Overview

overview

10

Static

static

3

038bc98b3c...e3.exe

windows7-x64

10

038bc98b3c...e3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    15-06-2023 11:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    038bc98b3cedf2e9c36df41cdce8fdfe43fa2d910911e8f18fe0d9abff55b7e3.exe

  • Size

    5.3MB

  • MD5

    b1d1ee7ca6e203ed26009f7667600b09

  • SHA1

    7ac25793380eeba7dbd7f5ffb544ba999641ba08

  • SHA256

    038bc98b3cedf2e9c36df41cdce8fdfe43fa2d910911e8f18fe0d9abff55b7e3

  • SHA512

    631e149e4e6da217908bcd4cb363d2b43d1347f145c883f449d6594ad454bb5a7dc650166594c3caf29375a023874240c4efc6e787154966dbc58300722e878e

  • SSDEEP

    98304:y95iCM0BDy9FBLpPUpeXV76c7qj1qhK4LwOhbaRZka5Rt1++VPiZ4qo:SICDBO9FXPU+V7pLhK48OxaQ8RtcePca

Score
10/10
hadesxmrigminerpersistenceransomwarespywarestealerupx

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\HOW-TO-DECRYPT-FILES.txt

Ransom Note
____ __ __ ____ __ / __ ) / /____ _ _____ / /__ / __ \ __ __ / /_ __ __ / __ |/ // __ `// ___// //_/ / /_/ // / / // __ \ / / / / / /_/ // // /_/ // /__ / ,< / _, _// /_/ // /_/ // /_/ / /_____//_/ \__,_/ \___//_/|_| /_/ |_| \__,_//_.___/ \__, / /____/ ===================== Identification Key ===================== 5A587633437575496E42644462476278587054374E577145514A6E5159315 7454F5A3732785A4C776830682F76426945557A2F57326A37672B776A7261 79452B6C576A6D767178614561546C52583671664A5157777A794545546E3 547797441384755466855534E374A7372724171744B6530516A41724A5A52 4372433462697A366A426D4A332F64795348664D4B444B766455446866556 F6E506E413062683143515571774C6275566E2B6276696364783151477847 30576D76794C703159716A3443686F424C575730414F39663848304D42364 4444842565531563731763157347346737249437230697575726B702B6B50 694D4639313236624C59755A50614A304678694C30754D3268584D786C4B7 857432B346470326564496769747834456D646B3353795A6F5473666A774B 53305751724439315346584B346F5045695559486B7472452B342B7245516 5686B6F676E513D3D ===================== Identification Key ===================== [Can not access your files?] Congratulations, you are now part of our family #BlackRuby Ransomware. The range of this family is wider and bigger every day. Our hosts welcome our presence because we will give them a scant souvenir from the heart of Earth. This time, we are guest with a new souvenir called "Black Ruby". A ruby ​​in black, different, beautiful, and brilliant, which has been bothered to extract those years and you must also endure this hard work to keep it. If you do not have the patience of this difficulty or you hate some of this precious stone, we are willing to receive the price years of mining and finding rubies for your relief and other people of the world who are guests of the black ruby. So let's talk a little bit with you without a metaphor and literary terms to understand the importance of the subject. It does not matter if you're a small business or you manage a large organization, no matter whether you are a regular user or a committed employee, it's important that you have a black ruby and to get rid of it, you need to get back to previous situation and we need a next step. The breadth of this family is not supposed to stop, because we have enough knowledge and you also trust our knowledge. We are always your backers and guardian of your information at this multi-day banquet and be sure that no one in the world can take it from you except for us who extracts this precious stone. We need a two-sided cooperation in developing cybersecurity knowledge. The background to this cooperation is a mutual trust, which will result in peace and tranquility. you must pay $650 (USD) worth of Bitcoins for restore your system to the previous state and you are free to choose to stay in this situation or return to the normal. Do not forget that your opportunity is limited. From these limits you can create golden situations. Be sure we will help you in this way and to know that having a black ruby does not always mean riches. You and your system are poor, poor knowledge of cybersecurity and lack of security on your system!. ======================================================================================================================== [HOW TO DECRYPT FILES] 1. Copy "Identification Key". 2. Send this key with two encrypted files (less than 5 MB) for trust us to email address "[email protected]". 3. We decrypt your two files and send them to your email. 4. After ensuring the integrity of the files, you must pay $650 (USD) with bitcoin and send transaction code to our email, our bitcoin address is "19S7k3zHphKiYr85T25FnqdxizHcgmjoj1". 5. You get "Black Ruby Decryptor" Along with the private key of your system. 6. Everything returns to the normal and your files will be released. ======================================================================================================================== [What is encryption?] Encryption is a reversible modification of information for security reasons but providing full access to it for authorised users. To become an authorised user and keep the modification absolutely reversible (in other words to have a possibility to decrypt your files) you should have an "Personal Identification Key". But not only it. It is required also to have the special decryption software (in your case “Black Ruby Decryptor” software) for safe and complete decryption of all your files and data. [Everything is clear for me but what should I do?] The first step is reading these instructions to the end. Your files have been encrypted with the “Black Ruby Ransomware” software; the instructions (“HOW-TO-DECRYPT-FILES.txt”) in the folders with your encrypted files are not viruses, they will help you. After reading this text the most part of people start searching in the Internet the words the “Black Ruby Ransomware” where they find a lot of ideas, recommendation and instructions. It is necessary to realise that we are the ones who closed the lock on your files and we are the only ones who have this secret key to open them. [Have you got advice?] [*** Any attempts to get back you files with the third-party tools can be fatal for your encrypted files ***] The most part of the tried-party software change data with the encrypted files to restore it but this cases damage to the files. Finally it will be impossible to decrypt your files. When you make a puzzle but some items are lost, broken or not put in its place - the puzzle items will never match, the same way the third-party software will ruin your files completely and irreversibly. You should realise that any intervention of the third-party software to restore files encrypted with the “Black Ruby Ransomware” software may be fatal for your files. If you look through this text in the Internet and realise that something is wrong with your files but you do not have any instructions to restore your files, please contact your antivirus support.

