280268db673f66dc31e54d86de101cf8b5d52c583a9282d9c7ccb4475612a8e0

Analysis

max time kernel
599s
max time network
317s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 13:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
Size

84KB
MD5

79930adcabd0714d7c3d0c293d983a5d
SHA1

eb2cafb7776d40b36e175054d0e29cfe0071bf2f
SHA256

9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0
SHA512

00f951e4bb7c8f3416888ddfb12f6e0d2e1ff2ce0cefd2f1c7c5402f0e2399d2baab51ac449640b4dfc1d01b337920b4f3772fc50fc4760518b349da0da1510f
SSDEEP

1536:qqq+QPmPwFmlnHOPyL5XdO3WQbqephuLBXlap0+1P6OJNRNU1HAk1:9qDmPwFKnHOPyIt61HAk1

Score

9^/10

discovery ransomware spyware stealer

Malware Config

Signatures

Renames multiple (8098) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops desktop.ini file(s) 14 IoCs

description	ioc	Process
File opened for modification	C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\desktop.ini	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\desktop.ini	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\desktop.ini	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\LATIN1.SHP	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\save.txt	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\save.txt	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Windows Media Player\wmpnscfg.exe	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD00543_.WMF	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ACEINTL.DLL	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\ado\es-ES\msader15.dll.mui	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00057_.WMF	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBCONV.DLL	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR2F.GIF	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXSLE.dll	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00260_.WMF	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0200163.WMF	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Slipstream.thmx	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\bdcmetadata.xsd	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\save.txt	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0386764.JPG	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL058.XML	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR47F.GIF	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\save.txt	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMANIAN.TXT	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\CalendarToolIconImagesMask.bmp	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Sts.css	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ug\save.txt	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File created	C:\Program Files\Windows NT\Accessories\es-ES\save.txt	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\save.txt	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Phoenix	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng.hyp	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\BREAK.JPG	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\save.txt	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-j2se-1.3.2.jar	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_up.png	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\Vdk10.lng	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEMANAGED.DLL	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\save.txt	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\save.txt	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR45F.GIF	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\save.txt	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\slideShow.css	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00671_.WMF	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\ACEDAO.DLL	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCDREQS.ICO	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Search.api	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\save.txt	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
1172	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
1172	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
2892	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
2072	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
2072	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
2844	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
2844	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
2796	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
2796	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1172 wrote to memory of 2892	1172	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe	30
PID 1172 wrote to memory of 2892	1172	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe	30
PID 1172 wrote to memory of 2892	1172	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe	30
PID 1172 wrote to memory of 2892	1172	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe	30
PID 2892 wrote to memory of 2072	2892	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe	33
PID 2892 wrote to memory of 2072	2892	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe	33
PID 2892 wrote to memory of 2072	2892	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe	33
PID 2892 wrote to memory of 2072	2892	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe	33
PID 2892 wrote to memory of 2844	2892	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe	34
PID 2892 wrote to memory of 2844	2892	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe	34
PID 2892 wrote to memory of 2844	2892	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe	34
PID 2892 wrote to memory of 2844	2892	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe	34
PID 2072 wrote to memory of 2796	2072	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe	35
PID 2072 wrote to memory of 2796	2072	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe	35
PID 2072 wrote to memory of 2796	2072	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe	35
PID 2072 wrote to memory of 2796	2072	9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe	35

C:\Users\Admin\AppData\Local\Temp\9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
"C:\Users\Admin\AppData\Local\Temp\9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1172
- C:\Users\Admin\AppData\Local\Temp\9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
  "C:\Users\Admin\AppData\Local\Temp\9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe" --Admin
  2⤵
  - Drops desktop.ini file(s)
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2892
- - C:\Users\Admin\AppData\Local\Temp\9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
    "C:\Users\Admin\AppData\Local\Temp\9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe" --ForNetRes x5I74v4h003xJ0iyhUfHQ8W6o0RDSicmSfg72KVA 6se9RaIxXF9m70zWmx7nL3bVRp691w4SNY8UCir0 IsNotAutoStart
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
      "C:\Users\Admin\AppData\Local\Temp\9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe" --Service 2072 x5I74v4h003xJ0iyhUfHQ8W6o0RDSicmSfg72KVA 6se9RaIxXF9m70zWmx7nL3bVRp691w4SNY8UCir0
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2796
- - C:\Users\Admin\AppData\Local\Temp\9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe
    "C:\Users\Admin\AppData\Local\Temp\9fbf62bd6afa7c3269c549b3deae512634f02151f1bed92ff70038b4bf0cf2a0.exe" --Service 2892 x5I74v4h003xJ0iyhUfHQ8W6o0RDSicmSfg72KVA 6se9RaIxXF9m70zWmx7nL3bVRp691w4SNY8UCir0
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini

Filesize
129B

MD5
24f120432bc903a2572389bda3318345

SHA1
be3c99a672ec3c401a4adb56873db5f53aede5ef

SHA256
9ec7d9ffbe0432712e7f143f6cf2c152bc80488230f65bb744ef33cfd44ea158

SHA512
28c1d25c0424d55051d03dbf7b4ff92830fb7290925bd37edaea840de4b0bad8e3a2c978489f37a00a314874a8a63f6b601213329c50c46f0cb52cecb415bffe

Download Submit
C:\MSOCache\save.txt

Filesize
42B

MD5
1fb4118372f42d6ef1305b295dec1823

SHA1
53a0c523a9ca6cd45e8192e45540a42952fbaee0

SHA256
456253001eac320215f324142daa41bb4afc629c3b6ffad36d0785614a037a38

SHA512
5c624fad8b646b1ea8d89d5756cb1a6b779cdeb225f422d0a5059b71f06f9aa7c127c6c5fdb5d01ffc06501fe85eecbc08013b9bfe9bec5780e3ca748380b685

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML

Filesize
582KB

MD5
ee6db18e11a5d61371d90251608a4be7

SHA1
d9ef4f9637a07c6e2b46d88579b21f926151341f

SHA256
ad3ee17e37b3bf4b3e562da5ce900e1ae465b2cb6d4920d74d42315cafbfc7f1

SHA512
e56c83888b2f81549cd6147c180fcb8c78454a45322de1cc7062aca188212ec9708bcd7caf381caf24dd872290a814c388814da7c7a609e2a79f14585f9c54df

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_F_COL.HXK

Filesize
114B

MD5
316e6805072cd8ca89f99a67c3844a64

SHA1
acb595080c9c44e58d7d823593d534852692c4c0

SHA256
8d3bb57c990af8ed432b5ce90de9effc058829324cb399415e9bf66152161516

SHA512
ebf0a49b920b5789cdfa6b28cc72adcbfb11b8c58bb9fc7ff4790d2d33aa07a564d98b3d06aadf811e91bb73854c8bd79828d8678918c8d806e662f37a3aa7ef

