Resubmissions

02-10-2024 02:10

241002-clzqessapl 10

02-10-2024 01:17

241002-bnjljszdlq 10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    02-10-2024 02:10

General

  • Target

    5f71dd1c8d2794eac06a4720d560d1185ace4344862aabfbb812316df473cba6.exe

  • Size

    1.0MB

  • MD5

    ab3efab870ac3028150e09bad29d3915

  • SHA1

    b2da017a75500314b9f58aa08efbc50144bbc28f

  • SHA256

    5f71dd1c8d2794eac06a4720d560d1185ace4344862aabfbb812316df473cba6

  • SHA512

    49c2002a2d3377a74f2524c534110eaff870078ed983e53b5d3ecd987636f0af80de5033994435da93ca257347826101dc45c4910b0d74a0e5315841458a51c0

  • SSDEEP

    12288:ifleEcqyvTszMbQw+WL/k6ewli/Knnat93Rq:wl5cHbu4L/jlJnaXRq

Malware Config

Signatures

  • Renames multiple (1911) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Drivers directory 8 IoCs
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in System32 directory 64 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Modifies registry class 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5f71dd1c8d2794eac06a4720d560d1185ace4344862aabfbb812316df473cba6.exe
    "C:\Users\Admin\AppData\Local\Temp\5f71dd1c8d2794eac06a4720d560d1185ace4344862aabfbb812316df473cba6.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops startup file
    • Adds Run key to start application
    • Drops file in System32 directory
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies registry class
    PID:2184

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt

    Filesize

    383B

    MD5

    eca1b2db16019e4cd5ffb7bdfca70551

    SHA1

    719412e310b24357626c64247bd984c9830a24ce

    SHA256

    580d3b111bf25c4db730da0274d08f90c104a4061c0a255a70c4f7a1ab2571a5

    SHA512

    821314a4c2e3dd02a55b72519018cbc9e4268e0ba046b8aa1ac0f8fcd2fa2a270a8a5173263eae090c74db31e81248b207bd80fe0ee487deb2a66d6d792e8759

  • C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML

    Filesize

    582KB

    MD5

    cc679ab2d496deceafa5a5d7e9b2b13d

    SHA1

    4d5dd3d6b316e8b4c0dce987fd9cb6ae83cabfdd

    SHA256

    10458ab5f10f4dc2a08ec7a888f4c582bcd983bbffce496258299c025e818177

    SHA512

    8a3c3555a93a94abd30e34059c2d9ef9b6992f6200d80006efd703d7e012facce5a9d9a9557dac3699e165448ab79bfc8614c47a25c22615a637d47981df8308

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

    Filesize

    2KB

    MD5

    cc8cb75ffb5d8adbd9c4ee16fde6bab8

    SHA1

    138db92e37551f1bf91c5cfdd0c034547d1b7284

    SHA256

    f3ab61a0ede274ef2f521a728073146240ab92caa09fe010610499d354f10d47

    SHA512

    c108c339bdec0e7de3ea42b96cb4daee54ee6094c5820980cf4c45980eb0405bffee327164c0a5fa2133373c98172389b9905cadb0bd07e4ff71fabcd1089578

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

    Filesize

    2KB

    MD5

    7eec71c93bcfeef6cb71e566122c3511

    SHA1

    5ca9e091442e34b15f478c8cc9e38188ab7922fd

    SHA256

    6449e625f83d8fa6139bb423a67bef8cefe1d79dde199a56c59d5395a4b5dc21

    SHA512

    3d4889b85551316481fda7fd1cc8e9a90baf6496625a2c026b531ec08be3b74cd8a3fd4ddc25d866f77cd4c60467d24e37621516179f85164caa3f38661ab04f

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

    Filesize

    6KB

    MD5

    acd191935210a71e959a8718b8092192

    SHA1

    0f4037def907a78b31f7fd29abe3e5f97f91fdde

    SHA256

    b45e155cb97f38dc167774bcc53bfdeaf1aefeaee8a23612e0f4c68ecfaf3091

    SHA512

    720835a6026c8c44532b79e51094a5ae21f26629652a3cfe60545ef9e953f14b42e281ec72d3b6739b5b3ad21639576d7f1a6cc97c8d1b9f86b17c0632f3f428

