Overview

overview

10

Static

static

3

Fantom.exe

windows7-x64

10

Fantom.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    210s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    23-06-2024 13:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Fantom.exe

  • Size

    261KB

  • MD5

    7d80230df68ccba871815d68f016c282

  • SHA1

    e10874c6108a26ceedfc84f50881824462b5b6b6

  • SHA256

    f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b

  • SHA512

    64d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540

  • SSDEEP

    3072:vDKW1LgppLRHMY0TBfJvjcTp5XxG8pt+oSOpE22obq+NYgvPuCEbMBWJxLRiUgV:vDKW1Lgbdl0TBBvjc/M8n35nYgvKjdzi

Score
10/10
fantomevasionransomwarespywarestealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\DECRYPT_YOUR_FILES.HTML

Ransom Note
<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>ToDOSFuVLqMmO4YiMz4woXjBujrZqG1l6ChLHF5gyDTvutgkfEH63Y7pKoWcr7qKYPhICaQcgqtN2oTgQlWrQ+EpjJzuACZ714Tt5yqnGhY4ii/+3twGu8xovJ8uThJSrj5ntp5tXscKlrRY11ORAWPercQYQjpcy6Ghn3apaTyT8Y48/ClzimER8tMNlzobzBqOsKTOQmc9XMbzWdEV4oJs6L+pEWcsUKLLBdd8SUPZpWMwqcy23Y2iJpTn6IZyOr9PPxL/XIFC+0wzw91isxo0ISaaHXtlmdT91Lgp/s9946CIzoKwjoNfp1BDWwbcSc4hmJ5QFuB0fldYY70tzg==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Signatures

  • Fantom

    Ransomware which hides encryption process behind fake Windows Update screen.

    ransomwarefantom
  • Renames multiple (2368) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Disables Task Manager via registry modification
    evasion
  • Drops startup file 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Fantom.exe
    "C:\Users\Admin\AppData\Local\Temp\Fantom.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2268
    • C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
      "C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
      2⤵
      • Executes dropped EXE
      PID:1552
  • C:\Windows\system32\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\SendSelect.ps1xml
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:2072

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\DECRYPT_YOUR_FILES.HTML
    Filesize

    1KB

    MD5

    016a7db7fba657e9f8133c549177218c

    SHA1

    038b4dd78224af7342644a40baa3901d95d8bd9e

    SHA256

    2badde6de8ec5e5893f7fb92ac8e38cce6a9f90bcf7e78f9f5c46c97c92888b1

    SHA512

    f3bac36e19197d27ff251deb93f0f5f7b2e15c3325f5c31b5aa76759e4eca687660a44a9de4cfe83d2dc5e630d00f7a5a1bd79db511ef9c018b8440f7cae6bfd

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif.fantom
    Filesize

    352B

    MD5

    14d1cbb365722eba0db5eee58af8b4d1

    SHA1

    e8431b7fc2fb80cca8cb7e14165da1ef764647b5

    SHA256

    ce3b9971d7b22ec0a39f3b39f6beeb13dcc2a94c1fa11b054b1db1bd04e47c84

    SHA512

    f398a1a5d0726cbb2ab536a8c424d664d575da621af4b78eded667664e622c55f286d9b8f07e6fdd83941e8346005627dcd3faed48a04f3d627f400850810406

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
    Filesize

    224B

    MD5

    1608ec79e094fd17678d19081199d86c

    SHA1

    e69202a853c0e8cd8a8da110db745cf4dd3c51db

    SHA256

    3a1d80f6c7b333d3a0a611d9888c44de6fe7119ad1bbd366cfe260c43724e971

    SHA512

    d4f7885ab7e50356bf94c17e89e5103a5e5a82c5c2d22c40e50992c72421076a771a6600b97bd04284affe6e6bdea51760f0a4e383527fda206241ab3fd54f23

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
    Filesize

    5KB

    MD5

    1738081d083084f90ff864af7f524e8b

    SHA1

    655e72e9bfc9477f2a69607903e687efe531079c

    SHA256

    21cf428cea69a6d9dc5796f471cd333ae1cae29b3eb6b5e1ee1f5ab82c8eb315

    SHA512

    7b8ebe6faacad58dfd98c58aa2333f5ac1b78fcb9b957f8cab406cfbc07e229455b9f4637f4f6e49a1e045ae3469d01198ce88ed5f39165bd1fca4b7c1b2726e

