fcfa60f38a0b6e9e2cca4933327

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
d545dc7d4f3cb4b4998e26b1684b5bb9

SHA1
19e02821a93b2292d6aae7760ce90d35ec0b989b

SHA256
daaa63175f2a1a15ab7851f59fe532eefe351844483c3d61e4cb5328b0a7664a

SHA512
cf1fd878f96ad81bb14cfacd5e386659a3e7a73fc840318a761348367909a15619e1228668a085203c507958ff7f2711c62003e86408a8ada11adc4b0c3ef38e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
624B

MD5
35c24dbabe86d41216c4c4d9ab8a54b7

SHA1
6fdd10e0406391436212c74a6017e5773a8e5c38

SHA256
3e54065ef82e37b743db9b87e2e96e383b0e1174f85546412dda6219a705fe51

SHA512
69bb8ec54f70f96ccaea01ed6da3670b7ddab7e10c9828cddf80e7d7af1a76de8dc285be35306a019915ece669f032165a37ca71afa55079c7585740ef551c23

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
856B

MD5
b1eb36ad32e237408e9ab0d92f2afc90

SHA1
678e766857ca02c4abcbb49074907e3c095295c4

SHA256
2d1db588d647b30542517297155ac0a2517b90f9073efad244797e92ac5099ab

SHA512
ac39457a8c6a17e94a51bc9019d1611cbc456fb861d6cb91aefd2af040ac3c8f0a530ac0d6453c4a105903bd1feae9b13e4b045caf5dbb903fb80f06d214cf78

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
856B

MD5
0eac6eabeea1d9d75be4e9a213ffcef5

SHA1
f300ef4e16254970283c85f302db06c8329b50ee

SHA256
1e70811b85e36d917579393f1c82d7a5ede08f68dce3ee9a1cf3cec18baa6757

SHA512
2ae806da273b273bddbfa07363e1d5b2f9afbc28cfbdc286728c200af1ebe421adfd26f9d08efe123915d65a8ff478ad50a19f41f212eab9bf5917a4b1002590

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
880B

MD5
c16194b2831846fafb1dc3bd3cb2a438

SHA1
69b33effef882e179ab7209d161b901be93f262b

SHA256
cd49998e46224ae5f86763736da5ff05f5a96d913c281a0185337248ea2742c6

SHA512
7f78b9b08afe96b13227eaed7092e10444acf6b4055fecf35df12f18354b809c1b843d11dbf296575c96d74ebafe99ab9a51378ca97a4b239961020c3c397624

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
856B

MD5
0378a2c6015e3d127c7e80095c437368

SHA1
0722b7048db6577d780ad56909be19896c055a7a

SHA256
da2f4faf505c57e5e1218926d73cc0e5d18bdf0646f2aae067dfbbe44f6d6eb8

SHA512
eb247b27e3659c7ee9a825ffb8aec7e29b30621b6a70dd9d80b32325aa678cc6b33c2f2ad499c5a9ab37ffb693d77c1516d3031f5f1f19475e5a34700e1704c3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
872B

MD5
2737aa6e9c7be8062ce18caf64b95729

SHA1
9dbab2b9e24b9987ad15094454844d5b73d89e3c

SHA256
e83fcd4f8c2bda1b1137b311e1d6f62946e84be3e848e68610318b0e03c88587

SHA512
07bffb23b0e3554df2d32c0cb942dd87c7fcc301703fcd083f64976d349f558a26da68af45c3f9bf39722d35efa7e55743c9c1aa63a3bb7e08bea9e8b4f09487

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
872B

MD5
df8afca8b1b7456ebd2150a36f2145a4

SHA1
8cf8169d0cbb1b3e0ed165fe4c155c8cb7ebdb4f

SHA256
ebc2e262c015b05e8fbf941b7c194416d26d1d7e8a6c75e15e58e0ffea4c48d9

SHA512
42dfe74b877c4281711567d377b32e05db5252f637ad5e5ef704de88fd85fb5e994978b7c421fc043887a11a3a6d4b5ea052aa61f3f17647ad3113c40ff32684

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
856B

MD5
8141c06686e6e84e0a95920e823d908c

SHA1
9c67176dc71345dff990cb8dabab086c52ea29f2

SHA256
09e6687b739fe82345f92211ec4273248177fe626722fab610c15b261d54be06

SHA512
a9a24af1bf003fd74eddaa43a063bdc72c2050ad704cad5f80d0d2c0abcab5b1ba113b72ea41734fc4d0c89c9fd6d57827303181f083fd650f95917450577be2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
888B

MD5
1ba085ae35a87353f2661e2c8a1f5479

SHA1
4fa245ab6b9ac684b6e18712132fea372fd642da

SHA256
2785249c88f6483d56bc53aa7d74067fb4ec802b9db2e875fd8c0196a6e17ad4

SHA512
69bb7ddb164c978929d3f884eea7d09b0be3cec2248f1e8972761c5253cc1e079ab7133024dacf1212ed4aa9548caa6592f3e7d180d367b9a73d6015b4aa2d2c

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.@D0glun@css

Filesize
19KB

MD5
74c6098c1ed97d023f2a5aa4d2258f16

SHA1
8b48301e20467aaf8c7655c397b5056247d2aa73

SHA256
78d729f5e9a3710e6ca3300589102d69e7b061bb744202db124fa3c05221840f

SHA512
6c7f6dd115ec15f119db233bbe2e133589a4d60643bc330fdba7c7c3722e8cc2fe99a6584f23935b60e093ef44e5ed5ba128f29ec87b7255b377002b9da5c7fe

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.@D0glun@png

Filesize
5KB

MD5
022b3e2d9ccbd757c5ba9d7c51df01b4

SHA1
f0afdce8c3c4a5aa0f17d374c1dc0482e59d9470

SHA256
9b580f755411538ad66b74709338ee10085b0772db6bdc3e3ce5b12dc02f4dd9

SHA512
f236ca31ec7d87ef68e208acd7236b1dfab0de0a387bafafa5896e0f9560053b5cef0dcba06e65b76575998cd8d70d2cc61b52fe2d18d87faca5efc837d9bc70

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png.@D0glun@png

Filesize
5KB

MD5
c03df40e91a85199245e06ba1a21140b

SHA1
2fd54bb8097864ca7a775a86eb47845bba8c355b

SHA256
2bcde7b0c5175a46fa7d15f7fccb1fbbd234241215c088b8c8185012b9363409

SHA512
0eabbf63b9a1662408c872f0adfe933d3966165fe8ca99100af747b1a85d5058a585f84e4c6e0e89a3cc13d86cb3d75cfbb49e040f58dd6c0599d8c82b08afa1