Signatures

  • Hades Ransomware

    Ransomware family attributed to Evil Corp APT first seen in late 2020.

    ransomwarehades
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 4 IoCs
    miner
  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 11 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 33 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\038bc98b3cedf2e9c36df41cdce8fdfe43fa2d910911e8f18fe0d9abff55b7e3.exe
    "C:\Users\Admin\AppData\Local\Temp\038bc98b3cedf2e9c36df41cdce8fdfe43fa2d910911e8f18fe0d9abff55b7e3.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1240
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\CleanUp.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\CleanUp.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1480
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c 7z.exe e -y install.zip -pSampleFromTACERT!!
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:632
        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7z.exe
          7z.exe e -y install.zip -pSampleFromTACERT!!
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of AdjustPrivilegeToken
          PID:588
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c CERTUTIL -addstore -enterprise -f -v root rootCA.crt
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:716
        • C:\Windows\system32\certutil.exe
          CERTUTIL -addstore -enterprise -f -v root rootCA.crt
          4⤵
            PID:708
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c start winlogon.exe
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:960
          • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\winlogon.exe
            winlogon.exe
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Adds Run key to start application
            • Drops file in System32 directory
            • Drops file in Program Files directory
            • Suspicious behavior: CmdExeWriteProcessMemorySpam
            • Suspicious use of WriteProcessMemory
            PID:988
            • C:\Windows\SysWOW64\BlackRuby\Svchost.exe
              "C:\Windows\System32\BlackRuby\Svchost.exe" -o stratum+tcp://de01.supportxmr.com:3333 -u 43DmqxU4LzuTrmA8GLZ7S5J6w32bwCavX9bhvCiSEwwebfn4TCYRAxmPtWTZq9iQ1F6XYsktJEYBYDkhKu4KXw6rCCspxCJ -p Admin:YBHADZIG
              5⤵
              • Executes dropped EXE
              • Suspicious use of AdjustPrivilegeToken
              PID:1456
      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\npp.7.5.8.Installer.exe
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\npp.7.5.8.Installer.exe
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: GetForegroundWindowSpam
        PID:1172

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\HOW-TO-DECRYPT-FILES.txt
      Filesize

      6KB

      MD5

      18aff9fa1f5334de99db3f16f647e2a3

      SHA1

      92fa40b83fbd0a5987967a6ccf652a194856aedb

      SHA256

      5738c7f8c5c89ffe7f45bd981fe0b5b048b14247f4204a34af25e2ca975049d4

      SHA512

      e9c9cf1faaf37b08340d61719493932c92e8dbdbe70bee9a976321fefdd7196b8c2fcd47262a5229c3ad87ccbcc6f890964c632d143aabf08dae51f628b2737f

      Download Submit

    • C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
      Filesize

      27KB

      MD5

      703b99b3a10bd467107d6ee10707dae7

      SHA1

      86f253b9b982e18067b41d81b7d1cbb822b85e62

      SHA256

      c169691e7fe42c4355f6209933a9cb0fc7d0ababe67e9d4100accd3c385f3fec

      SHA512

      c54ff36d2eb229c0abdea1699349a81057c864c34c2565171b03dff9ec28c3f66148c4a174593c0b80e53541763d2e554e3c94f5495bdc6a8ecbd9d6f5d43d5e

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF
      Filesize

      608B

      MD5

      f0310e9e3bc1fd57e9708bdea99eb2a2

      SHA1

      ba977d0b66c8fd2f4a74e3a3c5b43f75c5a7ad7f

      SHA256

      a7a73a0423be8b7487cdab940c6745dd192f8cd3a139499cf0cad99058e13a83

      SHA512

      1884360a09cc088e4921dbf151a5a995cd413aa5a1ee2dcd8e04766dbeb509fcb36e29c43d23b48da688bffa674ff900e77d3acad2a8718ed2a322b254586789

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF
      Filesize

      480B

      MD5

      b0e4b50ae4097fb4215fe0aaa73fbef6

      SHA1

      06e30cd02eeeb4ef9cd666e32100088e7032a371

      SHA256

      4c828811a2e329660d1290b13bfd0073b3975b482af1f7b18fd0bd6bd0d10472

      SHA512

      35af43120b6a9e10734de4533a8a8e50dfbdbf39238b2b87d6a2a5f57f84c2048e2eae52c1eebbfd1411db89593ac5d3baf4449bacd42962db2eff0feb56f004

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
      Filesize

      24KB

      MD5

      56cc35f8e0557d171f92effa53418d72

      SHA1

      4a1d9f91b27be5fd1123ffe21feed657301af5cf

      SHA256

      4184ed466af17fd09cee2c04206b878a40955e90d1d51b9e606dc157109ad8b7

      SHA512

      ca0fd4623e1a531fcbeff59977d3f50eb7e2e37bd1f4866c5c1f030e470426e2927161c165c090d09783f1a2c913539030bcf05c7283fc1bb90b37670030e3b0

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
      Filesize

      448B

      MD5

      0b94ba579f7734348c9781b0a4f8c0c6

      SHA1

      92247d9076ce5b5deec7d9220b7a5215cfebe33f

      SHA256

      e0a3b39329b392a5734a45fe0115ec4eb476748e1e4c232915cd7fb22b1b933c

      SHA512

      541ee3cf225d6e5e7eeaa9a38db7f3639e369981997b75b5b078ccf78d3f1744da933d99587b3eb4a1bb31da172500645e91b7eba8235c2434fc58f3ed1c317b

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
      Filesize

      768B

      MD5

      a1d0ec026415547099a2fede41124a21

      SHA1

      ebe6977cb4b8a6095e2b522e39f5900fb3d66f89

      SHA256

      9d8e72c35db1ba445dff53a4b3d8333450c7765cccb0c8a031541fcc8cc1b308

      SHA512

      3c9879e753e7e48b7a4f7d3187c24a1038ea7e7c8ac6390aa277c4e66a3b32d632e47c066fa133b0b43af30f9f6f40fec4f63794dfb1aec6de7591a3820fa54b

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
      Filesize

      1KB

      MD5

      ed27350f8e7cc2b7cef6e4cdbb139459

      SHA1

      82853b0bb146afa0395f9747475ba45c64b63490

      SHA256

      4e1cb4f1fe5b3b52fa8cea9076a12ab81194b48a3e0d5a7cd03907688c355e0d

      SHA512

      ec2272bbe615b5d3885897c68f38f4465b1642fb31318abe484fd1c4b6168febd4999abe9b795909825693c210511beb283d5ff63bc44ce62957a9d4c7f812e4

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
      Filesize

      608B

      MD5

      5c100d4e74885c43a72e51062ae95570

      SHA1

      b27c016d8664c1cea355bdc6f8a3c257db14d455

      SHA256

      d87426dbff91769e50f9533a0b027e47b466b4dc95ff3e2ac22f09f231d74d20

      SHA512

      0fa725f1ab3a1e93ba5bf33cce052ee56dbee29c29c0e0dbc6c5360e7078a0aec75b5d8f5093de785a8b4baf4d9e932758eb48d925051b8746394ee25761d0d7

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
      Filesize

      480B

      MD5

      e4b1533ff8faa9569373c6b9fef203d6

      SHA1

      0e5a9a72b420abb24145fdd95c79068474d0dd83

      SHA256

      6b58a8fb3532921f046af8afb58878a96672a2efa4b48b36f978501d6915476d

      SHA512

      b13ea4af9bc45d8796fc4ae50acb256cf2217ed08fc07824c07220880d14a04224e922a3eccaf79d309d65040213fae3f01e09e919cb116cd14b3030cd53c2fd

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
      Filesize

      5KB

      MD5

      67f19869514736571332aefd34744047

      SHA1

      58acd07baaa59d5459385e7dc93b4d4ba03b73ad

      SHA256

      9243e3896f795f714ff62b8c53ced2a939d11289e5e48a096ca585aa27dca282

      SHA512

      8b0393dedb0a27fa8e5e0078c74b9b5913658ae0afe2aec80676071eb727f30a0fbb3809835922ff1a88a76390f82356e7bd9f96d2e1a2764cb3768354362bd5

