fantom | 7b8e6ac4d63a4d8515200807fbd3a2bd46ac77df64300e5f19508af0d54d2be6

Analysis

max time kernel
128s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
31-12-2024 05:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fantom.exe
Size

261KB
MD5

7d80230df68ccba871815d68f016c282
SHA1

e10874c6108a26ceedfc84f50881824462b5b6b6
SHA256

f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b
SHA512

64d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540
SSDEEP

3072:vDKW1LgppLRHMY0TBfJvjcTp5XxG8pt+oSOpE22obq+NYgvPuCEbMBWJxLRiUgV:vDKW1Lgbdl0TBBvjc/M8n35nYgvKjdzi

Score

10^/10

fantom discovery evasion ransomware spyware stealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>qM4T3zzOw7KAy6lU8yo/9SG9MZYD2btdUDpdc3ItoGljMZ6jFKNgtjt474gkzBY1HApJyjXbhPc9E9zCl1TxxLTcrwvbTQEq8QzFOGzlU4S8fVUyNU34fE0WfzJGmBiGRb3wjAlPRSC2FZ4RPcaNW8My5MPeFaupF8Qh7nDsbEwFttNfCOQqrBOL0lZhBzDgkZ2tTH8yZCbl2vDmu+tugheVPH3njA59ie8SUgZ35uh2hG8a7gmFPA4mk9KY2gdt/ZOYbJs7laP9q6bz8G+J3mbYAtyeRkXyGNmlQ7Ldg+Rmyk/HOmwRUZajMhw4I4B/IjScTedSpRsotEnBtSaDoQ==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Signatures

Fantom
Ransomware which hides encryption process behind fake Windows Update screen.
ransomware fantom
Fantom family
fantom
Renames multiple (2960) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Disables Task Manager via registry modification
evasion

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\DECRYPT_YOUR_FILES.HTML	Fantom.exe

Executes dropped EXE 1 IoCs

pid	Process
1968	WindowsUpdate.exe

Loads dropped DLL 1 IoCs

pid	Process
2128	Fantom.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\access\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Windows Sidebar\en-US\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files (x86)\Internet Explorer\fr-FR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Main.gif	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\settings.css	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\ResourceInternal.zip	Fantom.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\gadget.xml	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\settings.css	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ko\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\service.js	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\MeetingIconMask.bmp	Fantom.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html	Fantom.exe
File created	C:\Program Files (x86)\Windows Media Player\Icons\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar	Fantom.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png	Fantom.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\an\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\RSSFeeds.js	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VS_ComponentSigningIntermediate.cer	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\LoginDialogBackground.jpg	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIcon.jpg	Fantom.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Earthy.css	Fantom.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\SAMPLES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_dot.png	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\blank.png	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana.css	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar	Fantom.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\js\ui.js	Fantom.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml	Fantom.exe
File created	C:\Program Files (x86)\Windows Media Player\Media Renderer\connectionmanager_dmr.xml	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\weather.css	Fantom.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\navigationBar.ascx	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security.Claims\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\adff7dd9fe8e541775c46b6363401b22\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Globalization\MCT\MCT-ZA\Wallpaper\ZA-wp5.jpg	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_ja_b03f5f7f11d50a3a\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_en_31bf3856ad364e35\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4a984a9ad59d14063bc6ae64a0c8f62a\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Media\Landscape\Windows User Account Control.wav	Fantom.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\findUsers.aspx	Fantom.exe
File created	C:\Windows\AppCompat\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.SyncServices.Intl\14.0.0.0__71e9bce111e9429c\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_fr_31bf3856ad364e35\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Web.Extensions.resources\3.5.0.0_fr_31bf3856ad364e35\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\System.WorkflowServices.resources\3.5.0.0_fr_31bf3856ad364e35\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a933cd1241698e4d13d80c8cb31d7055\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\ehiExtens\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\SQL\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_fr_b03f5f7f11d50a3a\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Internal.Tasks.Dataflow\v4.0_4.0.0.0__b77a5c561934e089\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\30b1d86571495ea86b9a19b13498aad3\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Printing\00232ece6fbf0584e184386c7ac94b51\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\ehome\fr-FR\playReady_eula_oem.txt	Fantom.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\home0.aspx	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\PresentationFramework.Classic\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_ja_b77a5c561934e089\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v3.5\SQL\fr\DropSqlPersistenceProviderLogic.sql	Fantom.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_es_31bf3856ad364e35\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell.Resources\1.0.0.0_en_31bf3856ad364e35\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq.Expressions\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Printing.resources\3.0.0.0_es_31bf3856ad364e35\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\diagnostics\system\Networking\es-ES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\SQL\fr\Tracking_Logic.sql	Fantom.exe
File created	C:\Windows\ehome\fr-FR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Media\Calligraphy\Windows Feed Discovered.wav	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations.resources\3.5.0.0_de_31bf3856ad364e35\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardPermission.ascx	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_de_31bf3856ad364e35\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Media\Delta\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime\v4.0_4.0.0.0__b03f5f7f11d50a3a\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Roles\App_LocalResources\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\en-US\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web.resources\3.5.0.0_de_31bf3856ad364e35\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Boot\EFI\tr-TR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.IsolatedStorage\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\AppPatch\de-DE\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl\DECRYPT_YOUR_FILES.HTML	Fantom.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2128	Fantom.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2128	Fantom.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 1968	2128	Fantom.exe	31
PID 2128 wrote to memory of 1968	2128	Fantom.exe	31
PID 2128 wrote to memory of 1968	2128	Fantom.exe	31
PID 2128 wrote to memory of 1968	2128	Fantom.exe	31

C:\Users\Admin\AppData\Local\Temp\Fantom.exe
"C:\Users\Admin\AppData\Local\Temp\Fantom.exe"
1⤵
- Drops startup file
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  PID:1968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
10137600214b13f3a7ad05cff217181b

SHA1
5da6173dc7ba376176a9bd1d0a590262360040c1

SHA256
514fdcef380fe1f95f8fdd8209c340bf86b231cfe80fb3d47d8d0a7af145cd33

SHA512
0b5981d820cff919912c981a5e6f92df742d5bd1a77c57adbc69007c6b45b4b4d57627cc3eb73482b46cf642fa5267296295076e9b4288a321e89df84f5b9ef9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
352B

MD5
dd1ad308f244f1a5b851483ef6bb14ca

SHA1
efbd1819d18a1f460111578134c3202746c05888

SHA256
b819fe855086b019c5dc6e3c3b4f39796cc7002e8854b03f5229e982517f780d

SHA512
2dd09bd06d3e533b363d9ea2c182139695728107589e5d735674127f507ec5887c81d486f1a8143b9b36eda53c50dc257fee0ee08d84985b4b65fcf91a0826bd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
224B

MD5
8c2e9dc4fcdaf9e9d9ab07eef86d65a9

SHA1
56258196364eeea79cf1143f7b6f2d9debad88d0

SHA256
44ca022cce519d3b69902d8ed31655484bf073eae4ad4fa56060a9ff5f425f7c

SHA512
99302cba93638a3605b27f9d5e7ad26df7817b3f97965eb60aa3228be7a7f086f6e7b13d4edd81d0db4c331aef1b982b788eaec969142f3370477f901ca44da5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
4e39ffaa64da2213027a291a44ddc31d

SHA1
1ee40e9063124c6630b8aae483348000ce21dc6e

SHA256
b36a811511b4da9d52048cbc4d77ad70625e0a07e1e8669f672d7318a9ab13eb

SHA512
a3c5a4784ab5a681d2a535b2d3c6988daa8634e8324a0a43802e2aa9d67779271e5781157b9c21ad3eb6c112d56a25c6e2e1c019c1b8f7ee8b4cf4db5405e955

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
777e721d6c226026c774dbb3fe717653

SHA1
9e5c45ff337cec3f70a6edd7e3291168f6c9e8de

SHA256
1affc938eb399465b84db435cb0c370e9502409f069c82094249ae9735bd4e30

SHA512
4552c21ff0a738adc0edea507e22c5a1e44fa5755527be7f628621cc20a46aee464a7bf5403d5f1f61fc5b338130ce6b6b5f25f45e94554f72de4c82c061f90f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
6d3308a75fc57ccdbe8ec3e44e795b90

SHA1
13ad520f5607d2799765585ad898b093a9a383ca

SHA256
ba77ddc076562b03f3e86d41c11cb81992bc753a5b401642faa21f6cc14b926b

SHA512
9443adc6b9840429d9393d9a334b2dcce3816c399842e4266b2a04b3e2f0adb36e2af4c0e1e6c89f115348e557b0e93499a2b5d5f167f9ca18f53e1a673c4c03