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

    Filesize

    3KB

    MD5

    5e0711fcf7d4f82057b260c5ad45c941

    SHA1

    9dd2cd5a0c91326e9380d3b878bd509a5e6d971b

    SHA256

    587d57a76085db1d842fb583267010c077c66eb55aff3f0f40535c46adfba58b

    SHA512

    67420af87a954253d72d5fb1f3de003bd5197bd61c836657dd4fd9fb3e14b30ea543cd4491541645aab2391e0a35eb64e1dc19a004beaedc6dbd8387c55384fd

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

    Filesize

    5KB

    MD5

    f4ae93eee27f3f78c49112a76a0b4183

    SHA1

    8615423a1fc38ec29a5dc0e238f968073a570e01

    SHA256

    6b6c0686f6d7aba8e52b672aa9d79d82988cbd3194fa3fc1e6309c89a3f9689f

    SHA512

    a7a92d811e0becb5bf20b60f2d337a4d72e94e9aae8ad345175dc06b0a149340ef8567539a6744a679fee5804a8ea7b6fd54f8a134703e2eefbb7e7d7f045c88

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

    Filesize

    1KB

    MD5

    c9f38f2e19d71d92d731d9d6abec6ab9

    SHA1

    513e7789e127d952306aba6d759581e9c6cae628

    SHA256

    4318290c8f9bbd1d51444ca5df1a48c025c1b1ede77e35e2d7542b52341ddc95

    SHA512

    743b4f228504113a7e730bc08fca08c29599517ece1cfebafaac7548c9acbc2353052a22c78f88a13b45d0f67bd8c6f1ad2df9c4af367dc42e27e2c636a8226d

  • C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml

    Filesize

    247KB

    MD5

    2a250d64146861d6353a11e96a7e982d

    SHA1

    54c30c8cfc68030de34501f62aed318ac4e00e4c

    SHA256

    721d1d0fcfbf06405a977196331ae84fe4e11bf9be972356704408c93cc69e5a

    SHA512

    9060cd819cf59887e9d6cadc1991f73308adb4a6efbf8580bb448009b0c08b35eb93b601ec609bc16226aa91335e8b8537a6389a84cc5f29db081603412d77ee

  • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\TALK21.COM.XML

    Filesize

    807B

    MD5

    fd5f8a788a922c75293f5278665d1c66

    SHA1

    e48697afcc2819fe5e6317641315b3e80c647511

    SHA256

    b6f2eddb6a7a0e981fb6643e9980d47c5522e6d93c877d5d1e299efa510dbabd

    SHA512

    a81cfee1f3d7a1885bb9c20cdd64d90412f386d16c7c45324b79b0a5d0a09359c243282b3a35436810928322ca5e09cf943b8d7b2d70cdff8cda93c9c347a3b5

  • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.XML

    Filesize

    806B

    MD5

    0fdaa3b8dd5b016026b2717e257948c2

    SHA1

    81a3928767f45bf0e69dce1df6cdbd3e0662aa00

    SHA256

    7a857671ec15959a146af1a982233382dfb7471419c0a767efa6c075360d5319

    SHA512

    760b5c1b2de882ce7d2cfb507517ab6609ffaf793a0616b7e72ce7095d0c5e82e25515cb356d31c1948c2eed1352cb7d4bad90c27028b22899038f9e4117f08d

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

    Filesize

    11KB

    MD5

    137d94bdca434406ca9213dc994a1732

    SHA1

    1d9adf2106d1a4d10c0858f4ce9a4d528658f36e

    SHA256

    a763ddf9a77b37ecc628a2931da5fdb3b0d27180f0c28f6ffec82e3d371e21e7

    SHA512

    56c86c72ea459f0a9b99abbbf4bebca582be2dd99e2598078f6a77b470b29ebee669bcd2aad17ef1c79e52d347a67ca70dcfa20c21e6ec13b74e9ed442a25788

