Overview

overview

10

Static

static

3

05018899.exe

windows7-x64

10

05018899.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    15-06-2023 12:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05018899.exe

  • Size

    5.3MB

  • MD5

    b1d1ee7ca6e203ed26009f7667600b09

  • SHA1

    7ac25793380eeba7dbd7f5ffb544ba999641ba08

  • SHA256

    038bc98b3cedf2e9c36df41cdce8fdfe43fa2d910911e8f18fe0d9abff55b7e3

  • SHA512

    631e149e4e6da217908bcd4cb363d2b43d1347f145c883f449d6594ad454bb5a7dc650166594c3caf29375a023874240c4efc6e787154966dbc58300722e878e

  • SSDEEP

    98304:y95iCM0BDy9FBLpPUpeXV76c7qj1qhK4LwOhbaRZka5Rt1++VPiZ4qo:SICDBO9FXPU+V7pLhK48OxaQ8RtcePca

Score
10/10
hadesxmrigminerpersistenceransomwarespywarestealerupx

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\HOW-TO-DECRYPT-FILES.txt

Ransom Note
____ __ __ ____ __ / __ ) / /____ _ _____ / /__ / __ \ __ __ / /_ __ __ / __ |/ // __ `// ___// //_/ / /_/ // / / // __ \ / / / / / /_/ // // /_/ // /__ / ,< / _, _// /_/ // /_/ // /_/ / /_____//_/ \__,_/ \___//_/|_| /_/ |_| \__,_//_.___/ \__, / /____/ ===================== Identification Key ===================== 646D374D68336F4A527A726879766D592B2F78564771625A2B4B763256624 53741385449627A724F2F74434847487449662F33494F4E41745369386F48 54324769746252513847712B2F704F506E537561454A525A2B6E4D6170453 952797955654D50727574686E3379496D634E4E686C495A65785031417A65 49593652334A4C62354257496D542F362B7168713774762B706A615959394 F46594B436A3348626172776C614D5637796E4F364841376C76707842356E 7038634955794D524B56704A6D61547A4667754C56557A6D646F6263707A4 56578466C3877416A7672756A423530537A6F785650633535507259633670 53456579384A4463726C2F5548566F674F44503672736255694C3644594F4 A5646747845556A62747556436A7A754972377966733376552B4C41307865 634351736A69552F33323477393075587361716D685143626967445653647 37743705359513D3D ===================== Identification Key ===================== [Can not access your files?] Congratulations, you are now part of our family #BlackRuby Ransomware. The range of this family is wider and bigger every day. Our hosts welcome our presence because we will give them a scant souvenir from the heart of Earth. This time, we are guest with a new souvenir called "Black Ruby". A ruby ​​in black, different, beautiful, and brilliant, which has been bothered to extract those years and you must also endure this hard work to keep it. If you do not have the patience of this difficulty or you hate some of this precious stone, we are willing to receive the price years of mining and finding rubies for your relief and other people of the world who are guests of the black ruby. So let's talk a little bit with you without a metaphor and literary terms to understand the importance of the subject. It does not matter if you're a small business or you manage a large organization, no matter whether you are a regular user or a committed employee, it's important that you have a black ruby and to get rid of it, you need to get back to previous situation and we need a next step. The breadth of this family is not supposed to stop, because we have enough knowledge and you also trust our knowledge. We are always your backers and guardian of your information at this multi-day banquet and be sure that no one in the world can take it from you except for us who extracts this precious stone. We need a two-sided cooperation in developing cybersecurity knowledge. The background to this cooperation is a mutual trust, which will result in peace and tranquility. you must pay $650 (USD) worth of Bitcoins for restore your system to the previous state and you are free to choose to stay in this situation or return to the normal. Do not forget that your opportunity is limited. From these limits you can create golden situations. Be sure we will help you in this way and to know that having a black ruby does not always mean riches. You and your system are poor, poor knowledge of cybersecurity and lack of security on your system!. ======================================================================================================================== [HOW TO DECRYPT FILES] 1. Copy "Identification Key". 2. Send this key with two encrypted files (less than 5 MB) for trust us to email address "[email protected]". 3. We decrypt your two files and send them to your email. 4. After ensuring the integrity of the files, you must pay $650 (USD) with bitcoin and send transaction code to our email, our bitcoin address is "19S7k3zHphKiYr85T25FnqdxizHcgmjoj1". 5. You get "Black Ruby Decryptor" Along with the private key of your system. 6. Everything returns to the normal and your files will be released. ======================================================================================================================== [What is encryption?] Encryption is a reversible modification of information for security reasons but providing full access to it for authorised users. To become an authorised user and keep the modification absolutely reversible (in other words to have a possibility to decrypt your files) you should have an "Personal Identification Key". But not only it. It is required also to have the special decryption software (in your case “Black Ruby Decryptor” software) for safe and complete decryption of all your files and data. [Everything is clear for me but what should I do?] The first step is reading these instructions to the end. Your files have been encrypted with the “Black Ruby Ransomware” software; the instructions (“HOW-TO-DECRYPT-FILES.txt”) in the folders with your encrypted files are not viruses, they will help you. After reading this text the most part of people start searching in the Internet the words the “Black Ruby Ransomware” where they find a lot of ideas, recommendation and instructions. It is necessary to realise that we are the ones who closed the lock on your files and we are the only ones who have this secret key to open them. [Have you got advice?] [*** Any attempts to get back you files with the third-party tools can be fatal for your encrypted files ***] The most part of the tried-party software change data with the encrypted files to restore it but this cases damage to the files. Finally it will be impossible to decrypt your files. When you make a puzzle but some items are lost, broken or not put in its place - the puzzle items will never match, the same way the third-party software will ruin your files completely and irreversibly. You should realise that any intervention of the third-party software to restore files encrypted with the “Black Ruby Ransomware” software may be fatal for your files. If you look through this text in the Internet and realise that something is wrong with your files but you do not have any instructions to restore your files, please contact your antivirus support.

Signatures

  • Hades Ransomware

    Ransomware family attributed to Evil Corp APT first seen in late 2020.

    ransomwarehades
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 6 IoCs
    miner
  • Modifies extensions of user files 1 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 11 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 33 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05018899.exe
    "C:\Users\Admin\AppData\Local\Temp\05018899.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1204
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\CleanUp.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\CleanUp.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1780
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c 7z.exe e -y install.zip -pSampleFromTACERT!!
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:668
        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7z.exe
          7z.exe e -y install.zip -pSampleFromTACERT!!
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of AdjustPrivilegeToken
          PID:564
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c CERTUTIL -addstore -enterprise -f -v root rootCA.crt
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1984
        • C:\Windows\system32\certutil.exe
          CERTUTIL -addstore -enterprise -f -v root rootCA.crt
          4⤵
            PID:1816
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c start winlogon.exe
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1836
          • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\winlogon.exe
            winlogon.exe
            4⤵
            • Modifies extensions of user files
            • Executes dropped EXE
            • Loads dropped DLL
            • Adds Run key to start application
            • Drops file in System32 directory
            • Drops file in Program Files directory
            • Suspicious behavior: CmdExeWriteProcessMemorySpam
            • Suspicious use of WriteProcessMemory
            PID:1864
            • C:\Windows\SysWOW64\BlackRuby\Svchost.exe
              "C:\Windows\System32\BlackRuby\Svchost.exe" -o stratum+tcp://de01.supportxmr.com:3333 -u 43DmqxU4LzuTrmA8GLZ7S5J6w32bwCavX9bhvCiSEwwebfn4TCYRAxmPtWTZq9iQ1F6XYsktJEYBYDkhKu4KXw6rCCspxCJ -p Admin:BPOQNXYB
              5⤵
              • Executes dropped EXE
              • Suspicious use of AdjustPrivilegeToken
              PID:1788
      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\npp.7.5.8.Installer.exe
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\npp.7.5.8.Installer.exe
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: GetForegroundWindowSpam
        PID:604

