Analysis
-
max time kernel
52s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
07-06-2023 11:41
Static task
static1
Behavioral task
behavioral1
Sample
1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe
Resource
win10v2004-20230220-en
General
-
Target
1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe
-
Size
2.0MB
-
MD5
08e76dd242e64bb31aec09db8464b28f
-
SHA1
3f3f62c33030cfd64dba2d4ecb1634a9042ba292
-
SHA256
1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43
-
SHA512
2aaac092a07e7238e73f7ed02243500de6f0c34182ab894eb6adb4364212b852301191c866dffa3450b8f795217b3f649b8eda91e604f5784523b7c22efbcaa8
-
SSDEEP
49152:8ddZj/Jrb/TyvO90dL3BmAFd4A64nsfJ7j7TPtGzd4RgLj2Dau/oZz/Fz1/:8dHj7KBg5ov
Malware Config
Extracted
C:\MSOCache\All Users\Look at this instruction.txt
https://qtox.github.io/
http://bianlianlbc5an4kgnay3opdemgcryg2kpfcbgczopmm3dnbz3uaunad.onion
Signatures
-
BianLian Ransomware
Ransomware targeting critical infrastructure sectors since June 2022.
-
Renames multiple (7744) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies extensions of user files 1 IoCs
Ransomware generally changes the extension on encrypted files.
Processes:
1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exedescription ioc process File renamed C:\Users\Admin\Pictures\ShowUnprotect.crw => C:\Users\Admin\Pictures\ShowUnprotect.crw.bianlian 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe -
Deletes itself 1 IoCs
Processes:
cmd.exepid process 904 cmd.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s) 42 IoCs
Processes:
1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exedescription ioc process File opened for modification C:\Program Files\Microsoft Games\FreeCell\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Microsoft Games\Hearts\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Microsoft Games\Mahjong\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Admin\Contacts\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Public\Music\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Public\Pictures\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Microsoft Games\Chess\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Admin\Downloads\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Admin\Favorites\Links for United States\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Public\Downloads\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Public\Recorded TV\Sample Media\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Public\Recorded TV\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Admin\Documents\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Admin\Saved Games\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Admin\Pictures\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\$Recycle.Bin\S-1-5-21-1914912747-3343861975-731272777-1000\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Public\Pictures\Sample Pictures\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Admin\Music\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Admin\Favorites\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Admin\Links\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Public\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Public\Videos\Sample Videos\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Admin\Videos\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Microsoft Games\Solitaire\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Admin\Desktop\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Admin\Searches\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Public\Documents\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Public\Music\Sample Music\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Public\Libraries\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Microsoft Games\Purble Place\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Public\Desktop\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Users\Public\Videos\desktop.ini 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe -
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exedescription ioc process File opened (read-only) \??\B: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened (read-only) \??\G: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened (read-only) \??\M: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened (read-only) \??\S: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened (read-only) \??\T: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened (read-only) \??\V: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened (read-only) \??\W: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened (read-only) \??\Y: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened (read-only) \??\A: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened (read-only) \??\H: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened (read-only) \??\L: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened (read-only) \??\O: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened (read-only) \??\R: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened (read-only) \??\Z: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened (read-only) \??\I: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened (read-only) \??\J: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened (read-only) \??\K: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened (read-only) \??\N: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened (read-only) \??\Q: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened (read-only) \??\E: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened (read-only) \??\F: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened (read-only) \??\P: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened (read-only) \??\U: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened (read-only) \??\X: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe -
