f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

Resubmissions

17-09-2024 02:23

240917-cvcl9azfln 10

Analysis

max time kernel
30s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
17-09-2024 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

InfinityCrypt.exe
Size

211KB
MD5

b805db8f6a84475ef76b795b0d1ed6ae
SHA1

7711cb4873e58b7adcf2a2b047b090e78d10c75b
SHA256

f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf
SHA512

62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416
SSDEEP

1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.SG.XML.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\MSPUB_K_COL.HXK.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\BORDERS\MSART3.BDR.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPreviewTemplateRTL.html.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\FLASH.NET.XML.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.XML.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\RE00006_.WMF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Adjacency.thmx.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21518_.GIF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\COMPASS.ELM.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0287641.JPG.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\SHOVEL.WAV.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\CONTACT.JPG.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL075.XML.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\METCONV.TXT.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS01639_.WMF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\AUDIOSEARCHMAIN.DLL.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions_Doc.css.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\TASKDEC.CFG.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\AWARDHM.POC.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0212685.WMF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0280468.WMF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02055_.GIF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Composite.thmx.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\AUDIOSEARCHLTS.DLL.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\LTHD11.POC.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\JPEGIM32.FLT.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341455.JPG.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0239941.WMF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0212219.WMF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14532_.GIF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10308_.GIF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Teal.css.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\LoginTool24x24ImagesMask.bmp.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099161.JPG.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0153091.WMF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OneNote\SendToOneNoteUI.dll.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\NL7Models0011.DLL.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\SETUP.XML.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Composite.xml.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01219_.GIF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\ONINTL.DLL.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\ODBC.SAM.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_mid_over.gif.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\vsta_ep32.exe.config.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0187829.WMF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\VIEW.ICO.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\XLLEX.DLL.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Trek.eftx.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\ACWIZRC.DLL.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\rtf_underline.gif.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\TAB_ON.GIF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEEXCH.DLL.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD00155_.WMF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SlateBlue.css.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02388_.WMF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\MSACCESS.DEV_F_COL.HXK.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0200467.WMF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierWindowMask.bmp.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR51B.GIF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR9B.GIF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImageSmall.jpg.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019	InfinityCrypt.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe

C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe
"C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:2532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019

Filesize
352B

MD5
aaa00e501947b487d5d9f17ba2345899

SHA1
f2aa0ab680dd0c12d33c9a15a8a268c3f84ec9db

SHA256
a2e8c43400f9396ae02700ebda8bfb3367329c2db19b5083c305d71515cb98e9

SHA512
79c8beb92f444887483fa99ca40a6c0443ebcbdc05a9808b56fd2295cd63856b7de1c6df1ad0fe467d7aa31031c1d4b55a1f7cfabc294ad31b6673580b2ec851

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019

Filesize
224B

MD5
a268fa4a9a435486efcc2038620cf8cc

SHA1
c7f32519a394029a1a647ab6a378a744b91d1ffd

SHA256
24ed31fe167448794cf5b6b7efb9a72c6e45adb0ee2eed6b69737bcefcc33465

SHA512
6da1d7998b52f08f92d77d7a376ac029dea39b5cc774f0e1a6b391d17c89bc86ad5f82f9c232941569334e099f53e056e55381834886f6a3a4cf41cd84f5d54c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019

Filesize
128B

MD5
cfdd90197c948bd8642d3f60a5598d9f

SHA1
8fc15ca864c469de86f5add9e8046ef94ab2f365

SHA256
60aee827dcfd36aaf5c2c6b01134d83ebf08e99eb452e1621ed594fdc851ae0b

SHA512
956c7a58e57f25e5a4b7d8ce62a3a8476a7cad59e41af97cdc4b53c18e99a158a13dd3b000d1ddc1bdf97ddbb3c5654052b18112dc5d4cd81d50a0cf02e0afeb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019

Filesize
128B

MD5
3f3f2d29c70faf9df564eec7a38fb055

SHA1
5fb3110b981ecc29b745b23e72c1b96a87859838

SHA256
96d54c1c4b66efa76453b66185111507292d97dcb2784f5a266d18907e4b8c75

SHA512
60cbf228cc006b423ccf35303bf5d61b176a653a31fbaf0076409071398022268f5ab1b2614b9a97cc637c9ae40deb7615bb230380a05f636ab881e6ea06c989

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019

Filesize
192B

MD5
e3085fec88ce7026c4981dbc02490e9e

SHA1
feb9375be26c69760b45fa8be039088075542db5

SHA256
8837500b00cd479fe31bb7d820fbd3586780069577295a9403777387e10ea983

SHA512
26edcb12d3efb2b8a48b71d1a10b546316aac658afb6ebd8a500f25a754d71ba07660577324bd6fc7bf92e20c2708d98bc9d1802ed3a8b19eafaf31611580337

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019

Filesize
512B

MD5
8a6c173b106f93673680982bb0c0d222

SHA1
6171a5c5b12ad805669ca41f74f289ee39b52a6c

SHA256
19f229b113533fad408567e744e3b879c5cdb489ed0a948f3f15ba3626181473

SHA512
ce90cc20cc2d92c3fc34ec70ee23928cc61d188157c8a99c17ee90236efc1337858aa95c3409a938114f58f58795ad7b56093c8526fa4ffb081e701310ab92c7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019

Filesize
1KB

MD5
d59829ef390d71de69ecd7908bda13ca

SHA1
5e3feb9eb31884517e6bea7aaff347f521bc99ff

SHA256
646f3c370367d79c29a3c9a5181798281c6118005be856b80befe0f9f85596e9

SHA512
075816cc5b659bdbde9b1628c93a4dd67582ea460399701bd90f9f307199884b3a9606a0666718b7a39e940faba86c24212a6cdb827a867e230a1385412f8666

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019

Filesize
816B

MD5
a6a1a89e3acab15303588d9469650d8b

SHA1
17875da58df1a416f855f97c2bd7e8cb1d8f0527

SHA256
ba077f751e26dabfcf01c21c4739c09d95daad6158c6f2094198c8c509bcebdb

SHA512
c8a134c2c71f411af956000c26277a09f37a56ee0376c8be232debe5c7d9fcd00be43bc87547695730458e20a7bd6e1118b6f85463b6ea212d99ed26c76f5ee9

Download Submit
memory/2532-564-0x00000000747A0000-0x0000000074E8E000-memory.dmp

Filesize
6.9MB

Download
memory/2532-561-0x00000000747AE000-0x00000000747AF000-memory.dmp

Filesize
4KB

Download
memory/2532-2-0x00000000747A0000-0x0000000074E8E000-memory.dmp

Filesize
6.9MB

Download
memory/2532-1-0x0000000001010000-0x000000000104C000-memory.dmp

Filesize
240KB

Download
memory/2532-0-0x00000000747AE000-0x00000000747AF000-memory.dmp

Filesize
4KB

Download