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_K_COL.HXK

Filesize
113B

MD5
d7f6522a6a64104b9f58bc37c9391862

SHA1
85a86b688abc27c07c55f9cc27a669faf9648d9f

SHA256
bd9fbe4066719a3be208d53d5370d9f377040288c4181de8bce194bf201a9c30

SHA512
bbb5672c21ddbcb636f16bb0e7f0dfcd8106493699cd44ffc3721ce9fece7bba10dc19ca97f261bf9c9a773da8e8693f9e8542f430f59238704c86c54552e3a3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
c8fcea579c00ed5002d17ae9a56ec35e

SHA1
cc3202e92396d0105da0901674063374530ab68e

SHA256
df5ca9ef932f18de3feb5c7d0de841a5cab9e48a2597e3e039bfcf261a6bd683

SHA512
f35d29e6ab5895e39134fe1abb1a8f43a238ad8f709a5319acaff6a65216f4e10d44b9ec4cdba1844c7a8e64534f3eca0ee1b8cd8da314a2151ea062d20821ce

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
be5f7005983cbafab85baf689644a4cf

SHA1
9b0ae2d399ce9690837c7560235480bf1be794a9

SHA256
be3315683259d0d9aa4d00920cecbdfc738095dee8187e35a12fa6d369b004cb

SHA512
3e35812e575d1cd537b192c5ae4e826ba180b4589ab50c7630b18e80989a68381e906251321d5a5788c95dfd5b18e0f0b00656886776baf87da99c8bf60e268a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\SIST02.XSL

Filesize
239KB

MD5
f49ac90bca310ebd4bd0cf092a0e6088

SHA1
336a550db5dcaa4ceb5b56e2ed9aabc65e364fe6

SHA256
ee8f3bc5f747b43f6e6c4b41beaf5986c89e97d039814fe55722a5c3af06a45a

SHA512
27fccb61218c3d8311d39dc23cd04df6898ff8eb2a1e6ea104555ed81558324dedb0768711e369db32abad8e484dc4cd27dbbaa0d904345e68a130ac772d843a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
4df637dd7ab2e85c15de44a0b50513e8

SHA1
a92a3015912291334c00451c6e2e5275e79d9588

SHA256
4eb48081008867a0e472f94a5cc05b322941d14fdcbab5b721e09cb60ca0c9d6

SHA512
9d6a0eef220009b8752bb7324eebc35db97c147a8bf897a7ca0f6729a72a39bfc66048ce47366375cf783b36d64de4defe8dd5247b94af112fdc548709eda868

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
25edc6515fbfe26b87dc28d6bb25c1cc

SHA1
58617728cc6d4ab0c098e9b5b249f89e5472e851

SHA256
e397eb3909639ccd142b324c294f5e6c953442d32f0aa3e373a094852faede23

SHA512
e6f580ab0925a5cab81e2ef63b0105db9549826ad6c965ff0b5f548be597aa1bc088cd48d3b4a4cee8dc8a2122834162d70b2a2df7fbb9747519453bb1d2ccd2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
11241a2442f3439d007151acecdd1a2f

SHA1
483f460922524af7f9046aaa85ad3f4e2d60fe5d

SHA256
bbe929aa2c5c75755ea1854e20bac12cc2e31ed4124501a2f4ef121394f4838d

SHA512
2fe79fb8f8819c182d12aa8de8d7d1c4159e9d1cf6567efdf310f1bc2163fac61f00ac84f8493c2dc17bff716759457b070271caf64cfd46589ad38643361a0f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
a40e0e36dbc911d3a341559e6b5a0ad5

SHA1
2337eca938c0025ae4fd2484e1660af057aea719

SHA256
c29437b3fb283f296ecc343ad0d4352dfe140b653b5c78f4e7a9055464220776

SHA512
4b891d722383c89cc53500bf62f24dfa67bf14a97dadcaf7d40654a56efea1e2b676dac51f7fd102fdc4dce37341f33bd2d3ada371822f9fa4029d30939da95f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
197aada003aa6bf5b74c1c00c9ba33d9

SHA1
2654185ec3ff86406ee8b27887f00ca28c00794f

SHA256
5d96fd31de919288deaff8ea0fbfe503cd8b80a83ce72f38043ae8c68da4b046

SHA512
3833de5f0bed858d8fdec52fb0020622c816c05ebc9bbc562bb462059ade6f8ead3e5f03cf183bafd5742e81e7819406995379a8a930051f489d96387f4f8280

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
3e2dc83b6aa1c14719c2367b42d90e99

SHA1
0ea6beb81fae2fb41aba52ed0237df9be488b26c

SHA256
fee8088868a2870cb512da5e254767d2e218f322772671c8ed07825fd832bd5d

SHA512
ebdfa7acf6bb589a5c3e8eba88ead320bdbd34eeb37623e90491d5c7e6d358496a25fae39a539d144e5034e840704fc4fe73085feb3375d6c01d6680f36d51af

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
8c0e944d6082c3a964bcb7b7200d8f02

SHA1
cb295c247591d16302b0394efa26c4835babcba5

SHA256
b549f06561c34d1e2df329f90c89b7731a209da56169d8ee2a27ce9455dc488f

SHA512
e5691adcfe45e6d19a216957c5e1322f3f59dc54741afe08bfad1668d17df82ec65efbbcab37988d6ba22b61e560660389452068ad0338a1bb71463d2f1dac86

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
675b2f72d21906fec31b23f2d5d88ab7

SHA1
391f8c16b4c85fb2211fe68ef835fb28dc071cae

SHA256
137241e8ef473c83e28b494594e83e685d9c81d59a8d3eb664d525ba36b6ea3e

SHA512
109e1dbd4494feb0182e666015967bfff04e60d86dc6f6ca93a98971dc46bf686be480af827c6ca14cf728683d2e760b3d184a590dc916afe577c8740b3b1ef8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
0868575bd7a0e08aa813810c1ef034f8

SHA1
b9d70c50cea32f69a3d35d2f5a6c930bee140241

SHA256
aa5f068cc8a4714bbed2658a401b7084fc6d5c4a834a2fe3a206e30733907fa4

SHA512
acf0dbef62bbe16b3968e8dffca9b7fd1c4363da4d499d03f3a8cea91f70bc9c8dc90eb1450a950fd47092f91cccff8ecc0208509c30572d13972f3069d5ef31

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
855eaa3d60b090be9f578179ce772fe3

SHA1
4eb3400e715ecf92431ee667bf26864297bf02ba

SHA256
a4f81acd5487be5bcdc0c793ec2637d609b1d43ef13c44736b08a95a2a955556

SHA512
87db1cb0ed4c2bab174bfa87a43ae7674fc1817f97381bac4cb3160bae8aff11d91569df18d3d294ed860918adc788de180cddfb64e8b94e3a178e663cac8f09

