8f8f3834abab12ebd792487a89e45bdb8c8f41b51f232dfb3edb8e8140c9ff8f

Resubmissions

31-10-2024 02:19

241031-crvzeswkft 10

30-10-2024 03:56

241030-ehgrjsvldt 10

Analysis

max time kernel
1565s
max time network
1567s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-10-2024 03:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Win32.KeyPass.exe
Size

2.8MB
MD5

6999c944d1c98b2739d015448c99a291
SHA1

d9beb50b51c30c02326ea761b5f1ab158c73b12c
SHA256

35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282
SHA512

ab883364a8907636c00a4d263670cd495d0e6c521283d40c68d47398163c6ee6647cfbbc2142005121735d9edf0b414ddac6ea468f30db87018c831eaa327276
SSDEEP

49152:0u1ImfQE5L1PtWHeHoQAOs1dKvHHg/o2S1pj798JGKCO8C/eZRwCr:dzV5JPtWHeHoIs1dGHHx2S1998JGKCOC

Score

10^/10

credential_access discovery ransomware spyware stealer

Malware Config

Extracted

Path

C:\MSOCache\!!!DECRYPTION__KEYPASS__INFO!!!.txt

Ransom Note

Attention! All your files, documents, photos, databases and other important files are encrypted and have the extension: .KEYPASS The only method of recovering files is to purchase an decrypt software and unique private key. After purchase you will start decrypt software, enter your unique private key and it will decrypt all your data. Only we can give you this key and only we can recover your files. You need to contact us by e-mail [email protected] send us your personal ID and wait for further instructions. For you to be sure, that we can decrypt your files - you can send us a 1-3 any not very big encrypted files and we will send you back it in a original form FREE. Price for decryption $300. This price avaliable if you contact us first 72 hours. E-mail address to contact us: [email protected] Reserve e-mail address to contact us: [email protected] Your personal id: 6se9RaIxXF9m70zWmx7nL3bVRp691w4SNY8UCir0

Emails

[email protected]

Signatures

Renames multiple (9818) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
credential_access stealer

Windows Credential Manager
T1555.004

Deletes itself 1 IoCs

pid	Process
1720	cmd.exe

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\!!!DECRYPTION__KEYPASS__INFO!!!.txt	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	Win32.KeyPass.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\!!!DECRYPTION__KEYPASS__INFO!!!.txt	Win32.KeyPass.exe

Executes dropped EXE 5 IoCs

pid	Process
2756	Win32.KeyPass.exe
2624	Win32.KeyPass.exe
2404	Win32.KeyPass.exe
2004	Win32.KeyPass.exe
2504	Win32.KeyPass.exe

Loads dropped DLL 5 IoCs

pid	Process
2132	Win32.KeyPass.exe
2132	Win32.KeyPass.exe
2132	Win32.KeyPass.exe
2756	Win32.KeyPass.exe
2756	Win32.KeyPass.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops desktop.ini file(s) 64 IoCs

description	ioc	Process
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Public\Videos\Sample Videos\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Public\Recorded TV\Sample Media\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8BOMT1Q\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\Favorites\Links for United States\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Public\Recorded TV\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI	Win32.KeyPass.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK3MU41S\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Start Menu\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Public\Pictures\Sample Pictures\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Ringtones\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Program Files\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Public\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\U9KKHJMH\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INNMDE1C\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Public\Music\Sample Music\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	Win32.KeyPass.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini	Win32.KeyPass.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseover.png	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099161.JPG	Win32.KeyPass.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\visualization\libglspectrum_plugin.dll	Win32.KeyPass.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DissolveNoise.png	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\LEVEL.ELM	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Executive.xml	Win32.KeyPass.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\!!!DECRYPTION__KEYPASS__INFO!!!.txt	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14530_.GIF	Win32.KeyPass.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\slideShow.css	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01434_.WMF	Win32.KeyPass.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\!!!DECRYPTION__KEYPASS__INFO!!!.txt	Win32.KeyPass.exe
File opened for modification	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui	Win32.KeyPass.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar	Win32.KeyPass.exe
File created	C:\Program Files\Windows NT\Accessories\it-IT\!!!DECRYPTION__KEYPASS__INFO!!!.txt	Win32.KeyPass.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR9B.GIF	Win32.KeyPass.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Management.Instrumentation.Resources.dll	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\BLUEPRNT.ELM	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\MSB1FREN.DLL	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE02293_.WMF	Win32.KeyPass.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\calendar.js	Win32.KeyPass.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.png	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\1033\DELIMR.FAE	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll	Win32.KeyPass.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar	Win32.KeyPass.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0151067.WMF	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0233312.WMF	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_FormsHomePageBlank.gif	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\PublicFunctions.js	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\SPACER.GIF	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PEOPLEDATAHANDLER.DLL	Win32.KeyPass.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\!!!DECRYPTION__KEYPASS__INFO!!!.txt	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\it-IT\MpEvMsg.dll.mui	Win32.KeyPass.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar	Win32.KeyPass.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml	Win32.KeyPass.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png	Win32.KeyPass.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png	Win32.KeyPass.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png	Win32.KeyPass.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClientsideProviders.resources.dll	Win32.KeyPass.exe
File opened for modification	C:\Program Files\CompareInvoke.7z	Win32.KeyPass.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui	Win32.KeyPass.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\vlc.mo	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\OL.SAM	Win32.KeyPass.exe
File created	C:\Program Files\Microsoft Games\Solitaire\!!!DECRYPTION__KEYPASS__INFO!!!.txt	Win32.KeyPass.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\!!!DECRYPTION__KEYPASS__INFO!!!.txt	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.PNG	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\INDUST\INDUST.INF	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD00814_.WMF	Win32.KeyPass.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO02794_.WMF	Win32.KeyPass.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA01468_.WMF	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18248_.WMF	Win32.KeyPass.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115834.GIF	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana.css	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Document.gif	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01244_.GIF	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00525_.WMF	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SLATE\PREVIEW.GIF	Win32.KeyPass.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099167.JPG	Win32.KeyPass.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.KeyPass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.KeyPass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.KeyPass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.KeyPass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.KeyPass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.KeyPass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2756	Win32.KeyPass.exe
2756	Win32.KeyPass.exe
2624	Win32.KeyPass.exe
2624	Win32.KeyPass.exe
2404	Win32.KeyPass.exe
2404	Win32.KeyPass.exe
2504	Win32.KeyPass.exe
2504	Win32.KeyPass.exe
2004	Win32.KeyPass.exe
2004	Win32.KeyPass.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2132	Win32.KeyPass.exe
2756	Win32.KeyPass.exe
2624	Win32.KeyPass.exe
2624	Win32.KeyPass.exe
2624	Win32.KeyPass.exe
2404	Win32.KeyPass.exe
2404	Win32.KeyPass.exe
2404	Win32.KeyPass.exe
2504	Win32.KeyPass.exe
2004	Win32.KeyPass.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2756	2132	Win32.KeyPass.exe	30
PID 2132 wrote to memory of 2756	2132	Win32.KeyPass.exe	30
PID 2132 wrote to memory of 2756	2132	Win32.KeyPass.exe	30
PID 2132 wrote to memory of 2756	2132	Win32.KeyPass.exe	30
PID 2132 wrote to memory of 1720	2132	Win32.KeyPass.exe	31
PID 2132 wrote to memory of 1720	2132	Win32.KeyPass.exe	31
PID 2132 wrote to memory of 1720	2132	Win32.KeyPass.exe	31
PID 2132 wrote to memory of 1720	2132	Win32.KeyPass.exe	31
PID 2756 wrote to memory of 2624	2756	Win32.KeyPass.exe	33
PID 2756 wrote to memory of 2624	2756	Win32.KeyPass.exe	33
PID 2756 wrote to memory of 2624	2756	Win32.KeyPass.exe	33
PID 2756 wrote to memory of 2624	2756	Win32.KeyPass.exe	33
PID 2624 wrote to memory of 2404	2624	Win32.KeyPass.exe	35
PID 2624 wrote to memory of 2404	2624	Win32.KeyPass.exe	35
PID 2624 wrote to memory of 2404	2624	Win32.KeyPass.exe	35
PID 2624 wrote to memory of 2404	2624	Win32.KeyPass.exe	35
PID 2624 wrote to memory of 2004	2624	Win32.KeyPass.exe	36
PID 2624 wrote to memory of 2004	2624	Win32.KeyPass.exe	36
PID 2624 wrote to memory of 2004	2624	Win32.KeyPass.exe	36
PID 2624 wrote to memory of 2004	2624	Win32.KeyPass.exe	36
PID 2404 wrote to memory of 2504	2404	Win32.KeyPass.exe	37
PID 2404 wrote to memory of 2504	2404	Win32.KeyPass.exe	37
PID 2404 wrote to memory of 2504	2404	Win32.KeyPass.exe	37
PID 2404 wrote to memory of 2504	2404	Win32.KeyPass.exe	37
PID 2624 wrote to memory of 1900	2624	Win32.KeyPass.exe	40
PID 2624 wrote to memory of 1900	2624	Win32.KeyPass.exe	40
PID 2624 wrote to memory of 1900	2624	Win32.KeyPass.exe	40
PID 2624 wrote to memory of 1900	2624	Win32.KeyPass.exe	40