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\HOW-TO-DECRYPT-FILES.txt
      Filesize

      6KB

      MD5

      56fb6254a11e7c9a78b679eb73137d19

      SHA1

      3e6203489072d5c86cd3665c2a904ecb47e011c5

      SHA256

      0cbd468e911221fb6039429f9c23d835fbfc2c78fe332eec705a6364efc75579

      SHA512

      a1ea325f30ebe72cdee1bd2e74fa082e45cdeea37ef83c26f4637afcc7e0af13792528e59ba33d351e8746b28b2e80dc0207e079975e493f770bbffe13f6ef39

      Download Submit

    • C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
      Filesize

      27KB

      MD5

      4373fe1ef0d5de45d495fca894f5b331

      SHA1

      9a1f4b568c9948a91f86131d8174229546105bf2

      SHA256

      079e3f88e0e71ca47562d0a0d23938597c58e89fb33904e495b3a1603ace148b

      SHA512

      57624210e2ca20e1ae3cbf990b9205926b76dfd3a9ccb644b0d0f8d7484765144d7adad138107fa4c97e6f5dbdeb84ff0f215fe2e0ad73d8340d1a20733e5c33

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF
      Filesize

      608B

      MD5

      f1f7e7f74a010795e3d4b93d2c5008ce

      SHA1

      c7321e646206c475e85b25fe5f7805fac9a62a54

      SHA256

      2c4a93031a2c6f3b5b6bb5f51032da8d66319d713332ddc4dabd739a93abf51a

      SHA512

      a197c4cd414380a358a32a7209ea046c4d08e521951bbcd96a1580663d16efd5b4d4931783552d2d9f5fcb268b51d88ce72c806a2efdffe55c1ed07d82bdc6c3

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF
      Filesize

      480B

      MD5

      ee6d3924eb4acf02cff89b5ac36f3fb4

      SHA1

      46de15e392f33ecbc15320cb8605b54af86fc141

      SHA256

      d2546d27593b7d11faeb86fa610479db11e9110542190c94021ff1029985b3a1

      SHA512

      bb43b9ba3e20b410904e033a9a2fcb2470208d9c3e840ee134946685c9ae8124a32346a98fc2298292445bcd97e87245a8d55331cb968cea6f0d5b8400639f3f

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
      Filesize

      24KB

      MD5

      6b490a8fe104bc4335e15911f099789a

      SHA1

      369c9199aae25c176b954bb3f9018012c57f4514

      SHA256

      04827617af1d1a49dbdb50ea8dc8d81a9a94fd3026c257565ee994bfbc83905d

      SHA512

      23dde1b3c1d43ed73d2fbb8b06a59a9670cd0e20308e0c70c2fcacc8c84a04b479dd237b43bd4dd80c2840af6992cac7f0fc048a1808e9268ce1561ba067b8af

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
      Filesize

      448B

      MD5

      31900f98a437977de9dad752c20145c9

      SHA1

      fe7279c0cc45e6bfc8124983fc22f5a8fd9a23bf

      SHA256

      e09f61b42619120c47194355be71d36b557b120843a28215fa22c1b7fdc74331

      SHA512

      2a23e65c30940e5741cc741fee960bdd6f72597fcbf0991d76a426630e007b8f211484731bc7acd995e7945ad0f2ccd85c7f1848d40fef61c4b32d11e1d00bb3

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
      Filesize

      768B

      MD5

      21589d8bd8d907f6f521c38358048658

      SHA1

      5c5434053e022171679c93ce263f6c94ac155a15

      SHA256

      7f90538a0176ae260c3d3824306c507d4fd9b0dbf5b259bb5b187d8359172e06

      SHA512

      65b17791c2a2b2912181cf0d9397df2629a225db2dab10fa38ab322f004fa796884e67a579eac3aec85a0297a7557bc9b6177438814c3edf68abacf7b9c441f8

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
      Filesize

      1KB

      MD5

      61d8fc92249aaa3e87c561f9e31efee0

      SHA1

      2bbbeffd04167ecda74ad09c4f5a896addc08197

      SHA256

      6d94d6190776642b0365a572de69ac8e7aef95cae49a0ccb0c1c362c272296d3

      SHA512

      dc950956aeff2b58ea42b7c51c82927dde2f263b1ec8e96bedc7f8f9af8de02c01514a65931d44c349d6d1e4f72fd9f16533d0be66997e573a9745739fc95196

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\Encrypted_gnaOCQB3wViaOZ18FLOT6JZbo3uM9zA1kqqssnJD.BlackRuby
      Filesize

      608B

      MD5

      f734d969875ada80d886efa09b4cf476

      SHA1

      0d8d7dd00565eec23224756f0d4c3c9c6c87bb83

      SHA256

      1bc065e45d397e7341b0c2bef6b3e372100b10d19bd4fb1931dac1fb0f52ebf9

      SHA512

      ba235a3bc7bff6365983aa19dd308958c7d26c4c788d26d1736cbef96dde79ababedea7ab04a09790ab19e63898f8ebac7efcca0dac7cd3187a6f1307d0ada82

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
      Filesize

      480B

      MD5

      efb87c653783af603dfee216a3d08eef

      SHA1

      fbea26aa623bec54d0740814d9216a673eb008fe

      SHA256

      bb8fa66fc573f836d77b8bef5b2b15cdd0e4461adba770878ed508bad17ebc00

      SHA512

      4d465cd8627100fad3e3296e47c455a56b45348236d63e43a71f39a9086b1297b244616e3750023cb93e37d19ba8c19deee78b232e02b7fe23cc909c927aee2a

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
      Filesize

      5KB

      MD5

      5bca9332a46dcde670ca5871f226de33

      SHA1

      499723e52c740ecdb3dceed8eb2342e391c4c91f

      SHA256

      6ef725a03026dfdf4d4e95b6844522f00b8136ec226dc3330e74423a56e3df24

      SHA512

      3809b857ea4764699c9dda9ad28440feb335a3f6afcd8a1a3419b2ed23acddf1359dce6bc15dde99671512ff34abfdb697071287df1d0c67f4fab5f4d4c4c83d