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
4801437c5f85f0b7b6bc4bd840ca4a48

SHA1
23662179d710c4e3f406a05c06e7d9bf53182d8d

SHA256
4899ec9b609644a623f653ec2da16d5b8354d91d53658787d723c9bccd22afbe

SHA512
bd2619cd6b327c4fbe6bd07dbcfc741de62bf11e04446c3426c809438002973ea7327af9a68de3009efdc8e8c119d9583f3d57fa4c7e5ed1416f87506a729d84

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
527b3b65f4edfc7530834baf2974c81d

SHA1
1a08cd135208731df7f4caa4cfc5c6ef46dee48f

SHA256
540e4ea276d8af1472aff8d858cb906c050dae64d2617bf3cdd4dc94db2af9ea

SHA512
df1f1210a3027669fa469143246c5429a551d4e2fd3c89d544f28b565dfd6adf3c90e46b25e11a985bf15000a916178066089637541e20647f7711c59f42f345

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
e69daef6d2cbadb784d44b1a11d48d06

SHA1
3b7a39c8effd7444642ad2f09170536196ba6e78

SHA256
ffd1ecbebe672743ef473cfd642d9c7482e8f27b091a07e59d4a7a4216a580d6

SHA512
a7f212ab2f3ecc6b259997d2e7ea436da89db33c08121326ccfaa68c7857ccf6c6b245541e936044641714dc9621ec466072ad719dd65044464e2dce265f89cf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
6130483604f993b69917e35a00c9b794

SHA1
30f1e023df2e2e5dd5d1cb77f1a63715dd816078

SHA256
39e4d76688f0ce0b15de503511122fde315d5dbb224bc987939f09b23ded5609

SHA512
dbfad406e9aa500d352d23325a28b49e3e85205d0d3709194af60846117c1e3b8a51158b38dfc395cec2602ba703024a3678b7cb84ea1590f81eb7eff625d7a8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
5fbcc96ca24f1c3ce512e3b5e96aec30

SHA1
933c4218083dbf72c5d716f567f32aa32dee75af

SHA256
ad2b897dc5e17f6216a882bb9ec50760db208882ca98cb72b660434e6a8c2b60

SHA512
ef236b65b21d2145166e576699a9a7d64fa880c092ee6a0ebd919b489691616c23627b678e6b534be42e37d8bf1979ae517924394ea248dabef8d6b2998b0219

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
a09d0242262a3cf23ccf384dfe88baae

SHA1
eb7a7bd9b7076119c35e2c3ceaf4913045102c53

SHA256
e753056715a864cd4e48e312c87c5cf64a17526ef92a24be53dd3fc29ee60850

SHA512
ecefee94fdf2b2d62d988a0f98ff5e8e02b6c6273509fc94a4a3d950e467028fbd6c7657139178b25cf85f82040e3a3564be1d98f557cab2f8456db5633c831e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
5a28fc26901c901475d2f4741c78b04a

SHA1
2aa74fc3bed20b1e12e051f782bf6cab2f458bb5

SHA256
9c4a237dbf1499a77ebb3c29627e8c9e562a8ff02463cca57dc546eded858418

SHA512
bfae508894bf1b38e1cd01f3db7f953d1dfde095710e5db3a2fbc1966366f842a1ca9e5978243f5406c8b9a50c118165e60cab26d7c407cd40c498b58ddf8bf4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FORM.ICO

Filesize
318B

MD5
451de9d7675ceb74c66bedd3ce605320

SHA1
783901623aac8b9c0b284302e7005cdfe9630635

SHA256
2b05e2e33b654fe5e5d5c8407e743231f160124a6c148c9cf20e5c7ce2d478b7

SHA512
9e5266b0cb501438311eac4e289edfc06e07a7fd649be0069c0097ce4588d2ca6517dcf21008085b8c74695ba105339c9e2f2222a339ab00a3f88ae5cce47457

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
84d2bfea320d71371c7fe5b9b11bc338

SHA1
3d4e500e18227a3b33451ec537ff95232690b4f7

SHA256
4bf6fdbe7805348ca5371a358f3af083871aa0213e1ccbc1b03c44a953f37575

SHA512
8d9a96f35b327caa359ef03b30d4de6b99495dcd3280cf92711b49c61aad0d18b40f92018cb4f9192502f354316eb1a8adb9754f6f2beeefa6be606cb5d7a731

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
abded0a0305c0ff62740575b76bcca5f

SHA1
9aa2430f1da87daabf6c2c1f29a5c3e68df5aed9

SHA256
69df3ae955eac32d0c10cc98ca99cadd935b4aff5753e536a923974d291d97c8

SHA512
a510ac7da0d346ce76877475697db15d06bcd13966aa0abb6b6afb85186e256265211d73982f27dc5278aab4367f2491013505569206ffe4bafac83dfcc6bbb9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
a954028b4237346e5f9063be3525e663

SHA1
3cee3c21a72a296c811444d9f5eaf27618eae3b0

SHA256
92cf5ab2be29bc0f095ce3a646a2f3a6d24680028ddb4930dbebcccc47adf204

SHA512
faf4d5f7dd97249d3de7d34ca8d4a04b34e48d3d481e7022cec15b51c3556c2d50ca76c0d3a74abe9c84373112957037cb240538922369524052af07bd8ea62c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
7de9836f5f02e72b16fc3d13ccd7ef55

SHA1
5c7d884a0fd4cd36e05d87eb3951728de44efa74

SHA256
6436293e4d8e09e3187be68af133e1dfa73679f432da87d7a668821ad6d1dcd5

SHA512
6c52dec95e28c8dd5ef083be6cd3e6f3077525211ce5d966382190422158632212bdaa0ba67cabf19a71888c0b05b78996f9357c4f4870851c57a68ab4f7f656

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
b0537d91a11f92448c76c8185b990b1c

SHA1
b0f89b3d8f16d93983e669f1c2703fa6361491f0

SHA256
bfbecc72e341c29ac77d41f62d2099f15b4ce00b5abc19394c9a5388cf71bbde

SHA512
527b0e449d28c0453dfe59f0a431891cf98ba7ddfa7d70877d19d535fb489f5ac0f85c75c3531c4ba2d65c97e79f5d199e35b0bbeab79ec2ebac2e25efa14b64

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
a5d242f131fcf09ca35b48cd3cfe3022

SHA1
0fc52c755efbcbd075eb5e63e953a04cebd53ae5

SHA256
bcf1dfd1e9029712ba83b51abe8d144765d80f4e0f47142a2952ab0740e2d637

SHA512
148c90e41df6eadbb35c098576cdf083acb5e76b530fa1ddd73e61d664b0ac8b2e8dd8e5b5a284dac859a5579ab292b429a965044ba5f78d15b4a7145c126574