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
a4ba8849400cfa144dfc48539422d141

SHA1
133f2012879c2c1babc288ea458f92327eb9e26c

SHA256
ad4bd252f668471315479fec77c9c9efae65b094ab6ea951bbe3213b18d03704

SHA512
1652d4f3d3094d89e497246f0ead09df6f3b56aab43092278a3b7448c571f2e98d773313792b40fb04fd4c84cd3f336518968c4f6b4eb606eb2b112253d2734c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
112B

MD5
b1c4448ae75bb08436cbcf65270f7d91

SHA1
aa81c05c8bef8539d5d8746c4884c4cddfe94c93

SHA256
a6e34d431db6b1e9669dcc66248313710b88b89b2a07a14c15594ae2bfc8eec9

SHA512
72e479cfb9ecf6d7cb805992109b3998b0ad7e1641139a8a264e5b4fce84e8c4c5ca308c9dd1a6bb2d386413363bc47efe35d1865805d1c06bfc295c251eddd4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
a3b09feee1f6a68a6eb77525fd92e2c4

SHA1
8eaa5a729eeeef2bc0b41ffcea43981699b5819c

SHA256
b2e3663118ce69390e0447fce86fcb01c25b9ac0895984de732772eaba3e1a89

SHA512
6a999e30da2b03b99af4709f5f355e6ad0cf7385830572e0a8ce5f3566f78d0f9720a2dd1df8f3e21e2a6ef0b8c7bacb82edc20825eb72deccf038722245b5e3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
7c887a044d70d4727f39833dbb5c7904

SHA1
656ee65dfb319e0c2428486a773eb138524a57c4

SHA256
36bce4690c52ba80670f8e31e1bb3edd60d584d514cfe7b7ea4af37e62babd94

SHA512
9e74a8cadd159935af6bd4f21a042f2ed42b5afe411ceb02db3cadeba811a232e02709f5dd68ed0ea77a6e5239ec331b9c3f024dafbb8c17f292c556065c2964

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
156018b8974518e2420cd103bb41a419

SHA1
8c7db1a7924796601f7cf091c338711b132b2240

SHA256
47778659f75380da5c0b1aeaec22b10536a6fa7d920559f61e0d20430adb0ac0

SHA512
420997f30be69950f360d20e8ec96cd61b7f9c1883a802ec720b09149dcc1a7c970886813496282f7edd1aaa5031704e1cd24aefe25764e279464dc021655d66

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
a9cd8fbd8f30555c7a5079aa9d2e98c7

SHA1
d59c263c3752252acf419130dc2846a143dd95b2

SHA256
65966f632b196baccb0196c43b11229db41645c97a46cc46267f25c4d1b40451

SHA512
0afd3f326b8b025fa6f82941374074884d58e622993db9ff7e2864af623f2577a50d3953895b010fdf361daa4625242e5476c8cf9c2332836bbc0d34fb4f8de0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
acfebaed1ea080e1957b0ebb0e8954fc

SHA1
38574e97594d2f3b30a0f25274522e65fa8b4154

SHA256
dd6388b222a84ae97de62df6adc4c908599c24ff11f372e373d2016cb78c939d

SHA512
a5eb8e2e17621edb4cf4878b2ba56a49d422f4d5274c1a2cc803ff1246b06ad1085f7594e1abca97133ccf2d0d5389d16fe1848dee73185f5f476f813d3c3a5f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
b9553b0cc544c414aa8f7241eb0e1cc9

SHA1
7ad4ddb17da7a9f21fee5499fd0af554c8a22d66

SHA256
bc98377ddad6d801a2fb877f73495a9e1c8b7156f1acadfe52e8892345dca2a8

SHA512
f81945eded36d131f68f23378e4a0037ef5e415a1338dd5b59be10016273dce7b0a23584dc258788eeb80c3eb83a511be0418a3968e030ccd9f6e1a5f7cea750

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
464d35e5f84f92d993361ecb381b2adf

SHA1
ea02b84ad72f4055992cb5026bbd349ba981686d

SHA256
059251c417c979ee7b132495baa4a0e968d38f5c2b7655f13994cf5f6a68f3f7

SHA512
8d4549049ff1a6a9b1f5b29fdb39dfa52796c5eba7f37b3067e0fd36c94f4ee573c5b1f3e0b0e074fd132b624a907b8dff9b73c54b61ea645dd0742e05fbe7a0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
a0cc6d446461aeecd79bf3c0808e104c

SHA1
a9b282b728cacec563a2014c4ea8d0a1999f987c

SHA256
ad404aaa7d2f20775b64cd92b49bfbf70d879fc3bd1fc5b686339fac4ee53d10

SHA512
582eef44bcf2b3c54ad110d56de735a567a7be7a125336cdad700e2a834fe71d137c9b8404cb1fd9add30f5117338baac7a5af51136ec82a735f5ba61fb70179

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
7KB

MD5
55928704fb5ec8c5ec9cd6d94908f708

SHA1
65af10558a72132dc6103a23cdbbb46642eeef47

SHA256
1988a5bcc259e478bad3301d1677b388b6ee121e9e4858ccf8906f448dd69649

SHA512
343e8e1f592f397bad9b59b70a60be9a5c70ebfe5b6481112d7254761fc8eb4571a83e9a20e9426ce22f4bf69a2153ff0989ef61e4007b01bc5238d06d12be64

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
336B

MD5
70d34bb6b4da2fee293e715e7e49caca

SHA1
92c2361977bdc6e5e69704a1c40713d46bd3527a

SHA256
3db138b327939d2ebeac7ed6cca3f13789573e5c38fcd5754ae5b065560af01a

SHA512
9cfca67b16ed10d51358f0827f6d3f2188fa76d650472756c2cf306c4a78830d353b5608de02b054d1449136424d987eeb8eec6e2c1afbb1f758a78421405987

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
240B

MD5
34a69cc13109cff5dbdf1e1f3af55318

SHA1
479d5049b9accd481a1e22852142c4a5cfab01da

SHA256
18c7917afb4fee6b2d7d1b260bb8f88f5f5ff49e514c33535b89e32d38092bb2

SHA512
9e1096d4e72d013aeb3c351d099b36fb0fc01aa112c9e4cb7027f9dc0809f35b6f3b6b6a1c99df220c885184fd817b14d5db163defca9e8957b1fa0b56523ba0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
2b0cbc222e783d93e7815ac894e4af75

SHA1
38eaeadd522604f3cc1d63034518eb7bc6287e28

SHA256
5ac9ae8a035276f43d47a77e56460bc93723c571da685bfbb04c8fd5c51a2127

SHA512
ab3bcee39655c569e384a9493365445f33993f4ffc10af1a44acf6e614ccd64177f3e7b0d5623dd70445a3c252ae62eb0f4719447105f08d1b5bb7922fce0c88

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
816B

MD5
2e0bd8ae5eadb9d23361a7a4902068a9

SHA1
16031c2352c176a1f2cf378c0c32c50321036b84

SHA256
472bd9d129a53e87c4f50bb7401c03936e6c3e77ef901a8c1d9c98e706c01567

SHA512
787179ff939fae8f35b41ca1720bd8c7757ac520d579d078f54aece12638038998e652df72dcf55d55e15e8f682b1ae6dc08dc9eb65c017a9bfa05e3b30a7fd2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
14dabb8ceb8a7c7f764311bacca40de5

SHA1
00f9dcfdd04d8b3240c7cba0eb8b0687d418636c

SHA256
02a8cf5392fa7731986738e440ae32ab51fc26d12133ce80777ce196ec48c61f

SHA512
46254185a1091212aeb5ec0d68571e8c499293ef2baa21da59f797455f59577aef6a79447616cdfc819d8ee822e16f029165f9f650dab08e1b713b1e95077329

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
6c9e9c18cc9804ed454dcad69baf98ee

SHA1
184aa98dd8cf784e79a32b48ff1c170e074098d0

SHA256
b89c51767df95ded0245df0c1252fd5cbe8cb425558e0a32199cbeef0e872499

SHA512
4ee44410653e9e3d155a130cbe2e2ad1eb9d85be0877873a0c4455dab0f02478e2566243a21c0816bf6671864d9317e2ca4c11e5aae42a3da39adc9bf7afa677

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
53a70e0b482dbcd5fb43a067d8e2141c