Drops file in Program Files directory 64 IoCs
Processes:
1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exedescription ioc process File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\TASKS.ICO 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR36F.GIF 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Java\jre7\lib\jfr\Look at this instruction.txt 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.xml 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\CAN.WAV 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME43.CSS 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana\TAB_ON.GIF 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO02263_.WMF 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\TAB_ON.GIF 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\PREVIEW.GIF 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0233665.WMF 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Rome 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\TextConv\RECOVR32.CNV 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\Look at this instruction.txt 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.HK.XML 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\PREVIEW.GIF 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\1033\OLTASKR.FAE 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Aspect.xml 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341561.JPG 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\TEXTVIEW.JPG 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\Look at this instruction.txt 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS00136_.WMF 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FORM.JS 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGREPFRM.DPV 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE05870_.WMF 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\LABELHM.POC 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21520_.GIF 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectStatusIcons.jpg 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\HEADER.GIF 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Common Files\System\MSMAPI\1033\Look at this instruction.txt 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGMN054.XML 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\EXCEL.DEV_COL.HXT 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\mn\Look at this instruction.txt 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\Look at this instruction.txt 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0293832.WMF 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18217_.WMF 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_MediumMAsk.bmp 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\features\[email protected] 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Triedit\fr-FR\Look at this instruction.txt 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0177806.JPG 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0152606.WMF 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\ACCWIZ\Look at this instruction.txt 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInAcrobat.gif 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\Look at this instruction.txt 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\Look at this instruction.txt 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR33F.GIF 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exedescription pid process target process PID 1712 wrote to memory of 904 1712 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe cmd.exe PID 1712 wrote to memory of 904 1712 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe cmd.exe PID 1712 wrote to memory of 904 1712 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe"C:\Users\Admin\AppData\Local\Temp\1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe"1⤵
- Modifies extensions of user files
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd /c del C:\Users\Admin\AppData\Local\Temp\1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe2⤵
- Deletes itself
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-1914912747-3343861975-731272777-1000\desktop.iniFilesize
129B
MD599f8fb971e6c5f17935076f119131e2b
SHA1d149df87bb6cfe06579284ba6428e212c3fc20f3
SHA2563fe9280f6b27bcdd81791ae59184daf51aeb30800529efa163793b53a7ad02c5
SHA5128127d45767a8410528856f9ee261f729ee95ce3ece0617e7583e74cbbef19cb707269e7e91595047bfb52db82a78cc5fb39abe648bc3983533fae6212fa8e393
-
C:\MSOCache\All Users\Look at this instruction.txtFilesize
986B
MD546bfaf26de54de2cf393f9a6356aada0
SHA1210792c0c690d52d2833e9b0077c4f71ffcfc2a1
SHA256e7cf0dd9d5808c748208ff3fa4c91d3073643ff088826b4f7592b0f3867a2b77
SHA512e60dafb09e7dab66c9305b1d35d81ef197a76753a0fb1c8818069bb66f0106224e0c6967d622364ec3fbcf181b890bff8d094ad586d0c7b3d031362652a389e8
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XMLFilesize
582KB
MD5e48114e0b8ba94895ee48bdf84f39f6d
SHA19468d5ebec69e6d8d41901c9caee1f64691bdb50
SHA256e42ca4ccc543f72408d187765586f66b8f9c39e899111d3f546ac2da1f8c7d67
