58e30f939535c1c2d65fbab197f4a6816931522b8513d8261154eb86f6e28579

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 13:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
Size

2.8MB
MD5

6999c944d1c98b2739d015448c99a291
SHA1

d9beb50b51c30c02326ea761b5f1ab158c73b12c
SHA256

35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282
SHA512

ab883364a8907636c00a4d263670cd495d0e6c521283d40c68d47398163c6ee6647cfbbc2142005121735d9edf0b414ddac6ea468f30db87018c831eaa327276
SSDEEP

49152:0u1ImfQE5L1PtWHeHoQAOs1dKvHHg/o2S1pj798JGKCO8C/eZRwCr:dzV5JPtWHeHoIs1dGHHx2S1998JGKCOC

Score

10^/10

credential_access discovery persistence ransomware spyware stealer

Malware Config

Extracted

Path

F:\$RECYCLE.BIN\S-1-5-21-1163522206-1469769407-485553996-1000\!!!DECRYPTION__KEYPASS__INFO!!!.txt

Ransom Note

Attention! All your files, documents, photos, databases and other important files are encrypted and have the extension: .KEYPASS The only method of recovering files is to purchase an decrypt software and unique private key. After purchase you will start decrypt software, enter your unique private key and it will decrypt all your data. Only we can give you this key and only we can recover your files. You need to contact us by e-mail [email protected] send us your personal ID and wait for further instructions. For you to be sure, that we can decrypt your files - you can send us a 1-3 any not very big encrypted files and we will send you back it in a original form FREE. Price for decryption $300. This price avaliable if you contact us first 72 hours. E-mail address to contact us: [email protected] Reserve e-mail address to contact us: [email protected] Your personal id: 6se9RaIxXF9m70zWmx7nL3bVRp691w4SNY8UCir0

Emails

[email protected]

Signatures

Renames multiple (9828) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

Processes:

Explorer.EXE

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Active Setup\Installed Components	Explorer.EXE

Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
credential_access stealer

Windows Credential Manager
T1555.004

Deletes itself 1 IoCs

Processes:

cmd.exe

pid	Process
2800	cmd.exe

Drops startup file 3 IoCs

Processes:

35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\!!!DECRYPTION__KEYPASS__INFO!!!.txt	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\!!!DECRYPTION__KEYPASS__INFO!!!.txt	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe

Executes dropped EXE 5 IoCs

Processes:

35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe

pid	Process
372	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
2904	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
2824	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
2708	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
2736	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe

Loads dropped DLL 5 IoCs

Processes:

35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe

pid	Process
2316	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
2316	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
2316	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
372	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
372	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops desktop.ini file(s) 64 IoCs

Processes:

35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exeExplorer.EXE

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Games\Desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Public\Recorded TV\Sample Media\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\4FXYHFK9\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3D87ST3G\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-1163522206-1469769407-485553996-1000\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Public\Music\Sample Music\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-1163522206-1469769407-485553996-1000\desktop.ini	Explorer.EXE
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Admin\Favorites\Links for United States\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Start Menu\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\JEDNWX6E\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JFE2I4S\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SLTOM5C\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Public\Pictures\Sample Pictures\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\$RECYCLE.BIN\S-1-5-21-1163522206-1469769407-485553996-1000\desktop.ini	Explorer.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini	Explorer.EXE
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Public\Recorded TV\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Public\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini	Explorer.EXE
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Ringtones\desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe

Drops file in Program Files directory 64 IoCs

Processes:

35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe

description	ioc	Process
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUB6INTL.DLL.IDX_DLL	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\Training.potx	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Windows Photo Viewer\es-ES\ImagingDevices.exe.mui	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Java\jre7\bin\hprof.dll	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0215086.WMF	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked-loading.png	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\macroprogress.gif	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.png	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\22.png	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Oriel.eftx	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\BANNER.XML	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\HEADINGBB.DPV	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\ExecutiveMergeLetter.dotx	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\picturePuzzle.js	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\!!!DECRYPTION__KEYPASS__INFO!!!.txt	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Goose_Bay	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Java\jre7\lib\management\jmxremote.access	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_Earthy.gif	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\!!!DECRYPTION__KEYPASS__INFO!!!.txt	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME06.CSS	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\OrielResume.Dotx	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Java\jre7\lib\javaws.jar	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libshm_plugin.dll	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\CGMIMP32.CFG	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\BRCH98SP.POC	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\47.png	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\!!!DECRYPTION__KEYPASS__INFO!!!.txt	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099200.GIF	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\PIXEL.ELM	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GROOVE_COL.HXT	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR8B.GIF	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\EVRGREEN.INF	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\en-US\wab32res.dll.mui	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\picturePuzzle.html	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\DVD Maker\Pipeline.dll	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\ja-JP\Hearts.exe.mui	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00190_.WMF	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\OMSMMS.CFG	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01751_.GIF	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File created	C:\Program Files (x86)\Common Files\System\ado\it-IT\!!!DECRYPTION__KEYPASS__INFO!!!.txt	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\OLTASK.FAE	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\POST98SP.POC	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sk\!!!DECRYPTION__KEYPASS__INFO!!!.txt	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File created	C:\Program Files\Windows Media Player\en-US\!!!DECRYPTION__KEYPASS__INFO!!!.txt	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

cmd.exe35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.execmd.exe35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

Explorer.EXE

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	Explorer.EXE

Modifies registry class 5 IoCs

Processes:

Explorer.EXE

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_Classes\Local Settings	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	Explorer.EXE

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

pid	Process
372	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
372	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
2904	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
2904	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
2708	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
2708	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
2824	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
2824	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
2736	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
2736	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Explorer.EXE

pid	Process
1624	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 16 IoCs

Processes:

Explorer.EXEAUDIODG.EXE

description	pid	Process
Token: SeShutdownPrivilege	1624	Explorer.EXE
Token: SeShutdownPrivilege	1624	Explorer.EXE
Token: SeShutdownPrivilege	1624	Explorer.EXE
Token: SeShutdownPrivilege	1624	Explorer.EXE
Token: SeShutdownPrivilege	1624	Explorer.EXE
Token: SeShutdownPrivilege	1624	Explorer.EXE
Token: SeShutdownPrivilege	1624	Explorer.EXE
Token: SeShutdownPrivilege	1624	Explorer.EXE
Token: SeShutdownPrivilege	1624	Explorer.EXE
Token: 33	1884	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1884	AUDIODG.EXE
Token: 33	1884	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1884	AUDIODG.EXE
Token: SeShutdownPrivilege	1624	Explorer.EXE
Token: SeShutdownPrivilege	1624	Explorer.EXE
Token: SeShutdownPrivilege	1624	Explorer.EXE

Suspicious use of FindShellTrayWindow 47 IoCs

Processes:

Explorer.EXE

pid	Process
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE

Suspicious use of SendNotifyMessage 39 IoCs

Processes:

Explorer.EXE

pid	Process
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE
1624	Explorer.EXE

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

pid	Process
2316	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
372	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
2904	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
2904	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
2904	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
2708	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
2824	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
2824	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
2824	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
2736	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe

Suspicious use of WriteProcessMemory 31 IoCs

Processes:

description	pid	Process	procid_target
PID 2316 wrote to memory of 372	2316	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	31
PID 2316 wrote to memory of 372	2316	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	31
PID 2316 wrote to memory of 372	2316	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	31
PID 2316 wrote to memory of 372	2316	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	31
PID 2316 wrote to memory of 2800	2316	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	32
PID 2316 wrote to memory of 2800	2316	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	32
PID 2316 wrote to memory of 2800	2316	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	32
PID 2316 wrote to memory of 2800	2316	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	32
PID 372 wrote to memory of 2904	372	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	34
PID 372 wrote to memory of 2904	372	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	34
PID 372 wrote to memory of 2904	372	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	34
PID 372 wrote to memory of 2904	372	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	34
PID 2904 wrote to memory of 2824	2904	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	35
PID 2904 wrote to memory of 2824	2904	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	35
PID 2904 wrote to memory of 2824	2904	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	35
PID 2904 wrote to memory of 2824	2904	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	35
PID 2904 wrote to memory of 2708	2904	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	36
PID 2904 wrote to memory of 2708	2904	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	36
PID 2904 wrote to memory of 2708	2904	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	36
PID 2904 wrote to memory of 2708	2904	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	36
PID 2824 wrote to memory of 2736	2824	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	37
PID 2824 wrote to memory of 2736	2824	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	37
PID 2824 wrote to memory of 2736	2824	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	37
PID 2824 wrote to memory of 2736	2824	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	37
PID 2904 wrote to memory of 1984	2904	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	40
PID 2904 wrote to memory of 1984	2904	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	40
PID 2904 wrote to memory of 1984	2904	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	40
PID 2904 wrote to memory of 1984	2904	35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe	40
PID 1624 wrote to memory of 1436	1624	Explorer.EXE	46
PID 1624 wrote to memory of 1436	1624	Explorer.EXE	46
PID 1624 wrote to memory of 1436	1624	Explorer.EXE	46

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
"C:\Users\Admin\AppData\Local\Temp\35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Users\Admin\AppData\Local\35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
  "C:\Users\Admin\AppData\Local\35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:372
- - C:\Users\Admin\AppData\Local\35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
    "C:\Users\Admin\AppData\Local\35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe" --Admin
    3⤵
    - Drops startup file
    - Executes dropped EXE
    - Drops desktop.ini file(s)
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2904
  - - C:\Users\Admin\AppData\Local\35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
      "C:\Users\Admin\AppData\Local\35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe" --ForNetRes x5I74v4h003xJ0iyhUfHQ8W6o0RDSicmSfg72KVA 6se9RaIxXF9m70zWmx7nL3bVRp691w4SNY8UCir0
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2824
    - - C:\Users\Admin\AppData\Local\35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
        
        "C:\Users\Admin\AppData\Local\35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe" --Service 2824 x5I74v4h003xJ0iyhUfHQ8W6o0RDSicmSfg72KVA 6se9RaIxXF9m70zWmx7nL3bVRp691w4SNY8UCir0
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:2736
  - - C:\Users\Admin\AppData\Local\35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
      "C:\Users\Admin\AppData\Local\35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe" --Service 2904 x5I74v4h003xJ0iyhUfHQ8W6o0RDSicmSfg72KVA 6se9RaIxXF9m70zWmx7nL3bVRp691w4SNY8UCir0
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:2708
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\delself.bat""
      4⤵
      System Location Discovery: System Language Discovery
      PID:1984
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\delself.bat""
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  PID:2800

C:\Windows\Explorer.EXE
"C:\Windows\Explorer.EXE"
1⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops desktop.ini file(s)
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Public\Desktop\!!!DECRYPTION__KEYPASS__INFO!!!.txt
  2⤵
  PID:1436

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x51c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Windows Credential Manager

T1555.004

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1163522206-1469769407-485553996-1000\desktop.ini

Filesize
129B

MD5
8964f74114f7d0a16c5c7fdc1b5cd2e4

SHA1
fbe0e81274a273bfe06a3652ccfd128285bc2a2f

SHA256
668a5b9d313bfbaada40d4e25b6ce0f55d07ff83ac47c26ebc2c6dede763ba57

SHA512
8a01e71400ac8d1ef1174b4e1e0d6fa3b1a24034ef0e2b864f975afa4dae1120e5c9b6ff614500d98eae25e1b42d4895d0906ebab2b897433166a4e861d37f11

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML

Filesize
582KB

MD5
ae4672326f935e8fda0275ccbf6d0d56

SHA1
59799215328f11eeb332578528082cef34b39dcf

SHA256
84607ab80f956674ed2c43dca857152694be7c620827ab374e321571d319bb6a

SHA512
9eb809a54b91d30563634206a1c2e55f4d35757e45544e552754714d6314a22e37442d9c0e9286e306fc01e853eb00ff8e94421565f8870419f101328b657ee1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_F_COL.HXK