SHA1
691112ea8d7c64756752eb0f0071ff716af8a28c

SHA256
b886dda63dcaad6ab7d2d11282d9db43e615667400633809f0157ba1e3769bce

SHA512
eef9c0715b414a352a7d059d2b27fbeae7c08f4e22a28ca34fb4fe7f3773d10e1124f0859a5ab2baa2f28f59c03892a4c6b313a7169e79a6ffb380022809f42f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
896B

MD5
096beb7d55222148fe8815fa3b660bf6

SHA1
f7ae380729733e897e77aeda52cc318a3cc076df

SHA256
396276ccec220c537a72790637805af8c8a960bb2a5855fac7f3c74e10732352

SHA512
ee137e4a79f7f5c6d78dc5652d0c56bc0279281b08e58feabdad59eef08fd7e2d226ca3c6b9107451026cc5630872fa96ef0bb5f92628a1f3fff131318519073

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
864B

MD5
071ee50a5381e2596fd7c536feb4dfc3

SHA1
741107fc685a1bf258b115642d080804b9bdf9bc

SHA256
60d986ed0860eb3109200b62aceb665b8d35961c06b4cbaedc73db1d9fd0b222

SHA512
9549c563d76a0566400218a4a8f56709c8c37ee54a3f020aebe29dde6aa373eb6231cf38fad22f83f1b9e1602181e36245181dc23993f397dc07b4f6c1603e27

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
864B

MD5
634a085055eabc323d07edce29106212

SHA1
c8d554475fbd3cf235334de81475d8c7ef35f218

SHA256
fa134e4e9e9fdb434307fb87b7ca6062ee39c970703c390ffc47dcc913a83a2c

SHA512
60a77883a2932e883ff071ebc43394a6de02a9a8e9143c3f8735c1688306fda193bf4417020ce51eafc1eaa1275d480145403a7d14c4012e04d6c1bf25a06506

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
cc5bcffec2872d36d535fca6ec42dd10

SHA1
8752b9c4e777566479f32015ba5d37762a5dd247

SHA256
873cbdc62f0ef4070b766e9db45448006a6dbe65fb0364683ea16e5ba4e8f10d

SHA512
2d2b8015989aa95d8f9879cf2089aeac612a6102d68d941a2b9edfbc74db79c98d5930e88498319beee03fea61f219e4e00b7122decac036b17c42556c3103f2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
0a53985fa53e5744fd2b42e374f1e357

SHA1
532540d6c0891a8e948bb6681ea61679f4b06259

SHA256
a2c958868e54c0195461e11542ef672f26f554ad79ddb1778b387f81d5bd751c

SHA512
b58c963375c9874d67433b2749c3df1e254770260b71d0952937bc890aaf07a4a9c0ba260e264ad9197723d03760a6e4371441d5a0c1762e084f583dceca510d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
864B

MD5
a305c932713ffa0b83105847b95c77fc

SHA1
1aa9be9d7e6741f94dfb1f23c44aee89b9c52cd4

SHA256
8e2cd883cd6c5324432469c34277a3cb7c86450ee1a2758c0d1e4cc01ebab9b3

SHA512
8ca6118c35fd9c93119861810553dcee5ad89742e61b73317a78f6ca397df558ed360bce09154a5fb472a1c26df767767364aaf14ae36524e0fcc4d5208baae6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
848B

MD5
abb5e52242e1a6d21fa93e0dfa9c8e23

SHA1
20daf27fc691865a1972a900f7a3e381c9768ca9

SHA256
023013d33b459a79c86cefbaf8a5208ffe991afa79e22f37920a6a43b8405959

SHA512
77783804b7fb834bee853d7124ecd63da75f23764b5e24b09ebd132d957a7eef9479620ab73269de631de695e70f4fab67059a9edc84d99dfdf3c19666b1e785

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
880B

MD5
636ce64172c9a4abea5ab32c081f127e

SHA1
afb660e6b563b6f73ad4722949a81cda3ce8e6eb

SHA256
7158ad9f6babe021051825db9871e037f3b63fb5285f86c502f14e15683dd9ee

SHA512
b3846e9738709b0e53f48cd7576ebbe16b40ffd6f587664007e12030c92394559a0afacd17cf1ca0f4874de4c512dc882006465946d52f309e30eda510e27257

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
848B

MD5
fef2ecdb02ecac2067b2e80f0545166a

SHA1
16493c73100501ed4a779b21827a2b7bb811028d

SHA256
5c4724ddf6997b952bd46e855f03a4cee5aaf70f9d85abd12a2be2ae031c0d22

SHA512
9db6483d7dde659d68f488dd029ef755b8365177a04abab2193c7a9d9797f2a78513db30c7fec8c5cf7853887b5e68b073f973d621a78ce2851e5389360218ec

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
864B

MD5
fb6f0b436200e51b7c3bc7c94c1248b1

SHA1
e2678eaefcd9f7bc2bab80865e9b23a1a41fcece

SHA256
e0a8331d651059629fbc07ab32dd510c267a387cf85659fa1196ac6408283f9b

SHA512
64600c37e00c4ad5b7bb3142bbcf6eb00bd54d4321def91df7d591f8984d64c4fe3a8dd465bacc2ec37fb612f780cf14ae5ca0107d66e974f29a53e1ea1b22ba

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
864B

MD5
366a05c6ed161b0ecdc121fef9ecc90e

SHA1
6d448ed083f127d61d35c623ddc14f8169bbd0df

SHA256
9aaded295a982db09fc97752ff17c5c8956fd38f286cc144a1df228a6ee7dcbd

SHA512
e9bd98ddd5a4cf8dab3ba9fd64006b4ebfb9a60d800bb7a3e620343605646ca0876eed1bab7eeaa5c38c31205b7c86743ee0c31c2f2eeda0ff25feca5e8732d9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
864B

MD5
30d0f239730e031696a192ba5846eb6b

SHA1
c6425c8b19f13b06ad0759923ebae5d120a5d0aa

SHA256
b981051269aa9299799207929936b2027c554c56a4fb7905c90b056fda91d22c

SHA512
3ab9d82bcf10a2c17321b9e750d423ed4180745f5054ab58e0d3481e4c2972dd01882395ab5ac05517a38621b9dbc6402fce48053d1efb97d6828eb3528f8cf9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
896B

MD5
1144d1339d713cc5d9c32989b88b7d66

SHA1
27b772994e5eb076fc955eb5eb16c3d6de860bd0

SHA256
f9d1f6b808eb1ac41c30c91be3490dbc203c7782daca0a1d5f7c78a4b78024ea

SHA512
8985000e8f4b8622bf8e9ee90be5622a52ee291097faf43596f9dc8e343704d84db0765d6030933b61e3c8e4a2bf1c6cb541c1ec5d66de7754d57d0b0f785306

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\InfoPathOMFormServicesV12\Microsoft.Office.InfoPath.xml

Filesize
247KB

MD5
b947bada9a9571839b2ef70f0d81b322

SHA1
dec7f16a1346ea44f1db82d15ffb3e9cf82cb144

SHA256
5db8c8ef5a87cab2152d2077dd90beeb7fe9ff0d51c304021f877b8f395f6612

SHA512
62455807aaa77abc37d03ed950997ca0ecda5cceb8b256767c2889c034f175ca81744694cefb18715133302d81811a63114cf74a45ecc5a7a042f88434d562ea

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
160B

MD5
8b008af4aa4f31459c59306e52948bcf

SHA1
faed2298f95f9d1e945d9f497fa0d17bd6a26c56

SHA256
fe34aed3612075a1fed6edd8d5f5e333963c5b4c652ca17a4ebda75f5948fc27

SHA512
c05b39b7b7f996541fbf7e0031369030d9229cb0a291577296a543f2ae2ad2ef9113fe8c13470cc0b2cb8a5c3ccfbb03d7c1c617baf54ca4de944165687e0cfe

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
ff4af8c03170089bdab42c9d8b5396a2

SHA1
ab3ae99c3a729117ad5329b1c0b2e08bdea2b229

SHA256
87c976d1ab47c5ee2df5b5c9a7a0df09ee6f38a171aad1c4991242fc1bff0ab9

SHA512
2f4afc69f4be2d39e77faac9f96df89d652ebca60b9bc925ed5db7bd64c634fb4eef45fab49555f52c458150921b0edfd4f76705e19045e289505a87bd28a082

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
1811049e04350e3017b2e6054ac3ae89

SHA1
73ae69d1492c262eee9d813aa9e3625c2b44df49

SHA256
92419ff4ffbccf082bef69c8867e9d68891af7e8aca017c732b9dd4d8d220a9f

SHA512
eb35e8aad5f76fd1d9d3df1535697131f283aa9e8a600a1cc0e4e408c54787c0504cb7b49df8ff491337bcf018a190bfcbfc59efe5d917bb5e9ad214af26bf60