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
      Filesize

      31KB

      MD5

      1d10f7d85a6c1773e021cc54561b9f3b

      SHA1

      f5126b701d18428bb8dfc5241e2bfa1e4854e271

      SHA256

      aec5ec8ba0b446d662a42187d1163a4156daaf4fa85d0ea1a4424795120133ed

      SHA512

      335cbea86ec823b501630e923ccd702e4629ae5b1ed81c2e00a359e1d369ab823fded99dc0258f70348e441865b14236655f3bd2389045a25cd67ad8efd26e72

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
      Filesize

      5KB

      MD5

      61c909dcb0670dcb9517609006144aa6

      SHA1

      45222f570b47f868d6eeadf7a8bbae03ba99238d

      SHA256

      5f54f4b7b476b646195abb2c14707b34e1169b6a512bfdb9655ab70c7a61f4b5

      SHA512

      b3762690e5c5a2d829962e5832b488e2dc792d59ffe20937230c12f176c60ef6c43206a57ab6906fa7bf39b3962284313ef03b60e6083e28d216f30c847f712f

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
      Filesize

      21KB

      MD5

      3c4a8ad2c33e72799207c2d413859f6f

      SHA1

      92312fe491d541e2c972cd26b650a78afd5bee5e

      SHA256

      fdf96f1b53367863ce95a91c0378f6d3d19e8cdcc11eb31fb07f1bb02792929d

      SHA512

      5c6cc71cf1c87244c4799391519819b0441d767d3a1a963feaecf1ed1e4a684522ee8d8fff1f4afb5347764cd62852e3dec28fc49b0cf295e274c041d460da53

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
      Filesize

      368B

      MD5

      a4c1e007617c7195386d715a76b0db5f

      SHA1

      8efa251748b3a476d09aa8842c7ef1f86ab4d469

      SHA256

      502636e6c8550ad34d32f6fac58c7f7a1635f377e9a9a6f00b86ca9147b2d41c

      SHA512

      55ce0ffab857789b7705e7b61b82eab127a25a91c233f2198dc93a8ed4ef66b6ccb872a364f297fb4015c68442ddbb1c1b35f4ffe4d60b172aec8ef41118326f

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
      Filesize

      8KB

      MD5

      2057aca4243dd058d770ba8c701ef448

      SHA1

      56947f433cfb38ec0933afd4d2001f991d91aca4

      SHA256

      a2d6b4c94e693fa488a655bc99ceb8e98c8d9e66efa01f93f304a2dd95a6306d

      SHA512

      38e48a8581b35b1d93d733aa30e1ac275ee1aae7bd175caac03e4597eb0306f95584ed6714e2977c578514cd591db6994f6c1b963be16cf0a6674ebb21431821

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
      Filesize

      15KB

      MD5

      ce781ca4730426521d259a8f04c6e371

      SHA1

      faa327383f1cfff7c469e658e62a3ad02de0e5d6

      SHA256

      6a0bdd6c29e064b3f118e1dc5c8d2436c4a06a8eb429c86ac695944961921c09

      SHA512

      28e4f10c921863569f8be5e6539387ea7e7661df4f353e5dd80ebb9690853b1ba2ee6d9c1d243f58e0b31b1ca9e4e0001f3448f243a24be96e1127ac70d4651e

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
      Filesize

      6KB

      MD5

      0b6608311ab4c46d99187e40bdbcec31

      SHA1

      c3f30e1e34494b419358d81917e00c8e906a5754

      SHA256

      c984512e5ed210bbfb089983ec7e120384a44bdc57987810ac5a0a7dbdc38f87

      SHA512

      558577ad8bc3b451fbeabf7dffe4b15ec759c15565b17d8a5c0d125037f678a5b5be30fc70c5f947fc82bdd8d5dff805803b03c4c8fbc78bf8725db6d6dfaeae

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
      Filesize

      20KB

      MD5

      b9f93ecabfec4ae142084699fa873f43

      SHA1

      3160eab8195e644e1ec36fd4ceaa2edc83d4d953

      SHA256

      c104ac3a815fc308d2d87aab4b5b96c97f60b29ee143525a57739920303f2d57

      SHA512

      41f1b32331afa1c306a634b26b6466379d379bc645d8f551dae2eb3d9dc44d0963d7f0a5c201d4d0a6b8442229e33314735ffe362371ef261d7bd67d18f16036

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
      Filesize

      6KB

      MD5

      6a3e0da5571fe5ab7122f6b19a220362

      SHA1

      20fb32aa49dd986ff99f764ca6c0621f4ff3083a

      SHA256

      1eaf7a7714739854945dcce5a2df1f64a775632799c0a65414a8d629345ca2f4

      SHA512

      59fbed67a0b3550a996633a7d269645970f2b63b91d2b13b13a4737d0b893f069210dae57f2fe386a9c704f79082cc0204c73f9dce09db281057a8b5a6402d06

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
      Filesize

      15KB

      MD5

      7ff0f57eac59d4f829a51ae1660c71f9

      SHA1

      ede92419f5af565810006e718364d40a18c910c4

      SHA256

      a1b1ec060e29f80eed1a6e3fcf4e41cd911f7e551095c9ac47a61ab48ea61bb0

      SHA512

      d956bedc85ee9d4c5c586012b611f47a2484bd5edc8f3aeca763ae0b67e12d13ab72777ddd429d653233a025b3bbea3cc54e88958771f3d38d7028aa22412b0c

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
      Filesize

      3KB

      MD5

      021fea101d042c6a7e1ed90b32d844a3

      SHA1

      f5e1738052428e52d383fdaac2fba807c88a4476

      SHA256

      2b289712c54192a5f8d56750507c36ed7532f84167bae2250e98df3d28d3417f

      SHA512

      c0373604f2a2061db9b7a4a827adfe247e3dec4fbdd5d034f8ab1de2baae7060c744e8d5bd0134384d03fefdcbf1191f197154817cbfef3bfb1bc99b8a718bd0

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
      Filesize

      2KB

      MD5

      d3ce0e1052cdfdcda264519b1fa64780

      SHA1

      d6dd2931875f556df65837036c66b091a2de0786

      SHA256

      58e384183c792c5620b295a27c4bc7efef419d6c896277a9b9ec8e072a645ccb

      SHA512

      ba93ea4410ee45429da50aeb1c7b2f2a1cd0e9079983334898c6da1ffd382dd705a052a420be0dda317801908d75156e95d152ff8128f7bcda98daca09a559c0

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
      Filesize

      7KB

      MD5

      c7f2476336b7b1489e1f7b9d31e923fb

      SHA1

      2630f6b56f4515c8141603545610cfdd2056f00c

      SHA256

      46adada9a7124194e0fae624ecbdc8e9dcf42fe31de8916d737f7bec33b583b3

      SHA512

      ab88d5312e9c0f6fc11998631916e963ca0e6b60bd58a4babb70274deba7d7c7326ead38cd2b256d8565ad742c9537d19da0f35e61fee0ec04f7a1e658dc7799