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.@D0glun@png

Filesize
4KB

MD5
224ac8ecd268412f1cf5deace6fbfe2e

SHA1
177b5ba52f30a96568ffa7d776618d7db2e30c0b

SHA256
66614ae5b00ba396c446b993cc7fccc30e4902ce88bb9158737281eb62e3aad0

SHA512
1eb493ce70604d911e1d013ecb688869c9e3df69aaa156ed8064db941b192828a6da7a607d149733d666432093cad2f6f7dc5f610f1669607cb282577727bedd

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png.@D0glun@png

Filesize
4KB

MD5
219767037c27baac8fd046a5083edc81

SHA1
cfd93d22c561763b30a4e33ac5dd3d1b8c53b633

SHA256
1166b22ef77c7940b170a5dc98d77099311068b49379dc66822c6d840e89b5b8

SHA512
43209e5bdae6f9c9f0a0564e02ef88c20f218159e08e597eb228b8f9e3777c7f6832c3d2c644fa63309dafa53c508e923b3356907441c0fc8891a5ef95f4fd3d

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png.@D0glun@png

Filesize
5KB

MD5
4f3b0265b063713f99db72ea4e016cbf

SHA1
360fad543dbd74e83935e7e29e522f5b553bd217

SHA256
be6774aa4dbe28c2df435f0cf70dd273fd2a600a45cff294bb51666caf889f2e

SHA512
dadac2b512c201e60fb0284a25562a17611bec2565a0ae2a2232c51e75670f8aa2c5822893221cf679e8edc8d4c104cd2b3774ba4f29aa84fd8279f79d3e2556

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png.@D0glun@png

Filesize
5KB

MD5
6902e3259e8eac1e9b3cfd8e1ae5100d

SHA1
dbc2df8f6e98414caccec06d8b57b647dfb194a8

SHA256
86968256c8b714d69861984d9dcdd896c47b80e00d2607bedf3ca425f895f7ab

SHA512
c8dd237c723e33662c9c7636a978c839f2944ad4185d8ec20f1ff99877a37191fea2a7b90edfedb2d5cf8efd9f1fdd68a8f49b0ef383e28001209e72e4311f14

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.@D0glun@png

Filesize
4KB

MD5
9151dd278d7c926c8538ede45cfeb662

SHA1
0821a407e5c937db4cc31851bcb4230315401018

SHA256
bbe6b80a3899a7ce5d13b816482041d8a2e7b477fb452f73624ed4ca143be31a

SHA512
c1a7df23617835b6ac48e44978b517c4c5cbfbd69ae8c8dd2e68c1e178ea899cf99cfe3fd0c4fc9a9a09800e5588c66c3a060d3fb9aed3af198bb02d2a8ac773

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.@D0glun@png

Filesize
3KB

MD5
61f2c382f1c076127d9849dd19e128c3

SHA1
900da432b2e45121e5fee58c0bb1438853bb9900

SHA256
0933e0004f4273d848d4c35e5ce7fbcebb3d7ef7d2908218064a796a6db69586

SHA512
8b38f039060227a3bf8347f6a35756789dfb9ee81107a6c23aee995b5a8b68290b90b3b1b406e12785eac173ccc2affeaf1819346dc3df9e9325b18ecc77be26

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.@D0glun@png

Filesize
4KB

MD5
7c200550bb9843efe9668b110ef4d155

SHA1
e178661349bfdc0829d2410c168eef789c8336d2

SHA256
ac1d1d23fb1b046eaef9355ec919b73e7f86364969e22d116d0b506274f6b1c7

SHA512
71211da1e95d1a9da2b40b37f0bcd958ca80423931f180ba53debe9fd90c555d05a5ceb183c0f4207ec2b4da92a5b56cddc0654b2b602bc31a2c4aa050fb7165

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.@D0glun@png

Filesize
3KB

MD5
938bba065f41c3e698852e391e03da90

SHA1
7af2db26bdd32e94d6e19b53657a96b09830efa5

SHA256
642c52da41128813a351b261a01bc5078660e94362253496079aad000c5e327e

SHA512
5604a148551ee32329f52ef44ce6765c8c8b4051a9327de327a0e529509eca1659a210c6b6c25d8150279a78a33c11c46330f66e787a9ecba9f01d690c612c9a

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.@D0glun@png

Filesize
4KB

MD5
867975e0481ff57b034ed2763a04362e

SHA1
2d9242fdd11181165bf24a79462e7c664d057992

SHA256
b8f6bf3e04aa70f367bae83153547449e97a23a98dd7ef1d46a3febf0036218f

SHA512
76e057361d6ab420939d0717b0e0423878af78101d0e3eda9f85c1e1773b02023b65d8789d939413d3591b94255c47fcae9c6530ff30531369e582204bf8ea74

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.@D0glun@png

Filesize
3KB

MD5
90fa9d288dbf8ef379677b35fa201818

SHA1
7ce0979f29c1179b5787b75f6d5cc20da3de0324

SHA256
c9a68b79326848c92ee3619457ffebd832123e90b19db857a78e3da9d364bce4

SHA512
2928bc255b0149fd6acc4dd3a943f482c013837db6949c486d15de1c09fca80ddf094ca00823d02e6d2f9802cc61d995c19198e6a1da9a53d5ef1b944b3e04a7

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.@D0glun@png

Filesize
4KB

MD5
fbdb5d3bf5606f2d20ec11dfc0523542

SHA1
7d46fb2ba2a91ea6facb923f8817f1d9ce234002

SHA256
b39f7c1b861a0aea80ca0626e0922b030123828ef4930da43d424b578459c784

SHA512
4be6540678fbcfda29184e6034196f5253459e56a23d49e35e07a6ece05be2f895b8407f7d4859531ded67e6a9ff31a671ed43c0026baec024b792229c851b6a

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.@D0glun@png

Filesize
2KB

MD5
cae411ba9a58ef39dd4971e388ef8342

SHA1
43a25f9bab3425e095912969f2417c7afc26fc4e

SHA256
b198543a2586875fe895d3e8a7fe5e0844256635b2477ac489cb29f2efe1850d

SHA512
18d75f17203459fc4a781b847214af337a0d4fa4fd72210d01450c3742137652780999099dcf780ae37dca2dc5b1aeea374f37fd4444a56fc8705a4509129aaa