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
ddf087639a8352776a9f090db61ba890

SHA1
e73a5db475157cde3087af8ffc84afb1009e6fcf

SHA256
ee588aa29a6a71e26b03370ca78f00ad6a6f6b6bfbcfdde66d671ca7288b8717

SHA512
42a71114b71ae59aa52b9e406a5509bb109caf6ceb7bb7f57bcb71b5a8e4f4263905f34b6e909853e0f65a47db260de4fc7910b361443212d3a9d0dd092b6eb0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
22fb3ba5316aa0509d1fe48af5578526

SHA1
57f4cba618d0376c6b097f577fe230cc5b17f48d

SHA256
ce530390786cc396a67fb336e9b1491043cbefcf943d1223a7307502a7ab8f5c

SHA512
baedbbf441b47b039adad7abe8dbb6b5c98ae9a935559818add3dd7d808db5ca3804c42fb2ed486571d0a01be70722da1867a02ae05b750a4ce2c7e533d8732a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
93d6e056254624a30090ac80cbf8882d

SHA1
30918ae2da44a52176fde4477d4f59d3792205f7

SHA256
d3ab338082519135423e3c9d39c98d0769da1e97369d6b2f64f1b0a76348aca3

SHA512
a55425bfddf1f262ab0386e68b725ec992751832bb089429f15c3443d82572ff04faf382ad3862feeb946aeb31104ae2b288b268e89663e34c7e76e9228ac902

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

Filesize
3KB

MD5
9fa301e3bfc7a05577207f6775172c98

SHA1
e75f305a640956c89bdae1d05ff870b5827f9b9d

SHA256
de1cf20ebf005db7171779eb8bcb3fad021a791f07770312c113f94a83101a7e

SHA512
c86e0323986c1d89ab9e04482d3b7dd974a902f2604690e7276657ffa2388624455050aba3fd52dacb678d5e659191d15365ce35a20e48c0cda5232a4113eca4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

Filesize
462B

MD5
6c0dc6fcbd5a5469fbe4bd4577d3f7b3

SHA1
8286671f5d63a74d3b476676582e5daaac0a2744

SHA256
20040277497b022df0e672cac2d4c2eb3e559e9a0d47de89a42295bad8dd9714

SHA512
b60b0fa11172efe62d64b5403793b17104da2efa32d529ecbbaf6b258e69f50718a2e3882980c80b032c72c3837c329e1b0dc15e26e6fde5725e21713ba9145a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

Filesize
264B

MD5
e93c593881f97c677ff9f14bb318bc12

SHA1
e3fabef7760ef2acd7974df4971e4ff66a44c2fc

SHA256
a3208c7bf24ebe6f01916375c4467a3f70b7785995df0363bd1244525f23f4d1

SHA512
a34bd01bd12e0fceabdebfdde53e40c0ef2911ab2bf2352846995ba468ce1131db29792fcdd7f478fa6545738be4dc25172481c17a252b59b9751c4de1a3197f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
9e42d8ddc796c1f6c8f0f40a9cc430a4

SHA1
f845d7c5e6c02a29893799977934d25121ae5f8d

SHA256
b8a05dc4a835d78f2a4b6dd31587662630cf5208bebf19676870720a670c1d06

SHA512
ac4a2394569c2827b8afc44d2e6947b70c4be3179ea5ed0d0273a707ba9ebb2d655478a87bbacb8de3b8661503af62112bccaeb6400a20c73ef76ed5a943d48f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
2f841b89fa97abd8b827d720f2c474ff

SHA1
d805a15c661b49a9eaf5eafc59069a3652453402

SHA256
0257e6f8b3b812ba57931ecf22f3744ff4e7d7e575cba39154d08b17633306fa

SHA512
57749a0a2635b25911b8f12e79c558d14815ed6f63f09edc736be01466a44cdb407f3fa3d9a5ef843bbacee25acf81545318db8076f3916d37ed369711a9a3f9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
6750fdb76668e156a9bb5311375e1208

SHA1
86b93e47270d74d37ea30f5b62db9420faaa086b

SHA256
dc8b09c3d49c848ca55db44deda60bd60b58241485cdc46f640c0f31ea106863

SHA512
a7e1614d886ad9c46df04072364c1890ca28d081b5c9030339a01976aa83821e7d91915a4a26deb78605477d8da056afa0e32286b5150c2b47fc4a89c354e50a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
d2166addf7a4c446e384aa4652c5aeec

SHA1
b5b2289473b5ac1b4f4461953c4905c2e65cda54

SHA256
d1094d194044eeac45305eec8627834778f8272a9803db96d99772353d6a59a7

SHA512
5283f1d5e96df05a249d2d2808f183eb8210260b05ac0ce0a11047a21c94025164d4fea527a9bf443af830343926d0c3ea5bb47db06804d0ece6ad5376b7c608

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
f612b20775d317e79cc8a13f69c5abcb

SHA1
399b6a8700a5007a2dbeec0b2916f1186d165dda

SHA256
14bdfa5a0ff7d1a3dda915317633dab84e627332232a163065fe54e3118e1a98

SHA512
69ecf8359cd0c5533ca79e7530dc38e2fe109af8e615ce11e59392d28b5a2ad141120a98ee8b1fcea67da617c5ba5cf9a6cb0f003d923c37dc69d2f1230bd33a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

Filesize
26KB

MD5
d1ff7a3c9008fc10d560f1f317d37bc5

SHA1
f2fa70b1b02b78ce73d16e2154db6b4166a571ca

SHA256
3b3128c7c3dfa58b5b86ee0f13100e95b3555b282f44e722e3cf51913bc19f71

SHA512
3620c2b3eca822545c04801cc7f5166d947ee5e3cae96db07e67e19b3286ccf2365686cb4be23b9039dc951fe9bfbf98f82799662451bfc48c7eadd604819ab9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
c650638b6354066f1e6ae7281de21250

SHA1
b4f170c61bb6bc4504a3894a00ac3c93424f62a9

SHA256
20eab39e7f31642e56c66c72c8f232b8155d96ea294c31cfc651fb4e816f3b31

SHA512
22dc564a8f926fc0274ab77608f04d5bcc1fd7cab0313b165c1c15f5ce2e0b78a1cf24cc8ba1c2730b819ac28a0b696fbdf1501be0d4f1a96ce329af6b24eb58

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
acbcc29d90d51b175981a430445fa4ab

SHA1
aa16ab9a2f57311572f42089e7294d1adbc48359

SHA256
fc8e1c15f4bd5a5393c67431e546b6a1a69a1542bc4491cd0730dde2572d2ff7

SHA512
9b8ce5b393814fe555cd821ab9d0389e274e29d5a1b1e7d5d94300802a15f2832a67439c673dcf5892901f49706db95461f099a333d16979462e24f88de5e63f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\VIEW.ICO