C:\Users\Admin\AppData\Local\Temp\Win32.KeyPass.exe
"C:\Users\Admin\AppData\Local\Temp\Win32.KeyPass.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Users\Admin\AppData\Local\Win32.KeyPass.exe
  "C:\Users\Admin\AppData\Local\Win32.KeyPass.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Users\Admin\AppData\Local\Win32.KeyPass.exe
    "C:\Users\Admin\AppData\Local\Win32.KeyPass.exe" --Admin
    3⤵
    - Drops startup file
    - Executes dropped EXE
    - Drops desktop.ini file(s)
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Users\Admin\AppData\Local\Win32.KeyPass.exe
      "C:\Users\Admin\AppData\Local\Win32.KeyPass.exe" --ForNetRes x5I74v4h003xJ0iyhUfHQ8W6o0RDSicmSfg72KVA 6se9RaIxXF9m70zWmx7nL3bVRp691w4SNY8UCir0
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2404
    - - C:\Users\Admin\AppData\Local\Win32.KeyPass.exe
        
        "C:\Users\Admin\AppData\Local\Win32.KeyPass.exe" --Service 2404 x5I74v4h003xJ0iyhUfHQ8W6o0RDSicmSfg72KVA 6se9RaIxXF9m70zWmx7nL3bVRp691w4SNY8UCir0
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:2504
  - - C:\Users\Admin\AppData\Local\Win32.KeyPass.exe
      "C:\Users\Admin\AppData\Local\Win32.KeyPass.exe" --Service 2624 x5I74v4h003xJ0iyhUfHQ8W6o0RDSicmSfg72KVA 6se9RaIxXF9m70zWmx7nL3bVRp691w4SNY8UCir0
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:2004
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\delself.bat""
      4⤵
      System Location Discovery: System Language Discovery
      PID:1900
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\delself.bat""
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  PID:1720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Windows Credential Manager

T1555.004

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini

Filesize
129B

MD5
8964f74114f7d0a16c5c7fdc1b5cd2e4

SHA1
fbe0e81274a273bfe06a3652ccfd128285bc2a2f

SHA256
668a5b9d313bfbaada40d4e25b6ce0f55d07ff83ac47c26ebc2c6dede763ba57

SHA512
8a01e71400ac8d1ef1174b4e1e0d6fa3b1a24034ef0e2b864f975afa4dae1120e5c9b6ff614500d98eae25e1b42d4895d0906ebab2b897433166a4e861d37f11

Download Submit
C:\MSOCache\!!!DECRYPTION__KEYPASS__INFO!!!.txt

Filesize
1KB

MD5
daf2d6b2d0033ff60b7da2b3dabc5a0f

SHA1
b33c6ddaf9782cf29dd69dcc093aeeddf33506b1

SHA256
ea770e96140a6a18280b9cd118bbfd68d72e95d9daacfe0dd1925e277e074077

SHA512
72e154960498fc7cc2b26a98ba0e06920a4f2c8eeb56189448ec28ba26e2667d894b6b2c42228cac4ca37d0e50e0cefd4c197c3e4c7261ca8c0a3a045caaeaab

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML

Filesize
582KB

MD5
ae4672326f935e8fda0275ccbf6d0d56

SHA1
59799215328f11eeb332578528082cef34b39dcf

SHA256
84607ab80f956674ed2c43dca857152694be7c620827ab374e321571d319bb6a

SHA512
9eb809a54b91d30563634206a1c2e55f4d35757e45544e552754714d6314a22e37442d9c0e9286e306fc01e853eb00ff8e94421565f8870419f101328b657ee1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_F_COL.HXK

Filesize
114B

MD5
8d10d878f388b5c7726ff3433fc79204

SHA1
45b25f38831830f7c935e87475c7888f365cdd22

SHA256
e05db82824103b6d5c322c6880e85a5d00b36d9335740dc66b30095f966b10e7

SHA512
1c4ea5c3b7299dd57e204af74ef8e6cb1f5b07860c519c96041577be8622ab1ea66ad5831fb2548f7813af2d7d39a0c942f6e8bf3f0c0111d890cef4cc8d00ed

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_K_COL.HXK

Filesize
113B

MD5
36b3d706127f67f7b6a44a5f5ed00b2c

SHA1
059220c9137ec81b2903ef0183730664b6e68e88

SHA256
0404439dd2d4f55740bde30183f35c6d124cdf925199c2a557dc92a9db1316c1

SHA512
ba63b8dee51efbf5efa6d71f60afc25ed4ca41b4e8f675f6424c607832d61877bd1ae59957977767b3003da99625d0be60ad3a40cf3629a255e74d247d0b5583

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF.KEYPASS

Filesize
341B

MD5
52d7b4c065fc1d588bd6e81a3205ceb5

SHA1
3be9267f2de77f713d89f7082074cb3c7ce80223

SHA256
ae9bbba7dc89d6729c2f4581b6f1f56cd2badaff73a1cd6747712ed9e98d4e0c

SHA512
23cbfa104aa8cba3116e96eff43a6ed58c1f58939a39b2c8d12ff7a7fea8e383a092cd08a0976ffd2e676d934b399c7810e675f21aff3166cdb5da13f668ec0b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
e4e4cf6f3212f0c69a156b73cf6968d0

SHA1
d209cef66f2308ad74ad7a7a7023f09ffcd965ce

SHA256
0a61c6a7ab34d5df358564ecb26457a7c73b6385f63cb345bcb349839c4409ce

SHA512
9c10d96915c9c06a4402db7a721625526802edc354cb6a777af6a8f476a0712271087c1312602b8c15c5ab90238defadcb12ec0445d232f884d3963a3399c47e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\SIST02.XSL

Filesize
239KB

MD5
4799a20596957e80f04182ec1716d551

SHA1
e76f10a116a2c4fa4c7ea2c4302d8693c68307ea

SHA256
ce875080c613ec47d13c0c831d7ac1c345ab3da69b80497417dcf78f9b9c696c

SHA512
8436fd059f934c545a2d39e9cdf321d2c563545155f43e5f92ffa467ce23d01489df31e61ed875851a05ec2bd3602f55a89a0d5df27d3b4c3a87b0c365b7c618

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
0195ecbf4454ef0dc683e99adbe5fcee

SHA1
d7bd5f0f8663d18b728f254868f26d4362a91aee

SHA256
5e4461c84d7e3df93f241cb092363446dbfe3369073d30a7ddef94ca93defe2d

SHA512
e4f7e6363e8ec64f20c2fa48a0ae7e79266a602d7ac21ccf9717c1c5768380a7d5bce6f7d5096a39b2ca7c124b72a1d02c42ba40a171e5ce36e440f2962af8fb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
b7bc13b8c8367b0a4a8d2bf9266a1f0e

SHA1
6f38ed1b7078598953145405ac697e51ddf94b0f

SHA256
98907029ef08e17c064e9494c4ea7250c898baaf396488e36394fa4bd5e374ab

SHA512
262e691ad84da03bd4c49aa92caa613031e27a413a9ca757c4225288354b51bd65ce79a84cc3acbbff0e4ed655ae676e67edc432abdb6d2215909df68550a1c7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
e862debbbdb2e021cacd1725cba30745

SHA1
55258bb5569824b4e60d635d002ef6080c5a363c

SHA256
84a5553a3c0c191052669cb1e067013c9c58079700a374e917f0ecdc16ee1596

SHA512
d756f549fb7559c2ceaa897ed019f4f93c480f3f33ca68b8a53e3689867a5d8e107522c41b28caf79c5e2a8e0c8d599ce5e7a5cf7b4bf81e6476197a973b148d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
e4c450fdd1bbb719a7d678c4f989a366

SHA1
bbcf5869c7caee7c261d5689286b10a9c5a71dad

SHA256
5c50742363e7b1ecfe4b93660496a06212a2e54f6e8f994020440acf050afa73

SHA512
c34d7c1362f0668c130a1f2012994b83e31249cb1c2a6beb5dcc4ff4c807010c65a83ef42e77263d1560027f0059ab6549f846129882de100966b7679a124450

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
eaf1dc1d9a7abbf2b62ff40c3376dff5