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.@D0glun@png

Filesize
2KB

MD5
520f5e5bcc10be24eb58d69615fc88dd

SHA1
d58de6bf9f230069ecc8c24dc42b8606046d4de4

SHA256
64a8d35c9f4ef78cf39bed5b9b074e7a882b1cad1f2807c26b95b45df5f93540

SHA512
35ba3653051bf41d5860134a53b0465c67c236c31ebf6a5692b5c476692a175ba9c1d4912167c53e17819f26336da285af9556d13d1956e2250c53011dd17ed2

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
160B

MD5
b0813c68b2be5de19b98438aa489340a

SHA1
0d6cb075c9ee33f545a4381c7b9c081d9a730f4d

SHA256
fa64973b1de6f58bb103bbc8c1fd4be901035866adf55fcd51e562a3fcc717f6

SHA512
63fd3f8df78ea5006a193acf4a12ef7abe6249875cad754d6c895cb5a1cd58672cd9c4b00ae2e7eeb52e28ae960b0b5ade6a50d32066d86804ec8e91745dca45

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
fe8bfacdb139e9ee652cb3f977c3fc18

SHA1
912e56aaefe1d504edcaccafcc1c3bf2a97721ae

SHA256
be2827d987b271eb05fef60145a6ad8da483b2a2f2ca665931663890b327b8d4

SHA512
91f0f429cc2e7aac0ee17b7b574195ff1e31d55516b7a60c6fd6d1b7361d5ebbc794d36bc38ab73b857e833d97fa2ac3c49da54de60b02a4e7c9d75d3a6825f6

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
1a61fe4c50a3996b75918ba084849095

SHA1
e9b79f8aab01df2fdd805535fb141f87353cf99f

SHA256
3555fed642d8fa15aa21ac56458e29e9f9f44eca3945aeadb942b08a5bf5f385

SHA512
53db633e47b0ea1e9eed56099da17ca52b1f0c08f095e58162984119e1104527db1762a27fdb55e20672aa49612456873f3ac2d600bbd745edebc15acc02ca72

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
072a201a05cbe0bf2817ae5f10b37539

SHA1
f6ca179fe93064d47714d49adf36454070f62443

SHA256
1508076f795c970d9941b8e26686e8462ac14afc21a11d7734b980ba98b75963

SHA512
e4c05fa63b76bf925c8142280ccb79ba4a7770bd71b6920edfd92364e718912aaddc05e2b3417bd239b473061233170e01695620cd15dfb1d179c636c43d09e5

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
c85cdafde57ff662ae330b809a94b044

SHA1
357b7e2bb2dc8f64d9acbe87ddf1e838b98ff6fd

SHA256
20bb97668be45bb9bf793a28465b21053c6fe5abe540fef785e0bb2db2c9996f

SHA512
6bd395a7bda563dac6a0cdff61a9d7a26fac830a505ddac664a4c660878434a84bedf316eaf86493f421023390a40bd3ac836a299630ae7312962801e91506d6

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
7e5785aa6d6665e4ffcf549e6e789720

SHA1
1de8215a64428e37a3bb0eb05457c53c5995af27

SHA256
1aaa43334859e7c0603c0b47529b7489473d8ae1ab19d6f5c86ce675178d09d9

SHA512
3a3ca32621b5fd7492ae3304f415d98825516d5d817f6455bdecb0d2535a95cef78c162eb8dee3e81f619a8049230ec5813c1fc93e87e81ee41b1f02d08ff154

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.@D0glun@css

Filesize
1KB

MD5
803a207b47faf90c505ae1652a581ffd

SHA1
bd5de7b5c8e9049c9250cb8859b39ab9cd25637f

SHA256
2efa8dfa785170498f0bd14dcc7415d31dc500086eca5393f69675149446039a

SHA512
6d12ed6eefae4802f5800def9321a6e85ef0d0bddbc4a1381b30ecb6089a5f6aaa6c9eea692d76656b087e09efcc032f35261dece316e4a16b1a6bb3f8da5807

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html.@D0glun@html

Filesize
4KB

MD5
560d2680fb752f2000f443243f5fae48

SHA1
072a529d32a06a733e29a8ef5461a3e5551bf127

SHA256
6ae2bae757eccb3c225e10eecc2ab1f5f3e3006edfcc652b71a2ef730592fa94

SHA512
48137cfa6f7a6c2821c7900fb04e50ad641134a87c388c195fa1fa39dafc748e3a73f0987dfdc0a564340c779080dd4e5eeb5f3d3cd2ef6f27a1cce4749c3115

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.@D0glun@css

Filesize
4KB

MD5
be7753ea9c0f2036f8d9cb803a0b6120

SHA1
f3c79f2e9136e24f3a86bb226298092e28cfdcc7

SHA256
e518d99125ee2af3f0528e8c8aa97de0e57e0f8aa9c725db19a85cbbecfd8b34

SHA512
bd44325c74aa23939f93049c6b20d7dd0214407be84ca08de2900a5cf80325c5a34f2c5d0573671c382a2a86023c8da6e2b836c3e826183179dddc3aef41620c

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\clock.css.@D0glun@css

Filesize
674B

MD5
c3adf6a62f420d0926b817bc570bcac7

SHA1
5f2fdbe6e421079dadc1f3f15f61af894875fea9

SHA256
dca69ac4afb6fe543b7adbb2645bf3df57464383236fde6d82703106869a03f9

SHA512
f34ed769bfd01eb2fbfc05386f7ef587b3d208b68943f5c2fc10ef4a705e64aff99954450013b3e2e05699f51f8335749b820742f43d5153aa586817be51317f

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\settings.css.@D0glun@css

Filesize
1KB

MD5
268edb3270b37d34dd8c51a14ef2d665

SHA1
886fc50e8f6fbbaa4fa00b39eeab79f99a9d4bbb

SHA256
369d24f49576471ead617d5a8f35c5ea5d059e0da840a28100a1a3fbc026af01

SHA512
e704d38d528b71f57d9c8f782f9fee0ac927c32e935d4d1ec4a821aaee7161c23db3ee7a858831d328acd4846cfaac6f3ef945c68721f595c12226180c29ab17

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html.@D0glun@html

Filesize
5KB

MD5
d4abafd3351277c4c6cca470c688725b

SHA1
9cedd1aa2aec70a75a0a50af5a3e762ad23a37de

SHA256
5a0a25ffefd3f647467811a1f60a7573ece6211fa82fd8d4be19b20c5dc3fabc

SHA512
98a4a4c98f5f76acd4160cff3de104db99b1aa738d985526c866f1a554e25752c7f125a8bf0ef9c2cb178c919265a2088c73bf3c4b972c41f8e4858c0132abdd