Filesize
114B

MD5
8d10d878f388b5c7726ff3433fc79204

SHA1
45b25f38831830f7c935e87475c7888f365cdd22

SHA256
e05db82824103b6d5c322c6880e85a5d00b36d9335740dc66b30095f966b10e7

SHA512
1c4ea5c3b7299dd57e204af74ef8e6cb1f5b07860c519c96041577be8622ab1ea66ad5831fb2548f7813af2d7d39a0c942f6e8bf3f0c0111d890cef4cc8d00ed

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_K_COL.HXK

Filesize
113B

MD5
36b3d706127f67f7b6a44a5f5ed00b2c

SHA1
059220c9137ec81b2903ef0183730664b6e68e88

SHA256
0404439dd2d4f55740bde30183f35c6d124cdf925199c2a557dc92a9db1316c1

SHA512
ba63b8dee51efbf5efa6d71f60afc25ed4ca41b4e8f675f6424c607832d61877bd1ae59957977767b3003da99625d0be60ad3a40cf3629a255e74d247d0b5583

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

Filesize
341B

MD5
52d7b4c065fc1d588bd6e81a3205ceb5

SHA1
3be9267f2de77f713d89f7082074cb3c7ce80223

SHA256
ae9bbba7dc89d6729c2f4581b6f1f56cd2badaff73a1cd6747712ed9e98d4e0c

SHA512
23cbfa104aa8cba3116e96eff43a6ed58c1f58939a39b2c8d12ff7a7fea8e383a092cd08a0976ffd2e676d934b399c7810e675f21aff3166cdb5da13f668ec0b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

Filesize
222B

MD5
e4e4cf6f3212f0c69a156b73cf6968d0

SHA1
d209cef66f2308ad74ad7a7a7023f09ffcd965ce

SHA256
0a61c6a7ab34d5df358564ecb26457a7c73b6385f63cb345bcb349839c4409ce

SHA512
9c10d96915c9c06a4402db7a721625526802edc354cb6a777af6a8f476a0712271087c1312602b8c15c5ab90238defadcb12ec0445d232f884d3963a3399c47e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\SIST02.XSL

Filesize
239KB

MD5
4799a20596957e80f04182ec1716d551

SHA1
e76f10a116a2c4fa4c7ea2c4302d8693c68307ea

SHA256
ce875080c613ec47d13c0c831d7ac1c345ab3da69b80497417dcf78f9b9c696c

SHA512
8436fd059f934c545a2d39e9cdf321d2c563545155f43e5f92ffa467ce23d01489df31e61ed875851a05ec2bd3602f55a89a0d5df27d3b4c3a87b0c365b7c618

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

Filesize
24KB

MD5
0195ecbf4454ef0dc683e99adbe5fcee

SHA1
d7bd5f0f8663d18b728f254868f26d4362a91aee

SHA256
5e4461c84d7e3df93f241cb092363446dbfe3369073d30a7ddef94ca93defe2d

SHA512
e4f7e6363e8ec64f20c2fa48a0ae7e79266a602d7ac21ccf9717c1c5768380a7d5bce6f7d5096a39b2ca7c124b72a1d02c42ba40a171e5ce36e440f2962af8fb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

Filesize
185B

MD5
b7bc13b8c8367b0a4a8d2bf9266a1f0e

SHA1
6f38ed1b7078598953145405ac697e51ddf94b0f

SHA256
98907029ef08e17c064e9494c4ea7250c898baaf396488e36394fa4bd5e374ab

SHA512
262e691ad84da03bd4c49aa92caa613031e27a413a9ca757c4225288354b51bd65ce79a84cc3acbbff0e4ed655ae676e67edc432abdb6d2215909df68550a1c7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

Filesize
496B

MD5
e862debbbdb2e021cacd1725cba30745

SHA1
55258bb5569824b4e60d635d002ef6080c5a363c

SHA256
84a5553a3c0c191052669cb1e067013c9c58079700a374e917f0ecdc16ee1596

SHA512
d756f549fb7559c2ceaa897ed019f4f93c480f3f33ca68b8a53e3689867a5d8e107522c41b28caf79c5e2a8e0c8d599ce5e7a5cf7b4bf81e6476197a973b148d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

Filesize
1KB

MD5
e4c450fdd1bbb719a7d678c4f989a366

SHA1
bbcf5869c7caee7c261d5689286b10a9c5a71dad

SHA256
5c50742363e7b1ecfe4b93660496a06212a2e54f6e8f994020440acf050afa73

SHA512
c34d7c1362f0668c130a1f2012994b83e31249cb1c2a6beb5dcc4ff4c807010c65a83ef42e77263d1560027f0059ab6549f846129882de100966b7679a124450

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
eaf1dc1d9a7abbf2b62ff40c3376dff5

SHA1
05b0cfdacc2e6833625c24c8f40689e5d9c6780c

SHA256
4db1820915b860088d68f68885caf19fae2dbcd7c5b3f2259c5de477bd41680f

SHA512
f58d5146482c379da4509548e1b0eaa469d8f5216096ef607a38da70afb81fd8eb54d01b1aae4e823d88840c87b7a6bc997a822371f3c73db551f0b85a9897f6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
6a306d125a8382e7637713db9e8c999a

SHA1
0a512d07fe1d69e0f8e162ecee27aa815439e6ff

SHA256
7c0a63965b06ab37293ab2a14c432d86bae0a02cd94818b2b566a4593e25d47c

SHA512
ebcffe1ba2b27141a082d7eb229905b1c857a6dc8216a55890dd19ae0b2bd3c83ddad3460265676e0dd89f909a7af46d752815268c4cde09e9458ebb7b089a7d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
df21adbb0024c558202038325a451754

SHA1
c1116607adf5b0859869b6569bc3ea9896db9436

SHA256
81ebf02d6eed6cc3d167b5eaf2a95a882a7e50f9ec21b38a5cb7885c5148b58c

SHA512
590b3b57fc68c967c7785b594af4ca50f0e6a81d640a793079520972c07f40eb8aa290a6306436311f3b09083e8c231313b47144ef23b8b5f5dabec2f1a8a2e1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
06006943faf42a04ba0f9b14d0c8155d

SHA1
14f344aa5db18bca4a5ad57f4accd90b9c4152b3

SHA256
ac03e08f610b04e5bef6a896cf1c00801d16a4728c9306192c6c533632550daa

SHA512
e8cefbf7f1c8ae1f9b6e41e993ededbfe64bdab9e06f28c5c4e468b54e6974e0a648240ebc7b53eacab0098b5c73d34b7d0383627067318f6effe15b5a84e5b0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
106B

MD5
dc8112ae8504289472cf9b80a6aef5e2

SHA1
94a0552eb8f3d5fb97d9052c93a6abdfbc16ba1e

SHA256
09bba55e23a8833eaac5a359c707f0fa07959baac0f37f62a2ef35aacadce509

SHA512
a52f8970e16ddc49c156b53c15fe57e7a94e965e81a41c4374eabc3080e497bd1e0e8e14601880854546046366c3161463f48c7d046a273b64b6f3a8d1e72e7d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
b33281349f5000185d167afc641faf5e

SHA1
7d2cb3c991784828c374dcf1f490ce72d7cf83a0

SHA256
ad393167ba5612082bcaf324b25a8e81c7cea500b51f4c6bc7c5a0676cdd0586

SHA512
a832d3020bcfda99ed27202802d560a20ecb8f6a00efb8cd703bd8b915e9a93dbfeb175fb952be5d5d1d6e364887f029374ab398973e53a9bed11f9412fa6ed4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
14dd36f07b097546cd4525f1c4388151

SHA1
cb2aba5a0f02140639a35b3daf319e4422225e07

SHA256
40290b0ca2c546e7f2c8db5a5f236566ebda1b8dc9349a180cb94a11ea5cdf02

SHA512
2b75d93a359a0ffdc300986467416180b0bd63b89ccb9eec2349a1fcf32a587c755ebd529da80206a9e48d825a9935da777ff513de19d8741f2621b7edf0464d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
cfb02edfdbdd9ed54d1d2560926265c8

SHA1
769994b8b748b230aca3c1c4eecf1af9c67b7381

SHA256
947cfeee232612b3ab3cb5cdabceed02d6fc8452fc7a1ad9c4a888be8b5cb17d

SHA512
9e4ac3f927ec8f20d228471634c226884717273efbb428d481a78bc0dbdbcb5728aa4eaf6b4a013d0ff566f4d2c59580686d16af5da8c10cf64aa97926cabff6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
ef51f420d92d8c8d1e5d362eb54d5f46

SHA1
04917f29d04a2420930be95facda1aac076b4237

SHA256
036108fae5d71f68c6764513febf9baf8e49ebed53b6b7f19196e702da27014b

SHA512
021d977a980de3f8a6c5d6489c6a3dfbc1b6d2f1e739679abb69769d66da0d99f9539825dc3e8f68b4ace48392a63b64daaa02bbd8fe2fb613e2d1f8c00a7357

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
c7330345bfbb102db3004fe5f2a7802f

SHA1
1ab084640ae544619726f1d2c5b6423da602e05e

SHA256
08ec90ce539ef610f8753b3c1fc745d0bb5f4621d80e6f493aab6f18a5118e03

SHA512
07a4879406ba99605abe3d4d926a3a8b39a92480e93c41e5e2c541c8d88dc5a669b50cd462b1c54411e85cd09dea992a38998c542c90c0ec14450be8e9e651fa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
d238d0dd974b8e3a7fe09cf14b4f04b0

SHA1
f091edf1f060a5338fe76257eeb825570b5ca3fe

SHA256
ef8179b8bc153bc437d1b84274ecc8448076d646f4cf21829aeddb75a09383ab

SHA512
9a0044417d2a4794e1c429382d5b56a473b696681e03b76af9b642c29ae3c8e9beb7d0f3432045c3f707e6be298d205aac4fb84e208781273a46830820931430

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
369e205a610cab65c15f8965af6094cb

SHA1
bd03e0b7291788a522c72f647c51ae1071ef387f

SHA256
04dbc9dd3f1b92313c210f0410ed1e6fef5b386b0b4762e521d68912bcf4173d

SHA512
94dd7e731def9cf4f2b22e10cfb99703e9252658f7c38d0fe0ac03662786d84123f7c1ab75f0157144e49c5432043d9fff8865e43d278480667aaf748bb0c1cf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
ea910dd6cd19fffd51de14d2579e055b

SHA1
0049af78751115e9b9e1c821adecae7007f20d2a

SHA256
2ab06730fab323024085d3ca5faad1d44d8633ff9ebccd10f29e2fa6961a9a0a

SHA512
1e414afb2f50b35320c468702afa688af5d93d40cf758dddccd292a4f5e7ee7b49d98c3ce3b7753d62e15c786bba441d0d98d4c409783c367b22461038cef0ae

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FORM.ICO

Filesize
318B

MD5
2ef9b426f6c7707589d9d0bd73af4e72

SHA1
e6a0ac87ab4a3d0d7b4d95b8230f5013e91a9541

SHA256
07dabe9aa7b3d5282701a4d7287a009de6794fe42a336fe2517765ce1c7ac9f9

SHA512
0544736773cbaaa90163fbc45b039cbe1568f73d6f68b4772cd770293e55f6a3826bd1f555527ab67545725bc0523cf8d9254494335c3d17363640c6d24c0bd3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
0c4b57c70c58642039c4a1e143447fe3

SHA1
a39c0f1bb8de878497aecf6f6e0d2aa1d4e66901

SHA256
5c708e6399f47a1014fbc142c21bd4d1d0691294b7e351e7ef6e0d4efb56fb39

SHA512
f60eb7d0c8077c6ba080244f745c1f9168065abd5fc68a98b784b9aba54a8299d6fae13d3caa02e32adc21cb64036cb5a2ea7beed7041de415f2e2f5ec20a492