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\Encrypted_VTqFUlLluFQ8AcZ0nIgQHgU9n6lR4M82LT6PEOEbgrJj6u.BlackRuby
      Filesize

      512B

      MD5

      aa563d6d5407b5a51ad8f4081be13e22

      SHA1

      c8ef6eb1e7e93583f36a11742ecc244b5d261667

      SHA256

      a9a47a5aa04e785d629b1ed29a31f048e122dd9901ab3af8593c0f6267ee339d

      SHA512

      d1b98d8b04dba2c081fedef7e8419faef70494cb366265347dfb5c732a64fd516183d3f706c598966c3cf3c9c6ba1fcf4ce4f09e7c041adfc3c3b87ee185e51a

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
      Filesize

      592B

      MD5

      11672afefaa747c456486ad61f89b9ee

      SHA1

      481657e64494b76bbecfca6144b9ce6c87df98e6

      SHA256

      ad7a0a5d76bad0fb72357085a46e09352ab4070e06b6cfe6537d545d71f6fad6

      SHA512

      396db01d28b08dc1d771fcac38f3d6391686b389f388b08849cd956c8b9e2995b6058dc429bc8bd4223d11c1d5a3d2cc97bebc5f57330907dc226e6fad987e22

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\Encrypted_GiPt5VIYcUJI375Y6TIdIT57EvxdTBvaz1Zvpmh.BlackRuby
      Filesize

      624B

      MD5

      57a63e5c908807472126253fe98e2ca0

      SHA1

      ce47346ba24e63590eb9510bf5ac598835d65537

      SHA256

      47c3a0968726695cf9c053ca207a7bc07583b5a157ff6f18384eb21396d64737

      SHA512

      118c6cd4e6d2c79d7a265a489ad8a4d178cb0949fdcac69c16c1dad1e851ec5566f7864d90b2543470884dce1b057696118d91d0fbb9c521996b126ce0c77213

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
      Filesize

      416B

      MD5

      ac03ea629893e63ee788e16870ef10ca

      SHA1

      1df4443695e634759d3fe60e340653d4dda54fcd

      SHA256

      8b36f786a38c9eaa37e6bff35d46568a08825f7d5bf79edf2da3bebfa1493b9b

      SHA512

      1a1a3095afb5c869b106900865330d48dc9e7706c1dd53e6162506e4754f40b5199de979879f0433bc0dc4fa2205a59f6036771486dd236d6506d150335afc2c

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
      Filesize

      704B

      MD5

      db51858064e1320ee968f1d9e90525d3

      SHA1

      bb070bad01e3be9018e6d8beaafe20290b6c5199

      SHA256

      7655cd38c1cab2c51a8ee7a3ae0066390213960ca11472980f91202a627aad87

      SHA512

      bac9358c98f5ff2749b11ac4cc37d5aa71e93ebb376d7b21f5f7f688c19927acea25349c832d467d88e05275d76b551e0ecefc03230af37a3048494505b3f2a2

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
      Filesize

      720B

      MD5

      3780b89b9845c8668611581e1591d64e

      SHA1

      1748dab1c5644241a8864e985605f5e25220e3f5

      SHA256

      7935b456eafcc5111b4ee292cb73e6dbd37484c282e61f54afb9e7d68ef02e3e

      SHA512

      b9c2f9293db731806a62a7a57a9d6e25ff4043df40498aef7e0515db9ffab1d925fc0a4fd7b8e5262666d2fdef0792f2632a8d263762bdd0ab8d992af37f2737

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
      Filesize

      528B

      MD5

      02f4f7490f523c486bf86a26ad9822f5

      SHA1

      7f1bbca6c501d60c7570523de3b126118902237d

      SHA256

      1598ad51778bcee87a7e8c5f4a4fcce7b7bf5e8beddb684d5005d59d251850e9

      SHA512

      cba974de4cbda1b8b46603073d8e6b9f9477727ab792ed6899489207e2741153cd1c001a25a9f8a17fddd69cfcde858ce77e990eaf4f45b0ba539ffb5b985610

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
      Filesize

      2KB

      MD5

      45e31371fcb6b1515bf6ebfe58aa768b

      SHA1

      0f1b886c7908b3f79d1e63cbaeecd258959b6991

      SHA256

      304434649d107970eae5ba48db9ea3671f3352f5045c0966dd9677debb93b765

      SHA512

      13fc920d619565578b920d1da37700bae92a42508a3d5ce919507c896f4518d4473c64c9e85eb785bcddd2b99e42c2c36c2518fb2be6491fdb391347a332367b

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
      Filesize

      496B

      MD5

      4d269f7359a30f5efecc26c0c9b09db3

      SHA1

      957f6504f54a3132a3596ac9c8ff5aff143e53d5

      SHA256

      70a3e28e7c94604e34f0f5ec93d4b0b419d33080a505ae1ef3ab42345907c4db

      SHA512

      a9972fa3c97fda9d272df6d087a7437677c69e2cb723d051fd7e6824b5d8b31ebbc7a6c5f7cb1dff1d81222413a17a95aa18b0fcc5c7c4b9702352edbbaed018

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
      Filesize

      624B

      MD5

      3306955f1677af39d37ee15d9432f25c

      SHA1

      3386d26fe14eb87260086976620355f325e64da0

      SHA256

      a001a32d2563c85a4df3410d48fef3dbe52f94bc33ac30e61f104ded6e5f57ee

      SHA512

      95708994522963e0014b2db9bb67480d825702c22d12e2cad3e6e2edc071b25682fadd6a19275e29031364f7d8ab7bfae2183301ca8f82525f564c433ce22036

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
      Filesize

      624B

      MD5

      d948f3e8433f6b0c7211a6832454ad45

      SHA1

      fb6d504fa317ec2f0cb91271f2f90dc05df5bbb6

      SHA256

      0e97ec3c7cb9c79f5277c8da4f34e3ccb44ec0c554ad633e6e57dd4e0c1ecdca

      SHA512

      e81e5a47b8759a1f49ee8b3e48214d1b53d159563403fd5f18a01220c1b8ea109070824ea453ab649cef9c9750e377c0c1c524eb8df20541c5eb693ef35cfded

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
      Filesize

      7KB

      MD5

      c5f564a19a2869e4c69fb370638f9e99

      SHA1

      3d24c0c42da4ead06cd4308f3f428ffcd3505366

      SHA256

      b6f4c4030a23664152e2338e560a84ca2e7ea07939a536269acbe151412febf0

      SHA512

      4068cb8fa0a221a4a4f85076251a79336761225a52940b5778ed1463afad3663471fe584ef785cf816545a5d4d850a3b78a0af0af5d94f6e01932bcdcf9d5b0e

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
      Filesize

      688B

      MD5

      fcfe28b90f6a7047935ec2f64a6ee6e2

      SHA1

      1b63a674f155b965eb242205f1b69fea805401ea

      SHA256

      0686c2047c06519bf00b1af2d41a0057581784d21b0684cb645b6239963000e7

      SHA512

      e759eb09486177674e7d6d7aad9c3ad22e0c3b52803a12b58c535f189e00440011e7b573eac165477940275c9b91f7d5ea7b638c8db48d355bc31de1f72a74c8