Filesize
318B

MD5
340f56de088ba7fa29cc231767c526ce

SHA1
9d1dc7be97cc9cb509e9c8502587de49c913ccaf

SHA256
4c3532dbad14c69dc3e4c809274efb237765f3d8b3d5c09ef622ee9eb59fca7f

SHA512
1aea5a3ce7c2d3285645d29f4d3185906480a7d170400072b8f32b61c89964e7c84693637e1df41f98cb396518e8ec823579af09f0ac91d2574eb9417b3812e4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
54092e1c90eee5531f15bbe3d7df3e6d

SHA1
ddc00851d97c7c65b819cba16626b42b11a17b36

SHA256
b41a832cb66c5ead8e46e192636126ebbe867fd3be88b855337f4b879bddbf61

SHA512
fc8b0122f28a724629d69a8ac2944c710fefe3a31f439976481cc3ef1c7cbed16ac13c342e62dbe20badd31032aa4a90ddc9bdddf1e89fb12edd1b4911765006

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
2d01501988a234a05a46baa544ff7f14

SHA1
76e06437941a1ce54991e7caa92a3ce332096003

SHA256
12f15451cd8fb70f0c6952dfeb71e454fafc8824dbd1d66d6acb4ab9bc569c70

SHA512
cdbf0366e5248e1dc0c4c29de7922b972e41d1739c1b596939396721dc1defc28c7db1d322c32128d77cb1f2228e0860302902c0b32548c04435113920c9ae79

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
95e4120f15454c9b886cc2374ef20a8d

SHA1
abb05cc550180d678396c6b55b81979854839c90

SHA256
5f1b258dd3ec8d6b4a400e0d55bc7ce26e03c07fef6ebb91b551f767ece63244

SHA512
5c45a68454a2db4947d8d618fcb40db3d72e6639f38225cfdf445f919c240a9cacb152f29c367e0d09a45de214d1463a567a753e409a1a77a23be45bd54cf85f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
ea4a20ca1f409132f1f2ce4ad9b907fc

SHA1
f51ed21097b5c60c00b5238b8ad79ee03518ac4f

SHA256
fe41ac951238fc77bc3b95a89c9f8bbf559f6f3b5b8ccd50480b05a3c5f39469

SHA512
14d094339dc1663d2d61f95e74a7a8ec67fa0dd46e70f273abf74dcefb0fef3a44150e4781ca63df78504dbb736bc8ac93cad8a20d7997f2c088ada6451a009a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
ecc64efa8fb1ede1d3d44ff322e19a90

SHA1
300179c14d3c4cf22dc0026cdf66bf894041ca00

SHA256
acdd661d155c4e4a5a977a205707e55322cecb0be4a930b451f5419a513044a4

SHA512
908d160697b9f6355013188ef0970382458e188184a9ec7a504736d385c0f3571c37539ef060a6a4b5d823f41e1b1c8fcdbb71c2c31b0e2d4d67ac2c9ff4779f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
bfc69ded2e1c22945d4a08d2fc515eba

SHA1
599d297bd6ec852c451e5e5224648a93a988be98

SHA256
e0b7de9b5007ac81134ede45f408bcc90bb234ff206c6290721efadefecb6c86

SHA512
b9ce98dfa1e1b930a26eb40407c67360e3c2585da3d59a9be8f19953334e2cd000811117f92bf9dd9c04cf7232bb84b9e6205453a438e2d183e3dcb2bc652b92

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
ab978f7a2519ec903be8d46e3ff3fc34

SHA1
20ae443a2d616f84fb812149c26f427048194d69

SHA256
039ad80595cabf776f2959d60d800de7b2fe40bc601e91e61dafe10afb90f94b

SHA512
a935c5d8da77bdceb05cb7398bebea322f6e3de47cde2af895b9bdfd67971487f3021b49802afd5c35002763bfc77f6d9f9e281c4f57ad4d230235545ce0ae08

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
00e610d4b84e2613d61daf8b27f94030

SHA1
1d2b18bf972191e7f5275ccb591bf510acba4dda

SHA256
3387e17cd8bb714cd1d7ffe6cbd4cf9c869c9df2ff070b051d9b40b484726c28

SHA512
0e28c37fcd430be541fd3837a072cb2a5f1959a8d4e92cbe11b225fca175a0a0f55ea3bc1c19a81e77e8fb587243b9fed3005ba7bd1b71c7168bf2fb09fd9051

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
900327e6d0ff9cc756c95c79225e4be2

SHA1
439743614ed9b592202e7a4668bd3728cbd7a9fb

SHA256
8ff215258fa573d32295b08e2f0cce59cadbb1119a9d4b49e19b809b2158e408

SHA512
cdb3b3d5a8ae3b3bcb156dd3d1f482a4a1a1620ea05cc7cee3d571a81c86ddcead836d13880a37f39cae3acf843315c21b6ed1e4415dfba6e8c86339d506e5b3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
d724f6ad05baab7eb2bcdd93747a468e

SHA1
f75f8933bd7a5d9ba6b3ecf9be14882a3f61863f

SHA256
509bc8e5cd0d32199ed149e295930717233967b9a436d21257f17d5b449799d0

SHA512
dd4975ebcaba14882d9b1ed0c8fd39e28989050712f4a56afbd5fcfe89b1bbe8b5a8ff8b78e65e6ea3d13806f7442104c2666ff83970ccaf6fd48b2cbc920585

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
86eac2adf010a6b256105a1eadea6587

SHA1
9cbb7159abdae5a92a5d365faf2340407141d5ec

SHA256
3296f8bc04b8a91250e8d263b82da3cd8f878b38261fe4495b365baabadda2f4

SHA512
0eb09210c5f110aa9557fb4d39beba411b9fdb517b636a0143d5409363da41383f142a81d72d06cbf3f61cc721f43bf3c8b0ee5cdaaa527f8daf45aaff885fbc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
f7a49e232eb1f2e2b26bb694ad3deca9

SHA1
c8810107ac63af8d52386eef2132ceb27a07c681

SHA256
d0c4a6bcb74653891d130bbd430000b4a21b29d2751d37c3b4ccc4c2693ee486

SHA512
c40b1ee640c1fa3e111167df8f02abd19ab372b1ee5c7e588e1cea2590905761ac24c3f7f0dcde21bf15c0e5d46581617f4d4520e1da4581a8eafba3498134ef

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
15fe26f588a5625c6520d64d08376747

SHA1
cd6f3654ffd0bad366c5774c1fcfb0b253a8a9e8

SHA256
eec3e1166a55f6013a5de669e57350bc4a32365e82c24365e8634670b348a036

SHA512
21f694d84175579323c30fe92900650bb38e7caa20d330ee66f14046b3e6ea55a5081466c477b2df548e82046e14f44d28c08f7da583d395d58c1f918e70fbac