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
    Filesize

    31KB

    MD5

    a4d25aabd9153d0d0235bb2d285f521e

    SHA1

    8758581ea59164e5739c28aa10c8f45c2bf32550

    SHA256

    e26759263d86c17d52194ff53e8561b73370fdb785e5001e2418139435c4e289

    SHA512

    e4093fd36c19f6706696d43c414de944f2fbc1154685bce0a7f33f8bf77fa653c7f2f5384342a8717983593f06a1c333ed2d7ee050b5a3abbc9ec8a0fb843d3c

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
    Filesize

    4KB

    MD5

    fcc173548ed8aca99f360f019079ad78

    SHA1

    9ea6ca0116f37be13de298f879bf1178208cfd6b

    SHA256

    d06ee8d63723cfbfef91b1cf172b0b405a8f9948e7c9feb9dbb22046105f37eb

    SHA512

    f544eeec88a52e24aef9a61cb0bfa1d768f1d270d650d1b5ac9e47ecf6df9fbb6fc7ab0a4ddabf5270d2511d73936530fb8f99150b09fe04379b6448720d837b

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
    Filesize

    21KB

    MD5

    a6b6d5ce2ef75cd1707950e49ef0ebd6

    SHA1

    134a50ed6c1aafcdeaa0225be959ffdc990e28c0

    SHA256

    46e21639e275fc514d01e918139e7e7e61796ea4cfedcd5624e2db14ab9f2d7e

    SHA512

    9ea2daf5d7374792ca306df5855d5c51752a7b14ca2b786a7e7fe911bb034c2422208eb8d083817e1206739ba2f1c7bffcc896f07ddd17dc7712ab84605d04d0

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
    Filesize

    112B

    MD5

    c0cdd5bf060a968f4f6c48328a9fb478

    SHA1

    c87beda860aee83189d6426f8f00d6897978b136

    SHA256

    6119e1289a77e1024ee8e316f5399ce76b64a218d4ae6b406ad0b5d5130ea296

    SHA512

    4286b208e593467865c9331dd839f6c7be9eb24e4692a90f4b0fadf8d1b131f1e0bf6c2f6d8bfa41712f126f43efa35a1b07622e7c77816a71f9b73dc10d19b1

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
    Filesize

    8KB

    MD5

    ae5a4749dedc6e1e2abda8eddf2907bc

    SHA1

    f76842ba961efa11a25a2d79a6199cc2561f5885

    SHA256

    d32d06cb0393a79a7029935c35f3b91d24707a37a3c490d4d749b381e74e739a

    SHA512

    d8d3ad9d0b59e9d6f9c1407061efdac8eeb3c870062d2a073e3402c4d0fabf9b220f1f9bb09ca5e40103324244e64936a4dcf873b3d5ac575fc0cadb394c167c

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
    Filesize

    15KB

    MD5

    3c81e1358efd07fde420bf26b82088ea

    SHA1

    bd92f1b7acf21b36a4dce334d6d3be62093a3af3

    SHA256

    2a614d4eb05aa6bb8be892f06cd652673d1486b3dda6e6f93701a0652c7b1c4c

    SHA512

    ba823f450ecd88e3b8375cecee58d549c5f08ae04679e0150a4e1a01cefb75b797a3180d608effcba174b73ab27b8642eb5d688b09827493a3d2104723154504

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
    Filesize

    6KB

    MD5

    46eeb6f0e529811a7c154af87c101929

    SHA1

    f3f27926c1ab3812a7709083462e64fd675e5d58

    SHA256

    920a30a1afc68089aa8ef6c9757f781cf56011fa8cb6b7fc99a3785de792cfc9

    SHA512

    2db5d0b099b2af90a7fd46bb4c729cb771880f5a4914189095bba82e84b9a062f79b44b521b42600c5dd749f3344d19fe9becff4de572a9432eb17e0c720b17b