SHA1
05b0cfdacc2e6833625c24c8f40689e5d9c6780c

SHA256
4db1820915b860088d68f68885caf19fae2dbcd7c5b3f2259c5de477bd41680f

SHA512
f58d5146482c379da4509548e1b0eaa469d8f5216096ef607a38da70afb81fd8eb54d01b1aae4e823d88840c87b7a6bc997a822371f3c73db551f0b85a9897f6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
6a306d125a8382e7637713db9e8c999a

SHA1
0a512d07fe1d69e0f8e162ecee27aa815439e6ff

SHA256
7c0a63965b06ab37293ab2a14c432d86bae0a02cd94818b2b566a4593e25d47c

SHA512
ebcffe1ba2b27141a082d7eb229905b1c857a6dc8216a55890dd19ae0b2bd3c83ddad3460265676e0dd89f909a7af46d752815268c4cde09e9458ebb7b089a7d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
df21adbb0024c558202038325a451754

SHA1
c1116607adf5b0859869b6569bc3ea9896db9436

SHA256
81ebf02d6eed6cc3d167b5eaf2a95a882a7e50f9ec21b38a5cb7885c5148b58c

SHA512
590b3b57fc68c967c7785b594af4ca50f0e6a81d640a793079520972c07f40eb8aa290a6306436311f3b09083e8c231313b47144ef23b8b5f5dabec2f1a8a2e1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
06006943faf42a04ba0f9b14d0c8155d

SHA1
14f344aa5db18bca4a5ad57f4accd90b9c4152b3

SHA256
ac03e08f610b04e5bef6a896cf1c00801d16a4728c9306192c6c533632550daa

SHA512
e8cefbf7f1c8ae1f9b6e41e993ededbfe64bdab9e06f28c5c4e468b54e6974e0a648240ebc7b53eacab0098b5c73d34b7d0383627067318f6effe15b5a84e5b0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
dc8112ae8504289472cf9b80a6aef5e2

SHA1
94a0552eb8f3d5fb97d9052c93a6abdfbc16ba1e

SHA256
09bba55e23a8833eaac5a359c707f0fa07959baac0f37f62a2ef35aacadce509

SHA512
a52f8970e16ddc49c156b53c15fe57e7a94e965e81a41c4374eabc3080e497bd1e0e8e14601880854546046366c3161463f48c7d046a273b64b6f3a8d1e72e7d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
b33281349f5000185d167afc641faf5e

SHA1
7d2cb3c991784828c374dcf1f490ce72d7cf83a0

SHA256
ad393167ba5612082bcaf324b25a8e81c7cea500b51f4c6bc7c5a0676cdd0586

SHA512
a832d3020bcfda99ed27202802d560a20ecb8f6a00efb8cd703bd8b915e9a93dbfeb175fb952be5d5d1d6e364887f029374ab398973e53a9bed11f9412fa6ed4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
14dd36f07b097546cd4525f1c4388151

SHA1
cb2aba5a0f02140639a35b3daf319e4422225e07

SHA256
40290b0ca2c546e7f2c8db5a5f236566ebda1b8dc9349a180cb94a11ea5cdf02

SHA512
2b75d93a359a0ffdc300986467416180b0bd63b89ccb9eec2349a1fcf32a587c755ebd529da80206a9e48d825a9935da777ff513de19d8741f2621b7edf0464d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
cfb02edfdbdd9ed54d1d2560926265c8

SHA1
769994b8b748b230aca3c1c4eecf1af9c67b7381

SHA256
947cfeee232612b3ab3cb5cdabceed02d6fc8452fc7a1ad9c4a888be8b5cb17d

SHA512
9e4ac3f927ec8f20d228471634c226884717273efbb428d481a78bc0dbdbcb5728aa4eaf6b4a013d0ff566f4d2c59580686d16af5da8c10cf64aa97926cabff6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
ef51f420d92d8c8d1e5d362eb54d5f46

SHA1
04917f29d04a2420930be95facda1aac076b4237

SHA256
036108fae5d71f68c6764513febf9baf8e49ebed53b6b7f19196e702da27014b

SHA512
021d977a980de3f8a6c5d6489c6a3dfbc1b6d2f1e739679abb69769d66da0d99f9539825dc3e8f68b4ace48392a63b64daaa02bbd8fe2fb613e2d1f8c00a7357

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
c7330345bfbb102db3004fe5f2a7802f

SHA1
1ab084640ae544619726f1d2c5b6423da602e05e

SHA256
08ec90ce539ef610f8753b3c1fc745d0bb5f4621d80e6f493aab6f18a5118e03

SHA512
07a4879406ba99605abe3d4d926a3a8b39a92480e93c41e5e2c541c8d88dc5a669b50cd462b1c54411e85cd09dea992a38998c542c90c0ec14450be8e9e651fa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
d238d0dd974b8e3a7fe09cf14b4f04b0

SHA1
f091edf1f060a5338fe76257eeb825570b5ca3fe

SHA256
ef8179b8bc153bc437d1b84274ecc8448076d646f4cf21829aeddb75a09383ab

SHA512
9a0044417d2a4794e1c429382d5b56a473b696681e03b76af9b642c29ae3c8e9beb7d0f3432045c3f707e6be298d205aac4fb84e208781273a46830820931430

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
369e205a610cab65c15f8965af6094cb

SHA1
bd03e0b7291788a522c72f647c51ae1071ef387f

SHA256
04dbc9dd3f1b92313c210f0410ed1e6fef5b386b0b4762e521d68912bcf4173d

SHA512
94dd7e731def9cf4f2b22e10cfb99703e9252658f7c38d0fe0ac03662786d84123f7c1ab75f0157144e49c5432043d9fff8865e43d278480667aaf748bb0c1cf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
ea910dd6cd19fffd51de14d2579e055b

SHA1
0049af78751115e9b9e1c821adecae7007f20d2a

SHA256
2ab06730fab323024085d3ca5faad1d44d8633ff9ebccd10f29e2fa6961a9a0a

SHA512
1e414afb2f50b35320c468702afa688af5d93d40cf758dddccd292a4f5e7ee7b49d98c3ce3b7753d62e15c786bba441d0d98d4c409783c367b22461038cef0ae

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FORM.ICO

Filesize
318B

MD5
2ef9b426f6c7707589d9d0bd73af4e72

SHA1
e6a0ac87ab4a3d0d7b4d95b8230f5013e91a9541

SHA256
07dabe9aa7b3d5282701a4d7287a009de6794fe42a336fe2517765ce1c7ac9f9

SHA512
0544736773cbaaa90163fbc45b039cbe1568f73d6f68b4772cd770293e55f6a3826bd1f555527ab67545725bc0523cf8d9254494335c3d17363640c6d24c0bd3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
0c4b57c70c58642039c4a1e143447fe3

SHA1
a39c0f1bb8de878497aecf6f6e0d2aa1d4e66901

SHA256
5c708e6399f47a1014fbc142c21bd4d1d0691294b7e351e7ef6e0d4efb56fb39

SHA512
f60eb7d0c8077c6ba080244f745c1f9168065abd5fc68a98b784b9aba54a8299d6fae13d3caa02e32adc21cb64036cb5a2ea7beed7041de415f2e2f5ec20a492

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
5283a5a5e6ca14037baaf8a80602049d

SHA1
3249fdd11c7ef50a6c0200a853295929ea0194da

SHA256
20282de87c5ae8ad08812f042392723577dad552e7a10fd08f2696fe45cd92e2

SHA512
93b51140bf3dfa9140bfaa62ddfc18cd903627d36c26c8d9a627260aa62362b3d3b94d3172d53d788ca02978c5c640a9c35a6041c8012eaa93043c455b76b7fb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
bbf27325e25f8a4cd8ae36df936cad1f

SHA1
a8c83d43d53914498e468ddf00a3780515e01f41

SHA256
e5faa2382c2e3eef2db9f7e0c7211e8bf1498f201811c0fba567dfed77815d82

SHA512
d1d24c201ed5c514d1ce50002b685fed5f53427ce7abf5c46d8cdbe9a6bde7e1f9bc920511b18361a308e6b0944980643aff2f47bd0abe2eaa02e64681a335ae

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
7eeb5489a375d5693e8686a8e9c6a262

SHA1
93d6880deace8d4f6db31a73115c8f883181810e

SHA256
60ab84a0553ac76c8c065141672a67eda8472dc92321c8f3bc78abd482338607

SHA512
d8646dcbf9c2e8e7ea9e818ce77fc3a81a53c9ebfb214eb850b3802bcaefb21b1211fef32b1e6bf66ff027b655b6d52171736a875e7ee9c9a36b92dd458f3e8f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
6ec140e430a80185837eebd41e5e004c

