Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10ransomware...om.exe
windows7-x64
10ransomware...om.exe
windows10-2004-x64
10ransomware...ab.exe
windows7-x64
10ransomware...ab.exe
windows10-2004-x64
10ransomware...ye.exe
windows7-x64
10ransomware...ye.exe
windows10-2004-x64
10ransomware...ni.exe
windows7-x64
10ransomware...ni.exe
windows10-2004-x64
10ransomware...pt.exe
windows7-x64
10ransomware...pt.exe
windows10-2004-x64
4ransomware...ya.exe
windows7-x64
7ransomware...ya.exe
windows10-2004-x64
7ransomware...en.exe
windows7-x64
8ransomware...en.exe
windows10-2004-x64
8ransomware...ky.exe
windows7-x64
1ransomware...ky.exe
windows10-2004-x64
1ransomware...ha.exe
windows7-x64
6ransomware...ha.exe
windows10-2004-x64
6ransomware...V2.exe
windows7-x64
6ransomware...V2.exe
windows10-2004-x64
6ransomware...om.exe
windows7-x64
10ransomware...om.exe
windows10-2004-x64
10ransomware...ya.exe
windows7-x64
10ransomware...ya.exe
windows10-2004-x64
10ransomware...d).exe
windows7-x64
6ransomware...d).exe
windows10-2004-x64
6ransomware...ap.exe
windows7-x64
1ransomware...ap.exe
windows10-2004-x64
1ransomware....A.exe
windows7-x64
6ransomware....A.exe
windows10-2004-x64
6ransomware...er.exe
windows7-x64
6ransomware...er.exe
windows10-2004-x64
6Analysis
-
max time kernel
118s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
15/03/2024, 21:43
Static task
static1
Behavioral task
behavioral1
Sample
ransomwares/Fantom/Fantom.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral2
Sample
ransomwares/Fantom/Fantom.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
ransomwares/GandCrab/GandCrab.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
ransomwares/GandCrab/GandCrab.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
ransomwares/GoldenEye/GoldenEye.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral6
Sample
ransomwares/GoldenEye/GoldenEye.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
ransomwares/Huzuni/Huzuni.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
ransomwares/Huzuni/Huzuni.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
ransomwares/InfinityCrypt/InfinityCrypt.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral10
Sample
ransomwares/InfinityCrypt/InfinityCrypt.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
ransomwares/JanusPetya/JanusPetya.exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral12
Sample
ransomwares/JanusPetya/JanusPetya.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
ransomwares/Krotten/Krotten.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
ransomwares/Krotten/Krotten.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
ransomwares/Locky/Locky.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral16
Sample
ransomwares/Locky/Locky.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
ransomwares/Mischa/Mischa.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral18
Sample
ransomwares/Mischa/Mischa.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
ransomwares/MischaV2/MischaV2.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
ransomwares/MischaV2/MischaV2.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
ransomwares/NoMoreRansom/NoMoreRansom.exe
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral22
Sample
ransomwares/NoMoreRansom/NoMoreRansom.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
ransomwares/NotPetya/NotPetya.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral24
Sample
ransomwares/NotPetya/NotPetya.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
ransomwares/PetrWrap/PetrWrap(Patched).exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral26
Sample
ransomwares/PetrWrap/PetrWrap(Patched).exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
ransomwares/PetrWrap/PetrWrap.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral28
Sample
ransomwares/PetrWrap/PetrWrap.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
ransomwares/Petya.A/Petya.A.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
ransomwares/Petya.A/Petya.A.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
ransomwares/PetyaMFTDestroyer/PetyaMFTDestroyer.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral32
Sample
ransomwares/PetyaMFTDestroyer/PetyaMFTDestroyer.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
ransomwares/InfinityCrypt/InfinityCrypt.exe
-
Size
211KB
-
MD5
b805db8f6a84475ef76b795b0d1ed6ae
-
SHA1
7711cb4873e58b7adcf2a2b047b090e78d10c75b
-
SHA256
f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf
-
SHA512
62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416
-
SSDEEP
1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON
Malware Config
Signatures
-
InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBBA\MSPUB6.BDR.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105266.WMF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SL01040_.WMF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0297757.WMF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\STORYBB.POC.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0199727.WMF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\Form_StatusImage.jpg.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\DOCS.ICO.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\AddToViewArrowMask.bmp.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\SAVE.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL102.XML.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\sbdrop.dll.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0174639.WMF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0199036.WMF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS00442_.WMF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107750.WMF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR5B.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\header.gif.