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
    Filesize

    20KB

    MD5

    05d9c03b00ee8e1f78180e9439acd73c

    SHA1

    959dadabe8050ff346096211d5a75d2f9a77203e

    SHA256

    b19f7c2770634256016e750ef2426472f355e16419ef0ebd8a60411d0db1613e

    SHA512

    38cccfd8432769e21e85fbf3e3fc1f3fa91cdc62ace6ff34aaaec0a8bc9e903a74bfcee633b7fd685cdd3e472135f407e6aac682ba9c11538afdc9f260a53b0a

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
    Filesize

    6KB

    MD5

    05a5ff1001cf2502cf1f9c296ff0f426

    SHA1

    84b692d070057b140b8f205076f4cdd5cd9a7d20

    SHA256

    cba0cad5f0cc18be4785c07d66c3feec42964db062dfa799d84bde7fcacffe15

    SHA512

    edb5896705203ddc77d4722b34b529abcfa6a56c2d06dcccc9afb32ec61ba4fe175cd053ed80ea52d9b1d434bbebb2cb0d200720c9c843188822911d7929cfa6

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
    Filesize

    15KB

    MD5

    8370208f0cace7f04fce034a34cad69b

    SHA1

    7b187fbb698cf3acbd916c355c9e21ebc440d5a9

    SHA256

    83dde5055193657c977ea4b6d4cbbb51b3e0845c79921f3e925343f60b2f922e

    SHA512

    cf8d347946232526f7709eb57792aaf16234608022e0ba04e5a7faa07142d08fa83534769181215271e342284b6bb17bddde8c5a2e2ad5e2dcba3ec1b074c724

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
    Filesize

    2KB

    MD5

    80f43e139c70d8798e8862f854037ac3

    SHA1

    1bf35e55a9e3108b04421bc10b5a756a5984c470

    SHA256

    4ceb0f92a6a27de89abf491864ca3bc2d9119f3b4d369c5b429a7c84eec98823

    SHA512

    f1f9f10c81ddb2b6f4d54afbf8c64a3dd63ebea24ed09568580ddac3c09c1320168fd2e03e251df62889775b2d4f3ea41c1524aef7398f7f4ee3666d425967b3

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
    Filesize

    2KB

    MD5

    651a06ddbf14deb4b474d084db971cf0

    SHA1

    17ccde15cf6aa2032a85d3d362332649e09c7d1c

    SHA256

    1a6e0ab3746971f9736e1f6a66396e487521f546850d9c5e3a0f91922eb79300

    SHA512

    672533fc9239ce9787ddbf734e2d5063a7de653ea865d2553f1f16d21a33f7ae254df5ea293869906ee35993df65eb83d0feb6d7234559169cece1258dd94ac3

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
    Filesize

    7KB

    MD5

    d220a0eeb300a1790cfd37118d566dfc

    SHA1

    3cea3cf045cdabe89edbc02294dcd5688c539f6e

    SHA256

    ebeefa72137c793ef16c0aa93f89d8dd56adfa4170c9edb4f0aec401b6e4e1c4

    SHA512

    62f81021cd4d58c3069f0f0a85941e94f9df0d6bc9a6d9daa39b9ca7021e6ae963a601690a363c7d003ea85457a61bcb23d6e319c150d7b7492fbf79b76dd3f8

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
    Filesize

    336B

    MD5

    b876695df4fddd59cacdc067e28d9bdd

    SHA1

    88fe0abfbaaa1e9146e8c519bf5df13b32bd71e5

    SHA256

    32ae3fdc4510053861d91440b2102f8f9277e2fc53755d558457edc03c66d0e5

    SHA512

    89ad3760f5fd7fb03defafc260144d932116bc8aa3a2a803f12519f5ba561526f6678ea890426baca427a6e9bf63d561a96632855eda5b0629943d0cb49d67d7

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
    Filesize

    240B

    MD5

    b8a8b93a13b343d28c9e64db6a32b525

    SHA1

    5b5a8636d840ca46b7230aaf95cded3bcf9e6810

    SHA256

    84516df27c63f42b8d306d6ddc5fb38b0e6b7f9a2527349b2f2f81dd4aeebdfa

    SHA512

    c6711019f3bb22bd1fd12b296fa515d58c9fa0338740100ee1a025523cb4b30be051515e3c46f3725c37512c6bfe6a2d6a9a68f362b62b159d1ef698f74a5f49