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
5073eb1da0215e9d8ceadd6a784ba076

SHA1
679c77d534fcfac9324e917216513305f2a16d8b

SHA256
91f33b34ec5dc9519b943f992ee85bd030e8f3a3af406ed8179ade43b050bae4

SHA512
969b4ef76637026261965e3d20e1beb650003103f90c01837f54359ae570f406311e21306a105d7b53599e1924a5cf2445eaf808a61d89dd720c61b5559f024e

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
07d653fb13d130fd3bd4f2f1fe18e7f5

SHA1
7683247e1d4c35501eda9e46a22de6ce3d64a2db

SHA256
5cdbce8e56608623e889bb9f85cac18f28ba9f4d27fc70b291bb22d2413a597b

SHA512
98d81e13ed2edbde27474a7d376a5f3cd4c929e0ff0f226f50aa5630b85136c604a9554711971e925331318e8370098e2c0ead632969d0887ab0dc6841283ae2

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
80a4e776fb2c7c55dab92373003104f1

SHA1
6f3c9711eaf8037c946ba772c18e270cf00b1b2e

SHA256
cabb9bb23c2bd909ea814f90855f85cf684525947582f7281924124c7cde331e

SHA512
d7b3bd515dabac1a62aeaa9732e751756ccc7caeb19ac87f9786bf1582818fbe23185a0297f0cdb7da984b8a146cece0c039bc716f2ff98fa07128967326e78c

Download Submit
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.001

Filesize
16B

MD5
aac7bc3f68680d0926218021aa05b8c3

SHA1
6f9a44ab48ebd51537087d3c9c2b3988ca5b4a65

SHA256
e33b6453d8812999d03a70867ac347700012f14e9cd17c2da9d893af9da9b3ec

SHA512
97dae600d26342230f47cac4acccea3bc21c56f4cb531f6d8acadf0cd4ce1c5b8c9e339c8847c33741dc2b68e9cd9d9af88639f55d683bd7d24504a0a12c86e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20240903_051533842.html

Filesize
1.1MB

MD5
9abe11a6cbfdf5ab2697691bce88117a

SHA1
3c01cfb15fd7756f90b2744a0ab5725f2231ccfb

SHA256
1b6f40d223df0eb3e7bcb58a1cfb2f2fee01432121f462a7ae3fa286cf9652d9

SHA512
6c194d22725b778bad8fa94764dc063cd376a86af886e68feae76fad77c2e64ee8f68add180e446953bdc78741f40dac4ac17635e0b54c3346a9c7d57b116708

Download Submit
C:\Users\Admin\Documents\SuspendWrite.xlsx

Filesize
14KB

MD5
e9373b8c40fa90a340a7ad3c97b6163f

SHA1
50f601664b21a180dca2701c49da5c218b67f70c

SHA256
024d5a76df4b77b3e98494babe2a0198a14d8579d71c3b6206ca0a255bdce84c

SHA512
eadaa4015d5469ad5cc3ee25abd8dcb9b527b5551107b2b2219c439f01ee0d11e2a302ac8a7322ca9722eb23755b94587d8550eb1c4565e2af6e9d06baeec8de

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif

Filesize
64B

MD5
8d02347012a706178f9123fd574ac7c8

SHA1
0596dcd4c1932ab40fc55028091cd362955f6e37

SHA256
be53d9ea13b37d0431443907e874451715d56b68374d3c46f17e1924f6edfd67

SHA512
6f8239239decb9496ec69b1ad79ad1230406a68d6c113707c93af51fdff2a20d91a5353c4b1d59b9899dfe7b0c9d3132fda0993a7896bd81a5cbfab249b9ec43

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
80B

MD5
2e1d356fcbc047438b3fbe9be10c22fa

SHA1
dc3903ac369caf8132277d2a761e8453ac932bb3

SHA256
f78040fad0f7d37274104a61609f8a85d4cc81ca8538deca46a36597cea8de52

SHA512
c1988d4e90a290c29c6a2cc6c301652c48e148ecc62355153350ac18a7e41e7e1a5b71f471c583d1359c3806c1655676b0504bc5b82d2ea9660db6702422159e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
80B

MD5
41a37e3b872023abf1ea94ba629c1818

SHA1
a6f0ee4c6f4537a9e4f0e09722db1e7c1cebf352

SHA256
8ad9f275b77baaeaab431f688583c3902840ff5506b3c56751ed78704193155c

SHA512
f768f9a9c4dae1f1d4ae4d70249d36ef31607c251d35f875a5f59b2337ce6f336ba556c6f66d474f17d7e1af4f51b7ed51c497cbf898c35b538d03a17fe68387

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp.aspx

Filesize
6KB

MD5
2d4f25806c74f266841f9e636ac6a557

SHA1
2c107a312c6bd4a78b85b3be111f78fec564d335

SHA256
7e2ba003c438d8120280383a58d508e9f6e9c3319c062ad35dd11ee93740b716

SHA512
e1771ad9b01b2385652db8f1821c9c8fc5d1498fc6499fd522383c8c024fff6d5e53875985db5127b2ffa35cc417e8193e1811783aafd5ed53c8c9dd22bb97e6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Application.aspx

Filesize
13KB

MD5
ebdf69016c8c0c935646120128db1170

SHA1
f3667c739e752178b31e648e15be0c5b69737774

SHA256
b01536541d701eda2b0c2b2a755a0699b9f76eb70b7f18401cbfc05490dda6ee

SHA512
31c7da8f3a2477b7c395ba54b16f644d51efdb248c04a1ad982cd97ffebd4d4f9ffe44862fc9034184ce0971a646aa143aaf1cfd37a197a18582ac0e888e05e3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Internals.aspx

Filesize
3KB

MD5
91313a0c5385c9e0a4bc72b4087b1f28

SHA1
520319995eeb6f15c09ee2f6d4210e3e5ff7cda6

SHA256
0ca3707ee06e3027ccbdb8a206209f9f57057f85dbec5a5db1fa15fc1857119d

SHA512
b22d427becef565ef00a5400bc775a740ed183ff734a2d1dc4dec756c85184c93ee00fd661b6d07006f5620e36bcb59520cc5af7bda492324af7dd2879b27fb5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Provider.aspx

Filesize
6KB

MD5
a1c0c172050fd3877b4857e5693e842b

SHA1
9e2a1e03e84c66bc489dcd223d9863716e0e77f4

SHA256
0824f4cb2c159971a57d56f9e89c29bfcb128aa239445ef7d5430afcbb6875f2

SHA512
7d0d15da73b30fd5eb040cbc5013e51580570f390fa69d1c0dde8b37d6b366261e99b9432f05bdb6ea966b617eacab6af4bc9dfe6fd01d5d3a2d63541f23b349

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Security.aspx

Filesize
10KB

MD5
cfc27ab46c769f3d995ee5390efb0be3

SHA1
4d541f3f93bab2568118a79c868e326407c4746d

SHA256
239caeba899494c052d1c62396373a24bc6488dff294328b3a26f01362969965

SHA512
9d3cb285c1eb99db313b8aad7ad39e139a9dc39a49d44acf9f6a1bb4e22e7a25de9e6c5b61e32e0d51dbc362a0c4c5fecc43aed9f768d240e3b80538a8ff0f4c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\DefaultWsdlHelpGenerator.aspx

Filesize
68KB

MD5
ba08a09e53c73347540bea444d734eff

SHA1
c3e51fede6cf7b236c823d27da2c8ac975277b4a

SHA256
abfd4505f348d0d90bee2e56ec1cb7fe4f0bcb7f6c40fe78044adfe28711c950

SHA512
4d10584089018ec5bfec348b6e8313771f2d9921c05a3bb2ee67312fccbcf58e896cfac1103def041bb0514bb4267c147fd6c06da07ea98abf618389508f325d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallCommon.sql

Filesize
24KB

MD5
43a2e349f9a24bfe3040d5b9a144c8c4

SHA1
ba87618d2e9bb683a36eadfb02b257155a55a4c7

SHA256
7b5265457f18ad103f9d87fd8e89e012e997bd9073d31fb6d19c71a7d25428df

SHA512
912ba81d220389d9cb4bcc31e57f0844962b6989a46e821f1a25f11bf4c077fc782a65a9c9896b552f7e7862c769803bdfb4a0db29e3ac86567bd0796f7b951c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallMembership.sql