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF
      Filesize

      26KB

      MD5

      19a70250b83aca889f7634fe838f31cc

      SHA1

      b685cdb34e634704b4a8cbf07de6637d3ec6b4c7

      SHA256

      6963507a23b4554459167e1daea8aca590435d4e16fd5dfa3dfc2a3085ca2c21

      SHA512

      bd2ee1d82648f536796ff4201724a2d0b8f38778e5a82f857d93f1170c77dbde7c0673fa81cba58aaf542ee0df02610eb45eec3d699345e687b963112f011083

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
      Filesize

      1KB

      MD5

      d0b56b2d7d3527ee8eec75365d6d997c

      SHA1

      e94c14cf4c7f353f5518a41bb87fc0cc75f70a28

      SHA256

      1843cf725b364d26b68fe7b224a350bdc90045d59e7a1fb866b72f8c11a3284c

      SHA512

      c6da1c8b4fc7edae5dd280ab4891f99a9ee42f09653fd3687752d15bb00b2a620ab96ca65eda4f856c55247043a6a22a19632cf4f9d7727eb52c2f2b188ccadf

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
      Filesize

      1KB

      MD5

      3c054c80c3342b5198aef68a4fc488a7

      SHA1

      c7e23012ae8068ed24918da6c74ab11d83067d1c

      SHA256

      f7a8c5446865426329230b7d92f0063162b70546569e5ebf8b38153a7ea8cc7c

      SHA512

      55c0951388a9e934d78b4fca62a7ad27c7e5f5cba816cc816b628a066bb64d35e12a337992bb63c0cdc981ffd452069f3aa2ae9e201aa05ddd82d15e36602959

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
      Filesize

      3KB

      MD5

      50429c66eab437d4de0697fcff88d883

      SHA1

      5e44484585d76daa0a411d2a14642bb461b53157

      SHA256

      2056c8756815fd225ea05b899df9921022c46fadb5030a786c074f84d26f8e90

      SHA512

      72ff5677b17fea9ee3db391dede4dfd07d5560774991a7a1e3ed52ab8c11f5dee75e55577f9d965c02025866e8cc5f8f14930c9d3ed9beb0da05f30252429597

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
      Filesize

      2KB

      MD5

      c5fc2a19f9acfe1627e78a3eff7c4da3

      SHA1

      419be03ff54719ba9a657c0d85c522a14d5fdb19

      SHA256

      cf7c1ea8d89b5ebe25652cc93f6990e6fe1d74a1f86f7eace08d535d5dc66e22

      SHA512

      893e644c0a10e6a4ac54aaaf0728f528af143b7812a206fd8721d96ea88d1c78f6f0f93693360bc660c0618a33183fc39bdf9b01bba83bd07d54117bb7aed7a4

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
      Filesize

      19KB

      MD5

      3794698eaef425d5683d6c0f2ccd181b

      SHA1

      9fc767d131d619988b305488edf2f600cc176da6

      SHA256

      fa4c82143c837463dcc69546c8012bd62480679a25051229863a7731759b224b

      SHA512

      d021803e07b281246a0378b45e89823537a489a1c9b5c7aec028335a24620f1e65f6fa575d377b943c3e8e88ba09c05b5fd2ca5d9d0111a04556105449dbf4df

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
      Filesize

      1KB

      MD5

      c23287dd032d4ec48b2bdaed2a039d7f

      SHA1

      bc33810430c23c491459430b4b3e53b7376e02bc

      SHA256

      b9b8960fcc1ce6bf19f5d29f986f138cee4e86837769aee1fb378bbceaeb4bc2

      SHA512

      d72a5270b642349ea7d49bf3386166e49d9a8b38ab58f84f348695bb5d427e8cdf2f9683d1d25d63d7bfa3e4b48a1e8b303d27c291da6708070f79980b7e411b

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
      Filesize

      1KB

      MD5

      48bf28d5c6cc1c23c36592806184fceb

      SHA1

      8ff7910ff33f77053a1f6149428f734f0adc0a51

      SHA256

      357a4f591c14298480d6729d2c75e5a627e2a0b71b11e994c2c33892a555f1ca

      SHA512

      c5888b5868ef5121c3b63cde52db2d802650e5d4faca3e560af6a765f873e52163f383388275a18015d05f0f96c8a9afd4a3b1412413558948ed6fceb8d12313

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
      Filesize

      1KB

      MD5

      f61a64dc087eb089d784e536510870ba

      SHA1

      3d103bb8369708d1bf4b501d446223662de6aeb8

      SHA256

      995cdfc4002fbbbe40faf1bdb23ecfe78ab221a82de3fe02c80ec1b270c785df

      SHA512

      dd93e03fe2a0c1c023b99e99b1f379241f353f7b968160364b8fa43451c0e9858dfc6735eb3a5282f2352b4677002fa83a2aefd69a87c11e23b65ffb4c86a483

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF
      Filesize

      848B

      MD5

      ce33acf552860d58c16515195e1fe79a

      SHA1

      7847465acbaa03dbb715f74b350a25ef85fa9511

      SHA256

      266dc287e017b3781c5d39de65acdd1b3135f5207c602e5e9d93fcad1cd8e3ce

      SHA512

      f9e182ce7fed07d330cd13f49f4359c8eb0c1a940588a34e66780ffaa4fc3275a18feaca4c7cc2fdeeb6d14f6f52f6eb0d01cfa648511bb7ff95de00d086356b

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF
      Filesize

      896B

      MD5

      9744ababe048b8281fd3d0b351dcefa0

      SHA1

      3eed66d4e380a94484dce219315f084f1b0d0480

      SHA256

      142d2e7d8df90ab589e2e6f121e070923b11b545bd181823ba6cbb2de98b517d

      SHA512

      807250e125d74dd5d6355d55b619bf9052d19296b4f06ac180ffa7f179dadc53c0d01282879319e19f41120165830e8f2487f3624c84deb5411ad23831f54ee3

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF
      Filesize

      1KB

      MD5

      c70694c125265b36d711faf94e405d7b

      SHA1

      e7603b11f27e108c68d327396921e13f5477de5a

      SHA256

      6bb750b82a287ec05596420fc3addaa30a9ecbf45fcbdff5b7434e3210af6592

      SHA512

      164fd700542c09ec64b9b38d924ec7ad75cd9bb2899c42737968645fa242ad0f8900b01fe6c19e052a2c20ec60ea2e98b30d2528c1023031edaac5ab73f98c7b

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\Encrypted_aKsuHtaosAeg2mgYuC8cbmj6e9MhxtPFaUYntT9Z6XN.BlackRuby
      Filesize

      1KB

      MD5

      3e6926d522f5b34b196d0e7c2d60526d

      SHA1

      03dc4bca01810ea2ad2f5a4a0edad45ea8bb44c1

      SHA256

      bb556a08ad884355092b76f233900e2d34bc09691ced55dc9cb6fdb0769a28df

      SHA512

      1f2a9588a6eea43823a5d8ccd9731a2c77412473fd353a675702cafcab11e63ac367ae9b2dbced9f5428443ced55cc475821f3df2c2916776f9a11e063289029