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
      Filesize

      31KB

      MD5

      e1128bca6ff4bc2acc4d54d651fd1305

      SHA1

      a26ba5668d82127624a901a6767b22e2175f5dc7

      SHA256

      aca15eaf35f66a1c3980f391fe0496316f0b636fa79e4866a2c3871de35a8e04

      SHA512

      553d97d1205c5e63091c6a577195f961051089dfa6d4966215869df1815730e39c56be666a02312bd0863f2e6ba1681d1039c4c307f2fbd84da0a75373ec2d3b

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
      Filesize

      5KB

      MD5

      0a5847a6a6f7b0da601bd1ef386dbe00

      SHA1

      8c606c42732166041c38b50ccd300543c5d5250e

      SHA256

      5a8010ea4a57aec98cd76d2de0abbc14b2b277dbcd671f638d08859e910fc15d

      SHA512

      36d0c570d759113854ac9c7e955a8a16d78bd8253161fbbf1e8cc6f5f23ec7e318780993e6e2d57b1fbb4578fe9b743d6130a064d5e8a35fff06189d576dd010

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
      Filesize

      21KB

      MD5

      f8a11e371b6f047ac2f60f4d040ebfa2

      SHA1

      74756af5b5919985c338fbb074539e5bbe4fe023

      SHA256

      cf684d79ad4bdf4ea332f8e76e4f88438ba71aaebb73006b2854ca6c51dd323d

      SHA512

      5c56ab7930194ebd9864cb5c6cb05a8f2a1811d8a7cb2abe7944350443faa859bca9721ecabeb6b92f2ffe270f3722b1a7cd746147ba15cac5323970bed9c521

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
      Filesize

      368B

      MD5

      0091e055686bc90360ebb57eaa7cb45a

      SHA1

      54d4919156f541f963014603766515abe161606e

      SHA256

      9099663df5b223ec705beb470403f41302fe514e5b5b60c98e3dd2eb3ecf04dd

      SHA512

      674ffe67eaf9689f39fa6c07eeb30887f63c74077cb612714a5d05d5673ce26678bf9c318e350e7da49307a743d11a7068fbcdad34e72b0bd3fc6b576f6b234b

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
      Filesize

      8KB

      MD5

      2096903aa38ae415f5c79157fab09803

      SHA1

      5aa8c7040ddfe014675153059373ea18c3e069ec

      SHA256

      a0ec95e827f43b36be8337418c338c5e91865abc8e5135f3e20ab8f85c686937

      SHA512

      99bff87671eca000b4cc968b7caafde908e2f5554dabffa93d2a729c4eb8c64b29161da5bec5c4b864ab2957ce0dffedf8102e8c7f7880f88ebe3d2fbb9bbbf1

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
      Filesize

      15KB

      MD5

      d129161470677d0bcdfcd53a233621ed

      SHA1

      8082d669afb432fcee4967c5158499771cda1556

      SHA256

      94ef1ddd64009a5a1c7fb331f3a9a414cc161cba5d4c2a241333cb5f5e5b81d5

      SHA512

      25dff83387c8ae35c01f3eee0d885a888334ab72a6b1c812355fa98ef519e7e66b684abc906c96ebd0dd98a105d0b1b9bd62730012952b03a0aa83ec1e4643a6

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
      Filesize

      6KB

      MD5

      81362d89dfbd82614308fc245eb50820

      SHA1

      8b4879fc841b6739f61c896481b5703a05eb4edd

      SHA256

      c6b6a46a4446377030465f8e73d0ee8299a54bf991ed7dbb030a283a36d88fbc

      SHA512

      2641717b780d88bf5dfc56e8b3c7d73e8647c1069f04c9d58d3fb5e87b56e1b4b5cc5147a55944aa70b1ebbc71a9c9d1f09b6938374d1aa3834cbf83f09cfc6b

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
      Filesize

      20KB

      MD5

      f9fa13ca14564927736ea2eb17c83845

      SHA1

      4e1b2b141b7a6e1b1ad05e7e4db169e25daf57e9

      SHA256

      30cb8461bc16afa24769f5ba594091f2ef12785c83fca050d338a0894a422a66

      SHA512

      1399fc2f84b4c168e859826df2c8ef1d0b4ea75935f1e84c4e6a48dc84ab63ec3f064011b3773a78d15b218796bbc2c3b23136ae60b6a15dce12e504a6bd3462

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
      Filesize

      6KB

      MD5

      e6ce74a33e65c27ba99f26b904456ca8

      SHA1

      476b1fe5ffb1aa16c7322b891cd346120a7081df

      SHA256

      cea9b36c671e10c72928b84b6fc6374f55d83462153608c0b734f73380207465

      SHA512

      501035eb226f5e453b14137ebd17c56c256db8fbb438af1565050f36fb863ede09e79c6c91f9bf50fb0d8fc8bcbcff2145fa08bf995a03f32a8253967879ff92

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
      Filesize

      15KB

      MD5

      522cfa670ba18e0e1ca6047b99567884

      SHA1

      fab7e08db06fe89d42849ee65cfdab1b119eb30a

      SHA256

      e38edd1c7f2d879ec04d2a28bbf19d727cc57683b47a0d6ce44c73963c640202

      SHA512

      44ef02de4cfd659b7ce570113a1ce4f6a88beb68a2833c6bf0a7eca37080b2429f3e9f9028a4c1bfd8b9d79e563b25996a7e83cb5af7cc4208fa7c9b4f6c7a28

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
      Filesize

      3KB

      MD5

      e66bc87b3189df716170bc5709df810e

      SHA1

      e35b78c14589c16825c39461a8bc3f49dea88f46

      SHA256

      76a61189e0827b36598835a403e1174b32d4e94a99197328501f138fac9a2d26

      SHA512

      85d500bd88b33dd3101468b1cdc53db5ac9b8515ccf1008ffbd58b6d1fa603062eaf671c0b25467a2f7c81a97db51b54cda5bceb1c58914a2b2518ce24697857

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
      Filesize

      2KB

      MD5

      46eca6da7a323f2d4a203d4d88de955a

      SHA1

      3e64bbfc67bd604ec8776d37b7de6c1ad91d3a64

      SHA256

      4805f88c0d5ff73d3e1f4522f3fc14f17613e0b4f0626aeea94d9521d9f372aa

      SHA512

      0a76c27b5125967761f6a60daf49c921249812dbfa698eac6a91bc96d59c1c7c5ad95e3b21f5d0c661f707d8f2b16680460f19f9a4b3f2f78b30d5bb21cf3df6

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
      Filesize

      7KB

      MD5

      09bcb9d5bf4a21ce69a636a3965d3348

      SHA1

      4a3e3b60a7aa5b9c60557a53b0b52030986f0501

      SHA256

      90fd1471eb6ce3fce0c13023bf89c8786bb9ec7a75beb9ac6e1870c8e093f5c4

      SHA512

      c5cd38d678720040d0d5269996c012534d6a7155f7390d95ab18fbca9eaa32f6938fa00566699c5fbdc16dd6b0fea3b1c1a7bc6a880cb9ce6633cd413a2476ef