SHA1
193535ee98571fec6d930028a31a960e6b429dd2

SHA256
cc9a0c083957f6c708835f5ba137abe7c503009e5036602e5c58901ae41f46a7

SHA512
a023b58f40b5f5d51456783f1a40819dbcf1b82c606b5e10c61e9cf9878989fe4231f490a42f1506203a3f30eec0587f93e5b635dd20c3faadf7f755cde8a7ea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
b3b324cbeb649ec1503048653cfbed4b

SHA1
5a684f4f3367252f37f2c2da6c4479f459d2e42e

SHA256
9e2cede8e1249f2c40a6ac0bfa204d2d9bf9cfa124fe211c2a6f50b9e6bf90a2

SHA512
14ee1f4043bb7f2606ff761ea77dc759fa2a6e05fac85cb4b3fa9c36387d75ac4d3d4fbb79077263b34908492098dca3ee0f7981b3184e0dc2ae903c984c855e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
e404b5f67829b5a4fbe37b3abd0aaed2

SHA1
c7eea6baa398fe46c3eec61b41aecf1be47dd07b

SHA256
721732509c64d9985ffd1940d8efed2faa1d66814e506ee97f526e498d14cede

SHA512
b9461b485bad98839bf14e1229ccb4d7fb544f7f0b76d154c009b930226d6e3c23d6dc6a44d44c4e1400ffd7b12c3410ee60f7226b75cb04480e63f1241d665f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
b0c8b3128de53638924fe0fd09e4dd66

SHA1
1b3271c5fa9ae261014f494ab482d9a06744f377

SHA256
d7a80d904002106c51f88687284d377da82d6e94559f502bfeb7c187765469c4

SHA512
f0cbaae4aeb74f6bb382943a4976f2d70f40c5c0834f1428eb93e7e072b46a5f42c9403bef351a41a4f7bf8c29d8eb90d436c77c49afc0f5b1280713afdd1c29

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
71c2993f804f8e2003e896253089afc6

SHA1
8c0a147fad3f4e861ed4fea84e491be914eea3fd

SHA256
f20adb4f2ad0b2950c72dbc3e30ec2aafde4c9a3ce4d64c2f45447d688b80d14

SHA512
0cbb6954e1c42b57f55574ecb51b396eaa503eec1b046bd273ff4de289edaf93a58f97419e7231ccd95555853e2d52764e0b736b39a163350c863cff199870f3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

Filesize
3KB

MD5
d3566b8700e2ae0f106e46b73f559d67

SHA1
93414da8beb85273ce6d8358436bfad0721de66b

SHA256
7475d31242b29fd83f88ec1cfa7233078cc388146b4b1d61078ba9a2282ea14a

SHA512
5f81f941a1bc375a4111e0be6576ad3b8856fc8cff569c24ecf73e438e9b082f57e79b84fa521eb2323a8f33acf2b143369dd2d898b2e298e92c8c2e53333ff0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

Filesize
462B

MD5
800b98790298ff9e276eedce97c41562

SHA1
001520046d0bad659eaba644453dea42fc0499a4

SHA256
9730674edd0b5ff12f2f0de719ced505204a6608afb28f72c3e7b46054769778

SHA512
1eb49515b44b89a6d5bf6a7d6df209a1beb46bc82999e68b4ca7e2ac76ba9897ecc6a184d142d56fe85bb17cc6f38f77a84f2b7ca0509116001335127cbbd263

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

Filesize
264B

MD5
e2c5e3388781810492147b1b99eafa7d

SHA1
f1e8c095f22e39ed67d982bdacd5558d2e9eb09d

SHA256
4818704f75d590b8bb918009e483f2ade4c58633206567dc60dfdc437068ca50

SHA512
992df0a6cbedf7c1630752337b074e94a9189cfd98486ab4d7bfbc457b3e42e2a0701c7d23dc13fa87812f27ae0a10bf42656225b05d508af5b7360d5f353be3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
e1fe4fae3f9cff7c82f1245e6d29d8e5

SHA1
75503ec9061b401f0632cccb784e11e30931c632

SHA256
f5b4622ca041c0e17b3dd5dbcd46ce89e001ce24081444b4396bcf8df9319718

SHA512
177b08537e885acc7afc78fb0c951ba2ed41f86864940d9876c2040bd49595672149a77b164e93ea2c3a8f86871b0425fec55d2431b8a5fde5090c1861a4840d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
9008ae975d2ea32465f942942854c08c

SHA1
7eea1de42081bce86e2d024bd36f864b2c190e46

SHA256
31c8eca5c5fdc8505b478fb816b00cc6986c6bc0ef1e29ec14dd2a1148e10700

SHA512
00849f46513279ebfce51268b3619011effcc2a56bfeea4af80f11c8f88477170b0b66ba4a59bff457aab35d880462d6871c6a78eeb0ddce9258c8a581180297

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
f781315e94bb4f9ea00bdeb730bd7804

SHA1
1745185fa55c430d6da29ebab91197c92ffbfb19

SHA256
925112b9b2caaeecbdf8be8af79b270983e55fff839fef19f097378140a8555a

SHA512
e2f2cc2ebb23478ca8054038a10e330cb8ba42b87363a5b40104a2e2a236e5280fc88e343eff58c5ba95683c947a5f66e2e0057dfd91f140fc9c7c7e67e70796

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
8325b3b84d8f7f1c8e6af91349a0bf8e

SHA1
d6003b95a4c3cc06758a486cbd384dcef6971a5b

SHA256
599e69559e834bd8bf2e656b52b71d3127f5c8f3a1fae442407735597f5bf471

SHA512
1bf55e3afd6212128e14f69e372f13b0969ee823d472ef1e01f9f14e191ea55eff52f64670f45029c78a4b58283bebfafb12f41b180e62bb93a2ef997971c802

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
6c759885748a95da1eb505d7a933d0f5

SHA1
fe42d0bce97acc9baf8c114a0fdc74e452546222

SHA256
e4a36dd47836c34bf5158cd5bdfce3c634b0097de73101c72e018fbcd3bb866d

SHA512
ecb94bf506f3ac0a42abc42b5629756a414b787cac1bd89949e2154174ddb4db3c58df56cd606048e67f7d2bfad5131876cfba4a79599e3ef8d5c7be557d9b1d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

Filesize
26KB

MD5
21430d30c4d6b0132fbcc08b089d5dfe

SHA1
beead65017b2a4c06fcf1900a4f66bbf9a8369c6

SHA256
61a3ada9d283d40f5fea665c4d1cc8f86bd31bc38be19b6a2e0669e40737a41f

SHA512
de1438d0d03dd9757f6b7b0f76fc81e18d70a44b7780c08f2501c8e7cc0e166bfadea25bacb7784ac04ab14ecb20791f46971acc91aad1adc2aa13cf51474f59

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
eaccfec83a5217a62fd3197c3496d3dd

SHA1
8ec3fc28da3d7bac7e40967e88b6bc1c551e5e0a

SHA256
faa690693d4ae76e5b09581c711452e75695a5706695d4472a302d1e2c5d3eb9

SHA512
201245f48ecdcedcd13fe748d0a24295c44a88a408de8fb0fd67ea283adb393b60b21c6eb7d8390a7ef479dca687fe8560a851ee3401d8c67e79c471f1e912d7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
b4f8902bc933506ab45d9252c6e8169f

SHA1
9ea8f196448c4d7a8bced63216f95014631241a7

SHA256
ce89cca25a51f081e4a6a85d522a70369d6a55f36bdd454cd452762ec47170e8

SHA512
3e00c84b49df1a6cc1bc9649dc3ebe2bdaaa3c945af9ebd57f49f2212132d9fe4a776fa51d74992c55d65c508d5332e2f4eefcca95a8f655447264e0dbefeccc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\VIEW.ICO

Filesize
318B

MD5
20d487db1a7fc5727f5106dbb78f7d29

SHA1
184bc1724afbb69d55e81568c57c9af5495616b4

SHA256
b4bb8d7c1bc384cf51a212955e133128fa7f7f9d6359f40f25aab38a587e25f6

SHA512
8ff0bf257566acf637c031f192756ca367c511ef319965d0c2f66b7d33cd61e664c358547660549f7222c3b8605521a8a1e23b7a4b2b339460cc3ce0b36b4026

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
dfbf2a1c4791b94246a6059a1caab63f

SHA1
7a91c5ad1390a258a81cba04348cdbbe0b5e130a

SHA256
cfafa31ddec515f1045a0648831034ab9a28f4aaf2a8e5c209eaaa845cd55a7d

SHA512
9f6b9ce2bcd99a19bccd40de4ad0657ea72d02d59c1941b82a6874eb9421abbde54e8a0222c647f7cf0c1d67dba80413f6dc9d53ca03d10daf3697c004b40705