SHA51211e601e019c2ab29a87f50867601602726a12031aee1d7e5775679f60135fbb8c274abee8c3139235553d2f99e8a4476acc39ef0851b9bd822c9a294e385166f
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_F_COL.HXKFilesize
114B
MD59b2c529bca83736bac2b752fb032eda1
SHA13fba6cbcfdb74a05da8682b1ac0566f39953400a
SHA25625d82eb9b112389a981ad29b1edf64881a8d6603a29cad7f1b98af88079f6eb0
SHA512bdc1d1a38bfad07ddf1a39da18b592df78f3ef9c89af176e0e590b556129f397c2e636952e5012a6037b887f6ab99b4b5b4391a68f1ecce2663759074af8d0d7
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_K_COL.HXKFilesize
113B
MD5aa880d673d0f8f098feefb52cce18cdd
SHA14958b26d72b6d91e13ba03f70027bf41c334036c
SHA256fd5df107f60119765abb01499f82343fa71765037fe58981633e5908c5638815
SHA512a21a2290a6d00445fb2caa9eb109ea0a285dd2d02b9d6f939b93eddbe76094093c8f21022cb72e6b6c65759f98cc1545ee570f855b0b01d4f60d9783e491eedc
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIFFilesize
222B
MD5cc5e6f0574afc20dba12027043f2a8c3
SHA1f598804e64c327cebf427df4c7ec8dd76da3db2f
SHA256801ba3e9472212f937b7e2f510d5f353c623e293c646661f231c2a18ec98480b
SHA5120a4627748a6fdb80610387b92343114a730f84865c83e1f9435568b24be99c788570a18ad70c2cf09c4dcb129ccb31033b11b33f2d4bae3a4516b23fd0c3c7e1
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\TAB_OFF.GIFFilesize
341B
MD517a688c5901d6bc57af9970ca0af10e7
SHA1d3d1873a55114d8031b4e8a9a24196e11f853ebe
SHA2569a35d614106a1028bc1fc6c11b9a4b68f3571bf32866155c1893571fe4a32874
SHA512ad21abf65bb889d7df46b1740ac0b958373590649f98371ae89e69e4ef1cfeb72c2035ba5956e1aa510cfb626dacebb7d0b03911e187a7829ad51a9e50b725f8
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\HEADER.GIFFilesize
148B
MD5125c4e8738f433a7b35655a34f14aeb4
SHA1942b71df46d388b0496dfaebc6a97d5a496f250a
SHA25695781df93c673755588b890ffd9bd8b920d86a74adfd760c31521da7988ea6d6
SHA512c662977c58a1d7e8d487f228c9f557134299e089689e21e80655f580030be925f57f7e7b32750887287593a8a708efdc208b8627ca94bfc9e59d4f9652466ae0
-
C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\ISO690.XSLFilesize
256KB
MD54fb548fbd4a5deed1d51612d69d3632d
SHA187e4beb54bdde7cd42536374f7c41b1466ca2c49
SHA256b1df0de6960c5272126acd1abd3232b756228e6f51071927105f9fd4ad20ba47
SHA5124be5123e7afeae10b8a9bda345b96f44bf18b17a7730c573c6f378e74f08f41a5b5a019cfc8bcfc031116a44e855d78a2c5189b4b50a46c6502b46d8c5f26a9e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIFFilesize
24KB
MD5410fe9f3fceff4b76e7e77e7f5a65305
SHA139aee5f28542cb9201ff7519f96aa70103f281cb
SHA256ed8c5c3eb311643ef151542a5a0ff2bb4ab71bc54156a03fe5930d0da693cd96
SHA512bc15e95a6d94eca681be6e8cca7151c3e46408fce2c8b66aa2d32e5b70f0e1b2680f5cfcae34d6f4f7c8c33687b4f1332ecc46a448b1bffcac16db3d435e7585
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIFFilesize
185B
MD57b44d8e7ddbf48ee8e826197598e9a37
SHA1f24a9fe91ed0dc65509d38fecccc70d3f723b3fa
SHA256b3cdbd5477af204460a472a5e196a033afd8ef146aedfcd2a903198bfaae98ed
SHA512db991bc5ccfff913e18c5ae0e4906cdfb373731f6838cda633265cd3a15847bd5b97324a93571f376c7309fcfae0e2754b37e89f45a14a0494efb90bfc85b24b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime\TAB_OFF.GIFFilesize
462B
MD53180d455611f34434b5631a11013db89
SHA199fe283133ed4d4703d608346c5d8e2449bc42a6
SHA256df354673f5b1fd0cf358b66684147c391e7adfd82de4016c0a7c508b80f96840
SHA512f62da228bba58c6c4d5a1238958429fb49c8f1d5b9752d35fb309be99e4add963370b0cb11c6124a0e8c72ef69493a007f63a7b495717c98332bf25b179bfdfa
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime\TAB_ON.GIFFilesize
267B
MD55b773d56d8d5855b6549dfaa4aac4851
SHA10447acc124d31e21f608d49e5e8c35717c4dc933
SHA25689164b0860fb6acf6fd24773285a45560834a59e60cd8ec1e423f80f30fef579
SHA5124f0cf82d28f2a82ed58805fd068d44b619d2f8501392493ce3309047ba3a5e3abfca98675212364d39b335f600c946e518991c60da07132e2f2ebd4a89447cf2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\TAB_OFF.GIFFilesize
496B
MD5be59d8c958d68868b2ef289c0ad00a86
SHA1eb48d8f090bd39eb2bd26e054de1fc65cea647ce
SHA256d56c51ba63d4db1b691667171f75f43274ddb25ce4804f8a978dc681e1e19d3c
SHA512249b43dbdd1dae154bdd3a369bbfd3def4fb3bdb2e02244b96c8c83b79895f40ac721986ab22d69fc6e4fc41ecccc61059137089f0fdf6dbaeeb01955657ff07
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\TAB_ON.GIFFilesize
1KB
MD5eefae8cb42e618dc9c75dc75780583dd
SHA1fbcbb5e566db27c63824a18e2e51fdf065f0e446
SHA256fa4a8294b0079cfb5f1825b180c8939277afe511ea5ffa018e48bcf607b2b6a8
SHA512bb6ac2b736932a8798c40ae76a60ef1676c315ef0ea6198bad520c4599316aff589e4a22d58b97afa95e14c4bb5de258731c4af53821c4e34f6296dd71bb2b03
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ViewHeaderPreview.jpgFilesize
3KB
MD567959d200ba7033b75ac4d0f53bd060f
SHA1012187b15617aaa1585e9c8dbe032d06f2a304e9
SHA2569e43d574acc94a34140e26e4f8128d05703c1ea2bc1684cf81dc2fdd177eedb1
SHA51272b5f02c0003cf8595af964b4c5706e63301214f2a0dadeb1dec95a75a562ea8e72420d4262ab1f484a30b90bdcde1b74e1c7916a10dfaee255fb3c20a9e8ff5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\attention.gifFilesize
2KB
MD5fb4834007826ee1dd66611dbe0fe5516
SHA1ebfd92d0a6119d07b1c2e83db853274fae13d397
SHA25612f34ba2a32a5bd069129c3c4022485e0d3c75bf7d6d4b28f61655f29bcdaa2d
SHA512e1a0c601c8d0db6a7026d9e12e2a2ac61ee04ecf072220666171b1fa8ca08f6b6a6df97c9df99331a1abea8bd6dfccf911a13b6c96b51dd16c2dffc51e5a2fa3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gifFilesize
5KB
MD513a70915fe1d0e1add324b4da5f7fd62
SHA14e08e32d3e3d622ef0c604c75ef161cb21c1f155
SHA256c4590bc8d4d11f85fc0bd4ad3367903c6de88b7611b21a425cb456fed1f8edec
SHA512cf155c85db4dd4a59b840a3cb5ff2a7182ac8cd3d123b782da3a128327e5eac96a8c27569d145b62cfe4952298911b26de995d6cdbfd182f6adaaf7af308c117