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
      Filesize

      512B

      MD5

      c66ba40dc158305c88453a9e8d2ad00f

      SHA1

      7be61d6fbb048fe627081c2d9bd88e63df0e8bd1

      SHA256

      6b533cf3a6ca5c7a205f425060b7161441383ec0089655839686556bc39db5ec

      SHA512

      06e9b2fa00919b9cd300a4e24228262f8a127c0e2fe258fd0664090bb25d1a856b93f0831fc385d19dd8fe53e6a62c6c0f2ebe1a0402d087308de2879ea91bf2

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
      Filesize

      592B

      MD5

      62e2c171b61e7b1e00769526e0d92d5f

      SHA1

      fa3e8b07f7b740b227f37b674866a0eaeb9a458a

      SHA256

      aaabe72be42379d098d309d3313431606fc117094f0b6cc8ae4f22b123fc200b

      SHA512

      1c082a2eff324b1c3a46e45d4250a0da9251ec5550fe868e50cba74c0b1f02d0b982f6843355e8e351c94508623c02a509d00ec750113854d29cf90f64f92a5a

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
      Filesize

      624B

      MD5

      3bb7e3474812e241c5bc77ae444b9610

      SHA1

      f229ac7bb1981aec5ca3514523f8e90798c45c07

      SHA256

      3c958ede076bffa481736c8b68fbf596ef1201b5bdfefa4417c821509f00a184

      SHA512

      4e3ee9432a642def07aa761157c7677ee8ccd2b4a1b4c8e4a9b4219cd6ab1ba9a94b165f2e89105be81ae69ee437a31ac296319e0e8a5296b806ee8f7c3678a1

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
      Filesize

      416B

      MD5

      a5a06b90152257914f39557a1b87c86b

      SHA1

      743ba75e57ea988b1d7c6b12d2065dc21e163f08

      SHA256

      8267e1cb6a48299f9c715cb4f114895082c1f3c56d5d28af4c3b02bece004c54

      SHA512

      f680380be1cfc2984366dea80118abff8d6986df7a8e0104e431f64821afd51fad7141475cf4c806d8ea572953a940b70e10c8d3dc3cf7b1d8fd8ba7cf8fb76c

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
      Filesize

      704B

      MD5

      79dd0f4bbd1ed5d540e3949bba604d39

      SHA1

      3672b9f121d927b529d631301a9db768a8b09573

      SHA256

      9ee0872ad6a4954df37204e5919bb54d9f0f3c663bd68b778de064d724f390d4

      SHA512

      ec35cbd67fa3152a3a6d8e31830dd5f31ae5f58296283813b53a07ad51932092357eda2effbafe26c91024beabfd7bdbac329d90e221a692138bf3aeba435046

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
      Filesize

      720B

      MD5

      d516dbcefc3ce1c6d88a849ce9788e6b

      SHA1

      82e4aacd311a52f19cde401759e28cbf59838ef1

      SHA256

      5a4557ee43e82d97795f83ea1dcf274d9c63727aeb4b30a2bd81cdb03ba5b6f7

      SHA512

      ac3927a397d1e23b01c060027bb7f43c54da567a2555561bf469e743ec7c87475d45ad4636aacbba5f2e77fde7162eb0ca1e568f484ec2c76f9526a16fcfe74f

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
      Filesize

      528B

      MD5

      522a11c745aa062c75b266281a1e74af

      SHA1

      9bd19341e52f9d664d138e0c4a6817930c2a7096

      SHA256

      e05a6df93c8111cd0d4638f3f6f6292a20f8fb221597dd7d7ecc784dc3b37a04

      SHA512

      e9579689d36750d5b791d3dac0bec3f4ffa2e444253312ed1eca2f72356ef6079c5cf2d749c12fc9db908bc3cc8e7d7a2cab7a78c87904256bcfa3c57e56a431

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
      Filesize

      2KB

      MD5

      b441e52b725c61661a8be1d47278ec82

      SHA1

      c878e354414cf0c87dbbcc06f39b3440a953619b

      SHA256

      e35e83b45e20076d091c54ec5a82ab39397266fb88d51b79a970eaae1f905e65

      SHA512

      f6bf3dd6b81efea718ba35315f4cbd0775ea9df6fae8d86c53c7eebeb3c15a2f82bdd34130bb91355fdec9e2c9f13cce1924776597798e8b9a76cf72c2b432af

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
      Filesize

      496B

      MD5

      411d5ed68ccbc7dabf5408b5f05cb158

      SHA1

      6753e13875d051ed902267e1da2caff4d63df702

      SHA256

      5826af4051fa703fa0e859c6d802c24ed9b29d1f41985a59f7c48abcd1881a09

      SHA512

      9617959e3fc4151d38c137cce64a65592d2bc64a325bfdfee1019debe3da9b85b23bb2e99d6306f05afcc3fc069f425afea08415ea9acebfdbc2b3b748df15e9

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
      Filesize

      624B

      MD5

      474bb058e656ade7d15e75bbd3994898

      SHA1

      b60ebead5786d819f3b0232dada581651ebe7106

      SHA256

      388f5bdf6ffafdc9afdd1e575b7a693fd2c25e726adab2f6c12e57f6854b87c6

      SHA512

      8735a34f8bd30996f77de0349e5ddb469652b3083be9497417255e476ad49c70d9770ec9de0da6f6b60a3d43ecc1faa0b8988ba4b63b8ef3416315631d37542d

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
      Filesize

      624B

      MD5

      3be72690cd39d78d12cb4b8de2646dde

      SHA1

      4e33b4de7ba0be6f0dfdac6c4a0c97fd59da3e00

      SHA256

      e3a1f63a8c08f47edc0f83e607a637fb3f515327f736e2e5162865429558445d

      SHA512

      1cc7ffedb492713d2fbb09192bea8d48cd468d9cb2fba6f529fbb35a7ba8702ea7850834b54dc00d279de56efaf8b5ef5119083216afd0120bdcbcaac78788ea

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
      Filesize

      7KB

      MD5

      b8cc60ce659279e6822789516d5ce776

      SHA1

      7332262ae8df791cfb490ac77b211ee6bd5a80ee

      SHA256

      18256c4dc50fc110f41fbfb7f5e97956136e413f1b2e51c011fa5fda3702da56

      SHA512

      91627b416e3941d467788e3054502c373ce2a3c53b2d5ef344675b459287c1be456e758bdb4c9e558cac7fadc56f8f7790a60c8b8e87302fe82c3e3624da5dc8

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
      Filesize

      688B

      MD5

      7301a402eedc5e4a14a307ed108be733

      SHA1

      0a830616eedadf37c7de8814be6da157ff9d5668

      SHA256

      1ca89057143909bcfb5051d07ff9e3c47354be0195775e3dc8a6442874c87733

      SHA512

      8c6997a191ca89a41a0a39d92f5671052727220aaea60b1db6f8cc00afb4cbeee429807af1915a8438b7ffff689f785e813f58faa53b2476cde220852dfc481b

