infinitylock | f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

Analysis

max time kernel
839s
max time network
844s
platform
windows7_x64
resource
win7-20240903-es
resource tags

arch:x64arch:x86image:win7-20240903-eslocale:es-esos:windows7-x64systemwindows
submitted
14-09-2024 20:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

InfinityCrypt.exe
Size

211KB
MD5

b805db8f6a84475ef76b795b0d1ed6ae
SHA1

7711cb4873e58b7adcf2a2b047b090e78d10c75b
SHA256

f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf
SHA512

62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416
SSDEEP

1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score

10^/10

infinitylock discovery ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\VelvetRose.css.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0152432.WMF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18208_.WMF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Origin.thmx.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\INFOML.ICO.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\BREAK.JPG.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD00096_.WMF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00192_.WMF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0294991.WMF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA01161_.WMF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PARNT_01.MID.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO02048_.WMF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115842.GIF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\NUMERIC.JPG.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\EVRGREEN.ELM.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0217872.WMF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\ONLINE.ICO.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107544.WMF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0187819.WMF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15172_.GIF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\THMBNAIL.PNG.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105410.WMF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0106816.WMF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\IPEDINTL.DLL.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\macroprogress.gif.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SWEST_01.MID.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382931.JPG.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageSlice.gif.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL087.XML.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\BIZCARD.XML.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD08758_.WMF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0304853.WMF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0241043.WMF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\IPDESIGN.DLL.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\VelvetRose.css.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OSETUP.DLL.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00235_.WMF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SY00170_.WMF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGMN054.XML.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSO.DLL.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0090779.WMF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00602_.WMF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0232797.WMF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15155_.GIF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\REMOTEL.ICO.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsPreviewTemplate.html.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\BROCHURE.DPV.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\MSTAG.TLB.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\THMBNAIL.PNG.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02404_.WMF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\wxpr.dll.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN04191_.WMF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0150150.WMF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00942_.WMF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Adobe.css.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\header.gif.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\PREVIEW.GIF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PARNT_08.MID.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01734_.GIF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\ELPHRG01.WAV.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GROOVE_COL.HXT.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEODDBS.DLL.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6	InfinityCrypt.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_Classes\Local Settings	rundll32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3064	InfinityCrypt.exe

C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe
"C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:3064

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2648

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\SyncResume.001.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6
1⤵
- Modifies registry class
PID:2164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6

Filesize
352B

MD5
58ff4287706e1172618abf710cd3250d

SHA1
1cef918ffc7bda722a2fe11632ddbaf37d015e83

SHA256
6c1dd04162a0bd5c8bf18814bd6d4714011537ecd4cc91c66dcc0a7812b0234e

SHA512
b216550ac63986b8a6e8656b132acbab3b9e75efe1329bdd45a6fdebc3e5182522c17a49ba54fc4f05782522b407cee46d44cdb59eb6cff2dc6568c02e2efa86

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6

Filesize
224B

MD5
720b702fc4a087f232f7343df4616707

SHA1
e98f432b59c29963798032efc1b630b515bc193b

SHA256
3292dbf24a0f47682ed7500a14dfc7d1c481f0f48bd8f8648c55ef180a9b9917

SHA512
058aff532c82860e6123f567b0d0e55230dba979844c43e953c1e15c191d1ddde9dfa400a3f5d8292619f04710ebfdfcad31b81d8e0d8d352b92c6a61bcc3bd0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6

Filesize
128B

MD5
edb7019fc122e389724b4289b6f0f3a4

SHA1
d1cf373de3584569f7b5d0fd426cfca6d2545a31

SHA256
19f868d0181df324564fd418db7a671db0696bf2a14bea510c9c04da9914b526

SHA512
7eb797f97edbf75f16d64a66d6e2f9af93f409a4cab618c7029a97bbc3b493be47eea8522b4587f743dfce3f65e937c06f074138e24862a4c8236789047b4264

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6

Filesize
128B

MD5
f311a99452810d13a847059fc5077c44

SHA1
1ab0a6e5f9f63016198c175b8b81cc304e6981c0

SHA256
cb7852dd1308888850891ca01b375fd37eca532d590fc91c36213f3bb6f30888

SHA512
4be80179b3e3712eb17191bab8a5b1622ea0445e1d11bd30239dd048150486138e2ba53b8f4d68bdefbb7b58ff836528625553eda1a736f3a12371da8cc20d60

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6

Filesize
192B

MD5
63ae1d466f43c0ca865a8d98f213cdb0

SHA1
52405a6664a0dd7f209bdb2dc35ac1ee7c1161f3

SHA256
4a4e4ac0894f2325e684e61af20dd3c1033289ae417a67beee18b475f821f8a6

SHA512
b9317f85814e5ae0ce70a6827e61a0fede9e87a6ae38c9e51e11d6f2e023af16859bf2a09b582670711cd4b9ca9a1926aeddc058de23be9bdcacf84bef8deb26

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6

Filesize
512B

MD5
5818e637aadba3081df2db6b2514c6de

SHA1
44c5c8635125cbc497d76d187e7c42c6b278e532

SHA256
8ea199d9311d82379dd91f746bad67aacf2e3cd61be7fd942d19e69df631e6c4

SHA512
24eb62434362e1ce737a185f160c2f0a52998dcfa7c58bc80c9538aa29fc96c794f7c2536ff25cdfdfcbef55697349174da137216310be94b9a729f630ac5ff6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6

Filesize
1KB

MD5
ce1ee515cacd6418d1a026e910719690

SHA1
a57023c4af8e305d4991f8b2956baa73ae935019

SHA256
0a0ce204967353d6c2e1a24f1a8aaed258d00f19dc9e2b447492ef28a6a11529

SHA512
982087e5e0066ddeeedf3c1bb9fbca79287942ad48511107b7dd2734cee82343e81894478953d5755b3fb10e3a2d40993e38e07584187c1064a3a0c2f99e4190

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.6661386730C28460CC4610E6FB0AE3AF5EFD96EF5861FBB22D80EDF1A4210CC6

Filesize
816B

MD5
ea8e96ab933b3e93088cf5347ca087bc

SHA1
910d021e381d332199caf9dc3672b33cb9c03f18

SHA256
aa26b2fbb9d48abc242e0ae3cefcd985862bf500a54d08b1c9913e46aae63b0d

SHA512
57735a6ed2555540b7a7dd9bbcd7ebca00f5c40361bb3aee7f47ba5fad311a01ab9d3918ec30ad379e85d5bc3d22535a5b813e544dff6da2599d08ca94ea0eb9

Download Submit
memory/3064-561-0x00000000748E0000-0x0000000074FCE000-memory.dmp

Filesize
6.9MB

Download
memory/3064-560-0x00000000748EE000-0x00000000748EF000-memory.dmp

Filesize
4KB

Download
memory/3064-2-0x00000000748E0000-0x0000000074FCE000-memory.dmp

Filesize
6.9MB

Download
memory/3064-1-0x0000000001390000-0x00000000013CC000-memory.dmp

Filesize
240KB

Download
memory/3064-0-0x00000000748EE000-0x00000000748EF000-memory.dmp

Filesize
4KB

Download
memory/3064-5319-0x00000000748E0000-0x0000000074FCE000-memory.dmp

Filesize
6.9MB

Download
memory/3064-5320-0x00000000748E0000-0x0000000074FCE000-memory.dmp

Filesize
6.9MB

Download