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\picturePuzzle.css.@D0glun@css

Filesize
4KB

MD5
3685e6048c0c3e291328a942f63b471c

SHA1
960932c8479f7c460c728bfa64a1525c703754f4

SHA256
1b6bc2a2b8c2d4a41df28ff65d34d80542c5d531cb6f9933f5f833f0eba43a27

SHA512
c5e1b181c9de1437a1c7678cb8effce6a8d4e3372d438cc312ef4f2efbc7864499d513def72f1e7711a2e5ca70f0a58d7d5a09f7aee5012b6d4aa20abe209f94

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.@D0glun@css

Filesize
5KB

MD5
951cf41e8d54d9346e0a03a723e549c1

SHA1
0f368f110bc160ae85a77ac687454b951d6d7090

SHA256
6c722a469a4afa79506b654f37cb7bf392290868b3f8a1e9b0afda003ec1ea64

SHA512
f890322609ab186086d4f433a808c77a9a46313fef28dcd77a9189039e12d0de41fcc2315a65cf00f2e8a437a0a63a038fbb53f04f5ca9b922832f23c48e5eb6

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RSSFeeds.css.@D0glun@css

Filesize
2KB

MD5
fa877766d79d2feaae9c46f1cd6505b2

SHA1
25fc2079abe4a05666398092e7bdbd642428c44c

SHA256
35c48772d44ee208b4ab05d90465f58c4d5f8a9c0fc88a62ff69f07b2d0dee06

SHA512
4421309df73c12898488c0ffdf0c2548c11868901afd61ca95e55c0bb4c2b35d72093850a04183d5644cfc6bfafa2227fbcf83235290da6b5128e44a85aaf99c

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.@D0glun@css

Filesize
2KB

MD5
608c9d26a0d386740680c2c528e4502d

SHA1
26dc38aa68ffaac44c4c857fe4945711586a413e

SHA256
1b56a2be7fe8ab87c1b3afbd25004f2d2c78dda085e139eb9569f5c69caf3e3b

SHA512
6d44d09ea92de4e3fff9a013d8108a6d8c8022671f6f46614e70dccce6fc60a505a769e0c53a7389409c31e4809fa3a024f1c59029049e08234e6f743cb5a669

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.@D0glun@css

Filesize
1KB

MD5
ad04cf0eae2cec98e3ed5ac72661b6ca

SHA1
0e5592d01682c718fd8d7ce8015655173d3c68b1

SHA256
6024c313590c3b875226a4dffc5f25864b5653d73feb274f24448fa6a04eaf20

SHA512
63cb5a8663f750ce185445d2e5dc8307589a256f186b02a61342098a4c27e1d3f703cb2f02d612d29f368da31415892859d2bcc276b5d9e79ad13a1bb7602581

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png.@D0glun@png

Filesize
6KB

MD5
9886d00b6b692408ad951b1227bf8c90

SHA1
0a7e526348eca45eeffc5375acfe711cbbca2846

SHA256
04ce251b18a31e2425d5358c4bce3f075c9e507699fe509d9f17e9b8ec6d5ea9

SHA512
9e794b79f1801641804ca3aa56eeb2e10a67585f50430a256ee61fcb87983dbc49bfc468113fb1a402dd0fab39795bf3b7007648a557fd97c5fa7ce1bd5b8565

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css.@D0glun@css

Filesize
1KB

MD5
fa8af3188c7c890d86fdcb10d4fbf62c

SHA1
0ba8343b35f0896040db086f04bc07cf408c1e28

SHA256
f14a541a9130f3bd0d6d4c4d351a87ed5298596afece3e3ec2390bbae063e65f

SHA512
3a933eb3ad69e3a18bb0b04bc1759067318cd8f8d09b4ad765e65a3d72eb03ed9069483279380f73b105cf4181f87a2b0eace70b1519ddea21954f69f6c98f64

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.css.@D0glun@css

Filesize
4KB

MD5
f4ab06a44f9c0767574204ddd6cd54bf

SHA1
727d94b66abc9e7d5f2d5605b398f9d04bd6bc57

SHA256
0af3484552719a12be64d09519d7758b76402769a7bffe2c1b6b22b9ff733139

SHA512
7f80cf7b95d23e1267d198854896e0f3ebe88c1eddd62db0c90baf98f6ee3b7c8723172ffd3f0a6a6612c27108ae00862b1c480734d89dac7d0dc3dc44e227e8

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.@D0glun@png

Filesize
5KB

MD5
b0c889d581786f475a00888fe647bea8

SHA1
0648634f2fce77c380c4ec95e332a756c64d651f

SHA256
d4d74fa3f867e41db1e825ee61055a91940cfbfd3e731ab00121317d2dca6c6d

SHA512
2eacf5d7965dd6b6d4a6b33bd08d604ead8b5642ffd303403bcd109414d4285f311886175fb21f3bc874ce6ba5e849a68a74518bb697ec0d9f2e60f556fa6a92

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.@D0glun@png

Filesize
5KB

MD5
afc51346f430ce5f861a445ba7602f78

SHA1
d4d33e258f45a217d6792969523f906aad8a4063

SHA256
e5594e0d76c16811ae316ca81684e7e4dd9abfe553396046457b55f11f49f1a3

SHA512
3872a073e193aa1cbb58870f622fc17af6c1477f7cd91462306cdf217701ef45ec8f66aa23b7035ecef984effd39dc7d7b2ad5bff931235e3cccbbb237337ff5

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.@D0glun@png

Filesize
3KB

MD5
eb8aba3e277f65e219fd74db777b9e53

SHA1
30158256879164ab4b6d80c11c4101a2a4e5d421

SHA256
917b1fb74f73aaa5f9fa0e5905508a2c91cd4e7e825cbf9a3452ab1f0356f9a9

SHA512
7aa856929f47b55241acc7f87d0b9d3c47bca41632669e6b06601f98e3a86ad52506a99b7c72bd499f4c7151f293c5eaa2c7a9cf28532226548bf857f83ef575

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.@D0glun@css

Filesize
974B

MD5
455e12b1a2bbfa973487f35e2c4d476f

SHA1
717c46c371efc1e70f19d32fce4347ff463a4242

SHA256
d3d9bb5c378d5a522afa38f53f8f2989b3eff089d68e14e2a70049a1af4ad29f

SHA512
15b27dea0aac91e7a1af7f836b0f7d1543519a241c4b99e90adf3d594a8ba5eb3118cf4b47c11c64f919f4b59925a77079f2251252f3a34cbe4a97eeed80a5f9