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
    Filesize

    6KB

    MD5

    8eb42301b454160cfa9cfdd45435f83a

    SHA1

    897e04f83a0f39baf98e3b75168d881ce035291b

    SHA256

    c3a5576f9cb3e26b570a70dc92bfa8e6e6ad61dc3a21fbc63fb337a7f73aafb5

    SHA512

    6cbb0f6ff2978acda814c48f183f170bf2d46d1d2d1cd8b40646de7460703a314c8f97d015a665fb6c3d3acfef71d20c246b6f77ccf78826bc2780d92d4bf6c6

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
    Filesize

    816B

    MD5

    489a229fc0e30fced847a54c1674fd4b

    SHA1

    85f11a64b20773c4ac6cd3f9fb50ac10ee69ce31

    SHA256

    9c6ffca769610a1d7623e11a564994a04f8f27363e1948f56ead1d892758559b

    SHA512

    4a39afc569721574c76db529eaf9bd51305262fd3f1c67aa386a20a14aff4c4c57cdf14209073cc988d4e16e2450976a4268d2bdf8e00bc7988b106e2cb2a120

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
    Filesize

    3KB

    MD5

    c8ffb45da22af54031ffee1c86dd0748

    SHA1

    dc7394975a5b7ed17e65c3fc27aedf99ae170fb9

    SHA256

    b88dcbf81547dc83edb8062f680a5c146f1090cc1de5d3005137228fcaece129

    SHA512

    9ac130c57a94c53d893ed47a6df6c331120419c65d44e481b9a552bfb26182e25053bee809b65e14bbed95f1e4a8b9271b0043a6a9d6f279463298123bc4262b

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
    Filesize

    2KB

    MD5

    999cd79bf015f41280e2b1db2f768541

    SHA1

    53c04665b796eb041bfea1f1b01bd33f76106829

    SHA256

    f07767404b289916866d4812c7f29f6e9779b5de5a94e07cf21f8494b1fc624d

    SHA512

    4a7f374a3678c17d3b579a1da95e51e32bd9058c7a4f015f07e340d026d5a4c1cc6dcf948a689ec0ce5fc4161b91cc9a0bf0272c22400ddac39d77fdbf40d698

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
    Filesize

    19KB

    MD5

    d79106578d1db18e1ff2c9146e65db4c

    SHA1

    3ba7167cdf04e4ee54d4f27511c22b6d871614d2

    SHA256

    83fa3a3c28a40f0eb0e9ccf8c554ab5f4f2710caddab278e36ff89b3cd48dab4

    SHA512

    ae0cc4d9fe5ee833e7e3764f0854883192bb899bb2558fb93ae6a34391eb5bb7f359b84074e1ca613ff7e8464e1474891f6edee8b53cda94c46e7b42f0c47025

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
    Filesize

    896B

    MD5

    64820c3fd27dd4968398f11c3c75bee4

    SHA1

    e9cbf4becbb82ce975946d326eadcb0e71c4ca76

    SHA256

    768952d76e0d3e86ecbd8cd6823023cfab2dd1961f5778fbb9125e7c2f99ad1e

    SHA512

    fb7760b0dffab3afe5ccdb15a82d12a547241e1b4f9400a9d97ded0b44219e234ac45bd1aa6c26c816f7e9db6c731935fa40890a0a76691dc52b81ab09dd1463

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
    Filesize

    864B

    MD5

    2a18d2a243ea4dea5253a396585a4d6b

    SHA1

    089ce642c76dcab8e296660351fcc922dd191ee1

    SHA256

    f028d8bb48f6852b19d57b400a65ecbb46b361a29d5cbc4190634c1934658fe7

    SHA512

    3be57943b80e017f01d9fcde32f2d73ec666dc99fdfec0d090bc7e39af5cde705afbd88214c6a0ba3f270a0ad06a70a31826e43558cb7a15d6b603ea96e385ea