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

Filesize
255B

MD5
5283a5a5e6ca14037baaf8a80602049d

SHA1
3249fdd11c7ef50a6c0200a853295929ea0194da

SHA256
20282de87c5ae8ad08812f042392723577dad552e7a10fd08f2696fe45cd92e2

SHA512
93b51140bf3dfa9140bfaa62ddfc18cd903627d36c26c8d9a627260aa62362b3d3b94d3172d53d788ca02978c5c640a9c35a6041c8012eaa93043c455b76b7fb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
323B

MD5
bbf27325e25f8a4cd8ae36df936cad1f

SHA1
a8c83d43d53914498e468ddf00a3780515e01f41

SHA256
e5faa2382c2e3eef2db9f7e0c7211e8bf1498f201811c0fba567dfed77815d82

SHA512
d1d24c201ed5c514d1ce50002b685fed5f53427ce7abf5c46d8cdbe9a6bde7e1f9bc920511b18361a308e6b0944980643aff2f47bd0abe2eaa02e64681a335ae

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

Filesize
367B

MD5
7eeb5489a375d5693e8686a8e9c6a262

SHA1
93d6880deace8d4f6db31a73115c8f883181810e

SHA256
60ab84a0553ac76c8c065141672a67eda8472dc92321c8f3bc78abd482338607

SHA512
d8646dcbf9c2e8e7ea9e818ce77fc3a81a53c9ebfb214eb850b3802bcaefb21b1211fef32b1e6bf66ff027b655b6d52171736a875e7ee9c9a36b92dd458f3e8f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

Filesize
148B

MD5
6ec140e430a80185837eebd41e5e004c

SHA1
193535ee98571fec6d930028a31a960e6b429dd2

SHA256
cc9a0c083957f6c708835f5ba137abe7c503009e5036602e5c58901ae41f46a7

SHA512
a023b58f40b5f5d51456783f1a40819dbcf1b82c606b5e10c61e9cf9878989fe4231f490a42f1506203a3f30eec0587f93e5b635dd20c3faadf7f755cde8a7ea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

Filesize
440B

MD5
b3b324cbeb649ec1503048653cfbed4b

SHA1
5a684f4f3367252f37f2c2da6c4479f459d2e42e

SHA256
9e2cede8e1249f2c40a6ac0bfa204d2d9bf9cfa124fe211c2a6f50b9e6bf90a2

SHA512
14ee1f4043bb7f2606ff761ea77dc759fa2a6e05fac85cb4b3fa9c36387d75ac4d3d4fbb79077263b34908492098dca3ee0f7981b3184e0dc2ae903c984c855e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

Filesize
462B

MD5
e404b5f67829b5a4fbe37b3abd0aaed2

SHA1
c7eea6baa398fe46c3eec61b41aecf1be47dd07b

SHA256
721732509c64d9985ffd1940d8efed2faa1d66814e506ee97f526e498d14cede

SHA512
b9461b485bad98839bf14e1229ccb4d7fb544f7f0b76d154c009b930226d6e3c23d6dc6a44d44c4e1400ffd7b12c3410ee60f7226b75cb04480e63f1241d665f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

Filesize
267B

MD5
b0c8b3128de53638924fe0fd09e4dd66

SHA1
1b3271c5fa9ae261014f494ab482d9a06744f377

SHA256
d7a80d904002106c51f88687284d377da82d6e94559f502bfeb7c187765469c4

SHA512
f0cbaae4aeb74f6bb382943a4976f2d70f40c5c0834f1428eb93e7e072b46a5f42c9403bef351a41a4f7bf8c29d8eb90d436c77c49afc0f5b1280713afdd1c29

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

Filesize
2KB

MD5
71c2993f804f8e2003e896253089afc6

SHA1
8c0a147fad3f4e861ed4fea84e491be914eea3fd

SHA256
f20adb4f2ad0b2950c72dbc3e30ec2aafde4c9a3ce4d64c2f45447d688b80d14

SHA512
0cbb6954e1c42b57f55574ecb51b396eaa503eec1b046bd273ff4de289edaf93a58f97419e7231ccd95555853e2d52764e0b736b39a163350c863cff199870f3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

Filesize
3KB

MD5
d3566b8700e2ae0f106e46b73f559d67

SHA1
93414da8beb85273ce6d8358436bfad0721de66b

SHA256
7475d31242b29fd83f88ec1cfa7233078cc388146b4b1d61078ba9a2282ea14a

SHA512
5f81f941a1bc375a4111e0be6576ad3b8856fc8cff569c24ecf73e438e9b082f57e79b84fa521eb2323a8f33acf2b143369dd2d898b2e298e92c8c2e53333ff0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

Filesize
462B

MD5
800b98790298ff9e276eedce97c41562

SHA1
001520046d0bad659eaba644453dea42fc0499a4

SHA256
9730674edd0b5ff12f2f0de719ced505204a6608afb28f72c3e7b46054769778

SHA512
1eb49515b44b89a6d5bf6a7d6df209a1beb46bc82999e68b4ca7e2ac76ba9897ecc6a184d142d56fe85bb17cc6f38f77a84f2b7ca0509116001335127cbbd263

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

Filesize
264B

MD5
e2c5e3388781810492147b1b99eafa7d

SHA1
f1e8c095f22e39ed67d982bdacd5558d2e9eb09d

SHA256
4818704f75d590b8bb918009e483f2ade4c58633206567dc60dfdc437068ca50

SHA512
992df0a6cbedf7c1630752337b074e94a9189cfd98486ab4d7bfbc457b3e42e2a0701c7d23dc13fa87812f27ae0a10bf42656225b05d508af5b7360d5f353be3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
233B

MD5
e1fe4fae3f9cff7c82f1245e6d29d8e5

SHA1
75503ec9061b401f0632cccb784e11e30931c632

SHA256
f5b4622ca041c0e17b3dd5dbcd46ce89e001ce24081444b4396bcf8df9319718

SHA512
177b08537e885acc7afc78fb0c951ba2ed41f86864940d9876c2040bd49595672149a77b164e93ea2c3a8f86871b0425fec55d2431b8a5fde5090c1861a4840d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

Filesize
364B

MD5
9008ae975d2ea32465f942942854c08c

SHA1
7eea1de42081bce86e2d024bd36f864b2c190e46

SHA256
31c8eca5c5fdc8505b478fb816b00cc6986c6bc0ef1e29ec14dd2a1148e10700

SHA512
00849f46513279ebfce51268b3619011effcc2a56bfeea4af80f11c8f88477170b0b66ba4a59bff457aab35d880462d6871c6a78eeb0ddce9258c8a581180297

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

Filesize
364B

MD5
f781315e94bb4f9ea00bdeb730bd7804

SHA1
1745185fa55c430d6da29ebab91197c92ffbfb19

SHA256
925112b9b2caaeecbdf8be8af79b270983e55fff839fef19f097378140a8555a

SHA512
e2f2cc2ebb23478ca8054038a10e330cb8ba42b87363a5b40104a2e2a236e5280fc88e343eff58c5ba95683c947a5f66e2e0057dfd91f140fc9c7c7e67e70796

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
8325b3b84d8f7f1c8e6af91349a0bf8e

SHA1
d6003b95a4c3cc06758a486cbd384dcef6971a5b

SHA256
599e69559e834bd8bf2e656b52b71d3127f5c8f3a1fae442407735597f5bf471

SHA512
1bf55e3afd6212128e14f69e372f13b0969ee823d472ef1e01f9f14e191ea55eff52f64670f45029c78a4b58283bebfafb12f41b180e62bb93a2ef997971c802

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

Filesize
428B

MD5
6c759885748a95da1eb505d7a933d0f5

SHA1
fe42d0bce97acc9baf8c114a0fdc74e452546222

SHA256
e4a36dd47836c34bf5158cd5bdfce3c634b0097de73101c72e018fbcd3bb866d

SHA512
ecb94bf506f3ac0a42abc42b5629756a414b787cac1bd89949e2154174ddb4db3c58df56cd606048e67f7d2bfad5131876cfba4a79599e3ef8d5c7be557d9b1d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

Filesize
26KB

MD5
21430d30c4d6b0132fbcc08b089d5dfe

SHA1
beead65017b2a4c06fcf1900a4f66bbf9a8369c6

SHA256
61a3ada9d283d40f5fea665c4d1cc8f86bd31bc38be19b6a2e0669e40737a41f

SHA512
de1438d0d03dd9757f6b7b0f76fc81e18d70a44b7780c08f2501c8e7cc0e166bfadea25bacb7784ac04ab14ecb20791f46971acc91aad1adc2aa13cf51474f59

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
815B

MD5
eaccfec83a5217a62fd3197c3496d3dd

SHA1
8ec3fc28da3d7bac7e40967e88b6bc1c551e5e0a

SHA256
faa690693d4ae76e5b09581c711452e75695a5706695d4472a302d1e2c5d3eb9

SHA512
201245f48ecdcedcd13fe748d0a24295c44a88a408de8fb0fd67ea283adb393b60b21c6eb7d8390a7ef479dca687fe8560a851ee3401d8c67e79c471f1e912d7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

Filesize
870B

MD5
b4f8902bc933506ab45d9252c6e8169f

SHA1
9ea8f196448c4d7a8bced63216f95014631241a7

SHA256
ce89cca25a51f081e4a6a85d522a70369d6a55f36bdd454cd452762ec47170e8

SHA512
3e00c84b49df1a6cc1bc9649dc3ebe2bdaaa3c945af9ebd57f49f2212132d9fe4a776fa51d74992c55d65c508d5332e2f4eefcca95a8f655447264e0dbefeccc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\VIEW.ICO

Filesize
318B

MD5
20d487db1a7fc5727f5106dbb78f7d29

SHA1
184bc1724afbb69d55e81568c57c9af5495616b4

SHA256
b4bb8d7c1bc384cf51a212955e133128fa7f7f9d6359f40f25aab38a587e25f6

SHA512
8ff0bf257566acf637c031f192756ca367c511ef319965d0c2f66b7d33cd61e664c358547660549f7222c3b8605521a8a1e23b7a4b2b339460cc3ce0b36b4026

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
dfbf2a1c4791b94246a6059a1caab63f

SHA1
7a91c5ad1390a258a81cba04348cdbbe0b5e130a

SHA256
cfafa31ddec515f1045a0648831034ab9a28f4aaf2a8e5c209eaaa845cd55a7d

SHA512
9f6b9ce2bcd99a19bccd40de4ad0657ea72d02d59c1941b82a6874eb9421abbde54e8a0222c647f7cf0c1d67dba80413f6dc9d53ca03d10daf3697c004b40705

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
ef914ba7c879324851318ca793dcc0eb

SHA1
12a9db5190e0e3c9c689c511c0e3e57a6ee5dff7

SHA256
dc7ed2212da21a6b17c07d042fd13441600d34c35e905d88fca66a00d1e15f3c

SHA512
bc1625f58c309c7c6abad7e2a7101be7456b6da2f2e03393063cbbd2b4537f6f0ee68a7ebff20d4a4af7e8f74d751410f9968cc805742f25ec54ee4efb79e21b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
84258de2bbd3c60e616e9b5b7f7a0011

SHA1
314756a81c162475ff8820cf6d43b120d11efb7e

SHA256
003a2e8697b2ea223cd7291afba643da0ab26ab10581262184c2556c6047f5e8

SHA512
19f47f6887791e05e6458c4767d387b796792e71060e4de53ade9380835384254ff99474d9d2221d89cfc23c773ab3cefd80428b94d6488c2a54a25c50f4bdf0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
890B

MD5
f5c3cda2cd59770b81e2796a74eaa740

SHA1
80c9240626dddc0c4ca77fea5416b3182a2c7f10

SHA256
36e964055999b5a90195c5aa056f743f35d251d74fa32abaedd3ef0b56e33a3d

SHA512
e8fa57cbd3f89343c253e31103421c4ce30e930d5147e9c91e554f04028d555ba6475ff08af3dec9e79f891440ca20d16ba539d4ed3c55ffc306d97ccfd1d0db