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
      Filesize

      5KB

      MD5

      3d9f3e153adf576c3fe46b715808d1da

      SHA1

      b599e22f0b12c19e72609bbc250eabc35dd64adc

      SHA256

      e71bb5ebe738518dc1a0132ca38e956df7115bbc185f8b1d8e90c1e80f34eaa8

      SHA512

      b23cb694ab26a39eed929096ba202ad4882433083d904dd3b04a3ad6caef74940e6f50b9e8b938cc975dc790b251b3c4d57991de63bf2703ac8e46024b09214a

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
      Filesize

      1KB

      MD5

      bc0e2ec48c246acb508693f07927d82c

      SHA1

      4ec938b24126b136ec6ff2f16fa6ae1bb6e9bec9

      SHA256

      f17d70b8873e351a4584b80b2b67ca9e9d321a8c3530c67a9edbe3aa91962d6c

      SHA512

      d9737f1015a6f8979a3f9a339eeaa4b99f77020d8f72c750849b59e2da5aa24ee7d213cb95e5fd638326b6f9456b359c74df654455a550d9115fbfe1be2104d7

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF
      Filesize

      880B

      MD5

      0d237a683445971768235deb33b02896

      SHA1

      64dfd5fe5bac9ca04fcc3cd7e8ae3c62a4dd5110

      SHA256

      cb9f8ca8128fe09ecd359f83f7e698ce6a92d6b2cdb3b39e555820a9ef8d1488

      SHA512

      4ccb8163aa504549d1f9f96383f76ce85d8abfe496dfea539c2f31bb54fdf80d0ee29af36fcb7bbefb246217a95bb13ad62cf529713e153c4a2336df76cff354

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
      Filesize

      1KB

      MD5

      6d3e7897683573f79325e68a6b1b65cb

      SHA1

      cb71b36f0273e0b6c50ad44343eacba4952a4fea

      SHA256

      78c3255dc66bd6cad7300577ca80855948feed5ef3674fd2b7cb68c71e1cde14

      SHA512

      ba478b1f12d265358f621fa27d63bb079f885abc0189d2fa8cb7657dec4412b2df09a29c9bd73d48506f8a4c82e5ac7ec7d38ac91596a89ab7f87192d7d79e60

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
      Filesize

      1KB

      MD5

      c37629513eff33db64485356c5213c5a

      SHA1

      32dc87b98d4d440a5a278bef0d9ccbc6cee475cd

      SHA256

      d1d2afed310502d4942d1a7dcd847719d1ac652c5d8158858da4f79f11faabc0

      SHA512

      ac69e70c92299e1f254c2d271fee20e08e6bed3bfb56d092579d359682fd489ef2d3b87c778749229982740d926d42ef3736e9da25656cad8d54dbd614a53086

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
      Filesize

      1KB

      MD5

      95b0ea6fbfc334bf2bf553dab9915fb7

      SHA1

      e97bf75ff2defc32e06fd9eb8d8af7532af806ad

      SHA256

      a428a5fea63f31b39a31ce1ec5ce2eea0e6059bfe252cc810d8c7c53db55c197

      SHA512

      a3c3f6cade3e1291fcc47ec7c83079549eece82b94fe21ba1dff3669a5c8c527695b8fa4cf9dc52ed77e313f02c28a6564a1ab2e6dbf21d35fe642156be7dfc5

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
      Filesize

      1KB

      MD5

      1d845714a5862371bd0e97656667c56a

      SHA1

      885323b88138eb1d47807dd65cfbc6b248a67312

      SHA256

      527338f74a43ddd095072ee37923b638aa44760608f9b973e9d5e840b576bbc3

      SHA512

      5543da5340070a9a74d23edf56146fe851d07eeb93a3a0799b4be92154a92f2fc2997bd5692a312ed4eb6a39b60a4ba1acf2e82ecdb334164d93ba902cbcf72a

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
      Filesize

      1KB

      MD5

      aed68b59ee329830542833d5ff681599

      SHA1

      81f8763c5feb18c7c97cc8d438f4ee3b440ce249

      SHA256

      71add30d113524f59716e5795894eedbf1b960ccdfa46c1e37c387cf0f4ec1f1

      SHA512

      bc24aaa64c9b51fa5f454270ed366c32cf75154ef4fdb2ef5006ba7cf8be11519cd5e0afc6b8870c92a2d6b70213b3ac71fc4cc8f78e598f11d60f3e3fe80bbb

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
      Filesize

      1KB

      MD5

      039833fa24b680e8f1e9eed9e1b7d181

      SHA1

      3fca3b8360818831686e1f8ad6b94f36ce428979

      SHA256

      7998da52512e7e232627093e2d6eeb6e8a69bb35cc3360d642b4a17afdfdf935

      SHA512

      e15c05142d9d35a5913fdf3e166b3a219f32e289140993641d39588b2e125221cc4344e2e9414d1bce8429675e384cff4066bad60d5922c58d88fb4c8e0d984f

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
      Filesize

      1KB

      MD5

      64bd6f90a5bf3fef8511493e58fc93d5

      SHA1

      ef9cc2da87a1345043f7d99d25d5e607a0c92d7c

      SHA256

      6780d34bec6c967c2ff6ced8873ce4943451d54af57783f9e5d7d46a1d8c9607

      SHA512

      b512f5b262df4aee64f3b8b268624832ba62d0d2241a0d156ea72eb5afcf07e80127c388567a17f1485b8feb3a552572c2a6ac4a23282abbec662712f4f3e790

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
      Filesize

      1KB

      MD5

      745a7d85c2a0dd9effdb004e08eeb76d

      SHA1

      af751e5498081786e54ede67c7a8a7fabce6ba40

      SHA256

      9bc052b87a17504e36c860657d9fc495630023dae4058aa22cb008b061d07faa

      SHA512

      02e9672084c1569b3e8a097234a8586b281950343ccd3259899bf3a263b57ceb550f9bb9a98ea04bae897e817c888899fbf3fa6392c2c3eb059f8ec3956ef1f9

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\InfoPathOMFormServicesV12\Microsoft.Office.InfoPath.xml
      Filesize

      247KB

      MD5

      3d63c5f9289b0e54388df762c46f36ef

      SHA1

      efa8d2e454185a1fb677aa605f8bf3d4f7d3b68b

      SHA256

      e5818c2cd40012477dc89b63d2f0985b4974779c7cd0daeb2da03bd6081f4e91

      SHA512

      db13549689f3287302fdfc46d44f9c588592f1141414905e8ce4e62bcad6a087b2a9b15698ce8cc24c27c1bbfde3b44438968a31fb6790fcedb5993c5b423629

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7z.dll
      Filesize

      1.6MB

      MD5

      a788243f23ad6a3fd82fb44267e5cf28

      SHA1

      ef6a002f0defd1a3320d6f04a0c87bcb63d5672c

      SHA256

      3057dc5c3a7cbd2d4888442182650702e928e85dba90bf233aa7135d56b0cb26

      SHA512

      5b29e0560ea9d985ed65fa533448a2de291b2e56db5eada626cac372b8e6ff2fe5d106ab55ff4b9244455a765f95c88f4bcef6e319ca466a6621862826467a9a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7z.exe
      Filesize