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF
      Filesize

      26KB

      MD5

      53450ff0e0851ab37ae373e7d8ccc0ba

      SHA1

      e30e198517a49ba8dc5d0062b628d250078a8687

      SHA256

      1148102839bfdf0a8bea6a6ae252f986e8ffdf7b2e9acc3ce10319a068c9eaa6

      SHA512

      cd17fda1db0dfed9f91d409cdf1046e616615b4a43c87dc4fdb83ae631150937f127523c622ee52523afd41a96907b7b0864e36d608f540a3a3d0e9ea4d8b839

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
      Filesize

      1KB

      MD5

      ab16e14d328d96c50d3650bcfba0cd3f

      SHA1

      b5559122afc3fdffb60b5f0c2db2379dd91a9fef

      SHA256

      359c0e95aa9328c89d40d18f34a7dbd41d36d486f929e9bc48670a1d38a7dabe

      SHA512

      def0e36c27a8f3c9aae4bc44e40f69be4a3f08f29cf590bb33ee46f5a30275dad75a2c4cfca3f46c7368e3f458b7dbf0227f2115df2fed4b164853ef85ac5a50

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
      Filesize

      1KB

      MD5

      aa109aae07251b4e39d199b01b7907e7

      SHA1

      65e12ee97c67886180437d45a272124f561970e4

      SHA256

      4ea080cad5debc28b3f2eba6f629fbf698584fdc659436852123e8699a6c894a

      SHA512

      b9e3e86fa78f6764e1efc5759b807acda8844a7affc4c2f2be7d7e9e9d9ac4f627c2e31088fef07e6fc0c45f66b8d47fb6093f34a925a88b55908930ab667d71

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
      Filesize

      3KB

      MD5

      fcd272ec469ef4d70998a082697628ba

      SHA1

      10c053ec4616fcc56c1f909ac001006a0ee9da56

      SHA256

      34fbc84e6f13cdf7c9d6942a8dd8619015a0828a12ea03abc67e6ebd63be8ede

      SHA512

      e50ce7c4640d80c2b2d63d66bcf44b2865cf90f5344bdae4031b9a19b054724c6dfef57fef62875bc163149d1fc4923e299c8f65d86ceb1cce20bcc7c783b1f8

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
      Filesize

      2KB

      MD5

      d73f4221aec31056a2445512c8e74052

      SHA1

      62a1787822893604b2db8dd8ec6f93666a37975b

      SHA256

      7a709eb4504f0e16f92857b40e9476f9c21a1c8e5a5d7ef3f2faf8a886b46261

      SHA512

      afd1cb46b2737865782587148fc102eb25f210d8586272c5ceb6548a4446a12dfe634be4cf11c6e9ecc4161ebf1ddd0b51fc11b2ec920606eff0fe52db08acb6

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
      Filesize

      19KB

      MD5

      7b33a2c6c14aa42bfbc973085691c4c5

      SHA1

      04d2da27b860151caf6d459ab43b330596373690

      SHA256

      8354dcf79ddb94c70f2dfd4d09b5ee89d07225e1d41348e02d85f263138f0fbf

      SHA512

      39e6569643e74960e59c61eb6450b1595096f1cfb86ee5aa89318f40b40e4f9de41e2004076e7d0a9ad36e453549b960f877eaac104c6a4804ba5f201da7c97b

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
      Filesize

      1KB

      MD5

      266248f3353af15bc9dfa468f0fe68cd

      SHA1

      b905e24e99d55875901aaa14b819b17e9f792d03

      SHA256

      3c3c4b27e75e7a0cad476b59852e48fc1081ae8e8613428bb81c048f576bb826

      SHA512

      38afaad832faf4c5be9150b1ce1a8aff2993054f0840f2b4781c79c7188c502b894fb3ef1b62fccbefe0613a59fbea22589697979adfdafa2f00d9a8c25ce9b4

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
      Filesize

      1KB

      MD5

      17e37e310828dab08a59d7fe6d8a7efd

      SHA1

      b619df5e7f0fe539aa26848ba952fc34ab812caf

      SHA256

      c4c8d743d12ee60eeef525aa34ef2201b69de554f91e597658de03c96378236c

      SHA512

      43403e673e4fc7d157a309e41bc477804cad1999afc6d0db706fc5d24f81f44042d66118da92e49a5682bab88f19da37cab55255fae3f6dfe0f9e9d8a653bc89

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
      Filesize

      1KB

      MD5

      8cebac873d3c8412dc51eaf7dc3fe7a6

      SHA1

      1b15ac09e57f86691cbcf0d90ad8c287c77a682c

      SHA256

      2aafc894025edba4e26884882e8cf4b0a85b03cd573b81c1bd55a848c764b92a

      SHA512

      1e0acf5aa156c2a86adac809fa4bee8ed198480d9eab866f77b5b16f03c9560346eaeeff3438c9872cd1ca65189ae304671223133b2a9567aec1094ce22e280e

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF
      Filesize

      848B

      MD5

      87f8aeefc781929ec77fe7f5aa8a9d84

      SHA1

      dd09fb56b4a81939c12fa0c0b2958ec8b120da00

      SHA256

      7ce440b1285ed6ab620d26f2abda36feab5c162f31dfd41ad163a28210fdd045

      SHA512

      9f7023ed72d08c3cb04239d6f3dd71f0da21a5f93eb25574f5ebc85f60bf6cbf29af0205fe3fba41f262d8e64d2f8c68796b55873acc5b2a8e737eebdd04affa

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
      Filesize

      1KB

      MD5

      9aaf9331e81bd2d2c2ac44067f5082df

      SHA1

      ac8bf4ce0e2099ccd7cae58ee7096c129e83f12a

      SHA256

      f8c02d94290255ae47e2326bca01427b1897d80a9938e8c70e40d505e6ae6562

      SHA512

      6a5225aa354afd13296e59ab52be2faa5b46026b2fec891de7cb1da16e6335c28e0b97c1b464326415828456cc31060526907484dd3a0632523ab8a71f03b075

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF
      Filesize

      896B

      MD5

      505c4eeffd0a492ca885fd13039cbfc9

      SHA1

      0390aabbd8649b4f3a28a550b2aeff817b5af7d9

      SHA256

      22f098e096203ba165f33b636e589ebe77c466dcff795f792a265477041127c8

      SHA512

      55b75ddfc4ed0e4ad821ef833bccab1a40194aa277cc831a5991b48430872375ed7e7abdee251951bd139ad036a0949f41aa08ce0892aa5a70d498439b17e51c

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF
      Filesize

      1KB

      MD5

      a4fd14b3d0637e4fd6628fd9aebaded3

      SHA1

      c9786c1fbc4aa571d74e43ff49271313dc4d2e2b

      SHA256

      8b39bb35e8c53f9324d5fef9b62ee0dc82371adc842e3d3863b252e367edcba5

      SHA512

      8afb1aee961d327e86605b19262e865a2d3a62b0cba0167e2dd005ce4ce120bbf65a6cb67db18a1bffa817933a8c53a7f2a2019ba2b9079c5d5721ba2602dd04