Filesize
54KB

MD5
7ec78379ed30627c6a87bd7e4d9debcb

SHA1
b93c555d5310d40d7ae40dac04ede3ce79fae3a0

SHA256
aed5ca24583815e09246cfbb6ce3f88a9794550af9d682eee03264f862f26de3

SHA512
c0b2d048a6bb4cef247695b6d9d01ed15eb70410bb97c760c32ed59ff4488783fe2388980fe9d42d89f8dc171c62e930103d27dcc2757afd2561cdc30388af7d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersistSqlState.sql

Filesize
51KB

MD5
0ad2d9e4e55651187a83f9b84ea514c9

SHA1
54271e5ad341ac1bd04ed0350178ae0dd01872df

SHA256
baec88f8b8e75c59a8085b719bf45919c12322e41a31884e7e132bd65c7d4993

SHA512
f1897dabc271ab23781446ea6acdf6fbe143792514780df9521df69a649410c49b40a3531e9183d308c19d4163561a0a02688b7e24758c915f0d04bfde49f45d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersonalization.sql

Filesize
34KB

MD5
08cde8ae829f7f06eea3f1bc907e0488

SHA1
443cd8880af40b24fbee3b0762445d82619f40af

SHA256
d9932c88189b11037204ad3648db03dd72de8535e001dcb4d6b78303b8044730

SHA512
00491aab807304d9a1ec1c26b0beb8ce27057fb2c0d96d51540f3aad94dd41f7a9d67cebfd96e7fcba35ba3f42840514912cd3665504e6144e59a0bf18a8f528

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallRoles.sql

Filesize
33KB

MD5
dc78920b37d4dfc593aca13baba76d98

SHA1
35b5f7719d4e7d2868cd64b38f28994672d1311b

SHA256
f701750bac71faee95aee58b35f5fd6552cab31344355b1f3066d4bc2cc4381a

SHA512
4ef28a857be0c5c9f63dfe8ab8b250e6461f9d59b49518257eb5b2a4dd786aae6539613e634f89b4b86bf8becd43623637398a13cb7315690b2ca621de719569

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlState.sql

Filesize
50KB

MD5
e5dfdc4545d50df798fb66a49f8ef19f

SHA1
a5ad481072cbec07ce4850eb276c9c7ac6efbc7a

SHA256
caebe6762e98cf114b045ef17097d3d4730eeb92b9d220e4cc0be15de3c46cce

SHA512
29f864bd6ed8a426ef45769fbbf37048f3c64c6d4cd75879c2fc82e669ec21f4bdb9199ba0cfb2e98450cda59ff4bb5ee28d154db8d38bdbb9a2ec83169c6b33

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlStateTemplate.sql

Filesize
52KB

MD5
a0fb796d9aa3bad8551e60bf2920c272

SHA1
48359ca72bd61bc7d0668a1faef0a05de4250f06

SHA256
3b1d707211139fd174e90250847947141bf56f6b0defb63fd88b4883c16b1044

SHA512
5e0f951866a6f64d089dfc70c87440003e87e0a7c6300de2d0cf84be2cc4be303df8526070919594e56b58c467cf669dfcbff4a4b0201247d81b1a4ff1a412f5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallWebEventSqlProvider.sql

Filesize
6KB

MD5
347bf3d372f3c5fac756e6f150be4ead

SHA1
ddfd247d3934017fe6f60377e9f7fcf8960040c1

SHA256
842263c7cbf43980a0017e60d5ffd161741540d8af22b8e64f3af16c1a0c7595

SHA512
7c7244ccd1e6842a88d08d1e34e1726815b10a61e6a042dd8b797aed3cc412bb5d98a35b7c149d6f74381d74f6e09cd34ff5f611212b9a95c67ab575b0147423

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallCommon.sql

Filesize
3KB

MD5
1b3f039ed109580e8904dc8b77a06265

SHA1
d309ffe88e413d0876352ddef121571fc0cea5f2

SHA256
a0ffc5470eba87dac50b32dc6f5e490811911b6912dabd2ae8bf63dfb13a61b8

SHA512
46c0269a60a287686faa3e0a96fe20f2b1ee04a24fc31769df87931fb357d4fecd8ee30b66eba10c08b69996003caf8d039aece2d9dbe92812e3965a3f35c479

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallMembership.sql

Filesize
6KB

MD5
4fa67d4fcdfa0b9b34b1b0728caf843f

SHA1
7ef69b02b696bb177769412270d3bcaa87e00845

SHA256
070f207c74b6aeb4cf2073bbabdb3a88e5ab5a2dccd175eac7c05db2ef83d999

SHA512
9fd2a521edf9917a2d199407b46cd6490baf9a9fb4a419c2c25aba093e7be7ce0c0f5bea57c33a4f79924127c171dac3a916abbd2b74c3591e06a156d14357ae

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersistSqlState.sql

Filesize
9KB

MD5
59a5ea6c20ba6679806ed958f7d2d512

SHA1
bbe777579beb30d66fed271be5b586e065fa4654

SHA256
7e1c2aee9746d28e180ea90a8eb5df803316c95436719c8a9a795144671bc82b

SHA512
b24a046d11476344b0f93ffc43a16557945281598f7a3b0fb27c925bd4d9c0b68c9b99fbd8220e8a4dfdb952d885a68943c8184d2c9c9580dacda2a1cc69f6f9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersonalization.sql

Filesize
7KB

MD5
121c203ed73ef48be37f1313cc265bc1

SHA1
4d43071987caf957d371663e764febaf06f134f5

SHA256
fae4124ec990a4ad6462e6607c3bd981b294f50eacf11598640a7b16dbd828ce

SHA512
3733af5159f99fc99aec38d3c5d105245b46e32574c239d19e6a2e1949bc74c47f4ac30480ec696849568b316e16fcd4d5d0d9280b0b83dcb26be3859680f743

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallRoles.sql

Filesize
5KB

MD5
afef88a4fcbc440072717e0fcbde1582

SHA1
724b2bf541ca891878315afa5efe992fdddc5948

SHA256
0d3bf8b2eee3fa3329f9586b8d8e10050e57fce40e4764b55b7841077570e197

SHA512
8fd3a3f37525b23bd31b1d77273bac8954d3440d7532a255b1c2865fc3458f2fae72b590c279b9f041d589c5bb441b3c53fb24a63b4dd273b282e84775fb63e3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlState.sql

Filesize
9KB

MD5
66951aa40b4884e59685e9123fe7a223

SHA1
f716c4a7d5f6208f17d5f23479195ea8db366dba

SHA256
390f0a6ac2cd19f1b258bb3977559d0ddcc105da141d372ea23e7d12edcdda33

SHA512
3b5d83fdbdbd77f6accf85cb260807c7a15f4e9eca001368eb3b39e241fac56c66091307c0bfd9d79f2519ae6c0ab7164f56356cc12cb741bcba3925e7163e9a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlStateTemplate.sql

Filesize
11KB

MD5
d16b7bf180e7111693133e6cf2c1ea09

SHA1
f45b366e9c59b8fe05bf568c14698d887ea9bd5d

SHA256
ba9f7e7ca56ddbfe007afbedc1f628154c4ff5c81b8b1f0de154d0799eec0e64

SHA512
75427dfdb6d26640ec5e90791dd5c869c509fb0cacac0bd30858ce7d9a8618c0c85e1159a8fda2c1ec8c58351dc8736e1ede83bdbfb5a38f5308fac3579f1d66

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallWebEventSqlProvider.sql

Filesize
2KB

MD5
1011fc6ca41c083c48460bfdf5c91b3b

SHA1
add6151c54b8b2d9d36844bb0ee476877193230f

SHA256
b4baafedd5246a6aba2b83388c468e9bb05559c30e11376b410b7c62b45e4e40

SHA512
6b0a4b82f0cf0d7ee45c9df512e3c8a628066f8f520a6a8cb3c476ed1d15cff605b995a8c3f15b26afe5bf3af4211aa4e2402cc238b6042a6687d47b89ae13fd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\CreateAppSetting.aspx

Filesize
3KB

MD5
018024f011f512601a1e8805d8628f98

SHA1
085f97a26aad772fe2166806f36db8ec6b7062f8

SHA256
2651425efaa90ae8cae8d0525eabcc6f8406fdd4336eb79930ba2777223f9853

SHA512
034ef15899dd39a1166684ec172b888611351821cff9d1f28b6678b21304272402149df5bc9a2587a18a4455214f8df813db42577c8308b54e8432059152afb5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\EditAppSetting.aspx.fantom