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

    Filesize

    109KB

    MD5

    04c838af19ddd0f9c8c3ec0fe2306a5b

    SHA1

    7b801f480ea752d45cdcdd367e93f2ebe6a76166

    SHA256

    0a333a4d950982f8e23f94d345b19f938efa4dadd4db7fb99571b4fd3a489c32

    SHA512

    8efa126c68c012e468d9553c73590ff3ef03349833858494d9b0528087a26c93acf2044d65da4641a675913cf327f75c8bf206dca45cbd0fb734d9a6ddafa960

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

    Filesize

    172KB

    MD5

    abb7410025021d95493c249e41eec9da

    SHA1

    ba02d96d25e271df88cdf793c10c7cf53a83ed18

    SHA256

    aac12640783ff8e89adeba3812f8065a5217833d25124cae77a930d419b7fc36

    SHA512

    3dcd2498855acd0616f19cf2bc83db36b83a069d304930734083d09f7244b44a07704620f5fba386c54125064b81880abbf4ea5394bb1d23d6d2b4f32495fdea

  • C:\Users\Admin\Desktop\RevokeUnregister.xlsx

    Filesize

    13KB

    MD5

    dede59ea5dc5bdaa417459ac3bd3ac86

    SHA1

    e2efc0ec753d390d6f6be015ae0c565a238238b9

    SHA256

    f1556bcf5bfcd5d1da4c15a814f53befa3f3b962db97364298159e9fa6a7ae9c

    SHA512

    f3ace9ddc16121495375585074107879200147a5c1b1adc45e5ad8976fa95395f45fc54b76e708d3660261023f6e3a3917ae73fc4f5bc84bf1d98e779e5bd8fe

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallCommon.sql

    Filesize

    24KB

    MD5

    4dd53cb55fe13d8d1c6743574ccd5783

    SHA1

    27424043aa5ef66d9eccd4cd1175f38ce30c87a0

    SHA256

    ff496bc22c54e6ebc3f72d68ae67f3a41660f8800f65d0ae4478f7e9e2b9ce15

    SHA512

    ab64aca32efd66a0015e12652f62cce39d084ab4c3588916cbad6353159d7bb769a1edca4fbdf7cead2cfba6e69a3f8e18bc10db2d4243010cd409bfc7b0c721

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallMembership.sql

    Filesize

    54KB

    MD5

    a63e82304a46c04796926449bad31193

    SHA1

    4f5fc1a314ee61e4707060ee037088150baa96b0

    SHA256

    50b564bfe19c7df2286860f82588f475130d20ff3f4ace04c6f6eb6a2f3ec550

    SHA512

    4bd66085badf408564506a7e27b8b90b9e848582629ecfe245b4000edbf3c64e12f93d9a02dc5e3b2f30473caf488b2f5418a27ed82ea2f86b81e19a79c41d35

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersistSqlState.sql

    Filesize

    51KB

    MD5

    366c279c2c0fabb310a968bf76cdc111

    SHA1

    ae358ac293ffdda23df9edd7e4e0fdf0f9a03133

    SHA256

    ad6d523d3528798d462fb6c5f97d779a151b8b9cc62802da8b00d618b46f0c0e

    SHA512

    d4b3606de16e1f800c10a4be0f0cc40d75864eeba6633f379d900ccc6c2043a9feeaf5c4d0b16d1624a223efd8e17a5cd5da3a7c5283aaa0c938e62511bb1192

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersonalization.sql

    Filesize

    34KB

    MD5

    06196221b6505b871604cc8f302a1fc0

    SHA1

    27245213a1c999bcb28bca303cf025677d86c7c4

    SHA256

    74ff1076fcd1a8b8476a1f13070e7817ff334d2b25e1a6868641af7ea9c4a08c

    SHA512

    bac576245114df5fecd894ce1128e60caa23e14be1905d6b68534c65fc291ec4dbe455a2be9a7a0acae12ecaa3ebbe41982b1cf911ebff2bf17614e531bad245