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
      Filesize

      5KB

      MD5

      aeaad64062ff20eebf5340f28761d12a

      SHA1

      c2c6a4630c7824d9ee9f11d42b5ed21afd9bf17e

      SHA256

      510976b8f3e7c532eab21f4632fd18149cafdd399d7fa31c63c88053419942ce

      SHA512

      b6142e697db60c716094bd84f7ce76b302ec30d0aae88bcb9c3077deee02db912ed13edb4be8a266dddf028365835f4ad9bf6eba52a785c92b3506b5eebbc6e0

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
      Filesize

      1KB

      MD5

      8935c6ffb984fc498ab800edd3298b11

      SHA1

      f8bd2dc58900f717fd74a2817eb02f3723158bc9

      SHA256

      28512c7a6834d2fc3d3f153ff659b5c878c0186dbaa4d233fc86f94855ef8087

      SHA512

      ab58b9a28ffda82671d992c790dc543f2376e9a42e848a5dd14ad5a20f5cdf5c8c092cfaea0580d0ee5e8c7af3d20df1f73c08a0dfe598640e3287a924bf7d6e

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF
      Filesize

      880B

      MD5

      a09a2984668de86cc749f03a3610a045

      SHA1

      0230309604a37804011d958e808ad1777ca64234

      SHA256

      bf1a3012fb68753d363e5e35b627f63ae1b5c64da15874f159bee32108725c68

      SHA512

      55b7a14e14c5f77028ee9a5e7a81790197cdea9b53b395a794073f8342cfa6d2819e078eb9a02964cfcb2581f52fddf46ab3f24bc11425e1a5411097169e82bc

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
      Filesize

      1KB

      MD5

      49355063631ffd70a980e136a224bbcc

      SHA1

      489326b8cd8b5ca29d54a1b8d24a394450720a91

      SHA256

      7451d0c7bcfdca3b34ccabac810ddb347f47a154f067df94d6d5eae8e6b66019

      SHA512

      8ebaf5b919a1a7444c7bbc100a34781c1f3f81e056b62761f91f7e3e268b0abe7206ec93882333f8fd245e30427b71dee0df2556c32363aa14b6178a5a124db7

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
      Filesize

      1KB

      MD5

      531e4f61f8ec8e9c666641622acb7bb8

      SHA1

      be2fd07294e06534b9b76aa3d55619e50ef54934

      SHA256

      39326934eb595365116361d753cba4439db080d22bfcb628b824cd5fa4898c02

      SHA512

      7a66d9f4d52390954be02eb3219c3cc54e3eedf5c048d67ac9bb4bb48b431623df9fe98c78895cb41a498e123985c30a12d51720eca2ea800ec0e5bd7cff46df

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
      Filesize

      1KB

      MD5

      414d07c9fc1f2cf3bf868d7aa6ca7812

      SHA1

      6869fefcba528475edff58180bbea606fe3f22ff

      SHA256

      05b89c17acffc358a17b1d2edc22cb9d006d85e30f30c473fc12ab75124f5715

      SHA512

      1508eaa4badbb133959ef5b506d50b08caac5c099fa9562c4ddeaf91bf344eebc4062fed6887ed9fc62af70ee687c62566342f78ba210d354817c832e06c585b

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
      Filesize

      1KB

      MD5

      0de4df97ed1d183d07624b4851298951

      SHA1

      fe10653014d96963e64c7a9c6e4f30330f7be2c7

      SHA256

      7c43ce088ad5803c4ece7c03d8cbc1bf133ce62074bb510e3a53568f217c7a0c

      SHA512

      8b959e07cd3b91be12b82309b6a86a113ab359c9f282dc57d6c1ac6b9320b8cce5fd5b1833aa1799d12691ae40a82e7230a42cd6b249729dee0bcdf295d14ac7

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
      Filesize

      1KB

      MD5

      ed871f88ca8c92b7490a889f267a2f4f

      SHA1

      05c60ded2f2199dc486b315f22867cd319519b4b

      SHA256

      64e113ee717c58c51a643f2f3bee18ad5019edacee072d15eb283ead7f09aaca

      SHA512

      73e9031138fb834885dbbd97f8e7a1677d03403f3fd3d4d4ce7309c453bd0169355cd86637d2ebae59116dc4f049ec6885596ba3703fd26da2aa93936a29bbac

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
      Filesize

      1KB

      MD5

      c77ddc85729251e5a1200537e57d13a7

      SHA1

      a666810e90837d8eb08ee4fcdb7d0ec00e586461

      SHA256

      09fea2721af3a91578785115b9bd104b38506d1169fd1d0d45af988b17b2267c

      SHA512

      1383de060b9e673956cc3d73786355dbfaea1620059ad4aebbf57ff151e10216cd123affcc0ac52e1ebf4155cbc6c63ca4ae8d1f1c090bb226421b46ae47ab7f

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
      Filesize

      1KB

      MD5

      9550d70109424ced3b4bed82626f49bc

      SHA1

      673f04e5643f5790535351528fd3ee892ed739b9

      SHA256

      6d624c357903770f3fd575252992fdc1b04ef58494de036d03b4e86b853ee200

      SHA512

      580049d286c2547c0f9acdac6af1b256fd3305778d5cce99ef640a5f8e15d71a1508a9feb60b92d7ecf48954b3a29079e19a3df18c9a5d30bd245dc70daa7c1a

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
      Filesize

      1KB

      MD5

      c12756f2e67ec15715961d68807dad27

      SHA1

      80938d2f52df84c1fa0107447b728cb1bac3ccae

      SHA256

      d91cb7c2bd6ae3fb6d7592abe50d1f30c12f4517e157dc100ef7c82977d8deda

      SHA512

      b112cb6dcc918c5dc3d44bd0f05ec465d7ee3f3edf1f0eb36afb88aae88828dd4bf91544bebc8b3a33f9b893a4c97d3bd0cfe9672ae18f3ac3b9ee960976293d

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\InfoPathOMFormServicesV12\Microsoft.Office.InfoPath.xml
      Filesize

      247KB

      MD5

      1ec16521026fc1bd11f3cb27ef3bc36e

      SHA1

      8303e6a0fc599cd377816de1c639a9d3120a1eb3

      SHA256

      d79980afd8f8ffbcfb95f53c5bc4f2b72a2c7a3ef43a1108624b01a69e2308c3

      SHA512

      16f8cf076fe24b3803728c10e15b8630fb901cdd28502a1d6bfe28b1a4d77021b82c91146585a0cb3a8b92d34ab46582f99e51ca987a18ce8785e29e9f0d4282

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7z.dll
      Filesize

      1.6MB

      MD5

      a788243f23ad6a3fd82fb44267e5cf28

      SHA1

      ef6a002f0defd1a3320d6f04a0c87bcb63d5672c

      SHA256

      3057dc5c3a7cbd2d4888442182650702e928e85dba90bf233aa7135d56b0cb26

      SHA512

      5b29e0560ea9d985ed65fa533448a2de291b2e56db5eada626cac372b8e6ff2fe5d106ab55ff4b9244455a765f95c88f4bcef6e319ca466a6621862826467a9a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7z.exe
      Filesize