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGZIPC.XML.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD19988_.WMF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\QuizShow.potx.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00389_.WMF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GROOVE_COL.HXC.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BL00148_.WMF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0185778.WMF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0200151.WMF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02750U.BMP.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15170_.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewAttachmentIconsMask.bmp.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VC\msdia100.dll.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\form_edit.js.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\CLASSIC2.WMF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\OIS_COL.HXT.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14768_.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL083.XML.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01838_.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCHDREQ.CFG.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0212957.WMF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15185_.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OLKIRMV.XML.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\AD98.POC.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107734.WMF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309598.JPG.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Module.eftx.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsDoNotTrust.html.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\OUTGOING.ICO.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107308.WMF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA01161_.WMF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH.HXS.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME02.CSS.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR50B.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\GREET11.POC.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02058U.BMP.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00390_.WMF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GRLEX.DLL.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGMARQ.XML.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01840_.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Foundry.xml.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Microsoft.Office.BusinessApplications.RuntimeUi.dll.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792 InfinityCrypt.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 InfinityCrypt.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString InfinityCrypt.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2084 InfinityCrypt.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792
Filesize352B
MD5773a05228980894adce048dd56f865b9
SHA1d67d16841f7f7f0848a57702a304c492ffa920ab
SHA256bc2e5de6eb1de540081a806e05d1a3c4ffd4d8d249312ccffad708f1175b3dda
SHA512aa762abfe03299f3a69636f00b608f44cd1ce8c7b594fc9df39dbcb2036993e9f1199a74cced6856db5e036269d46523596c64a40533e150b79f3d3825a8ed1c
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792
Filesize224B
MD5455a95137e907aef6efb1992b13a69e7
SHA1b5c4c2001de000b22f51aa14b4ad7a0c9bcf76a7
SHA256d042c848e337a71da5d6bcdce3971925ca84f8cdd46dc723a0e2436911f11c58
SHA5120988ec981ef3fe646659aa382f8009ff86d0031acf5675a00dae210996c7671cbd6270b2e96306feb1b331f8a6d1bf5bff21cd6f46e40987e0a6f39e9cb06c8a
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792
Filesize128B
MD571a4b849e9902bc075ce6b455e905151
SHA13d881c8b70277ef265a45b879e2ae2b57287b271
SHA2563b9a982a59538485183b99702d883a6643ca031fb429166e6439c84a6c838b47
SHA51291dc8b308bce2e824d852edc918ceb6b5592bb760e24d0a314d80cda4683c6bc8305e8a956f131317834531244c9879f2f00f0276430459db8a06519ce280346
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792
Filesize128B
MD5891205e848b5a72f6668eff589af9e25
SHA13d2af432130199f344e897624a7b0c58e55a8ac2
SHA2563bea55c1cbd046e59c972e60f3f02c79b22addae2277a8e02ea6ad0797beeabd
SHA51200a07675b7d7c584c4dc8b443bedae289b7bc8c5184fb5464a2cf120e3e935c11bda17210eb1d63810f4747bf8ca877fc3be57ac4f041a7722abf735651a6564
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792
Filesize192B
MD51aa5aca8b232fd1f0f76980adf8aba3f
SHA17ff65bf388a3042db182d9a6bd52c8db0638d49c
SHA2567f7a66c80032c9c6ac8dad68186f834af0a12efb61cd4bdeb6b4349b10acea0d
SHA512fc064b2cd8329aed66064dc84b5b2fccf42249f6396fcb6ba3852443cfc6d37da10c4d785e0f7fed69d3c892467e67a5d1c259e8669c500ce6351d19ede1550c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792
Filesize512B
MD5014d5f6b811476a438b74aabd158fbb4
SHA164a163fd9075c0054fa849d3a1fb3895fe972494
SHA256b82239e172fcd4b189b443b8bb3182a19e90ab77e54b601f1fc0f095ffad9a2f
SHA512658ff306ffcc97c7258fc9fae273c4bc875d62d43a6b6498fe44229a358d7e62c275438eca8e38d5438d1b0cb6e5d873e482730b9f37607bb63f24846e2dc40f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792
Filesize1KB
MD576022f0027c29e3287d6a89a3d1e460f
SHA1da77a4dcb4a3ce0743b32aaaa6f79d0f5ae77636
SHA2566bf207678bb1ed2dd35915b5ae2ef294cfa8059daf317c4046ac114ef1b7c5a3
SHA512dbbf9cb87ec549f5944b0ccf2eff20295fc39b9bf000204fff3f9c20400bc7a42ef631b28e3af0d91c419679f0970021782926ccc6623ad12c276c693f8f70fb
-
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792
Filesize816B
MD5bd39cedc709c44513d5d9d1b38f719f6
SHA1cabed2760b3d648f57897892b8ca557e635fe355
SHA2562fc20d9a5a5ba2384290d4bc815d33f74525233afe06a1d191e9948ddde5f560
SHA512f1f5ae77e0ec1bd966b90ca535b6f23c82a7f365f50b3402c70b3296f5419a5f61ed6280d7590411edbe61b4b806785f818edb938203efcdb226d6574e1d67b5