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
852B

MD5
2301287d7fbbecb3032a21299edc5555

SHA1
c692a58980655bd37b94e0d913a4ebc8510da391

SHA256
cb701f4ce9a8206d575414b7d1750f6c4a72ce2f6bdc99395a4423ff32f840b3

SHA512
fe418603aa0bb62c8c6b241873c527cfd543d965d10f22a942f879b9371626bda3a3973a644c89a403ec8f6001b7e18782df4548990ffbd0a0c1bdd4c5058f3a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
860B

MD5
a3f818f8aaa4e0b7f3dbe5e938ff90d1

SHA1
36087c50bb59019f145fb6060c0851e5546919a9

SHA256
e3f2916da657f9733070bd797b9c0d0226470d83288811a312d009c391d02a9d

SHA512
a41dee932a15c7314ff2d0be68317857f82dd696e8601919bb1218a2a3a5d02709d52e413317f432ed1a595aa2d14471cf43496a45508b0fb6efc3ce02e6afe9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

Filesize
580B

MD5
254faf9367e5be749b53a1b2e48da0c1

SHA1
a4602d26f92e561a3f61fae791e001ba9154bff2

SHA256
9279871c162fd3f88bd3c935925cea18b93cd96b165bf15fc539d5b3d465e0ba

SHA512
133f550bd9e4653603c9e0bb36f637daede322b556acbb582cc7bdc7d8b855a07aa39f5cbf237d2fb7fc72b5800f000e839b839fb566a895d72819bf503ee7a3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

Filesize
899B

MD5
8b6ae35709ac5e0a8c12ffbfd1674160

SHA1
f220990a9d9314e1900ba2b502e2de6b9e082d93

SHA256
f6eee8a39f40872b41cd2a1ea4d35e76f9011412eaa3e955a610197ca1097d7a

SHA512
787ad9d67b209f5f61f49db7ee12f86f57720f7e94ce9bf2f2143680a7a8144f3234bcde66f833f469dfd2303db3eaf1a0b06a9d580eea9c2034f2db8b0f556c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

Filesize
625B

MD5
9c20269d447aa06d97b1e68c3ba693a1

SHA1
b304d13290f84b3fe86d015d887939a549b465d5

SHA256
196d0b4469c202ff126eec569831a6a9c1e1826b14869bb0ff0c8be68b39b47f

SHA512
2b99f8bc9b181ff1026c86f660d087c530889d285b1bc30250c98da3e1759c522cba3711bd86f6d36ffb87e49011367267369041287362bbc8c499e774cbd30b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

Filesize
873B

MD5
70870888f2a58c87049411a9e99eb137

SHA1
c7f40e891e095d864cb740c2396b56ebdf8a4722

SHA256
bd12556c38a981ac0003c0d0e554f1a9ae0e5e37117d99489978fb50fcac5e7a

SHA512
64af7c47b48fc6f14ff81374fd6f94e07b76e63b09fe73dae5a5377851426adcbe040cf3866a96d00023692f2021750a405294a21796f5951fbf6d725b984fae

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
ea4cdeade71fc9b99e32d0323153f38c

SHA1
6c6cae005e8ad88408276a5f0f09effa3fb7b49b

SHA256
a369136911234875039de1a12954ca4585891884cf767402c11ef3d84a103c4c

SHA512
f3bc501bddddb07813ba7bec6902c7ddc7ed7b652d6756cb687964e6ac8bba26212ed28c5a38e8f8edc7497ab4c0c5401d3288c2bb729dd1840be7b337c55fe1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
ff1e9cdd5d9087ae5ac24f949f3ec7b5

SHA1
b1ca61c851979c3c88f06bd356434ff36e7785b6

SHA256
65058b621417f6311fd5c0e02e49b6fe55904176ba9712412e8b88888c4d33f4

SHA512
088cb2e34019cccef3d3473c6e464fc55f4a9d796dfeae360bca28df3efe9dc4a6b6c3ee80ffc24226a77277f81276f2424694e8475385dc649ae63e8bf95444

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

Filesize
615B

MD5
df310528d0989b1b64831b547793e061

SHA1
8a9b4621bec770d5d8e9ca35419f7f0295e4070c

SHA256
c323fcb895ef9ee970a5486b5830a98d22ee6131d815cc133943d406aa8c9cc3

SHA512
fe76884a36d7f8e07073fc0f7d16b93ed2b6de9714f1713ed8f6958baaf13d5906e1e895e5862545a68d741eafbcbc1c77d73388025568979cc5030b2ea42a4d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
848B

MD5
fa7f31e585fe3448aeabf7ec20509075

SHA1
145afabef33cc43d0704cac9b3e8d08310983472

SHA256
0b9045166d37e1310021cc17d24d9f9397ba516ea5448a0a5b7cc1a26bedbaa6

SHA512
33875b1edc79125ac8475ac6ed3f744ebdafe3a977a245a82c06a6ad0e90ddf3a944cb580db81f778af5aa0693029c9cc049619c0d998c0bc89a0cb5f2142d24

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
847B

MD5
46249596137a2ef7b6ea416b8bb47b53

SHA1
d2a3fce7d5a56d7770862b51ceaef05657dbedbd

SHA256
b3b6867ec103cf839d8deb970c438a406f54ab26a41c61fba79158d68a524933

SHA512
c14479607d96c9affdcde62cfea5e2f8484cf48e4b0c260ab13deb3e608b80e1b11e07846408470eaac5942d1caa6f7a50c17bddcf4b86edae4955bd3e6b5634

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
869B

MD5
fdac914de41eeaed9a958c6b557ee36f

SHA1
6964396c1587874b2ce568ca0fc6ae384417ae25

SHA256
a614a2360efd37f3b67bd1f21cab67acb7eb3b4cdef30b337c86323d74ee85f2

SHA512
1ef136752af32a8253e0750b4d4cd922de9f06f4b0475ee6ba76c3064f4a537d6102f8d369d15b2dde89665a7ebe77ab16e9bb3bd92aed055409c664e9b52110

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
847B

MD5
200fcb4acc6ee327afd70286eee21345

SHA1
5885270cd0553fbb2390df9d21bc43e17e69773b

SHA256
c83deba8ad4db254f3cc33b369846540eeb792b650ae39ab309662d27be4ef62

SHA512
5f6cbd172edcbe95a7531a7cada9369831c0a3a654292644cfe3c1bef239c19c6e2f0cdd19b3918e90fdb7e29d8b28ed7f7f5fd626dd30a9799993aaa7d2adb3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
863B

MD5
30a18b6d95911ebdddc1ead0285f3e95

SHA1
655b92501e12e6735d168858b9506e80deec9d7e

SHA256
28926817a06cc5f9b5be810a347b476faa8dddb9fed2d00ae068359c4b7d1ff6

SHA512
305580735904708d1396777cf5467630eb4a34b943f2d4892b3671b988c274262adbb80d4f551915d1880769b6aac29d25916b18899a6a74deb8046c1278a7b9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
861B

MD5
697abc33c59c2f67ba147bc12ced22e6

SHA1
9a1506eae2a2d0ffa1f8912adc80b04d30a8cd51

SHA256
1b16b5bdd14f0e705d7d626f7e73bf6eabcab5303eccc3837fa8ddbef1048d8e

SHA512
3bdce922505c97b63e2e317559591acde297db63a103734c4d041ca2700929ae62f16eb8f26dd41c19359e8f5db7b90bbc9752d12445c4832777dfed1072ca9d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
850B

MD5
9f165280bbd859b637b59b1effbb8111

SHA1
cf176c964e0bfca9eac3a0d27a36e72ddbfaf91f

SHA256
40ba8d410c54aa08232c50418a9dfd8cd2c9968a927f6929256465b461acf2cd

SHA512
f3e26d12431acd05a39d6c9870a974e0b845ae755414fd8ef2e633891213eb3cd9f3d3816fa87462da2d012ee55b97275580608a83d9b2c289591561ecab5b7d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
883B

MD5
73ead20bf8c544629f92646377df030d

SHA1
de6ab247e1ba248cb0ebbc3af94467f826596d60

SHA256
005c57c18077429961c343327ab251e1d6d1269f95056ab357ddcf8bde6e4ab6

SHA512
bd3f3b8d3e7af2ae561c60a0856a50345565bbae962ba7d3792820f4156e1ce6265bf391ce32dba75ba151f37071d67ab145f94d00d2ee1a862427de2929cfc5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml

Filesize
247KB

MD5
3ac7b8a400e4c0fa25c7809be5e9d602

SHA1
6c10c5230ba419c45f06eb20ecba105048a11bbb

SHA256
6bfe2917b33dc9095fa79b7cecbdcffabdfdd41405020bf7d003e9dc70bd8901

SHA512
f5cf95d802e6e13313fd21f5ef3a15e9fcb9dd092e7909ef11581dca1a28154da3bf8c7b790907c554f60f82dde613ed5b8457b1c88ecd4262636971cfb04f4d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\TALK21.COM.XML

Filesize
807B

MD5
9009664a617d8249331c7cdff00dd649

SHA1
73ad7af39e990ddbfa1c4cb22db0228f8d8838bd

SHA256
903abf02610fdcbbcd23af47a3afe299ce25ec18c90f67232a40a5cef35f8dfb

SHA512
29847ba1a592f224fe8b29170986b5ae111d8de42a928eda9d35e3fafc7c956df69e545d11d79192670e1c79d9afbc47d4d067b44c701dc823b152a0aea974a7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.XML

Filesize
806B

MD5
371dc3828772b579388f54d55b97b119

SHA1
f7fcee9785ed5f8681dbc98bcbc01c8bac5baf1d

SHA256
cf9442480533f012eef88300028e4797e0c673bd9df2fa53f892e0236dfd0412

SHA512
baf41988a23524138eaec868cb857cdea0b11b36476737d8157387cea6c17f6480544e01f18f9533c22e5f2bcd27346f4863bf0464a5fdec7338075b824c2ba5

Download Submit
C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl

Filesize
5KB

MD5
a6ae8db527950806cf5c4ff90c4d214a

SHA1
a8e534e327237590a2608b20f3a86913807132cf

SHA256
5f217c062cf3c67cdd7db3a85a6f4b0105a237dd95a847daf00a228768ae562d

SHA512
1d246e5519dfc8ee2da99150c61a32234364c15279eed1215f6765d6b6eefe056c45f9b033db572f76ff710cbb5119e9c2b60f8e84dc64afb5afaa7832dd5190

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll

Filesize
809KB

MD5
bf9a4846aebc7c05f454f8a69acc261f

SHA1
06d64d3bf050b2f7d7b362004671f839f4136967

SHA256
c6210e253086e72c6f3f7c62b1a6b9227128780733d5785b8648d1c71c3a7865

SHA512
df903a5aeb044f60e28b0017f9cc2cc11c48d2e2204abeb8c689f3a788ea31aea2751ccc3f19dabd3b211319625c311090f474ede802940393ed449268a137fd

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
4dc9bd6202a83a6d822592b05e9c5b36

SHA1
3c6778ae92c5d7f2429920e93ccfa23d09c501a9

SHA256
4f4c6b0458edd400d0555af2e57c1d35b0555134d41751c64248a95742b73f3f

SHA512
3020ca978b154dcdb45d50d9f8f988bfca050d9164ad4d5c4cff0b5fa3112d78f9e942a2c4d93665dca700c22524355bd794825843e3e449b44394973bc7c80e