      444KB

      MD5

      795bda1aac885134eb978ca187026381

      SHA1

      596297deacf9a1815cefd46d1ac52aa5672ed2bd

      SHA256

      907a9e5e8f67c66745088804e5ff6b66939ab3113567d96074a4778b0f95dd41

      SHA512

      7768b76bcfe3bfc2d2e838cf0498823181aad77bb3b7fbe5d279b9b70d0f6eba748a4c87e2114908817a5efb2f7a3f3f5f1440dbfa9fdcb207ff510c70eaa88b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7z.exe
      Filesize

      444KB

      MD5

      795bda1aac885134eb978ca187026381

      SHA1

      596297deacf9a1815cefd46d1ac52aa5672ed2bd

      SHA256

      907a9e5e8f67c66745088804e5ff6b66939ab3113567d96074a4778b0f95dd41

      SHA512

      7768b76bcfe3bfc2d2e838cf0498823181aad77bb3b7fbe5d279b9b70d0f6eba748a4c87e2114908817a5efb2f7a3f3f5f1440dbfa9fdcb207ff510c70eaa88b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\CleanUp.exe
      Filesize

      128KB

      MD5

      ea873717454a465b69ca796b2d1f44ac

      SHA1

      3d7096aad994177f1180c5b3dc153c6880d7516e

      SHA256

      e8dcb0d4f5942f5fa2208a122dd2bc7dfd2a46d96f9216468d43775f583e0ae4

      SHA512

      1aa7a84991d07bdd89e5ed53fe8814e35d95bd510997842d5c11a8ac9c2f786901f423b1ac3f55a4f25d7672ea90f9f2418507813cb9a0bc2f9796e4d3fdcda0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\CleanUp.exe
      Filesize

      128KB

      MD5

      ea873717454a465b69ca796b2d1f44ac

      SHA1

      3d7096aad994177f1180c5b3dc153c6880d7516e

      SHA256

      e8dcb0d4f5942f5fa2208a122dd2bc7dfd2a46d96f9216468d43775f583e0ae4

      SHA512

      1aa7a84991d07bdd89e5ed53fe8814e35d95bd510997842d5c11a8ac9c2f786901f423b1ac3f55a4f25d7672ea90f9f2418507813cb9a0bc2f9796e4d3fdcda0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\install.zip
      Filesize

      391KB

      MD5

      bb60a4aae92d58ece2013dba97378ce7

      SHA1

      20035a5996331f720caa2c0d740686c9e89e1439

      SHA256

      9ade67170d66fd950d4ba989f21a868a2a9182d7d5002d09723094e96610f926

      SHA512

      593222207a29428ef04ef3fa88818a726980ce8c0ab369577a9f6172892c7b10894c45033b97c4a744e83b0f13311b6a414dadc291d91a50524078d655fdbbad

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\npp.7.5.8.Installer.exe
      Filesize

      4.1MB

      MD5

      077268086e3e4dba46b1bd1ee1ef521c

      SHA1

      feda36051199971832b0c822e30b6f7fda5894f9

      SHA256

      613f36bf5e98be7e56b7ea0c678cfb8534077c2ec1cbe839a854dd0a60278ebb

      SHA512

      a6fae662b4b50a6d70664486412d21035010ca894053c7cf06604117747622a2a13676c7f2f28eaf276490c794831f4c0f4fdea18dd4cd0f504333da5aba7966

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\npp.7.5.8.Installer.exe
      Filesize

      4.1MB

      MD5

      077268086e3e4dba46b1bd1ee1ef521c

      SHA1

      feda36051199971832b0c822e30b6f7fda5894f9

      SHA256

      613f36bf5e98be7e56b7ea0c678cfb8534077c2ec1cbe839a854dd0a60278ebb

      SHA512

      a6fae662b4b50a6d70664486412d21035010ca894053c7cf06604117747622a2a13676c7f2f28eaf276490c794831f4c0f4fdea18dd4cd0f504333da5aba7966

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rootCA.crt
      Filesize

      2KB

      MD5

      f177e53dec7fd9fe03b9711cc5782e8b

      SHA1

      6dad7a92bedb339680cd16bc547068b1817e4ec2

      SHA256

      98ee5bfba2357a13cdc4500260874604fa973ae11d9e5f4b17aaf4a767e320dd

      SHA512

      4dca86683c76f5299330d86d94d9103b5a29d691ad2b18d726081e0a89892d95d728dc28853461b49f98c45f660b029d78b5c6e3ad122794c7fed8e6ba10b0d6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\winlogon.exe
      Filesize

      438KB

      MD5

      0d5eb67c5a6ab1e588321a718d8c891a

      SHA1

      6d69057174ceacc0b3ec0f56601e79f053c3367c

      SHA256

      5a6c1f537514c27e93fb725a94f1af8c32f9ad3876f91274224c9e29c1f25e21

      SHA512

      a7d6ae2346b0a438cb24518b46b1ff403a70a643edbcdd2c534a131e71a342865151cc75b0722dba3b2a27d804ab2385cfcd3c947d29bf2cbd6db8e917fc6349

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\winlogon.exe
      Filesize

      438KB

      MD5

      0d5eb67c5a6ab1e588321a718d8c891a

      SHA1

      6d69057174ceacc0b3ec0f56601e79f053c3367c

      SHA256

      5a6c1f537514c27e93fb725a94f1af8c32f9ad3876f91274224c9e29c1f25e21

      SHA512

      a7d6ae2346b0a438cb24518b46b1ff403a70a643edbcdd2c534a131e71a342865151cc75b0722dba3b2a27d804ab2385cfcd3c947d29bf2cbd6db8e917fc6349

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsyF7E.tmp\InstallOptions.dll
      Filesize

      15KB

      MD5

      720304c57dcfa17751ed455b3bb9c10a

      SHA1

      59a1c3a746de10b8875229ff29006f1fd36b1e41

      SHA256

      6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9

      SHA512

      c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsyF7E.tmp\ioSpecial.ini
      Filesize

      1KB

      MD5

      b7f4485473270d690f807de82156b581

      SHA1

      fa2cb41c3e0e184a02596bfb603c9e04acb26f7d

      SHA256

      b59037fc1dfb14fb1ed7a690d2bcb951a4ea7fc7a2230d3525523b65987a8b7d

      SHA512

      0e09c37b425634a6c39816dc0cb70923f6dab8f00d3af6d5109b5902d68e20344691dca1550aeb1e2c70594f389f523be7491ff9b7d324b5976deaa5864fe6ad

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tt2bc8ln.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite
      Filesize

      48KB

      MD5

      a8e516f1785521ecd8c6af948c1adf13

      SHA1

      69ee579df4cd5210509c5fdaaff471da9098e414

      SHA256

      253ae3a1a29fe5972a4b0ee69b0dedf366503e241199c4c577ab8ff0fec03295

      SHA512

      8bd2d54d89d1b459fb1f9d848e8057cc92dc0cc0e890f8bfbf8f99e72b2987afa03292c37c87794e1d6a352b7ad78ca2d20499a26c607bb6eba21a93a03057cf