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gifFilesize
31KB
MD5a72e2ee7619b54d062e3db8467e28d62
SHA1f7cc88b05c60f78ea21a522e08ec22d8a45ed333
SHA2568d1841307b307e7d6517c19b3ad77d93b0144191947751327f42f90557299a6b
SHA512e14d74eaeb8b398624ae55ac79a1cd0d1220eb67a7da832704ed62ed54f6ca38e1f15b5c25cbbf87cd08bafbb69cbab55a3c2af4acf609b09fabe694645e0302
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gifFilesize
4KB
MD5f71ac2ecdeaeb7c470fe45fd54f655d1
SHA1ba32b70849551905d8c4c6f6c5431c2fbe90acb3
SHA2566b3c55743ffcd20ef748eed208bd6ab746647acf060ef9cda6e6ce868233955f
SHA512ef37f392c51655f9609c8fd1bccbd65ba3f3a58de3234c654dcdf3a1a667e37642635902def649ca6d0852643f6fd0a3876feeb778f37ed2770c5628f5ba26d2
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gifFilesize
21KB
MD5d2e9ad8ec57ceb4a675071a63f38fb32
SHA1b332334c7a7416b3b0571a365b901092d3da610e
SHA256144ddee682c7e8c5af40cf3cc712d6e2ef824cd5fdf104d2143b5dd870776e69
SHA512b9b86e0cc7ae457536c6bc04a2b498b793bf735a413e23236ed278df81bbb234573ebfa418d7a45974f19270a2586a433d93d4d6c870a36ed7b8651ea3249476
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gifFilesize
106B
MD5075eeb90aa767e7d0303736cfcb3e3fb
SHA1e1c71019bf60f2243e05e29970ed08e30a1c93b9
SHA2563874ae72d3d496f7d665900e1f8073caeb38d4ec64ca679af9ce402b1c4aabf1
SHA5129b81ab15c805e20b6cd90ea7d3228bb27b99c504c0daed1fb0ac4e1736e9af062171795a7eefaef5d2ad95cf5e4719a76bc0b267058416c631a9ccacf178e7b6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gifFilesize
8KB
MD5c4f8a1572499b223b4fca31bc78d8764
SHA11c37337cb056937d02944f3df6c03d5465ef254e
SHA2568a790f307719893a1ef37fb32002a343e2d221a0a72755313f99d23a98f62988
SHA512a65d6b700cac2f592b3a8a5ad170c1bdbe66e0e074d5998831958a46673d537677a4336df5bc6b93708e87d0e2d42bdf7e81db68af14a6731504662bd629a965
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gifFilesize
15KB
MD5a1555a0e36034c43b0f14de5f6fa52c1
SHA1c7da5b6b8f189d68728a6c891e4b922404db68d6
SHA256cc15c63b64fc80e9e390187aa185db8a1278814726a5a5f6ba40dbf1c35270ba
SHA512fc00a00b3b244c3c590726d752e78fdf5701fb1568b4d299475a31fc8d577427d5ecc9552c959e1d2532adaf4c832d521a726a2e7b56f05ae841de972f4dcd43
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gifFilesize
6KB
MD55f263a5937062f8c981ec3e2466e83d9
SHA132da3c1c8cd5af239db175cc1a78ec7d95c0bbb3
SHA256e0bea00e87a5684f54c4c4d6e8f243b8f0ae66d887ec789fd2410df106c17cbe
SHA512504ecd1f019d773c4ec38d05030aa5655133648d270b28269832e4b480043775f43728075e35f9ae49481a85627764ac891e8b23a57873d9db4a461b19faaf2f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gifFilesize
20KB
MD55e337608e005b7f93c4dc810308b8383
SHA1f43c7fb39565190f27396d1f75a7fee555fe4f2f
SHA256c84d390b17a33bbab518254bf209bddac8ff635a82164fc9b081626c427ddc2b
SHA512bd9065df200f937994e3762de49f43dd3b34d7fb9f5872f43fe8538e944e95142d962ea4fe2c3a60ab39c182e96bfe489e5cd63b92feb73c37e016d73797139f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gifFilesize
6KB
MD5e3c77def62fa2df7f76e124f71cd33e0
SHA177d33569b8a1646f7a3b733d2c3cfed2a2fbe6b2
SHA2566d06ce53400c4f1c0a57d09694d6c28afd9c39ca120ca97856a46c47ff4bd634
SHA512ef1aa5f6d00519385c87fac1a6b2bdb74a624759ff5faa8c29a89d313db9dfb710acd5488516ec00b8178b3d4c9d0b19a667b798686e11dda108edbaea050005
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gifFilesize
15KB
MD518dc541b91c14d082730cf0cda9542ea
SHA174a744021635f6d4833440d51e004379df66656c
SHA256662c36cd309c2dadca29eff6155755846ce9480fd9dbbe70b66652a05d3bbf36
SHA5120f0fa58cdeb3e35a4f4bb7b097bfd4d71012375030539dc1e1ffc801a4481410530c403650596f65b7ec2b5e6ad74d01b29269316683619daa94722c65c9e6b4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ADD.GIFFilesize
580B
MD5d07bca280f47978b0f6cfebfbac925a4
SHA19dc221c4028073d019e075d22c39ecf8dee684c6
SHA2564f1179f8988f641bf5a2a20aa1e7cbeac997e5424869bf822751d8b3434efcfe
SHA5122ded7d4fd008e8d2aea5e12b5d962454791cce8041d8b171282d4e082a12fb1bf6d41edd3b908f9635fa11932d78e0c50f5292dbef2562c3ccde78e5cd6502d9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpgFilesize
2KB
MD57eb17b3f9bb83d3039c7ffba2ca07ac7
SHA1819113e89e6d37dac2aaadda5e27290e074a08c8
SHA25632bf1f46743689b59ce4c9eeac27a57d89d42a5a44db1baae26a129c6702e9a5
SHA512f46ab72c9610785a7b8c990e6781f7bee981596ac59fc7fdb4c1b6ae1a9312e83b88868121822dd5457cdf2113c112f32c47799f87435a3711f3490680986bf6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmpFilesize
2KB
MD50c6b4e1f07bacd43e3533c108afa200f
SHA13096f4593edf7df62bb9d315c7510fcc22e46273
SHA256532d7f6d487bc0d32e09f93d056cb19d2c5f2a8b25821ff1dfff6e7ca35429af
SHA5129ca7561adc2bc0565d6515185fdcb767fc7c84516871a34456d1f7e2969fac3c3b9bff0a41af6d9c002ecea4707c30ea3fe7999524abfc7243c70a9765101740
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\CALENDAR.GIFFilesize
899B
MD548a1591867d068efd7412a18af168d50
SHA156bdf2ee29acebc76882b4b1545801aac1c66519
SHA256bbe31cd1ba52b48f53073ff5a09029ec57c817cabd57c3059be4f1010f94d969
SHA51293e08a0966ca6ba260d2a0f50e6f16a984d145749a9c379ed20a9af2ef6bf57a269b5448f23e4b1aab1e64296ad5c0dfa4b2a8eda7072c8757162b29e9fab6df
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\DELETE.GIFFilesize
625B
MD59bdf53a2c130741c413dfde717e6992f
SHA12ef7dd902c2add72d083e058d72562ef7702aba6
SHA25678d0dd7fc0c1e5f4aaaa1a62a5275d99ecc49f5d42e927f96bfb53f258edd4c3
SHA5124b458e3340bffcf0c21898c888bba4a16ee6f05b752f5de6129d984ea2225ae3922205ce4644896e7645d345b5dc47e18ca6430a6e73e9f1330fcd8c17905081
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ERROR.GIFFilesize
873B
MD557693a9d3361f2bf818e5e7f3a8d8964