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
b8ca0ee423c79b863a44038330da53c8

SHA1
b87ffe162972a14d7dedac191469ffe8a633c491

SHA256
d2be7d4abc6460f94e3bb3f1aeb3e757498a1adf127428bf6db5db4206366390

SHA512
394f3deb05ddb581a066fcb58e46658ec89352acb62fac2c810909c6253ea47721cef6c29e90bcdad198b68b1076c7aa4894cdd144862d6725fccaa7e4b97b5e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
40a5a22eee1c2c0be7605bc248b2c50a

SHA1
4e908ea30128118c1f6ef1dedc2b190a3f8e063a

SHA256
ffb5c48c1dd875d728c1b760bef520524194c6344ade1f2bb3e9d035a1f6dc17

SHA512
6db23656758f41e1f276f33bcee4d00911e5cad631140ed0c49d8c56da834c14a7480862c8e7ac9345d77bd2e3d3f103df96dfa7129f82a72a2ac474beabe382

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
b019f6b76c1a397c0b1c968e179b8ee0

SHA1
f0db4d9143efb3292ec72a91f689b80b94fd7454

SHA256
20210ae7a448b55b2d9fdd1e2bd3e4c31b4ca890bd13a7875b9f565269c6cc38

SHA512
9b851c5fcc676f8da1d2de4d77b08391280231f473b211df76a582ad20d658fd7213b4fecaa5ad8edd9428781559e77e664fa3ad93427b74586837ec17d6ccad

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
d3741b8267466283273528cdd1c6ecc4

SHA1
103caaa5c755105e932861e1c47a4a5fe6381fd0

SHA256
6908eca40ac5d8e3c1cf3c2ff6066d38d2d81f703fe374553aaed8b8262e1678

SHA512
b5f1decb9c8e68b81fd625fe6d1975f5aba65f1713e90a708f801f0c84ac8c0a7e6a43700b5bc1bb0d5cc80ed3f0b386ec62a72c52abc779d6e8a7593ae2a8a4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
c6865b3620baa8df37d1e6f6e9c5f135

SHA1
31d4ab791ff7cea74d92cadd5afef7c1f194e745

SHA256
35d6dec793444aaad4d03ad87cc449d01f186f1d5708f1ebca206353baed3b43

SHA512
2b7f5364c3093d71a2c31032e847056096057b9ae47343c2f3f3d72c8520c12e76de09e84a041c12092909732b4a13d428b6f2ae2b9ca83b774a9b276fd99ad6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
685ccf202f587006ee1db502978ccb21

SHA1
ca581c99379f894ac834246d9784dbc8dd9f73f0

SHA256
f21007457566abe3392954c9954a00cff454a048c0b15340d13020b782c356a3

SHA512
85a9b88ad231ecda7a2b5cbf9a2664ff125d4924f96b90800f7cb34f8f6ba16d182bae42e49fc70e56ff172cc4ff6de86c1d3186c0c7d7527e3d0eb2c3de8590

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
0cc1604bc7a0d752e1c6e9d23c258f01

SHA1
cd126fd8c533acc3dc3c6f03ecdfb3a69835aa6c

SHA256
226307e6dffd50f39e5262b60c4ad84a6449da093f0c4256fdfe42f1b98942c6

SHA512
9b3ac8aeeef5090e4702d66851a9aa9bbc0e11ca7917c1037e23941a08e97cded82a7926d33944cde2da0b54b918c6326237cc567b0023d48bb5df27aa159ce2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
5de800ba75aa9da4745fc65f0f4aa475

SHA1
83bffb42a079f47e710118c5607cfcfa8a986da0

SHA256
e829c45c3368048a7173d279461d7062a3373e865f5e3a350a57711945bb9ef9

SHA512
aa218613d97bfe0252b124fbc86c71d5d05ae3af9a607cc6559e004a78dca477f9bc0ed02be8239933f2997d02bc3fe50ff58dbeaa9e2e0f69df40e3dd73526e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml

Filesize
247KB

MD5
a9baf082a4cbde26fe0451e6ce6c690c

SHA1
12f7c0b62ab0642aa8dfa0c71a9ad3c499fdbcc0

SHA256
e535802df9ce3fa70bc664fef1f65003c609bb2b0d9411dad46d85f46924ecb0

SHA512
b4e59bb4732a765aa4b44b1642d12b3d5b261d3a5b3725d44262879418e1c162f9d990ff04a86e1ca9fcbe2cc9a0550ad3abb038cd58256acf872519bcf7aea0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\TALK21.COM.XML

Filesize
807B

MD5
67a6558dd2920ab6ce874d9fd7bea10e

SHA1
954fdda6a2b1cd37f36beafe53c0c4a7daeaabbc

SHA256
5dfb7c5483cee484dbde3fd9b732a8d70b33d6e04b20be717c2255150cb19eea

SHA512
485875ba8db894bf698a74f919dcf9a5d3acba2f270f31f996b88b17b6933624ab6577a677e18e493d186f044aa5f08adccebd5a18b1de4a252cd1a97e1402a7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.XML

Filesize
806B

MD5
d66f612dd7a5baabb2efd8e1f2362af5

SHA1
8aeec013b0910f4fbaf482a6ccca97b2e48d84c5

SHA256
8eac7053794e79e71e259ed983a63a60efd191f4e69ecfe68ac6dc2b84056048

SHA512
f4655b358465c925b40281eb2b779ac04cfe81a78e5096885bedd8abab2bb10ee57d70bd1fe00a36088750f66f53aa8ea1ef057dcda21b3c1e2b0973e4feeec7

Download Submit
C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl

Filesize
5KB

MD5
0007d890f18017df2e0bae133c5d7547

SHA1
fe7fc45cbd6a02a413a79bd806f39c9d5a5065da

SHA256
34fd4b46e5fe0d3029e24c81ec9eb63abbadf3f00e7c84a649e214a79ac0357e

SHA512
ba98f1e03b569d56503e8879ef2cf0445f727fa88e62c19ee6d4eb113e52ea51e01b5e81829199f3a802c8d60e5d72301ac103728dd24287eda4e5c71e9ff195

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll

Filesize
809KB

MD5
a38fca706591460344f3c622fdde4ae1

SHA1
1333b47ed0bdb2cb056c75a417767bf13902778f

SHA256
2d5f22b8f6bebc6bc98891a9e7ff92ad6f950710b8e51a69c95586b2eb871f5b

SHA512
a93c4c58aac1f5e35cdb07145d0930aaab519bf4e22861915bd7c0a3e18dcddf1d5eaba64b8969f3d18ef5dc3a98e12b560df2d413c3f0774e587cd967ba8d45