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
    Filesize

    864B

    MD5

    05b069a26fe4c0fdf39e9879aa49885d

    SHA1

    96771f0c60d94d2f300994560a2adaedcf8cb4eb

    SHA256

    20efa0abd89ccbb5358e8e62736bacaf3443172b47aff2866c322ce7df05ba32

    SHA512

    93cf185b43121931387be7c5c04b8af3d40cae9a9f3ceb5edeee7ad406afc98b1363abd1164f4a3570d7374e4cfdf6f23be3219cec9babed8f0e41b5b3b60818

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
    Filesize

    5KB

    MD5

    041cea854b119ca1232c9feaacf5153c

    SHA1

    15b6b54f2338760022ea969bc1677bedda2f017b

    SHA256

    258307fe4712b369f8115a05382a0bd58391f30bd127399265657f524e0487cf

    SHA512

    52f8e65915e82287a6ab9352f984a66a43631ead7d9d2af32870be26a62ec88d02b6b12203860e078c446fc618e2d9ca01ff39d611310b98e399f511a2ded02b

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
    Filesize

    1KB

    MD5

    a64aa3f2abf89e951b4a01e39cf36ede

    SHA1

    baf78b1198971025f6b68ebc47a23b2307605205

    SHA256

    3edb4a1a564ffdb1133d4cc7391754fc080b76af9ace8a4b9d94430236445165

    SHA512

    bc7dbffbf3995b0fb4eb900fba7dd630b68a203984301602c262e4126f8cca50f2466b3cffd2cf90f827d22ba10dc172c3a42ca96dc2a33b7d42b5b6043bb602

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
    Filesize

    864B

    MD5

    81e7ec6510a8b612f601643960054e1c

    SHA1

    15d22d4eaf7b80522abc0cce9d95e7a83fb7009f

    SHA256

    1711798cd1f25d04d0b816d010fbc9f3e218da0e59ca151bfb2f4b8b67c4b1d6

    SHA512

    5c64783fb7523d72e90af02090782226643ebac0471079b9b7faaf573ec8e13e0f77dc24dc8fd7f5ac4404d4a62bd08fa841de180a9d161eb9345a5d29534d7b

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
    Filesize

    848B

    MD5

    2748a15b7416883fecc50434a42c1868

    SHA1

    6de1ac786047b2d22098fbc0feb8335263755676

    SHA256

    fe063a0817839515bf6d48fc1f893b438877e2621d8b83db7e6ce9327e9930f2

    SHA512

    72e0f420ff3b064019d863d9862d46410c456af1b0a5e75438dd727323a7296bf09c8a9fe851608918961f567674f407b3ba9b1692927ecd350e54e4389f5027

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
    Filesize

    880B

    MD5

    72c1861d81e2935b828571009bfaebe5

    SHA1

    98223129cde127918dc67c9e5bdbae4b14929b95

    SHA256

    c43bae13153b562fbe3d2625ceb17c2196af4ccd6dc4912e3d27d834d672938e

    SHA512

    8370973fc153dbc15cdac6ffe8f13a94f390d0493cf65daca0db39c79fddf89a204663f375f8c4e04785c987bbcf12203704296b8f3d9d40bc4bdfd198382465

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
    Filesize

    848B

    MD5

    0b2d9247e22fca613eaf4afeede0465d

    SHA1

    08875104eba08a16650a5f312b7a6ed393e670b5

    SHA256

    768c54ba3887ef918df0fd161714d66445823bf032caf887538b89829648ba42

    SHA512

    eac444a4f8cb4f67059e001291f79a71a757d72134a16991dc8bc447104c87ffc0b01ba8b875186de975516d451aeb94212880e22ae18ea0ab4e521b236e74f5

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
    Filesize

    864B

    MD5

    2c2ea2ddbe177a3cd2dcb10c82066cb6

    SHA1

    472468a9535a77723b39c8d3398ca01632981a7b

    SHA256

    91594bbc7e06628522fec66f3144ba92c7f7f5fafbf03c9fdc7d60226bb3f469

    SHA512

    3409987e491e8fd1874fbf01e27ffb26a247a238085550a00e1710b5a49583bb0c4348a607ef5bc5c045a586f56c06faf630ca413c71c1302a1aef8f3fe6cbe7