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css.@D0glun@css

Filesize
9KB

MD5
5008235df64e2f496caced691259c065

SHA1
af5ef7c4420e1d3e3a1a022a93f4dd7641caf705

SHA256
9263644146ea6f60654204d06d179a428c6023e4af8a3cf1794034b2819df9ae

SHA512
cdac548d0f4acbdc04ac5d5a0071c1d4791616a513dca3f4131257de1e1e82a872c1487454613dd04103a50a1458944dbb06d6f82a150b723722630eb0eeb2c3

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.css.@D0glun@css

Filesize
24KB

MD5
feb1c5d1501cce2cd5dc52cfb10f0e9a

SHA1
b9038ceea201231e82d6c645f17f44089c21f161

SHA256
cb9a61101d99305ab26956610385093d790bd0c2145ead3a51212fa72a214a7c

SHA512
ec6b29fdd28b2691adf905a682834bb3ffa82d2da4ce2557d61b593145a9aeeb94799528b907c1942932b06a002a20eb1fe578659db1e4f2123bcc19cc4c34a9

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html.@D0glun@html

Filesize
8KB

MD5
b1f7a0082855a0bb9c0f8b7f1c06304e

SHA1
8e44ac6c532696d2c1f22802926408b0bf98b576

SHA256
b35bc1fc08a1373c3f98828ce5cbd421dd3dd2beb8020dff84d2107c8676096c

SHA512
2e5a6b0425572d7ea3486ce1cf3b3bb6089d61c0cd08c09840c486bdd0b59f3ef28ee31f5b7163c73ec5dba090a2877a799bc8b7587b287f6ebc0ab2bb2a29de

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.@D0glun@html

Filesize
15KB

MD5
174d2c6240621f7f8be218c7f7947539

SHA1
45de3cb9848d8b060ab3e05500be3b75c72898d2

SHA256
c9953e0e8b7383ced294490d84e8dc79c2c2930adf7c1be078ba60c26d22029a

SHA512
ca78b0bcbe361e6888e58ba2ee9dd0300cc004ee146f3902389aa736ec54d0994d6a9a226ccefb567edc71a479e04ed50afacc0480d9949ae0afdd7a7998b6df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite

Filesize
48KB

MD5
1dfeb91b863effebcc4137c5939252e6

SHA1
178d483a519f8891a6d6d2fa1bcfbbaa6dff643e

SHA256
ad7a959965a18d34e48dc08d777d1102fd40ef229ebf266d5fa2826910efa6e7

SHA512
21e14b4559aa9118da50cfff8b3eb8c0ac62714dc7361bae91971ae61c07a2f8ed33cad36cfe498446a0be35f33a38d8f98cd5c961e7b74198d707af517f3b1f

Download Submit
C:\Users\Admin\Desktop\5.@[email protected]

Filesize
1.9MB

MD5
9daa076f957f4a5120f344cadd9421c4

SHA1
312a3829a75128f1e9a516591460ec232c6b6843

SHA256
e2336712d602657727181fa3fbe18abe7ad32f7f599c703890fed1ea888823e0

SHA512
b46c93244794df27d74a88de1eda9b0ed80d1fc7e1ac7125dd40375a65aa6d3bcfcc1fbbd53753f0ab41287fa0d0a4272895d1827b83ac7b26a8ea2978ef3a60

Download Submit
C:\Users\Admin\Desktop\@[email protected]

Filesize
147KB

MD5
ba789f0ac05c9e6569f95547950a4477

SHA1
44bf756a0df87c01be3605f1995feb9737350e9c

SHA256
b81cf60027414e684e6d9be564eda8bb7f0eefd8b5d83bb417bca3b9921b17c0

SHA512
11ccd306bdf16db96a69661d93e856e572f2ee7215ada6d2143cb543024a972f30ad85a5627904527db66e5ec2b65a05c376c991172f9a4eeb2e13a4e3ef6af0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
56B

MD5
3b45a660bc22439ad044e23927beb93d

SHA1
ed6402d7e01d28f2d87b4f980b76ed6c10194bc1

SHA256
f96f032a4dbbc1899328f919967829a1b61be57d383e8a362b01bbd293a294ae

SHA512
8b49d0fa8b109bbf429729acfcb51641135b8e49aab45acfe9945a5e214dcb81f69ed15f0fdc437e0ca72811d5d6b23c73bce6d7c44a87f90e017add63f67632

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
72B

MD5
3f6fb38b9f44c33e9a738ec333a3a2b7

SHA1
863ff3b2f5784e9814f79cc2731b67b3048ff762

SHA256
baa6ef3d9143a0bfbf44b45e572b8cfa714e7fdb6b76467ac4eb818f1e267c13

SHA512
9db0f4f5d466bbe7fc61193a6b792df6275bffbffc97222ece80b5d2d8f94273c519825a943fa6d2c214c2f2b0a14e39294833feb3b9f34834d27f1728384ced

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
72B

MD5
957f94fe725ad4b319827d28733e28fa

SHA1
6c82e2ad7ce2d603f32a9a5a2754532110effe84

SHA256
cb0def0f6aa24954486fa5fa3aa2623e22223b86ef3f4b57a462ef41a7b35c46

SHA512
ea61e548b9048053494adc9dfeb1dc3dd522b97ee3af83fa4f9e15c3a3df19a2c8f1623a45242fc6b4e3491c4f3a85214babe9ebaef5968e1e57a2e197977b64

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallCommon.sql

Filesize
24KB

MD5
1ac6e886fe78635bb5787b9c3eefc215

SHA1
067c8cfa5c520b2e346c4c237050f5725277a768

SHA256
6ca801ef1f5539c27cdc4e0d1f6cbd11cc22911cf4a5081c0d306c3853898207

SHA512
6c52abccf7c8072826c140cef2298c92cc296a42f6e1a6b9841cc8e2150627decfcec889ba235d565341f4dea51d756e26d9b2036bbb1008967617750678a455

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersonalization.sql

Filesize
34KB

MD5
d58b149924da9c563dd71def291ca0df

SHA1
bc0f1c2b6e62c22397a6c7f7bd5bc9a195e62722

SHA256
e37be497de96fe13eb29a14a6a60e9241d57f5edda631f9c71b99392518cb062

SHA512
e841d2caa0aff800def839e790e140c62fa7077a1ef72acc05ddc7fb388af897c184c8f5099d7b6b3d704163cf6126d9b032ab4720d4925e15fe8e006a7272a1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallProfile.SQL