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
ef914ba7c879324851318ca793dcc0eb

SHA1
12a9db5190e0e3c9c689c511c0e3e57a6ee5dff7

SHA256
dc7ed2212da21a6b17c07d042fd13441600d34c35e905d88fca66a00d1e15f3c

SHA512
bc1625f58c309c7c6abad7e2a7101be7456b6da2f2e03393063cbbd2b4537f6f0ee68a7ebff20d4a4af7e8f74d751410f9968cc805742f25ec54ee4efb79e21b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
84258de2bbd3c60e616e9b5b7f7a0011

SHA1
314756a81c162475ff8820cf6d43b120d11efb7e

SHA256
003a2e8697b2ea223cd7291afba643da0ab26ab10581262184c2556c6047f5e8

SHA512
19f47f6887791e05e6458c4767d387b796792e71060e4de53ade9380835384254ff99474d9d2221d89cfc23c773ab3cefd80428b94d6488c2a54a25c50f4bdf0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
f5c3cda2cd59770b81e2796a74eaa740

SHA1
80c9240626dddc0c4ca77fea5416b3182a2c7f10

SHA256
36e964055999b5a90195c5aa056f743f35d251d74fa32abaedd3ef0b56e33a3d

SHA512
e8fa57cbd3f89343c253e31103421c4ce30e930d5147e9c91e554f04028d555ba6475ff08af3dec9e79f891440ca20d16ba539d4ed3c55ffc306d97ccfd1d0db

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
2301287d7fbbecb3032a21299edc5555

SHA1
c692a58980655bd37b94e0d913a4ebc8510da391

SHA256
cb701f4ce9a8206d575414b7d1750f6c4a72ce2f6bdc99395a4423ff32f840b3

SHA512
fe418603aa0bb62c8c6b241873c527cfd543d965d10f22a942f879b9371626bda3a3973a644c89a403ec8f6001b7e18782df4548990ffbd0a0c1bdd4c5058f3a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
a3f818f8aaa4e0b7f3dbe5e938ff90d1

SHA1
36087c50bb59019f145fb6060c0851e5546919a9

SHA256
e3f2916da657f9733070bd797b9c0d0226470d83288811a312d009c391d02a9d

SHA512
a41dee932a15c7314ff2d0be68317857f82dd696e8601919bb1218a2a3a5d02709d52e413317f432ed1a595aa2d14471cf43496a45508b0fb6efc3ce02e6afe9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
254faf9367e5be749b53a1b2e48da0c1

SHA1
a4602d26f92e561a3f61fae791e001ba9154bff2

SHA256
9279871c162fd3f88bd3c935925cea18b93cd96b165bf15fc539d5b3d465e0ba

SHA512
133f550bd9e4653603c9e0bb36f637daede322b556acbb582cc7bdc7d8b855a07aa39f5cbf237d2fb7fc72b5800f000e839b839fb566a895d72819bf503ee7a3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
8b6ae35709ac5e0a8c12ffbfd1674160

SHA1
f220990a9d9314e1900ba2b502e2de6b9e082d93

SHA256
f6eee8a39f40872b41cd2a1ea4d35e76f9011412eaa3e955a610197ca1097d7a

SHA512
787ad9d67b209f5f61f49db7ee12f86f57720f7e94ce9bf2f2143680a7a8144f3234bcde66f833f469dfd2303db3eaf1a0b06a9d580eea9c2034f2db8b0f556c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
9c20269d447aa06d97b1e68c3ba693a1

SHA1
b304d13290f84b3fe86d015d887939a549b465d5

SHA256
196d0b4469c202ff126eec569831a6a9c1e1826b14869bb0ff0c8be68b39b47f

SHA512
2b99f8bc9b181ff1026c86f660d087c530889d285b1bc30250c98da3e1759c522cba3711bd86f6d36ffb87e49011367267369041287362bbc8c499e774cbd30b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
70870888f2a58c87049411a9e99eb137

SHA1
c7f40e891e095d864cb740c2396b56ebdf8a4722

SHA256
bd12556c38a981ac0003c0d0e554f1a9ae0e5e37117d99489978fb50fcac5e7a

SHA512
64af7c47b48fc6f14ff81374fd6f94e07b76e63b09fe73dae5a5377851426adcbe040cf3866a96d00023692f2021750a405294a21796f5951fbf6d725b984fae

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
ea4cdeade71fc9b99e32d0323153f38c

SHA1
6c6cae005e8ad88408276a5f0f09effa3fb7b49b

SHA256
a369136911234875039de1a12954ca4585891884cf767402c11ef3d84a103c4c

SHA512
f3bc501bddddb07813ba7bec6902c7ddc7ed7b652d6756cb687964e6ac8bba26212ed28c5a38e8f8edc7497ab4c0c5401d3288c2bb729dd1840be7b337c55fe1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
ff1e9cdd5d9087ae5ac24f949f3ec7b5

SHA1
b1ca61c851979c3c88f06bd356434ff36e7785b6

SHA256
65058b621417f6311fd5c0e02e49b6fe55904176ba9712412e8b88888c4d33f4

SHA512
088cb2e34019cccef3d3473c6e464fc55f4a9d796dfeae360bca28df3efe9dc4a6b6c3ee80ffc24226a77277f81276f2424694e8475385dc649ae63e8bf95444

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
df310528d0989b1b64831b547793e061

SHA1
8a9b4621bec770d5d8e9ca35419f7f0295e4070c

SHA256
c323fcb895ef9ee970a5486b5830a98d22ee6131d815cc133943d406aa8c9cc3

SHA512
fe76884a36d7f8e07073fc0f7d16b93ed2b6de9714f1713ed8f6958baaf13d5906e1e895e5862545a68d741eafbcbc1c77d73388025568979cc5030b2ea42a4d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
fa7f31e585fe3448aeabf7ec20509075

SHA1
145afabef33cc43d0704cac9b3e8d08310983472

SHA256
0b9045166d37e1310021cc17d24d9f9397ba516ea5448a0a5b7cc1a26bedbaa6

SHA512
33875b1edc79125ac8475ac6ed3f744ebdafe3a977a245a82c06a6ad0e90ddf3a944cb580db81f778af5aa0693029c9cc049619c0d998c0bc89a0cb5f2142d24

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
46249596137a2ef7b6ea416b8bb47b53

SHA1
d2a3fce7d5a56d7770862b51ceaef05657dbedbd

SHA256
b3b6867ec103cf839d8deb970c438a406f54ab26a41c61fba79158d68a524933

SHA512
c14479607d96c9affdcde62cfea5e2f8484cf48e4b0c260ab13deb3e608b80e1b11e07846408470eaac5942d1caa6f7a50c17bddcf4b86edae4955bd3e6b5634

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
fdac914de41eeaed9a958c6b557ee36f

SHA1
6964396c1587874b2ce568ca0fc6ae384417ae25

SHA256
a614a2360efd37f3b67bd1f21cab67acb7eb3b4cdef30b337c86323d74ee85f2

SHA512
1ef136752af32a8253e0750b4d4cd922de9f06f4b0475ee6ba76c3064f4a537d6102f8d369d15b2dde89665a7ebe77ab16e9bb3bd92aed055409c664e9b52110

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
200fcb4acc6ee327afd70286eee21345

SHA1
5885270cd0553fbb2390df9d21bc43e17e69773b

SHA256
c83deba8ad4db254f3cc33b369846540eeb792b650ae39ab309662d27be4ef62

SHA512
5f6cbd172edcbe95a7531a7cada9369831c0a3a654292644cfe3c1bef239c19c6e2f0cdd19b3918e90fdb7e29d8b28ed7f7f5fd626dd30a9799993aaa7d2adb3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
30a18b6d95911ebdddc1ead0285f3e95

SHA1
655b92501e12e6735d168858b9506e80deec9d7e

SHA256
28926817a06cc5f9b5be810a347b476faa8dddb9fed2d00ae068359c4b7d1ff6

SHA512
305580735904708d1396777cf5467630eb4a34b943f2d4892b3671b988c274262adbb80d4f551915d1880769b6aac29d25916b18899a6a74deb8046c1278a7b9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
697abc33c59c2f67ba147bc12ced22e6

SHA1
9a1506eae2a2d0ffa1f8912adc80b04d30a8cd51

SHA256
1b16b5bdd14f0e705d7d626f7e73bf6eabcab5303eccc3837fa8ddbef1048d8e

SHA512
3bdce922505c97b63e2e317559591acde297db63a103734c4d041ca2700929ae62f16eb8f26dd41c19359e8f5db7b90bbc9752d12445c4832777dfed1072ca9d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
9f165280bbd859b637b59b1effbb8111