      444KB

      MD5

      795bda1aac885134eb978ca187026381

      SHA1

      596297deacf9a1815cefd46d1ac52aa5672ed2bd

      SHA256

      907a9e5e8f67c66745088804e5ff6b66939ab3113567d96074a4778b0f95dd41

      SHA512

      7768b76bcfe3bfc2d2e838cf0498823181aad77bb3b7fbe5d279b9b70d0f6eba748a4c87e2114908817a5efb2f7a3f3f5f1440dbfa9fdcb207ff510c70eaa88b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7z.exe
      Filesize

      444KB

      MD5

      795bda1aac885134eb978ca187026381

      SHA1

      596297deacf9a1815cefd46d1ac52aa5672ed2bd

      SHA256

      907a9e5e8f67c66745088804e5ff6b66939ab3113567d96074a4778b0f95dd41

      SHA512

      7768b76bcfe3bfc2d2e838cf0498823181aad77bb3b7fbe5d279b9b70d0f6eba748a4c87e2114908817a5efb2f7a3f3f5f1440dbfa9fdcb207ff510c70eaa88b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\CleanUp.exe
      Filesize

      128KB

      MD5

      ea873717454a465b69ca796b2d1f44ac

      SHA1

      3d7096aad994177f1180c5b3dc153c6880d7516e

      SHA256

      e8dcb0d4f5942f5fa2208a122dd2bc7dfd2a46d96f9216468d43775f583e0ae4

      SHA512

      1aa7a84991d07bdd89e5ed53fe8814e35d95bd510997842d5c11a8ac9c2f786901f423b1ac3f55a4f25d7672ea90f9f2418507813cb9a0bc2f9796e4d3fdcda0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\CleanUp.exe
      Filesize

      128KB

      MD5

      ea873717454a465b69ca796b2d1f44ac

      SHA1

      3d7096aad994177f1180c5b3dc153c6880d7516e

      SHA256

      e8dcb0d4f5942f5fa2208a122dd2bc7dfd2a46d96f9216468d43775f583e0ae4

      SHA512

      1aa7a84991d07bdd89e5ed53fe8814e35d95bd510997842d5c11a8ac9c2f786901f423b1ac3f55a4f25d7672ea90f9f2418507813cb9a0bc2f9796e4d3fdcda0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\install.zip
      Filesize

      391KB

      MD5

      bb60a4aae92d58ece2013dba97378ce7

      SHA1

      20035a5996331f720caa2c0d740686c9e89e1439

      SHA256

      9ade67170d66fd950d4ba989f21a868a2a9182d7d5002d09723094e96610f926

      SHA512

      593222207a29428ef04ef3fa88818a726980ce8c0ab369577a9f6172892c7b10894c45033b97c4a744e83b0f13311b6a414dadc291d91a50524078d655fdbbad

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\npp.7.5.8.Installer.exe
      Filesize

      4.1MB

      MD5

      077268086e3e4dba46b1bd1ee1ef521c

      SHA1

      feda36051199971832b0c822e30b6f7fda5894f9

      SHA256

      613f36bf5e98be7e56b7ea0c678cfb8534077c2ec1cbe839a854dd0a60278ebb

      SHA512

      a6fae662b4b50a6d70664486412d21035010ca894053c7cf06604117747622a2a13676c7f2f28eaf276490c794831f4c0f4fdea18dd4cd0f504333da5aba7966

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\npp.7.5.8.Installer.exe
      Filesize

      4.1MB

      MD5

      077268086e3e4dba46b1bd1ee1ef521c

      SHA1

      feda36051199971832b0c822e30b6f7fda5894f9

      SHA256

      613f36bf5e98be7e56b7ea0c678cfb8534077c2ec1cbe839a854dd0a60278ebb

      SHA512

      a6fae662b4b50a6d70664486412d21035010ca894053c7cf06604117747622a2a13676c7f2f28eaf276490c794831f4c0f4fdea18dd4cd0f504333da5aba7966

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rootCA.crt
      Filesize

      2KB

      MD5

      f177e53dec7fd9fe03b9711cc5782e8b

      SHA1

      6dad7a92bedb339680cd16bc547068b1817e4ec2

      SHA256

      98ee5bfba2357a13cdc4500260874604fa973ae11d9e5f4b17aaf4a767e320dd

      SHA512

      4dca86683c76f5299330d86d94d9103b5a29d691ad2b18d726081e0a89892d95d728dc28853461b49f98c45f660b029d78b5c6e3ad122794c7fed8e6ba10b0d6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\winlogon.exe
      Filesize

      438KB

      MD5

      0d5eb67c5a6ab1e588321a718d8c891a

      SHA1

      6d69057174ceacc0b3ec0f56601e79f053c3367c

      SHA256

      5a6c1f537514c27e93fb725a94f1af8c32f9ad3876f91274224c9e29c1f25e21

      SHA512

      a7d6ae2346b0a438cb24518b46b1ff403a70a643edbcdd2c534a131e71a342865151cc75b0722dba3b2a27d804ab2385cfcd3c947d29bf2cbd6db8e917fc6349

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\winlogon.exe
      Filesize

      438KB

      MD5

      0d5eb67c5a6ab1e588321a718d8c891a

      SHA1

      6d69057174ceacc0b3ec0f56601e79f053c3367c

      SHA256

      5a6c1f537514c27e93fb725a94f1af8c32f9ad3876f91274224c9e29c1f25e21

      SHA512

      a7d6ae2346b0a438cb24518b46b1ff403a70a643edbcdd2c534a131e71a342865151cc75b0722dba3b2a27d804ab2385cfcd3c947d29bf2cbd6db8e917fc6349

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsy24D2.tmp\InstallOptions.dll
      Filesize

      15KB

      MD5

      720304c57dcfa17751ed455b3bb9c10a

      SHA1

      59a1c3a746de10b8875229ff29006f1fd36b1e41

      SHA256

      6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9

      SHA512

      c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsy24D2.tmp\ioSpecial.ini
      Filesize

      1KB

      MD5

      9c2582a54a8ef1e170b1bade920c4399

      SHA1

      c84c24520257ec4b6937a4b170f7c59c5b1b5484

      SHA256

      bf8bb18e547fd5214bb44023650edb3a06febc7c520864bb403ade884e46daef

      SHA512

      a0f30162a07fa4b4d7207a680ff4e64567f9b3d5bc91c9a000566adb4824d5de74f1497867ad712984a0c6905c5b97c9839681745b110778861c7d27f00b3419

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite
      Filesize

      48KB

      MD5

      aac682e4de63abd9d58567b34bce3e41

      SHA1

      c4c2109d3e4c65ed6f084668b08dc56a5e504bbe

      SHA256

      98d4d59b66a88e483117a49dd8294ada4bda0a93138d1b0d58da3c0f88e30703

      SHA512

      2d97a73d71ea869a2ae7a0a5b18161a163b696c062bc315174ef130068a0af877b7b4df9054499dd207b3732157c7fb938eb6bc35450812f707bc50c32fd9d37