Filesize
20KB

MD5
41dd160908c98bf027371f5cae00b033

SHA1
02d5a6087077688e53d1fcee61f3b36981cfc488

SHA256
a34dee09ef0706000d842afb037705b46f39a45b41a0f792f687cc1a249d16a3

SHA512
fffc3edf8c8c085f4f35264129c94a3c852d183a7ada34df910c2fae0c59cf9984fbe211b8e17bbc9c3d890e3046331a6a6937316c20aa9c7d617828053c6500

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallRoles.sql

Filesize
33KB

MD5
2f864def9970aa73a4bf0e0229e58c58

SHA1
db522a41af9f80e3b5eb72a4eea170390b13506f

SHA256
2a1987539100362a7c838ee50148c0d4460b19004eb08fffe4f97bd6721a3e33

SHA512
7d2be13af069c1947c4a6654da2b61bdebf19533462a22a6f6a931919834f58a2c97000a27221de646ed583c2d4e7804ff1d3ee12dcd4ad707a7da70b2555560

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallWebEventSqlProvider.sql

Filesize
6KB

MD5
d1b755dbcaad11b8a94586c3d191b40e

SHA1
41d659d9ac10f3653aa49947093769f90ef5be86

SHA256
3d2738065e97633c8db320aa61868cd6447ba08c817ca7f122fa8a022682f3c2

SHA512
495874f314ea6d37edf38ae4990729a60b82a7f300315d21943026b6bdf9ae0e1a55a5eff8cfdc2f334d0207e120254aa2b4a72847854af84df1fd7c591f4b5e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UnInstallProfile.SQL

Filesize
4KB

MD5
25b72a187b4f2f0f4fc3ba0c13698707

SHA1
d29fbec8ee16872e1d6902aa88f805f8cd74f7d8

SHA256
8737ffa5c1e4d6b1801924ffeed235fe164567ed527777af095cb322c9c87ab6

SHA512
280fadb6aa1b4a01d0dd5090c94c3c0f569cfcb0487840128cf5cd0b22449570a17edd507f7b5555335ba845cf8660b36f27ce0eae2d28ece5410f72f6cd88a3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallCommon.sql

Filesize
3KB

MD5
64eb63dbf4946f35a98407b5231f1fa8

SHA1
31643d741b71290bb949a5a544c8b92993ba918f

SHA256
db95b7cf96f6d7250d123a1c56dfe2deafeafc51ad06f6ae50932411b9554f2d

SHA512
fd6bd0a09b8628c8ebacfcd5194d1550bcfbd9889aede4f7c52548eac2e6752566a1ee6bdb3d759175de7c0fbebd5f136aac587546c607fcc58749a371f195b8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallMembership.sql

Filesize
6KB

MD5
d3bc256065c933cc18cb8dbaced959ce

SHA1
704f5f4a350f251d1787d7a8fe232f6fa0ccf6d3

SHA256
ae4ca4866c1349ef9ad6564a290c890fc42195f0f2bfd0776ca8067adfc3a893

SHA512
cea10bc83afb096464f55982c3af13dc24529d2662c589889341eee59dc7bc808c22cd45e97c186486e41309f5682fa4a7646ee0485a82690242e5038492faf3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersistSqlState.sql

Filesize
9KB

MD5
8395d822fa1bf2b0bcef3709b404bb2e

SHA1
07df2c156bff42d4bd11454f4a290ad8e41c1763

SHA256
f00d1646601627d6edcaa571109ff2e107f28219766ac86ac931c0f62f3193fb

SHA512
feceb559003ab2699f847404c811b76a988c3edc61e20d2512768744b7ac66f04361ec43bf4ff187c4f4eab18a3fa9ab71ec71502c9987e09e90d0c68c5827b4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersonalization.sql

Filesize
7KB

MD5
d2615d2a14d8dd77203085c8b84c9251

SHA1
55e46d9ba2a0530efbf5dafa2f118794332cb9a1

SHA256
7ec632b24bf69e23768471af156df96016dae1cd783a05064eff72e8a52a9240

SHA512
183debb34b97b9e5139a86efb1c7dce089e579979b94ff931228ea6814a4bba95f478d3ffec2214f28a5c6016772b0baf74613cbcd40bfcac2b5745318df00e0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallRoles.sql

Filesize
5KB

MD5
750dddb73b1dfc54f1c2ab0fbb40e11e

SHA1
99ad36ef4533b836e34c3477f56d3a950a23e523

SHA256
baa121d39b5a52eb0cac822db1e163e2f087cdfe0ae78ba1f2f74a6698f8a59e

SHA512
073c92768bd95e16605482c4db45a58ac6954b79028c5679860dabf8cf651367b3f40854d15724ff111526a88b58a3ffbf24f2a3cfde496ecac22f1d712ea5d3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlState.sql

Filesize
9KB

MD5
5f11e0626aaaeb01948dac231805b756

SHA1
2531494cdd8c7415c69ae90bf281803ab0b958a6

SHA256
352a8a04e4b0fb510d60f783d146261db1864eb2133f8a19be923e4fd2dea8b6

SHA512
65e11d46c541c49c44876b1e6988a61b89c08bf0c6653d3f8d3062323aaed9324e716b5864d59fb87549d83922333bde74bce57551b196e99f18f7be5e8120bf

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlStateTemplate.sql

Filesize
11KB

MD5
2908bc49f2185b193aee3cc20db281fc

SHA1
6c8d2b73e6c6022a3393b7cd854c2a7b7ab25d0b

SHA256
01f28811095d87da25398e3c0142e29eb5a549458b7266eda0d65686657e6425

SHA512
dcacc7244db701ccc4ae663f402984d2550d15642c76993561e349ac17d458c9a86f4be9752dea861a4e884e47577b675db2469e9fb0dc3b98646117c3772895

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallWebEventSqlProvider.sql

Filesize
2KB

MD5
5d83a2dde227f5bf841dd16638365695

SHA1
e7ad3b11d6ec595f8d75dda4a0cd35e092fd7236

SHA256
4e9b0f3e2d0f425612c76af4b3abc665dde78ea26a7eeb853a9408902788c602

SHA512
8f489afe26b5801489d38fc27e76ef4f82448be2a39a5fa0e91579e55b9cf21199099f7e4a91315a3c5455230c1ed62291e79c4981f86190e19b1e76927fd816

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
dec29bb096a973bd8bbef4a909b53afc