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallProfile.SQL.shadaloo

    Filesize

    20KB

    MD5

    6b83cd6d797616760aaebc659bae0443

    SHA1

    e1156d5ddbde08390dbd4ce72210c1628d4e8248

    SHA256

    204fec6ebd0e220df9f3d9f7bec657a01fcf51df924993de158e81c8ee79e971

    SHA512

    9f7a27d582dece660fecb252b4ac66b9978bd54b8e9db1c052cf3194f6a866cbf8113236701d857ffa5685ca6db1b0b9605f226b597ebea7d18e1634a0ac5a44

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallRoles.sql

    Filesize

    33KB

    MD5

    5f66fb5a252ba49ad11310b3e6d1b357

    SHA1

    3106ea8a4624de4a0eb035d3a456a27e08890889

    SHA256

    2f78f7bcccee1a276b410eca21a593d22eec006ea13e47cf59db7f9f63c854f0

    SHA512

    54fff7097ef521d03d15f7e43c0b76fdee644d14033d5cecff97fdc6ae8e855aee7dbb05c3e7a28a884b03b91de682e8555d3e41de221a2eb6761180ece27b8d

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlState.sql

    Filesize

    50KB

    MD5

    22118987f2973103c6e78878d009c3d4

    SHA1

    eae4d033a97aa128593447c05f894a795973301a

    SHA256

    08e5cb0e5bec175f816a32ea3862bc9043bf284c7681ddcd1cca9fa1179e111f

    SHA512

    2a166cdc8e1b76a3cd0d40fca0515895fc1ca971bb56e1d8b7fae5318c1a9ac2f4f7544c8ed0f9f2315747953906cdfcec2b68acf05b29ede3fe316d5eb23a27

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlStateTemplate.sql

    Filesize

    52KB

    MD5

    151aae80ff39cdaa4514a4862445e4fb

    SHA1

    24a9521a2ae3568c27fde417d6f1dd59904a03c4

    SHA256

    10ac8dabf03816be414d141fcb9e75d71580f9dd575e4e033b3e59161674fec1

    SHA512

    20460f9b81fb48ca6b8d80351852bd0fa3f85616967a76dfa6ab1d2c570076c24d573548f3a81b8bb1400eaa7eead526b52e18c7a2d554d2b100770452ddbdc1

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallWebEventSqlProvider.sql

    Filesize

    6KB

    MD5

    fc2f31fcdeda9cadc2ffedcf47d855a1

    SHA1

    ec585446a107db9939323b3b3e52105a5999a656

    SHA256

    6b26fac9a73519b18920488e0b7e7909c4b6eb387dcb3fa275676ab6c42a7fca

    SHA512

    01ab20a6399cc6216cf0d1e30ae28043f600eb539d70fbec4ba702acecaf389d2e66ca536ae7402b5a361ce83c84c5c026150e05c6c2528de953c7c7033bf060

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UnInstallProfile.SQL

    Filesize

    4KB

    MD5

    f94b30baf031ebcee20ac6f48d2ffe2b

    SHA1

    ad46981775cd4c7bd01c484faf4e164e5cffc5dc

    SHA256

    b9d00c30c3b4bbd1f952d4b4b6574085f4e4a3d67236eb351850eef98a9c28ac

    SHA512

    ffd567a8fc309c6223f22a780b54c357d6c1dd0ce0de160cbbb5d9e7bfe69f85a1bbc9b81c5b72b9da44e9400974253a37e600d02e071d326a9a9bd57f90bd33

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallCommon.sql

    Filesize

    3KB

    MD5

    084758d2d5c5ed3f81a389c684b065a6

    SHA1

    73c5c0afdce7bdbefedc23853f837fcc0344d0b7

    SHA256

    95c3d02aededf12b2d0229dd55553b5cbad396183ceff7f7944354bf3bdfcdd6

    SHA512

    ccaa2159ea83745ef4ad7cb5ba264acc068fdd25b555bede84c6fcaf16a91a0e0921546670ce541225a3c48a73dff1471a067504d1a93b127831a47ef72b15bf