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC

Filesize
27B

MD5
cda93a7a4d59748f32eb7786acb0bfd9

SHA1
58968eb5144b708a8e55aad0c04580e1951a9360

SHA256
19d776d99b83d04a620cbcb223838902695b22fb328e6eb8dccbc1454e821da2

SHA512
3b26d4ef527b757f88eaf8c697c6d5f0fdabda7a5ec5a02a0a2384e890ed137189c5b1019a98bd5a95999a6083fdef099ed207c4381644f8e6fe54daa54df5e4

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5

Filesize
27B

MD5
4d57f6a09f7c9ce5e360ad1b76d5e4b6

SHA1
7ca65fa6f5dc7fa1358750020f57093bd7438ba9

SHA256
50673f7e41f3594c92e9fb7dc72ebeeecc897c4d936e55632ac98d7bb871373f

SHA512
dfd9e32a707dcaffcdfeeb3dbc8aba84b2a69191673956c46fd80e93660620e0b04644a0973709aa6598f228a14d9c8511e44c894166bdfd053429fde1beee30

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10

Filesize
27B

MD5
e4c3b78273bb993089d93a319d0a0681

SHA1
76c2724f7f86a2d6d44107c6ffdb1a78b46992eb

SHA256
c746577cac28d123cbcbaaeb7a8006d218738076374b068859d494b7b3067f16

SHA512
93d16d99a6cc3c68b2fa5de8c3f7279c1205c7cfeaa5d8122e97f0a28a4fed68774f402c540ba3fb2fada0b3d0e7ec301568c217a05b2d173d7e2ce3b134f80e

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7

Filesize
27B

MD5
20a901a42a0aa6ce9cd35803c50bf804

SHA1
f32d9bd4d14a5da1cd326e2029b51c4912cdaf02

SHA256
30402268b722689ef82a43f9e0393447177c3e845b2dd305b6aadac1c437f1e3

SHA512
9538819f395a57a0a2e78dccb9cbf4d14227a08e4ee8f80e6e5cd4c27a6f143d62424313243ae800d964bc4fe31541842516a5cf8b88acec6612e483bb4711d9

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
63b9946224b956f89c16f0e242f4397b

SHA1
372691809fadb5265b4df41a39490a024bd786fe

SHA256
85d49f22739171d00e52e0bab4c10e89ed3f10e148aff965a57a7ca2f90daa05

SHA512
72825f7e378ecd52069119ee98945bed4cafd6635a16cae6b669f24fe2f3cf0ac71c6f72764b9e67040e5acb14b834d77574601398439abf584fcff69943d9e3

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
daff72e68bf9ef721b768d40a637a53f

SHA1
01355379ee8e807a687948fac07696fd6566cba4

SHA256
32e719e5bd32494dfd3764f38c1e4e9417fe0f66c627f4b7c5a0716207b25eaf

SHA512
54c688bc1e666c33a732f8b01c01d41367e41924c9deeaa92dec6f658e5e3098f8c6bacbba0297fb5984b5210c2040938e7d41dd49a3531c79d35bab79956447

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf

Filesize
57B

MD5
cd58288d3d46a2e8760375c80d5e9293

SHA1
eb292462cfdf388f415c6a69fe6237f1a8a71599

SHA256
914f17281cc79c00adf4e70bc1808308d91a759ebeb2f87b122df16a6fc56c97

SHA512
ed6666597baf8343649951dfcc0fcc06bcdac16887316fa7b56b4c3871f4f06c33248a50f5c38ec7ce23aba1a50f7d367940e6551101861ea5fe145ba57670ef

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
3fec8ea007a8aeee8fec78f53e007ea6

SHA1
f491bb8b2ad6850ce0ea1727ff4428fc86c53fb9

SHA256
c31ede88df6a1f7dbedfe22f8fe22d0a6c2ca7657d82e3ddf20e0d261a645bfb

SHA512
c10aff7a30d4a11e5b37e97a68465658565433c772c41125356d5346eac0fdaeddccdd11cf31e90bc33cb95f8a4aac81bd594a21e356585a33deb94a97cc6aaf

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA

Filesize
7KB

MD5
781cd9508791115346c662880cbae5a8

SHA1
ec829c33591a6561a1fe93c3f5584289266abe70

SHA256
c157a0d4699104baad007ee15d05624d5e5c44f7edee74c4a099d83df0a4ef0f

SHA512
a5fd081fe2db56e0a0bdb61bbb791b72001a3042c58193990e40515c7dc9b96bfbe5404eb33bd3645016b94b5a72f0e47db75ffe3df0867594b9c097d31e52ef

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA

Filesize
7KB

MD5
a01fc8b11dcfed48209b66c663f92bac

SHA1
4903692cb952d7b281887e7779874459d2be0ad6

SHA256
7579b19fe0faaeb0b01c1cbb791a7b53f48b34c02f667412bb6bd3541fa3b54d

SHA512
5aad8abcac6accd1d7416ae22272792d308c04d8e165b63b95ec76b495fb695011a77b84c6da8907cbac34ac0a96f1968b154ae21b6ce229879b6bd693d4cfae

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF

Filesize
133B

MD5
400956f098c13d57e621fe2510767e78

SHA1
acb8d6d67153b759df1c909df70288122e42bd9b

SHA256
3450492d666d01b599d7f42b596558fe7a86b24469f90882a14440ce51f836c3

SHA512
1aab15f5558e41588a76f30fa15a758960263f29a636e3cd237c4acbc7f75e2e8d423600fb8754dff50da58eee70adb64b6630034ec52df059f0b6f3054a4764

Download Submit
C:\Program Files\Java\jre7\COPYRIGHT

Filesize
3KB

MD5
d46f5e617a464681f042f1163e6f0035

SHA1
f7c20deab5f210017f43d6c05e7b0fbed8bba07f

SHA256
0ea5d346cb3df6e14d433e434a7c8ecd7dd83325c11dab82f0895a5594325978

SHA512
589febd99a1fba4e7a0b8f9e49b22f8ea0eba3dfe4bbbf928f1b062a7d8c5f31d50bab88d4a00b7a6a9bc277832f32f3da83afad263f32ef2e008ecd66a91b2c

Download Submit
C:\Program Files\Java\jre7\LICENSE

Filesize
41B

MD5
46d991ef003465999c09eeca695bd8b6

SHA1
b8ea3388b622397994f96810772f0ca1967be2b6

SHA256
b31ac4965e6aef292e3c60883ee1dd18dd344a5c7971807bd3a757a84683c5df

SHA512
0e9e34c98fcedb4161e1d9f658b0fad1bfdc95c8e56610c55fb4e7ee3e0de0ee35f541916f5ee7d52266c257949ee4c5f3700e6191c981672aeb913b72f1fb17

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
3274b5753af25043c4d25f1c7cd6f8a5

SHA1
8beac4389d41ee0a9e3339bd4da464f4fc119a4b

SHA256
d32044698701c9107b393bc113aaaad2880467fc67e354af74d2b361bc402926

SHA512
da2eaf3ff5170a964aa33f1dc2e7dec4fb69af9d6e80ee53b510b740ce2336da7bb7653b39848bbfe647cc2ba09316f9459f45649361cbb3385b21c7ee6add4d

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
bf0b9baccb7d27fc891cb650c4300de3

SHA1
b374a5a5e833465484fafa60d7668a2075a59360

SHA256
946e353eb5dd2705b94888ff62a6605b5aa6ad77da1acc946e9b6e830877bfb4

SHA512
121af8476fd54defb4e975b4d3734c19a2bd156cb1328b7f0ae38fdc9fd2a2381b9ff9e99a7dc630f8cee5f4e12911ea61eb3736b6df8de3d2ba9cbf6015979a

Download Submit
C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties

Filesize
3KB

MD5
ccb6f914de523e82298bcc7d8b1c0759

SHA1
e895f87adbb839e48e8e2e3b3e6796846e290897

SHA256
8774a66c3403c6f573c9931ffc972612a02876d42f90fdd88785a9239e90f3e8

SHA512
820d7d8939c1a26d015ee0721ea11a7cef674c5256978a12e3344cc6bba072a4617c77b66b0e2fc0d600f9a5f06f314e611090213dd9ac67e020893b35fab84e

Download Submit
C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia

Filesize
27B

MD5
9dd485f8389f769b5c3c6738a7a54eb8

SHA1
6f8e4bd340893aea89b628cb800decd742938cc4

SHA256
cccd2ee6b0254cdeed2223ccaeae41ab844e86261bd680aed4b99a5a73d5c76c

SHA512
974dc1585418f58c6af8cc90c5a1b7dd56aaada2b16beddc141d0ab82358f5cd744e0cd773da7120a0d04be9bb19ae0b2b1f6bd2a4f5471a6cf6b290e38e8c01

Download Submit
C:\Program Files\Java\jre7\lib\zi\CET

Filesize
1KB

MD5
efb8da49307b189e0e2f25ef9e28cece

SHA1
5103a1eedfc0330b57de8a46c50cbe43292cef46

SHA256
3c20c7fabd7dbaf72c814e4e893df29629b7fef578734c2f141b1083cea8855a

SHA512
7d6ebefdea9ac6aa75a9d325a95ac87b4bf2ec8c143176ff5ac3278100b92040d0c78c109fe97bab6ee3e7f9998afc69c3fb6f91c9751b0b9c35af9e139bbe65

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4

Filesize
27B

MD5
a07b54a49e7fabf5962b4ddf6e1bd29b

SHA1
032d2ad089f243aa7d9ebb150b3fd44ad9c31b81

SHA256
ed113c778d1652614de9e15af80021903c23a53d09de778cc6afef1b5d7c94df

SHA512
218417425f69892556df4e17a4f974deb325727e0c0b4a2287077d3ff1ab067821fbfb2083aeda181316bfb9bc3a0712ecf52ca55764130b50094f302abf5ecf

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6

Filesize
27B

MD5
f4d8511db5e893ee11366827e5f81e93

SHA1
49d3c2f60e845799142efd98f8590aa937cf27ac

SHA256
6c5ef573bc96ea7d4d8ac3c5ca879802beed32abaa19559f0b754667147a6730

SHA512
9b209c1446019cdc1659fe7c506e9cd057fe0f066743125ded45bec055039ae56c7497f8d140b1096abb72e3ea26e16f8860cd2ac02f9ada7fca1dc67e02b06a

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8

Filesize
27B

MD5
d74b4f034b50c3278e17e15f3d083acb

SHA1
31a147be5e9a56eb07173d573a81278d78daa04a

SHA256
e72a8cc3c4e666fda551bfe3d073ccb6962f3445d6988ebcfd36a5f3eb8f63bb

SHA512
5c81122dfb6731efb688dde8eb243234f0b9a1515e08e0090dba165e1d40baf8601fe4985038cf8375c9ad77f4c1a61c7567c7bc95c8dfb924b1817af00364ee

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9

Filesize
27B

MD5
585cc73d599344efbb063aa52e69a0cd

SHA1
100631b62261331fd62e427be855af2a3907349b

SHA256
8d00313ba35b8cfa400d62e437f77b25550b470c28c9a94389de1038ff56ca84

SHA512
9d5ec7acc1e03e4ce0c9513c58f6e53c5a7a160ce78a96ac49499a0e55779715a24b4bc6b16faf0181149fad0ad281818acf9994972ce06954dd55a25d8b7e2b

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10

Filesize
27B

MD5
0b8c258c6f07b3834c2106b60756e5b4

SHA1
b1bc19eb9e3879c1d12f9a14185a9f9195e9c7a2

SHA256
97c1bbd6e839f0b99925999fa7ba46d71591218ce8863e3f1e93c6e258141b12

SHA512
a9ec50e4492ed8472dab2a295f1da8e032348fe674508d3739e24044efc7118aeec1c8378a30eef4cb37b75da43a38d9bbae75536a9cff35f84fd5f30b85412c