SHA1
5980d22bcfb10d9c7f928f70e7607ad065b4ec98

SHA256
c96e44821bf0f9cb0a6d86243f270736393385423b7788538ccc396bd11c4f99

SHA512
b9f10a469fef66864b420a4df570da1314b3ae6a58f7b4f0d19a7e379a232694d5ae80b1b24395c9ea3bd9ec19eee779ff6dcafb31b02ed7a237f8e20c3c1d5a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
111b4edfb42e579e765dacb674bddd42

SHA1
66536444f1ce6e928822e1a9f91228bc20580952

SHA256
e342954cccc44c28605ba996411ebe449eab0048e15785f2e339e52d09d48764

SHA512
d875abf365a2ac2a10499c7c0437a86a8039de149ae5e0a0e80700dc65443dabb0c4f289a493693ea82964ac03fbabdd613aaddf892faae56ac1a93fd70cfb2e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
960B

MD5
1ccd821d293fc3307281cc47c200066c

SHA1
5139bcbdee29da2669e206222d213798295485c9

SHA256
9a20b68cff7ed97d38bf13292722be12b5add72e1d04b3ac9329c0977085a70e

SHA512
230f4becbd6bb9e2f2b0951852bf1c62faec8a879f86c3bb8b78bb63691c7058df78218e8b70d256d1e170cb7b1106b6034f7d33bb90de608e16187275de7b2f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
128B

MD5
f4bdc6d7036e0a00af864ebabc0e0c54

SHA1
387d2d3a6346aa15e9ab141140a18d012e3471cf

SHA256
70d1ef4857964e0af73c184648556b62b8c410f64f44b9ebe68a60eb4fe473f3

SHA512
4bdeff79c825da6e9b4d4bc4b22ce5629e5637dbb0ed9f0759fe1f443b788b0226b241a6e880d26d08c5668ba51788c70c82b35889be048774408f8a01807523

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
d6524ce3098596b53014acfba93b5d1c

SHA1
33fcbe3594d8656d87eec0e6a19b169d404aed0b

SHA256
bb32f218eba76d0ccdf7b7f0f8443d48254b5f183511c8620bef12a79d978d51

SHA512
dd934d36a35597537eec4216c01dbd69145feb057886d5336025487d33ba488927bc9ce7989ba0b12d1832785c8b8c2d6713749b76bd5d36cb04546eef76cc8a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
f2c42556eeb70fc07cc4cbaf45bc0c97

SHA1
643cc75dcadeded129f187998adc64e5eebd54da

SHA256
32060da2c0b9d1db3f1b81fdc1879640a89556a445b3860f096fcd892c5182aa

SHA512
d0af9ab6fdd611c410abf5e1aca60249e8e7b957851897202b9f9988cccbf33e0d7821f602892ea8f709309fec3ba9d7cb0c17436571c24c2236d0949788861c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
72B

MD5
2bba19d9edfb0ccb3c4c203e5ba74ba8

SHA1
5a8c8d9efadf0d822d2ebb2a24cbb6e83d94d9b3

SHA256
ed8f9d62c1ffecdd132f5ce46075351ee80198f45fd8417be82344a4fb34ff25

SHA512
f3a366a7770c430dd28e5bab18e76c83983edd47f5110683401337baa356de1c1b665462ed784a95baeec7fef64fe48af67b948c3c2debc7bc5ea929fdc1460e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
920B

MD5
4ea06d159a49a2b9fb02b8f51b85b953

SHA1
3fc9cf79ce336ab8bcd4512fa114b26845cdeb6b

SHA256
29ab447ea6d9867959a28e25c018f0cfd73dcdaead9cdf636a6e2421be6aa3d0

SHA512
e4004a45d6022351a7ea2e8e191fecc7445e2f1f00bafc63e10ecc9ca6a36c6474ef1889c8d8edfdd2d665f1372fe8b450ba69ee6e51f48bc6141443432144b2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
96B

MD5
d94a784d7bdf4ee2b84b11954afb7209

SHA1
b57858246da2475b289700b178c2378a3929bd14

SHA256
41b7f12ab6f8c3c46d9512b0a144dce8710bc1214f213dde8d4c17c3c26c12ea

SHA512
ee0f0005874c4e2d5cb97677f6b74d71b34fc05a952fb5fb8f970c33d7d41fe92d87e7888661fcb66041aa886d4fc1b57ad702354183b67cd5f914b7ae8ddfad

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
96B

MD5
4db4901d2888edbb918c8c02da317dfc

SHA1
022b2bc54f2961bdb39b9c52ba4e6334ccc58ebb

SHA256
a20f3ebee437f2a25bb41c9c00a65430a17cbc757dadd7a7572f81c50394f9e5

SHA512
72ab8dca9f49f37c57fc883295b65888d685f09dc6bfdde171e5143bd9c48df63b9af0eb6376ed4878a878a725f81744b93221d7aa0c7a77a40a7fba76a6ff2e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
336B

MD5
fd4ac735d5c8b4f872a92d88338f130a

SHA1
3e764835f189552419a9267c00553718cc1dea7d

SHA256
efbf55bf132d17ae30e361d1d3e8b6069631f283445a09b9e3c2a72fb44bbadb

SHA512
519564da38217c74a6de0dd4acf228c9e1739b1fb41628abda8d6cf38f3c685a8bee80e95db2d6e4c7e04b6c4551982872a379f73714ed0fdd79fdfc63989c4b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
e4197868dff65ffffaa0d44327cabbd2

SHA1
a3b492101a6477e9eb9c72a14468ba5695d85db8

SHA256
8b1a0fe43c0ad353bd7104643fe30ed20b1cd7cba016ee43e167f4b85f89d32b

SHA512
e9698a7a96cef6d8dd439aaccbf74d0e0e8e0a95c2520933b7775f2f9021b0bf21d35a0f4cc9d87cc3dadfa1e4545b60d9e6ef53d9f3de7512a51533ebe3c594

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
168B

MD5
fd0a9f1ab1e5737ffc213b40985ca120

SHA1
4cb84894f979a503199f96717d585376de2d2cc9

SHA256
c2a64fc2eb02a8603150fa347bbc4fe105b86a7ac902c651e2e2ad5f2be24d3f

SHA512
5ad8a2c1f0941ffe61317409d26aed6cbd3a60f82b1baf53602eee62105fcf6b9ee4710cecaf97cf46bd12b18e80e7a602c33305f6bd5bbf637fed97560e4ad9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
592B