SHA1
cf176c964e0bfca9eac3a0d27a36e72ddbfaf91f

SHA256
40ba8d410c54aa08232c50418a9dfd8cd2c9968a927f6929256465b461acf2cd

SHA512
f3e26d12431acd05a39d6c9870a974e0b845ae755414fd8ef2e633891213eb3cd9f3d3816fa87462da2d012ee55b97275580608a83d9b2c289591561ecab5b7d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
73ead20bf8c544629f92646377df030d

SHA1
de6ab247e1ba248cb0ebbc3af94467f826596d60

SHA256
005c57c18077429961c343327ab251e1d6d1269f95056ab357ddcf8bde6e4ab6

SHA512
bd3f3b8d3e7af2ae561c60a0856a50345565bbae962ba7d3792820f4156e1ce6265bf391ce32dba75ba151f37071d67ab145f94d00d2ee1a862427de2929cfc5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml

Filesize
247KB

MD5
3ac7b8a400e4c0fa25c7809be5e9d602

SHA1
6c10c5230ba419c45f06eb20ecba105048a11bbb

SHA256
6bfe2917b33dc9095fa79b7cecbdcffabdfdd41405020bf7d003e9dc70bd8901

SHA512
f5cf95d802e6e13313fd21f5ef3a15e9fcb9dd092e7909ef11581dca1a28154da3bf8c7b790907c554f60f82dde613ed5b8457b1c88ecd4262636971cfb04f4d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\TALK21.COM.XML

Filesize
807B

MD5
9009664a617d8249331c7cdff00dd649

SHA1
73ad7af39e990ddbfa1c4cb22db0228f8d8838bd

SHA256
903abf02610fdcbbcd23af47a3afe299ce25ec18c90f67232a40a5cef35f8dfb

SHA512
29847ba1a592f224fe8b29170986b5ae111d8de42a928eda9d35e3fafc7c956df69e545d11d79192670e1c79d9afbc47d4d067b44c701dc823b152a0aea974a7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.XML

Filesize
806B

MD5
371dc3828772b579388f54d55b97b119

SHA1
f7fcee9785ed5f8681dbc98bcbc01c8bac5baf1d

SHA256
cf9442480533f012eef88300028e4797e0c673bd9df2fa53f892e0236dfd0412

SHA512
baf41988a23524138eaec868cb857cdea0b11b36476737d8157387cea6c17f6480544e01f18f9533c22e5f2bcd27346f4863bf0464a5fdec7338075b824c2ba5

Download Submit
C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl

Filesize
5KB

MD5
a6ae8db527950806cf5c4ff90c4d214a

SHA1
a8e534e327237590a2608b20f3a86913807132cf

SHA256
5f217c062cf3c67cdd7db3a85a6f4b0105a237dd95a847daf00a228768ae562d

SHA512
1d246e5519dfc8ee2da99150c61a32234364c15279eed1215f6765d6b6eefe056c45f9b033db572f76ff710cbb5119e9c2b60f8e84dc64afb5afaa7832dd5190

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll

Filesize
809KB

MD5
bf9a4846aebc7c05f454f8a69acc261f

SHA1
06d64d3bf050b2f7d7b362004671f839f4136967

SHA256
c6210e253086e72c6f3f7c62b1a6b9227128780733d5785b8648d1c71c3a7865

SHA512
df903a5aeb044f60e28b0017f9cc2cc11c48d2e2204abeb8c689f3a788ea31aea2751ccc3f19dabd3b211319625c311090f474ede802940393ed449268a137fd

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
4dc9bd6202a83a6d822592b05e9c5b36

SHA1
3c6778ae92c5d7f2429920e93ccfa23d09c501a9

SHA256
4f4c6b0458edd400d0555af2e57c1d35b0555134d41751c64248a95742b73f3f

SHA512
3020ca978b154dcdb45d50d9f8f988bfca050d9164ad4d5c4cff0b5fa3112d78f9e942a2c4d93665dca700c22524355bd794825843e3e449b44394973bc7c80e

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC

Filesize
27B

MD5
cda93a7a4d59748f32eb7786acb0bfd9

SHA1
58968eb5144b708a8e55aad0c04580e1951a9360

SHA256
19d776d99b83d04a620cbcb223838902695b22fb328e6eb8dccbc1454e821da2

SHA512
3b26d4ef527b757f88eaf8c697c6d5f0fdabda7a5ec5a02a0a2384e890ed137189c5b1019a98bd5a95999a6083fdef099ed207c4381644f8e6fe54daa54df5e4

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5

Filesize
27B

MD5
4d57f6a09f7c9ce5e360ad1b76d5e4b6

SHA1
7ca65fa6f5dc7fa1358750020f57093bd7438ba9

SHA256
50673f7e41f3594c92e9fb7dc72ebeeecc897c4d936e55632ac98d7bb871373f

SHA512
dfd9e32a707dcaffcdfeeb3dbc8aba84b2a69191673956c46fd80e93660620e0b04644a0973709aa6598f228a14d9c8511e44c894166bdfd053429fde1beee30

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10

Filesize
27B

MD5
e4c3b78273bb993089d93a319d0a0681

SHA1
76c2724f7f86a2d6d44107c6ffdb1a78b46992eb

SHA256
c746577cac28d123cbcbaaeb7a8006d218738076374b068859d494b7b3067f16

SHA512
93d16d99a6cc3c68b2fa5de8c3f7279c1205c7cfeaa5d8122e97f0a28a4fed68774f402c540ba3fb2fada0b3d0e7ec301568c217a05b2d173d7e2ce3b134f80e

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7

Filesize
27B

MD5
20a901a42a0aa6ce9cd35803c50bf804

SHA1
f32d9bd4d14a5da1cd326e2029b51c4912cdaf02

SHA256
30402268b722689ef82a43f9e0393447177c3e845b2dd305b6aadac1c437f1e3

SHA512
9538819f395a57a0a2e78dccb9cbf4d14227a08e4ee8f80e6e5cd4c27a6f143d62424313243ae800d964bc4fe31541842516a5cf8b88acec6612e483bb4711d9

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
63b9946224b956f89c16f0e242f4397b

SHA1
372691809fadb5265b4df41a39490a024bd786fe

SHA256
85d49f22739171d00e52e0bab4c10e89ed3f10e148aff965a57a7ca2f90daa05

SHA512
72825f7e378ecd52069119ee98945bed4cafd6635a16cae6b669f24fe2f3cf0ac71c6f72764b9e67040e5acb14b834d77574601398439abf584fcff69943d9e3

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
daff72e68bf9ef721b768d40a637a53f

SHA1
01355379ee8e807a687948fac07696fd6566cba4

SHA256
32e719e5bd32494dfd3764f38c1e4e9417fe0f66c627f4b7c5a0716207b25eaf

SHA512
54c688bc1e666c33a732f8b01c01d41367e41924c9deeaa92dec6f658e5e3098f8c6bacbba0297fb5984b5210c2040938e7d41dd49a3531c79d35bab79956447

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf

Filesize
57B

MD5
cd58288d3d46a2e8760375c80d5e9293

SHA1
eb292462cfdf388f415c6a69fe6237f1a8a71599

SHA256
914f17281cc79c00adf4e70bc1808308d91a759ebeb2f87b122df16a6fc56c97

SHA512
ed6666597baf8343649951dfcc0fcc06bcdac16887316fa7b56b4c3871f4f06c33248a50f5c38ec7ce23aba1a50f7d367940e6551101861ea5fe145ba57670ef

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
3fec8ea007a8aeee8fec78f53e007ea6

SHA1
f491bb8b2ad6850ce0ea1727ff4428fc86c53fb9

SHA256
c31ede88df6a1f7dbedfe22f8fe22d0a6c2ca7657d82e3ddf20e0d261a645bfb

SHA512
c10aff7a30d4a11e5b37e97a68465658565433c772c41125356d5346eac0fdaeddccdd11cf31e90bc33cb95f8a4aac81bd594a21e356585a33deb94a97cc6aaf

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA

Filesize
7KB

MD5
781cd9508791115346c662880cbae5a8

SHA1
ec829c33591a6561a1fe93c3f5584289266abe70

SHA256
c157a0d4699104baad007ee15d05624d5e5c44f7edee74c4a099d83df0a4ef0f

SHA512
a5fd081fe2db56e0a0bdb61bbb791b72001a3042c58193990e40515c7dc9b96bfbe5404eb33bd3645016b94b5a72f0e47db75ffe3df0867594b9c097d31e52ef

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA

Filesize
7KB

MD5
a01fc8b11dcfed48209b66c663f92bac

SHA1
4903692cb952d7b281887e7779874459d2be0ad6

SHA256
7579b19fe0faaeb0b01c1cbb791a7b53f48b34c02f667412bb6bd3541fa3b54d

SHA512
5aad8abcac6accd1d7416ae22272792d308c04d8e165b63b95ec76b495fb695011a77b84c6da8907cbac34ac0a96f1968b154ae21b6ce229879b6bd693d4cfae