      Download Submit

    • C:\Windows\SysWOW64\BlackRuby\Svchost.exe
      Filesize

      373KB

      MD5

      6af750183c1b1325ce742942c7169990

      SHA1

      65a168cc6077642178c987d23b9d8b58fc580538

      SHA256

      20805849c72a884739eec41b27b1253ed4b8b9f918365d3a2f587e637487d7bc

      SHA512

      c6ab5cf24c7c6835284c62fd419dad14f0e79b8dbfb9f9e2fb4fc86d831952fb48f05e0d5b8eaa952a2b3e5f37f8c3f6bfb99dbe6c0a3edf902e8c32b47122d7

      Download Submit

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\7z.dll
      Filesize

      1.6MB

      MD5

      a788243f23ad6a3fd82fb44267e5cf28

      SHA1

      ef6a002f0defd1a3320d6f04a0c87bcb63d5672c

      SHA256

      3057dc5c3a7cbd2d4888442182650702e928e85dba90bf233aa7135d56b0cb26

      SHA512

      5b29e0560ea9d985ed65fa533448a2de291b2e56db5eada626cac372b8e6ff2fe5d106ab55ff4b9244455a765f95c88f4bcef6e319ca466a6621862826467a9a

      Download Submit

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\7z.exe
      Filesize

      444KB

      MD5

      795bda1aac885134eb978ca187026381

      SHA1

      596297deacf9a1815cefd46d1ac52aa5672ed2bd

      SHA256

      907a9e5e8f67c66745088804e5ff6b66939ab3113567d96074a4778b0f95dd41

      SHA512

      7768b76bcfe3bfc2d2e838cf0498823181aad77bb3b7fbe5d279b9b70d0f6eba748a4c87e2114908817a5efb2f7a3f3f5f1440dbfa9fdcb207ff510c70eaa88b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\7z.exe
      Filesize

      444KB

      MD5

      795bda1aac885134eb978ca187026381

      SHA1

      596297deacf9a1815cefd46d1ac52aa5672ed2bd

      SHA256

      907a9e5e8f67c66745088804e5ff6b66939ab3113567d96074a4778b0f95dd41

      SHA512

      7768b76bcfe3bfc2d2e838cf0498823181aad77bb3b7fbe5d279b9b70d0f6eba748a4c87e2114908817a5efb2f7a3f3f5f1440dbfa9fdcb207ff510c70eaa88b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\CleanUp.exe
      Filesize

      128KB

      MD5

      ea873717454a465b69ca796b2d1f44ac

      SHA1

      3d7096aad994177f1180c5b3dc153c6880d7516e

      SHA256

      e8dcb0d4f5942f5fa2208a122dd2bc7dfd2a46d96f9216468d43775f583e0ae4

      SHA512

      1aa7a84991d07bdd89e5ed53fe8814e35d95bd510997842d5c11a8ac9c2f786901f423b1ac3f55a4f25d7672ea90f9f2418507813cb9a0bc2f9796e4d3fdcda0

      Download Submit

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\CleanUp.exe
      Filesize

      128KB

      MD5

      ea873717454a465b69ca796b2d1f44ac

      SHA1

      3d7096aad994177f1180c5b3dc153c6880d7516e

      SHA256

      e8dcb0d4f5942f5fa2208a122dd2bc7dfd2a46d96f9216468d43775f583e0ae4

      SHA512

      1aa7a84991d07bdd89e5ed53fe8814e35d95bd510997842d5c11a8ac9c2f786901f423b1ac3f55a4f25d7672ea90f9f2418507813cb9a0bc2f9796e4d3fdcda0

      Download Submit

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\CleanUp.exe
      Filesize

      128KB

      MD5

      ea873717454a465b69ca796b2d1f44ac

      SHA1

      3d7096aad994177f1180c5b3dc153c6880d7516e

      SHA256

      e8dcb0d4f5942f5fa2208a122dd2bc7dfd2a46d96f9216468d43775f583e0ae4

      SHA512

      1aa7a84991d07bdd89e5ed53fe8814e35d95bd510997842d5c11a8ac9c2f786901f423b1ac3f55a4f25d7672ea90f9f2418507813cb9a0bc2f9796e4d3fdcda0

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsyF7E.tmp\InstallOptions.dll
      Filesize

      15KB

      MD5

      720304c57dcfa17751ed455b3bb9c10a

      SHA1

      59a1c3a746de10b8875229ff29006f1fd36b1e41

      SHA256

      6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9

      SHA512

      c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsyF7E.tmp\InstallOptions.dll
      Filesize

      15KB

      MD5

      720304c57dcfa17751ed455b3bb9c10a

      SHA1

      59a1c3a746de10b8875229ff29006f1fd36b1e41

      SHA256

      6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9

      SHA512

      c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsyF7E.tmp\LangDLL.dll
      Filesize

      5KB

      MD5

      f1e9eed02db3a822a7ddef0c724e5f1f

      SHA1

      65864992f5b6c79c5efbefb5b1354648a8a86709

      SHA256

      6dff504c6759c418c6635c9b25b8c91d0d9ef7787a3a93610d7670bb563c09df

      SHA512

      c22b64fff76b25cf53231b8636f07b361d95791c4646787ce7beac27ad6a0de88337dcceb25b5196f97c452dda72e2614647f51a8a18cb4d5228a82ed2e0780c

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsyF7E.tmp\System.dll
      Filesize

      11KB

      MD5

      17ed1c86bd67e78ade4712be48a7d2bd

      SHA1

      1cc9fe86d6d6030b4dae45ecddce5907991c01a0

      SHA256

      bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

      SHA512

      0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

      Download Submit

    • \Windows\SysWOW64\BlackRuby\Svchost.exe
      Filesize

      373KB

      MD5

      6af750183c1b1325ce742942c7169990

      SHA1

      65a168cc6077642178c987d23b9d8b58fc580538

      SHA256

      20805849c72a884739eec41b27b1253ed4b8b9f918365d3a2f587e637487d7bc

      SHA512

      c6ab5cf24c7c6835284c62fd419dad14f0e79b8dbfb9f9e2fb4fc86d831952fb48f05e0d5b8eaa952a2b3e5f37f8c3f6bfb99dbe6c0a3edf902e8c32b47122d7

      Download Submit

    • memory/1780-85-0x0000000000400000-0x0000000000422000-memory.dmp

      Filesize

      136KB

      Download

    • memory/1788-5708-0x0000000000400000-0x000000000050B000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1788-5709-0x0000000000400000-0x000000000050B000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1788-5711-0x0000000000400000-0x000000000050B000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1788-5712-0x0000000000400000-0x000000000050B000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1788-5713-0x0000000000400000-0x000000000050B000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1788-5714-0x0000000000400000-0x000000000050B000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1864-104-0x0000000000B10000-0x0000000000B50000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1864-5707-0x0000000004C20000-0x0000000004D2B000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1864-5710-0x0000000004C20000-0x0000000004D2B000-memory.dmp

      Filesize

      1.0MB

      Download