SHA14129ffbdf089897869aee0859efbfd60a7dc32fa
SHA2566e3555e7fab7ed8a64abbe253c3b331687974f48cb3bec6332755cc645905bcf
SHA51259a19cd4d1d11a5ed3347d61b6fcaa8fc7b97634e9f18980a1277ba8e5bc63ce18b59f62551c3c4a242643d2a88d27e80c8d0b39adb4317a45da2b7de9a9f15d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FORM.ICOFilesize
318B
MD5a9f27d923cc090384388b9c2dcb6f3b7
SHA13d94d639fd1932b6a9aac75f575606c2b3e67dc0
SHA25693089058797660dcffb91a9058a4ca2113e5110edb8796a22493cf6052f70306
SHA51269537c03151fa31f586164f3d2462e43ec858af8bf6fd841c5fcbbb57780f2bd4a9a481a9ce88974563aeefd48dda4f49f25428be6efb53144dae1dc5ff60508
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpgFilesize
6KB
MD5cfa83120a111b9dcb3bcdf82e5cd4e5d
SHA1b52e393f1fc38e3c65e153d8fb6472071243d304
SHA2567a8fd8e0bffb2dadcff4a3e9ae364001cdac16cb233ad6316255b55889111163
SHA51284e5f6f1a1fc7086e84b71e1a677c5dd1120e37f20643fbf26464ce4588d5f17504ff150fb555c1fefb894deeddbe53f1a14b20c906950b90665e7cb4cbfa137
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIFFilesize
255B
MD545fbbc0d5ecf7f6389c4b0ec77c0bf49
SHA16ee38764fa91cc68d62ad4af89f082a171fdb938
SHA256f08730ada4dcdba7b592bd3d5a73ee7d78030c8fba6ed7d4e3bf96073d4d22db
SHA512a913c3d95ee68fa3b46ee87685026ef527e46eb1ad945a5c18e62779b24d1724dfaa92e8da936e58268d1684c5001865a1f23dfd50bf545a1ce243f917c25fb6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gifFilesize
323B
MD5951a166cad8bdcf7ded414db9f6bdbb2
SHA186955c195d71b9387a71d2caa6858aeada3e0dd4
SHA256ee467fb1644401bc20a5ecca31bf4e095ac57a15cf7d122ff5672071faa2dc48
SHA512b261fcf51e752d8f80a25134a78c8719257a53ba9acc8587232089490a0ee148e04163b84393e34ee40fc729760a6f73bc00a5b2b2b54741ebd803dad27dc3f6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIFFilesize
367B
MD5749ada1a79102c34056c174d1ddad873
SHA1c20a8872ab36c5834068c1e6274b386f31d4c578
SHA25628adc840be329cc5c41eabb3df8d734a478649332304ebf7420eb3e772a14dcc
SHA512e38c7f61786d08e98bb465fef37a7b85b733c1df7c491cd01c843c56e843fd681aa8bfb7574481cc7362006c145924942c2c88d0082ff0ffb6d20ad272deb08d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIFFilesize
440B
MD5b324277a095205035dce2299e20e679b
SHA19526a340c4beecea7e2209d8a082da8500680235
SHA256867836fff1d965a089d0bc8a23bdbab850019f17d1a67c9b502882a153fa9d3c
SHA512a97a2cd9ae9749d73db194987858d3c7965e4132769f3fa950ce4e3fa081b32d4353b84e91a26563cd045bd89e2c5f82e3e4796e63b4a15f44fbd3d3844f0adf
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIFFilesize
2KB
MD5d5e0e2c9a96295b05ef49fd492d5e433
SHA16e96971b805bd0c853e6f2e4dd5e0abe8e58ce35
SHA2568a27b75bd18fc7e1a95c4472e6a6cc370ccb9a0e15750e5a71a9a1d607664165
SHA512e3065e044a1ec1ea474024c6a1036e5b47cc3beb303adf00b0ed7f32494b4060d0307c05d3ba16fdfe78e75d1c45c45e9c316a9fc6291b300a810c856624f709
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIFFilesize
3KB
MD5c48a2f75d123e9d14be82b928f95164f
SHA1c4fd7f7b8d977cf7be637371f92d5f87a5ce51ae
SHA256d22f412a45fd8a6f94b6912fdf0197f0fbe05511486a34221787b11c2d500423
SHA5123f2eeae6b276ee6fb8932e8cef03ac4d488cd5e728a3aa64ac162b4ca2619b1afeb545e78ea091101fa274e5f6c70ddac6b8c0c54ca562e2d1da999208df7b4d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIFFilesize
462B
MD5c2d1568631a76fb0cabbcf883caaae54
SHA1391341f179d34470e85961c36b6c47cd9f2a9a30
SHA2569b5c625e0397c160014d296fad2d3a551f6485f69bbbf3b4dda69719521af6a4
SHA512fa93947be6201807234fa5d8e0038532e621682bf46c9242e8a7c3c47cae20d373bdabf50420fc064eb4c357dc874b1a012246ac830fa494a03674aefc50b7ea
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIFFilesize
264B
MD58e59c315a93d3b430e49ba81542ed02e
SHA107e8b3a15068fdc483aade61b91beb73e57feba5
SHA256e36a598d8b90f63d74f281505bf357bfe5cea52c92b96f2a1f55d9155a3b5f1b
SHA5126e8615243f89084861ea8a8986d003c152e9433bffab46fa5f209d3749cda8041f85c6a008e86ce2736126d97076e222457b6a73252372189f2a890873399ec1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gifFilesize
233B
MD5e676802e3cff7878de24a433edefd78c
SHA13966c4952c2bc86504d236da7ad9ffee19de444a
SHA256da24533227f3444c43c16ebbf8971de34892d6382a42eb2267b3b4593cbde066
SHA51243b131d065f51d280e168fa39591fb8554360f19fac918245db3ed04030d55d2a6b8d941c53e8f9ccc0e950c64ac2f6c58e03c253ffecc649249ff773cc54aa9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIFFilesize
364B
MD51987b7b8f563d7fd34c18126c976418f
SHA11d54ddc797e74914f18093e709ad00aec6ddb26c
SHA2564f52e24e379d98e82438d68452d59cae4ac36541966df615e5dffd961c0d7693
SHA512f9abd9b50a2f356da2cad60d9e83930e3dc8dbcf6fb9881a57d45a6851bdf18c010abd03d367fb70bb9589578619c8c0bc31240e68d162658886eceb381908d0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIFFilesize
364B
MD52fe966c338d87c2becc5cbd088844f34
SHA184543b2310c30a58a551a77ced8a139dc7c3c50d
SHA256f7a55c60c7c626dea2cfd44e3f306b983873e51ae190f73332c420a60ec52685
SHA5124956bf22f1b130f7b084c8bbfb41aca9eedc39eff8336e010aa107932b81830dc9921779feae9b59b14f9d8cbecc6572368c7822b69306830d09fb67d79dcbf1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gifFilesize
6KB
MD545b1b42da26d091f79b3482b2b62e4b1
SHA1efd78f1f5a67184472097d436288bb2e18555a5c
SHA256e77ba93a713f4bb0efcce5ac3bb22a14c3aa9eedb294a94e27f6da7e889d6042
SHA512a902456578190496fb58a08de5e57d8f8f688f808c5517418fbb4f4c0e229e387fde6905826a196e144c8d162b6679738f26b0dc17bf73ccb9a18c3414241e9f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIFFilesize
428B
MD538d48d5d19a84cff8bb875de7b08905f
SHA119bd6c11c1719cc550547c518e8c67acc6e72e88
SHA2562942f178cb6dd24627d529c928ff9c9f5446f7ccc143fe42bc68255bec1680c9