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7

Filesize
27B

MD5
6b4fef0f58bf0d11f8b40111e89c008b

SHA1
2bc457ecfb3ffba12dff240a2f4c858fe89e1ff4

SHA256
691f53faa17f1366db01c6824ac7d86556f8c7ae02de3263de96b6a7fa45df11

SHA512
28f5fe4168cce36df68d22bc3230164b4b7aaafe372a4eb638357e65ffecd140583581696f240f7b4fb6f1889cde33f861d386082062ae855504fc2098f26cd5

Download Submit
C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo

Filesize
584KB

MD5
356eb356d46d6c156866032ca9e7a3d0

SHA1
4262ef5b6a6caef14e474b906533e7e37353af42

SHA256
fc7bf719b8146e4de91d18f2ea908dcebbafdfb5c397c7ef567151c0a088f357

SHA512
c5420122bf7773a7bd6663791094e0a0560c555a715123b3078753a05ec07dcca04d5e73bb43f62fe8162dd6e44330a19260694e514d3fdfe9330bdfb4f6af73

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MValidator.Lck

Filesize
4B

MD5
b1819aa38dd3fddf2b0499e14c1eb223

SHA1
be645f6b63baf5da3c5e065c54f605a9793f83ce

SHA256
63549c4789267a9204475e5151b71c9588b35a2a0aff766fbaf7a7e0910aefb7

SHA512
5e5b91219c1436738b0d5edf56fcf6e292bafa6f5039e73cea1420c82c2678f02966263f0a5fc6e0e7c2a95c1652051f2b83299b7e5b8e2a9831a30a15b5ceb4

Download Submit
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000

Filesize
240B

MD5
f4e07f3edd37ed0e1aa691344ef92140

SHA1
adbf0c71de6b2953b13752c9b2c70167958debe5

SHA256
7283266f3845e9055cea851224fd885ac70ab6f3532ac9dac3b1649e343ce8ba

SHA512
3c556ff49ab02735b66388adda7353129f0ef4d108fc900c1112fead8f5dcc02616f3423571af60b8948ad35c608aa2fc3d38116f5820e6188373443be1db59e

Download Submit
C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000015.db.KEYPASS

Filesize
189KB

MD5
cee301610c60e2cd709569a15d9403eb

SHA1
551315f5c11c3d41368f293d6c1da394f1e8c662

SHA256
48b0bfb69b64a47f0f98fc3d1d752e26a187b8dda97b10f8af0753d6e143fe91

SHA512
31efbaebfc8b8456cb73d3f3a5d2a5ca84199f4f8d861c71571d2f6338e01d95b81b81edf5fc85a87314e12403dc6368f430ee4e4974f3ef780cada605f1e5b5

Download Submit
C:\ProgramData\Microsoft\Windows\Caches\{B9E19B8E-E691-4FAE-AA9A-0A3FFF169246}.2.ver0x0000000000000001.db.KEYPASS

Filesize
2KB

MD5
61b9b699542e56d8cf4705ba689a38ae

SHA1
7e60018ba96ac86ce077e5b6781fc811824b890e

SHA256
201d0214beaccc32645427cea8e31cddad48476e6d166aa52e3db927d56266ba

SHA512
c04dc1a2366154d723cc22d671acb3abe29a7fb55793ea95fcef5fb81fad47def0797f4aa60a78b99d0e918bf4f656f53ceb1e46e7db163d7dd19133b32eee2c

Download Submit
C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db.KEYPASS

Filesize
405KB

MD5
bc0a9a52d33f3dc6747b07e512f20e67

SHA1
9bdd43bc54572d71739ba558de75c417ae82b188

SHA256
694815856395a353b90240b0d26ab630e06608a951ab04c4f542aeaff12fbc3b

SHA512
ffe4d8409c4a0fd2882f4e6fd82e126923122e4deff77bd7c2f6be5c0ded90e0690c4bd707f048ede035c444a1292e144891fe3a8899b7c2795edfa7a8ac7d56

Download Submit
C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi

Filesize
180KB

MD5
bed93e486060f98e84a70154e74536a8

SHA1
4acc1f7b5bca5a3b02211970e698f7710a52552d

SHA256
43b977804238e2673e40c375de4ddee21d83b4457ff1cc79a69284b912ec0acc

SHA512
65158d4780782c358450884e23e6027c3e657c97c0c88a0479f687c032635f0c67dc4c42df98f8b28fc2f36a4ab5d2ea02154b5638943ee7a7cf74d2a9bf1ab7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
80b59e61c8a2086f33db19fc900eb71d

SHA1
0706ba00b4b44e07bd8fbd3a53e424711d372845

SHA256
6be1aedaeeee9b6a425e3e5c3cbbed1015be79aa6e684312843efb2b3522a3aa

SHA512
5459e6666fddc33120d540dc91486f407af2b5f9aaf3dda1b7a416d3b4b7a18845823bac3c8bc1a8b496c239f29b391c464d389ea9d5b7c42964b7a202cfe7a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
8KB

MD5
c9b6f0707b005fdecdbb82a07ee2ddae

SHA1
bfe342382421febf4887b1a7d3aa90888836ea36

SHA256
3bb856bdc3aae76f73dc49482ae26aeded2731025826d7eccd64daad3db3dad5

SHA512
23e6f68a0d50f9f33eec553201a8814a1042af391d837dcc68a797496915873ef2de2a2d5b124dc719842547b0676f5812b7d12c161b46cc9937a0d15442511a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
90f968afb83058c702cb20d420417e7b

SHA1
eb96eb0baf32c9a421375409ee88513fe1735c5c

SHA256
a797bb473f198bc72904113b88eabc2566df399b224a59673ad972eb4da0ccca

SHA512
efdaffd1bb494ef0e74cfe32c9b5e012dadfd0e068707e138f22921e034ddc702cd6cae167353b2068d7643ffdb94e33d27f026ad63bd754f2fc261e5015428e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_2

Filesize
8KB

MD5
c094601eea3e04ff40734c8b0288d1ba

SHA1
aed700ae74b3807eb1dfc1ac78caab62a3e2360f

SHA256
0cff048d2e0a95f2f2f343191614b91e44f1786850b5b756b2620181ec196d2b

SHA512
ec6b624c1625d0230ee07c948ff562e4470c1d7cfc7ab0c3d504e62d08054c8ac61fe664759c6ea50742dae3b1228985bf9f8507c2afdf53f35af2aee442adb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
8KB

MD5
1984268f962e3c76a5d29e29a2e5a882

SHA1
6fec09fb26f758d9901b61e7ce78f0bda796364d

SHA256
a273e221c9e07ea63176cb22bb194a64197ecd55a8f1d72a3116f875b07f6f35

SHA512
480b0bc11c530d66a424d38cfd94213123d3a4b3214d67196337d77bb583dd320569e947363e814f8585462853e58f56b889522849a47584fb164619d23680a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\DQFI3FMT\desktop.ini

Filesize
67B

MD5
cd5be1b0ff1afe2e18bb7cff453c2d78

SHA1
70c72755dba33e570d3699515e1c9448c5e4a2ac

SHA256
308dddb6de14e1b54406afeb437a6660d7d0418de565a4c045d46b0760a5baee

SHA512
9a9f5777a2bf6b305201e88fa63e5f8ecce4265006a002552d2cfc49ed00bf405c834ea5f3d99dbb3b0ed6494cc343ee014446b2ec9b636b09c72bd568938648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms

Filesize
28KB

MD5
193cc9e575e10b1b232a4aae91a6a432

SHA1
ae5a7785be395406f94e643e83dbe02257886690

SHA256
956f3cff6ac26cec30ee741504c62fac5a0ffc13bdbf795cbc85690261f8caee

SHA512
fca0b12b3b66079ab7c5925cbaccc7dd796a27405486522a08c15d34d2c5acd4da92dda0471690a5209a384e40ddd41507e80257940d60717ab37759b082ce55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini

Filesize
645B

MD5
6ce81a0bc02d431e2c62e1442eb7df04

SHA1
fc717b54b5f8d201082e64c730f8cb6446121d2f

SHA256
1c05f28f00524598bc4228baf89226d44000b4ef86dea745d60e72d5d18791cf

SHA512
18cc455246aa5c0ea0dd216d4530666dfcd85433744fbd8c37d7c890ce6fe35efa901f7e262d2728282aa8793fc55ee529efd906b98e8ad781bf182b994fdef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini

Filesize
174B

MD5
e0fd7e6b4853592ac9ac73df9d83783f

SHA1
2834e77dfa1269ddad948b87d88887e84179594a

SHA256
feea416e5e5c8aa81416b81fb25132d1c18b010b02663a253338dbdfb066e122

SHA512
289de77ffbe328388ad080129b7460712985d42076e78a3a545124881c30f564c5ef8fb4024d98903d88a6a187c60431a600f6ecbbe2888ee69e40a67ce77b55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01res00001.jrs

Filesize
512KB

MD5
87a7bd472db5f0a7987a119f7ce37bda

SHA1
41546a3e9905d3b71ed630128231d94c587e97fe

SHA256
7c061c1dfc76f4434d39fca8cfcf06803dac43fdcd61cd1a2b6e51bcac1d3dd0

SHA512
69c12050a37f3d44f384764ba85637366e810f679ac408489d262d14d6b0ed7b248606d7cd54c2fba36569e3cd14709b922952d2c850cbe5ae1a64bf3ec2c228

Download Submit
C:\Users\Admin\AppData\Local\Temp\b4e3091d3119268dfc8ac3caf2d5d02fd4faa360f822a87b50110b805e465181

Filesize
164KB

MD5
d73efdaceedaeb385527e250f71756c1

SHA1
751c92d29f40674d47d57ae2dd661ab61ef8f038

SHA256
8ec5298eef11b66058d6c3962f287fe1fc3f03fc5850d2d0f821e69698d0f5f6

SHA512
d5e97a5fc0048c2932f30004ad5feef5de434b2ff59e79816712257e69cf018c98eb471f60dab46fa87796955af390b52b6537b70842acacd355d1daf116e93c

Download Submit
C:\Users\Admin\AppData\Local\Temp\delself.bat

Filesize
292B

MD5
be6e1b751bb95cc90952dcbdfc132dfc

SHA1
9ce40f50b1d9bb22eaac4c11c553af76780cd236

SHA256
18e6fe80081ce348b61b2d143c6badd94162b9b7431794bce8a1eb67d2ce83ab

SHA512
52b676e80b463081c6af107d78b6c8b031279b9ef92b33ab2da24126b8474beabae7335174851f4f12b2706cf0c1350a76cd4954643472155f9944bfd93ef4ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\delself.bat

Filesize
302B

MD5
24315cdc26ee67d6c78054bf3e4e5210

SHA1
7b75b76dfdacca5f2554c682306b86fedddc1eed

SHA256
41365c799b61abce6bba2cc5f0c5e58cac3228e35a236c9fc486c7ce7ae812ee

SHA512
d6085cf86e32b580147a8fd89ee117f2bbc79b9733795a0ad5bfba96b9170cec4ea2579c47a55973741447666335d7e2486be09abfc5981fdc14740739a3a541

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3l10m6w.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite

Filesize
48KB

MD5
bfe00fccbf5f18f2702078fe64b62138

SHA1
b56deb4a601b84c1ac77ece0f60153dcbb070791

SHA256
9b032b2918effe0e59c83e56ab3b1d2b00885b703c7c7966c315990da75801f6

SHA512
2c71abdf7d5f3ae993be1770cb0f46141e573a9f2fa11f9517b3eeb13296fb0789cce6094aab25f4730fcff4db05ae3fa4c7f4a94f364479ed440d1f0ef483a4

Download Submit
C:\Users\Admin\Desktop\ApproveGet.edrwx.KEYPASS

Filesize
283KB

MD5
a487e2fe58bf973ef916218e3ae4f6e8

SHA1
abf5e1a310a3d030ffafd26501db44b6bf3c97a5

SHA256
460817edfdd0d443b758d50ed1e3ffe410f6d978020baa0c7571dff6cbf5e18d

SHA512
bddae450fcf44fed5a51a7a3ec9a7d174126c9defc595eec5f18eab45cefaa95246f9a913458e471bc19da2bc0cf14581c2d46a55c08956f7d9900a075d198e7