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallMembership.sql

    Filesize

    6KB

    MD5

    fa7e4b90f1f5d15d95146b1a00389694

    SHA1

    d99081f794b0c36307fa3cbf96acaefeb0c41ec9

    SHA256

    d7498f008ddd33800e9a4f14547ce2b31c5340bff25a9c1bb1f74592dd44831b

    SHA512

    ce94ed75a8fed62a198af49b95ff470326ac5e3858b81c796d94f5a48061bbb37c6d2f1a937304e57062b24f394a903da8209132a8c76686fbb838919743cf05

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersistSqlState.sql

    Filesize

    9KB

    MD5

    b89eac036d23cea360d624ea591b6121

    SHA1

    aaab6cbf8441867ed66f21cd33407b09486d133d

    SHA256

    46fabd750553fbabf06e1ddbc4976efbd9e39a317febefb139b5802d2da71133

    SHA512

    c5bc92b677feef84de317ba2f2ad7d15dfc88459914fab67294178e7ed621e7f52966b21d74c665eba3043d6e7659c440915d6dddde4b00c9525567d87f7e99e

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersonalization.sql

    Filesize

    7KB

    MD5

    e5fdc04998ac9ef69f0284d3489a619e

    SHA1

    2b2297ff17c4d0961575a88a3a1e36a435894f0d

    SHA256

    955c95e0493566cb097e081cb953e1b784e8d8283315e971022675c760541310

    SHA512

    b37334310f5dfee050164e7928c8c49448c3ca6e86e2755dbb6e5474d449398d7650ad229af642c7b082dcf5805521495373358f7e255699c1cca0cedcf5109c

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallRoles.sql

    Filesize

    5KB

    MD5

    dbb0e01aa70bf7de5ede14f7c4d6b4fc

    SHA1

    c1c4337a601813a309b083039b670a168b6e2fa7

    SHA256

    15e42e7186ff390339c1ecdbee72fd9fdf39b36785eff1ca69d4c3e3ccf5d99f

    SHA512

    6e4fdfdf4012b3e5dabbb288f9ad374019c4d659c8706ca7c45e56a202fb52ba6a7f976c77182ec5563a91a06189f027db961f27b6f8926c868a1c681a02052b

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlState.sql

    Filesize

    9KB

    MD5

    f9da1d48b3483e223b99f368f51c679f

    SHA1

    29b5b9a66d8002d96b9d4fccb5aa285b8648c7e8

    SHA256

    7180dac99042c78ea9bfc23be611ce3bc45f726ce451f0b8fdcfdb87689d39d9

    SHA512

    f0691f73655afdb2022ff70ed64f76fc2ad033b9ae8d1c097732efc03a9af8e7eea73c26bcde526480b4d00d0e4cd4bc89b9f66045125e63ec56978d190cae7e

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlStateTemplate.sql

    Filesize

    11KB

    MD5

    0e8a3d0d4237d692fbd1429008504039

    SHA1

    ad27dadab414a26c1db355bcdee8988512fcc6a8

    SHA256

    4232c6b6326ab7e408da40d67066a342291c12c91a8c9ba9cb19b747e78bc0dd

    SHA512

    41643a8291f3ef8c8a38f5d62f1d3c8ad6ba1fe9fe1a5e37cc55b8aaeff6d7ebbf1595b59ba618dec41251b71b123f6913293371eced9e907da45cb432418284

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallWebEventSqlProvider.sql

    Filesize

    2KB

    MD5

    11d07cbe377fa778925216d2c682645f

    SHA1

    71905d2fa2658161d1c50fe3486dcbe03df7a49e

    SHA256

    c07564676173ae41970f8dd4c291f6422ab59f85ea0317c69cdf235782432981

    SHA512

    acbe5e306e521ffc9b3035044bfbfddd54ba567df9ff9bb29572a8e9dfa24d3f6698242e9a7aa4d392a43844ea7430133505b66902c0fcddf8df4d33add6bdc4