Filesize
2KB

MD5
af64fb0aeae0e259e838f1aced54abce

SHA1
5904929e091bbb2c94c7d97af1c71d52aa966b57

SHA256
0b1b02d73deb4762c305313856a8b39a059720f8e80aa8bf43c3e06654b01ec7

SHA512
ae505a6f8452c221cd50fbef1cd17297dbf6b2c656c9ad9d91ca87ce69489075d2da626497ea170dfd0443e00e5f066219596d050492ff7b1761ce8a2ef63cbb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\ManageAppSettings.aspx

Filesize
14KB

MD5
ebafb869c4c2a94754cb1410113e0656

SHA1
864f99aa17545a9c4c3b96bee07a04a26a8d91cc

SHA256
ca048e45e6ef0df4eadd01045c2e307611e9d8b504d992b63226f1fe7274137e

SHA512
5b4268c23b78b0a5b05917674cf6ba5a5a1c1e16b9a20883f8382b6da063fb1dedffaf8d09a2448fe167ea84c1f2cfb99f50bdd3256ee4c87a871466c109c2c6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Data\GroupedProviders.xml

Filesize
320B

MD5
c0b1244f485c356d1d433c001b11b0e1

SHA1
df3f68acbc9c8f3077b722e9fb336c88971741ba

SHA256
f6b35e496c519f90f4cf0ff648f899b8656144d6298e2089e1b24f85ef6e291f

SHA512
9c12061d937912c357e4f1970c6a86485928e1c826b8a1aefca5bd96c7183690e578fb1bf2ca78b4bd322d837dbe6f51643d9cd9408c7a946b22811f8c94aadc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
a48c24c4da9ec0f46543ae7717241474

SHA1
3fb01d996aeb059843851bc5ad44fe52d9bf713a

SHA256
efdaa3f2bb47d003d691b176a63306c2b0776bb528ef8de9c42f770bfa2f4026

SHA512
0c318662e94d8ce157c75152f67a42ea36466f00c80741a59120fd649dc50280c54eb98dc1aeab0941231398d6fca0a4569c71a10fe965457c45810304186e76

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
ebab727c0fd248c498813455e736710e

SHA1
634662270d957fd23b5c80d464a256fe3c7cd5d3

SHA256
4886bbf64fb9517bbfa957392e57a1c12bf7b3676ae3fe04e43d55b5e08bd2b8

SHA512
ee9d2218d7685f651c80aa581b36d91c8f98939e6dcb093228d40868e31124255627adfbdbbc598880a3cf23b09cc436e6221a18b167513d8e8c9444b96e4f71

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
960B

MD5
ba054fe9c746eec5896954296052208d

SHA1
fa88dc836f8cdf1f561943bd708090c306e80b6f

SHA256
5b429c22b3f68cafcb4fc3afc63b73d50c52e7e9611df8e14f496827bc791fef

SHA512
04595615906b4b33055fd9900704e67d20bfed3f4325ca2a3e1adde252ee59ab9e5d4768d44f0cb3018189905eb8409706f4e9447c7a70868ece862180cd1f86

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
128B

MD5
bf0f8c17c753234870fe6bafc752b220

SHA1
20f8d4e4d4bfb0493643d98e56e0809adbc37533

SHA256
4595240bd00c7f8b85448d642593ffbb1784289fc24059f82d606661cd11a388

SHA512
846d3eb32d6582f88d028fece3042a4f02492749abbca8ddc3176c5989d1ee064f238fb3708ed5658e6c6f302d7bb26ac9c282f6b44d6be8bb163acc64c02f2f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
7a87f3b4524c6572b67e6e05455eb54b

SHA1
30689aeeccc64f3f16510b005a2d858a0e401c98

SHA256
787dcfc140c91b1c5d20292bb36e2b6db02b156b0c2f0e8a77c7ff072dce5acb

SHA512
0547a447d2b1fc3b3253ed3913bfc518a384097af1233e9eb335f3b2e068365a556bdb0689932af3fd5352ee06c4922592f7dc12053f242c1317622642bdc818

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
5bb2f25a993eb0790a69991aa6f7d152

SHA1
f67a2060ed3ca236aa4a25e0bfc752124e874b5d

SHA256
3f9c91981ee376c610c6a0f4e14da5d4d87c24b26a81e0967370ecaaef6959f6

SHA512
a3d4536e92214aa66e42b8dd0b962c4dd31d14f89f2da020edec2abe6d42131a56efc48fbb6966e7b71a1462faa17353977b01e10710d39a3f58e14c3e9ba649

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
64B

MD5
1e8cf8a78bd6d67d1894e363f71aea3d

SHA1
2f36e326626461f55c5af3fb5a9eb32b80ab47aa

SHA256
5b0b34046a8ccae2f49b7ebc61ca87dbd8177c8cd06d563659b576747507bede

SHA512
a06ba81002dec309dad6e436f6ec34860d81fa7cdc67858d70513bc91cb221fe563c4a8dfd30176f07243f39dcd96ef4502bd516a24a939175859b0fc5cf41b1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
928B

MD5
68e98cfe18b55d5257666ca590785f45

SHA1
ae62ee8f99fe59767913e05a8efd4daea2ca5a9e

SHA256
69536d1f8a1a8c605106de4983022c2faf819ff61aecf19f55e6262e4b025ad4

SHA512
9c4da8ba35f9b28d6a22b35b899770f95dc4d09d1a7601a55f867917fcfa2a6d9adcfc73f8d3f6fff08fafbbb6de7c5b9a38ee075519ecfe7c8e8fd58aec4822

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
96B

MD5
c28865070e3f46584eeab113a8500c06

SHA1
7db48fdfc8fb9338c4a6601a88b1c48f44963a59

SHA256
538bcabe54f823fee345918eb1ad3c0684c98c1b3dd1f78d8ae9e33ec479673f

SHA512
681103bddb40a37d3e0f430cb49579264fa6c02de8e074d55ec1a987b63aabc632398a6b6391021a3459291cbbd167d95e9b52672697653369773bc7865ffca5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
96B

MD5
346b4c92ffcf9ea4c82c39766d0222b2

SHA1
695a039e1dad8fe43c55699b16ea992d9d03e24d

SHA256
d7a550f34345eecfaef46927e9ad49e03a158547ad2548da725492ba1062053b

SHA512
b8f753f81e9b17b2e878d09eb0659f5374cc257ceaaa4bbddb08cae90ef1119f8bedbedfc5ea321992da3c1add2f62569f3fc419bd22c78f3494cc0e0dfc55f5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
336B

MD5
8b114f0e81123e337f6d3cc5cca6c462

SHA1
363c66c0107579b23a664cac11979eaca0a8a599

SHA256
608eb828e24a4d103161667047c994e2d3d934ec43a475bdac5abda86492c016

SHA512
82bea1a4e797bf5a7f73fcf115e0d35594d5079ef80edd99b08953232cc8cd6f1d6be2b02ac9113b0a8c0fca127759513efdd4155fa5d167ce739f74e0ad597a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
5832c9abcb54c17609c5a8978bbcbb82

SHA1
85f89d9b9a47ba8142a796ec69009ca25bed2b8a

SHA256
da760a2c9b3e5d71c0c2b4e8e91cb759e47a38c78ddab6e6d8ba543bffe9eb88

SHA512
e967db1cf5b3fc95f63850113408f9873a9107b83b30ceee9b28aeb4de55f557b2c5af2bf9936f4e399549b446e4ebbc23e29a45ac7e9a47a9ca39490893a324

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
176B

MD5
4a57a2de32991be73b4244993fa08e86

SHA1
1922d0a2c2187a93c8ef7c8772a9612a201a0c84

SHA256
c879d5536040f7a8311ed94a71afd75b2dfdba83e898c3742e9f9824f4a0b93f

SHA512
bcf77a316964853bbc141ef6155359ca046334c8ccb11e4078eeac572780d806e8f606e7135f406e340219e71e5239d42fdd4d187f8b3803b4faf1d883ed14c4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
592B

MD5
e177c2924a298b6ee3bd667f4d8ec6ba

SHA1
22a576278262d62547bb296dae06000281515e81

SHA256
04061b5e7efce3776c7cf61583667a4367ff5858af7b37a6f4021afb3cd2c666

SHA512
855983d6e07f2136a48b981f3700447054bdaa2480760d6f5e9617d72a983d3a69150630953b54cc2f1d3cb536437942cc85b996c96cea79b9fb508a90370f06