Download Submit
C:\Users\Admin\Desktop\ApproveHide.ico.KEYPASS

Filesize
583KB

MD5
2dda1e88742d94e2f7ace7b4931f9f0a

SHA1
e9450511f1a9f11675b594929c115f09c67d0a7c

SHA256
cd386ed22f7f7ade929e2d0f5e6e377e5f83a12743b48f34ff76f0265465b67e

SHA512
b79ef0541f81ff4342f62957b567a4b654e343a307fce848d4c5a076623f9af42a22d06b5d62a250c83b76f1fd7184154b51b20b16693b55bc6464fa6a9e7385

Download Submit
C:\Users\Admin\Desktop\BackupOut.m4v.KEYPASS

Filesize
366KB

MD5
14a9f4bb79e66c1b6b50243d516650e6

SHA1
f65070b10ced2e202d2d90de034a0bb068c4dad6

SHA256
389e7c618f0f0ff40d6da4099f83f82647a8e7cec37c030d8f5120cd0ec49687

SHA512
ced1b06ee6a6a62cb9b38fbc5610ccf1baca7353c78f5b6dcdeeef1055834766138e1aff9b1b13d709d841411c0dc9704b195c4f06d27c409bc122ba26da3f6d

Download Submit
C:\Users\Admin\Desktop\ClearCheckpoint.otf.KEYPASS

Filesize
383KB

MD5
210f644c2eee7ed31151cebb74de8ad8

SHA1
32024f6979e35dad09d7b60412d0768186d2910e

SHA256
7b5640836a9e261362b894847936c44eed23d748cd8604214a6a1993326e2cc8

SHA512
ac499ea214050d6476972917b0d37ed367dc97485a02685c02289e314906c904da3c87e055101a4cad4be63f4effc7862ca5517055860765beb4af13305b7363

Download Submit
C:\Users\Admin\Desktop\ClearInitialize.wmf.KEYPASS

Filesize
566KB

MD5
86b5a7bd8d9378f08d2677ec9aee8a1c

SHA1
c1bbb26c7fc616c33c46ef42fddaee2aa3fa72b4

SHA256
b6c527bfe99dcf04294c0e5800f12dd15032169b9f849063ffcf7dfaa0222704

SHA512
09cda252952e7dfe61825e1245ca1a806df45ff7268dfc8692cb530aef75e9f6adfe2d104bb7784da5af23f0089da0344efa3363cdfef568f35bb27d3f5cf9c6

Download Submit
C:\Users\Admin\Desktop\ConnectComplete.vsdm.KEYPASS

Filesize
349KB

MD5
27aa86c81ee9cb6fe042f8b6cec50f6e

SHA1
128d1bf0c720238d796132bd6f248f2b78fce0b9

SHA256
a92948be34a7355744611ce25ec81192127aa8cb43cbafbb830683901c007773

SHA512
a28ee73a38e17335884a7b083da9aac968d13006a2b2388b4cfde7b98b7483f112fa47e30d9d0dfb806563221825a0a4aef177f68af929a95b9e1b1eac328e7a

Download Submit
C:\Users\Admin\Desktop\ConvertStop.contact.KEYPASS

Filesize
433KB

MD5
46219954b9613852f03fa3aba908fa39

SHA1
3ab03952f962735a19f165e0b39c589c22361fd8

SHA256
4680f40394f061ceff05c6ef6cca862ab39843c79c2ef68effb93664a3b75aab

SHA512
aecc93865d8ab6b9e176a5a2218131f910c312c733aba1b11710d689f9152ce6674daaf493d98b3a1fcd35ce61571015defff4bd1d908c5529b978fed25c2fc8

Download Submit
C:\Users\Admin\Desktop\GrantSubmit.pptm.KEYPASS

Filesize
549KB

MD5
2a4bd130c5c10949b21173a62ddef70b

SHA1
4b4a85bb036a11747814d21ac27ed35867a8cbd1

SHA256
b0046c9164c2d97fb31ce4439fc36e5a56e9f562b05d03c4c8a5de722a1e1ebf

SHA512
7b1d8076eaf629b2f01d9fa4f213613d01080a2d83340abe28785891e425316ae60d7a07f92868b4dd5aa21acb88426b375c6fffd791a3a7c32d0eb2475cb415

Download Submit
C:\Users\Admin\Desktop\ImportMerge.mpa.KEYPASS

Filesize
499KB

MD5
90445013dd79703e19e5ae66d0840ed3

SHA1
1ce0e116ef8c31879ab82b97f71ec4004c6d2b8c

SHA256
6eef16a1ead3d5b89d8825ae8050ecb970d36d530fc1bac94dbbfb3a07193cd9

SHA512
8a20e54d5333a3bdbfa9bc4d09cca2fe0ab48ecfb0195dc2359033eacbd910f75f6fe89d3f870023dd358468799745bfbb009b2204162009c63354396c728126

Download Submit
C:\Users\Admin\Desktop\InitializeRemove.docx.KEYPASS

Filesize
13KB

MD5
cf3fc2fcbff3d4c3ee3fbd92edf0edff

SHA1
ec3ab80eddc16737fd4f65a3e46274b87a69443e

SHA256
6c2b0367643ab739626e77414f4e4a688c9cfc3f771babe5945ebe5dbf347af1

SHA512
3e23d7f2c808b954b812a0d0e328de741935d5bd55d0f65a7d7641441d6d68326a7f51333476705a20dd757f0e4d4ad54c0b4150fd1c601a7ce07a6ada3cfe27

Download Submit
C:\Users\Admin\Desktop\InitializeUpdate.wmf.KEYPASS

Filesize
249KB

MD5
36d23507e725824c5e08242f2d9f936d

SHA1
a0817c8df9e2a2365b59c9612f907663e70d2cf8

SHA256
54a46ee3282cffa46c2d7505059e88c9ae6f09244fcbf5263d9dfef3c063ae7d

SHA512
331a03832be6b2ef941c83f40275df568b765459fc941a4358dc5ac335bd3c177faa734ddd53a108d3898565eb43b43f8943d17ab953fd0192c044e160a9c010

Download Submit
C:\Users\Admin\Desktop\MeasureResolve.mp2v.KEYPASS

Filesize
333KB

MD5
5915739c892351fd33c44980b1d64950

SHA1
3317526ea1315338cde72f9cfe0c53e5bcd5ad3c

SHA256
f65e32752a85cefbf3a1a1909a67db8bd2e811c75aade67c808177bd0077c34e

SHA512
44703df5deaf412ac67dde9d53bf3c1876857cbedeca9933429ba43550239e8d28137aae1f44ddb5faa7c4206a27c8574255f1cb5bb630335f4fb47abd6a4df2

Download Submit
C:\Users\Admin\Desktop\PingAdd.docx.KEYPASS

Filesize
17KB

MD5
e1e15a9f65fb72b473d59cfa263c02ec

SHA1
b3a2ff1bda5a724e352e81dbb2566d9457eb3727

SHA256
7357dee17c3378c8135aa592d58c17ab21bc91524bc671563ff7af7de153429e

SHA512
1eed2d13b23c3c09b83c131da0f005440ea032f5e16a1c26382985c333af46e84a100869980b304ed2e1d893ad67359e5a7770ec6ba1eae2feb2615281c54672

Download Submit
C:\Users\Admin\Desktop\PopOpen.hta.KEYPASS

Filesize
616KB

MD5
222c1236290e4cbe25756a7882d5e11d

SHA1
201a2849087badb88962decbfcccdfb3c71b0dc3

SHA256
fdde370fbceae093bafaf5ea42653b5e35523c130b7b8465642e2d533a8018d4

SHA512
edce21ac4c18dfe8ce87d51eac89bc56ea2a252bdc680723ef3544f166888f5d3fa518296befaeb0cdb52ba5d0f8fc103feeba28655856e200a7357bf4315780

Download Submit
C:\Users\Admin\Desktop\PopSelect.TTS.KEYPASS

Filesize
599KB

MD5
b8a01efc00fbc1e84ece8beed6b65576

SHA1
b0f06ba6fb555c1b5e26fc579e95a5a0d59bd40c

SHA256
f770f094946689b950f5671d73dcbb9134ee1492527326c79c001375add24f27

SHA512
3242dcd2c6519e202af6ac671e6e173ce725f01496f3888422fe3dab376512ba85fb9576ab417b6daf9124aaadd69564f9d38cef13012c8998e1aedb75ab324e

Download Submit
C:\Users\Admin\Desktop\RegisterRedo.xlsx.KEYPASS

Filesize
16KB

MD5
f07c5ebd1a662e512f4e3ae53e410e47

SHA1
6eb1bab42749eb90cd7c61a08fdab05e5075528c

SHA256
d7292d9eebb5066dd569e552c028698b1016230a93df59147f1e6c554e866d4e

SHA512
eee4af3f416301c8d6d46fadb760e576ffa35ef9927a8a24242861367a826cecc3eb8e6f9a35dd6a2e6edd11ecfc17cef3fe5d29ebc4fafc5964c410fc99928a

Download Submit
C:\Users\Admin\Desktop\ResetTest.xlsx.KEYPASS

Filesize
11KB

MD5
1a04342a4d69b6bb62e602386dbf4b1a

SHA1
345a08c833a0d43fff4cb5a3a2a1ac914e592b3b

SHA256
759baa20ea240b444f8ad8972e6bdc0329362b9ae1a88778719392ddd424f010

SHA512
b08fc2c7105c22e02c7d0725e713474630e13aeaf14d3f1bf38238cae566c7a1c19fc7870870eb2a2d55104d59f5437bbdb0e0dd8971386e02368eb445b78d7f

Download Submit
C:\Users\Admin\Desktop\RestartCompress.emf.KEYPASS

Filesize
316KB

MD5
08ff0fe538dad3ada448112e1477fa15

SHA1
14fce83e1449970e247c1ed0472dc62cf9498411

SHA256
f72d448c933c2ddbc153fff97b3aeefdecdce048fdbba04b7f269f77e44a14e4

SHA512
99d9d35267ac3e94c7f4a2e2de4a3b64055782660f005e99ab301b9e5eee8d569a884e356245d626be96d05d38ffc761574363679a51bbe2d3bca5c73c81ff55

Download Submit
C:\Users\Admin\Desktop\RestartResume.tiff.KEYPASS

Filesize
299KB

MD5
4756b1523a8574029120af7417e808e6

SHA1
db28f0754f27bb144ee2f356051730dba8f5f31a

SHA256
77caf41308f305bd167306268f3acc0dbc0fa68f3931d2035e58903b470a00a3

SHA512
324c2c7ddd862bab51ccc4079e14091761eb4040eede49d33421b43abe6af12799730ced17fab20ec034281ce9c689142a9e1aa0984160928e2389896d5c05f5

Download Submit
C:\Users\Admin\Desktop\RestoreConvertTo.M2T.KEYPASS

Filesize
849KB

MD5
583b2b12ecd266b128adcef70d2a745d

SHA1
9993fe037a468d97df68851186bb00a2ebbee155

SHA256
a2d04fe7e9a12b648d59686286139f7038f1d92aab1cea19c1f3a1c5aaed1f75

SHA512
d1206871380da477e6a20651803971b3d28ffecc961640cc607071f248bf4e688ca27262d188228625d96399f192cb16dd58736e778793172dff1f939123b7bd

Download Submit
C:\Users\Admin\Desktop\RestoreLimit.001.KEYPASS

Filesize
416KB

MD5
574256aab9294900fe4c0067743cfa3f

SHA1
631934a2987ed7dfc63be3e06315f4ed13476013

SHA256
7452f3878da1d69026d1f4105ce0c584c493b226f8d08602cbbbff2e145843b2

SHA512
dd336067ffa3ea9d6a23aa89377fbe32077bc220a5cee55f39f11b7297d92df9c40dc576198113d6b8892dd4d57730ae80a464733caded984079004c7b73521f

