infinitylock | d95346fbf8efff1632c5605245fea66478eb6296fcf3e9529eb67491f28efd5d

Analysis

max time kernel
119s
max time network
148s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
25-07-2024 01:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LisectAVT_2403002C_92.exe
Size

211KB
MD5

55b90acb757d550412fab9af5c91ebb2
SHA1

dddfbc92fa340e39c31f80bacc4c2bf9822e6d1e
SHA256

d95346fbf8efff1632c5605245fea66478eb6296fcf3e9529eb67491f28efd5d
SHA512

390ce54be7afa798b7f46793ae6b824765ba335536c7e0c76ebeff0df67a82fa1e6e2cd411cb300975449792b99093a07e5da522acc7c670af3db07a68d89d19
SSDEEP

1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score

10^/10

infinitylock discovery ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02009_.WMF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Stationery\1033\JUDGESCH.GIF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\1033\LOCALDV.DLL.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\1033\OLNOTER.FAE.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BL00098_.WMF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0148309.JPG.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00197_.WMF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\TAB_OFF.GIF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR00.GIF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\LEVEL.ELM.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101862.BMP.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21304_.GIF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21520_.GIF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\WORDREP.DPV.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HM00426_.WMF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0075478.GIF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\EAWFINTL.DLL.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\BriefcaseIconMask.bmp.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ZoomIconsMask.bmp.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143753.GIF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21326_.GIF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OMSMAIN.DLL.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\OIS_COL.HXT.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\QuickStyles\Newsprint.dotx.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MSOHEV.DLL.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\SUBMIT.JS.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099154.JPG.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0185834.WMF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0239965.WMF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0233070.WMF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGHEADING.XML.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\stdole.dll.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_FormsHomePage.gif.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\TAB_OFF.GIF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\OutDomain.ico.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\NVBELL.NET.XML.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\Training.potx.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsFormTemplate.html.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\BS4BOXES.POC.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEES.DLL.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VC\msdia90.dll.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD09662_.WMF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD00455_.WMF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0200521.WMF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewAttachmentIconsMask.bmp.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0239079.WMF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SY00170_.WMF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\SETLANG.HXS.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME45.CSS.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR6B.GIF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Process Library.fdt.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL092.XML.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.EPS.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\FBIBLIO.DLL.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH01461_.WMF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE01797_.WMF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14654_.GIF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\SAVE.GIF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBBA\MSPUB1A.BDR.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.JPG.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\BREEZE.INF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105390.WMF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA	LisectAVT_2403002C_92.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LisectAVT_2403002C_92.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	LisectAVT_2403002C_92.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	LisectAVT_2403002C_92.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2124	LisectAVT_2403002C_92.exe

C:\Users\Admin\AppData\Local\Temp\LisectAVT_2403002C_92.exe
"C:\Users\Admin\AppData\Local\Temp\LisectAVT_2403002C_92.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:2124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA

Filesize
352B

MD5
2ff80245a6be04ebff83d6266b0768ee

SHA1
def1c18b47876105607c7605205e2676bc888ec5

SHA256
eb5563bfa796b608eb74c9115a1f7cff09bb244362333da62afcfa1253357d4f

SHA512
90c19c822cc319b934a8b518585c5f21cce3ac2865bf43ab64bdc8f664b642c365d5ba6aa8313ace1d3221ea72ff9b9f1c2f3ed1b9b784959c35f1058435f8b5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA

Filesize
224B

MD5
a65e652a58bec04932791dfc32bed6e6

SHA1
998a79987e63c67618bf1774d601e129d6e4520b

SHA256
8754978f5c161e68c0b8ebce02561324cbab72a26eee005c230ec71a8b0aae36

SHA512
94cd40b0c6feb7ba70d8f9a795a6586c7a76383fb11d7e23fec7b383c5c4c91ae26f6cc067c27b9aed3eef8c0dbb5a78ffe1bc2a18611c192883c8286e52250f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA