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
    Filesize

    864B

    MD5

    b61f110e7ba1c130027d667abba3d873

    SHA1

    801ecd8d0bf4356a4fe77a615c528821cfbcdf9c

    SHA256

    c5cc2b02dcd87abbfe170a531829a8e13f29f3bedfe2e9147e02fcac0bf2539a

    SHA512

    3b86dbd07410642e52c67035fe5a144bea0d393539c383ec9d2945b8cf9b7f20dd2d2e599a23f058b3c208b8c57028b279aba4d6b1f65510a4d9edfb4644239f

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
    Filesize

    864B

    MD5

    cfb618dd5f74339c8076a5bb22d0d298

    SHA1

    7d93792be19986ca1e879eda12a42b6f05b1a551

    SHA256

    94a15979fc15b67d7117cfa64c8136913b992ebf823b8eef6aa576e25108a3dd

    SHA512

    5d722b167fa1bf86fd695ab12851208e2101cb4e8dc72c1a231f09e6c701f2c72757f8b1cc6c98bd94ab668b607bb1c631c30ce9b811dcab45eed8b62af7938e

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
    Filesize

    896B

    MD5

    fd8cb249fae0f07ce5777af04e438614

    SHA1

    3f2653426f218e79a88f1d487302f92544587428

    SHA256

    e16b5e024a22e1f26536791e845fd803a1df234ee5e313a0d569ae2c3848cb0e

    SHA512

    03f974926620904b6dcec5bdb5ea6bb1f2682370405fd636488ba39051f6452759a968f0bd1c23c49b7c446cc23f76a19a368de1fb9269c7431bc11215107d74

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\InfoPathOMFormServicesV12\Microsoft.Office.InfoPath.xml
    Filesize

    247KB

    MD5

    4adafad7978a06296eaf6da55610afc3

    SHA1

    1fce39be5793132a63322315dbf23774d13b0cca

    SHA256

    7470fd9c180170a19ba3f42a0b7556876f9d4dee8a6a8ad3f512e26e6da6f674

    SHA512

    11e99f55eb6b0fde62599fba5c61e1e05c7ba8ec2eee26fd5522dd0cf72a80243aec0a0d0bf387258cc4db7939d930c0e2ad8aa548d31a2510faa25631bf6845

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif
    Filesize

    160B

    MD5

    968d10689419c733c36f66c883c0086c

    SHA1

    4f731dd634fcd660225f78b9c65361bc9fe32aff

    SHA256

    b894b28fdc3894da893ad8a42e080e43986d5d463aa5113c0da0802a7fb1bc20

    SHA512

    df16e4afaf14ef97008837a97b04af687f01443a337f38cd4c7177620cc26d78851346ff6fcbe914c97c795879c36be14eb61cc7e70da25b269c3db7db9a445d

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
    Filesize

    12KB

    MD5

    2cc25d27d3fab6de8e070a372043d193

    SHA1

    af7c65722f2d90026176daf2bd90823adcbbddd8

    SHA256

    5c372840c584345a3ee9469d6dc6d52bbe0fc9b57d88baadfcf9385708b0ff5b

    SHA512

    4ccc47ee5f63d4bb213b43879ae1795984bac3b6e2963832e8f11ca10054f271867ad246712fa47f46c7c6f8970be9d35c6dee2126f5870338aaf7ecdab98da4

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
    Filesize

    8KB

    MD5

    f388b9ac905fb006aed9d3e9b591eb1d

    SHA1

    4567a585bf07b68619e648a2e3ea78ad2dbe68fb

    SHA256

    9a25c092e7d97e17ed2ad8fe46ccc78d627296ebacf57a9e1a6a412ae76f46cb

    SHA512

    206c13011d7aac72a2c687820412c66e2ec7c9c4f1cc41b489a8d77e8df0773c318f8e0561342c7491e747ccb4cd39d19669725bd85fa8a8622469fd5102a30c

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.fantom
    Filesize

    11KB

    MD5

    f887b1804e54f657ea141e1b979053ee

    SHA1

    7288532e7a290cc89d5393d3d9741d376b6d5acd

    SHA256

    8e6e5c2456e8ee6f7882a2d27ca91bc1a20d8817da4cb23663de5e756b10c445

    SHA512

    99f89b491f37ae49494c63ad9bbbdefc6543c394acaaba5fc24eff0b56b192e062013d55eae6cf28956233174765dd2a482310949022dde57ccf17d889256f27