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Data\GroupedProviders.xml

    Filesize

    317B

    MD5

    61d91468d57b133322ec22a3d7a6c53b

    SHA1

    9eda1af48a20fd1c8cc8319c4c5ddb14fc8f712a

    SHA256

    2e6fd06706c5ca5fbb9f0a6abd88f623e5fce76eff022e2b9e75e46f3c4c4958

    SHA512

    5cb050217cb3ddb4e0598c23414e153f6e2ed2165218308fb0332bb3458ae68dc2f3a287f5e9a8d8137b505c63113c223aa86d1eeed165ab5dbcc0f177f6d21c

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

    Filesize

    21KB

    MD5

    922c7bea5874705ed8e89098ae5d7e74

    SHA1

    9db88e8e166a5c8d817cb5b55189125a2b8735ae

    SHA256

    ea90233a188ab4d37477531a598145f24ea570ac2c180466be3fc2de0f896b41

    SHA512

    83685184bc2f538329ec406d67726faa34457f31b99f74a49c06c5cec1cb304fa6867b2e7768824a22b6140a58ee95d1ef6d3fd2fb054eadf7dce4cc1174a07a

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

    Filesize

    8KB

    MD5

    8227121dcbc5e1ddf5d47052b65f1220

    SHA1

    19e9484c0a8c5a541609fcfaeabbb2784f47ce45

    SHA256

    1ac317d30a20f3f5061bd58ce3506b655babe2f56814b461208c36e8669d9e6d

    SHA512

    91cca6e53b083ed13f4f4789d761a93247ccea0052c61acedf840d01e69caf319cc8f2ef6a272fa7d74582b2603881be6d1106311b28c1ebb560201946fb7ceb

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

    Filesize

    1KB

    MD5

    93e68b969686cd076de3a1671941ad07

    SHA1

    645ad92abe3c305c5aec6096a6ec11574badaada

    SHA256

    850ccc5c56018a5a1fef700648a5e04cbee5d762f27b5fd17468909f65495383

    SHA512

    72e9c3e74339904c565617f47b473c79ee963adf5a90bbe50cabb1401a021fcfd909a977b14c1b77230ee81b8c0b90be41b109a26e4c07544030a2dc9eb89a69

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

    Filesize

    49B

    MD5

    0cd5ba23ad85a0482c0fa0aa23eb3344

    SHA1

    3d33eb77ae316c2195f80eecda7c5ba85c7271b0

    SHA256

    39538f4871e3cd7ecb7f3182ecd897c7effa83d8f9d70469cfe95316d33623b7

    SHA512

    6fa7fa8207d094aacb9b6cc943dfadc712e5f885e27fd5c0b5ef80152f0233b25d64c0b4d12de5c19c157d7d8f8a36de3102d1e7ed1ded7c09ea1c183a1ecb6c

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

    Filesize

    8KB

    MD5

    2d7d5dd04b70279017ced91e133527f3

    SHA1

    8bcbf37dd8c4afb0b4bd70de464469cad3da64cb

    SHA256

    6bae42430919ae65e3a2f78d9790456006fc2ad9d0c709f00552c35f28dc5692

    SHA512

    d913437213c2696b36b9e45835bb91cc710dcb0571f4b552c14ae3393f738fcfb9ac4ed268c6e8681043bab13862c29147d45d8fb4432ed150f129eade3095a5

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Logic.sql

    Filesize

    23KB

    MD5

    7d7c66bb5e11db3ba465fc8fb0ff879e

    SHA1

    7c6912b67d0689dd42783987d63c3fa071c24573

    SHA256

    742e61cf37e5729a46211447916ec6f9cdda93f71e65868b62e26e1f222c19de

    SHA512

    478a1268d1414d57f96eedfc77b61b5bb5f60250ec3e17f125b98fef8c1f68a1cc5d771a974872781b217615779d7f216108dec3e6d0cef6c63c24b53c25bbed