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
128B

MD5
08658b029abdbfac422d69bbf6786ea1

SHA1
8a1da94440bd81b7a130100373f1643720ab6555

SHA256
9ed8af5195337c9f4fd9d93eabb0626f893753b08ed4269553e1eaea79d1a624

SHA512
ba64b0fa7497fa286d51e5e4833cd8a07f1bb00dc82c178c27425141bc04df13c99f99bc1bc15ea7424ffa13c36d366d988ab91083894b8d85f09d3215a038c7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
d39dc68ccce65192f4ba38bc30ebe572

SHA1
eb082b77a1d31c06340d8f7fe35f3b3cb93e52c0

SHA256
a29abfe176f685cc89ab55cc52b5aff0d75fef43f66368b3ef8caf9218fb39d0

SHA512
9e139b525c60caf8145169057d9566c0dccac41ade1f484b6bf7eb1e4b80e37bdf1dc65c10e6ceef883de754bb9d45f15b37a9b18721907eaff1a3cd3c72b7c9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
896B

MD5
5cc90434bd66891bc3d64f08f891237c

SHA1
00a76ba7e8420d683651d1e40d93af37d03c311c

SHA256
23ddfb97578a9709f3fcd11e71020844bf4133972a7f74f7410048c251d64698

SHA512
6f6bfd753c6ba3376b164a9240615f17dd786a67fd35f9998339c2e7a4e3a9ea7a8608488c23fe68545174c44bf0f26e1db245aa4f6959133bd8134aabb7d05f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\ManageConsolidatedProviders.aspx

Filesize
12KB

MD5
6f6e71c564009284b394f0c6c72e14c7

SHA1
755ac88664ad66a26c4a5db30f3a20c3c4eb4db2

SHA256
9494aff9e58557fa4185a82196af21acd76577816fff97774f0eee37fe6a7eec

SHA512
2b3fe053dabd011c2b3edf5bd3adb3c13e96be6e69a8f4373a2799ac72de427041e791f065363cda35970de1ce2479d411d6cbcfc00b441265be087602ae57c1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\ManageProviders.aspx

Filesize
9KB

MD5
663ed4f0e5083a553f65a9d6ea73e173

SHA1
dc07e3651afe123d6af086c24e04ed2dc9e93ba7

SHA256
c1ae233b453c3554b0f65a58ac19b5c2ca0f8b628ebf7419d1b7cf2751e5db2e

SHA512
214b07fa2e2b7f7b8c0d2c19531f882d0b7e4910a3e2a83101d9c7690e585f0568b5aa47da24353382a1a10391cb84c963f3e90c6cf94387ff51a0baa1bed996

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\ProviderList.ascx

Filesize
9KB

MD5
1d5159581a749c660f57c36adbe5fb13

SHA1
1751b8e29fe54eaa20fcffae6c1c5deba1f929aa

SHA256
cb344585677bcfd7f1e144e43bda66c0d47623e018403d3266c5159f3af309ff

SHA512
1f2fb419c62e994241f4175760c564f682d6336e4aa90dc5034da5daa3fb9c49fb3cb5beeb9f2bda5d733b58efff11e923a52b52bf80957e242a918f5aafca1f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\chooseProviderManagement.aspx

Filesize
2KB

MD5
2be9842cc645749ceb6f815afa26e4b1

SHA1
d3888f104f6cfbad41b3e968f9719c6805cfa57f

SHA256
91aa0ebf6a729fe22834e7c57f0a2027871b4a5f5c49a8cb7965d0cb9d6ad7fc

SHA512
fdaf61cdad619408c8582ba664d6ea398362200219cf70507a08e4a47b8955108ef634f6e2885b5006affae36b6731617dd1cebbca8e5157f53ff3867403cf7e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\createPermission.aspx.fantom

Filesize
10KB

MD5
ad66910cc3aecfbcd73f2877f431c288

SHA1
fb069028853c853ed3b1ed54cb150968fa521805

SHA256
9eab62603d2292190438f5087736debb18302246bf2850bb9a4245ee624b62aa

SHA512
e4d446592d30271022807149f26c66e6d81c86c2ddf862de7139d2b7b8f462e6cc001c385dca71d85a3c545f97dcafe1e79f56320a672b17dc450c70631c12bd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\managePermissions.aspx

Filesize
21KB

MD5
236b607554b369a0d419d890f1fc0896

SHA1
e37555d155bfa49d58a7b35b2e46387502eed3b0

SHA256
342a2227d33555846280bb72ddb809ac25640712580a3addfdc31a6b8ab44e5d

SHA512
513996c636792fb046b9de5ec28b4c71317fcddc9a31592288d04907b05d3d87f2a174bab4a17772741528bc9f9735b333ff262977753f7c0972b1f0d56ec416

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\editUser.aspx

Filesize
11KB

MD5
cbc887b9b4027f50319ac103c044610c

SHA1
04becaf5f9ca9ae335c6c74588545ab326016dbe

SHA256
e1f588d9db1b0898114bff2a014c1929e55ace3b83bec3ee6aabf8469cdec9e2

SHA512
ca04c8e82ebd83d6b667b6b236348fc881720ffe83ec95b1e8a7d0c8622dcd68fd80bb0e6baa5a2d51679510603ae75350937a5ba825af6b755f336232472ca6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizard.aspx

Filesize
10KB

MD5
30af1defed3553bf01d7baa2932be02e

SHA1
6e7afb16790351cc8cb1a15729f58cbe0e0f7e2b

SHA256
c591d5785e33acec68ff3ee5093395050d02be48519ff1476d009871277cbda2

SHA512
1274c74437c9fee98846aae8e87f1b3e55f668755817fb4ef178ddd4392fb152c4f72b5f124a8d94ad42854d43f2ac349360cba9c92b9c0ee6a51697e91b8701

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardAuthentication.ascx

Filesize
2KB

MD5
0e00499516cabeb2f221912684535e4b

SHA1
f7af72698a2eed059594367175a04c3702699adf

SHA256
f30e7110323bd06bdf680a6bc9b4a49055d81ad401087561be0b51d4d6b8aa2f

SHA512
d4487aa50e6ac0ba431fc0d164a0f7b62d3cadfa78dadb14c97c0db22616ea9d7b169a867ced6cb80342e5b0a1ab14c64bfdd2967da092a36c8378e94f0e3b7a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardCreateRoles.ascx

Filesize
7KB

MD5
3e6acab8c25fc78608ee7ea49235dc3a

SHA1
393b01b389482f275df23a4626d55b84c53918a4

SHA256
432a259b26c05e88785237803198fc9ddfce2a98807b1cd93bce1b61f82143d4

SHA512
9211c041c94afbc9c97a6bf21925787eb8521278aafb4e229f1b25ea08b3bc0edb9c486d6538ee699add946070861b44f8c06116ad014824c3aed77c8de8a984

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardFinish.ascx

Filesize
272B

MD5
55c3293e66942992f46c61cda7fd0b8e

SHA1
cb70f5db28ed27a1fdb4da67104385774ad51129

SHA256
ef55318955020aab45bb6899581cd7aa06fe63c2d679673d32e7c7228bc2474d

SHA512
d63dd3472eda14b58b09a1bfbd96957569376e8cdde8b974f00eec1884829d120a0ccd6a5e9a4cbbfec1dcff4171eed8ab56bc6f52981462da1a98d0328ae2cd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardInit.ascx

Filesize
496B

MD5
07f3893ca5eadba4c8d619c302ed9791

SHA1
555d7d4ff6e829045048c9a1c0e17dc95766778a

SHA256
491a367e572500a4c53b76dea4697d7b9ca0eed3acc745b9aa7929e83df3fd27

SHA512
07fac48dd3a95b37c73213ec060a08bd33cdb7dd6d86d4d7573a6737a7e148c952590fafa42b60476b4ad750e1a93d7e91693ec489ec0248564add927c91a909

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardPermission.ascx

Filesize
24KB

MD5
09213a2ec79942b8d7508f4c553757d3

SHA1
67e7f35c3f2b7228ff5d3ff1c58a53899124759f

SHA256
968c33d861b6f3236b3584b655e415db1f816a3728006b5946a5a379389abd8f

SHA512
5904ec958ba91a5973ac67e06c891f6a1b94bad205d6e6b1f71bf27cfa7674793c565362e0e02af77fc11096fbd336fc827abdba38e15d59ad964741794947be