SHA5128a74555e2cd4ad50f410f6ed0683d624d36584b79b6be2873ab85bf9b78d5aba3a98a075c46198c6ae57520f2d3a6f98be31fa6404290b27ddf1a93c105e142d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIFFilesize
26KB
MD5d1bcb0d833b14fd1f0fad81834e8a76a
SHA13b4867c1c3ad9c51109f70a90154db23374f1162
SHA256cea7f5ac5e491aeb550fd8959fd3325c84a9b2a434ea448835b0bac5d9b2924d
SHA5123106bfea44980ece362b2de8e15d7720d781707fd703fa3f5cffd68146b28631a1c252c899418cab61dfe32f6de5e073dac20e28b4297fc4f3721d787bb04363
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gifFilesize
815B
MD54159f6ff6697b46188060aa3cdf4f72d
SHA1ae1aafe6f2373aefd32d2201819406b07d02b142
SHA2562708699f2f3c20c78a8d30a5bdd09fefe05a8b5a6458076f0fdf97f4296dcdcc
SHA5129e66135bd0bf1324cf14f985f7bdf9969c37969269771b1c7d16ffcac8215a1cad59b19fd767770c0a6c4e4535360140623bbcd4ecd7f36b231d35ccd380efeb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewAttachmentIcons.jpgFilesize
5KB
MD5cdc05c96da812e63096e8d0b38e94209
SHA18db0c685ae6b76640539c52f7b91cc3a188e56ab
SHA256c548c8e2b14fd7f776cda5f950bab99b8fb511d72458014c31d7e6414ddf6ddc
SHA512963933ea64be2dd6ed725e6197bf86cd915c55042c9f4dfca34a8ab28c4f9689019a9d0088df9aee095ce8afa1fea3645b703e21b910fc8c1ef67c8219746cc3
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewAttachmentIconsMask.bmpFilesize
1KB
MD58421816ca9b17b1dcd58e001802b4968
SHA16e7c0e52be711e720b94d0efffd33cedc2cec34b
SHA2561e295a0a16612108ce648757e25231fd2f8295e3fef59cd33377010359912337
SHA512eb20e7b7ea0dd71a269977f476d836ae83966349daad87d32c2088216ad7e74e284be297111fbf02f8914e7cf59f396df7b5e49819dae881334cf5c9a0c60888
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\LAUNCH.GIFFilesize
615B
MD5a622a21272b9fe4b95c3f5afe37e5c23
SHA132b49f0959aa814b7c13cf3999a94841cec1c1e0
SHA25623faf1d9477f293fd5043d72e9e5a8c3e95fcee42cd2301c5df95db073eb012f
SHA51232f1f96ddb8c4c3176c61c9b8929841130bc42054960dfa841c2c69d7a960b7556d14a25c8c57883dd8f218537029d9a6a6516926912727eb20d55939f0ab3ee
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIFFilesize
870B
MD5b6a71e38b17d2a4aeea132954c3d4ef8
SHA1f4c2173766ab6aff12c8c4c5293faf9fdfd3b17d
SHA25637acd4467669909d9438d386df3822daaa397ee8143d6302b0990b0c9f362943
SHA512273886039c0684a0e18bde999046a165390baac52c73522f4c30e68f2e5d41422f4249b39013f7240f8798e6857ab4c0b9f4d0ed13476cbdaf0832b1469dee6a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\VIEW.ICOFilesize
318B
MD592d60d374fccae80025d8adb9ca624c6
SHA103f545ffd0a33b9e3ce5ac11696da0a28d829d18
SHA256e83f778507a8223609a90273eba2f8a9f39a67ded8012f40d0fe6260c5fde7c9
SHA512d293a5ad8f4b13944e7a979054e54b1612f6b8556f729b834d5cd0e6ed1cd4450d1af0003a3913ad21599b0159d2d4733c0e8277899d2ee5b12698d263d3187c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gifFilesize
19KB
MD58b19520fe7460e0f227b53f4c6e5af0b
SHA1c231fdbb8d24ebd2657e518bc7ee6df9ef97d466
SHA256d2ca76798cb1bbffdc797c7726fc7dda995048686a0e3ff90efa134e9d93a40f
SHA5126a22dfb1983c1ef2bc36e06e06872747995dacd2d9fb9d71e064d64291bf7522fd3f4b7f9e19b46c1e046457ea97cc839e0424fbf7a0aa43174f4f5e8575fde8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_alignleft.gifFilesize
848B
MD5d94b0f9e119744f3779b3f90914e7fc0
SHA1d83c82d8d123d5ef3a40070425d7b5d9491b72b7
SHA256a83200f8157897bbb7707fe5ce08832e0886e3df8a8dd5f22a1620d89bb3c81e
SHA51201d65061700eb886cc430bf3f3de1aeebe45b1d6dac0274d4f44ffdcc9acd14affa66c0de56af301e55f86c83c012519e10822cf598b9f9c24f25814f6e5f535
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_alignright.gifFilesize
847B
MD5c53dd2734190cfaee09054581f21cecb
SHA1c6b05cef367e4e91958b31793eae0ae145e38094
SHA256698d2bed491caa1df7b74a2559dcaad506b30e0e4d942ea1e0fa7684d430548c
SHA51239996d9f6e3cf99dee75b5ba5fbbe83f8a936525c5c1c63ceb90148900b52bc2086bbab5bc754476c64f5a6c0fb03ea1e58257495d61b146d0bf00573f575cb6
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_bullets.gifFilesize
869B
MD5825951f81e94047832f04dd78d0c2055
SHA1293fcb68474dfd1e41bfd94f661f937cc6cf0297
SHA256a0e721d9333264198843202d41555d121ed085c4cb092d768a84cde9752319ee
SHA512a4a3610f41c2666f4c59a21e6c46f5494357cd762d3cfc6303f100e68648b5f8d24cc25fddb424f0be98bfdaa3b6a3ae98818670c53c0a40df308c6cfe898f06
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_center.gifFilesize
847B
MD57a5eee39a5062f00e2ed47ffbc3e2834
SHA1ce0d6dc1d95b3188936c4f8858ac622e1f8d85f9
SHA2563d0fe265c73573487417f6228aa33d8697e7f585d9d19815f37b58df75570c52
SHA512518c49427389ea8211fd2c1de2227ad11caa6aae5344b84c8733420d553a8ed0cb19a8e6ab7889df5888d3430a85f3903bdc734ad27d4155dd5fd7659f98ba1b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gifFilesize
890B
MD58319def3041ec4d83f121a0133f0e787
SHA182c87d62c60a4d4a077c9a61318178f83adcae96
SHA25670513a142161fc416c4411f605949939529082fdc69c65e2242cdc62bb062a17
SHA51287f9c5ff3d2305715b1366abf914e982fa055f630dce0cbf616d75f07279749211e13118e2b96347e49f51349238e9aba5cce7d122e3c134536083df574efdef
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_decreaseindent.gifFilesize
863B
MD577ef91692bf7091e4076c6068a94b85a
SHA179371e6e6dbcebae890eb6773c05c8569d81595e
SHA256b189bde7398e927bfd7b36b1d352542f0d5bdd9aaade19c228d003cc6be574d7
SHA512fe0374468f2a0c2112633bf6c5f767d6c043a3eabda2a9aa9b1b8ace03dbdea2df754c376c608ffa2b8ff42426900eabfe42cf1c9b3f45f2fa3bb47fda172c35
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_increaseindent.gifFilesize
861B
MD5d57560f28925b5fd829edced3b8be94d
SHA18d77f47fa0d76e8d75e07687c357a8d74554d99e
SHA256128c568f597b3f7b89aa7db66e71a855157ebf956e06b50a6a9bd0431eff6b8e
SHA51211e742f7fcf2e76433f2d8e2d43e16a24bdc0f37b2be7fe7f5d8a13b4747be497079a693bbd57f1266f02bc1b6d86509564e7d84bb2ad954f0c60e1a4839565f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gifFilesize