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
1808c1a5efed3bbd7c50011103bfce5f

SHA1
a90758d00f6ceaa9b6e58c85ac23eacb01605381

SHA256
5765b961519a2cb6b4166a1b959be6eb6364bcf3d873db5fa7d1c1ed90d3db0f

SHA512
280f2afc93ee046bb304278f82b436da546413e521facb04ff1b8328dd1f8bc0bdf556bd8ad4784362c7af4e0cce529918621390fbbee33d148f0affb58abb46

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC

Filesize
27B

MD5
37721153b2a6dbceb28a806b6ac18d45

SHA1
faa6c2e8f2c82914c48d2327cc2dadd902aad6a2

SHA256
3443fbd18a3f28d347bbac8d6325ffce41ff47c3625b5b284de045d786a09ef5

SHA512
88881b5f0831d2ca3fd7f14dc03b33b4cfe486fd750f3a56297e716c7391c75341ce9a655958bacd953d7efc6b914b024fe5b2f2bdfee3323b4c4f13c5310449

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5

Filesize
27B

MD5
94efc06c86ba37749c70533d8477a3a1

SHA1
ea8102e3fc06af4080dc98db11ef7d04b698d3d7

SHA256
42515b3662bf14f84f608a51a0c0233251edc91d8ca9727787cf43636f41e42d

SHA512
e75a6562f44bb23f9868b4d9586ffd526b1e44d9b5fc0a7950ff4c62ddd58b20102d0a110ee8ac9454edfb40fcac49090e852d1fb97f5ab615e90a7a34ff7ce0

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10

Filesize
27B

MD5
4209da38099a52180717984c79c4ae05

SHA1
86f5b865d9ebd100dd9d5650d9f65b7242c5f887

SHA256
9c34bf5b3a170b6a34eae0205264ecb298a69cb89b0de68c9e52c4508bd4f56b

SHA512
fed3b8f523ed00755c33b522602bcdb9841cc043b2987253791df4fca100944eae3cd109d12e8555a8af2f720e96cd892c1258603aab468f4865a760519b60a4

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7

Filesize
27B

MD5
125ddfe5c5abb0613ae48bace22c9f19

SHA1
9aac9a32e14cda78aff56980d3da5e6ba26e342b

SHA256
20a7958ca3032b6f331085aab7b4fa246e30a9cd41870c59ce10ffa8f75b7d3f

SHA512
d878352a33edb4b8971df5eb97a4cdc3b468b7874c6cc473c667e1ba74b1c189d4d687abbf83227e813fcf51231685bd333af4370a47c5c1806268e8dd393f63

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
62830e862d27256c5c76333ae3d23f5b

SHA1
547d18c21bba57df27044a02b488aeae27b5da10

SHA256
a478930678daff922a5a95e0aca70efafcf0909a346260a35b75b5d9808f9f0f

SHA512
e6726a3c677c3e12721a070c761e9305e2381d5c13794d789b5c5bef51232b39e969c8b965be16a0b429bb994afa3d07e3a6a0bbc469272dbdcca5c22b99384b

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
659bb5555db24cc4722e25b2bf3f9f9f

SHA1
266f04adea326e6bd2e2cbab5642ab41cb4d026d

SHA256
e1c62af829f1d3458c5d97832e69571e4e3668a3808c72ed32bfb7cd210c37a9

SHA512
fa4d0222514617ce02dd157245e4a44cc9314c3b17d32c8114c5893d1aaaf70fe7ececd57ba1bf4b0409ec9ea6c24c38257665a2f1cc199bf1159d67902ce628

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf

Filesize
57B

MD5
bfd4951343d2ee3c45df223f61a2b0ba

SHA1
34b51082f28e7b4322cf69c14ff31b3a5e956250

SHA256
4d02daad2ad6f724555a3cbc349190729a3374ba4b4ea9382bfcc2a0ddd9ce32

SHA512
ad6ce989c31e168c5ec433c8c910cf358d0f69fccb373f0a81704dde3c900eed55cc75ecd253e216bdeb9b8b8b74145b6cfa7c0636e09669ce1a87550007c2ca

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
4380f2f288e18eee8a386edb36c089a6

SHA1
5c77ec10236c65c18d542e66cacee4a23b9d350d

SHA256
c510d3aba5c7f509003276fcb5b3569946c5fbee4dd462af28ef6acd93b95e37

SHA512
27cda2488a0f9030a24b48d58430eb55956e900526247eb537b360e4e11d3d48c477841bb0f478a8cdd497d7774aef6d05720e25b8a4f64247a68ab482dd0d64

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA

Filesize
7KB

MD5
722d7b46d1b4e112f78f1e617ebda4d3

SHA1
f16d4a30b188f6d916ef2e67de40345d0bd5a54a

SHA256
c32817a476225bbb48d10c2ce671ea6a5ea5d77a92dae12d67002d14f1aaf30a

SHA512
38732e8da7ff4d6cde7931155158096ee2f3d3b17ea074a592b2c6fa3d88fdbecfe814c89d06be72143726f271b24375524b9bf4f0f2ad2513993c52427b7900

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA

Filesize
7KB

MD5
2d3e5115953eda55a32d37aea1780031

SHA1
ec14036e1f0d0b6c813c109d11cbb08f891f2831

SHA256
9db498edbf4c465f3115efe3d0245d4faebb3f1c7a6a7db2fabfbf4b50da51c0

SHA512
b1f3238d08d57f6ea1cf926b29a342a6cfac907ad1a8aae05d13b319ebe7aea9c7a833e86782ba6d3490f07362e1412493f67775e1e05d408a47f9d278ac2fc2

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF

Filesize
133B

MD5
29176d2f46ca2daa19270a1ed320124b

SHA1
f6cc7e269cc0083bf38de36261e7980cbc869d1e

SHA256
8dd9d47dae164ad5a4217bfba602d3665a5056f74e17ede857ee134e70e2d17a

SHA512
63212a692db6299ba5717310df79875e50acf2dffc0bd181010462b840ef5e243e6cbe4eb7a1817d8e96a695c65faca321f2c448c2b9b20272693c4645ff9e55

Download Submit
C:\Program Files\Java\jre7\COPYRIGHT

Filesize
3KB

MD5
431380663366ead82ef7e699be12cd29

SHA1
25b5ceca95439e0d7426fdc35ebac0fe86c8220a

SHA256
1697a5cdf3c1016050a876dd648fd6b6d6e27780af5bac02cb71a474454afde7

SHA512
0bb819b1e9c856226f73b7690f9b74d2ecdbd8cbeef71938d8b15fefe2fc47ae64a9c8b109f63e4636ce72aa608b990ee9bcc0e86302b4d88d7b88d79bfba097