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF

Filesize
133B

MD5
400956f098c13d57e621fe2510767e78

SHA1
acb8d6d67153b759df1c909df70288122e42bd9b

SHA256
3450492d666d01b599d7f42b596558fe7a86b24469f90882a14440ce51f836c3

SHA512
1aab15f5558e41588a76f30fa15a758960263f29a636e3cd237c4acbc7f75e2e8d423600fb8754dff50da58eee70adb64b6630034ec52df059f0b6f3054a4764

Download Submit
C:\Program Files\Java\jre7\COPYRIGHT

Filesize
3KB

MD5
d46f5e617a464681f042f1163e6f0035

SHA1
f7c20deab5f210017f43d6c05e7b0fbed8bba07f

SHA256
0ea5d346cb3df6e14d433e434a7c8ecd7dd83325c11dab82f0895a5594325978

SHA512
589febd99a1fba4e7a0b8f9e49b22f8ea0eba3dfe4bbbf928f1b062a7d8c5f31d50bab88d4a00b7a6a9bc277832f32f3da83afad263f32ef2e008ecd66a91b2c

Download Submit
C:\Program Files\Java\jre7\LICENSE

Filesize
41B

MD5
46d991ef003465999c09eeca695bd8b6

SHA1
b8ea3388b622397994f96810772f0ca1967be2b6

SHA256
b31ac4965e6aef292e3c60883ee1dd18dd344a5c7971807bd3a757a84683c5df

SHA512
0e9e34c98fcedb4161e1d9f658b0fad1bfdc95c8e56610c55fb4e7ee3e0de0ee35f541916f5ee7d52266c257949ee4c5f3700e6191c981672aeb913b72f1fb17

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
3274b5753af25043c4d25f1c7cd6f8a5

SHA1
8beac4389d41ee0a9e3339bd4da464f4fc119a4b

SHA256
d32044698701c9107b393bc113aaaad2880467fc67e354af74d2b361bc402926

SHA512
da2eaf3ff5170a964aa33f1dc2e7dec4fb69af9d6e80ee53b510b740ce2336da7bb7653b39848bbfe647cc2ba09316f9459f45649361cbb3385b21c7ee6add4d

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
bf0b9baccb7d27fc891cb650c4300de3

SHA1
b374a5a5e833465484fafa60d7668a2075a59360

SHA256
946e353eb5dd2705b94888ff62a6605b5aa6ad77da1acc946e9b6e830877bfb4

SHA512
121af8476fd54defb4e975b4d3734c19a2bd156cb1328b7f0ae38fdc9fd2a2381b9ff9e99a7dc630f8cee5f4e12911ea61eb3736b6df8de3d2ba9cbf6015979a

Download Submit
C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties

Filesize
3KB

MD5
ccb6f914de523e82298bcc7d8b1c0759

SHA1
e895f87adbb839e48e8e2e3b3e6796846e290897

SHA256
8774a66c3403c6f573c9931ffc972612a02876d42f90fdd88785a9239e90f3e8

SHA512
820d7d8939c1a26d015ee0721ea11a7cef674c5256978a12e3344cc6bba072a4617c77b66b0e2fc0d600f9a5f06f314e611090213dd9ac67e020893b35fab84e

Download Submit
C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia

Filesize
27B

MD5
9dd485f8389f769b5c3c6738a7a54eb8

SHA1
6f8e4bd340893aea89b628cb800decd742938cc4

SHA256
cccd2ee6b0254cdeed2223ccaeae41ab844e86261bd680aed4b99a5a73d5c76c

SHA512
974dc1585418f58c6af8cc90c5a1b7dd56aaada2b16beddc141d0ab82358f5cd744e0cd773da7120a0d04be9bb19ae0b2b1f6bd2a4f5471a6cf6b290e38e8c01

Download Submit
C:\Program Files\Java\jre7\lib\zi\CET

Filesize
1KB

MD5
efb8da49307b189e0e2f25ef9e28cece

SHA1
5103a1eedfc0330b57de8a46c50cbe43292cef46

SHA256
3c20c7fabd7dbaf72c814e4e893df29629b7fef578734c2f141b1083cea8855a

SHA512
7d6ebefdea9ac6aa75a9d325a95ac87b4bf2ec8c143176ff5ac3278100b92040d0c78c109fe97bab6ee3e7f9998afc69c3fb6f91c9751b0b9c35af9e139bbe65

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4

Filesize
27B

MD5
a07b54a49e7fabf5962b4ddf6e1bd29b

SHA1
032d2ad089f243aa7d9ebb150b3fd44ad9c31b81

SHA256
ed113c778d1652614de9e15af80021903c23a53d09de778cc6afef1b5d7c94df

SHA512
218417425f69892556df4e17a4f974deb325727e0c0b4a2287077d3ff1ab067821fbfb2083aeda181316bfb9bc3a0712ecf52ca55764130b50094f302abf5ecf

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6

Filesize
27B

MD5
f4d8511db5e893ee11366827e5f81e93

SHA1
49d3c2f60e845799142efd98f8590aa937cf27ac

SHA256
6c5ef573bc96ea7d4d8ac3c5ca879802beed32abaa19559f0b754667147a6730

SHA512
9b209c1446019cdc1659fe7c506e9cd057fe0f066743125ded45bec055039ae56c7497f8d140b1096abb72e3ea26e16f8860cd2ac02f9ada7fca1dc67e02b06a

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8

Filesize
27B

MD5
d74b4f034b50c3278e17e15f3d083acb

SHA1
31a147be5e9a56eb07173d573a81278d78daa04a

SHA256
e72a8cc3c4e666fda551bfe3d073ccb6962f3445d6988ebcfd36a5f3eb8f63bb

SHA512
5c81122dfb6731efb688dde8eb243234f0b9a1515e08e0090dba165e1d40baf8601fe4985038cf8375c9ad77f4c1a61c7567c7bc95c8dfb924b1817af00364ee

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9

Filesize
27B

MD5
585cc73d599344efbb063aa52e69a0cd

SHA1
100631b62261331fd62e427be855af2a3907349b

SHA256
8d00313ba35b8cfa400d62e437f77b25550b470c28c9a94389de1038ff56ca84

SHA512
9d5ec7acc1e03e4ce0c9513c58f6e53c5a7a160ce78a96ac49499a0e55779715a24b4bc6b16faf0181149fad0ad281818acf9994972ce06954dd55a25d8b7e2b

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10

Filesize
27B

MD5
0b8c258c6f07b3834c2106b60756e5b4

SHA1
b1bc19eb9e3879c1d12f9a14185a9f9195e9c7a2

SHA256
97c1bbd6e839f0b99925999fa7ba46d71591218ce8863e3f1e93c6e258141b12

SHA512
a9ec50e4492ed8472dab2a295f1da8e032348fe674508d3739e24044efc7118aeec1c8378a30eef4cb37b75da43a38d9bbae75536a9cff35f84fd5f30b85412c

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7

Filesize
27B

MD5
6b4fef0f58bf0d11f8b40111e89c008b

SHA1
2bc457ecfb3ffba12dff240a2f4c858fe89e1ff4

SHA256
691f53faa17f1366db01c6824ac7d86556f8c7ae02de3263de96b6a7fa45df11

SHA512
28f5fe4168cce36df68d22bc3230164b4b7aaafe372a4eb638357e65ffecd140583581696f240f7b4fb6f1889cde33f861d386082062ae855504fc2098f26cd5

Download Submit
C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo

Filesize
584KB

MD5
356eb356d46d6c156866032ca9e7a3d0

SHA1
4262ef5b6a6caef14e474b906533e7e37353af42

SHA256
fc7bf719b8146e4de91d18f2ea908dcebbafdfb5c397c7ef567151c0a088f357

SHA512
c5420122bf7773a7bd6663791094e0a0560c555a715123b3078753a05ec07dcca04d5e73bb43f62fe8162dd6e44330a19260694e514d3fdfe9330bdfb4f6af73

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MValidator.Lck

Filesize
4B

MD5
b1819aa38dd3fddf2b0499e14c1eb223

SHA1
be645f6b63baf5da3c5e065c54f605a9793f83ce

SHA256
63549c4789267a9204475e5151b71c9588b35a2a0aff766fbaf7a7e0910aefb7

SHA512
5e5b91219c1436738b0d5edf56fcf6e292bafa6f5039e73cea1420c82c2678f02966263f0a5fc6e0e7c2a95c1652051f2b83299b7e5b8e2a9831a30a15b5ceb4