Download Submit
C:\Users\Admin\Desktop\SelectSend.docx.KEYPASS

Filesize
13KB

MD5
4ba7532451342945c70010a1e0e38782

SHA1
c54b6825140e80c0a87614786926a9ce19246b84

SHA256
dc83fbd19b854c856d8a0370f16bb7d3090898bb83dee6a46208ff6ef6e1a87c

SHA512
6e20370378370f509e6fc7e4943ca1224e32b9a5eedb62305de4a31eb0f9e739df5496917bebeb6fad473a163d7bb10dfc46c392c27ca2928740c9b9dcaee28e

Download Submit
C:\Users\Admin\Desktop\SelectTest.eprtx.KEYPASS

Filesize
483KB

MD5
13992938d3ee1c535b9720e73e0d9dfd

SHA1
9bd3814257524b9427a67b2c7dfec896aaa6f14d

SHA256
427c9ac8e3910eac5c1138edaf6a2de3aab26e23ff4447e2a96f52afecf2a92f

SHA512
dd38372f9a75036f03249e25ebe8f2f1253383d06ee94463d7927a07a326d91728e885ee40fd0b3afaf081bc04915b309f366cebc1bce970960bed2912312ac6

Download Submit
C:\Users\Admin\Desktop\SetClose.emf.KEYPASS

Filesize
516KB

MD5
e0cc903e78d57bf1af76a4d859174658

SHA1
9e4afa5348338200ab6f01949bec2f5a355e2d77

SHA256
2c88fb31f176b1bb0cd5d97b7b9544f101d7086e972d90554983cb491f8dfe31

SHA512
6f54c06bfe0e368d215757c7696a9e301d2e845e5870d06c363230f46153e7ec7b8a906279872ca9f831a0935392d12b5de45949fce604be3ac166c4fdb2be37

Download Submit
C:\Users\Admin\Desktop\SplitSend.dot.KEYPASS

Filesize
266KB

MD5
b0f8a59ca8b298b3dc5301989f526f99

SHA1
bbf1a2a7071bb9b1adbe024cc5c609850505057f

SHA256
8347d4b1ebd141408ea00e285fa3119ed7509297a1dacc3d06c8412e0455cd32

SHA512
fc18f51992e236e29d418a52cec78384bf67de9cc6d0edd8c52718c950043d72f20f0f7f693f44ec2fb6549ae9c01e96ea33675f1badbc21167aed0db9efc127

Download Submit
C:\Users\Admin\Desktop\StopUnprotect.xsl.KEYPASS

Filesize
233KB

MD5
a9986890cbf03f4a5273c0c1e048c309

SHA1
0ab5d1a57f324503d42cf91fc6262039fb552f69

SHA256
aafcf3090960ee504c05e8f3e23698af1819b0634e92748447ec004cb62efc97

SHA512
704957b7724a2d01300f7ed9dd4fd182acabcbf6d1e579f59177610c0d8b1e47ce54bebd0d03749c0aad5f0d639c9b36e25af451442fb464455de981e24f3beb

Download Submit
C:\Users\Admin\Desktop\SubmitEdit.wm.KEYPASS

Filesize
466KB

MD5
30b033ff2686dab22fc7793195f6ef3e

SHA1
4b8b9e35bb453ff3243c2621d30b504f0010f91f

SHA256
237f3ee023531bd2b4a437ada466949e907b83dd3641c45212d703210a2937ad

SHA512
ca6f3b5a56d004a601bf316ee2bf3c2065139c195fd9be79e560b79f4714e755851f743ceea1a543b81e4b5a852199661bd935f8dffa378157c47d1a4f11f146

Download Submit
C:\Users\Admin\Desktop\UnpublishSelect.rtf.KEYPASS

Filesize
399KB

MD5
9f3f0408cfd678d5251ab22e72552ea1

SHA1
ac7c01d225cb15210235b70e650bc58cde1cd651

SHA256
df8f8ebad6724c7a38ffda2ad9be6f23178371d253d6ef1be00a8abcda892168

SHA512
944126bc6736948f878ade2056d3fc184caec00b07e35baaece89e4e9546627e05761c41e9629a2226667afefa663f2e173c2228a974995f60c065b42ce1c159

Download Submit
C:\Users\Admin\Desktop\UpdateRequest.potx.KEYPASS

Filesize
533KB

MD5
3befa1cf9e94d612d7ef655d25163b0f

SHA1
c80c002e2d24c65c1b7d81e08ff2be159d35626d

SHA256
909923f04bcf14e59a338dc10f3ee416a6afd0f10840db85e2e7fe506aae20fe

SHA512
700917c70a0482c641c955859c7838aa2da2301354aaa840f01cf3f71390d584be8ac1b44a0c48899dde4243e3ef8c8ca1e35dee868274c50d727a14209aefed

Download Submit
C:\Users\Admin\Desktop\UseReceive.vsd.KEYPASS

Filesize
216KB

MD5
8e081d125edb10ad3c85d8b6f24e1e89

SHA1
0e8e2e0e81357cf6aafadb1e1925490bf21ebb60

SHA256
cbc8fca46780fa064f2282fc14405868ec11b370ba411f238a4fcff73fd0b1c7

SHA512
0e51a2b6ac6872c94024f7e979d7d371bf6a89e2b88a86628e7f447c7a7daaae67adc0a28c058e5b405663f5d20c7c8938982b06eb2dcbf758f23f3cd27a9eb2

Download Submit
C:\Users\Admin\Desktop\WaitDisconnect.ps1.KEYPASS

Filesize
449KB

MD5
19449192c7be580f8b635b75fa477550

SHA1
c73b18dca139205a92a0ff2193411a7e65b7ad99

SHA256
dfafea711fd3ee74db135e2aac4b224ba71930e17550ff198ff0a38cca358c03

SHA512
44ca13a0912a112d862f2cb1c20217e9550a14670efd110737207f682d8f04a9caaf01d13a6d1cefe5bf0ed7423332c598d90aab408a8490de380a7e7d928031

Download Submit
C:\Users\Admin\Documents\CompareClose.xlsx

Filesize
13KB

MD5
7a9e9f9a61ab0dc76aa5f7b259bac617

SHA1
e3c7de02f4a142ec7570979794f90825e334e788

SHA256
17ea1b50177cedeae574168f538ff5beee486042a5842bda46240c3caabdc313

SHA512
a9e840538b48d47d05e67be26fff40355210fc412923c85968b6c4e6a9a1a28c66ac94ffdb921056c6612f768c46d48f8c84adfd8f8b88f8d21a55551a0d957b

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk.KEYPASS

Filesize
1KB

MD5
ab8cb12d08aba01c0a4e8ace0bcd66ba

SHA1
b8abfe25e7e00d6e4058522cb34bd2f7227b41ca

SHA256
e6a1f978bec77b22ab2c19bdf869a265684046bcc8ca21c3689010376c8604bc

SHA512
4a2ddf852763a3063ef2870ce5f2d69f44e8d5859954d5e8a552ecc2333143ec74a70733b4602505d8fcbd085ada869fdd3d50ecb79c44cef5517811f198d62e

Download Submit
C:\Users\Public\Desktop\Adobe Reader 9.lnk.KEYPASS

Filesize
1KB

MD5
a986b24917e472bcb0dbed2fd1632720

SHA1
82cf7fe1ea88ad2a10ca5e9f9a995a61ff763169

SHA256
fce6cd71139fc4afdf935fcb95a1e1d7e79ac504bb6b6ae27de1818623debfc0

SHA512
b51f8a7b32e596b4fb7f0a14787e78927ef13c81aafa1e36263c9c616b9a5110658ab84c61bda00f4cf16635d12068d9e60536ade8fca36230c46dd2bd62adb3

Download Submit
C:\Users\Public\Desktop\Firefox.lnk.KEYPASS

Filesize
931B

MD5
6c274c8c42e4c8b95f9d1e559241747e

SHA1
439d0e5092aebcafd02abf2cceb7be97b6d9aff6

SHA256
323bf083298a2c979626a31a956ae5c255458bbc0f2ce601685146befb802120

SHA512
71554cd2ad50e3054a85293aaf92b6a3cb8f8ad4b2dca96f22a2b3ce460ef08e67d876e45e92a79e9480ebd1e5260f06000fc486ec46626a9f689f3d5bf39140

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk.KEYPASS

Filesize
2KB

MD5
6f02a0598358ac189b1103226869f927

SHA1
56df716e2794a983972739e82e9f073f7d98fcba

SHA256
e14dcba4f70fd8e4e71d1e49e036ad786239929d7fe6ff70ed77aa56b5bbfd9c

SHA512
03d2daeef68e539e593c613617580a83c290515fac646b49523ba85e03b5b10cafb347ff1196b3687640d96db0ccbfc8a3323807573fd6a05c7746dd2c7846fc

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk.KEYPASS

Filesize
878B

MD5
4480f5792bd8b2812606aff91de43b9b

SHA1
08e91855b2eeab43b277cdac4d5fe88725fd17ab

SHA256
0526861c2e95621f3f9ca1df5da87d0ec720ba3602e16e1200c93b149c3ddb4d

SHA512
8aa2c7c9af9a1d24545a3c0bb83a7950f0ef0f39b618306d874c9c7d6eab0b3f42935f19c24c649dedfcdcfe783ec00242ab937bbda9dfaa2bf77f69f3a9bc87

Download Submit
C:\vcredist2010_x86.log.html

Filesize
82KB

MD5
292c736cbfa91f35f0100242910717de

SHA1
fc705d775bbf77bce72b3e923aef095d3d8cb36c

SHA256
5403df1343226871562be56f2e58de7b0763bb40319cc996b60d331e823b0526

SHA512
0602e2e98add10fba4d6a395eddbdb31c31d80880af6e3cdb53cc65e39e614c7412181a3426d9087daf8c99a6187bc147f6e479dd9c50d04b4ef0f24da9e4ec1

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1163522206-1469769407-485553996-1000\!!!DECRYPTION__KEYPASS__INFO!!!.txt

Filesize
1KB

MD5
daf2d6b2d0033ff60b7da2b3dabc5a0f

SHA1
b33c6ddaf9782cf29dd69dcc093aeeddf33506b1

SHA256
ea770e96140a6a18280b9cd118bbfd68d72e95d9daacfe0dd1925e277e074077

SHA512
72e154960498fc7cc2b26a98ba0e06920a4f2c8eeb56189448ec28ba26e2667d894b6b2c42228cac4ca37d0e50e0cefd4c197c3e4c7261ca8c0a3a045caaeaab

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1163522206-1469769407-485553996-1000\desktop.ini

Filesize
129B

MD5
a526b9e7c716b3489d8cc062fbce4005

SHA1
2df502a944ff721241be20a9e449d2acd07e0312

SHA256
e1b9ce9b57957b1a0607a72a057d6b7a9b34ea60f3f8aa8f38a3af979bd23066

SHA512
d83d4c656c96c3d1809ad06ce78fa09a77781461c99109e4b81d1a186fc533a7e72d65a4cb7edf689eeccda8f687a13d3276f1111a1e72f7c3cd92a49bce0f88

Download Submit
\Users\Admin\AppData\Local\35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe

Filesize
2.8MB

MD5
6999c944d1c98b2739d015448c99a291

SHA1
d9beb50b51c30c02326ea761b5f1ab158c73b12c

SHA256
35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282

SHA512
ab883364a8907636c00a4d263670cd495d0e6c521283d40c68d47398163c6ee6647cfbbc2142005121735d9edf0b414ddac6ea468f30db87018c831eaa327276

Download Submit
memory/1624-21874-0x0000000004C10000-0x0000000004C20000-memory.dmp

Filesize
64KB

Download