Filesize
128B

MD5
d2d3e99b38fec7a83dc1a0aa028b5079

SHA1
c0dcf65df2d2fa510c4a257e99072321ed08a57e

SHA256
9c8aa80da6f05b9265c770dec5ad09e5ad2dac393f2315b596a05eec0f971c0e

SHA512
4dcea436f12fec7448613e7091d494cb32225016765a4f86c2017f85a517fb5717f102c5008e06847273f4c52ef6da1fc1599f3eb03e3234481c6a9aa3f0c9c7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA

Filesize
128B

MD5
bf7bc227af2aca5a7dce69c06fc6701e

SHA1
152eb05c554f3abeba8572d878739838cb69d9ae

SHA256
19149101e268a922530358433f617cca3aadec1c2e89700ba1b52fddb6725f6c

SHA512
8485c76414cbb7792d9b51583416d868251bd878707d0b79c6c3392d8de1fbe11d5df997d9ea1257da74306ea5fafec9996884e6a467d3fc5d09e6859e6ad821

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA

Filesize
192B

MD5
068a0193410dc0f8235c40cd89105450

SHA1
a4f0ec8b555b934bb30e3360f88c892b9868edf4

SHA256
672d102b0d067f3ec4f47dbd100dae936a0b11c6b9650a426f7c2f3bc124bc78

SHA512
eaacd9270af1c9ba54f8788c05f41c05e0428e46ee191d53debdfea766b4a9ad0600801be328ffe30212124ce0a4e1f20db3ca36623bcc9c02632bd5f729f44e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA

Filesize
512B

MD5
16e76648c03639783d36ce6c0823540f

SHA1
951bfb4f772f1993a53177e4824b06b6e1605ce2

SHA256
1f2080781973f7329bc2385bf94b132d2b3fa3c28fed7a4d44336cf369177354

SHA512
ded1642ece1221b3f776fdea06839cdb8d2a1ff7dc0a68709e8168e5b338286bc0aebb9c0c9819d4da537a36f82d3001fb42922b57250207f50deae2ff368cb0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA

Filesize
1KB

MD5
f549b059d876ee97cc16389d9e481087

SHA1
be5cfc91674fcb705678adf6db835c7b1c431eb7

SHA256
502d940961827c9c94995cea0c81a8bbb37a9c7ca103493c74c8d7c3888aee54

SHA512
13ba4dc9b008d82499f4cbf483051c429da9f27dc0f68675b70f23c4203b642c865fe50d46f48b818e6ed5094781ed6ebb1ca5de4690fc193e9a6ce9f11772f5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.5C8A7C57B2F48D04CE32238B229BC2C3D5C0F220CBE808577B105C8ED6A89EBA

Filesize
816B

MD5
c38e67da0ea4cc66c8d7e1dd3faddb5a

SHA1
2cc611609333da2567be84a7d422f7d792b57e54

SHA256
bc6ea16966f57e48badef17c571e422d6b9207d45b1cc3e6b173d7d6685e4234

SHA512
fda18272b0764559d996743121e7e46d88f24fd5d91cfe40f90aab0c56bdc8c6c9e626786686c1cae94d08ffea6690de1092544a90dea5859a43dc64de957e38

Download Submit
memory/2124-3130-0x0000000074660000-0x0000000074D4E000-memory.dmp

Filesize
6.9MB

Download
memory/2124-3039-0x000000007466E000-0x000000007466F000-memory.dmp

Filesize
4KB

Download
memory/2124-2-0x0000000074660000-0x0000000074D4E000-memory.dmp

Filesize
6.9MB

Download
memory/2124-1-0x0000000000390000-0x00000000003CC000-memory.dmp

Filesize
240KB

Download
memory/2124-0-0x000000007466E000-0x000000007466F000-memory.dmp

Filesize
4KB

Download
memory/2124-5330-0x0000000074660000-0x0000000074D4E000-memory.dmp

Filesize
6.9MB

Download
memory/2124-5331-0x0000000074660000-0x0000000074D4E000-memory.dmp

Filesize
6.9MB

Download