Download Submit
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000

Filesize
240B

MD5
f4e07f3edd37ed0e1aa691344ef92140

SHA1
adbf0c71de6b2953b13752c9b2c70167958debe5

SHA256
7283266f3845e9055cea851224fd885ac70ab6f3532ac9dac3b1649e343ce8ba

SHA512
3c556ff49ab02735b66388adda7353129f0ef4d108fc900c1112fead8f5dcc02616f3423571af60b8948ad35c608aa2fc3d38116f5820e6188373443be1db59e

Download Submit
C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi

Filesize
180KB

MD5
bed93e486060f98e84a70154e74536a8

SHA1
4acc1f7b5bca5a3b02211970e698f7710a52552d

SHA256
43b977804238e2673e40c375de4ddee21d83b4457ff1cc79a69284b912ec0acc

SHA512
65158d4780782c358450884e23e6027c3e657c97c0c88a0479f687c032635f0c67dc4c42df98f8b28fc2f36a4ab5d2ea02154b5638943ee7a7cf74d2a9bf1ab7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
c094601eea3e04ff40734c8b0288d1ba

SHA1
aed700ae74b3807eb1dfc1ac78caab62a3e2360f

SHA256
0cff048d2e0a95f2f2f343191614b91e44f1786850b5b756b2620181ec196d2b

SHA512
ec6b624c1625d0230ee07c948ff562e4470c1d7cfc7ab0c3d504e62d08054c8ac61fe664759c6ea50742dae3b1228985bf9f8507c2afdf53f35af2aee442adb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
80b59e61c8a2086f33db19fc900eb71d

SHA1
0706ba00b4b44e07bd8fbd3a53e424711d372845

SHA256
6be1aedaeeee9b6a425e3e5c3cbbed1015be79aa6e684312843efb2b3522a3aa

SHA512
5459e6666fddc33120d540dc91486f407af2b5f9aaf3dda1b7a416d3b4b7a18845823bac3c8bc1a8b496c239f29b391c464d389ea9d5b7c42964b7a202cfe7a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
8KB

MD5
c9b6f0707b005fdecdbb82a07ee2ddae

SHA1
bfe342382421febf4887b1a7d3aa90888836ea36

SHA256
3bb856bdc3aae76f73dc49482ae26aeded2731025826d7eccd64daad3db3dad5

SHA512
23e6f68a0d50f9f33eec553201a8814a1042af391d837dcc68a797496915873ef2de2a2d5b124dc719842547b0676f5812b7d12c161b46cc9937a0d15442511a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
90f968afb83058c702cb20d420417e7b

SHA1
eb96eb0baf32c9a421375409ee88513fe1735c5c

SHA256
a797bb473f198bc72904113b88eabc2566df399b224a59673ad972eb4da0ccca

SHA512
efdaffd1bb494ef0e74cfe32c9b5e012dadfd0e068707e138f22921e034ddc702cd6cae167353b2068d7643ffdb94e33d27f026ad63bd754f2fc261e5015428e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
8KB

MD5
1984268f962e3c76a5d29e29a2e5a882

SHA1
6fec09fb26f758d9901b61e7ce78f0bda796364d

SHA256
a273e221c9e07ea63176cb22bb194a64197ecd55a8f1d72a3116f875b07f6f35

SHA512
480b0bc11c530d66a424d38cfd94213123d3a4b3214d67196337d77bb583dd320569e947363e814f8585462853e58f56b889522849a47584fb164619d23680a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\TN6BGAW3\desktop.ini

Filesize
67B

MD5
cd5be1b0ff1afe2e18bb7cff453c2d78

SHA1
70c72755dba33e570d3699515e1c9448c5e4a2ac

SHA256
308dddb6de14e1b54406afeb437a6660d7d0418de565a4c045d46b0760a5baee

SHA512
9a9f5777a2bf6b305201e88fa63e5f8ecce4265006a002552d2cfc49ed00bf405c834ea5f3d99dbb3b0ed6494cc343ee014446b2ec9b636b09c72bd568938648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms

Filesize
28KB

MD5
4787b70c61d8595e4ad5b3e4e8cf4fc6

SHA1
1bf42495e1b99b53fc399065dad17b14fdb04cbd

SHA256
fe9375c2f9123b1f4bf0021c48f0915301aad42fcf1041033cb8d1d76bab7d1a

SHA512
ff10247e02ba6fda7dd009e74861ac8c460e154bbc42ed4ff58332197807a7aff3c6b7ca7520a28b9d47713610367006c2053afb246f395b1d6e2b8b1cc1f59d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini

Filesize
645B

MD5
6ce81a0bc02d431e2c62e1442eb7df04

SHA1
fc717b54b5f8d201082e64c730f8cb6446121d2f

SHA256
1c05f28f00524598bc4228baf89226d44000b4ef86dea745d60e72d5d18791cf

SHA512
18cc455246aa5c0ea0dd216d4530666dfcd85433744fbd8c37d7c890ce6fe35efa901f7e262d2728282aa8793fc55ee529efd906b98e8ad781bf182b994fdef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01res00001.jrs

Filesize
512KB

MD5
87a7bd472db5f0a7987a119f7ce37bda

SHA1
41546a3e9905d3b71ed630128231d94c587e97fe

SHA256
7c061c1dfc76f4434d39fca8cfcf06803dac43fdcd61cd1a2b6e51bcac1d3dd0

SHA512
69c12050a37f3d44f384764ba85637366e810f679ac408489d262d14d6b0ed7b248606d7cd54c2fba36569e3cd14709b922952d2c850cbe5ae1a64bf3ec2c228

Download Submit
C:\Users\Admin\AppData\Local\Temp\delself.bat

Filesize
190B

MD5
458572b98340c906125b1613d0a7d433

SHA1
0500cd437edab8da6b8f7cc2ac34d3d6856bf200

SHA256
06d8efae4b871c09ba1506fe5979906c36d71cf3771b7e8c5d7d67282b8840dc

SHA512
43e5a9cc4825bdb42c1a3fa4c61933aad8b429b1d02a222918f28d3578a607edb42c7dff7375b11180a6c0514b1c939400f8dcafc5e4ab3a93d3f5e2dda69cb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\delself.bat

Filesize
200B

MD5
b3983389c22ce7abc8d7d533ec4a6e35

SHA1
0000be94a2dba6c8ddfecb14201b27fb5bfb87e8

SHA256
d5943bf46ba851a1531c92f373cf52042c8c9b13fc2032405620d466815ca58e

SHA512
092a32eda2f272ec4f3149e7cc63557b8d3aef8b3366e899335da46718b266446a17433b281a282a4d36665dfd330e81e6a620df41427df60abbbdaab602d8a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite

Filesize
48KB

MD5
89170592f6fdbf6920272a6a66fc03c6

SHA1
5efbe756194899692bedef42887f20143be1d8b4

SHA256
d090eee98951b4a7e8026b7efb7388e536bf8fa18bd29dd0a8d1a35f53644493

SHA512
dc937ea3bb6be94261395b8b97e70d354bb8e52d422939cb079625c4dabe921aa013a5f046504fb3e208f2c33f4992cefb44538e5f6c23e3a8c18ee181054a76

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
ab8cb12d08aba01c0a4e8ace0bcd66ba

SHA1
b8abfe25e7e00d6e4058522cb34bd2f7227b41ca

SHA256
e6a1f978bec77b22ab2c19bdf869a265684046bcc8ca21c3689010376c8604bc

SHA512
4a2ddf852763a3063ef2870ce5f2d69f44e8d5859954d5e8a552ecc2333143ec74a70733b4602505d8fcbd085ada869fdd3d50ecb79c44cef5517811f198d62e

Download Submit
C:\vcredist2010_x86.log.html

Filesize
81KB

MD5
5fd32ef3f055ed73cdb7a6fdeba4f8da

SHA1
4b545ef66c77b825a17d67662ee80fee72895e14

SHA256
cd0e2bf4be817f77015c492fc19d87efba966b35f355f06ddfaa936a7f8cd656

SHA512
92bbbf036407a4442db03c5a8eb50e9cb6ac5b5b714040f0107edf0a7676f9b859e57ca1a08082a991915ca1b1b34dbffaf0d90722cb7755113e13902f4f56a3

Download Submit
\Users\Admin\AppData\Local\Win32.KeyPass.exe

Filesize
2.8MB

MD5
6999c944d1c98b2739d015448c99a291

SHA1
d9beb50b51c30c02326ea761b5f1ab158c73b12c

SHA256
35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282

SHA512
ab883364a8907636c00a4d263670cd495d0e6c521283d40c68d47398163c6ee6647cfbbc2142005121735d9edf0b414ddac6ea468f30db87018c831eaa327276

Download Submit