MD5
d1392024d0f6fc849ea2d298f55ac17c

SHA1
bdcfdb9241a3326e1bb5ffae4f2b03cffc4367e1

SHA256
4d76f81318e2dd912c946619627df86b1484e04b1d5c333487f5cfc8ae23fa1a

SHA512
bb55a15d035d36385fd3dd5a0f39f8d7ebb3c856e6b0c6c49c427f5788eb9562654dcc8e4168e6fc37101f70728469627aa771732286328d5aa0cdcdaa08da10

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
128B

MD5
0845f09a2e059b27536a0af2fcec8fbe

SHA1
c401c8150391e0833bca1fa01af2d4088ecd83f3

SHA256
22bcf62182688e49ddbb3dcdb7e52ce9089c4b37d8cd13e71d03aa572f4110b6

SHA512
0585ee66f26c9aeebde3de27b7d851286af65b4723e26e827316cacf16df97fadbba03acffcf5e2c13c293002d8920ab74343940d21cc3df48eea1e7b434d8d5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
9db680251d5a98fcf58c14c8d29a46bb

SHA1
83d12e34ab8594f0cf4b4a22cd23c7fd18217819

SHA256
036c39fac3cb1527a14c6665f1a81af0d0c1a59b11ff33d62f38939babda0ccd

SHA512
b19859e452cba1275d2fd2e3e800efe92e0b56247bd08621d6f831f0566ba916a069434ef0abcb8571e6c4c15f06b942814b6d1b87f8151d1882b3881a1750c9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
888B

MD5
bc9967cce97a14b9dd83fcb6edbe552b

SHA1
c5c9ca4a7a71d6a577e66ca9c659d7181c8a4bd8

SHA256
17b99cda550a8ede93060bac0b61e218707fa19785ea25a0b2f336d253ed47be

SHA512
fe0de51f26ff965ce98c0d562695185c8f0a3ccfbdcb0c2e18a56bf2d297b39f1d793de7e2f15c030bc2ae50125f0ed2f5274bdb0db7438e923d65b6e2b6c800

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Logic.sql.@D0glun@sql

Filesize
23KB

MD5
a73e4dd43ecff8f7d9206022f1a64408

SHA1
fe18af6d6414b169fabcc79e00869f7087325d8a

SHA256
c9267d805dd44f77ff9efb5110d8dba0deaa80f64ea66af369f2cf74ca350044

SHA512
e763f90754a88ff50294af1cef6b4b0d78fd531763f2ff856c3ed6bb0e40102a9565ae56ebae67e8c1f73039e5cc990ff662fdb3500cd78613a0feae63317118

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Schema.sql

Filesize
4KB

MD5
f32836b421fa4a05d0f374cd776ca696

SHA1
4139c0d5a07bee3542d72078631c8150aa28cc28

SHA256
08a0e2c3f08edae15c316b5553dedb83edc1b2ba34fe9df8c526c4dcb326701a

SHA512
3baa1fab5948253fc62fa04eb187a22a6de26789c6ab58e168d4185803ca20a1a2cc450efd2904313f88abfa6a810336ad4052dfedbc6be0a70dffaff49b0a96

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Logic.sql

Filesize
372KB

MD5
bf883fd8e42bd47c0e921e9f6c317de2

SHA1
619a1d0d431172831994ac16f94e8b1acb89da48

SHA256
074e81dd9c669c14eadd5ee20bafff22c6b8abf25fe7722c8605cfafb3ea8c6f

SHA512
922df2ef0c3f64ff252591e4b0b5a79f4f80365953a1b67c86a5139a69de2b6cadc709de67cdaf58d792137a27e68717ac6baf47f9a68525db9f40b1b79312e9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Schema.sql

Filesize
49KB

MD5
e7b519a2cd1f53de65f9ecaff26ddcc9

SHA1
80eb27437d16fc3bb8182ceb9e0a7a334c5e1266

SHA256
46895021925c19f36b899ea8a62b99c8b38908ea813b4d18e86e0a17e6d0dee8

SHA512
025464c1e7a8831131f26f93688094317fcddbe49361bbf2dcde1ec5aecd0c75519e728f6a5cd6dbcbe00b4a24f237c763ca4d353b9d70407180f496f709c151

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\DropSqlPersistenceProviderLogic.sql

Filesize
2KB

MD5
b524f0f089131afc33def595c351adbf

SHA1
2e5486e295b8dea1b0fe84579e7fa10eaf2f94dc

SHA256
9b42eada2412bc0de0af5f02d5e38f55d84e6fc66025525b7f3a06e048cb32db

SHA512
1c15c0dc846ff4f1e3b8dcb1375b771c9aaae012323d79ad4e5bd1f9b7e5dc920f2e1128ebea65fb8bd59aa89dc86a9fe80bb2c4596826a7ae3c88345c6abf1c

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\SqlPersistenceProviderLogic.sql

Filesize
13KB

MD5
74b348d19534f1c1e2d9164ce9a9a289

SHA1
7eb1472527220650072c63274348ac4c1d73a242

SHA256
4fbc49519be643d0982364cb6c0f135801cf18506803c2ecd65da6e4c441a96f

SHA512
5d0f27fecdd31f5e2e86c40c868d2a3de02bf2714ca9a653de0ded27aa7dd24a5dcddcae406fe803c1e3910ea912710d13b6e6a6e32188b5f4ab00c8fbd3f7cf

Download Submit
C:\help.exe

Filesize
756KB

MD5
590a645cf6bbcf461a631baf20e0c935

SHA1
4493ef71e394467119b355163299b833d1e42acb

SHA256
b17b97ff5e31e61007518fb958f9bdb50b27647285b3e6e832b2188115237dc9

SHA512
dc7fccc620febd8d337205acddddebfc21df3ffb1caa0cc11a1aad763cd5973052651f81649ae665b91a125f4b2040d172ef08d1c5ceab54ef8789dee6d8dd1e

Download Submit
memory/1736-554-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-528-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-546-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-564-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-518-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-562-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-540-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-538-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-560-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-558-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-522-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-552-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-520-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-550-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-512-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-524-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-526-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-542-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-532-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-536-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-534-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-530-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-544-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-556-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-506-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-12486-0x0000000000400000-0x00000000008EC000-memory.dmp

Filesize
4.9MB

Download
memory/1736-514-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-516-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-510-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-508-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-503-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-504-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-1-0x0000000077040000-0x0000000077087000-memory.dmp

Filesize
284KB

Download
memory/1736-548-0x00000000027E0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-0-0x0000000000400000-0x00000000008EC000-memory.dmp

Filesize
4.9MB

Download