852B
MD5b24a44b13cb79d532a415dec9a85e4ec
SHA1e075561a1ed0b4099cc76b5f4134c6a591382c47
SHA2566648a4424b9b88d5a368b30509678577f7ba028658378135d9f681adbfdadb3c
SHA51259b4ab6fc2734939f7fb51375d50737816dd1731d2af0baab1e1ec7b59d83e578ad4fab778d7167eef3916831e36f1e839893df03c767eb66b8fb9c4fd7c4d2a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_justify.gifFilesize
850B
MD507953303bbe3b83ed2b75986eea133c1
SHA117052a5dabf921b5fe3641328ad85cc0fceba707
SHA2566c848a5a551e08a768e24151590fd22200449f69a0a8d535cbeed20d83b4169a
SHA512790e439a3107cf274fa5d2a6f367702904a05dd3b10c68f4bf44500c9c525e48224bb5d980320626db336fa7358f6ade3f759c352eb108a445937ecf306249ae
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_pressed.gifFilesize
883B
MD5cc5cf38ed546010e53c5acb150c430f9
SHA15e30b528626c4f5f8e1863e9ee73edabaf493d3d
SHA256a4ddec5efe53b603c532967f44c4281b5aef2b87ae61d621c2a32cf3b30666f9
SHA51236616ff5554f3e007f814aa5ae9223d3b9ba05e49aaab77967d5fd7b58d18b6390e47feff30850fb0970f94c059484db89f3c0efea1ddede235ff5e549999a1f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gifFilesize
860B
MD537520e102f699efb59e8353a30d9a49b
SHA12d54f8e46dbbb1e4884b00318f7a29c49c68a054
SHA256ec8405fd45783d260181b7b26019ae866dec6e709b8f7276b637e0bb94b480a8
SHA5129677bf94a7813c99036b8722a1da4eaf1a0b92d6c72454c35abd9288a3822254cb8368044b75bbcfed3154add9ed6b887a090d18ebe4466470e3443b9c18c851
-
C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\Microsoft.Office.InfoPath.xmlFilesize
247KB
MD55fcdf94d6421c2238c00af57df2c78bb
SHA17f8b45136d0d40b21d8f71d49f755682ac10bf2c
SHA256e9433c872571c6120d165ac958d70a95b2347c4f581c60913566214039f68e3c
SHA512b7fa3561655c970902724b9f1219e78660ce831f297ed635c133bc5e7326f3e7e70ac3663b9f294a3ce668359274481093f21b1cdec0669db1b9ee5df280c4c9
-
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\TALK21.COM.XMLFilesize
807B
MD5747752b2ea070d9f9fef2e3b93680185
SHA1dc8391b66dec8d181b8e68308497ee080fa0a010
SHA256a38ba4e1cc77e60331d411ff48b056a8a8cb4ea1baa7f87fdd2f221a70537035
SHA512039d0d43b6475e8e8afc8be7826e97e2daad96dad1fb585a5b53c343348a22be759a49c82a7c2fe5db3558e9cd43f592faa4856d1c9ac17264ad07950885f189
-
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.XMLFilesize
806B
MD5aefb6e81ae688499b95dfd2ea52f8988
SHA11ac5d52f4d645a1e0286c95fca9b61f09a9f7a78
SHA256a94dfa596feede8959aa72bcce3dae3dbe3bbb40c6c3a08cddc4fa3e0e079781
SHA512e3fec973df53ac9deeadb79e20f8cad02158b5cee064ffa956d20be9f0ede924391ec9dc622a8a3db307bf225546e7299b549d9b30500003e176741a449337d0
-
C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bianlianFilesize
5KB
MD54b6517cb6d8bedfd0e84da2011a91c61
SHA13f902250a78145e5b9ff6053531094a298fbe5ac
SHA2560dff1188b39e14ac6ceafe38a5428ae84a3ca28837fd7273f198c1ae11b556c4
SHA51219df2d0df8796f38cac9f9a36b396cd905897e4f5843ac81f21669e299c11d7f9723b9aa5d2f0e6398d16b1546939a37123db6935f8a414dad60c409d6e78faa
-
C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHTFilesize
3KB
MD50378fda0eefe503e4c17884860e17337
SHA18af732647d2f4c8959e38bc2779a90fbd7c0ee01
SHA256ef021815a9475f7ab569cd1d3bb01a6b15845444665572baeeb7ba3cc998561e
SHA51275961aaa5d67a440eda5db85b9e53a76fe3a834c508014ac031a9bed311134a82219c61604561a149e34e4aabf05c9699f6e3471f8cc9c6120b281fa13b666f6
-
C:\Program Files\Java\jdk1.7.0_80\jre\LICENSEFilesize
41B
MD5c244267698c11f12859ca4a1cb1a9800
SHA129de00f912f72afbd8adda0219f1277ec29052cb
SHA2565f00db21f74b5e6a4acdcce38b1fa0f81db6dd62bacb125dc632f0f75751478b
SHA5123c7d009dead52d5336b864247388b4ce478d7cb5aa542d9e055dbc00917c3b6aa9fbd51f04b40ea7bbf11fa9c74e4ceb3ed70de3df3ac14d28651057057b7dad
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2Filesize
27B
MD5b9c962dcd13376047cf0c18a402fcabd
SHA100937407d9af4639b1ec3ceb8ca8a83d32e71e85
SHA25650c8f0deca81c6ee7eb840234aba5facc4837b24e256ccd6def27170b24ee0ca
SHA512d2724c94f2284cc1818bd3098cb7bf4522969132b856a04122c1895913e43d0676969d273e50e23666346c618249612ae27d28c2cdd04cb5383afbb97db599db
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4Filesize
27B
MD5080fad2a5b678282b0f9afe1719db426
SHA191a87e3cd848b4b77a5b3e72f2d090c4f4ab44c5
SHA2565963e621eb57be44667a3e1c1fddd9b8e9b83dc46c16303319706da949288d14
SHA5122df1d2b5786a8290848140c49e63d464838f9f12c3f52b233d7bdd1300730781f8ad81ca1317970354be3fe68b8ce421fbe06a3074a0ddf1f94fbc6fd379f25e
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6Filesize
27B
MD53ddee78a46a50b04bf785d984cbb4a36
SHA1d3f760304bfe916a2a3bb3d41779aad82315f53f
SHA256cf06c2e58c8b7cf3a29caf17c91b0b169d52d3edcec7ad39253f6f07186e4b51
SHA5123ee096df405d17638209328eb7a7d3499e8f32c7823bb0165e769f42944b73ad4417b769ec7886210ea887454837666ea8d68704c6dd19f24ce7e09cf68bec7d
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8Filesize
27B
MD58f76e17cffb88076e27af6705fc1c93b
SHA14cccff1a9fab46140ec21d922d5d71da47271489
SHA25600d9d837a70304a9a1ce63ce1b962c1aa461705606e5aeeb28444a86328aa1b3
SHA512dd613519bba3b7e3a7c6828b693981a955efcf681fefb1c0703f13ca2f984798586711981cb986ef5ce9abe4517c59c76b9f9c61f89d65e335d95460948c3b51
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9Filesize
27B
MD5e9646c4e3933567dafa285694a328ea0
SHA14e0aa082c15773783139cf3d02c5b9ee9bf50d02
SHA256a658182a6ee8bcc17c8a1bf0df955e9dd6b991df6fb62668b46a174dca445ae3
SHA51228f700e3fc10fa2ad69eb1518c0d082e312363ad1e37a5be4a85d6ca1570ed80e9d146ad2de16f44f1325028f594f8d54a6611369b9f2dc315a31370407ce3d7
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10Filesize
27B
MD56505d03881a5c0777ab255016e25db34
SHA1ed899a38883b51603b77c4f81eca92c557b3b814