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardProviderInfo.ascx

Filesize
1KB

MD5
23ce07739772eaec9a37cd2ca862f336

SHA1
6b72f372bdeff77591ed90de0d2b2ea8b4fbbcae

SHA256
6c3901ce4394bf15c60a86b7272a07ca64ff6ef945056d750fdc5565c7946d9e

SHA512
baf5b9c8921b11e3d8d6da13074ec246e479d2175f7b6de6a250eb89d1d509ff16f5133ea4ee43b710218d959ae904ae259611c079b4fcd9d6e407894c0bdfc5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\security.aspx

Filesize
9KB

MD5
c3e892102c7839b59569e563cb39bb99

SHA1
c1ec6993509e24881ba9a64fb0dfa0f71ee3169a

SHA256
1c0b522d614470a6892a7eec34fe3dab43ea195ade334d230f05298c4fbfd193

SHA512
8392f4f21db861843f8a4ecd6f8a0815c7872228d1360e4374aed55de06a05c03bf563aafd8b6973900ff4c1c16a9224e50cc3b6aff70b1bc1389993bff1194b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\security0.aspx

Filesize
1KB

MD5
b47fa1721bc1e68e3960fbeca49ad659

SHA1
f58fe49a4484c86e4b196e5bd725d2e8365b0c77

SHA256
d4ad4a003279c9352ed2b142d04f43950c7c1b219f383c973c358d2154e48c31

SHA512
799dfe7e3da961fe97fdbc3f45e7873444f55c7452414b051f99ce33d44e5d57ecd96dfa003f2ded3ada53024161ef4db75895179aa99d8bc48756ddc4398bf0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\setUpAuthentication.aspx

Filesize
2KB

MD5
99fedd4f2466a82e37d0b83ba204aa94

SHA1
4183f3272e89448c14f8de2c52711892ee51547b

SHA256
2b9472957eeace7d22bf5192eb589c29f0aa1acdb415107257d908bf9fbf7e46

SHA512
fe8f2cc92f888a8519db4a3460d705102e0bd35c5ec17dd5e58bf7977c501ec269e55984295fb2fbf530dc1db6456dc2087ddae2419b61e1150682475c7e129b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\default.aspx

Filesize
4KB

MD5
c2036bce6322eb87ff2d9099a5d6cdec

SHA1
adced2956dd100370416b806b769dbe1e481c64a

SHA256
9284ac69727127e33284123638b00a854be156c213e04b4a887705beb802b055

SHA512
2e62f37b1924f8061f9e9496aa058aa601c8cc9b6739b2a021b5b933e456863530041adac9813bb3169f9dece443e2735df2a4af2d14191ae538f0a6ee44c417

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\error.aspx

Filesize
6KB

MD5
5191e83a5e65bbd47c37214c8718b444

SHA1
c4e20d3ce6de8fcd9e253ff8ea8d79a1ee82ddee

SHA256
6076ba66be0e60680650e9074441a84ce286d729f45900910ca5fac7d62421c0

SHA512
2ec472e19b635ff18ec0e2c3d287f900fac2a208bcdb1dec9e97beb0353e34c6f3759e6b164ca5d5c765337852b5ca5c7748a576548c886a1bf6eb6bcd0453c8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\home0.aspx

Filesize
1KB

MD5
d6fe826dd9915789d33ec44984ed49d7

SHA1
4643f755ae5f1ff12da3c2408441ec2c9206e1f0

SHA256
21f22c75cbbb87496e1fa4f4ed0a9328234726aad46f4591515c7cf21d4731dc

SHA512
d089cd72db2d461996b4972716286287910869f1474989dc8594c8019f3788fc69c8322f741218ca5212665dcc271b6bb6ced24a39576748f300106d1b7a3621

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\home1.aspx

Filesize
752B

MD5
30928a3335ae834e0265e8dc5a557082

SHA1
c651e9fcef15cfdecf38615175641becb2033cff

SHA256
d445d3f9a789721dd5efad8ecd804be4818d79a55cc2c6e7b2547ca2927d8670

SHA512
282e0421d7a53de9c06886fbd011f31e9722ae993de8bf6f812a8506cb0efcbf7777f192a98cb24b774dbd1b5bc5e2b89c4ec3a9e5b7b78a90b28d6aea7235a2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\home2.aspx

Filesize
1KB

MD5
5fa29e177d645c52f7dc8e53eb7fde86

SHA1
9a4898cc0d3d11ceac889152973b2258a4ba55f4

SHA256
4fca6b9190bbc1d95e3d480ac600b54c3d96728d03d473441c047d522cb19e12

SHA512
f31230eb431d68e8778342fd98522c18f89c1c3475a5de3dbe616f26f9bb59b7036a74e0af3d6c978980a66c578be1bbf2ad6172aaefa3706bbd56d2782505bd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\navigationBar.ascx

Filesize
8KB

MD5
7fd6e4e2193d0ff918fecb9650784de2

SHA1
a81685931bdfcfe27cc42b2c51201ab2c4b74355

SHA256
60bb0207ba95bee55ad4fab3e5a4427db03fdc0797cb40194f1926dea6001cea

SHA512
00e2ebb70a5273ea7c25f76839dc74e7a7a2200c685fb0146d79a38d3906ee1ae4b432f5b30926f7806f8bcd7390b9d54a932d948d4d15b93f0d99c488eafbac

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\DropSqlPersistenceProviderLogic.sql

Filesize
2KB

MD5
7f3a48033a0ba553c16a4e2a88731050

SHA1
688f0a5c896401538bb056ec218f37a5e89728ff

SHA256
abd5c413dc4a6f94aabfe2116b7829c7ba175aed44622e8c3a67705d4b29c22c

SHA512
3d3d81ed22dd3f0163438eb45d68f8ddf4dd9787e81e8950482f7f23686fb46566057ba80d3b97fa22917d78534e70975d57c062b0e99c1c3e7ada0d975ff65d

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\SqlPersistenceProviderLogic.sql

Filesize
13KB

MD5
de38ea7b85278a86c9e335da6ca55b43

SHA1
80ad2578d6a9ed98152b9c6536e8ed5a0473e721

SHA256
e2b16feb634284245249e0f0b482c576094ed990fa37a7a4619691ad32ea8bb5

SHA512
324afbc69e7b34c9d66fac056c17aad44afcb422ff9a3309e8be77c02d51e99f5c5a32849212860a1cc6d7824cbcd8e0dab88522741dd76ce1a7a56466c0c9de

Download Submit
\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
memory/1968-649-0x000007FEF5880000-0x000007FEF626C000-memory.dmp

Filesize
9.9MB

Download
memory/1968-625-0x000007FEF5883000-0x000007FEF5884000-memory.dmp

Filesize
4KB

Download
memory/1968-143-0x000007FEF5880000-0x000007FEF626C000-memory.dmp

Filesize
9.9MB

Download
memory/1968-142-0x0000000000EC0000-0x0000000000ECC000-memory.dmp

Filesize
48KB

Download
memory/1968-141-0x000007FEF5883000-0x000007FEF5884000-memory.dmp

Filesize
4KB

Download
memory/2128-37-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-51-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-0-0x0000000074A5E000-0x0000000074A5F000-memory.dmp

Filesize
4KB

Download
memory/2128-11-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-132-0x0000000074A5E000-0x0000000074A5F000-memory.dmp

Filesize
4KB

Download
memory/2128-133-0x0000000074A50000-0x000000007513E000-memory.dmp

Filesize
6.9MB

Download
memory/2128-17-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-19-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-21-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-23-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-25-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-29-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-31-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-33-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-35-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-134-0x0000000002430000-0x000000000243E000-memory.dmp

Filesize
56KB

Download
memory/2128-39-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-41-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-45-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-47-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-49-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-15-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-130-0x0000000074A50000-0x000000007513E000-memory.dmp

Filesize
6.9MB

Download
memory/2128-131-0x0000000074A50000-0x000000007513E000-memory.dmp

Filesize
6.9MB

Download
memory/2128-53-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-55-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-57-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-61-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-63-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-65-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-69-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-67-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-13-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-9-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-59-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-43-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-27-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-7-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-6-0x0000000001D90000-0x0000000001DBB000-memory.dmp

Filesize
172KB

Download
memory/2128-5-0x0000000074A50000-0x000000007513E000-memory.dmp

Filesize
6.9MB

Download
memory/2128-4-0x0000000074A50000-0x000000007513E000-memory.dmp

Filesize
6.9MB

Download
memory/2128-3-0x0000000074A50000-0x000000007513E000-memory.dmp

Filesize
6.9MB

Download
memory/2128-2-0x0000000001D90000-0x0000000001DC2000-memory.dmp

Filesize
200KB

Download
memory/2128-1-0x0000000001D60000-0x0000000001D92000-memory.dmp

Filesize
200KB

Download