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Schema.sql

    Filesize

    4KB

    MD5

    1225e4f96d1f3fd90dcc51f65dfa36fc

    SHA1

    e6c0d768209acd00334550426b44b71b6d9797c6

    SHA256

    d3e499f8a004ecdaa0fcdc6543de9c931e0ed048973cd2a8a59f2c6711255029

    SHA512

    693e617139e523d612f9c2a9c752a6458c1ad81430171f24980e97622e57c4ee1e8593509b0e68f806f15ea8b1abc37f956f19a28500a5d92ad9abbf09fe851e

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Logic.sql

    Filesize

    372KB

    MD5

    e6cf8085b994c768ea860b24f347d2ae

    SHA1

    669ba93cc0820027808e031210fdf4c9e55cc09b

    SHA256

    93ba662fe55070de01d92b65b9e616d6de49898165e3b191005d61d0c41af7fb

    SHA512

    2e25cb7ef95befcde05ece27b7c5ca2fa98d6470fc0ae1706c0845ea8361d366e7c7ad5e110546abafebc41b64b335b1b6bd2c8ce2084c0f0dc444d8e4bb42a9

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Schema.sql

    Filesize

    49KB

    MD5

    368edd9c24aa1bc5a73e0938fcb531ba

    SHA1

    69ccdd9041c73b6b9032ef722f9b4c3498df8e04

    SHA256

    f7122371d4e721077f399701f725f48c9faaa1ef586b5e312589a470fa7c21a4

    SHA512

    f2fd15b82199e7410cd47e332530452ba3e292ea4627560e84b95268cdee410e6aeba28668b8bd698def49b9078821ebe3bce2d535129e95f66e962ce019ae07

  • C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\DropSqlPersistenceProviderLogic.sql

    Filesize

    2KB

    MD5

    5b50f4529d4e2a977b817de39d3fc2ce

    SHA1

    780478de6f1e2aea1ac95be5dac5cf4a19159d0d

    SHA256

    0169a00b318ab5da82f566488661eba0e5a5f63c37ce2d82a50e387d30b6f8c0

    SHA512

    950732376be1390e261a87b6bb2ccb918540a03f040d95e50e88e5cf048b5fe22431d833d9b1156ff3d1efaa560686a64d404341a51f071d6e4b82df42499711

  • C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\SqlPersistenceProviderLogic.sql

    Filesize

    13KB

    MD5

    0a7e98647872381e83f99420004df3ba

    SHA1

    1d27dfa2a29f239f7479057d0370ebe1e204df53

    SHA256

    b5c8d2c030e6e6e4ed96109d360861cb6bb6c77759ff0b7cb04609cf47b4617a

    SHA512

    df1a7bdd4b5b46d4ea0d193a00f6e09d970c64dc062b04a9872b26ee5580be703d2760cb8035655af7b636d970650bd93e96e929221852bc0fa7633a6085b02b

  • C:\Windows\inf\PERFLIB\0409\perfc.dat

    Filesize

    30KB

    MD5

    03a6d4c9061b100e30ae866e72b57f5d

    SHA1

    758c416a4e529db768570f5390689ef15161ace9

    SHA256

    656efd5319c563b315d14e619d2fe637b688cfadb9d7bbdf566ad74f9bfb5042

    SHA512

    4f19dcc0e3d6aa717887f1bd63ccbd85f8f92f2db30b36ee74bc389537c48ec21a71be1bf191c85d149d5790b80448810c837de8e076c1993443534ec5fc2e1e

  • C:\Windows\inf\PERFLIB\0409\perfh.dat

    Filesize

    284KB

    MD5

    69b01ee878812cf7577eaa4d75edc38c

    SHA1

    976877115a10c278490dabe22c40f4436992c038

    SHA256

    5a069f60a080a23b2d356782afb38f9d3492ad67a27df8b4995cdd438a8c024d

    SHA512

    824afa259e583c15ce92f507d760d21581e008dd3b091eef2b246a53d59c959393829627ed0fd0673b4dfe081117737cb5c313a60a70b7dd9771aebb9497dd93