Download Submit
C:\Program Files\Java\jre7\LICENSE

Filesize
41B

MD5
dd2bbd3cdbc52b86376edba19e2dd7e0

SHA1
8f2f6b85a38da0d89e591460e82c743ef59d5951

SHA256
3b6059b22d9dc1552582ff936fb90694f2ad3b8c29e370565fb2259cf0ca9f00

SHA512
8d854497d6c3d6fc7d78920ed5d81b170d28d14b6cee2197e21ee5b88e4cb1317144780a6d6b5f4c3327c6509d6d88c7ed60e5a8b64718f9c2b12fca58481e35

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
a30f3fc12e719b5be02025bbf660f696

SHA1
5d9e947140d99e255ec3248f018ab9c401021b16

SHA256
d9d706b3e095b2a8b7a8c1b280ff3c0e1475755193dc82596909794c2ae69662

SHA512
27df782091fa38ab06fcfe53b2216fc7f953b5fa30bf3783f9dfd1b5e0d6afc0f25a91ab94ad51803cc05cbcbe936b9c22f224bedd16203781420c0a261e7961

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
937f4ebc8c736880ff4f55d99f40d791

SHA1
b0c023cfbe6da3edcd395ad73bb3faddf9232494

SHA256
66099ad2cfcc1e2058d4b90e8928cdeb3a0de16083ee7ec1a297c2e481ee7198

SHA512
cc1ee2ab1704e8312228344322ef0ea940363f26498fe12f7e2e20757e4bc88cd109a57955b15b66f6d02344c602871133b12204f3cf696eb83cb5aa21579c28

Download Submit
C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties

Filesize
3KB

MD5
20276093962f024b22d2c08bd934d9ac

SHA1
b7670b2cb0a4b2a3ce4215a7ba91f759024663be

SHA256
68ba0942aa1061ba4c9eef3961629d363dde77fdf423c6aec673bd4c62d04bc7

SHA512
1d3317f91bc054675b922621974cba04efed2696219eaa973d4f3a92a651933cdb607bf6ac5eba312c57c01020a742c9d44109cd9a355ca0be91e4e32eb5dbed

Download Submit
C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia

Filesize
27B

MD5
c69abb7b09df6097d8ff95a8388f09d8

SHA1
800f3a0a26f1f129a56de95381d23b35b738ee91

SHA256
8725e7214e07ba47298ace8cb7a09762709f684a47927372b31384be8edc77f9

SHA512
c15dab4a4a6afeffb96ff627f8c858144d13d983f8df8260d9b2507b54202a495ce777edb4d332e748404b2ccd6a955c1eff6080102d1dcac02e951c5205d828

Download Submit
C:\Program Files\Java\jre7\lib\zi\CET

Filesize
1KB

MD5
d3171d5f59ba2f8c04000f3ddeb56714

SHA1
4a30c506704e7c2afb2a54a94aea8c60d0103d3f

SHA256
222b143a3c29fc6e500facbc60cf438c24e948f98d801fdb73c771f70cd4abab

SHA512
e37458b853159d2336fb3160811948e8ea86c5c307c0f938f8b777d9ed034ba633295ce44543fd9908aedae4f6d805ab191ea8690fbf438e7e33e5468afe85cb

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4

Filesize
27B

MD5
f2799d16d9aa6b79b9adeb3c70710ed8

SHA1
74ec3ff4084b0366ea1de7bdf7b3d6df3e8b9f67

SHA256
739cb1c5902be5142bbd5a304d054a293a2b5027e0aa22ca42a8cc135525f39b

SHA512
3361086968c8abfacc5b7e5b82ac30b334bdfc87fb8e795f7aee4015cb015db8fb531f48701e21916aeee492fb0c88a60d1910783b9047ea3c59f19e0d4614af

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6

Filesize
27B

MD5
98baf341c900f399191b5c42e9613853

SHA1
c13f02a27242d7dfc00019dac4b0a7b6fed5aff7

SHA256
67e1930f1ffaf36f3bfa51fc9b127957c6df8e7631adf13ced165c9a1aefb720

SHA512
7fb8b64cb00ae710a274c5b86b1e098a085b6986fe4f6c521fb0ee74923afed064ea56ff1fa1bddc5b097fed5d200a9cd03faa0262eb2b3f2ffacfa6f0862969

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8

Filesize
27B

MD5
ce5134f2cd29f551950c05535b20544f

SHA1
21c4d2090cf383e747376a62c5f0b588e2e17ffd

SHA256
11a5f187e8f206c07f0cb3980526c3c481de512ad273f99d9d347bc341970e05

SHA512
1db75325c20fa072748409c9b8744b33871b384636b1f5dd11704aa33da3153d6b76f43c0a477b83e9463ec22408a408f24bf49717806cb8721f369d91c4ba89

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9

Filesize
27B

MD5
ac8148f0841b231f0f54e54e14402754

SHA1
cca1f25f6f51a8f43fbc0c525e6b5d1592b87106

SHA256
74e9871934943f9469fb09cd7961cd9949573a0b41bf69b3935aa4df58f9b6ef

SHA512
c7ee92315a38144908050b668d28ef2c4f8ab5d5346143abb75d2df8915c3bfdaffb4c4c35838b41d30cede3f810463c23711b768b2501af3073d985fce26e7b

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10

Filesize
27B

MD5
5fe2f6990eec56cb051e10a76a5efe29

SHA1
4a362cc4dad8dae181bd80bfc7bdb5334347b240

SHA256
610bc29f09ddacf0ad1dcc334a6b207580d7fb69ba8ed0ff2d81c43957f41c59

SHA512
c1a13b53a31ef4260c72ea216628ebd7b97324dba14a5b6d3c5e6185132d43fe4844ad84550134cf07e88c6de303f75d034beefd76699d60c1a8c45161d55ac6

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7

Filesize
27B

MD5
81b975fc2a48df56fcee41cf0772d0d1

SHA1
9a6835ec224791e14b88e251668444084ebce94c

SHA256
10b35f38253ef21b67aab6e260bcab9f003bacc8fa3c623ef7e80e4ce8e88e3b

SHA512
817bfdde02792eaec262d86a36b3068dece2420cea280c9fa623d426cc79f8d2125456d6af405a9875d521f5e49c14f8db415ca19f394c8ea77286532a935dbc

Download Submit
C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo

Filesize
584KB

MD5
955a6dcf91d11a5d788e8df5e124e290

SHA1
a31790a380c57f5ab1c646f78686f196c9261be7

SHA256
6566b263b2d79b7bc9c46811864d4aa52bc70bec533dd562d44bfed03e0030d4

SHA512
cff6688dc64b1572d4b964533411ee9cd21f36b8e6b8ec4757dfcc2c68bdebea750962277986187845f4612bbe733aeddba057a3bc7036d08fb05e4c2a4178a8

Download Submit