SHA256300234bad81cafa5620bdd46eba85583c281c41cde09ad88b2f9742ba1898bbd
SHA51289a94843fa34a545278beafc021c649a197082c21ffb1468fc200e12db3d0c5aedcb8a26c453f8f5cf86dd3be888f047cd596b715a13233436b680033cd6d060
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7Filesize
27B
MD59c63c3110cc5c35a6e4e5b1a0305ffd9
SHA11dc2a7afae6a1a6cd431f3a335f639974719b9b7
SHA2569648cff05965cd5b2f98e57c499d3c4f723a86ae10b4e9c01bdbf640bfac8524
SHA512c9b1cf2d1d88db7ee9eb2ae061712baf294dcb0517d7f5fe37c1a5e2be79470166e4336e2e006b2c3423da4f7057eae56d2d1c239ae30c729ff358e30f63c6eb
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\METFilesize
1KB
MD5a0e3f7ba79f179362a715de6b3f28152
SHA1186a9ed8c65ae4594e5b510c84d287ae2d41c4f6
SHA25601e6e5852daf75dc5fcc5e3f332aa6974b7e2f8498bae5a1f4774e5afdbd5793
SHA51228dced3d6f28f832a1589de5c111e4c8b294ae11caf84103b410f4e82a6188f452f02eb71ab50cd3ab0ee4441bbd3713cb046351474a8f4c3efdd937093176e0
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.infFilesize
57B
MD51e15a5c5d59829c5de486f09d43861fa
SHA14972d7a37a7d9f05e3a7600b7d311cba01820914
SHA25696659773185b902f4c4a23f77581d44502ae88dc65155849d7c332a76c934b8f
SHA5129b914c2cb63e5398e95ae2f49790a578cb3a3dbaf56eda0b8a3a63c92f409b84c349ba1fbdd3549dadb966cf433fdee38c0ac678b1463771cd2a7910e01742f6
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSAFilesize
7KB
MD52198c370110e88eeb9114208341f5e6e
SHA1a3ef952bc170c104acfc82e9693b22b1f137180f
SHA256d86b2acc541339e1a4ca1d50fe222215fe42771c38ec10cb1b65d9e1cf713f16
SHA5124665cb7dc00a84a04b55bcbf6a362518019d52786247e69136c2fa1dc2572af730d4e955bd1f6ce2df043669e86f9c6a6351be5b4cf99c8259322e1335b6aca0
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSAFilesize
7KB
MD5be5e6407ff19345fe724dc01aeac78c3
SHA18e99efeed0b249916f045cbcdaf0e58256d87b8c
SHA25675714519dce9aab1e282f840e8623036a6c036949f482744c6d3861ee36e0e16
SHA512ef7c8f3fc88ebf6d640ddf676c35676426ec921470b2d766384f7ed63dfe0813a6f7f0e987aa2a22c90eedade13c38cb601d74850d06ddb2a1d9e91238699e5d
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MFFilesize
133B
MD54a62b79d21f37ce66bed364aa1f91d4b
SHA14775194a08bb8d24c88d1473f430aeff6f49108c
SHA256e75f75d7a46c73601af7594a4fe904bf5422cc37629f9b1ce8257b0152358a73
SHA5128e2ebac127ce6ad5dc65b114732183e537ea6c5a51d9d513677ac7ae463a16c57c735908a372462c786f810c7cfbd0719083cc4ae9eebd1a0382dbcbf1550dc1
-
C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.propertiesFilesize
3KB
MD5d3d8637d50e23e015f9394aa033b1d7c
SHA1d966b84175c17655eebeb35f23927d01c56415c5
SHA256a0ace7bad00c974808973d286cdfef78125470cc05174b77a4e042ecc7ba9528
SHA512fba3ef374ed8efa3d964170c169e93ba7886fb4bd9362d1e202197e8e57b5f2928f7e11e022fef5bc99f729b8073ce832e1414f208aed9ed96a2c8be7a4e7fbb
-
C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gifFilesize
153B
MD551cf73927e1330ab33a90fd16a8877c6
SHA1019f6ff1cf9bde7c6754d872d676df9bdc900e04
SHA25647d842af9fc97c6184b59dd8eefc62a590936f550725d415dedc4fa70874310c
SHA5126328c27d5bb24534fa7bb33597703c6d46a71dec5b4cf3241c900a39c9f34f0dc8dd8e9156313d18e8e08ea126418a075e71547e8aeaf94ee1c89014e6d6789e
-
C:\Program Files\Java\jre7\lib\zi\Etc\UCTFilesize
27B
MD5b6b999dfb633597fa784bfd24a683410
SHA168170e063ad8194f579267f1257cb86e33d9fe13
SHA256362e0f3ccea64e3d4a442cacab92f8dc490af8b5086a5a8819df58fc7a68928c
SHA512216b9000edeb4ae82f73980c5d1f318f4dad6f5be8bd4a515654d0742e3f6ecb3dd6d8facb65a8b2fd3b091503bb8d22fe325864febc7ea1a45946e5bb6ca94d
-
C:\Program Files\Java\jre7\lib\zi\SystemV\EST5Filesize
27B
MD5210c522dca9567983a73de173d546207
SHA139884e4998110ea806cf65e26e5da5def3c04fc0
SHA256a78d62e5c5c8bfc3f1f47d706f950e0007485dd7f541c7614e8c4ae46d1f785a
SHA5125873879bd27e67fbcea8946a482302e4047dc9f54bf8608c9b34fe6e96c05c0e2768b2b654f9f3a11d86bfc701bdfc7b5883fd26ae666d5ce6eefa01794eba9d
-
C:\Program Files\Java\jre7\lib\zi\SystemV\HST10Filesize
27B
MD550e671a3def8c8da6da77b405d03cc44
SHA18b9a6e6e3ad5e0ba0d953e953cf386320e68cf11
SHA256a3ed3b797f11c1b4cbadad66be02da01798def0981483073ba6fcfe710c42bb9
SHA5122307e27780d24782c09fb051b8a4341991c98a56d351f757c77bdf6dd3abfc4efc0b1729504628c77e5225b546819b43fc8459b1900e960f61f04aa548dddc6a
-
C:\Program Files\Java\jre7\lib\zi\SystemV\MST7Filesize
27B
MD5ecc8ad934638ba14191d09c53245f65d
SHA1278822b5dff566971da8e582387b4cf4457c43b4
SHA256e2ada26b501f1c6908931dbab9cdd3185060b7b02af8985210292943ed21b19e
SHA51206114e630c23d925b86a85b00b0723a60b50b7b4d4c72da81dadef962e0a68cc8817cf70e3220cba25a7d2d6624e7c03323f31a27a68d228c825b92d52ee1f38
-
C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.moFilesize
791KB
MD5b32b087bf1bf1ee4cfd099c0b882ade3
SHA1434542e6c6984a48485f611d6356b569198b6d8c
SHA256ce0a1cb8027755f017bac5e3f53fe37b3310d5c5290afdab369629aed94f9d63
SHA5124aa34f1ef1c204a145456ee129800e543da94ee9242f971d738b4ba914cc4090f3a2eadffad4f4a63b8723d33cfb905e6f5091537d56533f9932b180018ddad7
-
C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.moFilesize
570KB
MD5bd9f0bceceea1bcf0f6c6d28dd16c67d
SHA19d78575aa92f19de8e3ca0120b81e35dfc46b372
SHA256eb52957c1824001de9642b67d1add8d1ffa1f805a67f74766711990b50138e34
SHA512205afe30c0f8ecc45545b4b579312d0ca9ddb0d6d02435db5d3c62af119241d7af4a7f49406998bef831be94fe4a62da33a091edf516040bc340e360e2cc1a22
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000002Filesize
50B
MD514d4efec49eced566eb562d7de0845bb
SHA115ad6879331199ee8e65890d2eee51f4c933eba1
SHA2561dab878d5b1aca566b88323f829d1657988497d55ae2c3cd93ab0522f4c19515
SHA5129e92e32eaea952bee815240b931032957e73b896eeaf131532e962f2514c4df3664f0f5953aacdba6020f206a9ee3fb04a7141ca7b0bb3f9d0980bc673d80642