      Download Submit

    • C:\Windows\SysWOW64\BlackRuby\Svchost.exe
      Filesize

      373KB

      MD5

      6af750183c1b1325ce742942c7169990

      SHA1

      65a168cc6077642178c987d23b9d8b58fc580538

      SHA256

      20805849c72a884739eec41b27b1253ed4b8b9f918365d3a2f587e637487d7bc

      SHA512

      c6ab5cf24c7c6835284c62fd419dad14f0e79b8dbfb9f9e2fb4fc86d831952fb48f05e0d5b8eaa952a2b3e5f37f8c3f6bfb99dbe6c0a3edf902e8c32b47122d7

      Download Submit

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\7z.dll
      Filesize

      1.6MB

      MD5

      a788243f23ad6a3fd82fb44267e5cf28

      SHA1

      ef6a002f0defd1a3320d6f04a0c87bcb63d5672c

      SHA256

      3057dc5c3a7cbd2d4888442182650702e928e85dba90bf233aa7135d56b0cb26

      SHA512

      5b29e0560ea9d985ed65fa533448a2de291b2e56db5eada626cac372b8e6ff2fe5d106ab55ff4b9244455a765f95c88f4bcef6e319ca466a6621862826467a9a

      Download Submit

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\7z.exe
      Filesize

      444KB

      MD5

      795bda1aac885134eb978ca187026381

      SHA1

      596297deacf9a1815cefd46d1ac52aa5672ed2bd

      SHA256

      907a9e5e8f67c66745088804e5ff6b66939ab3113567d96074a4778b0f95dd41

      SHA512

      7768b76bcfe3bfc2d2e838cf0498823181aad77bb3b7fbe5d279b9b70d0f6eba748a4c87e2114908817a5efb2f7a3f3f5f1440dbfa9fdcb207ff510c70eaa88b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\7z.exe
      Filesize

      444KB

      MD5

      795bda1aac885134eb978ca187026381

      SHA1

      596297deacf9a1815cefd46d1ac52aa5672ed2bd

      SHA256

      907a9e5e8f67c66745088804e5ff6b66939ab3113567d96074a4778b0f95dd41

      SHA512

      7768b76bcfe3bfc2d2e838cf0498823181aad77bb3b7fbe5d279b9b70d0f6eba748a4c87e2114908817a5efb2f7a3f3f5f1440dbfa9fdcb207ff510c70eaa88b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\CleanUp.exe
      Filesize

      128KB

      MD5

      ea873717454a465b69ca796b2d1f44ac

      SHA1

      3d7096aad994177f1180c5b3dc153c6880d7516e

      SHA256

      e8dcb0d4f5942f5fa2208a122dd2bc7dfd2a46d96f9216468d43775f583e0ae4

      SHA512

      1aa7a84991d07bdd89e5ed53fe8814e35d95bd510997842d5c11a8ac9c2f786901f423b1ac3f55a4f25d7672ea90f9f2418507813cb9a0bc2f9796e4d3fdcda0

      Download Submit

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\CleanUp.exe
      Filesize

      128KB

      MD5

      ea873717454a465b69ca796b2d1f44ac

      SHA1

      3d7096aad994177f1180c5b3dc153c6880d7516e

      SHA256

      e8dcb0d4f5942f5fa2208a122dd2bc7dfd2a46d96f9216468d43775f583e0ae4

      SHA512

      1aa7a84991d07bdd89e5ed53fe8814e35d95bd510997842d5c11a8ac9c2f786901f423b1ac3f55a4f25d7672ea90f9f2418507813cb9a0bc2f9796e4d3fdcda0

      Download Submit

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\CleanUp.exe
      Filesize

      128KB

      MD5

      ea873717454a465b69ca796b2d1f44ac

      SHA1

      3d7096aad994177f1180c5b3dc153c6880d7516e

      SHA256

      e8dcb0d4f5942f5fa2208a122dd2bc7dfd2a46d96f9216468d43775f583e0ae4

      SHA512

      1aa7a84991d07bdd89e5ed53fe8814e35d95bd510997842d5c11a8ac9c2f786901f423b1ac3f55a4f25d7672ea90f9f2418507813cb9a0bc2f9796e4d3fdcda0

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsy24D2.tmp\InstallOptions.dll
      Filesize

      15KB

      MD5

      720304c57dcfa17751ed455b3bb9c10a

      SHA1

      59a1c3a746de10b8875229ff29006f1fd36b1e41

      SHA256

      6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9

      SHA512

      c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsy24D2.tmp\InstallOptions.dll
      Filesize

      15KB

      MD5

      720304c57dcfa17751ed455b3bb9c10a

      SHA1

      59a1c3a746de10b8875229ff29006f1fd36b1e41

      SHA256

      6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9

      SHA512

      c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsy24D2.tmp\LangDLL.dll
      Filesize

      5KB

      MD5

      f1e9eed02db3a822a7ddef0c724e5f1f

      SHA1

      65864992f5b6c79c5efbefb5b1354648a8a86709

      SHA256

      6dff504c6759c418c6635c9b25b8c91d0d9ef7787a3a93610d7670bb563c09df

      SHA512

      c22b64fff76b25cf53231b8636f07b361d95791c4646787ce7beac27ad6a0de88337dcceb25b5196f97c452dda72e2614647f51a8a18cb4d5228a82ed2e0780c

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsy24D2.tmp\System.dll
      Filesize

      11KB

      MD5

      17ed1c86bd67e78ade4712be48a7d2bd

      SHA1

      1cc9fe86d6d6030b4dae45ecddce5907991c01a0

      SHA256

      bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

      SHA512

      0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

      Download Submit

    • \Windows\SysWOW64\BlackRuby\Svchost.exe
      Filesize

      373KB

      MD5

      6af750183c1b1325ce742942c7169990

      SHA1

      65a168cc6077642178c987d23b9d8b58fc580538

      SHA256

      20805849c72a884739eec41b27b1253ed4b8b9f918365d3a2f587e637487d7bc

      SHA512

      c6ab5cf24c7c6835284c62fd419dad14f0e79b8dbfb9f9e2fb4fc86d831952fb48f05e0d5b8eaa952a2b3e5f37f8c3f6bfb99dbe6c0a3edf902e8c32b47122d7

      Download Submit

    • memory/988-104-0x0000000000170000-0x00000000001B0000-memory.dmp

      Filesize

      256KB

      Download

    • memory/988-196-0x0000000000170000-0x00000000001B0000-memory.dmp

      Filesize

      256KB

      Download

    • memory/988-5775-0x00000000052E0000-0x00000000053EB000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/988-5778-0x00000000052E0000-0x00000000053EB000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1456-5776-0x0000000000400000-0x000000000050B000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1456-5777-0x0000000000400000-0x000000000050B000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1456-5779-0x0000000000400000-0x000000000050B000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1456-5780-0x0000000000400000-0x000000000050B000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1480-85-0x0000000000400000-0x0000000000422000-memory.dmp

      Filesize

      136KB

      Download