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
    Filesize

    109KB

    MD5

    b904e9bc58fa1686ecae44516b90b23a

    SHA1

    7d3bf777d85bf800e1f64989013aa536741c44aa

    SHA256

    adc64172c345e3cf7c221e23598e2726461dbba8e02fe7eea62c5707e4733c6d

    SHA512

    b943a2edf0799ec3c26288fac7080ead9953f76a67bd28e741acb12546e7aecd8d5c1b5756a593f12e66e6917fe203ea3b0894b740687ab3c7283d7c56d2fd11

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt
    Filesize

    172KB

    MD5

    858e2611954effcf4decb75f0e4158f1

    SHA1

    fd51798ca0ba32bafe76044fc54ade5b0877e006

    SHA256

    24c0f11fc63893144e003dd82d9b1bd007ad7c2145efc7952b4d04e28fbd278b

    SHA512

    28b17513ce70b6406a1cd936a2af471200bf77c753ec254b8953139cba184cd76786a293ae3cf6e844ec845fdd66feda6bac193429653b6afeef65d8b5316a38

    Download Submit

  • C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.001
    Filesize

    16B

    MD5

    8c705bab5caec78070152e8ae67772ed

    SHA1

    9d3032536f175b273987d40582a60036a88045ab

    SHA256

    81d7a2aceae345d8b2018b973e6f5e10049e60e5b17ebf8c43269938db95a1df

    SHA512

    d0b5fe094e6ada0d5c33cf4efa03e334398371cef36e3287bc2aac1b86b42356469633321804ebfdf3bdbee74fb59324d92ab024ed88c16366a2235d0a1d865d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20240612_025226069.html
    Filesize

    1.1MB

    MD5

    75c8e3d9f709311534add0e768845d81

    SHA1

    4e8f83a4540c9fdab63de85c57dc02d1c7324334

    SHA256

    575df906bfdc069669dd3c0d6c2d722d19674eea5115a885445fbca79871cbe2

    SHA512

    b88c2407b009940187461dbadd8434d253a3de0be8adeefe154bc2c1f37e1de1e3572936b32d696476438e4b2bdc941b51908c6ddc508bb92985624f940f3fe4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
    Filesize

    21KB

    MD5

    fec89e9d2784b4c015fed6f5ae558e08

    SHA1

    581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

    SHA256

    489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

    SHA512

    e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

    Download Submit

  • memory/1552-173-0x000000001ADA0000-0x000000001AE20000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1552-142-0x0000000000C10000-0x0000000000C1C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1552-652-0x000007FEF5FE3000-0x000007FEF5FE4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1552-140-0x000007FEF5FE3000-0x000007FEF5FE4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1552-654-0x000000001ADA0000-0x000000001AE20000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2268-30-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-2-0x00000000020E0000-0x0000000002112000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2268-653-0x0000000004960000-0x00000000049A0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2268-35-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-132-0x0000000074BC0000-0x00000000752AE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2268-131-0x0000000074BCE000-0x0000000074BCF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2268-130-0x0000000074BC0000-0x00000000752AE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2268-129-0x0000000074BC0000-0x00000000752AE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2268-5-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-6-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-10-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-12-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-14-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-16-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-18-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-20-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-22-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-38-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-26-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-28-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-0-0x0000000074BCE000-0x0000000074BCF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2268-32-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-133-0x0000000002380000-0x000000000238E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2268-141-0x0000000004960000-0x00000000049A0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2268-24-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-40-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-42-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-44-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-46-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-48-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-50-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-52-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-54-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-56-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-59-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-60-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-62-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-65-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-66-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-68-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-8-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-4-0x0000000074BC0000-0x00000000752AE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2268-3-0x0000000074BC0000-0x00000000752AE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2268-36-0x00000000020E0000-0x000000000210B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2268-1-0x00000000020B0000-0x00000000020E2000-memory.dmp

    Filesize

    200KB

    Download